src/daemon/include/vmsigd.h

#ifndef VMSIGD_H
#define VMSIGD_H
#include <stdint.h>

/* vmsigd.h — private config model of the vmsig daemon.
 *
 * The daemon owns the /dev/shm/vmsig discovery namespace and serves a unix-socket control
 * plane over the signaling layer for the VMs discovered there. Its only policy is a COARSE
 * admission grant per uid (SISC: signaling is not a fine-grained access broker — the control
 * enforces per-user caps behind the grant). Entitlements are expressed in vmid terms and
 * translated to an endpoint_mask at connect time against the live slot map. */

#define VMSIGD_MAX_GRANTS 64
#define VMSIGD_MAX_VMIDS  64
#define VMSIGD_PATH_MAX   256

typedef struct {
    uint32_t uid;
    int      all_vms;                       /* `vmids = *`                          */
    uint32_t vmids[VMSIGD_MAX_VMIDS];
    int      nvmids;
    uint32_t cap_mask;                      /* VMSIG_CAP_* (from `caps =` keywords) */
    uint32_t arb_prio;
} vmsigd_grant_rule;

typedef struct {
    char socket[VMSIGD_PATH_MAX];           /* control listener ('@' => abstract)   */
    char watch[VMSIGD_PATH_MAX];            /* discovery dir (/dev/shm/vmsig)        */
    char pve_conf[VMSIGD_PATH_MAX];         /* /etc/pve/qemu-server                  */
    char qmp_dir[VMSIGD_PATH_MAX];          /* /var/run/qemu-server                  */
    char slots[VMSIGD_PATH_MAX];            /* slot persistence ("" => off)          */
    vmsigd_grant_rule grants[VMSIGD_MAX_GRANTS];
    int  ngrants;
} vmsigd_config;

/* Populate with built-in defaults. */
void vmsigd_config_defaults(vmsigd_config* c);

/* Parse the INI-ish config (globals + repeated [grant uid=N] stanzas) over the defaults
 * already in `c`. Unknown keys are ignored. Returns 0, or -1 on open/usage error. */
int  vmsigd_config_parse_file(vmsigd_config* c, const char* path);
int  vmsigd_config_parse_buf (vmsigd_config* c, const char* buf);   /* same, from memory (tests) */

/* Translate a comma/space-separated cap keyword list to a VMSIG_CAP_* mask. */
uint32_t vmsigd_caps_from_str(const char* s);

#endif /* VMSIGD_H */
vmsig: management daemon, runtime endpoint lifecycle, roster, discovery, in-tree drivers, packaging 2026-06-22 17:25:06 +03:00			`#ifndef VMSIGD_H`
			`#define VMSIGD_H`
			`#include <stdint.h>`

			`/* vmsigd.h — private config model of the vmsig daemon.`
			`*`
			`* The daemon owns the /dev/shm/vmsig discovery namespace and serves a unix-socket control`
			`* plane over the signaling layer for the VMs discovered there. Its only policy is a COARSE`
			`* admission grant per uid (SISC: signaling is not a fine-grained access broker — the control`
			`* enforces per-user caps behind the grant). Entitlements are expressed in vmid terms and`
			`* translated to an endpoint_mask at connect time against the live slot map. */`

			`#define VMSIGD_MAX_GRANTS 64`
			`#define VMSIGD_MAX_VMIDS 64`
			`#define VMSIGD_PATH_MAX 256`

			`typedef struct {`
			`uint32_t uid;`
			int all_vms; /* `vmids = ` /
			`uint32_t vmids[VMSIGD_MAX_VMIDS];`
			`int nvmids;`
			uint32_t cap_mask; /* VMSIG_CAP_* (from `caps =` keywords) */
			`uint32_t arb_prio;`
			`} vmsigd_grant_rule;`

			`typedef struct {`
			`char socket[VMSIGD_PATH_MAX]; /* control listener ('@' => abstract) */`
			`char watch[VMSIGD_PATH_MAX]; /* discovery dir (/dev/shm/vmsig) */`
			`char pve_conf[VMSIGD_PATH_MAX]; /* /etc/pve/qemu-server */`
			`char qmp_dir[VMSIGD_PATH_MAX]; /* /var/run/qemu-server */`
			`char slots[VMSIGD_PATH_MAX]; /* slot persistence ("" => off) */`
			`vmsigd_grant_rule grants[VMSIGD_MAX_GRANTS];`
			`int ngrants;`
			`} vmsigd_config;`

			`/* Populate with built-in defaults. */`
			`void vmsigd_config_defaults(vmsigd_config* c);`

			`/* Parse the INI-ish config (globals + repeated [grant uid=N] stanzas) over the defaults`
			* already in `c`. Unknown keys are ignored. Returns 0, or -1 on open/usage error. */
			`int vmsigd_config_parse_file(vmsigd_config* c, const char* path);`
			`int vmsigd_config_parse_buf (vmsigd_config* c, const char* buf); /* same, from memory (tests) */`

			`/* Translate a comma/space-separated cap keyword list to a VMSIG_CAP_* mask. */`
			`uint32_t vmsigd_caps_from_str(const char* s);`

			`#endif /* VMSIGD_H */`