External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-11 04:15:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "qemu_passt: Precreate passt logfile"

Browse Source 
This reverts commit 8511b96a31.

Turns out, we need to do a bit more than just plain
qemuSecurityDomainSetPathLabel() which sets svirt_image_t. Passt
has its own SELinux policy and as a part of that they invent
passt_log_t for log files. Right now, I don't know how libvirt
could query that and even if I did, passt SELinux policy would
need to permit relabelling from svirt_t to passt_log_t, which it
doesn't [1].

Until these problems are addressed we shouldn't be pre-creating
the file as it puts users into way worse position - even
scenarios that used to work don't work. But then again - using
log file for passt is usually valuable for developers only and
not regular users.

1: https://bugzilla.redhat.com/show_bug.cgi?id=2209191#c10
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
This commit is contained in:
Michal Privoznik 2023-08-01 16:20:58 +02:00
parent bc9a254dc7
commit 99349ba18e
1 changed files with 5 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/qemu/qemu_passt.c
View File

@ -20,8 +20,6 @@
#include <config.h> #include <config.h>
#include <fcntl.h>
#include "qemu_dbus.h" #include "qemu_dbus.h"
#include "qemu_extdevice.h" #include "qemu_extdevice.h"
#include "qemu_security.h" #include "qemu_security.h"
@ -138,13 +136,9 @@ void
qemuPasstStop(virDomainObj *vm, qemuPasstStop(virDomainObj *vm,
virDomainNetDef *net) virDomainNetDef *net)
{ {
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net); g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net); g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
qemuSecurityDomainRestorePathLabel(driver, vm, net->backend.logFile);
qemuPasstKill(pidfile, passtSocketName); qemuPasstKill(pidfile, passtSocketName);
} }
@ -172,12 +166,10 @@ qemuPasstStart(virDomainObj *vm,
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver; virQEMUDriver *driver = priv->driver;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net); g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
g_autoptr(virCommand) cmd = NULL; g_autoptr(virCommand) cmd = NULL;
g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net); g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
char macaddr[VIR_MAC_STRING_BUFLEN]; char macaddr[VIR_MAC_STRING_BUFLEN];
bool needUnlink = false;
size_t i; size_t i;
cmd = virCommandNew(PASST); cmd = virCommandNew(PASST);
@ -199,25 +191,8 @@ qemuPasstStart(virDomainObj *vm,
if (net->sourceDev) if (net->sourceDev)
virCommandAddArgList(cmd, "--interface", net->sourceDev, NULL); virCommandAddArgList(cmd, "--interface", net->sourceDev, NULL);
if (net->backend.logFile) { if (net->backend.logFile)
VIR_AUTOCLOSE logfd = -1;
/* The logFile location is not restricted to a per-domain directory. It
* can be anywhere. Pre-create it as passt may not have enough perms to
* do so. */
if (qemuDomainOpenFile(cfg, vm->def, net->backend.logFile,
O_CREAT | O_TRUNC | O_APPEND | O_RDWR,
&needUnlink) < 0) {
return -1;
}
if (qemuSecurityDomainSetPathLabel(driver, vm,
net->backend.logFile, false) < 0) {
goto error;
}
/* Worse, passt deliberately doesn't support FD passing. */
virCommandAddArgList(cmd, "--log-file", net->backend.logFile, NULL); virCommandAddArgList(cmd, "--log-file", net->backend.logFile, NULL);
}
/* Add IP address info */ /* Add IP address info */
for (i = 0; i < net->guestIP.nips; i++) { for (i = 0; i < net->guestIP.nips; i++) {
@ -228,7 +203,7 @@ qemuPasstStart(virDomainObj *vm,
* a single IPv4 and single IPv6 address * a single IPv4 and single IPv6 address
*/ */
if (!(addr = virSocketAddrFormat(&ip->address))) if (!(addr = virSocketAddrFormat(&ip->address)))
goto error; return -1;
virCommandAddArgList(cmd, "--address", addr, NULL); virCommandAddArgList(cmd, "--address", addr, NULL);
@ -256,14 +231,14 @@ qemuPasstStart(virDomainObj *vm,
/* validation guarantees this will never happen */ /* validation guarantees this will never happen */
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("Invalid portForward proto value %1$u"), pf->proto); _("Invalid portForward proto value %1$u"), pf->proto);
goto error; return -1;
} }
if (VIR_SOCKET_ADDR_VALID(&pf->address)) { if (VIR_SOCKET_ADDR_VALID(&pf->address)) {
g_autofree char *addr = NULL; g_autofree char *addr = NULL;
if (!(addr = virSocketAddrFormat(&pf->address))) if (!(addr = virSocketAddrFormat(&pf->address)))
goto error; return -1;
virBufferAddStr(&buf, addr); virBufferAddStr(&buf, addr);
emitsep = true; emitsep = true;
@ -309,7 +284,7 @@ qemuPasstStart(virDomainObj *vm,
if (qemuExtDeviceLogCommand(driver, vm, cmd, "passt") < 0) if (qemuExtDeviceLogCommand(driver, vm, cmd, "passt") < 0)
goto error; return -1;
if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, true, NULL) < 0) if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, true, NULL) < 0)
goto error; goto error;
@ -317,11 +292,6 @@ qemuPasstStart(virDomainObj *vm,
return 0; return 0;
error: error:
if (needUnlink && unlink(net->backend.logFile) < 0) {
VIR_WARN("Unable to unlink '%s': %s",
net->backend.logFile, g_strerror(errno));
}
qemuPasstKill(pidfile, passtSocketName); qemuPasstKill(pidfile, passtSocketName);
return -1; return -1;
} }