From nobody Thu May 2 00:41:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1496068320733898.7224658406654; Mon, 29 May 2017 07:32:00 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4E40780F7C; Mon, 29 May 2017 14:31:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F250C17A40; Mon, 29 May 2017 14:31:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2306D180BAF4; Mon, 29 May 2017 14:31:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v4TEVsE9016352 for ; Mon, 29 May 2017 10:31:54 -0400 Received: by smtp.corp.redhat.com (Postfix) id 518621850C; Mon, 29 May 2017 14:31:54 +0000 (UTC) Received: from antique-work.brq.redhat.com (dhcp129-230.brq.redhat.com [10.34.129.230]) by smtp.corp.redhat.com (Postfix) with ESMTP id 932771866D for ; Mon, 29 May 2017 14:31:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4E40780F7C Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 4E40780F7C From: Pavel Hrdina To: libvir-list@redhat.com Date: Mon, 29 May 2017 16:31:47 +0200 Message-Id: <521246c7ed5df1ee9f8d7194a1c4833d6f8020b0.1496068215.git.phrdina@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 1/4] conf: move seclabel for chardev source to the correct sturcture X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Mon, 29 May 2017 14:31:59 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Signed-off-by: Pavel Hrdina Reviewed-by: John Ferlan --- Notes: new in v2 src/conf/domain_conf.c | 46 +++++++++++++++++++------------------= ---- src/conf/domain_conf.h | 9 ++++---- src/security/security_dac.c | 26 ++++++++++------------- src/security/security_manager.c | 4 ++-- src/security/security_selinux.c | 24 +++++++++------------ 5 files changed, 49 insertions(+), 60 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index c7e20b8ba1..68dc2832cb 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -2076,12 +2076,21 @@ virDomainChrSourceDefCopy(virDomainChrSourceDefPtr = dest, =20 void virDomainChrSourceDefFree(virDomainChrSourceDefPtr def) { + size_t i; + if (!def) return; =20 virDomainChrSourceDefClear(def); virObjectUnref(def->privateData); =20 + if (def->seclabels) { + for (i =3D 0; i < def->nseclabels; i++) + virSecurityDeviceLabelDefFree(def->seclabels[i]); + VIR_FREE(def->seclabels); + } + + VIR_FREE(def); } =20 @@ -2150,8 +2159,6 @@ virDomainChrSourceDefIsEqual(const virDomainChrSource= Def *src, =20 void virDomainChrDefFree(virDomainChrDefPtr def) { - size_t i; - if (!def) return; =20 @@ -2176,12 +2183,6 @@ void virDomainChrDefFree(virDomainChrDefPtr def) virDomainChrSourceDefFree(def->source); virDomainDeviceInfoClear(&def->info); =20 - if (def->seclabels) { - for (i =3D 0; i < def->nseclabels; i++) - virSecurityDeviceLabelDefFree(def->seclabels[i]); - VIR_FREE(def->seclabels); - } - VIR_FREE(def); } =20 @@ -10688,8 +10689,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDef= Ptr def, if (chr_def) { xmlNodePtr saved_node =3D ctxt->node; ctxt->node =3D cur; - if (virSecurityDeviceLabelDefParseXML(&chr_def->seclab= els, - &chr_def->nsecla= bels, + if (virSecurityDeviceLabelDefParseXML(&def->seclabels, + &def->nseclabels, vmSeclabels, nvmSeclabels, ctxt, @@ -22399,19 +22400,11 @@ virDomainNetDefFormat(virBufferPtr buf, * output at " type=3D'type'>". */ static int virDomainChrSourceDefFormat(virBufferPtr buf, - virDomainChrDefPtr chr_def, virDomainChrSourceDefPtr def, bool tty_compat, unsigned int flags) { const char *type =3D virDomainChrTypeToString(def->type); - size_t nseclabels =3D 0; - virSecurityDeviceLabelDefPtr *seclabels =3D NULL; - - if (chr_def) { - nseclabels =3D chr_def->nseclabels; - seclabels =3D chr_def->seclabels; - } =20 if (!type) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -22449,7 +22442,8 @@ virDomainChrSourceDefFormat(virBufferPtr buf, def->data.file.append !=3D VIR_TRISTATE_SWITCH_ABSENT) virBufferAsprintf(buf, " append=3D'%s'", virTristateSwitchTypeToString(def->data.file.append)); - virDomainSourceDefFormatSeclabel(buf, nseclabels, seclabels, f= lags); + virDomainSourceDefFormatSeclabel(buf, def->nseclabels, + def->seclabels, flags); } break; =20 @@ -22504,7 +22498,8 @@ virDomainChrSourceDefFormat(virBufferPtr buf, virBufferAsprintf(buf, "data.nix.listen ? "bind" : "connect"); virBufferEscapeString(buf, " path=3D'%s'", def->data.nix.path); - virDomainSourceDefFormatSeclabel(buf, nseclabels, seclabels, f= lags); + virDomainSourceDefFormatSeclabel(buf, def->nseclabels, + def->seclabels, flags); } break; =20 @@ -22553,7 +22548,7 @@ virDomainChrDefFormat(virBufferPtr buf, def->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_PTY && !(flags & VIR_DOMAIN_DEF_FORMAT_INACTIVE) && def->source->data.file.path); - if (virDomainChrSourceDefFormat(buf, def, def->source, tty_compat, fla= gs) < 0) + if (virDomainChrSourceDefFormat(buf, def->source, tty_compat, flags) <= 0) return -1; =20 /* Format block */ @@ -22675,7 +22670,7 @@ virDomainSmartcardDefFormat(virBufferPtr buf, break; =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - if (virDomainChrSourceDefFormat(buf, NULL, def->data.passthru, fal= se, + if (virDomainChrSourceDefFormat(buf, def->data.passthru, false, flags) < 0) return -1; break; @@ -22981,7 +22976,7 @@ virDomainRNGDefFormat(virBufferPtr buf, =20 case VIR_DOMAIN_RNG_BACKEND_EGD: virBufferAdjustIndent(buf, 2); - if (virDomainChrSourceDefFormat(buf, NULL, def->source.chardev, + if (virDomainChrSourceDefFormat(buf, def->source.chardev, false, flags) < 0) return -1; virBufferAdjustIndent(buf, -2); @@ -23797,7 +23792,7 @@ virDomainRedirdevDefFormat(virBufferPtr buf, =20 virBufferAsprintf(buf, "source, false, flags) = < 0) + if (virDomainChrSourceDefFormat(buf, def->source, false, flags) < 0) return -1; if (virDomainDeviceInfoFormat(buf, &def->info, flags | VIR_DOMAIN_DEF_FORMAT_ALLOW_BOOT= ) < 0) @@ -26195,7 +26190,8 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def= , const char *model) =20 =20 virSecurityDeviceLabelDefPtr -virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *mod= el) +virDomainChrSourceDefGetSecurityLabelDef(virDomainChrSourceDefPtr def, + const char *model) { size_t i; =20 diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 83e0672691..1951ba74bb 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1166,6 +1166,9 @@ struct _virDomainChrSourceDef { } data; char *logfile; int logappend; + + size_t nseclabels; + virSecurityDeviceLabelDefPtr *seclabels; }; =20 /* A complete character device, both host and domain views. */ @@ -1188,9 +1191,6 @@ struct _virDomainChrDef { virDomainChrSourceDefPtr source; =20 virDomainDeviceInfo info; - - size_t nseclabels; - virSecurityDeviceLabelDefPtr *seclabels; }; =20 typedef enum { @@ -3068,7 +3068,8 @@ virSecurityLabelDefPtr virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model); =20 virSecurityDeviceLabelDefPtr -virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *mod= el); +virDomainChrSourceDefGetSecurityLabelDef(virDomainChrSourceDefPtr def, + const char *model); =20 typedef const char* (*virEventActionToStringFunc)(int type); typedef int (*virEventActionFromStringFunc)(const char *type); diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 7dcf4c15f7..fd4d8f5047 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1159,7 +1159,6 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerP= tr mgr, static int virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virDomainChrDefPtr dev, virDomainChrSourceDefPtr dev_source) =20 { @@ -1173,9 +1172,8 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, =20 seclabel =3D virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); =20 - if (dev) - chr_seclabel =3D virDomainChrDefGetSecurityLabelDef(dev, - SECURITY_DAC_NAM= E); + chr_seclabel =3D virDomainChrSourceDefGetSecurityLabelDef(dev_source, + SECURITY_DAC_N= AME); =20 if (chr_seclabel && !chr_seclabel->relabel) return 0; @@ -1245,7 +1243,6 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, static int virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def ATTRIBUTE_UNUSED, - virDomainChrDefPtr dev, virDomainChrSourceDefPtr dev_source) { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); @@ -1253,9 +1250,8 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerP= tr mgr, char *in =3D NULL, *out =3D NULL; int ret =3D -1; =20 - if (dev) - chr_seclabel =3D virDomainChrDefGetSecurityLabelDef(dev, - SECURITY_DAC_NAM= E); + chr_seclabel =3D virDomainChrSourceDefGetSecurityLabelDef(dev_source, + SECURITY_DAC_N= AME); =20 if (chr_seclabel && !chr_seclabel->relabel) return 0; @@ -1304,12 +1300,12 @@ virSecurityDACRestoreChardevLabel(virSecurityManage= rPtr mgr, =20 static int virSecurityDACRestoreChardevCallback(virDomainDefPtr def, - virDomainChrDefPtr dev, + virDomainChrDefPtr dev ATTRIBUTE_UNUS= ED, void *opaque) { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecurityDACRestoreChardevLabel(mgr, def, dev, dev->source); + return virSecurityDACRestoreChardevLabel(mgr, def, dev->source); } =20 =20 @@ -1322,7 +1318,7 @@ virSecurityDACSetTPMFileLabel(virSecurityManagerPtr m= gr, =20 switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: - ret =3D virSecurityDACSetChardevLabel(mgr, def, NULL, + ret =3D virSecurityDACSetChardevLabel(mgr, def, &tpm->data.passthrough.source); break; case VIR_DOMAIN_TPM_TYPE_LAST: @@ -1342,8 +1338,8 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerP= tr mgr, =20 switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: - ret =3D virSecurityDACRestoreChardevLabel(mgr, def, NULL, - &tpm->data.passthrough.source); + ret =3D virSecurityDACRestoreChardevLabel(mgr, def, + &tpm->data.passthrough.sou= rce); break; case VIR_DOMAIN_TPM_TYPE_LAST: break; @@ -1506,12 +1502,12 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr= mgr, =20 static int virSecurityDACSetChardevCallback(virDomainDefPtr def, - virDomainChrDefPtr dev, + virDomainChrDefPtr dev ATTRIBUTE_UNUSED, void *opaque) { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecurityDACSetChardevLabel(mgr, def, dev, dev->source); + return virSecurityDACSetChardevLabel(mgr, def, dev->source); } =20 =20 diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 6c777db1e6..90d491c1bc 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -811,8 +811,8 @@ virSecurityManagerCheckChardevLabel(virSecurityManagerP= tr mgr, { size_t i; =20 - for (i =3D 0; i < dev->nseclabels; i++) { - if (virSecurityManagerCheckModel(mgr, dev->seclabels[i]->model) < = 0) + for (i =3D 0; i < dev->source->nseclabels; i++) { + if (virSecurityManagerCheckModel(mgr, dev->source->seclabels[i]->m= odel) < 0) return -1; } =20 diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 9504a4be34..75f387b3fa 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2179,7 +2179,6 @@ virSecuritySELinuxRestoreHostdevLabel(virSecurityMana= gerPtr mgr, static int virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virDomainChrDefPtr dev, virDomainChrSourceDefPtr dev_source) =20 { @@ -2193,9 +2192,8 @@ virSecuritySELinuxSetChardevLabel(virSecurityManagerP= tr mgr, if (!seclabel || !seclabel->relabel) return 0; =20 - if (dev) - chr_seclabel =3D virDomainChrDefGetSecurityLabelDef(dev, - SECURITY_SELINUX= _NAME); + chr_seclabel =3D virDomainChrSourceDefGetSecurityLabelDef(dev_source, + SECURITY_SELIN= UX_NAME); =20 if (chr_seclabel && !chr_seclabel->relabel) return 0; @@ -2254,7 +2252,6 @@ virSecuritySELinuxSetChardevLabel(virSecurityManagerP= tr mgr, static int virSecuritySELinuxRestoreChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virDomainChrDefPtr dev, virDomainChrSourceDefPtr dev_source) =20 { @@ -2267,9 +2264,8 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMana= gerPtr mgr, if (!seclabel || !seclabel->relabel) return 0; =20 - if (dev) - chr_seclabel =3D virDomainChrDefGetSecurityLabelDef(dev, - SECURITY_SELINUX= _NAME); + chr_seclabel =3D virDomainChrSourceDefGetSecurityLabelDef(dev_source, + SECURITY_SELIN= UX_NAME); if (chr_seclabel && !chr_seclabel->relabel) return 0; =20 @@ -2318,12 +2314,12 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMa= nagerPtr mgr, =20 static int virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def, - virDomainChrDefPtr dev, + virDomainChrDefPtr dev AT= TRIBUTE_UNUSED, void *opaque) { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev, dev->sourc= e); + return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev->source); } =20 =20 @@ -2346,7 +2342,7 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(vi= rDomainDefPtr def, return virSecuritySELinuxRestoreFileLabel(mgr, database); =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - return virSecuritySELinuxRestoreChardevLabel(mgr, def, NULL, dev->= data.passthru); + return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev->data.p= assthru); =20 default: virReportError(VIR_ERR_INTERNAL_ERROR, @@ -2707,12 +2703,12 @@ virSecuritySELinuxClearSocketLabel(virSecurityManag= erPtr mgr ATTRIBUTE_UNUSED, =20 static int virSecuritySELinuxSetSecurityChardevCallback(virDomainDefPtr def, - virDomainChrDefPtr dev, + virDomainChrDefPtr dev ATTRIB= UTE_UNUSED, void *opaque) { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecuritySELinuxSetChardevLabel(mgr, def, dev, dev->source); + return virSecuritySELinuxSetChardevLabel(mgr, def, dev->source); } =20 =20 @@ -2736,7 +2732,7 @@ virSecuritySELinuxSetSecuritySmartcardCallback(virDom= ainDefPtr def, return virSecuritySELinuxSetFilecon(mgr, database, data->content_c= ontext); =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - return virSecuritySELinuxSetChardevLabel(mgr, def, NULL, + return virSecuritySELinuxSetChardevLabel(mgr, def, dev->data.passthru); =20 default: --=20 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 00:41:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1496068330917458.1692252943815; Mon, 29 May 2017 07:32:10 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 49276C057FA7; Mon, 29 May 2017 14:32:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1EB614DA84; Mon, 29 May 2017 14:32:08 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B93AC4A491; Mon, 29 May 2017 14:32:07 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v4TEVteP016361 for ; Mon, 29 May 2017 10:31:55 -0400 Received: by smtp.corp.redhat.com (Postfix) id 104E31850F; Mon, 29 May 2017 14:31:55 +0000 (UTC) Received: from antique-work.brq.redhat.com (dhcp129-230.brq.redhat.com [10.34.129.230]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8BBE31850C for ; Mon, 29 May 2017 14:31:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 49276C057FA7 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 49276C057FA7 From: Pavel Hrdina To: libvir-list@redhat.com Date: Mon, 29 May 2017 16:31:48 +0200 Message-Id: <8031595bd0a83e35d46edadc1c52424cbe275e0f.1496068215.git.phrdina@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 2/4] qemu: introduce chardevStdioLogd to qemu private data X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Mon, 29 May 2017 14:32:09 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" In QEMU driver we can use virtlogd as stdio handler for source backend of char devices if current QEMU is new enough and it's enabled in qemu.conf. We should store this information while starting a guest because the config option may change while the guest is running. Signed-off-by: Pavel Hrdina Reviewed-by: John Ferlan --- Notes: new in v2 src/qemu/qemu_domain.c | 6 ++++++ src/qemu/qemu_domain.h | 3 +++ src/qemu/qemu_process.c | 9 +++++++++ 3 files changed, 18 insertions(+) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 0a85ee9d74..b0e3df7009 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1873,6 +1873,9 @@ qemuDomainObjPrivateXMLFormat(virBufferPtr buf, virBufferEscapeString(buf, "\n", priv->channelTargetDir); =20 + if (priv->chardevStdioLogd) + virBufferAddLit(buf, ""); + return 0; } =20 @@ -2141,6 +2144,9 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt, if (qemuDomainSetPrivatePathsOld(driver, vm) < 0) goto error; =20 + priv->chardevStdioLogd =3D virXPathBoolean("boolean(./chardevStdioLogd= )", + ctxt) =3D=3D 1; + return 0; =20 error: diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index aebd91ad37..9fb7c339a3 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -293,6 +293,9 @@ struct _qemuDomainObjPrivate { /* Used when fetching/storing the current 'tls-creds' migration settin= g */ /* (not to be saved in our private XML). */ char *migTLSAlias; + + /* If true virtlogd is used as stdio handler for character devices. */ + bool chardevStdioLogd; }; =20 # define QEMU_DOMAIN_PRIVATE(vm) \ diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index be031b56b9..77c2e5f6d3 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5367,6 +5367,7 @@ qemuProcessPrepareDomain(virConnectPtr conn, size_t i; char *nodeset =3D NULL; qemuDomainObjPrivatePtr priv =3D vm->privateData; + virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); virCapsPtr caps; =20 if (!(caps =3D virQEMUDriverGetCapabilities(driver, false))) @@ -5403,6 +5404,13 @@ qemuProcessPrepareDomain(virConnectPtr conn, } } =20 + /* Whether we should use virtlogd as stdio handler for character + * devices source backend. */ + if (cfg->stdioLogD && + virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_CHARDEV_FILE_APPEND)) { + priv->chardevStdioLogd =3D true; + } + /* * Normally PCI addresses are assigned in the virDomainCreate * or virDomainDefine methods. We might still need to assign @@ -5466,6 +5474,7 @@ qemuProcessPrepareDomain(virConnectPtr conn, cleanup: VIR_FREE(nodeset); virObjectUnref(caps); + virObjectUnref(cfg); return ret; } =20 --=20 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 00:41:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1496068320733220.20511272370436; Mon, 29 May 2017 07:32:00 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3DCFDC04B92D; Mon, 29 May 2017 14:31:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F3F6677EC6; Mon, 29 May 2017 14:31:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9AD884A48D; Mon, 29 May 2017 14:31:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v4TEVumg016368 for ; Mon, 29 May 2017 10:31:56 -0400 Received: by smtp.corp.redhat.com (Postfix) id 071AE1850F; Mon, 29 May 2017 14:31:56 +0000 (UTC) Received: from antique-work.brq.redhat.com (dhcp129-230.brq.redhat.com [10.34.129.230]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5D07A1850C for ; Mon, 29 May 2017 14:31:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3DCFDC04B92D Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 3DCFDC04B92D From: Pavel Hrdina To: libvir-list@redhat.com Date: Mon, 29 May 2017 16:31:49 +0200 Message-Id: <61374cdf486f571dda303a1b69e159ba4368da66.1496068215.git.phrdina@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 3/4] qemu: propagate chardevStdioLogd to qemuBuildChrChardevStr X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Mon, 29 May 2017 14:31:59 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Signed-off-by: Pavel Hrdina Reviewed-by: John Ferlan --- Notes: new in v2 =20 This is not required to fix the issue by the last patch in the series, however it improves the code that we decide whether to use virtlogd or not by checking the same variable that is updated while preparing the guest start. src/qemu/qemu_command.c | 132 +++++++++++++++++++++++++++++++-------------= ---- src/qemu/qemu_command.h | 3 +- src/qemu/qemu_process.c | 6 ++- 3 files changed, 93 insertions(+), 48 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 015af1036c..e6c50d1a64 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5043,7 +5043,8 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, const virDomainChrSourceDef *dev, const char *alias, virQEMUCapsPtr qemuCaps, - bool nowait) + bool nowait, + bool chardevStdioLogd) { virBuffer buf =3D VIR_BUFFER_INITIALIZER; bool telnet; @@ -5081,8 +5082,8 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, _("append not supported in this QEMU binary")); goto cleanup; } - if (qemuBuildChrChardevFileStr(virQEMUCapsGet(qemuCaps, QEMU_CAPS_= CHARDEV_FILE_APPEND) ? - logManager : NULL, cmd, def, &buf, + if (qemuBuildChrChardevFileStr(chardevStdioLogd ? logManager : NUL= L, + cmd, def, &buf, "path", dev->data.file.path, "append", dev->data.file.append) < = 0) goto cleanup; @@ -5562,8 +5563,9 @@ qemuBuildMonitorCommandLine(virLogManagerPtr logManag= er, virQEMUDriverConfigPtr cfg, virDomainDefPtr def, virQEMUCapsPtr qemuCaps, - const virDomainChrSourceDef *monitor_chr, - bool monitor_json) + virDomainChrSourceDefPtr monitor_chr, + bool monitor_json, + bool chardevStdioLogd) { char *chrdev; =20 @@ -5575,7 +5577,8 @@ qemuBuildMonitorCommandLine(virLogManagerPtr logManag= er, =20 if (!(chrdev =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, monitor_chr, "monitor", - qemuCaps, true))) + qemuCaps, true, + chardevStdioLogd))) return -1; virCommandAddArg(cmd, "-chardev"); virCommandAddArg(cmd, chrdev); @@ -5720,7 +5723,8 @@ qemuBuildRNGBackendChrdevStr(virLogManagerPtr logMana= ger, const virDomainDef *def, virDomainRNGDefPtr rng, virQEMUCapsPtr qemuCaps, - char **chr) + char **chr, + bool chardevStdioLogd) { *chr =3D NULL; =20 @@ -5733,7 +5737,8 @@ qemuBuildRNGBackendChrdevStr(virLogManagerPtr logMana= ger, case VIR_DOMAIN_RNG_BACKEND_EGD: if (!(*chr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, rng->source.chardev, - rng->info.alias, qemuCaps, tru= e))) + rng->info.alias, qemuCaps, tru= e, + chardevStdioLogd))) return -1; } =20 @@ -5881,7 +5886,8 @@ qemuBuildRNGCommandLine(virLogManagerPtr logManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + bool chardevStdioLogd) { size_t i; =20 @@ -5897,7 +5903,8 @@ qemuBuildRNGCommandLine(virLogManagerPtr logManager, =20 /* possibly add character device for backend */ if (qemuBuildRNGBackendChrdevStr(logManager, cmd, cfg, def, - rng, qemuCaps, &tmp) < 0) + rng, qemuCaps, &tmp, + chardevStdioLogd) < 0) return -1; =20 if (tmp) { @@ -8256,7 +8263,8 @@ qemuBuildVhostuserCommandLine(virQEMUDriverPtr driver, virDomainDefPtr def, virDomainNetDefPtr net, virQEMUCapsPtr qemuCaps, - unsigned int bootindex) + unsigned int bootindex, + bool chardevStdioLogd) { virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); char *chardev =3D NULL; @@ -8274,7 +8282,8 @@ qemuBuildVhostuserCommandLine(virQEMUDriverPtr driver, case VIR_DOMAIN_CHR_TYPE_UNIX: if (!(chardev =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, net->data.vhostuser, - net->info.alias, qemuCaps, = false))) + net->info.alias, qemuCaps, = false, + chardevStdioLogd))) goto error; break; =20 @@ -8353,7 +8362,8 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, virNetDevVPortProfileOp vmop, bool standalone, size_t *nnicindexes, - int **nicindexes) + int **nicindexes, + bool chardevStdioLogd) { int ret =3D -1; char *nic =3D NULL, *host =3D NULL; @@ -8466,7 +8476,8 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, =20 case VIR_DOMAIN_NET_TYPE_VHOSTUSER: ret =3D qemuBuildVhostuserCommandLine(driver, logManager, cmd, def, - net, qemuCaps, bootindex); + net, qemuCaps, bootindex, + chardevStdioLogd); goto cleanup; break; =20 @@ -8661,7 +8672,8 @@ qemuBuildNetCommandLine(virQEMUDriverPtr driver, bool standalone, size_t *nnicindexes, int **nicindexes, - unsigned int *bootHostdevNet) + unsigned int *bootHostdevNet, + bool chardevStdioLogd) { size_t i; int last_good_net =3D -1; @@ -8695,7 +8707,8 @@ qemuBuildNetCommandLine(virQEMUDriverPtr driver, if (qemuBuildInterfaceCommandLine(driver, logManager, cmd, def= , net, qemuCaps, vlan, bootNet, vmo= p, standalone, nnicindexes, - nicindexes) < 0) + nicindexes, + chardevStdioLogd) < 0) goto error; =20 last_good_net =3D i; @@ -8731,7 +8744,8 @@ qemuBuildSmartcardCommandLine(virLogManagerPtr logMan= ager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + bool chardevStdioLogd) { size_t i; virDomainSmartcardDefPtr smartcard; @@ -8818,7 +8832,8 @@ qemuBuildSmartcardCommandLine(virLogManagerPtr logMan= ager, if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, smartcard->data.passthru, smartcard->info.alias, - qemuCaps, true))) { + qemuCaps, true, + chardevStdioLogd))) { virBufferFreeAndReset(&opt); return -1; } @@ -8942,7 +8957,8 @@ qemuBuildShmemBackendChrStr(virLogManagerPtr logManag= er, virQEMUDriverConfigPtr cfg, virDomainDefPtr def, virDomainShmemDefPtr shmem, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + bool chardevStdioLogd) { char *devstr =3D NULL; =20 @@ -8951,7 +8967,8 @@ qemuBuildShmemBackendChrStr(virLogManagerPtr logManag= er, =20 devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, &shmem->server.chr, - shmem->info.alias, qemuCaps, true); + shmem->info.alias, qemuCaps, true, + chardevStdioLogd); =20 return devstr; } @@ -9007,7 +9024,8 @@ qemuBuildShmemCommandLine(virLogManagerPtr logManager, virQEMUDriverConfigPtr cfg, virDomainDefPtr def, virDomainShmemDefPtr shmem, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + bool chardevStdioLogd) { char *devstr =3D NULL; =20 @@ -9065,7 +9083,8 @@ qemuBuildShmemCommandLine(virLogManagerPtr logManager, =20 if (shmem->server.enabled) { if (!(devstr =3D qemuBuildShmemBackendChrStr(logManager, cmd, cfg,= def, - shmem, qemuCaps))) + shmem, qemuCaps, + chardevStdioLogd))) return -1; =20 virCommandAddArgList(cmd, "-chardev", devstr, NULL); @@ -9097,7 +9116,8 @@ qemuBuildSerialCommandLine(virLogManagerPtr logManage= r, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + bool chardevStdioLogd) { size_t i; bool havespice =3D false; @@ -9121,7 +9141,8 @@ qemuBuildSerialCommandLine(virLogManagerPtr logManage= r, if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, = def, serial->source, serial->info.alias, - qemuCaps, true))) + qemuCaps, true, + chardevStdioLogd))) return -1; virCommandAddArg(cmd, "-chardev"); virCommandAddArg(cmd, devstr); @@ -9147,7 +9168,8 @@ qemuBuildParallelsCommandLine(virLogManagerPtr logMan= ager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + bool chardevStdioLogd) { size_t i; =20 @@ -9160,7 +9182,8 @@ qemuBuildParallelsCommandLine(virLogManagerPtr logMan= ager, if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, = def, parallel->source, parallel->info.alias, - qemuCaps, true))) + qemuCaps, true, + chardevStdioLogd))) return -1; virCommandAddArg(cmd, "-chardev"); virCommandAddArg(cmd, devstr); @@ -9187,7 +9210,8 @@ qemuBuildChannelsCommandLine(virLogManagerPtr logMana= ger, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + bool chardevStdioLogd) { size_t i; =20 @@ -9206,7 +9230,8 @@ qemuBuildChannelsCommandLine(virLogManagerPtr logMana= ger, if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, = def, channel->source, channel->info.alias, - qemuCaps, true))) + qemuCaps, true, + chardevStdioLogd))) return -1; virCommandAddArg(cmd, "-chardev"); virCommandAddArg(cmd, devstr); @@ -9229,7 +9254,8 @@ qemuBuildChannelsCommandLine(virLogManagerPtr logMana= ger, if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, c= fg, def, channel->source, channel->info.alias, - qemuCaps, true))) + qemuCaps, true, + chardevStdioLogd))) return -1; virCommandAddArg(cmd, "-chardev"); virCommandAddArg(cmd, devstr); @@ -9251,7 +9277,8 @@ qemuBuildConsoleCommandLine(virLogManagerPtr logManag= er, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + bool chardevStdioLogd) { size_t i; =20 @@ -9272,7 +9299,8 @@ qemuBuildConsoleCommandLine(virLogManagerPtr logManag= er, if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, = def, console->source, console->info.alias, - qemuCaps, true))) + qemuCaps, true, + chardevStdioLogd))) return -1; virCommandAddArg(cmd, "-chardev"); virCommandAddArg(cmd, devstr); @@ -9286,7 +9314,8 @@ qemuBuildConsoleCommandLine(virLogManagerPtr logManag= er, if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, = def, console->source, console->info.alias, - qemuCaps, true))) + qemuCaps, true, + chardevStdioLogd))) return -1; virCommandAddArg(cmd, "-chardev"); virCommandAddArg(cmd, devstr); @@ -9404,7 +9433,8 @@ qemuBuildRedirdevCommandLine(virLogManagerPtr logMana= ger, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + bool chardevStdioLogd) { size_t i; =20 @@ -9415,7 +9445,8 @@ qemuBuildRedirdevCommandLine(virLogManagerPtr logMana= ger, if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, redirdev->source, redirdev->info.alias, - qemuCaps, true))) { + qemuCaps, true, + chardevStdioLogd))) { return -1; } =20 @@ -9880,7 +9911,8 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, virBitmapPtr nodeset, size_t *nnicindexes, int **nicindexes, - const char *domainLibDir) + const char *domainLibDir, + bool chardevStdioLogd) { size_t i; char uuid[VIR_UUID_STRING_BUFLEN]; @@ -9986,7 +10018,8 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, =20 if (qemuBuildMonitorCommandLine(logManager, cmd, cfg, def, qemuCaps, monitor_chr, - monitor_json) < 0) + monitor_json, + chardevStdioLogd) < 0) goto error; =20 if (qemuBuildClockCommandLine(cmd, def, qemuCaps) < 0) @@ -10018,22 +10051,28 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, =20 if (qemuBuildNetCommandLine(driver, logManager, cmd, def, qemuCaps, vmop, standalone, - nnicindexes, nicindexes, &bootHostdevNet) = < 0) + nnicindexes, nicindexes, &bootHostdevNet, + chardevStdioLogd) < 0) goto error; =20 - if (qemuBuildSmartcardCommandLine(logManager, cmd, cfg, def, qemuCaps)= < 0) + if (qemuBuildSmartcardCommandLine(logManager, cmd, cfg, def, qemuCaps, + chardevStdioLogd) < 0) goto error; =20 - if (qemuBuildSerialCommandLine(logManager, cmd, cfg, def, qemuCaps) < = 0) + if (qemuBuildSerialCommandLine(logManager, cmd, cfg, def, qemuCaps, + chardevStdioLogd) < 0) goto error; =20 - if (qemuBuildParallelsCommandLine(logManager, cmd, cfg, def, qemuCaps)= < 0) + if (qemuBuildParallelsCommandLine(logManager, cmd, cfg, def, qemuCaps, + chardevStdioLogd) < 0) goto error; =20 - if (qemuBuildChannelsCommandLine(logManager, cmd, cfg, def, qemuCaps) = < 0) + if (qemuBuildChannelsCommandLine(logManager, cmd, cfg, def, qemuCaps, + chardevStdioLogd) < 0) goto error; =20 - if (qemuBuildConsoleCommandLine(logManager, cmd, cfg, def, qemuCaps) <= 0) + if (qemuBuildConsoleCommandLine(logManager, cmd, cfg, def, qemuCaps, + chardevStdioLogd) < 0) goto error; =20 if (qemuBuildTPMCommandLine(cmd, def, qemuCaps) < 0) @@ -10057,7 +10096,8 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildWatchdogCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 - if (qemuBuildRedirdevCommandLine(logManager, cmd, cfg, def, qemuCaps) = < 0) + if (qemuBuildRedirdevCommandLine(logManager, cmd, cfg, def, qemuCaps, + chardevStdioLogd) < 0) goto error; =20 if (qemuBuildHostdevCommandLine(cmd, def, qemuCaps, &bootHostdevNet) <= 0) @@ -10069,7 +10109,8 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildMemballoonCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 - if (qemuBuildRNGCommandLine(logManager, cmd, cfg, def, qemuCaps) < 0) + if (qemuBuildRNGCommandLine(logManager, cmd, cfg, def, qemuCaps, + chardevStdioLogd) < 0) goto error; =20 if (qemuBuildNVRAMCommandLine(cmd, def, qemuCaps) < 0) @@ -10106,7 +10147,8 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, =20 for (i =3D 0; i < def->nshmems; i++) { if (qemuBuildShmemCommandLine(logManager, cmd, cfg, - def, def->shmems[i], qemuCaps)) + def, def->shmems[i], qemuCaps, + chardevStdioLogd)) goto error; } =20 diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index 09cb00ee9b..f5e3e5fbef 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -57,7 +57,8 @@ virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr drive= r, virBitmapPtr nodeset, size_t *nnicindexes, int **nicindexes, - const char *domainLibDir) + const char *domainLibDir, + bool chardevStdioLogd) ATTRIBUTE_NONNULL(15); =20 =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 77c2e5f6d3..fbcd51c1f1 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5657,7 +5657,8 @@ qemuProcessLaunch(virConnectPtr conn, qemuCheckFips(), priv->autoNodeset, &nnicindexes, &nicindexes, - priv->libDir))) + priv->libDir, + priv->chardevStdioLogd))) goto cleanup; =20 if (incoming && incoming->fd !=3D -1) @@ -6091,7 +6092,8 @@ qemuProcessCreatePretendCmd(virConnectPtr conn, priv->autoNodeset, NULL, NULL, - priv->libDir); + priv->libDir, + priv->chardevStdioLogd); =20 cleanup: return cmd; --=20 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 00:41:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1496068336472362.96631754712155; Mon, 29 May 2017 07:32:16 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 459428123E; Mon, 29 May 2017 14:32:14 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E88727E2C3; Mon, 29 May 2017 14:32:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 918E5180BAF4; Mon, 29 May 2017 14:32:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v4TEVvdV016373 for ; Mon, 29 May 2017 10:31:57 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0630D1850C; Mon, 29 May 2017 14:31:57 +0000 (UTC) Received: from antique-work.brq.redhat.com (dhcp129-230.brq.redhat.com [10.34.129.230]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5BEB91851E for ; Mon, 29 May 2017 14:31:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 459428123E Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 459428123E From: Pavel Hrdina To: libvir-list@redhat.com Date: Mon, 29 May 2017 16:31:50 +0200 Message-Id: <84aff98f892166e9e4b8ab074bb9f5edb3db4774.1496068215.git.phrdina@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 4/4] security: don't relabel chardev source if virtlogd is used as stdio handler X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Mon, 29 May 2017 14:32:15 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" In the case that virtlogd is used as stdio handler we pass to QEMU only FD to a PIPE connected to virtlogd instead of the file itself. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1430988 Signed-off-by: Pavel Hrdina --- Notes: new in v2 src/lxc/lxc_process.c | 6 ++--- src/qemu/qemu_security.c | 9 +++++-- src/security/security_apparmor.c | 7 ++++-- src/security/security_dac.c | 54 +++++++++++++++++++++++++++++++-----= ---- src/security/security_driver.h | 6 +++-- src/security/security_manager.c | 12 ++++++--- src/security/security_manager.h | 6 +++-- src/security/security_nop.c | 6 +++-- src/security/security_selinux.c | 53 ++++++++++++++++++++++++++++++------= --- src/security/security_stack.c | 12 ++++++--- tests/securityselinuxlabeltest.c | 2 +- 11 files changed, 127 insertions(+), 46 deletions(-) diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index d8727c3b43..2658ea61f8 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -852,7 +852,7 @@ int virLXCProcessStop(virLXCDriverPtr driver, } =20 virSecurityManagerRestoreAllLabel(driver->securityManager, - vm->def, false); + vm->def, false, false); virSecurityManagerReleaseLabel(driver->securityManager, vm->def); /* Clear out dynamically assigned labels */ if (vm->def->nseclabels && @@ -1349,7 +1349,7 @@ int virLXCProcessStart(virConnectPtr conn, =20 VIR_DEBUG("Setting domain security labels"); if (virSecurityManagerSetAllLabel(driver->securityManager, - vm->def, NULL) < 0) + vm->def, NULL, false) < 0) goto cleanup; =20 VIR_DEBUG("Setting up consoles"); @@ -1578,7 +1578,7 @@ int virLXCProcessStart(virConnectPtr conn, virLXCProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED); } else { virSecurityManagerRestoreAllLabel(driver->securityManager, - vm->def, false); + vm->def, false, false); virSecurityManagerReleaseLabel(driver->securityManager, vm->de= f); /* Clear out dynamically assigned labels */ if (vm->def->nseclabels && diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 61934f9905..6fc3b0bb6e 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -38,6 +38,7 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, const char *stdin_path) { int ret =3D -1; + qemuDomainObjPrivatePtr priv =3D vm->privateData; =20 if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && virSecurityManagerTransactionStart(driver->securityManager) < 0) @@ -45,7 +46,8 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, =20 if (virSecurityManagerSetAllLabel(driver->securityManager, vm->def, - stdin_path) < 0) + stdin_path, + priv->chardevStdioLogd) < 0) goto cleanup; =20 if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && @@ -65,6 +67,8 @@ qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, bool migrated) { + qemuDomainObjPrivatePtr priv =3D vm->privateData; + /* In contrast to qemuSecuritySetAllLabel, do not use * secdriver transactions here. This function is called from * qemuProcessStop() which is meant to do cleanup after qemu @@ -73,7 +77,8 @@ qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver, * in entering the namespace then. */ virSecurityManagerRestoreAllLabel(driver->securityManager, vm->def, - migrated); + migrated, + priv->chardevStdioLogd); } =20 =20 diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 62672b0af0..5afe0c5c85 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -489,7 +489,9 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTR= IBUTE_UNUSED, =20 static int AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, const char *stdin_path) + virDomainDefPtr def, + const char *stdin_path, + bool chardevStdioLogd ATTRIBUTE_UNUSED) { virSecurityLabelDefPtr secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME= ); @@ -567,7 +569,8 @@ AppArmorReleaseSecurityLabel(virSecurityManagerPtr mgr = ATTRIBUTE_UNUSED, static int AppArmorRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virDomainDefPtr def, - bool migrated ATTRIBUTE_UNUSED) + bool migrated ATTRIBUTE_UNUSED, + bool chardevStdioLogd ATTRIBUTE_UNUSED) { int rc =3D 0; virSecurityLabelDefPtr secdef =3D diff --git a/src/security/security_dac.c b/src/security/security_dac.c index fd4d8f5047..79941f480a 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1159,7 +1159,8 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerP= tr mgr, static int virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virDomainChrSourceDefPtr dev_source) + virDomainChrSourceDefPtr dev_source, + bool chardevStdioLogd) =20 { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); @@ -1178,6 +1179,9 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, if (chr_seclabel && !chr_seclabel->relabel) return 0; =20 + if (!chr_seclabel && chardevStdioLogd) + return 0; + if (chr_seclabel && chr_seclabel->label) { if (virParseOwnershipIds(chr_seclabel->label, &user, &group) < 0) return -1; @@ -1243,7 +1247,8 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, static int virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def ATTRIBUTE_UNUSED, - virDomainChrSourceDefPtr dev_source) + virDomainChrSourceDefPtr dev_source, + bool chardevStdioLogd) { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityDeviceLabelDefPtr chr_seclabel =3D NULL; @@ -1256,6 +1261,9 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerP= tr mgr, if (chr_seclabel && !chr_seclabel->relabel) return 0; =20 + if (!chr_seclabel && chardevStdioLogd) + return 0; + switch ((virDomainChrType) dev_source->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: @@ -1298,14 +1306,21 @@ virSecurityDACRestoreChardevLabel(virSecurityManage= rPtr mgr, } =20 =20 +struct _virSecuritySELinuxChardevCallbackData { + virSecurityManagerPtr mgr; + bool chardevStdioLogd; +}; + + static int virSecurityDACRestoreChardevCallback(virDomainDefPtr def, virDomainChrDefPtr dev ATTRIBUTE_UNUS= ED, void *opaque) { - virSecurityManagerPtr mgr =3D opaque; + struct _virSecuritySELinuxChardevCallbackData *data =3D opaque; =20 - return virSecurityDACRestoreChardevLabel(mgr, def, dev->source); + return virSecurityDACRestoreChardevLabel(data->mgr, def, dev->source, + data->chardevStdioLogd); } =20 =20 @@ -1319,7 +1334,8 @@ virSecurityDACSetTPMFileLabel(virSecurityManagerPtr m= gr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: ret =3D virSecurityDACSetChardevLabel(mgr, def, - &tpm->data.passthrough.source); + &tpm->data.passthrough.source, + false); break; case VIR_DOMAIN_TPM_TYPE_LAST: break; @@ -1339,7 +1355,8 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerP= tr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: ret =3D virSecurityDACRestoreChardevLabel(mgr, def, - &tpm->data.passthrough.sou= rce); + &tpm->data.passthrough.sou= rce, + false); break; case VIR_DOMAIN_TPM_TYPE_LAST: break; @@ -1436,7 +1453,8 @@ virSecurityDACRestoreMemoryLabel(virSecurityManagerPt= r mgr, static int virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - bool migrated) + bool migrated, + bool chardevStdioLogd) { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityLabelDefPtr secdef; @@ -1479,10 +1497,15 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr= mgr, rc =3D -1; } =20 + struct _virSecuritySELinuxChardevCallbackData chardevData =3D { + .mgr =3D mgr, + .chardevStdioLogd =3D chardevStdioLogd, + }; + if (virDomainChrDefForeach(def, false, virSecurityDACRestoreChardevCallback, - mgr) < 0) + &chardevData) < 0) rc =3D -1; =20 if (def->tpm) { @@ -1505,9 +1528,10 @@ virSecurityDACSetChardevCallback(virDomainDefPtr def, virDomainChrDefPtr dev ATTRIBUTE_UNUSED, void *opaque) { - virSecurityManagerPtr mgr =3D opaque; + struct _virSecuritySELinuxChardevCallbackData *data =3D opaque; =20 - return virSecurityDACSetChardevLabel(mgr, def, dev->source); + return virSecurityDACSetChardevLabel(data->mgr, def, dev->source, + data->chardevStdioLogd); } =20 =20 @@ -1549,7 +1573,8 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mg= r, static int virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *stdin_path ATTRIBUTE_UNUSED) + const char *stdin_path ATTRIBUTE_UNUSED, + bool chardevStdioLogd) { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityLabelDefPtr secdef; @@ -1592,10 +1617,15 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, return -1; } =20 + struct _virSecuritySELinuxChardevCallbackData chardevData =3D { + .mgr =3D mgr, + .chardevStdioLogd =3D chardevStdioLogd, + }; + if (virDomainChrDefForeach(def, true, virSecurityDACSetChardevCallback, - mgr) < 0) + &chardevData) < 0) return -1; =20 if (def->tpm) { diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 0f5cce5f8d..0b3b452486 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -91,10 +91,12 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecuri= tyManagerPtr mgr, virDomainDefPtr sec); typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr, virDomainDefPtr sec, - const char *stdin_path); + const char *stdin_path, + bool chardevStdioLogd); typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, - bool migrated); + bool migrated, + bool chardevStdioLogd); typedef int (*virSecurityDomainGetProcessLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, pid_t pid, diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 90d491c1bc..013bbc37ef 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -856,12 +856,14 @@ int virSecurityManagerCheckAllLabel(virSecurityManage= rPtr mgr, int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *stdin_path) + const char *stdin_path, + bool chardevStdioLogd) { if (mgr->drv->domainSetSecurityAllLabel) { int ret; virObjectLock(mgr); - ret =3D mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path); + ret =3D mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path, + chardevStdioLogd); virObjectUnlock(mgr); return ret; } @@ -874,12 +876,14 @@ virSecurityManagerSetAllLabel(virSecurityManagerPtr m= gr, int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - bool migrated) + bool migrated, + bool chardevStdioLogd) { if (mgr->drv->domainRestoreSecurityAllLabel) { int ret; virObjectLock(mgr); - ret =3D mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated); + ret =3D mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated, + chardevStdioLogd); virObjectUnlock(mgr); return ret; } diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 238e66cd0b..01296d339e 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -130,10 +130,12 @@ int virSecurityManagerCheckAllLabel(virSecurityManage= rPtr mgr, virDomainDefPtr sec); int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr sec, - const char *stdin_path); + const char *stdin_path, + bool chardevStdioLogd); int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - bool migrated); + bool migrated, + bool chardevStdioLogd); int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, pid_t pid, diff --git a/src/security/security_nop.c b/src/security/security_nop.c index 0a9b515288..527be11e5a 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -151,7 +151,8 @@ virSecurityDomainReleaseLabelNop(virSecurityManagerPtr = mgr ATTRIBUTE_UNUSED, static int virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virDomainDefPtr sec ATTRIBUTE_UNUSED, - const char *stdin_path ATTRIBUTE_UNUSED) + const char *stdin_path ATTRIBUTE_UNUSED, + bool chardevStdioLogd ATTRIBUTE_UNUSED) { return 0; } @@ -159,7 +160,8 @@ virSecurityDomainSetAllLabelNop(virSecurityManagerPtr m= gr ATTRIBUTE_UNUSED, static int virSecurityDomainRestoreAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UN= USED, virDomainDefPtr vm ATTRIBUTE_UNUSED, - bool migrated ATTRIBUTE_UNUSED) + bool migrated ATTRIBUTE_UNUSED, + bool chardevStdioLogd ATTRIBUTE_UNUSED) { return 0; } diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 75f387b3fa..26137f6d8d 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2179,7 +2179,8 @@ virSecuritySELinuxRestoreHostdevLabel(virSecurityMana= gerPtr mgr, static int virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virDomainChrSourceDefPtr dev_source) + virDomainChrSourceDefPtr dev_source, + bool chardevStdioLogd) =20 { virSecurityLabelDefPtr seclabel; @@ -2198,6 +2199,9 @@ virSecuritySELinuxSetChardevLabel(virSecurityManagerP= tr mgr, if (chr_seclabel && !chr_seclabel->relabel) return 0; =20 + if (!chr_seclabel && chardevStdioLogd) + return 0; + if (chr_seclabel) imagelabel =3D chr_seclabel->label; if (!imagelabel) @@ -2252,7 +2256,8 @@ virSecuritySELinuxSetChardevLabel(virSecurityManagerP= tr mgr, static int virSecuritySELinuxRestoreChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virDomainChrSourceDefPtr dev_source) + virDomainChrSourceDefPtr dev_source, + bool chardevStdioLogd) =20 { virSecurityLabelDefPtr seclabel; @@ -2269,6 +2274,9 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMana= gerPtr mgr, if (chr_seclabel && !chr_seclabel->relabel) return 0; =20 + if (!chr_seclabel && chardevStdioLogd) + return 0; + switch (dev_source->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: @@ -2312,14 +2320,21 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMa= nagerPtr mgr, } =20 =20 +struct _virSecuritySELinuxChardevCallbackData { + virSecurityManagerPtr mgr; + bool chardevStdioLogd; +}; + + static int virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def, virDomainChrDefPtr dev AT= TRIBUTE_UNUSED, void *opaque) { - virSecurityManagerPtr mgr =3D opaque; + struct _virSecuritySELinuxChardevCallbackData *data =3D opaque; =20 - return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev->source); + return virSecuritySELinuxRestoreChardevLabel(data->mgr, def, dev->sour= ce, + data->chardevStdioLogd); } =20 =20 @@ -2342,7 +2357,8 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(vi= rDomainDefPtr def, return virSecuritySELinuxRestoreFileLabel(mgr, database); =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev->data.p= assthru); + return virSecuritySELinuxRestoreChardevLabel(mgr, def, + dev->data.passthru, f= alse); =20 default: virReportError(VIR_ERR_INTERNAL_ERROR, @@ -2369,7 +2385,8 @@ virSecuritySELinuxGetBaseLabel(virSecurityManagerPtr = mgr, int virtType) static int virSecuritySELinuxRestoreAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - bool migrated) + bool migrated, + bool chardevStdioLogd) { virSecurityLabelDefPtr secdef; virSecuritySELinuxDataPtr data =3D virSecurityManagerGetPrivateData(mg= r); @@ -2414,10 +2431,15 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManage= rPtr mgr, rc =3D -1; } =20 + struct _virSecuritySELinuxChardevCallbackData chardevData =3D { + .mgr =3D mgr, + .chardevStdioLogd =3D chardevStdioLogd + }; + if (virDomainChrDefForeach(def, false, virSecuritySELinuxRestoreSecurityChardevCal= lback, - mgr) < 0) + &chardevData) < 0) rc =3D -1; =20 if (virDomainSmartcardDefForeach(def, @@ -2706,9 +2728,10 @@ virSecuritySELinuxSetSecurityChardevCallback(virDoma= inDefPtr def, virDomainChrDefPtr dev ATTRIB= UTE_UNUSED, void *opaque) { - virSecurityManagerPtr mgr =3D opaque; + struct _virSecuritySELinuxChardevCallbackData *data =3D opaque; =20 - return virSecuritySELinuxSetChardevLabel(mgr, def, dev->source); + return virSecuritySELinuxSetChardevLabel(data->mgr, def, dev->source, + data->chardevStdioLogd); } =20 =20 @@ -2733,7 +2756,7 @@ virSecuritySELinuxSetSecuritySmartcardCallback(virDom= ainDefPtr def, =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: return virSecuritySELinuxSetChardevLabel(mgr, def, - dev->data.passthru); + dev->data.passthru, false= ); =20 default: virReportError(VIR_ERR_INTERNAL_ERROR, @@ -2749,7 +2772,8 @@ virSecuritySELinuxSetSecuritySmartcardCallback(virDom= ainDefPtr def, static int virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *stdin_path) + const char *stdin_path, + bool chardevStdioLogd) { size_t i; virSecuritySELinuxDataPtr data =3D virSecurityManagerGetPrivateData(mg= r); @@ -2797,10 +2821,15 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr= mgr, return -1; } =20 + struct _virSecuritySELinuxChardevCallbackData chardevData =3D { + .mgr =3D mgr, + .chardevStdioLogd =3D chardevStdioLogd + }; + if (virDomainChrDefForeach(def, true, virSecuritySELinuxSetSecurityChardevCallbac= k, - mgr) < 0) + &chardevData) < 0) return -1; =20 if (virDomainSmartcardDefForeach(def, diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 9a1a7b30c5..53eee1692f 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -350,14 +350,16 @@ virSecurityStackRestoreHostdevLabel(virSecurityManage= rPtr mgr, static int virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *stdin_path) + const char *stdin_path, + bool chardevStdioLogd) { virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item =3D priv->itemsHead; int rc =3D 0; =20 for (; item; item =3D item->next) { - if (virSecurityManagerSetAllLabel(item->securityManager, vm, stdin= _path) < 0) + if (virSecurityManagerSetAllLabel(item->securityManager, vm, + stdin_path, chardevStdioLogd) < = 0) rc =3D -1; } =20 @@ -368,14 +370,16 @@ virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, static int virSecurityStackRestoreAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - bool migrated) + bool migrated, + bool chardevStdioLogd) { virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item =3D priv->itemsHead; int rc =3D 0; =20 for (; item; item =3D item->next) { - if (virSecurityManagerRestoreAllLabel(item->securityManager, vm, m= igrated) < 0) + if (virSecurityManagerRestoreAllLabel(item->securityManager, vm, + migrated, chardevStdioLogd) = < 0) rc =3D -1; } =20 diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabelt= est.c index 3e134991f2..ddcc954429 100644 --- a/tests/securityselinuxlabeltest.c +++ b/tests/securityselinuxlabeltest.c @@ -313,7 +313,7 @@ testSELinuxLabeling(const void *opaque) if (!(def =3D testSELinuxLoadDef(testname))) goto cleanup; =20 - if (virSecurityManagerSetAllLabel(mgr, def, NULL) < 0) + if (virSecurityManagerSetAllLabel(mgr, def, NULL, false) < 0) goto cleanup; =20 if (testSELinuxCheckLabels(files, nfiles) < 0) --=20 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list