From nobody Mon Apr 29 08:52:58 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
as permitted sender) client-ip=209.132.183.28;
envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=canonical.com
Return-Path:
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
mx.zohomail.com
with SMTPS id 1521667374854795.1927008962356;
Wed, 21 Mar 2018 14:22:54 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
[10.5.11.14])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 452BF28209;
Wed, 21 Mar 2018 21:22:53 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
by smtp.corp.redhat.com (Postfix) with ESMTPS id F1C6418E47;
Wed, 21 Mar 2018 21:22:52 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id C4041180613A;
Wed, 21 Mar 2018 21:22:51 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
[10.5.11.14])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id w2LLMpTw018505 for ;
Wed, 21 Mar 2018 17:22:51 -0400
Received: by smtp.corp.redhat.com (Postfix)
id 0FC6F4143; Wed, 21 Mar 2018 21:22:51 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com
[10.5.110.39])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 09F5A18E47
for ; Wed, 21 Mar 2018 21:22:48 +0000 (UTC)
Received: from youngberry.canonical.com (youngberry.canonical.com
[91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 562B062E80
for ; Wed, 21 Mar 2018 21:22:47 +0000 (UTC)
Received: from 1.general.paelzer.uk.vpn ([10.172.196.172]
helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa
(TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76)
(envelope-from )
id 1eylC2-0001ar-5c; Wed, 21 Mar 2018 21:22:46 +0000
From: Christian Ehrhardt
To: libvir-list@redhat.com,
=?UTF-8?q?Guido=20G=C3=BCnther?= ,
Jamie Strandboge
Date: Wed, 21 Mar 2018 22:22:37 +0100
Message-Id:
<1521667361-15170-2-git-send-email-christian.ehrhardt@canonical.com>
In-Reply-To:
<1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com>
References:
<1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.39]); Wed, 21 Mar 2018 21:22:47 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.39]);
Wed, 21 Mar 2018 21:22:47 +0000 (UTC) for IP:'91.189.89.112'
DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com'
FROM:'christian.ehrhardt@canonical.com' RCPT:''
X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI,
T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com
91.189.89.112 youngberry.canonical.com
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-loop: libvir-list@redhat.com
Cc: Christian Ehrhardt
Subject: [libvirt] [PATCH v4 1/5] security,
apparmor: add (Set|Restore)MemoryLabel
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted,
not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]);
Wed, 21 Mar 2018 21:22:53 +0000 (UTC)
X-ZohoMail: RSF_0 Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"
Recent changes have made implementing this mandatory to hot add any
memory.
Implementing this in apparmor fixes this as well as allows hot-add of nvdimm
tpye memory with an nvdimmPath set generating a AppArmor rule for that
path.
Example hot adding:
524288
0
Creates now:
"/tmp/nvdimm-test" rwk,
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1755153
Acked-by: Jamie Strandboge
Signed-off-by: Christian Ehrhardt
---
src/security/security_apparmor.c | 46 ++++++++++++++++++++++++++++++++++++=
++++
1 file changed, 46 insertions(+)
diff --git a/src/security/security_apparmor.c b/src/security/security_appar=
mor.c
index a989992..18908c8 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -718,6 +718,49 @@ AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr=
mgr,
=20
/* Called when hotplugging */
static int
+AppArmorSetMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainMemoryDefPtr mem)
+{
+ if (mem =3D=3D NULL)
+ return 0;
+
+ switch ((virDomainMemoryModel) mem->model) {
+ case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+ if (mem->nvdimmPath =3D=3D NULL) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s: nvdimm without a path"),
+ __func__);
+ return -1;
+ }
+ if (!virFileExists(mem->nvdimmPath)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s: \'%s\' does not exist"),
+ __func__, mem->nvdimmPath);
+ return -1;
+ }
+ return reload_profile(mgr, def, mem->nvdimmPath, true);
+ break;
+ case VIR_DOMAIN_MEMORY_MODEL_NONE:
+ case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_LAST:
+ break;
+ }
+
+ return 0;
+}
+
+
+static int
+AppArmorRestoreMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainMemoryDefPtr mem ATTRIBUTE_UNUSED)
+{
+ return reload_profile(mgr, def, NULL, false);
+}
+
+/* Called when hotplugging */
+static int
AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virStorageSourcePtr src)
@@ -1115,6 +1158,9 @@ virSecurityDriver virAppArmorSecurityDriver =3D {
.domainSetSecurityImageLabel =3D AppArmorSetSecurityImageLabel,
.domainRestoreSecurityImageLabel =3D AppArmorRestoreSecurityImageLa=
bel,
=20
+ .domainSetSecurityMemoryLabel =3D AppArmorSetMemoryLabel,
+ .domainRestoreSecurityMemoryLabel =3D AppArmorRestoreMemoryLabel,
+
.domainSetSecurityDaemonSocketLabel =3D AppArmorSetSecurityDaemonSocke=
tLabel,
.domainSetSecuritySocketLabel =3D AppArmorSetSecuritySocketLabel,
.domainClearSecuritySocketLabel =3D AppArmorClearSecuritySocketLab=
el,
--=20
2.7.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Mon Apr 29 08:52:58 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
as permitted sender) client-ip=209.132.183.28;
envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=canonical.com
Return-Path:
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
mx.zohomail.com
with SMTPS id 152166738355087.22679779333839;
Wed, 21 Mar 2018 14:23:03 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
[10.5.11.15])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id D992F37E6E;
Wed, 21 Mar 2018 21:23:01 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 9A5FE544F0;
Wed, 21 Mar 2018 21:23:01 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 60A2D4CA9C;
Wed, 21 Mar 2018 21:23:01 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
[10.5.11.11])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id w2LLMo3m018500 for ;
Wed, 21 Mar 2018 17:22:50 -0400
Received: by smtp.corp.redhat.com (Postfix)
id C23678475E; Wed, 21 Mar 2018 21:22:50 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com
[10.5.110.30])
by smtp.corp.redhat.com (Postfix) with ESMTPS id BD92560637
for ; Wed, 21 Mar 2018 21:22:48 +0000 (UTC)
Received: from youngberry.canonical.com (youngberry.canonical.com
[91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 88E46356DE
for ; Wed, 21 Mar 2018 21:22:47 +0000 (UTC)
Received: from 1.general.paelzer.uk.vpn ([10.172.196.172]
helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa
(TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76)
(envelope-from )
id 1eylC2-0001ar-Bo; Wed, 21 Mar 2018 21:22:46 +0000
From: Christian Ehrhardt
To: libvir-list@redhat.com,
=?UTF-8?q?Guido=20G=C3=BCnther?= ,
Jamie Strandboge
Date: Wed, 21 Mar 2018 22:22:38 +0100
Message-Id:
<1521667361-15170-3-git-send-email-christian.ehrhardt@canonical.com>
In-Reply-To:
<1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com>
References:
<1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.30]); Wed, 21 Mar 2018 21:22:47 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.30]);
Wed, 21 Mar 2018 21:22:47 +0000 (UTC) for IP:'91.189.89.112'
DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com'
FROM:'christian.ehrhardt@canonical.com' RCPT:''
X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI,
T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com
91.189.89.112 youngberry.canonical.com
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.30
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Cc: Christian Ehrhardt
Subject: [libvirt] [PATCH v4 2/5] security,
apparmor: add (Set|Restore)InputLabel
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted,
not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]);
Wed, 21 Mar 2018 21:23:02 +0000 (UTC)
X-ZohoMail: RSF_0 Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"
d8116b5a "security: Introduce functions for input device hot(un)plug"
implemented the code (Set|Restore)InputLabel for several security modules,
this patch adds an AppArmor implementation for it as well.
That fixes hot-plugging event input devices by generating a rule for the
path that needs to be accessed.
Example hot adding:
Creates now:
"/dev/input/event0" rwk,
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1755153
Acked-by: Jamie Strandboge
Signed-off-by: Christian Ehrhardt
---
src/security/security_apparmor.c | 48 ++++++++++++++++++++++++++++++++++++=
++++
1 file changed, 48 insertions(+)
diff --git a/src/security/security_apparmor.c b/src/security/security_appar=
mor.c
index 18908c8..92acc9e 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -761,6 +761,51 @@ AppArmorRestoreMemoryLabel(virSecurityManagerPtr mgr,
=20
/* Called when hotplugging */
static int
+AppArmorSetInputLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainInputDefPtr input)
+{
+ if (input =3D=3D NULL)
+ return 0;
+
+ switch ((virDomainInputType) input->type) {
+ case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
+ if (input->source.evdev =3D=3D NULL) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s: passthrough input device has no source"),
+ __func__);
+ return -1;
+ }
+ if (!virFileExists(input->source.evdev)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s: \'%s\' does not exist"),
+ __func__, input->source.evdev);
+ return -1;
+ }
+ return reload_profile(mgr, def, input->source.evdev, true);
+ break;
+
+ case VIR_DOMAIN_INPUT_TYPE_MOUSE:
+ case VIR_DOMAIN_INPUT_TYPE_TABLET:
+ case VIR_DOMAIN_INPUT_TYPE_KBD:
+ case VIR_DOMAIN_INPUT_TYPE_LAST:
+ break;
+ }
+
+ return 0;
+}
+
+
+static int
+AppArmorRestoreInputLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainInputDefPtr input ATTRIBUTE_UNUSED)
+{
+ return reload_profile(mgr, def, NULL, false);
+}
+
+/* Called when hotplugging */
+static int
AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virStorageSourcePtr src)
@@ -1161,6 +1206,9 @@ virSecurityDriver virAppArmorSecurityDriver =3D {
.domainSetSecurityMemoryLabel =3D AppArmorSetMemoryLabel,
.domainRestoreSecurityMemoryLabel =3D AppArmorRestoreMemoryLabel,
=20
+ .domainSetSecurityInputLabel =3D AppArmorSetInputLabel,
+ .domainRestoreSecurityInputLabel =3D AppArmorRestoreInputLabel,
+
.domainSetSecurityDaemonSocketLabel =3D AppArmorSetSecurityDaemonSocke=
tLabel,
.domainSetSecuritySocketLabel =3D AppArmorSetSecuritySocketLabel,
.domainClearSecuritySocketLabel =3D AppArmorClearSecuritySocketLab=
el,
--=20
2.7.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Mon Apr 29 08:52:58 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
as permitted sender) client-ip=209.132.183.28;
envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=canonical.com
Return-Path:
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
mx.zohomail.com
with SMTPS id 1521667384315990.7258531691155;
Wed, 21 Mar 2018 14:23:04 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
[10.5.11.13])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id F34332BBE06;
Wed, 21 Mar 2018 21:23:02 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 3CED199CA1;
Wed, 21 Mar 2018 21:23:02 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id BA8AA4CA9E;
Wed, 21 Mar 2018 21:23:01 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
[10.5.11.14])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id w2LLMpsI018506 for ;
Wed, 21 Mar 2018 17:22:51 -0400
Received: by smtp.corp.redhat.com (Postfix)
id 1007E18BAC; Wed, 21 Mar 2018 21:22:51 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com
[10.5.110.32])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 098F05D728
for ; Wed, 21 Mar 2018 21:22:48 +0000 (UTC)
Received: from youngberry.canonical.com (youngberry.canonical.com
[91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id B773CC057FA4
for ; Wed, 21 Mar 2018 21:22:47 +0000 (UTC)
Received: from 1.general.paelzer.uk.vpn ([10.172.196.172]
helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa
(TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76)
(envelope-from )
id 1eylC2-0001ar-I3; Wed, 21 Mar 2018 21:22:46 +0000
From: Christian Ehrhardt
To: libvir-list@redhat.com,
=?UTF-8?q?Guido=20G=C3=BCnther?= ,
Jamie Strandboge
Date: Wed, 21 Mar 2018 22:22:39 +0100
Message-Id:
<1521667361-15170-4-git-send-email-christian.ehrhardt@canonical.com>
In-Reply-To:
<1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com>
References:
<1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.32]); Wed, 21 Mar 2018 21:22:47 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.32]);
Wed, 21 Mar 2018 21:22:47 +0000 (UTC) for IP:'91.189.89.112'
DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com'
FROM:'christian.ehrhardt@canonical.com' RCPT:''
X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI,
T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com
91.189.89.112 youngberry.canonical.com
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.32
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-loop: libvir-list@redhat.com
Cc: Christian Ehrhardt
Subject: [libvirt] [PATCH v4 3/5] virt-aa-helper: generate rules for
passthrough input devices
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]);
Wed, 21 Mar 2018 21:23:03 +0000 (UTC)
X-ZohoMail: RSF_0 Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"
Input devices can passthrough an event device. This currently works only via
hotplug where the AppArmor label is created via the domain label callbacks.
This adds the virt-aa-helper support for passthrough input devices to gener=
ate
rules for the needed paths from the initial guest definition as well.
Example in domain xml:
Works to start now and creates:
"/dev/input/event0" rw,
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085
Acked-by: Jamie Strandboge
Signed-off-by: Christian Ehrhardt
---
src/security/virt-aa-helper.c | 8 ++++++++
tests/virt-aa-helper-test | 3 +++
2 files changed, 11 insertions(+)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 456cfce..ad1371d 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1157,6 +1157,14 @@ get_files(vahControl * ctl)
}
}
=20
+ for (i =3D 0; i < ctl->def->ninputs; i++) {
+ if (ctl->def->inputs[i] &&
+ ctl->def->inputs[i]->type =3D=3D VIR_DOMAIN_INPUT_TYPE_PAS=
STHROUGH) {
+ if (vah_add_file(&buf, ctl->def->inputs[i]->source.evdev, "rw"=
) !=3D 0)
+ goto cleanup;
+ }
+ }
+
for (i =3D 0; i < ctl->def->nnets; i++) {
if (ctl->def->nets[i] &&
ctl->def->nets[i]->type =3D=3D VIR_DOMAIN_NET_TYPE_VHOSTUS=
ER &&
diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
index 1e96b8e..054269c 100755
--- a/tests/virt-aa-helper-test
+++ b/tests/virt-aa-helper-test
@@ -359,6 +359,9 @@ testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugep=
ages/kvm/\*\*" "$test_xml
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,,g" "$template_xml" > "$=
test_xml"
testme "0" "vnc socket" "-r -u $valid_uuid" "$test_xml"
=20
+sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,=
,g" "$template_xml" > "$test_xml"
+testme "0" "input dev passthrough" "-r -u $valid_uuid" "$test_xml"
+
testme "0" "help" "-h"
=20
echo "" >$output
--=20
2.7.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Mon Apr 29 08:52:58 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
as permitted sender) client-ip=209.132.183.28;
envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=canonical.com
Return-Path:
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
mx.zohomail.com
with SMTPS id 1521667378209439.2477431530782;
Wed, 21 Mar 2018 14:22:58 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
[10.5.11.12])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id CE30580E45;
Wed, 21 Mar 2018 21:22:56 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id A4A8182793;
Wed, 21 Mar 2018 21:22:56 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 677F54CA99;
Wed, 21 Mar 2018 21:22:56 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
[10.5.11.16])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id w2LLMpDi018519 for ;
Wed, 21 Mar 2018 17:22:51 -0400
Received: by smtp.corp.redhat.com (Postfix)
id E118D81404; Wed, 21 Mar 2018 21:22:51 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com
[10.5.110.26])
by smtp.corp.redhat.com (Postfix) with ESMTPS id DA0EA813FB
for ; Wed, 21 Mar 2018 21:22:49 +0000 (UTC)
Received: from youngberry.canonical.com (youngberry.canonical.com
[91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 3ABC27E9C0
for ; Wed, 21 Mar 2018 21:22:48 +0000 (UTC)
Received: from 1.general.paelzer.uk.vpn ([10.172.196.172]
helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa
(TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76)
(envelope-from )
id 1eylC2-0001ar-OE; Wed, 21 Mar 2018 21:22:46 +0000
From: Christian Ehrhardt
To: libvir-list@redhat.com,
=?UTF-8?q?Guido=20G=C3=BCnther?= ,
Jamie Strandboge
Date: Wed, 21 Mar 2018 22:22:40 +0100
Message-Id:
<1521667361-15170-5-git-send-email-christian.ehrhardt@canonical.com>
In-Reply-To:
<1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com>
References:
<1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.26]); Wed, 21 Mar 2018 21:22:48 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.26]);
Wed, 21 Mar 2018 21:22:48 +0000 (UTC) for IP:'91.189.89.112'
DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com'
FROM:'christian.ehrhardt@canonical.com' RCPT:''
X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI,
T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com
91.189.89.112 youngberry.canonical.com
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.26
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-loop: libvir-list@redhat.com
Cc: Christian Ehrhardt
Subject: [libvirt] [PATCH v4 4/5] virt-aa-helper: generate rules for nvdimm
memory
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
Wed, 21 Mar 2018 21:22:57 +0000 (UTC)
X-ZohoMail: RSF_0 Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"
nvdimm memory is backed by a path on the host. This currently works only via
hotplug where the AppArmor label is created via the domain label callbacks.
This adds the virt-aa-helper support for nvdimm memory devices to generate
rules for the needed paths from the initial guest definition as well.
Example in domain xml:
524288
0
Works to start now and creates:
"/tmp/nvdimm-base" rw,
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085
Acked-by: Jamie Strandboge
Signed-off-by: Christian Ehrhardt
---
src/security/virt-aa-helper.c | 8 ++++++++
tests/virt-aa-helper-test | 3 +++
2 files changed, 11 insertions(+)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index ad1371d..a1bc109 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1177,6 +1177,14 @@ get_files(vahControl * ctl)
}
}
=20
+ for (i =3D 0; i < ctl->def->nmems; i++) {
+ if (ctl->def->mems[i] &&
+ ctl->def->mems[i]->model =3D=3D VIR_DOMAIN_MEMORY_MODEL_NV=
DIMM) {
+ if (vah_add_file(&buf, ctl->def->mems[i]->nvdimmPath, "rw") !=
=3D 0)
+ goto cleanup;
+ }
+ }
+
if (ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_KVM) {
for (i =3D 0; i < ctl->def->nnets; i++) {
virDomainNetDefPtr net =3D ctl->def->nets[i];
diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
index 054269c..7c839e4 100755
--- a/tests/virt-aa-helper-test
+++ b/tests/virt-aa-helper-test
@@ -362,6 +362,9 @@ testme "0" "vnc socket" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,=
,g" "$template_xml" > "$test_xml"
testme "0" "input dev passthrough" "-r -u $valid_uuid" "$test_xml"
=20
+sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,524=
288,1048576,g" -e "s,,5242=
880,g" "$template_xml" > "$=
test_xml"
+testme "0" "nvdimm" "-r -u $valid_uuid" "$test_xml"
+
testme "0" "help" "-h"
=20
echo "" >$output
--=20
2.7.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Mon Apr 29 08:52:58 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
as permitted sender) client-ip=209.132.183.28;
envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=canonical.com
Return-Path:
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
mx.zohomail.com
with SMTPS id 1521667387410906.9425725850273;
Wed, 21 Mar 2018 14:23:07 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
[10.5.11.11])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 2A4DB7E9D4;
Wed, 21 Mar 2018 21:23:06 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 03CC484766;
Wed, 21 Mar 2018 21:23:06 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id A8D24180BAD4;
Wed, 21 Mar 2018 21:23:05 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
[10.5.11.16])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id w2LLMpxm018518 for ;
Wed, 21 Mar 2018 17:22:51 -0400
Received: by smtp.corp.redhat.com (Postfix)
id E1093813F8; Wed, 21 Mar 2018 21:22:51 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx01.extmail.prod.ext.phx2.redhat.com
[10.5.110.25])
by smtp.corp.redhat.com (Postfix) with ESMTPS id DA18381403
for ; Wed, 21 Mar 2018 21:22:49 +0000 (UTC)
Received: from youngberry.canonical.com (youngberry.canonical.com
[91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 27A7181231
for ; Wed, 21 Mar 2018 21:22:48 +0000 (UTC)
Received: from 1.general.paelzer.uk.vpn ([10.172.196.172]
helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa
(TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76)
(envelope-from )
id 1eylC2-0001ar-US; Wed, 21 Mar 2018 21:22:47 +0000
From: Christian Ehrhardt
To: libvir-list@redhat.com,
=?UTF-8?q?Guido=20G=C3=BCnther?= ,
Jamie Strandboge
Date: Wed, 21 Mar 2018 22:22:41 +0100
Message-Id:
<1521667361-15170-6-git-send-email-christian.ehrhardt@canonical.com>
In-Reply-To:
<1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com>
References:
<1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.25]); Wed, 21 Mar 2018 21:22:48 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.25]);
Wed, 21 Mar 2018 21:22:48 +0000 (UTC) for IP:'91.189.89.112'
DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com'
FROM:'christian.ehrhardt@canonical.com' RCPT:''
X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI,
T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com
91.189.89.112 youngberry.canonical.com
X-Scanned-By: MIMEDefang 2.83 on 10.5.110.25
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-loop: libvir-list@redhat.com
Cc: Christian Ehrhardt
Subject: [libvirt] [PATCH v4 5/5] virt-aa-helper: test: check for expected
profile content
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]);
Wed, 21 Mar 2018 21:23:06 +0000 (UTC)
X-ZohoMail: RSF_0 Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"
So far the virt-aa-helper tests only checked the return code and thereby
catched aborts like issues failing to parse the XML. But there is one
category of virt-aa-helper issues so far untested - not generating the
expected rule.
This adds a basic grep based checks after each test to match against the
rule that is expected to be added by the test.
Signed-off-by: Christian Ehrhardt
---
tests/virt-aa-helper-test | 85 +++++++++++++++++++++++++++----------------=
----
1 file changed, 49 insertions(+), 36 deletions(-)
diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
index 7c839e4..fb40057 100755
--- a/tests/virt-aa-helper-test
+++ b/tests/virt-aa-helper-test
@@ -108,6 +108,9 @@ testme() {
outstr=3D"$2"
args=3D"$3"
input=3D""
+ checkrule=3D"$5"
+
+ tmpout=3D"$tmpdir/checkrule.out"
=20
if [ -n "$4" ]; then
input=3D"$4"
@@ -127,13 +130,23 @@ testme() {
echo "': " >$output
set +e
if [ -n "$input" ]; then
- LD_LIBRARY_PATH=3D"$ld_library_path" $exe $extra_args $args < $inp=
ut >$output 2>&1
+ LD_LIBRARY_PATH=3D"$ld_library_path" $exe $extra_args $args < $inp=
ut >"$tmpout" 2>&1
else
- LD_LIBRARY_PATH=3D"$ld_library_path" $exe $extra_args $args >$outp=
ut 2>&1
+ LD_LIBRARY_PATH=3D"$ld_library_path" $exe $extra_args $args >"$tmp=
out" 2>&1
fi
rc=3D"$?"
+ cat "$tmpout" >"$output"
+
+ rule_missing=3D0
+ if [ -n "$checkrule" ]; then
+ if ! grep -q "$checkrule" "$tmpout"; then
+ echo "FAIL: missing rule '$checkrule'" >"$output"
+ rule_missing=3D1
+ fi
+ fi
+
set -e
- if [ "$rc" =3D "$expected" ]; then
+ if [ "$rc" =3D "$expected" ] && [ $rule_missing -eq 0 ]; then
echo "pass" >$output
else
echo "FAIL: exited with '$rc'" >$output
@@ -234,19 +247,19 @@ testme "1" "-c with invalid domain name char *" "-c -=
u $valid_uuid" "$test_xml"
=20
echo "Expected pass:" >$output
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >=
"$test_xml"
-testme "0" "create (x86_64)" "-c -u $valid_uuid" "$test_xml"
+testme "0" "create (x86_64)" "-c -u $valid_uuid" "$test_xml" "$disk1.*rwk,=
$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,arch=3D'x86=
_64',arch=3D'i686',g" "$template_xml" > "$test_xml"
-testme "0" "create (i686)" "-c -u $valid_uuid" "$test_xml"
+testme "0" "create (i686)" "-c -u $valid_uuid" "$test_xml" "$disk1.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,arch=3D'x86=
_64',arch=3D'ppc',g" "$template_xml" > "$test_xml"
-testme "0" "create (ppc)" "-c -u $valid_uuid" "$test_xml"
+testme "0" "create (ppc)" "-c -u $valid_uuid" "$test_xml" "$disk1.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,,g" "$tem=
plate_xml" > "$test_xml"
-testme "0" "create multiple disks" "-c -u $valid_uuid" "$test_xml"
+testme "0" "create multiple disks" "-c -u $valid_uuid" "$test_xml" "$disk1=
.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###',${disk1}'/> "$test_xml"
-testme "0" "create (readonly)" "-c -u $valid_uuid" "$test_xml"
+testme "0" "create (readonly)" "-c -u $valid_uuid" "$test_xml" "$disk1.*rk=
,$"
=20
if [ "$test_hostdev" =3D "yes" ]; then
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,=
,,g" "$template_xml" > "$test_xml"
@@ -257,73 +270,73 @@ if [ "$test_hostdev" =3D "yes" ]; then
fi
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$nonexistent,g" "$template_=
xml" > "$test_xml"
-testme "0" "create (non-existent disk)" "-c -u $valid_uuid" "$test_xml"
+testme "0" "create (non-existent disk)" "-c -u $valid_uuid" "$test_xml" "$=
nonexistent.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$relative_disk1,g" "$templa=
te_xml" > "$test_xml"
-testme "0" "create (relative path)" "-c -u $valid_uuid" "$test_xml"
+testme "0" "create (relative path)" "-c -u $valid_uuid" "$test_xml" "$disk=
1.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk2,g" "$template_xml" >=
"$test_xml"
-testme "0" "replace" "-r -u $valid_uuid" "$test_xml"
+testme "0" "replace" "-r -u $valid_uuid" "$test_xml" "$disk2.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$nonexistent,g" "$template_=
xml" > "$test_xml"
-testme "0" "replace (non-existent disk)" "-r -u $valid_uuid" "$test_xml"
+testme "0" "replace (non-existent disk)" "-r -u $valid_uuid" "$test_xml" "=
$nonexistent.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >=
"$test_xml"
-testme "0" "replace (adding disk)" "-r -u $valid_uuid -f $disk2" "$test_xm=
l"
+testme "0" "replace (adding disk)" "-r -u $valid_uuid -f $disk2" "$test_xm=
l" "$disk2.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >=
"$test_xml"
-testme "0" "replace (adding non-existent disk)" "-r -u $valid_uuid -f $non=
existent" "$test_xml"
+testme "0" "replace (adding non-existent disk)" "-r -u $valid_uuid -f $non=
existent" "$test_xml" "$nonexistent.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >=
"$test_xml"
-testme "0" "replace (appending disk)" "-r -u $valid_uuid -F $disk2" "$test=
_xml"
+testme "0" "replace (appending disk)" "-r -u $valid_uuid -F $disk2" "$test=
_xml" "$disk2.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >=
"$test_xml"
-testme "0" "replace (appending non-existent disk)" "-r -u $valid_uuid -F $=
nonexistent" "$test_xml"
+testme "0" "replace (appending non-existent disk)" "-r -u $valid_uuid -F $=
nonexistent" "$test_xml" "$nonexistent.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,=
,g" "$template_xml" > "$test_xml"
testme "0" "disk (empty cdrom)" "-r -u $valid_uuid" "$test_xml"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,=
,g" "$template_xml" > "$test_xml"
-testme "0" "serial" "-r -u $valid_uuid" "$test_xml"
+testme "0" "serial" "-r -u $valid_uuid" "$test_xml" "$tmpdir/serial.log.*r=
w,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,=
,g" "$template_=
xml" > "$test_xml"
testme "0" "serial (pty)" "-r -u $valid_uuid" "$test_xml"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,=
,g" "$template_xml" > "$test_xml"
-testme "0" "parallel (pty)" "-r -u $valid_uuid" "$test_xml"
+testme "0" "parallel (pty)" "-r -u $valid_uuid" "$test_xml" "/dev/pts/0.*r=
w,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,=
,g" "$template_xml" > "$test_xml"
mkfifo "$tmpdir/parallel.pipe.in" "$tmpdir/parallel.pipe.out"
-testme "0" "parallel (pipe)" "-r -u $valid_uuid" "$test_xml"
+testme "0" "parallel (pipe)" "-r -u $valid_uuid" "$test_xml" "$tmpdir/para=
llel.pipe.in.*rw,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,=
,g" "$template_xml" > "$test_xml"
touch "$tmpdir/guestfwd"
-testme "0" "channel (unix)" "-r -u $valid_uuid" "$test_xml"
+testme "0" "channel (unix)" "-r -u $valid_uuid" "$test_xml" "$tmpdir/guest=
fwd.*rw,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,=
,g" "$te=
mplate_xml" > "$test_xml"
testme "0" "channel (pty)" "-r -u $valid_uuid" "$test_xml"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,$tmpdir/kernel,g" "$template_xml" > "$test_xml"
touch "$tmpdir/kernel"
-testme "0" "kernel" "-r -u $valid_uuid" "$test_xml"
+testme "0" "kernel" "-r -u $valid_uuid" "$test_xml" "$tmpdir/kernel.*r,$"
=20
testfw "ovmf (old path)" "/usr/share/ovmf/OVMF.fd"
testfw "OVMF (new path)" "/usr/share/OVMF/OVMF_CODE.fd"
@@ -333,37 +346,37 @@ testfw "qemu-efi" "/usr/share/qemu-efi/QEMU_EFI.fd"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,$tmpdir/initrd,g" "$template_xml" > "$test_xml"
touch "$tmpdir/initrd"
-testme "0" "initrd" "-r -u $valid_uuid" "$test_xml"
+testme "0" "initrd" "-r -u $valid_uuid" "$test_xml" "$tmpdir/initrd.*r,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,/boot/kernel,g" "$template_xml" > "$test_xml"
-testme "0" "kernel in /boot" "-r -u $valid_uuid" "$test_xml"
+testme "0" "kernel in /boot" "-r -u $valid_uuid" "$test_xml" "/boot/kernel=
.*r,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,/boot/initrd,g" "$template_xml" > "$test_xml"
-testme "0" "initrd in /boot" "-r -u $valid_uuid" "$test_xml"
+testme "0" "initrd in /boot" "-r -u $valid_uuid" "$test_xml" "/boot/initrd=
.*r,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,/vmlinuz,g" "$template_xml" > "$test_xml"
-testme "0" "kernel is /vmlinuz" "-r -u $valid_uuid" "$test_xml"
+testme "0" "kernel is /vmlinuz" "-r -u $valid_uuid" "$test_xml" "/vmlinuz.=
*r,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,/initrd/ramdisk,g" "$template_xml" > "$test_xml"
-testme "0" "initrd is /initrd/ramdisk" "-r -u $valid_uuid" "$test_xml"
+testme "0" "initrd is /initrd/ramdisk" "-r -u $valid_uuid" "$test_xml" "/i=
nitrd/ramdisk.*r,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,/initrd.img,g" "$template_xml" > "$test_xml"
-testme "0" "initrd is /initrd.img" "-r -u $valid_uuid" "$test_xml"
+testme "0" "initrd is /initrd.img" "-r -u $valid_uuid" "$test_xml" "/initr=
d.img.*r,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,g" "$template_xml" > "$test_xml"
-testme "0" "sdl Xauthority" "-r -u $valid_uuid" "$test_xml"
+testme "0" "sdl Xauthority" "-r -u $valid_uuid" "$test_xml" "/home/myself/=
.Xauthority.*r,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >=
"$test_xml"
-testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugepages/kvm/\*\*" "$te=
st_xml"
+testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugepages/kvm/\*\*" "$te=
st_xml" "/run/hugepages/kvm/.*rwk,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,,g" "$template_xml" > "$=
test_xml"
-testme "0" "vnc socket" "-r -u $valid_uuid" "$test_xml"
+testme "0" "vnc socket" "-r -u $valid_uuid" "$test_xml" "/var/lib/libvirt/=
qemu/myself.vnc.*rw,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,=
,g" "$template_xml" > "$test_xml"
-testme "0" "input dev passthrough" "-r -u $valid_uuid" "$test_xml"
+testme "0" "input dev passthrough" "-r -u $valid_uuid" "$test_xml" "$disk2=
.*rw,$"
=20
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,524=
288,1048576,g" -e "s,,$disk25242=
880,g" "$template_xml" > "$=
test_xml"
-testme "0" "nvdimm" "-r -u $valid_uuid" "$test_xml"
+testme "0" "nvdimm" "-r -u $valid_uuid" "$test_xml" "$disk2.*rw,$"
=20
testme "0" "help" "-h"
=20
--=20
2.7.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list