libvirt: support an "embed" URI path selector for opening drivers

The driver URI scheme:

  "$drivername:///embed?root=/some/path"

enables a new way to use the drivers by embedding them directly in the
calling process. To use this the process must have a thread running the
libvirt event loop. This URI will then cause libvirt to dynamically load
the driver module and call its global initialization function. This
syntax is applicable to any driver, but only those will have been
modified to support a custom root directory and embed URI path will
successfully open.

The application can now make normal libvirt API calls which are all
serviced in-process with no RPC layer involved.

It is required to specify an explicit root directory, and locks will be
acquired on this directory to avoid conflicting with another app that
might accidentally pick the same directory.

Use of '/' is not explicitly forbidden, but note that the file layout
used underneath the embedded driver root does not match the file
layout used by system/session mode drivers. So this cannot be used as
a backdoor to interact with, or fake, the system/session mode drivers.

Libvirt will create arbitrary files underneath this root directory. The
root directory can be kept untouched across connection open attempts if
the application needs persistence. The application is responsible for
purging everything underneath this root directory when finally no longer
required.

Even when a virt driver is used in embedded mode, it is still possible
for it to in turn use functionality that calls out to other secondary
drivers in libvirtd. For example an embedded instance of QEMU can open
the network, secret or storage drivers in the system libvirtd.

That said, the application would typically want to at least open an
embedded secret driver ("secret:///embed?root=/some/path"). Note that
multiple different embedded drivers can use the same root prefix and
co-operate just as they would inside a normal libvirtd daemon.

A key thing to note is that for this to work, the application that links
to libvirt *MUST* be built with -Wl,--export-dynamic to ensure that
symbols from libvirt.so are exported & thus available to the dynamically
loaded driver module. If libvirt.so itself was dynamically loaded then
RTLD_GLOBAL must be passed to dlopen().

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2019-05-17 12:42:04 +01:00
parent 207709a031
commit 88446e07b2
3 changed files with 68 additions and 2 deletions

View File

@ -50,6 +50,7 @@ typedef virStateDriver *virStateDriverPtr;
struct _virStateDriver {
const char *name;
bool initialized;
virDrvStateInitialize stateInitialize;
virDrvStateCleanup stateCleanup;
virDrvStateReload stateReload;

View File

@ -82,6 +82,8 @@ struct _virConnectDriver {
bool localOnly;
/* Whether driver needs a server in the URI */
bool remoteOnly;
/* Whether driver can be used in embedded mode */
bool embeddable;
/*
* NULL terminated list of supported URI schemes.
* - Single element { NULL } list indicates no supported schemes

View File

@ -47,6 +47,7 @@
#include "virconf.h"
#include "rpc/virnettlscontext.h"
#include "vircommand.h"
#include "virevent.h"
#include "virfile.h"
#include "virrandom.h"
#include "viruri.h"
@ -76,6 +77,7 @@
#ifdef WITH_BHYVE
# include "bhyve/bhyve_driver.h"
#endif
#include "access/viraccessmanager.h"
#define VIR_FROM_THIS VIR_FROM_NONE
@ -644,10 +646,12 @@ virStateInitialize(bool privileged,
return -1;
for (i = 0; i < virStateDriverTabCount; i++) {
if (virStateDriverTab[i]->stateInitialize) {
if (virStateDriverTab[i]->stateInitialize &&
!virStateDriverTab[i]->initialized) {
virDrvStateInitResult ret;
VIR_DEBUG("Running global init for %s state driver",
virStateDriverTab[i]->name);
virStateDriverTab[i]->initialized = true;
ret = virStateDriverTab[i]->stateInitialize(privileged,
root,
callback,
@ -840,6 +844,7 @@ virConnectOpenInternal(const char *name,
virConnectPtr ret;
g_autoptr(virConf) conf = NULL;
char *uristr = NULL;
bool embed = false;
ret = virGetConnect();
if (ret == NULL)
@ -930,6 +935,47 @@ virConnectOpenInternal(const char *name,
ret->uri) < 0) {
goto failed;
}
if (STREQ(ret->uri->path, "/embed")) {
const char *root = NULL;
g_autofree char *regMethod = NULL;
VIR_DEBUG("URI path requests %s driver embedded mode",
ret->uri->scheme);
if (strspn(ret->uri->scheme, "abcdefghijklmnopqrstuvwxyz") !=
strlen(ret->uri->scheme)) {
virReportError(VIR_ERR_NO_CONNECT,
_("URI scheme '%s' for embedded driver is not valid"),
ret->uri->scheme);
goto failed;
}
root = virURIGetParam(ret->uri, "root");
if (!root)
goto failed;
if (virEventRequireImpl() < 0)
goto failed;
regMethod = g_strdup_printf("%sRegister", ret->uri->scheme);
if (virDriverLoadModule(ret->uri->scheme, regMethod, false) < 0)
goto failed;
if (virAccessManagerGetDefault() == NULL) {
virAccessManagerPtr acl;
virResetLastError();
if (!(acl = virAccessManagerNew("none")))
goto failed;
virAccessManagerSetDefault(acl);
}
if (virStateInitialize(geteuid() == 0, true, root, NULL, NULL) < 0)
goto failed;
embed = true;
}
} else {
VIR_DEBUG("no name, allowing driver auto-select");
}
@ -983,6 +1029,12 @@ virConnectOpenInternal(const char *name,
VIR_DEBUG("No URI, skipping driver with URI whitelist");
continue;
}
if (embed && !virConnectDriverTab[i]->embeddable) {
VIR_DEBUG("Ignoring non-embeddable driver %s",
virConnectDriverTab[i]->hypervisorDriver->name);
continue;
}
VIR_DEBUG("Checking for supported URI schemes");
for (s = 0; virConnectDriverTab[i]->uriSchemes[s] != NULL; s++) {
if (STREQ(ret->uri->scheme, virConnectDriverTab[i]->uriSchemes[s])) {
@ -995,10 +1047,21 @@ virConnectOpenInternal(const char *name,
VIR_DEBUG("No matching URI scheme");
continue;
}
} else {
if (embed) {
VIR_DEBUG("Skipping wildcard for embedded URI");
continue;
} else {
VIR_DEBUG("Matching any URI scheme for '%s'", ret->uri ? ret->uri->scheme : "");
}
}
if (embed && !virConnectDriverTab[i]->embeddable) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Driver %s cannot be used in embedded mode"),
virConnectDriverTab[i]->hypervisorDriver->name);
goto failed;
}
/* before starting the new connection, check if the driver only works
* with a server, and so return an error if the server is missing */
if (virConnectDriverTab[i]->remoteOnly && ret->uri && !ret->uri->server) {