External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-23 13:05:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
libvirt/src/qemu/qemu_passt.c

293 lines
8.3 KiB
C
Raw Normal View History

qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
/*
* qemu_passt.c: QEMU passt support
*
* Copyright (C) 2022 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include "qemu_dbus.h"
#include "qemu_extdevice.h"
#include "qemu_security.h"
#include "qemu_passt.h"
#include "virenum.h"
#include "virerror.h"
#include "virjson.h"
#include "virlog.h"
#include "virpidfile.h"
#define VIR_FROM_THIS VIR_FROM_NONE
VIR_LOG_INIT("qemu.passt");
static char *
qemuPasstCreatePidFilename(virDomainObj *vm,
virDomainNetDef *net)
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
g_autofree char *shortName = virDomainDefGetShortName(vm->def);
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
g_autofree char *name = NULL;
name = g_strdup_printf("%s-%s-passt", shortName, net->info.alias);
return virPidFileBuildPath(cfg->passtStateDir, name);
}
static char *
qemuPasstCreateSocketPath(virDomainObj *vm,
virDomainNetDef *net)
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
g_autofree char *shortName = virDomainDefGetShortName(vm->def);
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
return g_strdup_printf("%s/%s-%s.socket", cfg->passtStateDir,
shortName, net->info.alias);
}
static int
qemuPasstGetPid(virDomainObj *vm,
virDomainNetDef *net,
pid_t *pid)
{
g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
qemu_passt: Let passt write the PID file The way we start passt currently is: we use virCommandSetPidFile() to use our virCommand machinery to acquire the PID file and leak opened FD into passt. Then, we use virPidFile*() APIs to read the PID file (which is needed when placing it into CGroups or killing it). But this does not fly really because passt daemonizes itself. Thus the process we started dies soon and thus the PID file is closed and unlocked. We could work around this by passing '--foreground' argument, but that weakens passt as it can't create new PID namespace (because it doesn't fork()). The solution is to let passt write the PID file, but since it does not lock the file and closes it as soon as it is written, we have to switch to those virPidFile APIs which don't expect PID file to be locked. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-16 11:46:55 +01:00
return virPidFileReadPath(pidfile, pid);
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
}
int
qemuPasstAddNetProps(virDomainObj *vm,
virDomainNetDef *net,
virJSONValue **netprops)
{
g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
g_autoptr(virJSONValue) addrprops = NULL;
qemu: add reconnect=5 to passt qemu commandline options when available QEMU's "reconnect" option of "-netdev stream" tells QEMU to periodically (period is given in seconds as an argument to the option) attempt to reconnect to the same passt socket to which it had originally connected to. This is useful in cases where the passt process terminates, and libvirtd starts a new passt process in its place (which doesn't happen yet, but will happen automatically after an upcoming patch in this series). Since there is no real hueristic for determining the "best" value of the reconnect interval, rather than clutter up config with a knob that nobody knows how to properly twiddle, we just set the reconnect timer to 5 seconds. "-netdev stream" first appeared in QEMU 7.2.0, but the reconnect option won't be available until QEMU 8.0.0, so we need to check QEMU capabilities just in case someone is using QEMU 7.2.0 (and thus can support passt backend, but not reconnect) Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-20 18:26:51 -05:00
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUCaps *qemuCaps = priv->qemuCaps;
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
if (virJSONValueObjectAdd(&addrprops,
"s:type", "unix",
"s:path", passtSocketName,
NULL) < 0) {
return -1;
}
if (virJSONValueObjectAdd(netprops,
"s:type", "stream",
"a:addr", &addrprops,
"b:server", false,
NULL) < 0) {
return -1;
}
qemu: add reconnect=5 to passt qemu commandline options when available QEMU's "reconnect" option of "-netdev stream" tells QEMU to periodically (period is given in seconds as an argument to the option) attempt to reconnect to the same passt socket to which it had originally connected to. This is useful in cases where the passt process terminates, and libvirtd starts a new passt process in its place (which doesn't happen yet, but will happen automatically after an upcoming patch in this series). Since there is no real hueristic for determining the "best" value of the reconnect interval, rather than clutter up config with a knob that nobody knows how to properly twiddle, we just set the reconnect timer to 5 seconds. "-netdev stream" first appeared in QEMU 7.2.0, but the reconnect option won't be available until QEMU 8.0.0, so we need to check QEMU capabilities just in case someone is using QEMU 7.2.0 (and thus can support passt backend, but not reconnect) Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-20 18:26:51 -05:00
/* a narrow range of QEMU releases support -netdev stream, but
* don't support its "reconnect" option
*/
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_NETDEV_STREAM_RECONNECT) &&
virJSONValueObjectAdd(netprops, "u:reconnect", 5, NULL) < 0) {
return -1;
}
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
return 0;
}
qemu_passt: Deduplicate passt killing code There are two places where we kill passt: 1) qemuPasstStop() - called transitively from qemuProcessStop(), 2) qemuPasstStart() - after failed start. Now, the code from 2) lack error preservation (so if there's another error during cleanup we might overwrite the original error). Therefore, move the internals of qemuPasstStop() into a separate function and call it from both places. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-16 12:07:42 +01:00
static void
qemu_passt: Remove passt socket file on exit Just like it can't remove its own PID files, passt can't unlink its own socket upon exit (unless the initialisation fails), because it has no access to the filesystem at runtime. Remove the socket file in qemuPasstKill(). Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-21 20:19:07 +01:00
qemuPasstKill(const char *pidfile, const char *passtSocketName)
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
{
virErrorPtr orig_err;
qemu_passt: Let passt write the PID file The way we start passt currently is: we use virCommandSetPidFile() to use our virCommand machinery to acquire the PID file and leak opened FD into passt. Then, we use virPidFile*() APIs to read the PID file (which is needed when placing it into CGroups or killing it). But this does not fly really because passt daemonizes itself. Thus the process we started dies soon and thus the PID file is closed and unlocked. We could work around this by passing '--foreground' argument, but that weakens passt as it can't create new PID namespace (because it doesn't fork()). The solution is to let passt write the PID file, but since it does not lock the file and closes it as soon as it is written, we have to switch to those virPidFile APIs which don't expect PID file to be locked. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-16 11:46:55 +01:00
pid_t pid = 0;
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
virErrorPreserveLast(&orig_err);
qemu_passt: Let passt write the PID file The way we start passt currently is: we use virCommandSetPidFile() to use our virCommand machinery to acquire the PID file and leak opened FD into passt. Then, we use virPidFile*() APIs to read the PID file (which is needed when placing it into CGroups or killing it). But this does not fly really because passt daemonizes itself. Thus the process we started dies soon and thus the PID file is closed and unlocked. We could work around this by passing '--foreground' argument, but that weakens passt as it can't create new PID namespace (because it doesn't fork()). The solution is to let passt write the PID file, but since it does not lock the file and closes it as soon as it is written, we have to switch to those virPidFile APIs which don't expect PID file to be locked. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-16 11:46:55 +01:00
ignore_value(virPidFileReadPath(pidfile, &pid));
if (pid != 0)
virProcessKillPainfully(pid, true);
unlink(pidfile);
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
qemu_passt: Remove passt socket file on exit Just like it can't remove its own PID files, passt can't unlink its own socket upon exit (unless the initialisation fails), because it has no access to the filesystem at runtime. Remove the socket file in qemuPasstKill(). Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-21 20:19:07 +01:00
unlink(passtSocketName);
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
virErrorRestore(&orig_err);
}
qemu_passt: Deduplicate passt killing code There are two places where we kill passt: 1) qemuPasstStop() - called transitively from qemuProcessStop(), 2) qemuPasstStart() - after failed start. Now, the code from 2) lack error preservation (so if there's another error during cleanup we might overwrite the original error). Therefore, move the internals of qemuPasstStop() into a separate function and call it from both places. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-16 12:07:42 +01:00
void
qemuPasstStop(virDomainObj *vm,
virDomainNetDef *net)
{
g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
qemu_passt: Remove passt socket file on exit Just like it can't remove its own PID files, passt can't unlink its own socket upon exit (unless the initialisation fails), because it has no access to the filesystem at runtime. Remove the socket file in qemuPasstKill(). Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-21 20:19:07 +01:00
g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
qemu_passt: Deduplicate passt killing code There are two places where we kill passt: 1) qemuPasstStop() - called transitively from qemuProcessStop(), 2) qemuPasstStart() - after failed start. Now, the code from 2) lack error preservation (so if there's another error during cleanup we might overwrite the original error). Therefore, move the internals of qemuPasstStop() into a separate function and call it from both places. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-16 12:07:42 +01:00
qemu_passt: Remove passt socket file on exit Just like it can't remove its own PID files, passt can't unlink its own socket upon exit (unless the initialisation fails), because it has no access to the filesystem at runtime. Remove the socket file in qemuPasstKill(). Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-21 20:19:07 +01:00
qemuPasstKill(pidfile, passtSocketName);
qemu_passt: Deduplicate passt killing code There are two places where we kill passt: 1) qemuPasstStop() - called transitively from qemuProcessStop(), 2) qemuPasstStart() - after failed start. Now, the code from 2) lack error preservation (so if there's another error during cleanup we might overwrite the original error). Therefore, move the internals of qemuPasstStop() into a separate function and call it from both places. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-16 12:07:42 +01:00
}
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
int
qemuPasstSetupCgroup(virDomainObj *vm,
virDomainNetDef *net,
virCgroup *cgroup)
{
pid_t pid = (pid_t) -1;
qemu_passt: Report error when getting passt PID failed If qemuPasstGetPid() fails, or the passt's PID is -1 then qemuPasstSetupCgroup() returns early without any error message set. Report an appropriate error. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-13 16:05:04 +01:00
if (qemuPasstGetPid(vm, net, &pid) < 0 || pid <= 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Could not get process ID of passt"));
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
return -1;
qemu_passt: Report error when getting passt PID failed If qemuPasstGetPid() fails, or the passt's PID is -1 then qemuPasstSetupCgroup() returns early without any error message set. Report an appropriate error. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-13 16:05:04 +01:00
}
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
return virCgroupAddProcess(cgroup, pid);
}
int
qemuPasstStart(virDomainObj *vm,
virDomainNetDef *net)
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
g_autoptr(virCommand) cmd = NULL;
g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
char macaddr[VIR_MAC_STRING_BUFLEN];
size_t i;
cmd = virCommandNew(PASST);
virCommandClearCaps(cmd);
virCommandAddArgList(cmd,
"--one-off",
"--socket", passtSocketName,
"--mac-addr", virMacAddrFormat(&net->mac, macaddr),
qemu_passt: Let passt write the PID file The way we start passt currently is: we use virCommandSetPidFile() to use our virCommand machinery to acquire the PID file and leak opened FD into passt. Then, we use virPidFile*() APIs to read the PID file (which is needed when placing it into CGroups or killing it). But this does not fly really because passt daemonizes itself. Thus the process we started dies soon and thus the PID file is closed and unlocked. We could work around this by passing '--foreground' argument, but that weakens passt as it can't create new PID namespace (because it doesn't fork()). The solution is to let passt write the PID file, but since it does not lock the file and closes it as soon as it is written, we have to switch to those virPidFile APIs which don't expect PID file to be locked. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-16 11:46:55 +01:00
"--pid", pidfile,
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
NULL);
if (net->mtu) {
virCommandAddArg(cmd, "--mtu");
virCommandAddArgFormat(cmd, "%u", net->mtu);
}
conf: remove <backend upstream='xxx'/> attribute This attribute was added to support setting the --interface option for passt, but in a post-push/pre-9.0-release review, danpb pointed out that it would be better to use the existing <source dev='xxx'/> attribute to set --interface rather than creating a new attribute (in the wrong place). So we remove backend/upstream, and change the passt commandline creation to grab the name for --interface from source/dev. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-12 23:42:16 -05:00
if (net->sourceDev)
virCommandAddArgList(cmd, "--interface", net->sourceDev, NULL);
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
if (net->backend.logFile)
virCommandAddArgList(cmd, "--log-file", net->backend.logFile, NULL);
/* Add IP address info */
for (i = 0; i < net->guestIP.nips; i++) {
const virNetDevIPAddr *ip = net->guestIP.ips[i];
g_autofree char *addr = NULL;
/* validation has already limited us to
* a single IPv4 and single IPv6 address
*/
if (!(addr = virSocketAddrFormat(&ip->address)))
return -1;
virCommandAddArgList(cmd, "--address", addr, NULL);
if (ip->prefix && VIR_SOCKET_ADDR_IS_FAMILY(&ip->address, AF_INET)) {
/* validation already made sure no prefix is
* specified for IPv6 (not allowed by passt)
*/
virCommandAddArg(cmd, "--netmask");
virCommandAddArgFormat(cmd, "%u", ip->prefix);
}
}
/* Add port forwarding info */
for (i = 0; i < net->nPortForwards; i++) {
virDomainNetPortForward *pf = net->portForwards[i];
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
if (pf->proto == VIR_DOMAIN_NET_PROTO_TCP) {
virCommandAddArg(cmd, "--tcp-ports");
} else if (pf->proto == VIR_DOMAIN_NET_PROTO_UDP) {
virCommandAddArg(cmd, "--udp-ports");
} else {
/* validation guarantees this will never happen */
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Invalid portForward proto value %u"), pf->proto);
qemu: Change some gotos in qemuPasstStart to direct return Jumping to the error label and reading the pidfile does not make sense until we reached qemuSecurityCommandRun which creates the pidfile. Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-01-11 10:40:10 +01:00
return -1;
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
}
if (VIR_SOCKET_ADDR_VALID(&pf->address)) {
g_autofree char *addr = NULL;
if (!(addr = virSocketAddrFormat(&pf->address)))
qemu: Change some gotos in qemuPasstStart to direct return Jumping to the error label and reading the pidfile does not make sense until we reached qemuSecurityCommandRun which creates the pidfile. Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-01-11 10:40:10 +01:00
return -1;
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
virBufferAddStr(&buf, addr);
if (pf->dev)
virBufferAsprintf(&buf, "%%%s", pf->dev);
virBufferAddChar(&buf, '/');
}
if (!pf->nRanges) {
virBufferAddLit(&buf, "all");
} else {
size_t r;
for (r = 0; r < pf->nRanges; r++) {
virDomainNetPortForwardRange *range = pf->ranges[r];
if (r > 0)
virBufferAddChar(&buf, ',');
if (range->exclude == VIR_TRISTATE_BOOL_YES)
virBufferAddChar(&buf, '~');
virBufferAsprintf(&buf, "%u", range->start);
if (range->end)
virBufferAsprintf(&buf, "-%u", range->end);
if (range->to) {
virBufferAsprintf(&buf, ":%u", range->to);
if (range->end) {
virBufferAsprintf(&buf, "-%u",
range->end + range->to - range->start);
}
}
}
}
virCommandAddArg(cmd, virBufferCurrentContent(&buf));
}
if (qemuExtDeviceLogCommand(driver, vm, cmd, "passt") < 0)
qemu: Change some gotos in qemuPasstStart to direct return Jumping to the error label and reading the pidfile does not make sense until we reached qemuSecurityCommandRun which creates the pidfile. Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-01-11 10:40:10 +01:00
return -1;
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
security: make it possible to set SELinux label of child process from its binary Normally when a child process is started by libvirt, the SELinux label of that process is set to virtd_t (plus an MCS range). In at least one case (passt) we need for the SELinux label of a child process label to match the label that the binary would have transitioned to automatically if it had been run standalone (in the case of passt, that label is passt_t). This patch modifies virSecuritySELinuxSetChildProcessLabel() (and all the functions above it in the call chain) so that the toplevel function can set a new argument "useBinarySpecificLabel" to true. If it is true, then virSecuritySELinuxSetChildProcessLabel() will call the new function virSecuritySELinuxContextSetFromFile(), which uses the selinux library function security_compute_create() to determine what would be the label of the new process if it had been run standalone (rather than being run by libvirt) - the MCS range from the normally-used label is added to this newly derived label, and that is what is used for the new process rather than whatever is in the domain's security label (which will usually be virtd_t). In order to easily verify that nothing was broken by these changes to the call chain, all callers currently set useBinarySpecificPath = false, so all behavior should be completely unchanged. (The next patch will set it to true only for the case of running passt.) https://bugzilla.redhat.com/2172267 Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-01 15:34:32 -05:00
if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, false, NULL) < 0)
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
goto error;
return 0;
error:
qemu_passt: Remove passt socket file on exit Just like it can't remove its own PID files, passt can't unlink its own socket upon exit (unless the initialisation fails), because it has no access to the filesystem at runtime. Remove the socket file in qemuPasstKill(). Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-21 20:19:07 +01:00
qemuPasstKill(pidfile, passtSocketName);
qemu: hook up passt config to qemu domains This consists of (1) adding the necessary args to the qemu commandline netdev option, and (2) starting a passt process prior to starting qemu, and making sure that it is terminated when it's no longer needed. Under normal circumstances, passt will terminate itself as soon as qemu closes its socket, but in case of some error where qemu is never started, or fails to startup completely, we need to terminate passt manually. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-15 14:19:16 -05:00
return -1;
}
Reference in New Issue Copy Permalink