From nobody Sun Feb 8 13:38:38 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1547558627991513.8212563871588; Tue, 15 Jan 2019 05:23:47 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7DAFB2D4B75; Tue, 15 Jan 2019 13:23:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 41D4F19751; Tue, 15 Jan 2019 13:23:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EE44B181BA1A; Tue, 15 Jan 2019 13:23:43 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0FDNZkm011077 for ; Tue, 15 Jan 2019 08:23:35 -0500 Received: by smtp.corp.redhat.com (Postfix) id 6B51B6031B; Tue, 15 Jan 2019 13:23:35 +0000 (UTC) Received: from lpt.brq.redhat.com (unknown [10.43.2.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id E572B600C8 for ; Tue, 15 Jan 2019 13:23:34 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Tue, 15 Jan 2019 14:23:03 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 07/23] qemu_conf: split out virQEMUDriverConfigLoadSecurityEntry X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 15 Jan 2019 13:23:45 +0000 (UTC) Split out parts of the config parsing code to make the parent function easier to read. Signed-off-by: J=C3=A1n Tomko Reviewed-by: John Ferlan --- src/qemu/qemu_conf.c | 219 +++++++++++++++++++++++-------------------- 1 file changed, 117 insertions(+), 102 deletions(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 7fdfed7db1..135cb9e25d 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -423,6 +423,121 @@ virQEMUDriverConfigHugeTLBFSInit(virHugeTLBFSPtr huge= tlbfs, } =20 =20 +static int +virQEMUDriverConfigLoadSecurityEntry(virQEMUDriverConfigPtr cfg, + virConfPtr conf, + bool privileged) +{ + char *user =3D NULL, *group =3D NULL; + char **controllers =3D NULL; + char **namespaces =3D NULL; + int ret =3D -1; + size_t i, j; + + if (virConfGetValueStringList(conf, "security_driver", true, &cfg->sec= urityDriverNames) < 0) + goto cleanup; + + for (i =3D 0; cfg->securityDriverNames && cfg->securityDriverNames[i] = !=3D NULL; i++) { + for (j =3D i + 1; cfg->securityDriverNames[j] !=3D NULL; j++) { + if (STREQ(cfg->securityDriverNames[i], + cfg->securityDriverNames[j])) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("Duplicate security driver %s"), + cfg->securityDriverNames[i]); + goto cleanup; + } + } + } + + if (virConfGetValueBool(conf, "security_default_confined", &cfg->secur= ityDefaultConfined) < 0) + goto cleanup; + if (virConfGetValueBool(conf, "security_require_confined", &cfg->secur= ityRequireConfined) < 0) + goto cleanup; + if (virConfGetValueString(conf, "user", &user) < 0) + goto cleanup; + if (user && virGetUserID(user, &cfg->user) < 0) + goto cleanup; + + if (virConfGetValueString(conf, "group", &group) < 0) + goto cleanup; + if (group && virGetGroupID(group, &cfg->group) < 0) + goto cleanup; + + if (virConfGetValueBool(conf, "dynamic_ownership", &cfg->dynamicOwners= hip) < 0) + goto cleanup; + + if (virConfGetValueStringList(conf, "cgroup_controllers", false, + &controllers) < 0) + goto cleanup; + + if (controllers) { + cfg-> cgroupControllers =3D 0; + for (i =3D 0; controllers[i] !=3D NULL; i++) { + int ctl; + if ((ctl =3D virCgroupControllerTypeFromString(controllers[i])= ) < 0) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("Unknown cgroup controller '%s'"), + controllers[i]); + goto cleanup; + } + cfg->cgroupControllers |=3D (1 << ctl); + } + } + + if (virConfGetValueStringList(conf, "cgroup_device_acl", false, + &cfg->cgroupDeviceACL) < 0) + goto cleanup; + + if (virConfGetValueInt(conf, "seccomp_sandbox", &cfg->seccompSandbox) = < 0) + goto cleanup; + + if (virConfGetValueStringList(conf, "namespaces", false, &namespaces) = < 0) + goto cleanup; + + if (namespaces) { + virBitmapClearAll(cfg->namespaces); + + for (i =3D 0; namespaces[i]; i++) { + int ns =3D qemuDomainNamespaceTypeFromString(namespaces[i]); + + if (ns < 0) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("Unknown namespace: %s"), + namespaces[i]); + goto cleanup; + } + + if (!privileged) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("cannot use namespaces in session mode")); + goto cleanup; + } + + if (!qemuDomainNamespaceAvailable(ns)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("%s namespace is not available"), + namespaces[i]); + goto cleanup; + } + + if (virBitmapSetBit(cfg->namespaces, ns) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unable to enable namespace: %s"), + namespaces[i]); + goto cleanup; + } + } + } + + ret =3D 0; + cleanup: + virStringListFree(controllers); + virStringListFree(namespaces); + VIR_FREE(user); + VIR_FREE(group); + return ret; +} + static int virQEMUDriverConfigLoadMemoryEntry(virQEMUDriverConfigPtr cfg, virConfPtr conf) @@ -464,14 +579,11 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPt= r cfg, virConfPtr conf =3D NULL; int ret =3D -1; int rv; - size_t i, j; + size_t i; char *stdioHandler =3D NULL; - char *user =3D NULL, *group =3D NULL; - char **controllers =3D NULL; char **hugetlbfs =3D NULL; char **nvram =3D NULL; char *corestr =3D NULL; - char **namespaces =3D NULL; bool tmp; =20 /* Just check the file is readable before opening it, otherwise @@ -518,26 +630,6 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr= cfg, goto cleanup; =20 =20 - if (virConfGetValueStringList(conf, "security_driver", true, &cfg->sec= urityDriverNames) < 0) - goto cleanup; - - for (i =3D 0; cfg->securityDriverNames && cfg->securityDriverNames[i] = !=3D NULL; i++) { - for (j =3D i + 1; cfg->securityDriverNames[j] !=3D NULL; j++) { - if (STREQ(cfg->securityDriverNames[i], - cfg->securityDriverNames[j])) { - virReportError(VIR_ERR_CONF_SYNTAX, - _("Duplicate security driver %s"), - cfg->securityDriverNames[i]); - goto cleanup; - } - } - } - - if (virConfGetValueBool(conf, "security_default_confined", &cfg->secur= ityDefaultConfined) < 0) - goto cleanup; - if (virConfGetValueBool(conf, "security_require_confined", &cfg->secur= ityRequireConfined) < 0) - goto cleanup; - if (virConfGetValueBool(conf, "spice_tls", &cfg->spiceTLS) < 0) goto cleanup; if (virConfGetValueString(conf, "spice_tls_x509_cert_dir", &cfg->spice= TLSx509certdir) < 0) @@ -667,41 +759,6 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr= cfg, goto cleanup; } =20 - if (virConfGetValueString(conf, "user", &user) < 0) - goto cleanup; - if (user && virGetUserID(user, &cfg->user) < 0) - goto cleanup; - - if (virConfGetValueString(conf, "group", &group) < 0) - goto cleanup; - if (group && virGetGroupID(group, &cfg->group) < 0) - goto cleanup; - - if (virConfGetValueBool(conf, "dynamic_ownership", &cfg->dynamicOwners= hip) < 0) - goto cleanup; - - if (virConfGetValueStringList(conf, "cgroup_controllers", false, - &controllers) < 0) - goto cleanup; - - if (controllers) { - cfg-> cgroupControllers =3D 0; - for (i =3D 0; controllers[i] !=3D NULL; i++) { - int ctl; - if ((ctl =3D virCgroupControllerTypeFromString(controllers[i])= ) < 0) { - virReportError(VIR_ERR_CONF_SYNTAX, - _("Unknown cgroup controller '%s'"), - controllers[i]); - goto cleanup; - } - cfg->cgroupControllers |=3D (1 << ctl); - } - } - - if (virConfGetValueStringList(conf, "cgroup_device_acl", false, - &cfg->cgroupDeviceACL) < 0) - goto cleanup; - if (virConfGetValueString(conf, "save_image_format", &cfg->saveImageFo= rmat) < 0) goto cleanup; if (virConfGetValueString(conf, "dump_image_format", &cfg->dumpImageFo= rmat) < 0) @@ -812,9 +869,6 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr = cfg, if (virConfGetValueUInt(conf, "keepalive_count", &cfg->keepAliveCount)= < 0) goto cleanup; =20 - if (virConfGetValueInt(conf, "seccomp_sandbox", &cfg->seccompSandbox) = < 0) - goto cleanup; - if (virConfGetValueString(conf, "migration_host", &cfg->migrateHost) <= 0) goto cleanup; virStringStripIPv6Brackets(cfg->migrateHost); @@ -863,44 +917,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr= cfg, if (virConfGetValueUInt(conf, "gluster_debug_level", &cfg->glusterDebu= gLevel) < 0) goto cleanup; =20 - if (virConfGetValueStringList(conf, "namespaces", false, &namespaces) = < 0) + if (virQEMUDriverConfigLoadSecurityEntry(cfg, conf, privileged) < 0) goto cleanup; =20 - if (namespaces) { - virBitmapClearAll(cfg->namespaces); - - for (i =3D 0; namespaces[i]; i++) { - int ns =3D qemuDomainNamespaceTypeFromString(namespaces[i]); - - if (ns < 0) { - virReportError(VIR_ERR_CONF_SYNTAX, - _("Unknown namespace: %s"), - namespaces[i]); - goto cleanup; - } - - if (!privileged) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("cannot use namespaces in session mode")); - goto cleanup; - } - - if (!qemuDomainNamespaceAvailable(ns)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("%s namespace is not available"), - namespaces[i]); - goto cleanup; - } - - if (virBitmapSetBit(cfg->namespaces, ns) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Unable to enable namespace: %s"), - namespaces[i]); - goto cleanup; - } - } - } - if (virQEMUDriverConfigLoadMemoryEntry(cfg, conf) < 0) goto cleanup; =20 @@ -910,13 +929,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr= cfg, ret =3D 0; =20 cleanup: - virStringListFree(namespaces); - virStringListFree(controllers); virStringListFree(hugetlbfs); virStringListFree(nvram); VIR_FREE(corestr); - VIR_FREE(user); - VIR_FREE(group); virConfFree(conf); return ret; } --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list