From nobody Mon Apr 29 08:52:58 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1521667374854795.1927008962356; Wed, 21 Mar 2018 14:22:54 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 452BF28209; Wed, 21 Mar 2018 21:22:53 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F1C6418E47; Wed, 21 Mar 2018 21:22:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C4041180613A; Wed, 21 Mar 2018 21:22:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2LLMpTw018505 for ; Wed, 21 Mar 2018 17:22:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0FC6F4143; Wed, 21 Mar 2018 21:22:51 +0000 (UTC) Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com [10.5.110.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 09F5A18E47 for ; Wed, 21 Mar 2018 21:22:48 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 562B062E80 for ; Wed, 21 Mar 2018 21:22:47 +0000 (UTC) Received: from 1.general.paelzer.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eylC2-0001ar-5c; Wed, 21 Mar 2018 21:22:46 +0000 From: Christian Ehrhardt To: libvir-list@redhat.com, =?UTF-8?q?Guido=20G=C3=BCnther?= , Jamie Strandboge Date: Wed, 21 Mar 2018 22:22:37 +0100 Message-Id: <1521667361-15170-2-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com> References: <1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 21 Mar 2018 21:22:47 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 21 Mar 2018 21:22:47 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Cc: Christian Ehrhardt Subject: [libvirt] [PATCH v4 1/5] security, apparmor: add (Set|Restore)MemoryLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 21 Mar 2018 21:22:53 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Recent changes have made implementing this mandatory to hot add any memory. Implementing this in apparmor fixes this as well as allows hot-add of nvdimm tpye memory with an nvdimmPath set generating a AppArmor rule for that path. Example hot adding: /tmp/nvdimm-test 524288 0 Creates now: "/tmp/nvdimm-test" rwk, Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1755153 Acked-by: Jamie Strandboge Signed-off-by: Christian Ehrhardt --- src/security/security_apparmor.c | 46 ++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 46 insertions(+) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index a989992..18908c8 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -718,6 +718,49 @@ AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr= mgr, =20 /* Called when hotplugging */ static int +AppArmorSetMemoryLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainMemoryDefPtr mem) +{ + if (mem =3D=3D NULL) + return 0; + + switch ((virDomainMemoryModel) mem->model) { + case VIR_DOMAIN_MEMORY_MODEL_NVDIMM: + if (mem->nvdimmPath =3D=3D NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s: nvdimm without a path"), + __func__); + return -1; + } + if (!virFileExists(mem->nvdimmPath)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s: \'%s\' does not exist"), + __func__, mem->nvdimmPath); + return -1; + } + return reload_profile(mgr, def, mem->nvdimmPath, true); + break; + case VIR_DOMAIN_MEMORY_MODEL_NONE: + case VIR_DOMAIN_MEMORY_MODEL_DIMM: + case VIR_DOMAIN_MEMORY_MODEL_LAST: + break; + } + + return 0; +} + + +static int +AppArmorRestoreMemoryLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainMemoryDefPtr mem ATTRIBUTE_UNUSED) +{ + return reload_profile(mgr, def, NULL, false); +} + +/* Called when hotplugging */ +static int AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, virStorageSourcePtr src) @@ -1115,6 +1158,9 @@ virSecurityDriver virAppArmorSecurityDriver =3D { .domainSetSecurityImageLabel =3D AppArmorSetSecurityImageLabel, .domainRestoreSecurityImageLabel =3D AppArmorRestoreSecurityImageLa= bel, =20 + .domainSetSecurityMemoryLabel =3D AppArmorSetMemoryLabel, + .domainRestoreSecurityMemoryLabel =3D AppArmorRestoreMemoryLabel, + .domainSetSecurityDaemonSocketLabel =3D AppArmorSetSecurityDaemonSocke= tLabel, .domainSetSecuritySocketLabel =3D AppArmorSetSecuritySocketLabel, .domainClearSecuritySocketLabel =3D AppArmorClearSecuritySocketLab= el, --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 08:52:58 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 152166738355087.22679779333839; Wed, 21 Mar 2018 14:23:03 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D992F37E6E; Wed, 21 Mar 2018 21:23:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9A5FE544F0; Wed, 21 Mar 2018 21:23:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 60A2D4CA9C; Wed, 21 Mar 2018 21:23:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2LLMo3m018500 for ; Wed, 21 Mar 2018 17:22:50 -0400 Received: by smtp.corp.redhat.com (Postfix) id C23678475E; Wed, 21 Mar 2018 21:22:50 +0000 (UTC) Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com [10.5.110.30]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BD92560637 for ; Wed, 21 Mar 2018 21:22:48 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 88E46356DE for ; Wed, 21 Mar 2018 21:22:47 +0000 (UTC) Received: from 1.general.paelzer.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eylC2-0001ar-Bo; Wed, 21 Mar 2018 21:22:46 +0000 From: Christian Ehrhardt To: libvir-list@redhat.com, =?UTF-8?q?Guido=20G=C3=BCnther?= , Jamie Strandboge Date: Wed, 21 Mar 2018 22:22:38 +0100 Message-Id: <1521667361-15170-3-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com> References: <1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 21 Mar 2018 21:22:47 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 21 Mar 2018 21:22:47 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.30 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: Christian Ehrhardt Subject: [libvirt] [PATCH v4 2/5] security, apparmor: add (Set|Restore)InputLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 21 Mar 2018 21:23:02 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" d8116b5a "security: Introduce functions for input device hot(un)plug" implemented the code (Set|Restore)InputLabel for several security modules, this patch adds an AppArmor implementation for it as well. That fixes hot-plugging event input devices by generating a rule for the path that needs to be accessed. Example hot adding: Creates now: "/dev/input/event0" rwk, Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1755153 Acked-by: Jamie Strandboge Signed-off-by: Christian Ehrhardt --- src/security/security_apparmor.c | 48 ++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 48 insertions(+) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 18908c8..92acc9e 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -761,6 +761,51 @@ AppArmorRestoreMemoryLabel(virSecurityManagerPtr mgr, =20 /* Called when hotplugging */ static int +AppArmorSetInputLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainInputDefPtr input) +{ + if (input =3D=3D NULL) + return 0; + + switch ((virDomainInputType) input->type) { + case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH: + if (input->source.evdev =3D=3D NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s: passthrough input device has no source"), + __func__); + return -1; + } + if (!virFileExists(input->source.evdev)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s: \'%s\' does not exist"), + __func__, input->source.evdev); + return -1; + } + return reload_profile(mgr, def, input->source.evdev, true); + break; + + case VIR_DOMAIN_INPUT_TYPE_MOUSE: + case VIR_DOMAIN_INPUT_TYPE_TABLET: + case VIR_DOMAIN_INPUT_TYPE_KBD: + case VIR_DOMAIN_INPUT_TYPE_LAST: + break; + } + + return 0; +} + + +static int +AppArmorRestoreInputLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainInputDefPtr input ATTRIBUTE_UNUSED) +{ + return reload_profile(mgr, def, NULL, false); +} + +/* Called when hotplugging */ +static int AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, virStorageSourcePtr src) @@ -1161,6 +1206,9 @@ virSecurityDriver virAppArmorSecurityDriver =3D { .domainSetSecurityMemoryLabel =3D AppArmorSetMemoryLabel, .domainRestoreSecurityMemoryLabel =3D AppArmorRestoreMemoryLabel, =20 + .domainSetSecurityInputLabel =3D AppArmorSetInputLabel, + .domainRestoreSecurityInputLabel =3D AppArmorRestoreInputLabel, + .domainSetSecurityDaemonSocketLabel =3D AppArmorSetSecurityDaemonSocke= tLabel, .domainSetSecuritySocketLabel =3D AppArmorSetSecuritySocketLabel, .domainClearSecuritySocketLabel =3D AppArmorClearSecuritySocketLab= el, --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 08:52:58 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1521667384315990.7258531691155; Wed, 21 Mar 2018 14:23:04 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F34332BBE06; Wed, 21 Mar 2018 21:23:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3CED199CA1; Wed, 21 Mar 2018 21:23:02 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BA8AA4CA9E; Wed, 21 Mar 2018 21:23:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2LLMpsI018506 for ; Wed, 21 Mar 2018 17:22:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1007E18BAC; Wed, 21 Mar 2018 21:22:51 +0000 (UTC) Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com [10.5.110.32]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 098F05D728 for ; Wed, 21 Mar 2018 21:22:48 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B773CC057FA4 for ; Wed, 21 Mar 2018 21:22:47 +0000 (UTC) Received: from 1.general.paelzer.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eylC2-0001ar-I3; Wed, 21 Mar 2018 21:22:46 +0000 From: Christian Ehrhardt To: libvir-list@redhat.com, =?UTF-8?q?Guido=20G=C3=BCnther?= , Jamie Strandboge Date: Wed, 21 Mar 2018 22:22:39 +0100 Message-Id: <1521667361-15170-4-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com> References: <1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 21 Mar 2018 21:22:47 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 21 Mar 2018 21:22:47 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.32 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Cc: Christian Ehrhardt Subject: [libvirt] [PATCH v4 3/5] virt-aa-helper: generate rules for passthrough input devices X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 21 Mar 2018 21:23:03 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Input devices can passthrough an event device. This currently works only via hotplug where the AppArmor label is created via the domain label callbacks. This adds the virt-aa-helper support for passthrough input devices to gener= ate rules for the needed paths from the initial guest definition as well. Example in domain xml: Works to start now and creates: "/dev/input/event0" rw, Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085 Acked-by: Jamie Strandboge Signed-off-by: Christian Ehrhardt --- src/security/virt-aa-helper.c | 8 ++++++++ tests/virt-aa-helper-test | 3 +++ 2 files changed, 11 insertions(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 456cfce..ad1371d 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1157,6 +1157,14 @@ get_files(vahControl * ctl) } } =20 + for (i =3D 0; i < ctl->def->ninputs; i++) { + if (ctl->def->inputs[i] && + ctl->def->inputs[i]->type =3D=3D VIR_DOMAIN_INPUT_TYPE_PAS= STHROUGH) { + if (vah_add_file(&buf, ctl->def->inputs[i]->source.evdev, "rw"= ) !=3D 0) + goto cleanup; + } + } + for (i =3D 0; i < ctl->def->nnets; i++) { if (ctl->def->nets[i] && ctl->def->nets[i]->type =3D=3D VIR_DOMAIN_NET_TYPE_VHOSTUS= ER && diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test index 1e96b8e..054269c 100755 --- a/tests/virt-aa-helper-test +++ b/tests/virt-aa-helper-test @@ -359,6 +359,9 @@ testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugep= ages/kvm/\*\*" "$test_xml sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,,g" "$template_xml" > "$= test_xml" testme "0" "vnc socket" "-r -u $valid_uuid" "$test_xml" =20 +sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" +testme "0" "input dev passthrough" "-r -u $valid_uuid" "$test_xml" + testme "0" "help" "-h" =20 echo "" >$output --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 08:52:58 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1521667378209439.2477431530782; Wed, 21 Mar 2018 14:22:58 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CE30580E45; Wed, 21 Mar 2018 21:22:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A4A8182793; Wed, 21 Mar 2018 21:22:56 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 677F54CA99; Wed, 21 Mar 2018 21:22:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2LLMpDi018519 for ; Wed, 21 Mar 2018 17:22:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id E118D81404; Wed, 21 Mar 2018 21:22:51 +0000 (UTC) Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com [10.5.110.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DA0EA813FB for ; Wed, 21 Mar 2018 21:22:49 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3ABC27E9C0 for ; Wed, 21 Mar 2018 21:22:48 +0000 (UTC) Received: from 1.general.paelzer.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eylC2-0001ar-OE; Wed, 21 Mar 2018 21:22:46 +0000 From: Christian Ehrhardt To: libvir-list@redhat.com, =?UTF-8?q?Guido=20G=C3=BCnther?= , Jamie Strandboge Date: Wed, 21 Mar 2018 22:22:40 +0100 Message-Id: <1521667361-15170-5-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com> References: <1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 21 Mar 2018 21:22:48 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 21 Mar 2018 21:22:48 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.26 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Cc: Christian Ehrhardt Subject: [libvirt] [PATCH v4 4/5] virt-aa-helper: generate rules for nvdimm memory X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 21 Mar 2018 21:22:57 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" nvdimm memory is backed by a path on the host. This currently works only via hotplug where the AppArmor label is created via the domain label callbacks. This adds the virt-aa-helper support for nvdimm memory devices to generate rules for the needed paths from the initial guest definition as well. Example in domain xml: /tmp/nvdimm-base 524288 0 Works to start now and creates: "/tmp/nvdimm-base" rw, Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085 Acked-by: Jamie Strandboge Signed-off-by: Christian Ehrhardt --- src/security/virt-aa-helper.c | 8 ++++++++ tests/virt-aa-helper-test | 3 +++ 2 files changed, 11 insertions(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index ad1371d..a1bc109 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1177,6 +1177,14 @@ get_files(vahControl * ctl) } } =20 + for (i =3D 0; i < ctl->def->nmems; i++) { + if (ctl->def->mems[i] && + ctl->def->mems[i]->model =3D=3D VIR_DOMAIN_MEMORY_MODEL_NV= DIMM) { + if (vah_add_file(&buf, ctl->def->mems[i]->nvdimmPath, "rw") != =3D 0) + goto cleanup; + } + } + if (ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_KVM) { for (i =3D 0; i < ctl->def->nnets; i++) { virDomainNetDefPtr net =3D ctl->def->nets[i]; diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test index 054269c..7c839e4 100755 --- a/tests/virt-aa-helper-test +++ b/tests/virt-aa-helper-test @@ -362,6 +362,9 @@ testme "0" "vnc socket" "-r -u $valid_uuid" "$test_xml" sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" testme "0" "input dev passthrough" "-r -u $valid_uuid" "$test_xml" =20 +sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,524= 288,1048576,g" -e "s,,$disk25242= 880,g" "$template_xml" > "$= test_xml" +testme "0" "nvdimm" "-r -u $valid_uuid" "$test_xml" + testme "0" "help" "-h" =20 echo "" >$output --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 08:52:58 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1521667387410906.9425725850273; Wed, 21 Mar 2018 14:23:07 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2A4DB7E9D4; Wed, 21 Mar 2018 21:23:06 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 03CC484766; Wed, 21 Mar 2018 21:23:06 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A8D24180BAD4; Wed, 21 Mar 2018 21:23:05 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2LLMpxm018518 for ; Wed, 21 Mar 2018 17:22:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id E1093813F8; Wed, 21 Mar 2018 21:22:51 +0000 (UTC) Received: from mx1.redhat.com (ext-mx01.extmail.prod.ext.phx2.redhat.com [10.5.110.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DA18381403 for ; Wed, 21 Mar 2018 21:22:49 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 27A7181231 for ; Wed, 21 Mar 2018 21:22:48 +0000 (UTC) Received: from 1.general.paelzer.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eylC2-0001ar-US; Wed, 21 Mar 2018 21:22:47 +0000 From: Christian Ehrhardt To: libvir-list@redhat.com, =?UTF-8?q?Guido=20G=C3=BCnther?= , Jamie Strandboge Date: Wed, 21 Mar 2018 22:22:41 +0100 Message-Id: <1521667361-15170-6-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com> References: <1521667361-15170-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 21 Mar 2018 21:22:48 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 21 Mar 2018 21:22:48 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.83 on 10.5.110.25 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Cc: Christian Ehrhardt Subject: [libvirt] [PATCH v4 5/5] virt-aa-helper: test: check for expected profile content X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 21 Mar 2018 21:23:06 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" So far the virt-aa-helper tests only checked the return code and thereby catched aborts like issues failing to parse the XML. But there is one category of virt-aa-helper issues so far untested - not generating the expected rule. This adds a basic grep based checks after each test to match against the rule that is expected to be added by the test. Signed-off-by: Christian Ehrhardt --- tests/virt-aa-helper-test | 85 +++++++++++++++++++++++++++----------------= ---- 1 file changed, 49 insertions(+), 36 deletions(-) diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test index 7c839e4..fb40057 100755 --- a/tests/virt-aa-helper-test +++ b/tests/virt-aa-helper-test @@ -108,6 +108,9 @@ testme() { outstr=3D"$2" args=3D"$3" input=3D"" + checkrule=3D"$5" + + tmpout=3D"$tmpdir/checkrule.out" =20 if [ -n "$4" ]; then input=3D"$4" @@ -127,13 +130,23 @@ testme() { echo "': " >$output set +e if [ -n "$input" ]; then - LD_LIBRARY_PATH=3D"$ld_library_path" $exe $extra_args $args < $inp= ut >$output 2>&1 + LD_LIBRARY_PATH=3D"$ld_library_path" $exe $extra_args $args < $inp= ut >"$tmpout" 2>&1 else - LD_LIBRARY_PATH=3D"$ld_library_path" $exe $extra_args $args >$outp= ut 2>&1 + LD_LIBRARY_PATH=3D"$ld_library_path" $exe $extra_args $args >"$tmp= out" 2>&1 fi rc=3D"$?" + cat "$tmpout" >"$output" + + rule_missing=3D0 + if [ -n "$checkrule" ]; then + if ! grep -q "$checkrule" "$tmpout"; then + echo "FAIL: missing rule '$checkrule'" >"$output" + rule_missing=3D1 + fi + fi + set -e - if [ "$rc" =3D "$expected" ]; then + if [ "$rc" =3D "$expected" ] && [ $rule_missing -eq 0 ]; then echo "pass" >$output else echo "FAIL: exited with '$rc'" >$output @@ -234,19 +247,19 @@ testme "1" "-c with invalid domain name char *" "-c -= u $valid_uuid" "$test_xml" =20 echo "Expected pass:" >$output sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >= "$test_xml" -testme "0" "create (x86_64)" "-c -u $valid_uuid" "$test_xml" +testme "0" "create (x86_64)" "-c -u $valid_uuid" "$test_xml" "$disk1.*rwk,= $" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,arch=3D'x86= _64',arch=3D'i686',g" "$template_xml" > "$test_xml" -testme "0" "create (i686)" "-c -u $valid_uuid" "$test_xml" +testme "0" "create (i686)" "-c -u $valid_uuid" "$test_xml" "$disk1.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,arch=3D'x86= _64',arch=3D'ppc',g" "$template_xml" > "$test_xml" -testme "0" "create (ppc)" "-c -u $valid_uuid" "$test_xml" +testme "0" "create (ppc)" "-c -u $valid_uuid" "$test_xml" "$disk1.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,,g" "$tem= plate_xml" > "$test_xml" -testme "0" "create multiple disks" "-c -u $valid_uuid" "$test_xml" +testme "0" "create multiple disks" "-c -u $valid_uuid" "$test_xml" "$disk1= .*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###',${disk1}'/> "$test_xml" -testme "0" "create (readonly)" "-c -u $valid_uuid" "$test_xml" +testme "0" "create (readonly)" "-c -u $valid_uuid" "$test_xml" "$disk1.*rk= ,$" =20 if [ "$test_hostdev" =3D "yes" ]; then sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,= ,
,g" "$template_xml" > "$test_xml" @@ -257,73 +270,73 @@ if [ "$test_hostdev" =3D "yes" ]; then fi =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$nonexistent,g" "$template_= xml" > "$test_xml" -testme "0" "create (non-existent disk)" "-c -u $valid_uuid" "$test_xml" +testme "0" "create (non-existent disk)" "-c -u $valid_uuid" "$test_xml" "$= nonexistent.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$relative_disk1,g" "$templa= te_xml" > "$test_xml" -testme "0" "create (relative path)" "-c -u $valid_uuid" "$test_xml" +testme "0" "create (relative path)" "-c -u $valid_uuid" "$test_xml" "$disk= 1.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk2,g" "$template_xml" >= "$test_xml" -testme "0" "replace" "-r -u $valid_uuid" "$test_xml" +testme "0" "replace" "-r -u $valid_uuid" "$test_xml" "$disk2.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$nonexistent,g" "$template_= xml" > "$test_xml" -testme "0" "replace (non-existent disk)" "-r -u $valid_uuid" "$test_xml" +testme "0" "replace (non-existent disk)" "-r -u $valid_uuid" "$test_xml" "= $nonexistent.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >= "$test_xml" -testme "0" "replace (adding disk)" "-r -u $valid_uuid -f $disk2" "$test_xm= l" +testme "0" "replace (adding disk)" "-r -u $valid_uuid -f $disk2" "$test_xm= l" "$disk2.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >= "$test_xml" -testme "0" "replace (adding non-existent disk)" "-r -u $valid_uuid -f $non= existent" "$test_xml" +testme "0" "replace (adding non-existent disk)" "-r -u $valid_uuid -f $non= existent" "$test_xml" "$nonexistent.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >= "$test_xml" -testme "0" "replace (appending disk)" "-r -u $valid_uuid -F $disk2" "$test= _xml" +testme "0" "replace (appending disk)" "-r -u $valid_uuid -F $disk2" "$test= _xml" "$disk2.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >= "$test_xml" -testme "0" "replace (appending non-existent disk)" "-r -u $valid_uuid -F $= nonexistent" "$test_xml" +testme "0" "replace (appending non-existent disk)" "-r -u $valid_uuid -F $= nonexistent" "$test_xml" "$nonexistent.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" testme "0" "disk (empty cdrom)" "-r -u $valid_uuid" "$test_xml" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" -testme "0" "serial" "-r -u $valid_uuid" "$test_xml" +testme "0" "serial" "-r -u $valid_uuid" "$test_xml" "$tmpdir/serial.log.*r= w,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_= xml" > "$test_xml" testme "0" "serial (pty)" "-r -u $valid_uuid" "$test_xml" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" -testme "0" "serial (dev)" "-r -u $valid_uuid" "$test_xml" +testme "0" "serial (dev)" "-r -u $valid_uuid" "$test_xml" "/dev/ttyS0.*rw,= $" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" -mkfifo "$tmpdir/serial.pipe.in" "$tmpdir/serial.pipe.out" +mkfifo "$tmpdir/serial.pipe.in" "$tmpdir/serial.pipe.out" "$tmpdir/serial.= pipe.in.*rw,$" testme "0" "serial (pipe)" "-r -u $valid_uuid" "$test_xml" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" touch "$tmpdir/console.log" -testme "0" "console" "-r -u $valid_uuid" "$test_xml" +testme "0" "console" "-r -u $valid_uuid" "$test_xml" "$tmpdir/console.log.= *rw,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$templat= e_xml" > "$test_xml" testme "0" "console (pty)" "-r -u $valid_uuid" "$test_xml" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" mkfifo "$tmpdir/console.pipe.in" "$tmpdir/console.pipe.out" -testme "0" "console (pipe)" "-r -u $valid_uuid" "$test_xml" +testme "0" "console (pipe)" "-r -u $valid_uuid" "$test_xml" "$tmpdir/conso= le.pipe.out.*rw,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" -testme "0" "parallel (pty)" "-r -u $valid_uuid" "$test_xml" +testme "0" "parallel (pty)" "-r -u $valid_uuid" "$test_xml" "/dev/pts/0.*r= w,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" mkfifo "$tmpdir/parallel.pipe.in" "$tmpdir/parallel.pipe.out" -testme "0" "parallel (pipe)" "-r -u $valid_uuid" "$test_xml" +testme "0" "parallel (pipe)" "-r -u $valid_uuid" "$test_xml" "$tmpdir/para= llel.pipe.in.*rw,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" touch "$tmpdir/guestfwd" -testme "0" "channel (unix)" "-r -u $valid_uuid" "$test_xml" +testme "0" "channel (unix)" "-r -u $valid_uuid" "$test_xml" "$tmpdir/guest= fwd.*rw,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$te= mplate_xml" > "$test_xml" testme "0" "channel (pty)" "-r -u $valid_uuid" "$test_xml" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,$tmpdir/kernel,g" "$template_xml" > "$test_xml" touch "$tmpdir/kernel" -testme "0" "kernel" "-r -u $valid_uuid" "$test_xml" +testme "0" "kernel" "-r -u $valid_uuid" "$test_xml" "$tmpdir/kernel.*r,$" =20 testfw "ovmf (old path)" "/usr/share/ovmf/OVMF.fd" testfw "OVMF (new path)" "/usr/share/OVMF/OVMF_CODE.fd" @@ -333,37 +346,37 @@ testfw "qemu-efi" "/usr/share/qemu-efi/QEMU_EFI.fd" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,$tmpdir/initrd,g" "$template_xml" > "$test_xml" touch "$tmpdir/initrd" -testme "0" "initrd" "-r -u $valid_uuid" "$test_xml" +testme "0" "initrd" "-r -u $valid_uuid" "$test_xml" "$tmpdir/initrd.*r,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,/boot/kernel,g" "$template_xml" > "$test_xml" -testme "0" "kernel in /boot" "-r -u $valid_uuid" "$test_xml" +testme "0" "kernel in /boot" "-r -u $valid_uuid" "$test_xml" "/boot/kernel= .*r,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,/boot/initrd,g" "$template_xml" > "$test_xml" -testme "0" "initrd in /boot" "-r -u $valid_uuid" "$test_xml" +testme "0" "initrd in /boot" "-r -u $valid_uuid" "$test_xml" "/boot/initrd= .*r,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,/vmlinuz,g" "$template_xml" > "$test_xml" -testme "0" "kernel is /vmlinuz" "-r -u $valid_uuid" "$test_xml" +testme "0" "kernel is /vmlinuz" "-r -u $valid_uuid" "$test_xml" "/vmlinuz.= *r,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,/initrd/ramdisk,g" "$template_xml" > "$test_xml" -testme "0" "initrd is /initrd/ramdisk" "-r -u $valid_uuid" "$test_xml" +testme "0" "initrd is /initrd/ramdisk" "-r -u $valid_uuid" "$test_xml" "/i= nitrd/ramdisk.*r,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,/initrd.img,g" "$template_xml" > "$test_xml" -testme "0" "initrd is /initrd.img" "-r -u $valid_uuid" "$test_xml" +testme "0" "initrd is /initrd.img" "-r -u $valid_uuid" "$test_xml" "/initr= d.img.*r,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,g" "$template_xml" > "$test_xml" -testme "0" "sdl Xauthority" "-r -u $valid_uuid" "$test_xml" +testme "0" "sdl Xauthority" "-r -u $valid_uuid" "$test_xml" "/home/myself/= .Xauthority.*r,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" >= "$test_xml" -testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugepages/kvm/\*\*" "$te= st_xml" +testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugepages/kvm/\*\*" "$te= st_xml" "/run/hugepages/kvm/.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,,g" "$template_xml" > "$= test_xml" -testme "0" "vnc socket" "-r -u $valid_uuid" "$test_xml" +testme "0" "vnc socket" "-r -u $valid_uuid" "$test_xml" "/var/lib/libvirt/= qemu/myself.vnc.*rw,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" -testme "0" "input dev passthrough" "-r -u $valid_uuid" "$test_xml" +testme "0" "input dev passthrough" "-r -u $valid_uuid" "$test_xml" "$disk2= .*rw,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,524= 288,1048576,g" -e "s,,$disk25242= 880,g" "$template_xml" > "$= test_xml" -testme "0" "nvdimm" "-r -u $valid_uuid" "$test_xml" +testme "0" "nvdimm" "-r -u $valid_uuid" "$test_xml" "$disk2.*rw,$" =20 testme "0" "help" "-h" =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list