From nobody Sun May 5 05:35:38 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
as permitted sender) client-ip=209.132.183.28;
envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zoho.com;
spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path:
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
mx.zohomail.com
with SMTPS id 1496770685931537.6791932740516;
Tue, 6 Jun 2017 10:38:05 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
[10.5.11.13])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 46801DF873;
Tue, 6 Jun 2017 17:38:04 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 0A60917963;
Tue, 6 Jun 2017 17:38:04 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id BD2094A48D;
Tue, 6 Jun 2017 17:38:03 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
[10.5.11.12])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id v56EB0nQ024485 for ;
Tue, 6 Jun 2017 10:11:00 -0400
Received: by smtp.corp.redhat.com (Postfix)
id 47EB981B54; Tue, 6 Jun 2017 14:11:00 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com
[10.5.110.28])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 85B337EBD6;
Tue, 6 Jun 2017 14:10:57 +0000 (UTC)
Received: from smtp.nue.novell.com (smtp.nue.novell.com [195.135.221.5])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 1DDE080B56;
Tue, 6 Jun 2017 14:10:55 +0000 (UTC)
Received: from laptop.vms (mhy71-2-88-167-63-197.fbx.proxad.net
[88.167.63.197]) by smtp.nue.novell.com with ESMTP (TLS encrypted);
Tue, 06 Jun 2017 16:10:53 +0200
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 46801DF873
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
dmarc=none (p=none dis=none) header.from=suse.com
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 46801DF873
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 1DDE080B56
Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com;
dmarc=none (p=none dis=none) header.from=suse.com
Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com;
spf=pass smtp.mailfrom=cbosdonnat@suse.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 1DDE080B56
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?=
To: libvir-list@redhat.com
Date: Tue, 6 Jun 2017 16:10:49 +0200
Message-Id: <20170606141050.12755-2-cbosdonnat@suse.com>
In-Reply-To: <20170606141050.12755-1-cbosdonnat@suse.com>
References: <20170606141050.12755-1-cbosdonnat@suse.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 203
matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.28]); Tue, 06 Jun 2017 14:10:56 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.28]);
Tue, 06 Jun 2017 14:10:56 +0000 (UTC) for IP:'195.135.221.5'
DOMAIN:'smtp.nue.novell.com' HELO:'smtp.nue.novell.com'
FROM:'cbosdonnat@suse.com' RCPT:''
X-RedHat-Spam-Score: -1.501 (BAYES_50, RCVD_IN_DNSWL_MED,
SPF_PASS) 195.135.221.5 smtp.nue.novell.com 195.135.221.5
smtp.nue.novell.com
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
Cc: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?=
Subject: [libvirt] [PATCH 1/2] util: share code between virExec and
virCommandExec
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
Tue, 06 Jun 2017 17:38:05 +0000 (UTC)
X-ZohoMail: RSF_0 Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"
virCommand is a version of virExec that doesn't fork, however it is
just calling execve and doesn't honors setting uid/gid and pwd.
This commit extrac those pieces from virExec() to a virExecCommon()
function that is called from both virExec() and virCommandExec().
---
src/util/vircommand.c | 69 +++++++++++++++++++++++++++++------------------=
----
1 file changed, 40 insertions(+), 29 deletions(-)
diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index e1bbc0526..60c1121da 100644
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@@ -464,6 +464,41 @@ virCommandHandshakeChild(virCommandPtr cmd)
return 0;
}
=20
+static int
+virExecCommon(virCommandPtr cmd)
+{
+ gid_t *groups =3D NULL;
+ int ngroups;
+ int ret =3D -1;
+
+ if ((ngroups =3D virGetGroupList(cmd->uid, cmd->gid, &groups)) < 0)
+ goto cleanup;
+
+ if (cmd->uid !=3D (uid_t)-1 || cmd->gid !=3D (gid_t)-1 ||
+ cmd->capabilities || (cmd->flags & VIR_EXEC_CLEAR_CAPS)) {
+ VIR_DEBUG("Setting child uid:gid to %d:%d with caps %llx",
+ (int)cmd->uid, (int)cmd->gid, cmd->capabilities);
+ if (virSetUIDGIDWithCaps(cmd->uid, cmd->gid, groups, ngroups,
+ cmd->capabilities,
+ !!(cmd->flags & VIR_EXEC_CLEAR_CAPS)) < 0)
+ goto cleanup;
+ }
+
+ if (cmd->pwd) {
+ VIR_DEBUG("Running child in %s", cmd->pwd);
+ if (chdir(cmd->pwd) < 0) {
+ virReportSystemError(errno,
+ _("Unable to change to %s"), cmd->pwd);
+ goto cleanup;
+ }
+ }
+ ret =3D 0;
+
+ cleanup:
+ VIR_FREE(groups);
+ return ret;
+}
+
/*
* virExec:
* @cmd virCommandPtr containing all information about the program to
@@ -484,8 +519,6 @@ virExec(virCommandPtr cmd)
const char *binary =3D NULL;
int ret;
struct sigaction waxon, waxoff;
- gid_t *groups =3D NULL;
- int ngroups;
=20
if (cmd->args[0][0] !=3D '/') {
if (!(binary =3D binarystr =3D virFindFileInPath(cmd->args[0]))) {
@@ -556,9 +589,6 @@ virExec(virCommandPtr cmd)
childerr =3D null;
}
=20
- if ((ngroups =3D virGetGroupList(cmd->uid, cmd->gid, &groups)) < 0)
- goto cleanup;
-
pid =3D virFork();
=20
if (pid < 0)
@@ -578,7 +608,6 @@ virExec(virCommandPtr cmd)
cmd->pid =3D pid;
=20
VIR_FREE(binarystr);
- VIR_FREE(groups);
=20
return 0;
}
@@ -727,28 +756,8 @@ virExec(virCommandPtr cmd)
}
# endif
=20
- /* The steps above may need to do something privileged, so we delay
- * setuid and clearing capabilities until the last minute.
- */
- if (cmd->uid !=3D (uid_t)-1 || cmd->gid !=3D (gid_t)-1 ||
- cmd->capabilities || (cmd->flags & VIR_EXEC_CLEAR_CAPS)) {
- VIR_DEBUG("Setting child uid:gid to %d:%d with caps %llx",
- (int)cmd->uid, (int)cmd->gid, cmd->capabilities);
- if (virSetUIDGIDWithCaps(cmd->uid, cmd->gid, groups, ngroups,
- cmd->capabilities,
- !!(cmd->flags & VIR_EXEC_CLEAR_CAPS)) < 0=
) {
- goto fork_error;
- }
- }
-
- if (cmd->pwd) {
- VIR_DEBUG("Running child in %s", cmd->pwd);
- if (chdir(cmd->pwd) < 0) {
- virReportSystemError(errno,
- _("Unable to change to %s"), cmd->pwd);
- goto fork_error;
- }
- }
+ if (virExecCommon(cmd) < 0)
+ goto fork_error;
=20
if (virCommandHandshakeChild(cmd) < 0)
goto fork_error;
@@ -789,7 +798,6 @@ virExec(virCommandPtr cmd)
/* This is cleanup of parent process only - child
should never jump here on error */
=20
- VIR_FREE(groups);
VIR_FREE(binarystr);
=20
/* NB we don't virReportError() on any failures here
@@ -2166,6 +2174,9 @@ int virCommandExec(virCommandPtr cmd)
return -1;
}
=20
+ if (virExecCommon(cmd) < 0)
+ return -1;
+
execve(cmd->args[0], cmd->args, cmd->env);
=20
virReportSystemError(errno,
--=20
2.12.2
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sun May 5 05:35:38 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
as permitted sender) client-ip=209.132.183.28;
envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zoho.com;
spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path:
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
mx.zohomail.com
with SMTPS id 1496758291338457.7919469177382;
Tue, 6 Jun 2017 07:11:31 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
[10.5.11.13])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id E7A7EC0587E0;
Tue, 6 Jun 2017 14:11:21 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 8931A1798F;
Tue, 6 Jun 2017 14:11:21 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id E4C0597013;
Tue, 6 Jun 2017 14:11:02 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
[10.5.11.12])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id v56EB2M2024495 for ;
Tue, 6 Jun 2017 10:11:02 -0400
Received: by smtp.corp.redhat.com (Postfix)
id 0C9E977DC4; Tue, 6 Jun 2017 14:11:02 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com
[10.5.110.29])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 312BB81B41;
Tue, 6 Jun 2017 14:10:57 +0000 (UTC)
Received: from smtp.nue.novell.com (smtp.nue.novell.com [195.135.221.5])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 6D93B4DB15;
Tue, 6 Jun 2017 14:10:55 +0000 (UTC)
Received: from laptop.vms (mhy71-2-88-167-63-197.fbx.proxad.net
[88.167.63.197]) by smtp.nue.novell.com with ESMTP (TLS encrypted);
Tue, 06 Jun 2017 16:10:53 +0200
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E7A7EC0587E0
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
dmarc=none (p=none dis=none) header.from=suse.com
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E7A7EC0587E0
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 6D93B4DB15
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com;
dmarc=none (p=none dis=none) header.from=suse.com
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com;
spf=pass smtp.mailfrom=cbosdonnat@suse.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 6D93B4DB15
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?=
To: libvir-list@redhat.com
Date: Tue, 6 Jun 2017 16:10:50 +0200
Message-Id: <20170606141050.12755-3-cbosdonnat@suse.com>
In-Reply-To: <20170606141050.12755-1-cbosdonnat@suse.com>
References: <20170606141050.12755-1-cbosdonnat@suse.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 203
matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.29]); Tue, 06 Jun 2017 14:10:56 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.29]);
Tue, 06 Jun 2017 14:10:56 +0000 (UTC) for IP:'195.135.221.5'
DOMAIN:'smtp.nue.novell.com' HELO:'smtp.nue.novell.com'
FROM:'cbosdonnat@suse.com' RCPT:''
X-RedHat-Spam-Score: -1.501 (BAYES_50, RCVD_IN_DNSWL_MED,
SPF_PASS) 195.135.221.5 smtp.nue.novell.com 195.135.221.5
smtp.nue.novell.com
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.29
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
Cc: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?=
Subject: [libvirt] [PATCH 2/2] lxc: allow user to specify command working
directory
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]);
Tue, 06 Jun 2017 14:11:23 +0000 (UTC)
X-ZohoMail: RSF_0 Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"
Some containers may want the application to run in a special directory.
Add element in the domain configuration to handle this case
and use it in the lxc driver.
---
docs/formatdomain.html.in | 5 +++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 5 +++++
src/conf/domain_conf.h | 1 +
src/lxc/lxc_container.c | 2 ++
tests/lxcxml2xmldata/lxc-initdir.xml | 30 ++++++++++++++++++++++++++++++
tests/lxcxml2xmltest.c | 1 +
7 files changed, 49 insertions(+)
create mode 100644 tests/lxcxml2xmldata/lxc-initdir.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 8da50875b..7627fd0d0 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -330,6 +330,10 @@
To set environment variables, use the initenv
element, =
one
for each variable.
+
+ To set a custom work directory for the init, use the initdir=
code>
+ element.
+
=20
<os>
@@ -338,6 +342,7 @@
<initarg>--unit</initarg>
<initarg>emergency.service</initarg>
<initenv name=3D'MYENV'>some value</initenv>
+ <initdir>/my/custom/cwd</initdir>
</os>
=20
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 695214816..5a4c4ecf1 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -395,6 +395,11 @@
+
+
+ [
+ ]
+
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 37ed1a732..3c2a81f52 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2808,6 +2808,7 @@ void virDomainDefFree(virDomainDefPtr def)
VIR_FREE(def->os.initargv);
for (i =3D 0; def->os.initenv && def->os.initenv[i]; i++)
VIR_FREE(def->os.initenv[i]);
+ VIR_FREE(def->os.initdir);
VIR_FREE(def->os.initenv);
VIR_FREE(def->os.kernel);
VIR_FREE(def->os.initrd);
@@ -16803,6 +16804,7 @@ virDomainDefParseBootOptions(virDomainDefPtr def,
if (def->os.type =3D=3D VIR_DOMAIN_OSTYPE_EXE) {
def->os.init =3D virXPathString("string(./os/init[1])", ctxt);
def->os.cmdline =3D virXPathString("string(./os/cmdline[1])", ctxt=
);
+ def->os.initdir =3D virXPathString("string(./os/initdir[1])", ctxt=
);
=20
if ((n =3D virXPathNodeSet("./os/initarg", ctxt, &nodes)) < 0)
goto error;
@@ -24588,6 +24590,9 @@ virDomainDefFormatInternal(virDomainDefPtr def,
for (i =3D 0; def->os.initenv && def->os.initenv[i]; i++)
virBufferAsprintf(buf, "%s\n",
def->os.initenv[i]->name, def->os.initenv[i]->va=
lue);
+ if (def->os.initdir)
+ virBufferEscapeString(buf, "%s\n",
+ def->os.initdir);
if (def->os.loader)
virDomainLoaderDefFormat(buf, def->os.loader);
virBufferEscapeString(buf, "%s\n",
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 4d86a1e16..d6b8429c3 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1841,6 +1841,7 @@ struct _virDomainOSDef {
char *init;
char **initargv;
virDomainOSEnvPtr *initenv;
+ char *initdir;
char *kernel;
char *initrd;
char *cmdline;
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index ffafc39d7..8d8e1a735 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -245,6 +245,8 @@ static virCommandPtr lxcContainerBuildInitCmd(virDomain=
DefPtr vmDef,
virCommandAddEnvPair(cmd, "LIBVIRT_LXC_NAME", vmDef->name);
if (vmDef->os.cmdline)
virCommandAddEnvPair(cmd, "LIBVIRT_LXC_CMDLINE", vmDef->os.cmdline=
);
+ if (vmDef->os.initdir)
+ virCommandSetWorkingDirectory(cmd, vmDef->os.initdir);
=20
for (i =3D 0; vmDef->os.initenv[i]; i++) {
virCommandAddEnvPair(cmd, vmDef->os.initenv[i]->name,
diff --git a/tests/lxcxml2xmldata/lxc-initdir.xml b/tests/lxcxml2xmldata/lx=
c-initdir.xml
new file mode 100644
index 000000000..2940bda91
--- /dev/null
+++ b/tests/lxcxml2xmldata/lxc-initdir.xml
@@ -0,0 +1,30 @@
+
+ jessie
+ e21987a5-e98e-9c99-0e35-803e4d9ad1fe
+ 1048576
+ 1048576
+ 1
+
+ /machine
+
+
+ exe
+ /sbin/sh
+ /path/to/pwd
+
+
+ destroy
+ restart
+ restart
+
+ /usr/libexec/libvirt_lxc
+
+
+
+
+
+
+
+
diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c
index 2a24b60b3..c81b0eace 100644
--- a/tests/lxcxml2xmltest.c
+++ b/tests/lxcxml2xmltest.c
@@ -99,6 +99,7 @@ mymain(void)
DO_TEST_FULL("filesystem-root", 0, false,
VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS);
DO_TEST("initenv");
+ DO_TEST("initdir");
=20
virObjectUnref(caps);
virObjectUnref(xmlopt);
--=20
2.12.2
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list