From b4d3434fc20077859c33adbf51b3026a3420eb29 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Tue, 15 Feb 2011 19:18:40 -0700 Subject: [PATCH] audit: prepare qemu for listing vm in cgroup audits * src/qemu/qemu_cgroup.h (struct qemuCgroupData): New helper type. (qemuSetupDiskPathAllow, qemuSetupChardevCgroup) (qemuTeardownDiskPathDeny): Drop unneeded prototypes. (qemuSetupDiskCgroup, qemuTeardownDiskCgroup): Adjust prototype. * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow, qemuSetupChardevCgroup) (qemuTeardownDiskPathDeny): Mark static and use new type. (qemuSetupHostUsbDeviceCgroup): Use new type. (qemuSetupDiskCgroup): Alter signature. (qemuSetupCgroup): Adjust caller. * src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice) (qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice): Likewise. * src/qemu/qemu_driver.c (qemudDomainAttachDevice) (qemuDomainUpdateDeviceFlags): Likewise. --- src/qemu/qemu_cgroup.c | 58 +++++++++++++++++++++++------------------ src/qemu/qemu_cgroup.h | 21 +++++++-------- src/qemu/qemu_driver.c | 8 +++--- src/qemu/qemu_hotplug.c | 7 ++--- 4 files changed, 50 insertions(+), 44 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 3907a09de4..49ec473a72 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -54,18 +54,18 @@ int qemuCgroupControllerActive(struct qemud_driver *driver, return 0; } - -int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, - const char *path, - size_t depth ATTRIBUTE_UNUSED, - void *opaque) +static int +qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, + const char *path, + size_t depth ATTRIBUTE_UNUSED, + void *opaque) { - virCgroupPtr cgroup = opaque; + qemuCgroupData *data = opaque; int rc; VIR_DEBUG("Process path %s for disk", path); /* XXX RO vs RW */ - rc = virCgroupAllowDevicePath(cgroup, path); + rc = virCgroupAllowDevicePath(data->cgroup, path); if (rc < 0) { if (rc == -EACCES) { /* Get this for root squash NFS */ VIR_DEBUG("Ignoring EACCES for %s", path); @@ -81,28 +81,31 @@ int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, int qemuSetupDiskCgroup(struct qemud_driver *driver, + virDomainObjPtr vm, virCgroupPtr cgroup, virDomainDiskDefPtr disk) { + qemuCgroupData data = { vm, cgroup }; return virDomainDiskDefForeachPath(disk, driver->allowDiskFormatProbing, true, qemuSetupDiskPathAllow, - cgroup); + &data); } -int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, - const char *path, - size_t depth ATTRIBUTE_UNUSED, - void *opaque) +static int +qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, + const char *path, + size_t depth ATTRIBUTE_UNUSED, + void *opaque) { - virCgroupPtr cgroup = opaque; + qemuCgroupData *data = opaque; int rc; VIR_DEBUG("Process path %s for disk", path); /* XXX RO vs RW */ - rc = virCgroupDenyDevicePath(cgroup, path); + rc = virCgroupDenyDevicePath(data->cgroup, path); if (rc < 0) { if (rc == -EACCES) { /* Get this for root squash NFS */ VIR_DEBUG("Ignoring EACCES for %s", path); @@ -118,22 +121,25 @@ int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, int qemuTeardownDiskCgroup(struct qemud_driver *driver, + virDomainObjPtr vm, virCgroupPtr cgroup, virDomainDiskDefPtr disk) { + qemuCgroupData data = { vm, cgroup }; return virDomainDiskDefForeachPath(disk, driver->allowDiskFormatProbing, true, qemuTeardownDiskPathDeny, - cgroup); + &data); } -int qemuSetupChardevCgroup(virDomainDefPtr def, - virDomainChrDefPtr dev, - void *opaque) +static int +qemuSetupChardevCgroup(virDomainDefPtr def, + virDomainChrDefPtr dev, + void *opaque) { - virCgroupPtr cgroup = opaque; + qemuCgroupData *data = opaque; int rc; if (dev->source.type != VIR_DOMAIN_CHR_TYPE_DEV) @@ -141,7 +147,7 @@ int qemuSetupChardevCgroup(virDomainDefPtr def, VIR_DEBUG("Process path '%s' for disk", dev->source.data.file.path); - rc = virCgroupAllowDevicePath(cgroup, dev->source.data.file.path); + rc = virCgroupAllowDevicePath(data->cgroup, dev->source.data.file.path); if (rc < 0) { virReportSystemError(-rc, _("Unable to allow device %s for %s"), @@ -157,11 +163,11 @@ int qemuSetupHostUsbDeviceCgroup(usbDevice *dev ATTRIBUTE_UNUSED, const char *path, void *opaque) { - virCgroupPtr cgroup = opaque; + qemuCgroupData *data = opaque; int rc; VIR_DEBUG("Process path '%s' for USB device", path); - rc = virCgroupAllowDevicePath(cgroup, path); + rc = virCgroupAllowDevicePath(data->cgroup, path); if (rc < 0) { virReportSystemError(-rc, _("Unable to allow device %s"), @@ -195,6 +201,7 @@ int qemuSetupCgroup(struct qemud_driver *driver, } if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) { + qemuCgroupData data = { vm, cgroup }; rc = virCgroupDenyAllDevices(cgroup); if (rc != 0) { if (rc == -EPERM) { @@ -208,7 +215,7 @@ int qemuSetupCgroup(struct qemud_driver *driver, } for (i = 0; i < vm->def->ndisks ; i++) { - if (qemuSetupDiskCgroup(driver, cgroup, vm->def->disks[i]) < 0) + if (qemuSetupDiskCgroup(driver, vm, cgroup, vm->def->disks[i]) < 0) goto cleanup; } @@ -243,7 +250,7 @@ int qemuSetupCgroup(struct qemud_driver *driver, if (virDomainChrDefForeach(vm->def, true, qemuSetupChardevCgroup, - cgroup) < 0) + &data) < 0) goto cleanup; for (i = 0; i < vm->def->nhostdevs; i++) { @@ -259,7 +266,8 @@ int qemuSetupCgroup(struct qemud_driver *driver, hostdev->source.subsys.u.usb.device)) == NULL) goto cleanup; - if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup, cgroup) < 0 ) + if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup, + &data) < 0) goto cleanup; } } diff --git a/src/qemu/qemu_cgroup.h b/src/qemu/qemu_cgroup.h index 0a9692b6b1..299bd2d171 100644 --- a/src/qemu/qemu_cgroup.h +++ b/src/qemu/qemu_cgroup.h @@ -1,7 +1,7 @@ /* * qemu_cgroup.h: QEMU cgroup management * - * Copyright (C) 2006-2007, 2009-2010 Red Hat, Inc. + * Copyright (C) 2006-2007, 2009-2011 Red Hat, Inc. * Copyright (C) 2006 Daniel P. Berrange * * This library is free software; you can redistribute it and/or @@ -28,25 +28,22 @@ # include "domain_conf.h" # include "qemu_conf.h" +struct _qemuCgroupData { + virDomainObjPtr vm; + virCgroupPtr cgroup; +}; +typedef struct _qemuCgroupData qemuCgroupData; + int qemuCgroupControllerActive(struct qemud_driver *driver, int controller); -int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk, - const char *path, - size_t depth, - void *opaque); int qemuSetupDiskCgroup(struct qemud_driver *driver, + virDomainObjPtr vm, virCgroupPtr cgroup, virDomainDiskDefPtr disk); -int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk, - const char *path, - size_t depth, - void *opaque); int qemuTeardownDiskCgroup(struct qemud_driver *driver, + virDomainObjPtr vm, virCgroupPtr cgroup, virDomainDiskDefPtr disk); -int qemuSetupChardevCgroup(virDomainDefPtr def, - virDomainChrDefPtr dev, - void *opaque); int qemuSetupHostUsbDeviceCgroup(usbDevice *dev, const char *path, void *opaque); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 20d91df7b0..ebbc8ddbad 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3988,7 +3988,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom, vm->def->name); goto endjob; } - if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0) + if (qemuSetupDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0) goto endjob; } @@ -4034,7 +4034,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom, /* Fallthrough */ } if (ret != 0 && cgroup) { - if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) + if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0) VIR_WARN("Failed to teardown cgroup for disk path %s", NULLSTR(dev->data.disk->src)); } @@ -4160,7 +4160,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom, vm->def->name); goto endjob; } - if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0) + if (qemuSetupDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0) goto endjob; } @@ -4184,7 +4184,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom, } if (ret != 0 && cgroup) { - if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) + if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0) VIR_WARN("Failed to teardown cgroup for disk path %s", NULLSTR(dev->data.disk->src)); } diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 0002af06bc..8090b9022a 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -893,6 +893,7 @@ int qemuDomainAttachHostUsbDevice(struct qemud_driver *driver, if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) { virCgroupPtr cgroup = NULL; usbDevice *usb; + qemuCgroupData data = { vm, cgroup }; if (virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) !=0 ) { qemuReportError(VIR_ERR_INTERNAL_ERROR, @@ -905,7 +906,7 @@ int qemuDomainAttachHostUsbDevice(struct qemud_driver *driver, hostdev->source.subsys.u.usb.device)) == NULL) goto error; - if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup, cgroup) < 0 ) + if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup, &data) < 0) goto error; } @@ -1206,7 +1207,7 @@ int qemuDomainDetachPciDiskDevice(struct qemud_driver *driver, VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); if (cgroup != NULL) { - if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) + if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0) VIR_WARN("Failed to teardown cgroup for disk path %s", NULLSTR(dev->data.disk->src)); } @@ -1284,7 +1285,7 @@ int qemuDomainDetachSCSIDiskDevice(struct qemud_driver *driver, VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); if (cgroup != NULL) { - if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) + if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0) VIR_WARN("Failed to teardown cgroup for disk path %s", NULLSTR(dev->data.disk->src)); }