nwfilter: acquire a pidfile in the driver root directory

When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/nwfilter/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/nwfilter/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2019-05-23 11:34:08 +01:00
parent 09d37f9d65
commit 6fc378c10e
2 changed files with 23 additions and 0 deletions

View File

@ -36,10 +36,14 @@ struct _virNWFilterDriverState {
virMutex lock; virMutex lock;
bool privileged; bool privileged;
/* pid file FD, ensures two copies of the driver can't use the same root */
int lockFD;
virNWFilterObjListPtr nwfilters; virNWFilterObjListPtr nwfilters;
virNWFilterBindingObjListPtr bindings; virNWFilterBindingObjListPtr bindings;
char *stateDir;
char *configDir; char *configDir;
char *bindingDir; char *bindingDir;
}; };

View File

@ -38,6 +38,7 @@
#include "nwfilter_gentech_driver.h" #include "nwfilter_gentech_driver.h"
#include "configmake.h" #include "configmake.h"
#include "virfile.h" #include "virfile.h"
#include "virpidfile.h"
#include "virstring.h" #include "virstring.h"
#include "viraccessapicheck.h" #include "viraccessapicheck.h"
@ -188,6 +189,7 @@ nwfilterStateInitialize(bool privileged,
if (VIR_ALLOC(driver) < 0) if (VIR_ALLOC(driver) < 0)
return -1; return -1;
driver->lockFD = -1;
if (virMutexInit(&driver->lock) < 0) if (virMutexInit(&driver->lock) < 0)
goto err_free_driverstate; goto err_free_driverstate;
@ -203,6 +205,19 @@ nwfilterStateInitialize(bool privileged,
nwfilterDriverLock(); nwfilterDriverLock();
if (VIR_STRDUP(driver->stateDir, LOCALSTATEDIR "/run/libvirt/nwfilter") < 0)
goto error;
if (virFileMakePathWithMode(driver->stateDir, S_IRWXU) < 0) {
virReportSystemError(errno, _("cannot create state directory '%s'"),
driver->stateDir);
goto error;
}
if ((driver->lockFD =
virPidFileAcquire(driver->stateDir, "driver", true, getpid())) < 0)
goto error;
if (virNWFilterIPAddrMapInit() < 0) if (virNWFilterIPAddrMapInit() < 0)
goto err_free_driverstate; goto err_free_driverstate;
if (virNWFilterLearnInit() < 0) if (virNWFilterLearnInit() < 0)
@ -346,6 +361,10 @@ nwfilterStateCleanup(void)
nwfilterDriverRemoveDBusMatches(); nwfilterDriverRemoveDBusMatches();
if (driver->lockFD != -1)
virPidFileRelease(driver->stateDir, "driver", driver->lockFD);
VIR_FREE(driver->stateDir);
VIR_FREE(driver->configDir); VIR_FREE(driver->configDir);
VIR_FREE(driver->bindingDir); VIR_FREE(driver->bindingDir);
nwfilterDriverUnlock(); nwfilterDriverUnlock();