qemu: functions for dealing with input device namespaces and labels

Introudce functions that will let us create the evdevs in namespaces
and label the devices on input device hotplug/hotunplug.

src/qemu/qemu_domain.c

@@ -10061,6 +10061,78 @@ qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr driver,
 }
 
 
+int
+qemuDomainNamespaceSetupInput(virDomainObjPtr vm,
+                              virDomainInputDefPtr input)
+{
+    qemuDomainObjPrivatePtr priv = vm->privateData;
+    virQEMUDriverPtr driver = priv->driver;
+    virQEMUDriverConfigPtr cfg = NULL;
+    char **devMountsPath = NULL;
+    size_t ndevMountsPath = 0;
+    const char *path = NULL;
+    int ret = -1;
+
+    if (!(path = virDomainInputDefGetPath(input)))
+        return 0;
+
+    if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+        return 0;
+
+    cfg = virQEMUDriverGetConfig(driver);
+    if (qemuDomainGetPreservedMounts(cfg, vm,
+                                     &devMountsPath, NULL,
+                                     &ndevMountsPath) < 0)
+        goto cleanup;
+
+    if (qemuDomainAttachDeviceMknod(driver, vm, path,
+                                    devMountsPath, ndevMountsPath) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virStringListFreeCount(devMountsPath, ndevMountsPath);
+    virObjectUnref(cfg);
+    return ret;
+}
+
+
+int
+qemuDomainNamespaceTeardownInput(virDomainObjPtr vm,
+                                 virDomainInputDefPtr input)
+{
+    qemuDomainObjPrivatePtr priv = vm->privateData;
+    virQEMUDriverPtr driver = priv->driver;
+    virQEMUDriverConfigPtr cfg = NULL;
+    char **devMountsPath = NULL;
+    size_t ndevMountsPath = 0;
+    const char *path = NULL;
+    int ret = -1;
+
+    if (!(path = virDomainInputDefGetPath(input)))
+        return 0;
+
+    if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+        return 0;
+
+    cfg = virQEMUDriverGetConfig(driver);
+    if (qemuDomainGetPreservedMounts(cfg, vm,
+                                     &devMountsPath, NULL,
+                                     &ndevMountsPath) < 0)
+        goto cleanup;
+
+    if (qemuDomainDetachDeviceUnlink(driver, vm, path,
+                                     devMountsPath, ndevMountsPath) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virStringListFreeCount(devMountsPath, ndevMountsPath);
+    virObjectUnref(cfg);
+    return ret;
+}
+
+
 /**
  * qemuDomainDiskLookupByNodename:
  * @def: domain definition to look for the disk

src/qemu/qemu_domain.h

@@ -959,6 +959,12 @@ int qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr driver,
                                    virDomainObjPtr vm,
                                    virDomainRNGDefPtr rng);
 
+int qemuDomainNamespaceSetupInput(virDomainObjPtr vm,
+                                  virDomainInputDefPtr input);
+
+int qemuDomainNamespaceTeardownInput(virDomainObjPtr vm,
+                                     virDomainInputDefPtr input);
+
 virDomainDiskDefPtr qemuDomainDiskLookupByNodename(virDomainDefPtr def,
                                                    const char *nodename,
                                                    virStorageSourcePtr *src,

src/qemu/qemu_security.c

@@ -306,3 +306,61 @@ qemuSecurityRestoreMemoryLabel(virQEMUDriverPtr driver,
     virSecurityManagerTransactionAbort(driver->securityManager);
     return ret;
 }
+
+
+int
+qemuSecuritySetInputLabel(virDomainObjPtr vm,
+                          virDomainInputDefPtr input)
+{
+    qemuDomainObjPrivatePtr priv = vm->privateData;
+    virQEMUDriverPtr driver = priv->driver;
+    int ret = -1;
+
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerSetInputLabel(driver->securityManager,
+                                        vm->def,
+                                        input) < 0)
+        goto cleanup;
+
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionCommit(driver->securityManager,
+                                            vm->pid) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
+}
+
+
+int
+qemuSecurityRestoreInputLabel(virDomainObjPtr vm,
+                              virDomainInputDefPtr input)
+{
+    qemuDomainObjPrivatePtr priv = vm->privateData;
+    virQEMUDriverPtr driver = priv->driver;
+    int ret = -1;
+
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerRestoreInputLabel(driver->securityManager,
+                                            vm->def,
+                                            input) < 0)
+        goto cleanup;
+
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+        virSecurityManagerTransactionCommit(driver->securityManager,
+                                            vm->pid) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
+}

src/qemu/qemu_security.h

@@ -70,6 +70,12 @@ int qemuSecurityRestoreMemoryLabel(virQEMUDriverPtr driver,
                                    virDomainObjPtr vm,
                                    virDomainMemoryDefPtr mem);
 
+int qemuSecuritySetInputLabel(virDomainObjPtr vm,
+                              virDomainInputDefPtr input);
+
+int qemuSecurityRestoreInputLabel(virDomainObjPtr vm,
+                                  virDomainInputDefPtr input);
+
 /* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
  * new APIs here. If an API can touch a /dev file add a proper wrapper instead.
  */