Add field to virDomainObjPtr to track "tainting"

Some configuration setups for guests are allowed, but strongly
discouraged and unsupportable in production systems. Introduce
a concept of 'tainting' to virDomainObjPtr to allow such setups
to be identified. Drivers can then log warnings at suitable
times

* src/conf/domain_conf.c, src/conf/domain_conf.h: Declare taint
  flags and add parsing/formatting of domain status XML

src/conf/domain_conf.c

@@ -50,6 +50,13 @@
 
 #define VIR_FROM_THIS VIR_FROM_DOMAIN
 
+VIR_ENUM_IMPL(virDomainTaint, VIR_DOMAIN_TAINT_LAST,
+              "custom-argv",
+              "custom-monitor",
+              "high-privileges",
+              "shell-scripts",
+              "disk-probing");
+
 VIR_ENUM_IMPL(virDomainVirt, VIR_DOMAIN_VIRT_LAST,
               "qemu",
               "kqemu",
@@ -510,6 +517,20 @@ virDomainObjPtr virDomainFindByName(const virDomainObjListPtr doms,
     return obj;
 }
 
+
+bool virDomainObjTaint(virDomainObjPtr obj,
+                       enum virDomainTaintFlags taint)
+{
+    int flag = (1 << taint);
+
+    if (obj->taint & flag)
+        return false;
+
+    obj->taint |= flag;
+    return true;
+}
+
+
 static void
 virDomainGraphicsAuthDefClear(virDomainGraphicsAuthDefPtr def)
 {
@@ -6250,6 +6271,8 @@ static virDomainObjPtr virDomainObjParseXML(virCapsPtr caps,
     xmlNodePtr config;
     xmlNodePtr oldnode;
     virDomainObjPtr obj;
+    xmlNodePtr *nodes = NULL;
+    int i, n;
 
     if (!(obj = virDomainObjNew(caps)))
         return NULL;
@@ -6288,6 +6311,26 @@ static virDomainObjPtr virDomainObjParseXML(virCapsPtr caps,
     }
     obj->pid = (pid_t)val;
 
+    if ((n = virXPathNodeSet("./taint", ctxt, &nodes)) < 0) {
+        virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+                             "%s", _("failed to parse taint flags"));
+        goto error;
+    }
+    for (i = 0 ; i < n ; i++) {
+        char *str = virXMLPropString(nodes[i], "flag");
+        if (str) {
+            int flag = virDomainTaintTypeFromString(str);
+            VIR_FREE(str);
+            if (flag < 0) {
+                virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+                                     _("Unknown taint flag %s"), str);
+                goto error;
+            }
+            virDomainObjTaint(obj, flag);
+        }
+    }
+    VIR_FREE(nodes);
+
     if (caps->privateDataXMLParse &&
         ((caps->privateDataXMLParse)(ctxt, obj->privateData)) < 0)
         goto error;
@@ -6297,6 +6340,7 @@ static virDomainObjPtr virDomainObjParseXML(virCapsPtr caps,
 error:
     /* obj was never shared, so unref should return 0 */
     ignore_value(virDomainObjUnref(obj));
+    VIR_FREE(nodes);
     return NULL;
 }
 
@@ -8454,11 +8498,18 @@ static char *virDomainObjFormat(virCapsPtr caps,
 {
     char *config_xml = NULL;
     virBuffer buf = VIR_BUFFER_INITIALIZER;
+    int i;
 
     virBufferAsprintf(&buf, "<domstatus state='%s' pid='%d'>\n",
                       virDomainStateTypeToString(obj->state),
                       obj->pid);
 
+    for (i = 0 ; i < VIR_DOMAIN_TAINT_LAST ; i++) {
+        if (obj->taint & (1 << i))
+            virBufferAsprintf(&buf, "  <taint flag='%s'/>\n",
+                              virDomainTaintTypeToString(i));
+    }
+
     if (caps->privateDataXMLFormat &&
         ((caps->privateDataXMLFormat)(&buf, obj->privateData)) < 0)
         goto error;

src/conf/domain_conf.h

@@ -1182,6 +1182,16 @@ struct _virDomainDef {
     virDomainXMLNamespace ns;
 };
 
+enum virDomainTaintFlags {
+    VIR_DOMAIN_TAINT_CUSTOM_ARGV,      /* Custom ARGV passthrough from XML */
+    VIR_DOMAIN_TAINT_CUSTOM_MONITOR,   /* Custom monitor commands issued */
+    VIR_DOMAIN_TAINT_HIGH_PRIVILEGES,  /* Running with undesirably high privileges */
+    VIR_DOMAIN_TAINT_SHELL_SCRIPTS,    /* Network configuration using opaque shell scripts */
+    VIR_DOMAIN_TAINT_DISK_PROBING,     /* Relying on potentially unsafe disk format probing */
+
+    VIR_DOMAIN_TAINT_LAST
+};
+
 /* Guest VM runtime state */
 typedef struct _virDomainObj virDomainObj;
 typedef virDomainObj *virDomainObjPtr;
@@ -1204,6 +1214,8 @@ struct _virDomainObj {
 
     void *privateData;
     void (*privateDataFreeFunc)(void *);
+
+    int taint;
 };
 
 typedef struct _virDomainObjList virDomainObjList;
@@ -1231,6 +1243,8 @@ virDomainObjPtr virDomainFindByUUID(const virDomainObjListPtr doms,
 virDomainObjPtr virDomainFindByName(const virDomainObjListPtr doms,
                                     const char *name);
 
+bool virDomainObjTaint(virDomainObjPtr obj,
+                       enum virDomainTaintFlags taint);
 
 void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def);
 void virDomainInputDefFree(virDomainInputDefPtr def);
@@ -1429,6 +1443,8 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
 typedef const char* (*virLifecycleToStringFunc)(int type);
 typedef int (*virLifecycleFromStringFunc)(const char *type);
 
+VIR_ENUM_DECL(virDomainTaint)
+
 VIR_ENUM_DECL(virDomainVirt)
 VIR_ENUM_DECL(virDomainBoot)
 VIR_ENUM_DECL(virDomainFeature)

src/libvirt_private.syms

@@ -301,6 +301,7 @@ virDomainObjListNumOfDomains;
 virDomainObjLock;
 virDomainObjRef;
 virDomainObjSetDefTransient;
+virDomainObjTaint;
 virDomainObjUnlock;
 virDomainObjUnref;
 virDomainRemoveInactive;
@@ -325,6 +326,8 @@ virDomainSoundModelTypeFromString;
 virDomainSoundModelTypeToString;
 virDomainStateTypeFromString;
 virDomainStateTypeToString;
+virDomainTaintTypeFromString;
+virDomainTaintTypeToString;
 virDomainTimerModeTypeFromString;
 virDomainTimerModeTypeToString;
 virDomainTimerNameTypeFromString;