External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-31 05:57:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemuDomainBuildNamespace: Populate chardevs from daemon's namespace

Browse Source 
As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain chardevs into daemon's
namespace.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Michal Privoznik 2020-07-21 14:26:49 +02:00
parent 7e80f98dbe
commit a10a229269
1 changed files with 11 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/qemu/qemu_namespace.c
View File

@ -629,7 +629,7 @@ qemuDomainSetupChardev(virDomainDefPtr def G_GNUC_UNUSED,
virDomainChrDefPtr dev, virDomainChrDefPtr dev,
void *opaque) void *opaque)
{ {
const struct qemuDomainCreateDeviceData *data = opaque; char ***paths = opaque;
const char *path = NULL; const char *path = NULL;
if (!(path = virDomainChrSourceDefGetPath(dev->source))) if (!(path = virDomainChrSourceDefGetPath(dev->source)))
@ -640,20 +640,20 @@ qemuDomainSetupChardev(virDomainDefPtr def G_GNUC_UNUSED,
dev->source->data.nix.listen) dev->source->data.nix.listen)
return 0; return 0;
return qemuDomainCreateDevice(path, data, true); return virStringListAdd(paths, path);
} }
static int static int
qemuDomainSetupAllChardevs(virDomainObjPtr vm, qemuDomainSetupAllChardevs(virDomainObjPtr vm,
const struct qemuDomainCreateDeviceData *data) char ***paths)
{ {
VIR_DEBUG("Setting up chardevs"); VIR_DEBUG("Setting up chardevs");
if (virDomainChrDefForeach(vm->def, if (virDomainChrDefForeach(vm->def,
true, true,
qemuDomainSetupChardev, qemuDomainSetupChardev,
(void *)data) < 0) paths) < 0)
return -1; return -1;
VIR_DEBUG("Setup all chardevs"); VIR_DEBUG("Setup all chardevs");
@ -877,6 +877,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupAllMemories(vm, &paths) < 0) if (qemuDomainSetupAllMemories(vm, &paths) < 0)
return -1; return -1;
if (qemuDomainSetupAllChardevs(vm, &paths) < 0)
return -1;
if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0) if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)
return -1; return -1;
@ -928,9 +931,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupDev(mgr, vm, devPath) < 0) if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
goto cleanup; goto cleanup;
if (qemuDomainSetupAllChardevs(vm, &data) < 0)
goto cleanup;
if (qemuDomainSetupAllTPMs(vm, &data) < 0) if (qemuDomainSetupAllTPMs(vm, &data) < 0)
goto cleanup; goto cleanup;
@ -1778,20 +1778,15 @@ int
qemuDomainNamespaceSetupChardev(virDomainObjPtr vm, qemuDomainNamespaceSetupChardev(virDomainObjPtr vm,
virDomainChrDefPtr chr) virDomainChrDefPtr chr)
{ {
const char *path; VIR_AUTOSTRINGLIST paths = NULL;
if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
return 0; return 0;
if (!(path = virDomainChrSourceDefGetPath(chr->source))) if (qemuDomainSetupChardev(vm->def, chr, &paths) < 0)
return 0; return -1;
/* Socket created by qemu. It doesn't exist upfront. */ if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)
if (chr->source->type == VIR_DOMAIN_CHR_TYPE_UNIX &&
chr->source->data.nix.listen)
return 0;
if (qemuDomainNamespaceMknodPath(vm, path) < 0)
return -1; return -1;
return 0; return 0;