qemuDomainBuildNamespace: Populate inputs from daemon's namespace

As mentioned in one of previous commits, populating domain's namespace from pre-exec() hook is dangerous. This commit moves population of the namespace with domain inputs into daemon's namespace. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-07-11 04:15:49 +00:00 · 2020-07-21 14:34:22 +02:00 · 2020-07-21 14:34:22 +02:00 · c872905242
commit c872905242
parent 5f4f7c2094
1 changed files with 11 additions and 11 deletions
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@ -732,11 +732,11 @@ qemuDomainSetupAllGraphics(virDomainObjPtr vm,

 static int
 qemuDomainSetupInput(virDomainInputDefPtr input,
-                     const struct qemuDomainCreateDeviceData *data)
+                     char ***paths)
 {
    const char *path = virDomainInputDefGetPath(input);

-    if (path && qemuDomainCreateDevice(path, data, false) < 0)
+    if (path && virStringListAdd(paths, path) < 0)
        return -1;

    return 0;
@ -745,14 +745,14 @@ qemuDomainSetupInput(virDomainInputDefPtr input,

 static int
 qemuDomainSetupAllInputs(virDomainObjPtr vm,
-                         const struct qemuDomainCreateDeviceData *data)
+                         char ***paths)
 {
    size_t i;

    VIR_DEBUG("Setting up inputs");
    for (i = 0; i < vm->def->ninputs; i++) {
        if (qemuDomainSetupInput(vm->def->inputs[i],
-                                 data) < 0)
+                                 paths) < 0)
            return -1;
    }
    VIR_DEBUG("Setup all inputs");
@ -885,6 +885,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
    if (qemuDomainSetupAllGraphics(vm, &paths) < 0)
        return -1;

+    if (qemuDomainSetupAllInputs(vm, &paths) < 0)
+        return -1;
+
    if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)
        return -1;

@ -936,9 +939,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
    if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
        goto cleanup;

-    if (qemuDomainSetupAllInputs(vm, &data) < 0)
-        goto cleanup;
-
    if (qemuDomainSetupAllRNGs(vm, &data) < 0)
        goto cleanup;

@ -1871,15 +1871,15 @@ int
 qemuDomainNamespaceSetupInput(virDomainObjPtr vm,
                              virDomainInputDefPtr input)
 {
-    const char *path = NULL;
+    VIR_AUTOSTRINGLIST paths = NULL;

    if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
        return 0;

-    if (!(path = virDomainInputDefGetPath(input)))
-        return 0;
+    if (qemuDomainSetupInput(input, &paths) < 0)
+        return -1;

-    if (path && qemuDomainNamespaceMknodPath(vm, path) < 0)
+    if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)
        return -1;
    return 0;
 }