From nobody Fri May 17 05:00:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1677073371; cv=none; d=zohomail.com; s=zohoarc; b=BJKJtWHlNfuH6wgpp+1gOigTWz+/CE8ksSFY3Yy8GFc6fYleIe0fcj9A7Dk54ByEgIp6XkIfjU+n0cB6fcy7ELdFkrWwO6Dyqiuuh1jche5Y3qeK92GEff1WNzF9hUYSUwqzdRWLZeGOm6BfQlKzzgFsEJrIfovhqWhLTfGdXv0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1677073371; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=xBfJIwufUEZsRxQJ+zKlUYd4haOcnVh4i88SQTuQwzQ=; b=anhX2mSXTktKv/bWC4koHSKSK3d5RVynjcu22M0vjGRNzkdlFQnnn3taHYUljy7plesQyoXnf3iGjv1VczPtlzo+gngY4MaduVC1GmtOvCM049ya0Na7bOUSA8AbtKJIqkIzzBotwev2yZ6CbFD1I/b8sQ/Cb8+TIqGOOmTtEx4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1677073371648478.37284278577; Wed, 22 Feb 2023 05:42:51 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-433-DO7_CGZuPN2TPgG2uL4_ZA-1; Wed, 22 Feb 2023 08:42:49 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9085B1991C42; Wed, 22 Feb 2023 13:42:46 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id A52B940C1423; Wed, 22 Feb 2023 13:42:42 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 7353B1946588; Wed, 22 Feb 2023 13:42:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 2BC7E1946587 for ; Wed, 22 Feb 2023 13:21:36 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 09F121121318; Wed, 22 Feb 2023 13:21:36 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 027FD1121315 for ; Wed, 22 Feb 2023 13:21:35 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6386F3814944 for ; Wed, 22 Feb 2023 13:21:35 +0000 (UTC) Received: from passt.top (passt.top [88.198.0.164]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-570-EadaIsfvM7Cn5axE79Jwmw-1; Wed, 22 Feb 2023 08:21:33 -0500 Received: by passt.top (Postfix, from userid 1000) id F0EEF5A0082; Wed, 22 Feb 2023 14:21:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1677073370; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=xBfJIwufUEZsRxQJ+zKlUYd4haOcnVh4i88SQTuQwzQ=; b=KWY6TI4pN0s7QKy8sQiOLl5brEfG4xmwwvFSl34A0u6bG3PzbfWlim7z08gKrTN7Cjwh0y Mf5afbmvJgfVK0uQjFUVAHRw2viBB6426Qa6rEr4FTwL70NG7WlkUZm4QTrek1qKvJt736 3opyIabPfqYJu3Q0h91ZsaY/DkxpxoQ= X-MC-Unique: DO7_CGZuPN2TPgG2uL4_ZA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: EadaIsfvM7Cn5axE79Jwmw-1 From: Stefano Brivio To: libvir-list@redhat.com Subject: [PATCH v2 1/3] qemu_passt: Don't make passt transition to svirt_t/libvirt_domain on start Date: Wed, 22 Feb 2023 14:21:29 +0100 Message-Id: <20230222132131.3811642-2-sbrivio@redhat.com> In-Reply-To: <20230222132131.3811642-1-sbrivio@redhat.com> References: <20230222132131.3811642-1-sbrivio@redhat.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Michal=20Pr=C3=ADvozn=C3=ADk?= , Laine Stump Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1677073373411100001 Content-Type: text/plain; charset="utf-8"; x-default="true" qemuSecurityCommandRun() causes an explicit domain transition of the new process, but passt ships with its own SELinux policy, with external interfaces for libvirtd, so we simply need to transition from virtd_t to passt_t as passt is executed. The qemu type enforcement rules have little to do with it. That is, if we switch to svirt_t, passt will run in the security context that's intended for QEMU, which allows a number of operations not needed by passt. On the other hand, with a switch to svirt_t, passt won't be able to create its own PID file. Usage of those new interfaces is implemented by this change in selinux-policy: https://github.com/fedora-selinux/selinux-policy/pull/1613 Replace qemuSecurityCommandRun() with virCommandRun(), and explicitly set the label, preserving the correct MCS range for the given VM instance. This is a temporary measure: eventually, we'll need a more generic and elegant mechanism for helper binaries. Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains") Signed-off-by: Stefano Brivio --- src/qemu/qemu_passt.c | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c index 1217a6a087..81f48dd630 100644 --- a/src/qemu/qemu_passt.c +++ b/src/qemu/qemu_passt.c @@ -30,6 +30,11 @@ #include "virlog.h" #include "virpidfile.h" =20 +#ifdef WITH_SELINUX +# include +# include +#endif + #define VIR_FROM_THIS VIR_FROM_NONE =20 VIR_LOG_INIT("qemu.passt"); @@ -158,8 +163,11 @@ qemuPasstStart(virDomainObj *vm, g_autofree char *errbuf =3D NULL; char macaddr[VIR_MAC_STRING_BUFLEN]; size_t i; - int exitstatus =3D 0; - int cmdret =3D 0; +#ifdef WITH_SELINUX + virSecurityLabelDef *seclabel; + context_t s; + const char *newLabel; +#endif =20 cmd =3D virCommandNew(PASST); =20 @@ -271,18 +279,31 @@ qemuPasstStart(virDomainObj *vm, if (qemuExtDeviceLogCommand(driver, vm, cmd, "passt") < 0) return -1; =20 - if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, &exitstatus, &cmdr= et) < 0) - goto error; +#ifdef WITH_SELINUX + /* TODO: Implement a new security manager function for helper binaries, + * possibly deriving domain names from security attributes of the help= er + * binary itself. + */ + seclabel =3D virDomainDefGetSecurityLabelDef(vm->def, "selinux"); + s =3D context_new(seclabel->label); + context_type_set(s, "passt_t"); + newLabel =3D context_str(s); + + virCommandSetSELinuxLabel(cmd, newLabel); +#endif =20 - if (cmdret < 0 || exitstatus !=3D 0) { + if (virCommandRun(cmd, NULL)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Could not start 'passt': %s"), NULLSTR(errbuf)); goto error; } =20 + context_free(s); + return 0; =20 error: - qemuPasstKill(pidfile); + context_free(s); + qemuPasstKill(pidfile, passtSocketName); return -1; } --=20 2.39.1 From nobody Fri May 17 05:00:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1677073805; cv=none; d=zohomail.com; s=zohoarc; b=gQ4/rkNpLjhayeIT7ZjyNzOhL76MgCwUL+8FfT/butqAvME6Ce0vtd8COhC7D0Td7rdJq8PfcRBpVQu2OEbwdzpydPcmGTqv6EyBgJ8/vVsTmFKb8StxPioQ1NibTr4GF6jQvVWdefMAoJl86Qr8GSK3ivb0v/7vEZiH4J/OX3I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1677073805; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=UP/LYPXS5lU1GB0NcUlCRKiY22F9uMQFknB6V4tTXfo=; b=JpUt38t/KqW0KaUY5NKvRGerGRmcU5tQ/BHWuYlo3SwPfBw6rxXuyGEvTl6ZQ2Yv5YV6i+EmReZoIE8bF2My9rr9/I9J0zkmO2+3F0sJCoVJyVqPiIksshCgeAIPNohjlJKsoo1nzxVJQxEiqxwkACFUdNcnYluXFRwKrIDD11w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1677073804823324.9561891961919; Wed, 22 Feb 2023 05:50:04 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-205--b0EorrQPNWJd_L4igOtMA-1; Wed, 22 Feb 2023 08:49:41 -0500 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 56C1A85CBD0; Wed, 22 Feb 2023 13:49:38 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id EA3DA492B00; Wed, 22 Feb 2023 13:49:37 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id CC3091946588; Wed, 22 Feb 2023 13:49:37 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 1DDE51946587 for ; Wed, 22 Feb 2023 13:21:37 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id F20B92166B29; Wed, 22 Feb 2023 13:21:36 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EBC9D2166B26 for ; Wed, 22 Feb 2023 13:21:36 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D1A0185CBE8 for ; Wed, 22 Feb 2023 13:21:36 +0000 (UTC) Received: from passt.top (passt.top [88.198.0.164]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-325-pgfKhaqjPAyyThhky2PumA-1; Wed, 22 Feb 2023 08:21:33 -0500 Received: by passt.top (Postfix, from userid 1000) id F32475A026C; Wed, 22 Feb 2023 14:21:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1677073803; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=UP/LYPXS5lU1GB0NcUlCRKiY22F9uMQFknB6V4tTXfo=; b=SrZAE0afqRRmGHTnsRxs1jDK0Bi8Ck7T3LROf6yFO6DxS8sgeDkG9xZEu9Dpg69xBF51XU M+JTz6cuOCUfUl3cYAMEr355F9ozMY5vj9E97NCt7Q+HEO38a5cDzfV+lBS8bz5DZQjfzN WSr5D9nSID30vhQqZ49hcBntR475zDY= X-MC-Unique: -b0EorrQPNWJd_L4igOtMA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: pgfKhaqjPAyyThhky2PumA-1 From: Stefano Brivio To: libvir-list@redhat.com Subject: [PATCH v2 2/3] qemu_passt: Set UID and GID to configured values for qemu driver, if any Date: Wed, 22 Feb 2023 14:21:30 +0100 Message-Id: <20230222132131.3811642-3-sbrivio@redhat.com> In-Reply-To: <20230222132131.3811642-1-sbrivio@redhat.com> References: <20230222132131.3811642-1-sbrivio@redhat.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Michal=20Pr=C3=ADvozn=C3=ADk?= , Laine Stump Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1677073805874100001 Content-Type: text/plain; charset="utf-8"; x-default="true" qemuSecurityCommandRun() would have dealt with this (if UID and GID had been passed). With virCommandRun() we need separate, explicit calls. Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains") Signed-off-by: Stefano Brivio --- src/qemu/qemu_passt.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c index 81f48dd630..61e7047354 100644 --- a/src/qemu/qemu_passt.c +++ b/src/qemu/qemu_passt.c @@ -157,6 +157,7 @@ qemuPasstStart(virDomainObj *vm, { qemuDomainObjPrivate *priv =3D vm->privateData; virQEMUDriver *driver =3D priv->driver; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); g_autofree char *passtSocketName =3D qemuPasstCreateSocketPath(vm, net= ); g_autoptr(virCommand) cmd =3D NULL; g_autofree char *pidfile =3D qemuPasstCreatePidFilename(vm, net); @@ -174,6 +175,11 @@ qemuPasstStart(virDomainObj *vm, virCommandClearCaps(cmd); virCommandSetErrorBuffer(cmd, &errbuf); =20 + if (cfg->user !=3D (uid_t) -1) + virCommandSetUID(cmd, cfg->user); + if (cfg->group !=3D (gid_t) -1) + virCommandSetGID(cmd, cfg->group); + virCommandAddArgList(cmd, "--one-off", "--socket", passtSocketName, --=20 2.39.1 From nobody Fri May 17 05:00:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1677073637; cv=none; d=zohomail.com; s=zohoarc; b=A06U/uLG41kiufi8iD/9+pJXppxxeDEyBykltapCFEYN8wBuT1b1I3m7atU8u+aNmfpJ7zeMuZjl29Zf9Szb+RjYg9o41vlMfx40tvgLx+tFTqNYHZX9ICTIL23Op+AI4aedftO++kCfGpm76xFAcLav/eGBxs076RMr5fRiJec= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1677073637; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=kTY4z3PyUO1Oh04GMeSym3hUQSjakS66dPhlbZKogJI=; b=mubReEQpGNhalQgLRxLG4Kvk4RvfsDwPPPwhZ7j4ilM/gyAF4/KJb+PTwTfl17Hjm3ZQ4lKklfDnKVyF/19bFYK97Qm8OxA8ofJksru96bxfrYDSuZ3rC6O02w/tUMTs7sqRY7d2LFaMA7d9DH/OgpkdIVCPKZCaI2vzAvQVe/M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1677073637681551.2792570806198; Wed, 22 Feb 2023 05:47:17 -0800 (PST) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-594-EvWxnTxNOric4BG2wK84oA-1; Wed, 22 Feb 2023 08:47:12 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 832681C02D28; Wed, 22 Feb 2023 13:47:10 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6DFBF40168BA; Wed, 22 Feb 2023 13:47:10 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 48F951946588; Wed, 22 Feb 2023 13:47:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 1AD471946587 for ; Wed, 22 Feb 2023 13:21:38 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 0DADBC15BAE; Wed, 22 Feb 2023 13:21:38 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0422DC16020 for ; Wed, 22 Feb 2023 13:21:37 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DFFD419705B7 for ; Wed, 22 Feb 2023 13:21:37 +0000 (UTC) Received: from passt.top (passt.top [88.198.0.164]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-517-HStXjhsCMimghcvO-C0HFA-1; Wed, 22 Feb 2023 08:21:33 -0500 Received: by passt.top (Postfix, from userid 1000) id 00D955A026D; Wed, 22 Feb 2023 14:21:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1677073636; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=kTY4z3PyUO1Oh04GMeSym3hUQSjakS66dPhlbZKogJI=; b=FvkcGSxuzy2fRLXSmtYklRNRVPiQKx7nzCmZINYnc/Se06lAJcYcnEriR8T8OgAi///BUr 7zjYpMu67z0GNn84IgKOCWaRRHNh3/3ycy4ANkD4neCqHy8LRJluXajRx69ryZMzW7BiKA ivKZBnCVjXj3ssV4WjQCquJbJFkNy9I= X-MC-Unique: EvWxnTxNOric4BG2wK84oA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: HStXjhsCMimghcvO-C0HFA-1 From: Stefano Brivio To: libvir-list@redhat.com Subject: [PATCH v2 3/3] qemu_passt: Remove passt socket file on exit Date: Wed, 22 Feb 2023 14:21:31 +0100 Message-Id: <20230222132131.3811642-4-sbrivio@redhat.com> In-Reply-To: <20230222132131.3811642-1-sbrivio@redhat.com> References: <20230222132131.3811642-1-sbrivio@redhat.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Michal=20Pr=C3=ADvozn=C3=ADk?= , Laine Stump Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1677073638892100001 Content-Type: text/plain; charset="utf-8"; x-default="true" Just like it can't remove its own PID files, passt can't unlink its own socket upon exit (unless the initialisation fails), because it has no access to the filesystem at runtime. Remove the socket file in qemuPasstKill(). Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains") Signed-off-by: Stefano Brivio --- src/qemu/qemu_passt.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c index 61e7047354..d5df3bb3f7 100644 --- a/src/qemu/qemu_passt.c +++ b/src/qemu/qemu_passt.c @@ -108,7 +108,7 @@ qemuPasstAddNetProps(virDomainObj *vm, =20 =20 static void -qemuPasstKill(const char *pidfile) +qemuPasstKill(const char *pidfile, const char *passtSocketName) { virErrorPtr orig_err; pid_t pid =3D 0; @@ -120,6 +120,8 @@ qemuPasstKill(const char *pidfile) virProcessKillPainfully(pid, true); unlink(pidfile); =20 + unlink(passtSocketName); + virErrorRestore(&orig_err); } =20 @@ -129,8 +131,9 @@ qemuPasstStop(virDomainObj *vm, virDomainNetDef *net) { g_autofree char *pidfile =3D qemuPasstCreatePidFilename(vm, net); + g_autofree char *passtSocketName =3D qemuPasstCreateSocketPath(vm, net= ); =20 - qemuPasstKill(pidfile); + qemuPasstKill(pidfile, passtSocketName); } =20 =20 --=20 2.39.1