On Thu, Jan 05, 2023 at 05:30:10PM +0100, Peter Krempa wrote:
> Signed-off-by: Peter Krempa <pkre...@redhat.com>
> ---
> docs/manpages/virsh.rst | 22 +++++++++++
> tools/virsh-domain.c | 83 +++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 105 insertions(+)
>
> diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
> index c85bc8151d..7e57796384 100644
> --- a/docs/manpages/virsh.rst
> +++ b/docs/manpages/virsh.rst
> @@ -5225,6 +5225,28 @@ If *--print-xml* is specified, the XML that would be
> used to change media is
> printed instead of changing the media.
>
>
> +dom-fd-associate
> +----------------
> +
> +**Syntax:**
> +
> +::
> +
> + dom-fd-associate domain --name FDGROUPNAME --pass-fds M,N,....
> + [--seclabel-writable] [--seclabel-restore]
> [--seclabel-restore-require]
> +
> +Associate one or more fds described via *--pass-fds* argument to *domain* as
> +*--name*. The lifetime of the passed fd group is the same as the connection,
> thus
> +exitting virsh un-registers them afterwards.
> +
> +By default security labels are applied if needed but they are not restored
> after
> +use to avoid keeping them open unnecessarily. Best-effort security label
> restore
> +may be requested by using the *--seclabel-restore* flag.
> +
> +Passing *--seclabel-restore-require* instructs the hypervisor to try harder
> to
> +restore security labels. **Note:** Hypervisors currently don't support this
> flag.
> +
> +
> NODEDEV COMMANDS
> ================
>
> diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
> index 2d162cf8c0..5cbbb4bd28 100644
> --- a/tools/virsh-domain.c
> +++ b/tools/virsh-domain.c
> @@ -9816,6 +9816,83 @@ cmdDomSetLaunchSecState(vshControl * ctl, const vshCmd
> * cmd)
> return ret;
> }
>
> +
> +/*
> + * "dom-fd-associate" command
> + */
> +static const vshCmdInfo info_dom_fd_associate[] = {
> + {.name = "help",
> + .data = N_("associate a FD with a domain")
> + },
> + {.name = "desc",
> + .data = N_("associate a FD with a domain")
> + },
> + {.name = NULL}
> +};
> +
> +static const vshCmdOptDef opts_dom_fd_associate[] = {
> + VIRSH_COMMON_OPT_DOMAIN_FULL(0),
> + {.name = "name",
> + .type = VSH_OT_DATA,
> + .flags = VSH_OFLAG_REQ,
> + .completer = virshCompleteEmpty,
> + .help = N_("name of the FD group")
> + },
> + {.name = "pass-fds",
> + .type = VSH_OT_DATA,
> + .flags = VSH_OFLAG_REQ,
> + .completer = virshCompleteEmpty,
> + .help = N_("file descriptors N,M,... to associate")
> + },
> + {.name = "seclabel-writable",
> + .type = VSH_OT_BOOL,
> + .help = N_("use seclabels allowing writes")
> + },
> + {.name = "seclabel-restore",
> + .type = VSH_OT_BOOL,
> + .help = N_("Try to restore security label after use if possible")
s/Try/try/ to make it consistent with the remaining help strings
> + },
> + {.name = "seclabel-restore-require",
> + .type = VSH_OT_BOOL,
> + .help = N_("require that security label is restored after use")
> + },
> + {.name = NULL}
> +};
Reviewed-by: Pavel Hrdina <phrd...@redhat.com>
signature.asc
Description: PGP signature
