[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 6/8] libxl: Add device_model_stubdomain_seclabel

This allows the security label of stub domains to be specified.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 docs/man/xl.cfg.pod.5       |    4 ++++
 tools/libxl/libxl_dm.c      |    1 +
 tools/libxl/libxl_types.idl |    1 +
 tools/libxl/xl_cmdimpl.c    |   12 ++++++++++++
 4 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5
index 9d90290..8f171b4 100644
--- a/docs/man/xl.cfg.pod.5
+++ b/docs/man/xl.cfg.pod.5
@@ -789,6 +789,10 @@ Override the use of stubdomain based device-model.  
Normally this will
 be automatically selected based upon the other features and options
 you have selected.
 
+=item B<device_model_stubdomain_seclabel="LABEL">
+
+Assign an XSM security label to the device-model stubdomain.
+
 =item B<device_model_args=[ "ARG", "ARG", ...]>
 
 Pass additional arbitrary options on the devide-model command
diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index 5fec137..e99d173 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -703,6 +703,7 @@ static int libxl__create_stubdom(libxl__gc *gc,
     dm_config.c_info.type = LIBXL_DOMAIN_TYPE_PV;
     dm_config.c_info.name = libxl__sprintf(gc, "%s-dm",
                                     libxl__domid_to_name(gc, guest_domid));
+    dm_config.c_info.ssidref = guest_config->b_info.device_model_ssidref;
 
     libxl_uuid_generate(&dm_config.c_info.uuid);
 
diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl
index 3c24626..b77bc65 100644
--- a/tools/libxl/libxl_types.idl
+++ b/tools/libxl/libxl_types.idl
@@ -217,6 +217,7 @@ libxl_domain_build_info = Struct("domain_build_info",[
     ("device_model_stubdomain", bool),
     # you set device_model you must set device_model_version too
     ("device_model",     string),
+    ("device_model_ssidref", uint32),
 
     # extra parameters pass directly to qemu, NULL terminated
     ("extra",            libxl_string_list),
diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c
index 0b811b5..e95bace 100644
--- a/tools/libxl/xl_cmdimpl.c
+++ b/tools/libxl/xl_cmdimpl.c
@@ -1254,6 +1254,18 @@ skip_vfb:
     if (!xlu_cfg_get_long (config, "device_model_stubdomain_override", &l, 0))
         b_info->device_model_stubdomain = l;
 
+    if (!xlu_cfg_get_string (config, "device_model_stubdomain_seclabel", &buf, 
0)) {
+        e = libxl_flask_context_to_sid(ctx, (char *)buf, strlen(buf),
+                                    &b_info->device_model_ssidref);
+        if (e) {
+            if (errno == ENOSYS) {
+                fprintf(stderr, "XSM Disabled: 
device_model_stubdomain_seclabel not supported\n");
+            } else {
+                fprintf(stderr, "Invalid device_model_stubdomain_seclabel: 
%s\n", buf);
+                exit(1);
+            }
+        }
+    }
 #define parse_extra_args(type)                                            \
     e = xlu_cfg_get_list_as_string_list(config, "device_model_args"#type, \
                                     &b_info->extra##type, 0);            \
-- 
1.7.7.6


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.