Re: [PATCH 6/8] libxl: Add device_model_stubdomain_seclabel

[Keir Fraser <keir@xen.org>]

On 01/02/2012 19:09, "Daniel De Graaf" <dgdegra@tycho.nsa.gov> wrote:

> This allows the security label of stub domains to be specified.
> 
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

This and patch 7/8 I assume will be picked up by a libxl maintainer (cc'ing
Ian Jackson). All your other outstanding patches I have now applied.

 -- Keir

> ---
>  docs/man/xl.cfg.pod.5       |    4 ++++
>  tools/libxl/libxl_dm.c      |    1 +
>  tools/libxl/libxl_types.idl |    1 +
>  tools/libxl/xl_cmdimpl.c    |   12 ++++++++++++
>  4 files changed, 18 insertions(+), 0 deletions(-)
> 
> diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5
> index 9d90290..8f171b4 100644
> --- a/docs/man/xl.cfg.pod.5
> +++ b/docs/man/xl.cfg.pod.5
> @@ -789,6 +789,10 @@ Override the use of stubdomain based device-model.
> Normally this will
>  be automatically selected based upon the other features and options
>  you have selected.
>  
> +=item B<device_model_stubdomain_seclabel="LABEL">
> +
> +Assign an XSM security label to the device-model stubdomain.
> +
>  =item B<device_model_args=[ "ARG", "ARG", ...]>
>  
>  Pass additional arbitrary options on the devide-model command
> diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
> index 5fec137..e99d173 100644
> --- a/tools/libxl/libxl_dm.c
> +++ b/tools/libxl/libxl_dm.c
> @@ -703,6 +703,7 @@ static int libxl__create_stubdom(libxl__gc *gc,
>      dm_config.c_info.type = LIBXL_DOMAIN_TYPE_PV;
>      dm_config.c_info.name = libxl__sprintf(gc, "%s-dm",
>                                      libxl__domid_to_name(gc, guest_domid));
> +    dm_config.c_info.ssidref = guest_config->b_info.device_model_ssidref;
>  
>      libxl_uuid_generate(&dm_config.c_info.uuid);
>  
> diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl
> index 3c24626..b77bc65 100644
> --- a/tools/libxl/libxl_types.idl
> +++ b/tools/libxl/libxl_types.idl
> @@ -217,6 +217,7 @@ libxl_domain_build_info = Struct("domain_build_info",[
>      ("device_model_stubdomain", bool),
>      # you set device_model you must set device_model_version too
>      ("device_model",     string),
> +    ("device_model_ssidref", uint32),
>  
>      # extra parameters pass directly to qemu, NULL terminated
>      ("extra",            libxl_string_list),
> diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c
> index 0b811b5..e95bace 100644
> --- a/tools/libxl/xl_cmdimpl.c
> +++ b/tools/libxl/xl_cmdimpl.c
> @@ -1254,6 +1254,18 @@ skip_vfb:
>      if (!xlu_cfg_get_long (config, "device_model_stubdomain_override", &l,
> 0))
>          b_info->device_model_stubdomain = l;
>  
> +    if (!xlu_cfg_get_string (config, "device_model_stubdomain_seclabel",
> &buf, 0)) {
> +        e = libxl_flask_context_to_sid(ctx, (char *)buf, strlen(buf),
> +                                    &b_info->device_model_ssidref);
> +        if (e) {
> +            if (errno == ENOSYS) {
> +                fprintf(stderr, "XSM Disabled:
> device_model_stubdomain_seclabel not supported\n");
> +            } else {
> +                fprintf(stderr, "Invalid device_model_stubdomain_seclabel:
> %s\n", buf);
> +                exit(1);
> +            }
> +        }
> +    }
>  #define parse_extra_args(type)                                            \
>      e = xlu_cfg_get_list_as_string_list(config, "device_model_args"#type, \
>                                      &b_info->extra##type, 0);            \