diff --git a/AUTHORS b/AUTHORS index 1c87003556..93a47baebf 100644 --- a/AUTHORS +++ b/AUTHORS @@ -60,6 +60,8 @@ Patches have also been contributed by: Dave Allan Markus Armbruster Ryota Ozaki + James Morris + Daniel J Walsh [....send patches to get your name here....] diff --git a/ChangeLog b/ChangeLog index 767dd679c0..aca3e9f92e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Tue Mar 3 09:10:13 GMT 2009 Daniel P. Berrange + + Public API for sVirt support (James Morris & Dan Walsh) + * include/libvirt/libvirt.h.in, src/libvirt_public.syms: added + virNodeGetSecurityModel() and virDomainGetSecurityLabel() APIs + * include/libvirt/libvirt.h: Regenerated + Tue Mar 3 08:55:13 GMT 2009 Daniel P. Berrange Don't try to detach & reset PCI devices while running test diff --git a/include/libvirt/libvirt.h b/include/libvirt/libvirt.h index cf39488bd9..453b064be8 100644 --- a/include/libvirt/libvirt.h +++ b/include/libvirt/libvirt.h @@ -110,6 +110,68 @@ typedef enum { VIR_DOMAIN_NONE = 0 } virDomainCreateFlags; +/** + * VIR_SECURITY_LABEL_BUFLEN: + * + * Macro providing the maximum length of the virSecurityLabel label string. + * Note that this value is based on that used by Labeled NFS. + */ +#define VIR_SECURITY_LABEL_BUFLEN (4096 + 1) + +/** + * virSecurityLabel: + * + * a virSecurityLabel is a structure filled by virDomainGetSecurityLabel(), + * providing the security label and associated attributes for the specified + * domain. + * + */ +typedef struct _virSecurityLabel { + char label[VIR_SECURITY_LABEL_BUFLEN]; /* security label string */ + int enforcing; /* 1 if security policy is being enforced for domain */ +} virSecurityLabel; + +/** + * virSecurityLabelPtr: + * + * a virSecurityLabelPtr is a pointer to a virSecurityLabel. + */ +typedef virSecurityLabel *virSecurityLabelPtr; + +/** + * VIR_SECURITY_MODEL_BUFLEN: + * + * Macro providing the maximum length of the virSecurityModel model string. + */ +#define VIR_SECURITY_MODEL_BUFLEN (256 + 1) + +/** + * VIR_SECURITY_DOI_BUFLEN: + * + * Macro providing the maximum length of the virSecurityModel doi string. + */ +#define VIR_SECURITY_DOI_BUFLEN (256 + 1) + +/** + * virSecurityModel: + * + * a virSecurityModel is a structure filled by virNodeGetSecurityModel(), + * providing the per-hypervisor security model and DOI attributes for the + * specified domain. + * + */ +typedef struct _virSecurityModel { + char model[VIR_SECURITY_MODEL_BUFLEN]; /* security model string */ + char doi[VIR_SECURITY_DOI_BUFLEN]; /* domain of interpetation */ +} virSecurityModel; + +/** + * virSecurityModelPtr: + * + * a virSecurityModelPtr is a pointer to a virSecurityModel. + */ +typedef virSecurityModel *virSecurityModelPtr; + /** * virNodeInfoPtr: * @@ -417,6 +479,9 @@ char * virConnectGetCapabilities (virConnectPtr conn); unsigned long long virNodeGetFreeMemory (virConnectPtr conn); +int virNodeGetSecurityModel (virConnectPtr conn, + virSecurityModelPtr secmodel); + /* * Gather list of running domains */ @@ -506,6 +571,8 @@ int virDomainSetMaxMemory (virDomainPtr domain, int virDomainSetMemory (virDomainPtr domain, unsigned long memory); int virDomainGetMaxVcpus (virDomainPtr domain); +int virDomainGetSecurityLabel (virDomainPtr domain, + virSecurityLabelPtr seclabel); /* * XML domain description diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index 06361de0f9..a028b21e88 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -110,6 +110,68 @@ typedef enum { VIR_DOMAIN_NONE = 0 } virDomainCreateFlags; +/** + * VIR_SECURITY_LABEL_BUFLEN: + * + * Macro providing the maximum length of the virSecurityLabel label string. + * Note that this value is based on that used by Labeled NFS. + */ +#define VIR_SECURITY_LABEL_BUFLEN (4096 + 1) + +/** + * virSecurityLabel: + * + * a virSecurityLabel is a structure filled by virDomainGetSecurityLabel(), + * providing the security label and associated attributes for the specified + * domain. + * + */ +typedef struct _virSecurityLabel { + char label[VIR_SECURITY_LABEL_BUFLEN]; /* security label string */ + int enforcing; /* 1 if security policy is being enforced for domain */ +} virSecurityLabel; + +/** + * virSecurityLabelPtr: + * + * a virSecurityLabelPtr is a pointer to a virSecurityLabel. + */ +typedef virSecurityLabel *virSecurityLabelPtr; + +/** + * VIR_SECURITY_MODEL_BUFLEN: + * + * Macro providing the maximum length of the virSecurityModel model string. + */ +#define VIR_SECURITY_MODEL_BUFLEN (256 + 1) + +/** + * VIR_SECURITY_DOI_BUFLEN: + * + * Macro providing the maximum length of the virSecurityModel doi string. + */ +#define VIR_SECURITY_DOI_BUFLEN (256 + 1) + +/** + * virSecurityModel: + * + * a virSecurityModel is a structure filled by virNodeGetSecurityModel(), + * providing the per-hypervisor security model and DOI attributes for the + * specified domain. + * + */ +typedef struct _virSecurityModel { + char model[VIR_SECURITY_MODEL_BUFLEN]; /* security model string */ + char doi[VIR_SECURITY_DOI_BUFLEN]; /* domain of interpetation */ +} virSecurityModel; + +/** + * virSecurityModelPtr: + * + * a virSecurityModelPtr is a pointer to a virSecurityModel. + */ +typedef virSecurityModel *virSecurityModelPtr; + /** * virNodeInfoPtr: * @@ -417,6 +479,9 @@ char * virConnectGetCapabilities (virConnectPtr conn); unsigned long long virNodeGetFreeMemory (virConnectPtr conn); +int virNodeGetSecurityModel (virConnectPtr conn, + virSecurityModelPtr secmodel); + /* * Gather list of running domains */ @@ -506,6 +571,8 @@ int virDomainSetMaxMemory (virDomainPtr domain, int virDomainSetMemory (virDomainPtr domain, unsigned long memory); int virDomainGetMaxVcpus (virDomainPtr domain); +int virDomainGetSecurityLabel (virDomainPtr domain, + virSecurityLabelPtr seclabel); /* * XML domain description diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 8114073d38..f7ebbc39ab 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -254,6 +254,8 @@ LIBVIRT_0.6.1 { virNodeDeviceDettach; virNodeDeviceReAttach; virNodeDeviceReset; + virDomainGetSecurityLabel; + virNodeGetSecurityModel; } LIBVIRT_0.6.0; # .... define new API here using predicted next version number ....