From nobody Mon Nov 25 08:33:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1605705602; cv=none; d=zohomail.com; s=zohoarc; b=DxLyJ41/QQFA0QM+xsuaS73+HEnUYQXjL8KDPeF4szvsyNK8AWNsozBOQw0S9OgUHKBYdR3PdcCD8mcbAFKaGQDJZs5yEsxBHYTXIy8/ZMP7se6CyVcACtqoWN9SBCjRW1RXzcEvo+W7JRMwAO3PA0zwikNWd+8rh8yFbtELk+s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1605705602; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=IDvXSb5mlJQmG/j7HT57jRE3498ATP+WF4UziIx4yXY=; b=H7v4lWSeEDAxMjEKgBvBG8CqaxzaszyPMHtGlE4pe1vVe2eqkm21KiQGbu0kXiAspfsyl79tVTxgTsLMZI/IpxXhqlyxjikkJC8o0C++UdHfq6lV93gUJIF9P29WgbobCh0htWFJSueVrPz4aBQLHKkuCBlycu+oGkhbWS7kx1c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1605705602539898.2105092277302; Wed, 18 Nov 2020 05:20:02 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-205-THhoYyRRO5SrZAthEJIWqQ-1; Wed, 18 Nov 2020 08:19:59 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A339C1028D42; Wed, 18 Nov 2020 13:19:52 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3CA81196FD; Wed, 18 Nov 2020 13:19:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F1504183D026; Wed, 18 Nov 2020 13:19:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0AICn0nY024233 for ; Wed, 18 Nov 2020 07:49:01 -0500 Received: by smtp.corp.redhat.com (Postfix) id EE07F5C1BB; Wed, 18 Nov 2020 12:49:00 +0000 (UTC) Received: from antique-work.redhat.com (unknown [10.40.193.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6B0FC5C1A3 for ; Wed, 18 Nov 2020 12:48:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1605705601; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=IDvXSb5mlJQmG/j7HT57jRE3498ATP+WF4UziIx4yXY=; b=L1JyPbVTJoC2zeCmbRpHz3OwJUIO90Aq3B1TfkIU+IvaNQ970W5FVKH7lbzoMq0UjWqPfG wNmYmhBBBEZdH7wiC6Mwj/IswvM6QEBrJsXDGD9t3k7L9LXNPOustihmAW5tLd4PR6hQ69 WzEQDZ1TCrrK1GedNtGZHXoGEfcCaLg= X-MC-Unique: THhoYyRRO5SrZAthEJIWqQ-1 From: Pavel Hrdina To: libvir-list@redhat.com Subject: [libvirt PATCH] virt-host-validate: fix detection with cgroups v2 Date: Wed, 18 Nov 2020 13:48:56 +0100 Message-Id: <51d5bf2bf53fb328807ac1b0b1cb2d84f6803002.1605703722.git.phrdina@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Using virtCgroupNewSelf() is not correct with cgroups v2 because the the virt-host-validate process is executed from from the same cgroup context as the terminal and usually not all controllers are enabled by default. To do a proper check we need to use the root cgroup to see what controllers are actually available. Libvirt or systemd ensures that all controllers are available for VMs as well. This still doesn't solve the devices controller with cgroups v2 where there is no controller as it was replaced by eBPF. Currently libvirt tries to query eBPF programs which usually works only for root as regular users will get permission denied for that operation. Fixes: https://gitlab.com/libvirt/libvirt/-/issues/94 Signed-off-by: Pavel Hrdina Reviewed-by: Michal Privoznik --- src/libvirt_private.syms | 1 + src/util/vircgroup.h | 4 ++++ src/util/vircgrouppriv.h | 4 ---- tools/virt-host-validate-common.c | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 1d98f01334..79a23f34cb 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1796,6 +1796,7 @@ virCgroupHasController; virCgroupHasEmptyTasks; virCgroupKillPainfully; virCgroupKillRecursive; +virCgroupNew; virCgroupNewDetect; virCgroupNewDetectMachine; virCgroupNewDomainPartition; diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h index 78770f5d3b..f7eed983cc 100644 --- a/src/util/vircgroup.h +++ b/src/util/vircgroup.h @@ -60,6 +60,10 @@ typedef enum { =20 bool virCgroupAvailable(void); =20 +int virCgroupNew(const char *path, + int controllers, + virCgroupPtr *group); + int virCgroupNewSelf(virCgroupPtr *group) ATTRIBUTE_NONNULL(1); =20 diff --git a/src/util/vircgrouppriv.h b/src/util/vircgrouppriv.h index baa84550f4..85ba5393e0 100644 --- a/src/util/vircgrouppriv.h +++ b/src/util/vircgrouppriv.h @@ -110,10 +110,6 @@ int virCgroupGetValueForBlkDev(const char *str, const char *devPath, char **value); =20 -int virCgroupNew(const char *path, - int controllers, - virCgroupPtr *group); - int virCgroupNewPartition(const char *path, bool create, int controllers, diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-c= ommon.c index a10ac03293..fc43b2ddc8 100644 --- a/tools/virt-host-validate-common.c +++ b/tools/virt-host-validate-common.c @@ -293,7 +293,7 @@ int virHostValidateCGroupControllers(const char *hvname, int ret =3D 0; size_t i; =20 - if (virCgroupNewSelf(&group) < 0) + if (virCgroupNew("/", -1, &group) < 0) return -1; =20 for (i =3D 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) { --=20 2.26.2