vmsig: management daemon, runtime endpoint lifecycle, roster, discovery, in-tree drivers, packaging

- core: runtime attach/detach of a per-endpoint adapter trio (runtime-safe add_adapter + vmsig_core_detach_endpoint, deferred reap) - roster: VMSIG_EV_ROSTER + CAP_ROSTER, retained per-endpoint and replayed to late subscribers - discovery: inotify trigger dir, vmid/endpoint slot allocator, host probe; vmsigd daemon with config + per-uid admission - input driver and vgpu perception built in-tree; vgpu perception as a separate library - memctx: own the supplied ro_fd (closed at detach) - deb packaging: install rules, systemd unit, tmpfiles, default config
2026-06-26 04:36:37 +03:00 · 2026-06-22 17:25:06 +03:00
parent 0d387a4249
commit 9bde398b6c
55 changed files with 4703 additions and 61 deletions
@@ -0,0 +1,47 @@
+#ifndef VMSIGD_H
+#define VMSIGD_H
+#include <stdint.h>
+
+/* vmsigd.h — private config model of the vmsig daemon.
+ *
+ * The daemon owns the /dev/shm/vmsig discovery namespace and serves a unix-socket control
+ * plane over the signaling layer for the VMs discovered there. Its only policy is a COARSE
+ * admission grant per uid (SISC: signaling is not a fine-grained access broker — the control
+ * enforces per-user caps behind the grant). Entitlements are expressed in vmid terms and
+ * translated to an endpoint_mask at connect time against the live slot map. */
+
+#define VMSIGD_MAX_GRANTS 64
+#define VMSIGD_MAX_VMIDS  64
+#define VMSIGD_PATH_MAX   256
+
+typedef struct {
+    uint32_t uid;
+    int      all_vms;                       /* `vmids = *`                          */
+    uint32_t vmids[VMSIGD_MAX_VMIDS];
+    int      nvmids;
+    uint32_t cap_mask;                      /* VMSIG_CAP_* (from `caps =` keywords) */
+    uint32_t arb_prio;
+} vmsigd_grant_rule;
+
+typedef struct {
+    char socket[VMSIGD_PATH_MAX];           /* control listener ('@' => abstract)   */
+    char watch[VMSIGD_PATH_MAX];            /* discovery dir (/dev/shm/vmsig)        */
+    char pve_conf[VMSIGD_PATH_MAX];         /* /etc/pve/qemu-server                  */
+    char qmp_dir[VMSIGD_PATH_MAX];          /* /var/run/qemu-server                  */
+    char slots[VMSIGD_PATH_MAX];            /* slot persistence ("" => off)          */
+    vmsigd_grant_rule grants[VMSIGD_MAX_GRANTS];
+    int  ngrants;
+} vmsigd_config;
+
+/* Populate with built-in defaults. */
+void vmsigd_config_defaults(vmsigd_config* c);
+
+/* Parse the INI-ish config (globals + repeated [grant uid=N] stanzas) over the defaults
+ * already in `c`. Unknown keys are ignored. Returns 0, or -1 on open/usage error. */
+int  vmsigd_config_parse_file(vmsigd_config* c, const char* path);
+int  vmsigd_config_parse_buf (vmsigd_config* c, const char* buf);   /* same, from memory (tests) */
+
+/* Translate a comma/space-separated cap keyword list to a VMSIG_CAP_* mask. */
+uint32_t vmsigd_caps_from_str(const char* s);
+
+#endif /* VMSIGD_H */