1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00

qemu: 'privileged' flag is not really configuration

The privileged flag will not change while the configuration might
change. Make the 'privileged' flag member of the driver again and mark
it immutable. Should that ever change add an accessor that will group
reads of the state.
This commit is contained in:
Peter Krempa 2015-06-15 20:59:58 +02:00
parent 58edccb4a5
commit 0b416434f8
7 changed files with 36 additions and 42 deletions

View File

@ -714,7 +714,7 @@ qemuInitCgroup(virQEMUDriverPtr driver,
qemuDomainObjPrivatePtr priv = vm->privateData; qemuDomainObjPrivatePtr priv = vm->privateData;
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
if (!cfg->privileged) if (!virQEMUDriverIsPrivileged(driver))
goto done; goto done;
if (!virCgroupAvailable()) if (!virCgroupAvailable())
@ -745,7 +745,7 @@ qemuInitCgroup(virQEMUDriverPtr driver,
if (virCgroupNewMachine(vm->def->name, if (virCgroupNewMachine(vm->def->name,
"qemu", "qemu",
cfg->privileged, true,
vm->def->uuid, vm->def->uuid,
NULL, NULL,
vm->pid, vm->pid,
@ -844,7 +844,7 @@ qemuConnectCgroup(virQEMUDriverPtr driver,
qemuDomainObjPrivatePtr priv = vm->privateData; qemuDomainObjPrivatePtr priv = vm->privateData;
int ret = -1; int ret = -1;
if (!cfg->privileged) if (!virQEMUDriverIsPrivileged(driver))
goto done; goto done;
if (!virCgroupAvailable()) if (!virCgroupAvailable())
@ -1247,22 +1247,17 @@ qemuRemoveCgroup(virQEMUDriverPtr driver,
virDomainObjPtr vm) virDomainObjPtr vm)
{ {
qemuDomainObjPrivatePtr priv = vm->privateData; qemuDomainObjPrivatePtr priv = vm->privateData;
virQEMUDriverConfigPtr cfg;
if (priv->cgroup == NULL) if (priv->cgroup == NULL)
return 0; /* Not supported, so claim success */ return 0; /* Not supported, so claim success */
cfg = virQEMUDriverGetConfig(driver);
if (virCgroupTerminateMachine(vm->def->name, if (virCgroupTerminateMachine(vm->def->name,
"qemu", "qemu",
cfg->privileged) < 0) { virQEMUDriverIsPrivileged(driver)) < 0) {
if (!virCgroupNewIgnoreError()) if (!virCgroupNewIgnoreError())
VIR_DEBUG("Failed to terminate cgroup for %s", vm->def->name); VIR_DEBUG("Failed to terminate cgroup for %s", vm->def->name);
} }
virObjectUnref(cfg);
return virCgroupRemove(priv->cgroup); return virCgroupRemove(priv->cgroup);
} }

View File

@ -354,7 +354,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
if (net->backend.tap) { if (net->backend.tap) {
tunpath = net->backend.tap; tunpath = net->backend.tap;
if (!cfg->privileged) { if (!(virQEMUDriverIsPrivileged(driver))) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("cannot use custom tap device in session mode")); _("cannot use custom tap device in session mode"));
goto cleanup; goto cleanup;
@ -381,7 +381,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
tap_create_flags |= VIR_NETDEV_TAP_CREATE_VNET_HDR; tap_create_flags |= VIR_NETDEV_TAP_CREATE_VNET_HDR;
} }
if (cfg->privileged) { if (virQEMUDriverIsPrivileged(driver)) {
if (virNetDevTapCreateInBridgePort(brname, &net->ifname, &net->mac, if (virNetDevTapCreateInBridgePort(brname, &net->ifname, &net->mac,
def->uuid, tunpath, tapfd, *tapfdSize, def->uuid, tunpath, tapfd, *tapfdSize,
virDomainNetGetActualVirtPortProfile(net), virDomainNetGetActualVirtPortProfile(net),
@ -8362,7 +8362,8 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd,
/* network and bridge use a tap device, and direct uses a /* network and bridge use a tap device, and direct uses a
* macvtap device * macvtap device
*/ */
if (cfg->privileged && nicindexes && nnicindexes && net->ifname) { if (virQEMUDriverIsPrivileged(driver) && nicindexes && nnicindexes &&
net->ifname) {
if (virNetDevGetIndex(net->ifname, &nicindex) < 0 || if (virNetDevGetIndex(net->ifname, &nicindex) < 0 ||
VIR_APPEND_ELEMENT(*nicindexes, *nnicindexes, nicindex) < 0) VIR_APPEND_ELEMENT(*nicindexes, *nnicindexes, nicindex) < 0)
goto cleanup; goto cleanup;
@ -8842,7 +8843,7 @@ qemuBuildCommandLine(virConnectPtr conn,
emulator = def->emulator; emulator = def->emulator;
if (!cfg->privileged) { if (!virQEMUDriverIsPrivileged(driver)) {
/* If we have no cgroups then we can have no tunings that /* If we have no cgroups then we can have no tunings that
* require them */ * require them */

View File

@ -164,7 +164,6 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
if (!(cfg = virObjectNew(virQEMUDriverConfigClass))) if (!(cfg = virObjectNew(virQEMUDriverConfigClass)))
return NULL; return NULL;
cfg->privileged = privileged;
cfg->uri = privileged ? "qemu:///system" : "qemu:///session"; cfg->uri = privileged ? "qemu:///system" : "qemu:///session";
if (privileged) { if (privileged) {
@ -873,6 +872,12 @@ virQEMUDriverConfigPtr virQEMUDriverGetConfig(virQEMUDriverPtr driver)
return conf; return conf;
} }
bool
virQEMUDriverIsPrivileged(virQEMUDriverPtr driver)
{
return driver->privileged;
}
virDomainXMLOptionPtr virDomainXMLOptionPtr
virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver) virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver)
{ {

View File

@ -81,7 +81,6 @@ typedef virQEMUDriverConfig *virQEMUDriverConfigPtr;
struct _virQEMUDriverConfig { struct _virQEMUDriverConfig {
virObject parent; virObject parent;
bool privileged;
const char *uri; const char *uri;
uid_t user; uid_t user;
@ -198,6 +197,9 @@ struct _virQEMUDriver {
/* Atomic inc/dec only */ /* Atomic inc/dec only */
unsigned int nactive; unsigned int nactive;
/* Immutable value */
bool privileged;
/* Immutable pointers. Caller must provide locking */ /* Immutable pointers. Caller must provide locking */
virStateInhibitCallback inhibitCallback; virStateInhibitCallback inhibitCallback;
void *inhibitOpaque; void *inhibitOpaque;
@ -273,6 +275,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
const char *filename); const char *filename);
virQEMUDriverConfigPtr virQEMUDriverGetConfig(virQEMUDriverPtr driver); virQEMUDriverConfigPtr virQEMUDriverGetConfig(virQEMUDriverPtr driver);
bool virQEMUDriverIsPrivileged(virQEMUDriverPtr driver);
virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver); virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver);
virCapsPtr virQEMUDriverGetCapabilities(virQEMUDriverPtr driver, virCapsPtr virQEMUDriverGetCapabilities(virQEMUDriverPtr driver,

View File

@ -2045,7 +2045,7 @@ void qemuDomainObjCheckTaint(virQEMUDriverPtr driver,
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
qemuDomainObjPrivatePtr priv = obj->privateData; qemuDomainObjPrivatePtr priv = obj->privateData;
if (cfg->privileged && if (virQEMUDriverIsPrivileged(driver) &&
(!cfg->clearEmulatorCapabilities || (!cfg->clearEmulatorCapabilities ||
cfg->user == 0 || cfg->user == 0 ||
cfg->group == 0)) cfg->group == 0))
@ -2189,7 +2189,7 @@ qemuDomainCreateLog(virQEMUDriverPtr driver, virDomainObjPtr vm,
oflags = O_CREAT | O_WRONLY; oflags = O_CREAT | O_WRONLY;
/* Only logrotate files in /var/log, so only append if running privileged */ /* Only logrotate files in /var/log, so only append if running privileged */
if (cfg->privileged || append) if (virQEMUDriverIsPrivileged(driver) || append)
oflags |= O_APPEND; oflags |= O_APPEND;
else else
oflags |= O_TRUNC; oflags |= O_TRUNC;

View File

@ -421,7 +421,7 @@ qemuSecurityInit(virQEMUDriverPtr driver)
mgr = NULL; mgr = NULL;
} }
if (cfg->privileged) { if (virQEMUDriverIsPrivileged(driver)) {
if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME, if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
cfg->user, cfg->user,
cfg->group, cfg->group,
@ -652,6 +652,8 @@ qemuStateInitialize(bool privileged,
/* Don't have a dom0 so start from 1 */ /* Don't have a dom0 so start from 1 */
qemu_driver->nextvmid = 1; qemu_driver->nextvmid = 1;
qemu_driver->privileged = privileged;
if (!(qemu_driver->domains = virDomainObjListNew())) if (!(qemu_driver->domains = virDomainObjListNew()))
goto error; goto error;
@ -871,7 +873,7 @@ qemuStateInitialize(bool privileged,
hugepagePath); hugepagePath);
goto error; goto error;
} }
if (cfg->privileged) { if (privileged) {
if (virFileUpdatePerm(cfg->hugetlbfs[i].mnt_dir, if (virFileUpdatePerm(cfg->hugetlbfs[i].mnt_dir,
0, S_IXGRP | S_IXOTH) < 0) 0, S_IXGRP | S_IXOTH) < 0)
goto error; goto error;
@ -1161,7 +1163,7 @@ static virDrvOpenStatus qemuConnectOpen(virConnectPtr conn,
goto cleanup; goto cleanup;
} }
if (cfg->privileged) { if (virQEMUDriverIsPrivileged(qemu_driver)) {
if (STRNEQ(conn->uri->path, "/system") && if (STRNEQ(conn->uri->path, "/system") &&
STRNEQ(conn->uri->path, "/session")) { STRNEQ(conn->uri->path, "/session")) {
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
@ -8927,7 +8929,6 @@ static char *qemuDomainGetSchedulerType(virDomainPtr dom,
virDomainObjPtr vm = NULL; virDomainObjPtr vm = NULL;
qemuDomainObjPrivatePtr priv; qemuDomainObjPrivatePtr priv;
virQEMUDriverPtr driver = dom->conn->privateData; virQEMUDriverPtr driver = dom->conn->privateData;
virQEMUDriverConfigPtr cfg = NULL;
if (!(vm = qemuDomObjFromDomain(dom))) if (!(vm = qemuDomObjFromDomain(dom)))
goto cleanup; goto cleanup;
@ -8937,8 +8938,7 @@ static char *qemuDomainGetSchedulerType(virDomainPtr dom,
if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0) if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0)
goto cleanup; goto cleanup;
cfg = virQEMUDriverGetConfig(driver); if (!virQEMUDriverIsPrivileged(driver)) {
if (!cfg->privileged) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("CPU tuning is not available in session mode")); _("CPU tuning is not available in session mode"));
goto cleanup; goto cleanup;
@ -8969,7 +8969,6 @@ static char *qemuDomainGetSchedulerType(virDomainPtr dom,
cleanup: cleanup:
virDomainObjEndAPI(&vm); virDomainObjEndAPI(&vm);
virObjectUnref(cfg);
return ret; return ret;
} }
@ -9195,7 +9194,7 @@ qemuDomainSetBlkioParameters(virDomainPtr dom,
if (virDomainSetBlkioParametersEnsureACL(dom->conn, vm->def, flags) < 0) if (virDomainSetBlkioParametersEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup; goto cleanup;
if (!cfg->privileged) { if (!virQEMUDriverIsPrivileged(driver)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Block I/O tuning is not available in session mode")); _("Block I/O tuning is not available in session mode"));
goto cleanup; goto cleanup;
@ -9367,7 +9366,6 @@ qemuDomainGetBlkioParameters(virDomainPtr dom,
int ret = -1; int ret = -1;
virCapsPtr caps = NULL; virCapsPtr caps = NULL;
qemuDomainObjPrivatePtr priv; qemuDomainObjPrivatePtr priv;
virQEMUDriverConfigPtr cfg = NULL;
virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
VIR_DOMAIN_AFFECT_CONFIG | VIR_DOMAIN_AFFECT_CONFIG |
@ -9386,8 +9384,7 @@ qemuDomainGetBlkioParameters(virDomainPtr dom,
if (virDomainGetBlkioParametersEnsureACL(dom->conn, vm->def) < 0) if (virDomainGetBlkioParametersEnsureACL(dom->conn, vm->def) < 0)
goto cleanup; goto cleanup;
cfg = virQEMUDriverGetConfig(driver); if (!virQEMUDriverIsPrivileged(driver)) {
if (!cfg->privileged) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Block I/O tuning is not available in session mode")); _("Block I/O tuning is not available in session mode"));
goto cleanup; goto cleanup;
@ -9762,7 +9759,6 @@ qemuDomainGetBlkioParameters(virDomainPtr dom,
cleanup: cleanup:
virDomainObjEndAPI(&vm); virDomainObjEndAPI(&vm);
virObjectUnref(caps); virObjectUnref(caps);
virObjectUnref(cfg);
return ret; return ret;
} }
@ -9810,7 +9806,7 @@ qemuDomainSetMemoryParameters(virDomainPtr dom,
if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0) if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup; goto cleanup;
if (!cfg->privileged) { if (!virQEMUDriverIsPrivileged(driver)) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Memory tuning is not available in session mode")); _("Memory tuning is not available in session mode"));
goto cleanup; goto cleanup;
@ -9937,7 +9933,6 @@ qemuDomainGetMemoryParameters(virDomainPtr dom,
virDomainDefPtr persistentDef = NULL; virDomainDefPtr persistentDef = NULL;
int ret = -1; int ret = -1;
qemuDomainObjPrivatePtr priv; qemuDomainObjPrivatePtr priv;
virQEMUDriverConfigPtr cfg = NULL;
unsigned long long swap_hard_limit, mem_hard_limit, mem_soft_limit; unsigned long long swap_hard_limit, mem_hard_limit, mem_soft_limit;
virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
@ -9952,8 +9947,7 @@ qemuDomainGetMemoryParameters(virDomainPtr dom,
if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0) if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0)
goto cleanup; goto cleanup;
cfg = virQEMUDriverGetConfig(driver); if (!virQEMUDriverIsPrivileged(driver)) {
if (!cfg->privileged) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Memory tuning is not available in session mode")); _("Memory tuning is not available in session mode"));
goto cleanup; goto cleanup;
@ -10004,7 +9998,6 @@ qemuDomainGetMemoryParameters(virDomainPtr dom,
cleanup: cleanup:
virDomainObjEndAPI(&vm); virDomainObjEndAPI(&vm);
virObjectUnref(cfg);
return ret; return ret;
} }
#undef QEMU_ASSIGN_MEM_PARAM #undef QEMU_ASSIGN_MEM_PARAM
@ -10134,7 +10127,7 @@ qemuDomainSetNumaParameters(virDomainPtr dom,
goto endjob; goto endjob;
if (def) { if (def) {
if (!cfg->privileged) { if (!virQEMUDriverIsPrivileged(driver)) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("NUMA tuning is not available in session mode")); _("NUMA tuning is not available in session mode"));
goto endjob; goto endjob;
@ -10382,7 +10375,7 @@ qemuDomainSetSchedulerParametersFlags(virDomainPtr dom,
if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags) < 0) if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup; goto cleanup;
if (!cfg->privileged) { if (!virQEMUDriverIsPrivileged(driver)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("CPU tuning is not available in session mode")); _("CPU tuning is not available in session mode"));
goto cleanup; goto cleanup;
@ -10676,7 +10669,6 @@ qemuDomainGetSchedulerParametersFlags(virDomainPtr dom,
virDomainDefPtr persistentDef; virDomainDefPtr persistentDef;
virCapsPtr caps = NULL; virCapsPtr caps = NULL;
qemuDomainObjPrivatePtr priv; qemuDomainObjPrivatePtr priv;
virQEMUDriverConfigPtr cfg = NULL;
virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
VIR_DOMAIN_AFFECT_CONFIG | VIR_DOMAIN_AFFECT_CONFIG |
@ -10693,8 +10685,7 @@ qemuDomainGetSchedulerParametersFlags(virDomainPtr dom,
if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0) if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0)
goto cleanup; goto cleanup;
cfg = virQEMUDriverGetConfig(driver); if (!virQEMUDriverIsPrivileged(driver)) {
if (!cfg->privileged) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("CPU tuning is not available in session mode")); _("CPU tuning is not available in session mode"));
goto cleanup; goto cleanup;
@ -10793,7 +10784,6 @@ qemuDomainGetSchedulerParametersFlags(virDomainPtr dom,
cleanup: cleanup:
virDomainObjEndAPI(&vm); virDomainObjEndAPI(&vm);
virObjectUnref(caps); virObjectUnref(caps);
virObjectUnref(cfg);
return ret; return ret;
} }

View File

@ -486,8 +486,8 @@ mymain(void)
driver.config = virQEMUDriverConfigNew(false); driver.config = virQEMUDriverConfigNew(false);
if (driver.config == NULL) if (driver.config == NULL)
return EXIT_FAILURE; return EXIT_FAILURE;
else
driver.config->privileged = true; driver.privileged = true;
VIR_FREE(driver.config->spiceListen); VIR_FREE(driver.config->spiceListen);
VIR_FREE(driver.config->vncListen); VIR_FREE(driver.config->vncListen);