virsh: Introduce 'dom-fd-associate' for invoking virDomainFDAssociate()

Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2024-12-22 05:35:25 +00:00 · 2022-03-23 10:12:50 +01:00 · 2022-03-23 10:12:50 +01:00 · 3ea4170551
commit 3ea4170551
parent abd9025c2f
2 changed files with 95 additions and 0 deletions
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@ -5225,6 +5225,25 @@ If *--print-xml* is specified, the XML that would be used to change media is
 printed instead of changing the media.


+dom-fd-associate
+----------------
+
+**Syntax:**
+
+::
+
+    dom-fd-associate domain --name FDGROUPNAME --pass-fds M,N,....
+        [--seclabel-writable] [--seclabel-restore]
+
+Associate one or more fds described via *--pass-fds* argument to *domain* as
+*--name*. The lifetime of the passed fd group is the same as the connection, thus
+exitting virsh un-registers them afterwards.
+
+By default security labels are applied if needed but they are not restored after
+use to avoid keeping them open unnecessarily. Best-effort security label restore
+may be requested by using the *--seclabel-restore* flag.
+
+
 NODEDEV COMMANDS
 ================

--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@ -9817,6 +9817,76 @@ cmdDomSetLaunchSecState(vshControl * ctl, const vshCmd * cmd)
    return ret;
 }

+
+/*
+ * "dom-fd-associate" command
+ */
+static const vshCmdInfo info_dom_fd_associate[] = {
+    {.name = "help",
+     .data = N_("associate a FD with a domain")
+    },
+    {.name = "desc",
+     .data = N_("associate a FD with a domain")
+    },
+    {.name = NULL}
+};
+
+static const vshCmdOptDef opts_dom_fd_associate[] = {
+    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    {.name = "name",
+     .type = VSH_OT_DATA,
+     .flags = VSH_OFLAG_REQ,
+     .completer = virshCompleteEmpty,
+     .help = N_("name of the FD group")
+    },
+    {.name = "pass-fds",
+     .type = VSH_OT_DATA,
+     .flags = VSH_OFLAG_REQ,
+     .completer = virshCompleteEmpty,
+     .help = N_("file descriptors N,M,... to associate")
+    },
+    {.name = "seclabel-writable",
+     .type = VSH_OT_BOOL,
+     .help = N_("use seclabels allowing writes")
+    },
+    {.name = "seclabel-restore",
+     .type = VSH_OT_BOOL,
+     .help = N_("try to restore security label after use if possible")
+    },
+    {.name = NULL}
+};
+
+static bool
+cmdDomFdAssociate(vshControl *ctl, const vshCmd *cmd)
+{
+    g_autoptr(virshDomain) dom = NULL;
+    const char *name = NULL;
+    unsigned int flags = 0;
+    g_autofree int *fds = NULL;
+    size_t nfds = 0;
+
+    if (vshCommandOptBool(cmd, "seclabel-writable"))
+        flags |= VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_WRITABLE;
+
+    if (vshCommandOptBool(cmd, "seclabel-restore"))
+        flags |= VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_RESTORE;
+
+    if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+        return false;
+
+    if (vshCommandOptStringReq(ctl, cmd, "name", &name) < 0)
+        return false;
+
+    if (virshFetchPassFdsList(ctl, cmd, &nfds, &fds) < 0)
+        return false;
+
+    if (virDomainFDAssociate(dom, name, nfds, fds, flags) < 0)
+        return false;
+
+    return true;
+}
+
+
 /*
 * "qemu-monitor-command" command
 */
@ -14418,5 +14488,11 @@ const vshCmdDef domManagementCmds[] = {
     .info = info_domdirtyrate_calc,
     .flags = 0
    },
+    {.name = "dom-fd-associate",
+     .handler = cmdDomFdAssociate,
+     .opts = opts_dom_fd_associate,
+     .info = info_dom_fd_associate,
+     .flags = 0
+    },
    {.name = NULL}
 };