From c59d3232b736507ccf7162acfb723b075d6d57c6 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 12 Jan 2023 13:26:37 +0100
Subject: override: domain: Implement override for virDomainFDAssociate

The bindings generator can't generate proper bindings for FD passing so
the bindings need to be implemented manually both the python wrapper and
the C backend.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 generator.py                  |  1 +
 libvirt-override-virDomain.py | 28 ++++++++++++++++++++++
 libvirt-override.c            | 56 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 85 insertions(+)

diff --git a/generator.py b/generator.py
index 0b5a348..15394ad 100755
--- a/generator.py
+++ b/generator.py
@@ -484,6 +484,7 @@ skip_function = {
     'virConnectListAllSecrets',  # overridden in virConnect.py
     'virConnectGetAllDomainStats',  # overridden in virConnect.py
     'virDomainListGetStats',  # overridden in virConnect.py
+    'virDomainFDAssociate',  # overridden in virDomain.py
 
     'virStreamRecvAll',  # Pure python libvirt-override-virStream.py
     'virStreamSendAll',  # Pure python libvirt-override-virStream.py
diff --git a/libvirt-override-virDomain.py b/libvirt-override-virDomain.py
index a29773a..0bf876b 100644
--- a/libvirt-override-virDomain.py
+++ b/libvirt-override-virDomain.py
@@ -80,3 +80,31 @@
         if ret == -1:
             raise libvirtError('virDomainSetTime() failed')
         return ret
+
+    def FDAssociate(self, name: str, files: List[int], flags: int = 0) -> int:
+        """Associate the array of FDs passed as @fds with the domain object
+        under @name. The FDs are associated as long as the connection used to
+        associated exists and are disposed of afterwards. FD may still be kept
+        open by the hypervisor for as long as it's needed.
+
+        Security labelling (e.g. via the selinux) may be applied on the passed
+        FDs when requiredg for usage by the VM. By default libvirt does not
+        restore the seclabels on the FDs afterwards to avoid keeping it open
+        unnecessarily.
+
+        Restoring of the security label can be requested by passing either
+        VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_RESTORE for a best-effort attempt to
+        restore the security label after use.  Requesting the restore of
+        security label will require that the file descriptors are kept open for
+        the whole time they are used by the hypervisor, or other additional
+        overhead.
+
+        In certain cases usage of the fd group would imply read-only access.
+        Passing VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_WRITABLE in @flags ensures
+        that a writable security label is picked in case when the file
+        represented by the fds may be used in write mode. """
+        ret = libvirtmod.virDomainFDAssociate(self._o, name, files, flags)
+        if ret == -1:
+            raise libvirtError('virDomainFDAssociate() failed')
+        return ret
+
diff --git a/libvirt-override.c b/libvirt-override.c
index b28f155..6f45aa4 100644
--- a/libvirt-override.c
+++ b/libvirt-override.c
@@ -10789,6 +10789,59 @@ libvirt_virDomainRestoreParams(PyObject *self ATTRIBUTE_UNUSED,
 }
 #endif /* LIBVIR_CHECK_VERSION(8, 4, 0) */
 
+
+#if LIBVIR_CHECK_VERSION(9, 0, 0)
+static PyObject *
+libvirt_virDomainFDAssociate(PyObject *self ATTRIBUTE_UNUSED,
+                             PyObject *args)
+{
+    PyObject *py_retval = NULL;
+    int c_retval;
+    virDomainPtr domain;
+    PyObject *pyobj_domain;
+    PyObject *pyobj_files;
+    const char *name = NULL;
+    unsigned int flags;
+    unsigned int nfiles;
+    int *files = NULL;
+    ssize_t i;
+
+    if (!PyArg_ParseTuple(args, (char *)"OsOI:virDomainFDAssociate",
+                          &pyobj_domain, &name, &pyobj_files, &flags))
+        return NULL;
+    domain = (virDomainPtr) PyvirDomain_Get(pyobj_domain);
+
+    nfiles = PyList_Size(pyobj_files);
+
+    if (VIR_ALLOC_N(files, nfiles) < 0)
+        return PyErr_NoMemory();
+
+    for (i = 0; i < nfiles; i++) {
+        PyObject *pyfd;
+        int fd;
+
+        pyfd = PyList_GetItem(pyobj_files, i);
+
+        if (libvirt_intUnwrap(pyfd, &fd) < 0)
+            goto cleanup;
+
+        files[i] = fd;
+    }
+
+    LIBVIRT_BEGIN_ALLOW_THREADS;
+    c_retval = virDomainFDAssociate(domain, name, nfiles, files, flags);
+    LIBVIRT_END_ALLOW_THREADS;
+
+    py_retval = libvirt_intWrap((int) c_retval);
+
+ cleanup:
+    VIR_FREE(files);
+    return py_retval;
+}
+#endif /* LIBVIR_CHECK_VERSION(9, 0, 0) */
+
+
+
 /************************************************************************
  *									*
  *			The registration stuff				*
@@ -11070,6 +11123,9 @@ static PyMethodDef libvirtMethods[] = {
     {(char *) "virDomainSaveParams", libvirt_virDomainSaveParams, METH_VARARGS, NULL},
     {(char *) "virDomainRestoreParams", libvirt_virDomainRestoreParams, METH_VARARGS, NULL},
 #endif /* LIBVIR_CHECK_VERSION(8, 4, 0) */
+#if LIBVIR_CHECK_VERSION(9, 0, 0)
+    {(char *) "virDomainFDAssociate", libvirt_virDomainFDAssociate, METH_VARARGS, NULL},
+#endif /* LIBVIR_CHECK_VERSION(9, 0, 0) */
     {NULL, NULL, 0, NULL}
 };
 
-- 
cgit v1.2.1