mirror of
https://github.com/libvirt/libvirt.git
synced 2025-01-07 14:43:04 -06:00
secret: Inhibit shutdown for ephemeral secrets
Our secret driver divides secrets into two groups: ephemeral (stored only in memory) and persistent (stored on disk). Now, the aim of ephemeral secrets is to define them shortly before being used and then undefine them. But 'shortly before being used' is a very vague time frame. And since we default to socket activation and thus pass '--timeout 120' to every daemon it may happen that just defined ephemeral secret is gone among with the virtsecretd. This is no problem for persistent secrets as their definition (and value) is restored when the virtsecretd starts again, but ephemeral secrets can't be restored. Therefore, we could view ephemeral secrets as active objects that the daemon manages and thus inhibit automatic shutdown (just like hypervisor daemons do when a guest is running). Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
d7d4056645
commit
9e3cc0ff5e
@ -66,6 +66,10 @@ struct _virSecretDriverState {
|
||||
|
||||
/* Immutable pointer, self-locking APIs */
|
||||
virObjectEventState *secretEventState;
|
||||
|
||||
/* Immutable pointers. Caller must provide locking */
|
||||
virStateInhibitCallback inhibitCallback;
|
||||
void *inhibitOpaque;
|
||||
};
|
||||
|
||||
static virSecretDriverState *driver;
|
||||
@ -86,6 +90,23 @@ secretObjFromSecret(virSecretPtr secret)
|
||||
}
|
||||
|
||||
|
||||
static bool
|
||||
secretNumOfEphemeralSecretsHelper(virConnectPtr conn G_GNUC_UNUSED,
|
||||
virSecretDef *def)
|
||||
{
|
||||
return def->isephemeral;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
secretNumOfEphemeralSecrets(void)
|
||||
{
|
||||
return virSecretObjListNumOfSecrets(driver->secrets,
|
||||
secretNumOfEphemeralSecretsHelper,
|
||||
NULL);
|
||||
}
|
||||
|
||||
|
||||
/* Driver functions */
|
||||
|
||||
static int
|
||||
@ -266,6 +287,10 @@ secretDefineXML(virConnectPtr conn,
|
||||
cleanup:
|
||||
virSecretDefFree(def);
|
||||
virSecretObjEndAPI(&obj);
|
||||
|
||||
if (secretNumOfEphemeralSecrets() > 0)
|
||||
driver->inhibitCallback(true, driver->inhibitOpaque);
|
||||
|
||||
virObjectEventStateQueue(driver->secretEventState, event);
|
||||
|
||||
return ret;
|
||||
@ -424,6 +449,10 @@ secretUndefine(virSecretPtr secret)
|
||||
|
||||
cleanup:
|
||||
virSecretObjEndAPI(&obj);
|
||||
|
||||
if (secretNumOfEphemeralSecrets() == 0)
|
||||
driver->inhibitCallback(false, driver->inhibitOpaque);
|
||||
|
||||
virObjectEventStateQueue(driver->secretEventState, event);
|
||||
|
||||
return ret;
|
||||
@ -463,8 +492,8 @@ static int
|
||||
secretStateInitialize(bool privileged,
|
||||
const char *root,
|
||||
bool monolithic G_GNUC_UNUSED,
|
||||
virStateInhibitCallback callback G_GNUC_UNUSED,
|
||||
void *opaque G_GNUC_UNUSED)
|
||||
virStateInhibitCallback callback,
|
||||
void *opaque)
|
||||
{
|
||||
VIR_LOCK_GUARD lock = virLockGuardLock(&mutex);
|
||||
|
||||
@ -473,6 +502,8 @@ secretStateInitialize(bool privileged,
|
||||
driver->lockFD = -1;
|
||||
driver->secretEventState = virObjectEventStateNew();
|
||||
driver->privileged = privileged;
|
||||
driver->inhibitCallback = callback;
|
||||
driver->inhibitOpaque = opaque;
|
||||
|
||||
if (root) {
|
||||
driver->embeddedRoot = g_strdup(root);
|
||||
|
Loading…
Reference in New Issue
Block a user