From nobody Sun Apr 28 04:33:53 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37 as permitted sender) client-ip=209.132.183.37; envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by mx.zohomail.com with SMTPS id 1487150698932411.9776294252117; Wed, 15 Feb 2017 01:24:58 -0800 (PST) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1F9KXP1027033; Wed, 15 Feb 2017 04:20:33 -0500 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1F9KWR6028920 for ; Wed, 15 Feb 2017 04:20:32 -0500 Received: from moe.brq.redhat.com (dhcp129-131.brq.redhat.com [10.34.129.131]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1F9KVPo029123 for ; Wed, 15 Feb 2017 04:20:32 -0500 From: Michal Privoznik To: libvir-list@redhat.com Date: Wed, 15 Feb 2017 10:20:27 +0100 Message-Id: <93903ba1d9e3419a4965979fb5a2216e2d91da05.1487150427.git.mprivozn@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] qemu_conf: Check for namespaces availability more wisely X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The bare fact that mnt namespace is available is not enough for us to allow/enable qemu namespaces feature. There are other requirements: we must copy all the ACL & SELinux labels otherwise we might grant access that is administratively forbidden or vice versa. At the same time, the check for namespace prerequisites is moved from domain startup time to qemu.conf parser as it doesn't make much sense to allow users to start misconfigured libvirt just to find out they can't start a single domain. Signed-off-by: Michal Privoznik --- src/qemu/qemu_conf.c | 20 ++++++++++++++++---- src/qemu/qemu_conf.h | 3 ++- src/qemu/qemu_domain.c | 43 ++++++++++++++++++++++++++++--------------- src/qemu/qemu_domain.h | 2 ++ src/qemu/qemu_driver.c | 2 +- 5 files changed, 49 insertions(+), 21 deletions(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 0223a95d2..ad482d0ee 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -321,12 +321,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pr= ivileged) if (!(cfg->namespaces =3D virBitmapNew(QEMU_DOMAIN_NS_LAST))) goto error; =20 -#if defined(__linux__) if (privileged && - virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_MNT) =3D=3D 0 && + qemuDomainNamespaceAvailable(QEMU_DOMAIN_NS_MOUNT) && virBitmapSetBit(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) < 0) goto error; -#endif /* defined(__linux__) */ =20 #ifdef DEFAULT_LOADER_NVRAM if (virFirmwareParseList(DEFAULT_LOADER_NVRAM, @@ -438,7 +436,8 @@ virQEMUDriverConfigHugeTLBFSInit(virHugeTLBFSPtr hugetl= bfs, =20 =20 int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg, - const char *filename) + const char *filename, + bool privileged) { virConfPtr conf =3D NULL; int ret =3D -1; @@ -832,6 +831,19 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr= cfg, goto cleanup; } =20 + if (!privileged) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("cannot use namespaces in session mode")); + goto cleanup; + } + + if (qemuDomainNamespaceAvailable(ns) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("%s namespace is not available"), + namespaces[i]); + goto cleanup; + } + if (virBitmapSetBit(cfg->namespaces, ns) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unable to enable namespace: %s"), diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 91904ed4f..e585f81af 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -294,7 +294,8 @@ void qemuDomainCmdlineDefFree(qemuDomainCmdlineDefPtr d= ef); virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged); =20 int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg, - const char *filename); + const char *filename, + bool privileged); =20 virQEMUDriverConfigPtr virQEMUDriverGetConfig(virQEMUDriverPtr driver); bool virQEMUDriverIsPrivileged(virQEMUDriverPtr driver); diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 3adec5c14..c3dcea0c4 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -7643,21 +7643,8 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver, virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); int ret =3D -1; =20 - if (!virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT)) { - ret =3D 0; - goto cleanup; - } - - if (!virQEMUDriverIsPrivileged(driver)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("cannot use namespaces in session mode")); - goto cleanup; - } - - if (virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_MNT) < 0) - goto cleanup; - - if (qemuDomainEnableNamespace(vm, QEMU_DOMAIN_NS_MOUNT) < 0) + if (virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) && + qemuDomainEnableNamespace(vm, QEMU_DOMAIN_NS_MOUNT) < 0) goto cleanup; =20 ret =3D 0; @@ -7667,6 +7654,32 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver, } =20 =20 +bool +qemuDomainNamespaceAvailable(qemuDomainNamespace ns) +{ + + switch (ns) { + case QEMU_DOMAIN_NS_MOUNT: +#if !defined(__linux__) + /* Namespaces are Linux specific. */ + return false; +#endif +#if !defined(HAVE_SYS_ACL_H) || !defined(WITH_SELINUX) + /* We can't create the exact copy of paths if either of + * these is not available. */ + return false; +#endif + if (virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_MNT) < 0) + return false; + break; + case QEMU_DOMAIN_NS_LAST: + break; + } + + return true; +} + + struct qemuDomainAttachDeviceMknodData { virQEMUDriverPtr driver; virDomainObjPtr vm; diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 5cfa3e114..524a6729c 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -808,6 +808,8 @@ int qemuDomainBuildNamespace(virQEMUDriverPtr driver, int qemuDomainCreateNamespace(virQEMUDriverPtr driver, virDomainObjPtr vm); =20 +bool qemuDomainNamespaceAvailable(qemuDomainNamespace ns); + int qemuDomainNamespaceSetupDisk(virQEMUDriverPtr driver, virDomainObjPtr vm, virStorageSourcePtr src); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 89bc833de..afbcded93 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -676,7 +676,7 @@ qemuStateInitialize(bool privileged, if (virAsprintf(&driverConf, "%s/qemu.conf", cfg->configBaseDir) < 0) goto error; =20 - if (virQEMUDriverConfigLoadFile(cfg, driverConf) < 0) + if (virQEMUDriverConfigLoadFile(cfg, driverConf, privileged) < 0) goto error; VIR_FREE(driverConf); =20 --=20 2.11.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list