Add field to virDomainObjPtr to track "tainting"

Some configuration setups for guests are allowed, but strongly discouraged and unsupportable in production systems. Introduce a concept of 'tainting' to virDomainObjPtr to allow such setups to be identified. Drivers can then log warnings at suitable times * src/conf/domain_conf.c, src/conf/domain_conf.h: Declare taint flags and add parsing/formatting of domain status XML
2024-08-28 11:31:16 +00:00 · 2011-05-04 11:40:59 +01:00 · 2011-05-04 11:40:59 +01:00 · 7998465005
commit 7998465005
parent 1945d74cc3
3 changed files with 70 additions and 0 deletions
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@ -50,6 +50,13 @@
 #define VIR_FROM_THIS VIR_FROM_DOMAIN
 VIR_ENUM_IMPL(virDomainTaint, VIR_DOMAIN_TAINT_LAST,
              "custom-argv",
              "custom-monitor",
              "high-privileges",
              "shell-scripts",
              "disk-probing");
 VIR_ENUM_IMPL(virDomainVirt, VIR_DOMAIN_VIRT_LAST,
              "qemu",
              "kqemu",
@ -510,6 +517,20 @@ virDomainObjPtr virDomainFindByName(const virDomainObjListPtr doms,
    return obj;
 }
 bool virDomainObjTaint(virDomainObjPtr obj,
                       enum virDomainTaintFlags taint)
 {
    int flag = (1 << taint);
    if (obj->taint & flag)
        return false;
    obj->taint |= flag;
    return true;
 }
 static void
 virDomainGraphicsAuthDefClear(virDomainGraphicsAuthDefPtr def)
 {
@ -6250,6 +6271,8 @@ static virDomainObjPtr virDomainObjParseXML(virCapsPtr caps,
    xmlNodePtr config;
    xmlNodePtr oldnode;
    virDomainObjPtr obj;
    xmlNodePtr *nodes = NULL;
    int i, n;
    if (!(obj = virDomainObjNew(caps)))
        return NULL;
@ -6288,6 +6311,26 @@ static virDomainObjPtr virDomainObjParseXML(virCapsPtr caps,
    }
    obj->pid = (pid_t)val;
    if ((n = virXPathNodeSet("./taint", ctxt, &nodes)) < 0) {
        virDomainReportError(VIR_ERR_INTERNAL_ERROR,
                             "%s", _("failed to parse taint flags"));
        goto error;
    }
    for (i = 0 ; i < n ; i++) {
        char *str = virXMLPropString(nodes[i], "flag");
        if (str) {
            int flag = virDomainTaintTypeFromString(str);
            VIR_FREE(str);
            if (flag < 0) {
                virDomainReportError(VIR_ERR_INTERNAL_ERROR,
                                     _("Unknown taint flag %s"), str);
                goto error;
            }
            virDomainObjTaint(obj, flag);
        }
    }
    VIR_FREE(nodes);
    if (caps->privateDataXMLParse &&
        ((caps->privateDataXMLParse)(ctxt, obj->privateData)) < 0)
        goto error;
@ -6297,6 +6340,7 @@ static virDomainObjPtr virDomainObjParseXML(virCapsPtr caps,
 error:
    /* obj was never shared, so unref should return 0 */
    ignore_value(virDomainObjUnref(obj));
    VIR_FREE(nodes);
    return NULL;
 }
@ -8454,11 +8498,18 @@ static char *virDomainObjFormat(virCapsPtr caps,
 {
    char *config_xml = NULL;
    virBuffer buf = VIR_BUFFER_INITIALIZER;
    int i;
    virBufferAsprintf(&buf, "<domstatus state='%s' pid='%d'>\n",
                      virDomainStateTypeToString(obj->state),
                      obj->pid);
    for (i = 0 ; i < VIR_DOMAIN_TAINT_LAST ; i++) {
        if (obj->taint & (1 << i))
            virBufferAsprintf(&buf, "  <taint flag='%s'/>\n",
                              virDomainTaintTypeToString(i));
    }
    if (caps->privateDataXMLFormat &&
        ((caps->privateDataXMLFormat)(&buf, obj->privateData)) < 0)
        goto error;
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@ -1182,6 +1182,16 @@ struct _virDomainDef {
    virDomainXMLNamespace ns;
 };
 enum virDomainTaintFlags {
    VIR_DOMAIN_TAINT_CUSTOM_ARGV,      /* Custom ARGV passthrough from XML */
    VIR_DOMAIN_TAINT_CUSTOM_MONITOR,   /* Custom monitor commands issued */
    VIR_DOMAIN_TAINT_HIGH_PRIVILEGES,  /* Running with undesirably high privileges */
    VIR_DOMAIN_TAINT_SHELL_SCRIPTS,    /* Network configuration using opaque shell scripts */
    VIR_DOMAIN_TAINT_DISK_PROBING,     /* Relying on potentially unsafe disk format probing */
    VIR_DOMAIN_TAINT_LAST
 };
 /* Guest VM runtime state */
 typedef struct _virDomainObj virDomainObj;
 typedef virDomainObj *virDomainObjPtr;
@ -1204,6 +1214,8 @@ struct _virDomainObj {
    void *privateData;
    void (*privateDataFreeFunc)(void *);
    int taint;
 };
 typedef struct _virDomainObjList virDomainObjList;
@ -1231,6 +1243,8 @@ virDomainObjPtr virDomainFindByUUID(const virDomainObjListPtr doms,
 virDomainObjPtr virDomainFindByName(const virDomainObjListPtr doms,
                                    const char *name);
 bool virDomainObjTaint(virDomainObjPtr obj,
                       enum virDomainTaintFlags taint);
 void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def);
 void virDomainInputDefFree(virDomainInputDefPtr def);
@ -1429,6 +1443,8 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
 typedef const char* (*virLifecycleToStringFunc)(int type);
 typedef int (*virLifecycleFromStringFunc)(const char *type);
 VIR_ENUM_DECL(virDomainTaint)
 VIR_ENUM_DECL(virDomainVirt)
 VIR_ENUM_DECL(virDomainBoot)
 VIR_ENUM_DECL(virDomainFeature)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@ -301,6 +301,7 @@ virDomainObjListNumOfDomains;
 virDomainObjLock;
 virDomainObjRef;
 virDomainObjSetDefTransient;
 virDomainObjTaint;
 virDomainObjUnlock;
 virDomainObjUnref;
 virDomainRemoveInactive;
@ -325,6 +326,8 @@ virDomainSoundModelTypeFromString;
 virDomainSoundModelTypeToString;
 virDomainStateTypeFromString;
 virDomainStateTypeToString;
 virDomainTaintTypeFromString;
 virDomainTaintTypeToString;
 virDomainTimerModeTypeFromString;
 virDomainTimerModeTypeToString;
 virDomainTimerNameTypeFromString;