From nobody Sat Feb 7 14:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562773678; cv=none; d=zoho.com; s=zohoarc; b=HTtGmOHKIqTm9KZ1B/gw9IlZ/Y1p5gyj4Dipv/DoeHYaVdD6n0lwaqf7oYYtB04LOCJy7td9mHp1iUwtamjTlfpCE0tl0uwWAvUQtXIoM9D/VM7QNUvwdsw+W1WuP138UMKv/BAQL9a7LhaAgvA1+jQO/Ie9uCpOy4bb6PS5QVA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562773678; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=+lBfLlt9fVclRT7qSr4nWOawVpjCFpMWRA9JHUGqvqw=; b=UuD8K5T1CEY+91r0EjxioIcn9XA0KItHa6+9HP5QM5Svo0UBEUq1HnUD1ls8FV43+Pi8KU1GXRE4k7LsjsDjOaboV9qeTXFusagLcon3TCMFv7xskoJ4zx9TOAYUQXNx1U7S2ACcq376/thoMsnnMrAmHZPXzApaQ//Or+N+Ekw= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562773678211574.220477568253; Wed, 10 Jul 2019 08:47:58 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AC39430001D8; Wed, 10 Jul 2019 15:47:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7DF887E2D; Wed, 10 Jul 2019 15:47:56 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 37449206D8; Wed, 10 Jul 2019 15:47:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x6AFlrLv017776 for ; Wed, 10 Jul 2019 11:47:53 -0400 Received: by smtp.corp.redhat.com (Postfix) id 01B971001DDD; Wed, 10 Jul 2019 15:47:53 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-53.ams2.redhat.com [10.36.112.53]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3066D1001B1B; Wed, 10 Jul 2019 15:47:51 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Wed, 10 Jul 2019 16:47:31 +0100 Message-Id: <20190710154741.17065-3-berrange@redhat.com> In-Reply-To: <20190710154741.17065-1-berrange@redhat.com> References: <20190710154741.17065-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 02/12] secrets: acquire a pidfile in the driver root directory X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Wed, 10 Jul 2019 15:47:57 +0000 (UTC) When we allow multiple instances of the driver for the same user account, using a separate root directory, we need to ensure mutual exclusion. Use a pidfile to guarantee this. In privileged libvirtd this ends up locking /var/run/libvirt/secrets/driver.pid In unprivileged libvirtd this ends up locking /run/user/$UID/libvirt/secrets/run/driver.pid NB, the latter can vary depending on $XDG_RUNTIME_DIR Signed-off-by: Daniel P. Berrang=C3=A9 --- src/secret/secret_driver.c | 44 +++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index ac85f5d195..9344948db4 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -37,6 +37,7 @@ #include "viruuid.h" #include "virerror.h" #include "virfile.h" +#include "virpidfile.h" #include "configmake.h" #include "virstring.h" #include "viraccessapicheck.h" @@ -56,8 +57,12 @@ struct _virSecretDriverState { virMutex lock; bool privileged; /* readonly */ virSecretObjListPtr secrets; + char *stateDir; char *configDir; =20 + /* pid file FD, ensures two copies of the driver can't use the same ro= ot */ + int lockFD; + /* Immutable pointer, self-locking APIs */ virObjectEventStatePtr secretEventState; }; @@ -434,6 +439,10 @@ secretStateCleanup(void) =20 virObjectUnref(driver->secretEventState); =20 + if (driver->lockFD !=3D -1) + virPidFileRelease(driver->stateDir, "driver", driver->lockFD); + + VIR_FREE(driver->stateDir); secretDriverUnlock(); virMutexDestroy(&driver->lock); VIR_FREE(driver); @@ -447,11 +456,10 @@ secretStateInitialize(bool privileged, virStateInhibitCallback callback ATTRIBUTE_UNUSED, void *opaque ATTRIBUTE_UNUSED) { - char *base =3D NULL; - if (VIR_ALLOC(driver) < 0) return -1; =20 + driver->lockFD =3D -1; if (virMutexInit(&driver->lock) < 0) { VIR_FREE(driver); return -1; @@ -462,15 +470,26 @@ secretStateInitialize(bool privileged, driver->privileged =3D privileged; =20 if (privileged) { - if (VIR_STRDUP(base, SYSCONFDIR "/libvirt") < 0) + if (virAsprintf(&driver->configDir, + "%s/libvirt/secrets", SYSCONFDIR) < 0) + goto error; + if (virAsprintf(&driver->stateDir, + "%s/run/libvirt/secrets", LOCALSTATEDIR) < 0) goto error; } else { - if (!(base =3D virGetUserConfigDirectory())) + VIR_AUTOFREE(char *) rundir =3D NULL; + VIR_AUTOFREE(char *) cfgdir =3D NULL; + + if (!(cfgdir =3D virGetUserConfigDirectory())) + goto error; + if (virAsprintf(&driver->configDir, "%s/secrets/", cfgdir) < 0) + goto error; + + if (!(rundir =3D virGetUserRuntimeDirectory())) + goto error; + if (virAsprintf(&driver->stateDir, "%s/secrets/run", rundir) < 0) goto error; } - if (virAsprintf(&driver->configDir, "%s/secrets", base) < 0) - goto error; - VIR_FREE(base); =20 if (virFileMakePathWithMode(driver->configDir, S_IRWXU) < 0) { virReportSystemError(errno, _("cannot create config directory '%s'= "), @@ -478,6 +497,16 @@ secretStateInitialize(bool privileged, goto error; } =20 + if (virFileMakePathWithMode(driver->stateDir, S_IRWXU) < 0) { + virReportSystemError(errno, _("cannot create state directory '%s'"= ), + driver->stateDir); + goto error; + } + + if ((driver->lockFD =3D + virPidFileAcquire(driver->stateDir, "driver", true, getpid())) < = 0) + goto error; + if (!(driver->secrets =3D virSecretObjListNew())) goto error; =20 @@ -488,7 +517,6 @@ secretStateInitialize(bool privileged, return 0; =20 error: - VIR_FREE(base); secretDriverUnlock(); secretStateCleanup(); return -1; --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list