NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

audit: prepare qemu for listing vm in cgroup audits

Browse Source 
* src/qemu/qemu_cgroup.h (struct qemuCgroupData): New helper type.
(qemuSetupDiskPathAllow, qemuSetupChardevCgroup)
(qemuTeardownDiskPathDeny): Drop unneeded prototypes.
(qemuSetupDiskCgroup, qemuTeardownDiskCgroup): Adjust prototype.
* src/qemu/qemu_cgroup.c
(qemuSetupDiskPathAllow, qemuSetupChardevCgroup)
(qemuTeardownDiskPathDeny): Mark static and use new type.
(qemuSetupHostUsbDeviceCgroup): Use new type.
(qemuSetupDiskCgroup): Alter signature.
(qemuSetupCgroup): Adjust caller.
* src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice)
(qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice):
Likewise.
* src/qemu/qemu_driver.c (qemudDomainAttachDevice)
(qemuDomainUpdateDeviceFlags): Likewise.
This commit is contained in:
Eric Blake 2011-02-15 19:18:40 -07:00
parent 061738764d
commit b4d3434fc2
4 changed files with 50 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
src/qemu/qemu_cgroup.c
View File

@ -54,18 +54,18 @@ int qemuCgroupControllerActive(struct qemud_driver *driver,
return 0; return 0;
} }
static int
int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
const char *path, const char *path,
size_t depth ATTRIBUTE_UNUSED, size_t depth ATTRIBUTE_UNUSED,
void *opaque) void *opaque)
{ {
virCgroupPtr cgroup = opaque; qemuCgroupData *data = opaque;
int rc; int rc;
VIR_DEBUG("Process path %s for disk", path); VIR_DEBUG("Process path %s for disk", path);
/* XXX RO vs RW */ /* XXX RO vs RW */
rc = virCgroupAllowDevicePath(cgroup, path); rc = virCgroupAllowDevicePath(data->cgroup, path);
if (rc < 0) { if (rc < 0) {
if (rc == -EACCES) { /* Get this for root squash NFS */ if (rc == -EACCES) { /* Get this for root squash NFS */
VIR_DEBUG("Ignoring EACCES for %s", path); VIR_DEBUG("Ignoring EACCES for %s", path);
@ -81,28 +81,31 @@ int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
int qemuSetupDiskCgroup(struct qemud_driver *driver, int qemuSetupDiskCgroup(struct qemud_driver *driver,
virDomainObjPtr vm,
virCgroupPtr cgroup, virCgroupPtr cgroup,
virDomainDiskDefPtr disk) virDomainDiskDefPtr disk)
{ {
qemuCgroupData data = { vm, cgroup };
return virDomainDiskDefForeachPath(disk, return virDomainDiskDefForeachPath(disk,
driver->allowDiskFormatProbing, driver->allowDiskFormatProbing,
true, true,
qemuSetupDiskPathAllow, qemuSetupDiskPathAllow,
cgroup); &data);
} }
int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, static int
const char *path, qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
size_t depth ATTRIBUTE_UNUSED, const char *path,
void *opaque) size_t depth ATTRIBUTE_UNUSED,
void *opaque)
{ {
virCgroupPtr cgroup = opaque; qemuCgroupData *data = opaque;
int rc; int rc;
VIR_DEBUG("Process path %s for disk", path); VIR_DEBUG("Process path %s for disk", path);
/* XXX RO vs RW */ /* XXX RO vs RW */
rc = virCgroupDenyDevicePath(cgroup, path); rc = virCgroupDenyDevicePath(data->cgroup, path);
if (rc < 0) { if (rc < 0) {
if (rc == -EACCES) { /* Get this for root squash NFS */ if (rc == -EACCES) { /* Get this for root squash NFS */
VIR_DEBUG("Ignoring EACCES for %s", path); VIR_DEBUG("Ignoring EACCES for %s", path);
@ -118,22 +121,25 @@ int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
int qemuTeardownDiskCgroup(struct qemud_driver *driver, int qemuTeardownDiskCgroup(struct qemud_driver *driver,
virDomainObjPtr vm,
virCgroupPtr cgroup, virCgroupPtr cgroup,
virDomainDiskDefPtr disk) virDomainDiskDefPtr disk)
{ {
qemuCgroupData data = { vm, cgroup };
return virDomainDiskDefForeachPath(disk, return virDomainDiskDefForeachPath(disk,
driver->allowDiskFormatProbing, driver->allowDiskFormatProbing,
true, true,
qemuTeardownDiskPathDeny, qemuTeardownDiskPathDeny,
cgroup); &data);
} }
int qemuSetupChardevCgroup(virDomainDefPtr def, static int
virDomainChrDefPtr dev, qemuSetupChardevCgroup(virDomainDefPtr def,
void *opaque) virDomainChrDefPtr dev,
void *opaque)
{ {
virCgroupPtr cgroup = opaque; qemuCgroupData *data = opaque;
int rc; int rc;
if (dev->source.type != VIR_DOMAIN_CHR_TYPE_DEV) if (dev->source.type != VIR_DOMAIN_CHR_TYPE_DEV)
@ -141,7 +147,7 @@ int qemuSetupChardevCgroup(virDomainDefPtr def,
VIR_DEBUG("Process path '%s' for disk", dev->source.data.file.path); VIR_DEBUG("Process path '%s' for disk", dev->source.data.file.path);
rc = virCgroupAllowDevicePath(cgroup, dev->source.data.file.path); rc = virCgroupAllowDevicePath(data->cgroup, dev->source.data.file.path);
if (rc < 0) { if (rc < 0) {
virReportSystemError(-rc, virReportSystemError(-rc,
_("Unable to allow device %s for %s"), _("Unable to allow device %s for %s"),
@ -157,11 +163,11 @@ int qemuSetupHostUsbDeviceCgroup(usbDevice *dev ATTRIBUTE_UNUSED,
const char *path, const char *path,
void *opaque) void *opaque)
{ {
virCgroupPtr cgroup = opaque; qemuCgroupData *data = opaque;
int rc; int rc;
VIR_DEBUG("Process path '%s' for USB device", path); VIR_DEBUG("Process path '%s' for USB device", path);
rc = virCgroupAllowDevicePath(cgroup, path); rc = virCgroupAllowDevicePath(data->cgroup, path);
if (rc < 0) { if (rc < 0) {
virReportSystemError(-rc, virReportSystemError(-rc,
_("Unable to allow device %s"), _("Unable to allow device %s"),
@ -195,6 +201,7 @@ int qemuSetupCgroup(struct qemud_driver *driver,
} }
if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) { if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) {
qemuCgroupData data = { vm, cgroup };
rc = virCgroupDenyAllDevices(cgroup); rc = virCgroupDenyAllDevices(cgroup);
if (rc != 0) { if (rc != 0) {
if (rc == -EPERM) { if (rc == -EPERM) {
@ -208,7 +215,7 @@ int qemuSetupCgroup(struct qemud_driver *driver,
} }
for (i = 0; i < vm->def->ndisks ; i++) { for (i = 0; i < vm->def->ndisks ; i++) {
if (qemuSetupDiskCgroup(driver, cgroup, vm->def->disks[i]) < 0) if (qemuSetupDiskCgroup(driver, vm, cgroup, vm->def->disks[i]) < 0)
goto cleanup; goto cleanup;
} }
@ -243,7 +250,7 @@ int qemuSetupCgroup(struct qemud_driver *driver,
if (virDomainChrDefForeach(vm->def, if (virDomainChrDefForeach(vm->def,
true, true,
qemuSetupChardevCgroup, qemuSetupChardevCgroup,
cgroup) < 0) &data) < 0)
goto cleanup; goto cleanup;
for (i = 0; i < vm->def->nhostdevs; i++) { for (i = 0; i < vm->def->nhostdevs; i++) {
@ -259,7 +266,8 @@ int qemuSetupCgroup(struct qemud_driver *driver,
hostdev->source.subsys.u.usb.device)) == NULL) hostdev->source.subsys.u.usb.device)) == NULL)
goto cleanup; goto cleanup;
if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup, cgroup) < 0 ) if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup,
&data) < 0)
goto cleanup; goto cleanup;
} }
} }

21
src/qemu/qemu_cgroup.h
View File

@ -1,7 +1,7 @@
/* /*
* qemu_cgroup.h: QEMU cgroup management * qemu_cgroup.h: QEMU cgroup management
* *
* Copyright (C) 2006-2007, 2009-2010 Red Hat, Inc. * Copyright (C) 2006-2007, 2009-2011 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange * Copyright (C) 2006 Daniel P. Berrange
* *
* This library is free software; you can redistribute it and/or * This library is free software; you can redistribute it and/or
@ -28,25 +28,22 @@
# include "domain_conf.h" # include "domain_conf.h"
# include "qemu_conf.h" # include "qemu_conf.h"
struct _qemuCgroupData {
virDomainObjPtr vm;
virCgroupPtr cgroup;
};
typedef struct _qemuCgroupData qemuCgroupData;
int qemuCgroupControllerActive(struct qemud_driver *driver, int qemuCgroupControllerActive(struct qemud_driver *driver,
int controller); int controller);
int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk,
const char *path,
size_t depth,
void *opaque);
int qemuSetupDiskCgroup(struct qemud_driver *driver, int qemuSetupDiskCgroup(struct qemud_driver *driver,
virDomainObjPtr vm,
virCgroupPtr cgroup, virCgroupPtr cgroup,
virDomainDiskDefPtr disk); virDomainDiskDefPtr disk);
int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk,
const char *path,
size_t depth,
void *opaque);
int qemuTeardownDiskCgroup(struct qemud_driver *driver, int qemuTeardownDiskCgroup(struct qemud_driver *driver,
virDomainObjPtr vm,
virCgroupPtr cgroup, virCgroupPtr cgroup,
virDomainDiskDefPtr disk); virDomainDiskDefPtr disk);
int qemuSetupChardevCgroup(virDomainDefPtr def,
virDomainChrDefPtr dev,
void *opaque);
int qemuSetupHostUsbDeviceCgroup(usbDevice *dev, int qemuSetupHostUsbDeviceCgroup(usbDevice *dev,
const char *path, const char *path,
void *opaque); void *opaque);

8
src/qemu/qemu_driver.c
View File

@ -3988,7 +3988,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
vm->def->name); vm->def->name);
goto endjob; goto endjob;
} }
if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0) if (qemuSetupDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
goto endjob; goto endjob;
} }
@ -4034,7 +4034,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
/* Fallthrough */ /* Fallthrough */
} }
if (ret != 0 && cgroup) { if (ret != 0 && cgroup) {
if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s", VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src)); NULLSTR(dev->data.disk->src));
} }
@ -4160,7 +4160,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
vm->def->name); vm->def->name);
goto endjob; goto endjob;
} }
if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0) if (qemuSetupDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
goto endjob; goto endjob;
} }
@ -4184,7 +4184,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
} }
if (ret != 0 && cgroup) { if (ret != 0 && cgroup) {
if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s", VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src)); NULLSTR(dev->data.disk->src));
} }

7
src/qemu/qemu_hotplug.c
View File

@ -893,6 +893,7 @@ int qemuDomainAttachHostUsbDevice(struct qemud_driver *driver,
if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) { if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) {
virCgroupPtr cgroup = NULL; virCgroupPtr cgroup = NULL;
usbDevice *usb; usbDevice *usb;
qemuCgroupData data = { vm, cgroup };
if (virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) !=0 ) { if (virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) !=0 ) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, qemuReportError(VIR_ERR_INTERNAL_ERROR,
@ -905,7 +906,7 @@ int qemuDomainAttachHostUsbDevice(struct qemud_driver *driver,
hostdev->source.subsys.u.usb.device)) == NULL) hostdev->source.subsys.u.usb.device)) == NULL)
goto error; goto error;
if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup, cgroup) < 0 ) if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup, &data) < 0)
goto error; goto error;
} }
@ -1206,7 +1207,7 @@ int qemuDomainDetachPciDiskDevice(struct qemud_driver *driver,
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) { if (cgroup != NULL) {
if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s", VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src)); NULLSTR(dev->data.disk->src));
} }
@ -1284,7 +1285,7 @@ int qemuDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) { if (cgroup != NULL) {
if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s", VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src)); NULLSTR(dev->data.disk->src));
} }