cli: Support --disk seclabelX.model (and relabel, and label)

This adds support for setting VirtualDisk <seclabel> XML. This
invents a new command line scheme for cases like this where there
are possibly multiple child elements that we want to specify
on the command line. So if you just want to specify one <seclabel>
block, you can do the expected

  --disk ...,seclabel.model=dac,relabel=no

However if you want to specify 2 <seclabel> blocks you need to do:

  --disk ...,seclabel0.model=dac,seclabel0.relabel=no,seclabel1.model=selinux,seclabel1.relabel=no
This commit is contained in:
Cole Robinson 2016-06-14 17:29:54 -04:00
parent 7ec97400a5
commit b785f3f594
7 changed files with 61 additions and 10 deletions

View File

@ -67,7 +67,12 @@
</disk>
<disk type="file" device="disk">
<driver name="qemu" type="raw"/>
<source file="/dev/default-pool/iso-vol"/>
<source file="/dev/default-pool/iso-vol">
<seclabel model="dac">
<label>foo,bar,baz</label>
</seclabel>
<seclabel model="selinux" relabel="no"/>
</source>
<target dev="vde" bus="virtio"/>
</disk>
<disk type="file" device="disk">

View File

@ -1,5 +1,5 @@
<driver name="qemu" type="qcow2" cache="none"/>
<source file="/tmp/foobar2"/>
<seclabel model="dac" relabel="no"/>
</source>
<target dev="sda" bus="scsi"/>
- <shareable/>
<boot order="1"/>

View File

@ -4,7 +4,9 @@
- </disk>
- <disk type="file" device="disk">
- <driver name="qemu" type="qcow2" cache="none"/>
- <source file="/tmp/foobar2"/>
- <source file="/tmp/foobar2">
- <seclabel model="dac" relabel="no"/>
- </source>
- <target dev="sda" bus="scsi"/>
- <shareable/>
- <boot order="1"/>

View File

@ -454,7 +454,7 @@ c.add_compare(""" \
--disk device=cdrom,bus=sata,read_bytes_sec=1,read_iops_sec=2,total_bytes_sec=10,total_iops_sec=20,write_bytes_sec=5,write_iops_sec=6 \
--disk size=1 \
--disk %(BLOCKVOL)s \
--disk /dev/default-pool/iso-vol \
--disk /dev/default-pool/iso-vol,seclabel.model=dac,seclabel1.model=selinux,seclabel1.relabel=no,seclabel0.label=foo,bar,baz \
--disk /dev/default-pool/iso-vol,format=qcow2 \
--disk source_pool=rbd-ceph,source_volume=some-rbd-vol,size=.1 \
--disk pool=rbd-ceph,size=.1 \
@ -861,6 +861,8 @@ c.add_compare("--host-device 0x0781:0x5151,driver_name=vfio", "edit-simple-host-
c = vixml.add_category("edit selection", "test-for-virtxml --print-diff --define", compare_check="1.2.2") # compare_check=input type=keyboard output
c.add_invalid("--edit target=vvv --disk /dev/null") # no match found
c.add_invalid("--edit seclabel2.model=dac --disk /dev/null") # no match found
c.add_valid("--edit seclabel.model=dac --disk /dev/null") # match found
c.add_compare("--edit 3 --sound pcspk", "edit-pos-num", compare_check="1.3.5") # compare_check=new graphics listen output
c.add_compare("--edit -1 --video qxl", "edit-neg-num", compare_check="1.2.11") # compare_check=video ram output change
c.add_compare("--edit all --host-device driver_name=vfio", "edit-all")

View File

@ -141,7 +141,9 @@
</disk>
<disk type='file' device='disk'>
<driver name="qemu" type="qcow2" cache="none"/>
<source file='/tmp/foobar2'/>
<source file='/tmp/foobar2'>
<seclabel model='dac' relabel='no'/>
</source>
<target dev='sda' bus='scsi'/>
<boot order='1'/>
<address type='drive' controller='9'/>

View File

@ -24,6 +24,7 @@ import collections
import logging
import logging.handlers
import os
import re
import shlex
import subprocess
import sys
@ -809,6 +810,7 @@ class _VirtCLIArgument(object):
is_onoff = False
lookup_cb = None
is_novalue = False
find_inst_cb = None
@staticmethod
def make_arg(attrname, cliname, **kwargs):
@ -836,7 +838,7 @@ class _VirtCLIArgument(object):
checks if we are the parser for 'bar'
"""
for argname in [cls.cliname] + util.listify(cls.aliases):
if argname == cliname:
if re.match("^%s$" % argname, cliname):
return True
return False
@ -872,6 +874,10 @@ class _VirtCLIArgument(object):
if self.val == "default" and self.ignore_default:
return
if self.find_inst_cb:
inst = self.find_inst_cb(parser, # pylint: disable=not-callable
inst, self.val, self, True)
try:
if self.attrname:
eval("inst." + self.attrname) # pylint: disable=eval-used
@ -902,6 +908,12 @@ class _VirtCLIArgument(object):
{"device_type": getattr(inst, "virtual_device_type", ""),
"property_name": self.key})
if self.find_inst_cb:
inst = self.find_inst_cb(parser, # pylint: disable=not-callable
inst, self.val, self, False)
if not inst:
return False
if self.lookup_cb:
return self.lookup_cb(parser, # pylint: disable=not-callable
inst, self.val, self)
@ -1178,11 +1190,11 @@ class VirtCLIParser(object):
try:
for inst in objlist:
optdict = self.optdict.copy()
valid = False
valid = True
for param in self._optdict_to_param_list(optdict):
paramret = param.lookup_param(self, inst)
if paramret is True:
valid = True
if paramret is False:
valid = False
break
if valid:
ret.append(inst)
@ -1727,6 +1739,22 @@ class ParserDisk(VirtCLIParser):
def noset_cb(self, inst, val, virtarg):
ignore = self, inst, val, virtarg
def seclabel_find_inst_cb(self, inst, val, virtarg, can_edit):
disk = inst
num = 0
if re.search("\d+", virtarg.key):
num = int(re.search("\d+", virtarg.key).group())
if can_edit:
while len(disk.seclabels) < (num + 1):
disk.add_seclabel()
try:
return disk.seclabels[num]
except IndexError:
if not can_edit:
return None
raise
def _parse(self, inst):
if self.optstr == "none":
return
@ -1863,6 +1891,14 @@ ParserDisk.add_arg("iotune_wis", "write_iops_sec")
ParserDisk.add_arg("iotune_tis", "total_iops_sec")
ParserDisk.add_arg("sgio", "sgio")
# VirtualDisk.seclabels properties
ParserDisk.add_arg("model", "seclabel[0-9]*.model",
find_inst_cb=ParserDisk.seclabel_find_inst_cb)
ParserDisk.add_arg("relabel", "seclabel[0-9]*.relabel", is_onoff=True,
find_inst_cb=ParserDisk.seclabel_find_inst_cb)
ParserDisk.add_arg("label", "seclabel[0-9]*.label", can_comma=True,
find_inst_cb=ParserDisk.seclabel_find_inst_cb)
#####################
# --network parsing #

View File

@ -753,6 +753,10 @@ class VirtualDisk(VirtualDevice):
iotune_wis = XMLProperty("./iotune/write_iops_sec", is_int=True)
seclabels = XMLChildProperty(_DiskSeclabel, relative_xpath="./source")
def add_seclabel(self):
obj = _DiskSeclabel(self.conn)
self.add_child(obj)
return obj
#################################