Commit Graph

34989 Commits

Author SHA1 Message Date
Daniel P. Berrangé
c6825d8813 util: convert virIdentity implementation and test suite to g_autoptr
To simplify the later conversion from virObject to GObject, introduce
the use of g_autoptr to the virIdentity implementnation and test suite.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Daniel P. Berrangé
6c748c8e2d util: use glib base64 encoding/decoding APIs
Replace use of the gnulib base64 module with glib's own base64 API family.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Daniel P. Berrangé
c87cfa1310 conf: convert virSecretObj APIs to use autofree
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Daniel P. Berrangé
667ff797e8 src: add support for g_autoptr with virObject instances
Libvirt currently uses the VIR_AUTOUNREF macro for auto cleanup of
virObject instances. GLib approaches things differently with GObject,
reusing their g_autoptr() concept.

This introduces support for g_autoptr() with virObject, to facilitate
the conversion to GObject.

Only virObject classes which are currently used with VIR_AUTOREF are
updated. Any others should be converted to GObject before introducing
use of autocleanup.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Daniel P. Berrangé
44e7f02915 util: rewrite auto cleanup macros to use glib's equivalent
To facilitate porting over to glib, this rewrites the auto cleanup
macros to use glib's equivalent.

As a result it is now possible to use g_autoptr/VIR_AUTOPTR, and
g_auto/VIR_AUTOCLEAN, g_autofree/VIR_AUTOFREE interchangably, regardless
of which macros were used to declare the cleanup types.

Within the scope of any single method, code must remain consistent
using either GLib or Libvirt macros, never mixing both. New code
must preferentially use the GLib macros, and old code will be
converted incrementally.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Daniel P. Berrangé
74d9326795 util: convert virSystemdActivation to use VIR_DEFINE_AUTOPTR_FUNC
Using the standard macro will facilitate the conversion to glib's
auto cleanup macros.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Daniel P. Berrangé
bb9a1a14e2 util: use glib string allocation/formatting functions
Convert the string duplication APIs to use the g_strdup family of APIs.

We previously used the 'strdup-posix' gnulib module because mingw does
not set errno to ENOMEM on failure

We previously used the 'strndup' gnulib module because this function
does not exist on mingw.

We previously used the 'vasprintf' gnulib module because of many GNU
supported format specifiers not working on non-Linux platforms. glib's
own equivalent standardizes on GNU format specifiers too.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Daniel P. Berrangé
e85e34f3af util: use glib memory allocation functions
Convert the VIR_ALLOC family of APIs with use of the g_malloc family of
APIs. Use of VIR_ALLOC related functions should be incrementally phased
out over time, allowing return value checks to be dropped. Use of
VIR_FREE should be replaced with auto-cleanup whenever possible.

We previously used the 'calloc-posix' gnulib module because mingw does
not set errno to ENOMEM on failure.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Daniel P. Berrangé
cfbe9f1201 build: link to glib library
Add the main glib.h to internal.h so that all common code can use it.

Historically glib allowed applications to register an alternative
memory allocator, so mixing g_malloc/g_free with malloc/free was not
safe.

This was feature was dropped in 2.46.0 with:

      commit 3be6ed60aa58095691bd697344765e715a327fc1
      Author: Alexander Larsson <alexl@redhat.com>
      Date:   Sat Jun 27 18:38:42 2015 +0200

        Deprecate and drop support for memory vtables

Applications are still encourged to match g_malloc/g_free, but it is no
longer a mandatory requirement for correctness, just stylistic. This is
explicitly clarified in

    commit 1f24b36607bf708f037396014b2cdbc08d67b275
    Author: Daniel P. Berrangé <berrange@redhat.com>
    Date:   Thu Sep 5 14:37:54 2019 +0100

        gmem: clarify that g_malloc always uses the system allocator

Applications can still use custom allocators in general, but they must
do this by linking to a library that replaces the core malloc/free
implemenentation entirely, instead of via a glib specific call.

This means that libvirt does not need to be concerned about use of
g_malloc/g_free causing an ABI change in the public libary, and can
avoid memory copying when talking to external libraries.

This patch probes for glib, which provides the foundation layer with
a collection of data structures, helper APIs, and platform portability
logic.

Later patches will introduce linkage to gobject which provides the
object type system, built on glib, and gio which providing objects
for various interesting tasks, most notably including DBus client
and server support and portable sockets APIs, but much more too.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Daniel P. Berrangé
58e7c9bc05 build: probe for glib-2 library in configure
Prepare for linking with glib by probing for it at configure
time. Per supported platforms target, the min glib versions on
relevant distros are:

  RHEL-8: 2.56.1
  RHEL-7: 2.50.3
  Debian (Buster): 2.58.3
  Debian (Stretch): 2.50.3
  OpenBSD (Ports): 2.58.3
  FreeBSD (Ports): 2.56.3
  OpenSUSE Leap 15: 2.54.3
  SLE12-SP2: 2.48.2
  Ubuntu (Xenial): 2.48.0
  macOS (Homebrew): 2.56.0

This suggests that a minimum glib of 2.48 is a reasonable target.
This aligns with the minimum version required by qemu too.

We must disable the bad-function-cast warning as various GLib APIs
and macros will trigger this.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-14 10:54:42 +01:00
Cole Robinson
36138eaecf security: selinux: Label externalDataStore
We mirror the labeling strategy that was used for its top image

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
dbdf150b45 security: selinux: break out SetImageLabelRelative
This will be used for recursing into externalDataStore

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
bbdf85d63a security: selinux: Restore image label for externalDataStore
Rename the existing virSecuritySELinuxRestoreImageLabelInt
to virSecuritySELinuxRestoreImageLabelSingle, and extend the new
ImageLabelInt handle externalDataStore

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
a36d3b88d6 security: selinux: Add is_toplevel to SetImageLabelInternal
This will simplify future patches and make the logic easier to follow

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
65181d419e security: selinux: Drop !parent handling in SetImageLabelInternal
The only caller always passes in a non-null parent

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
6f1cd0a54e security: selinux: Simplify SetImageLabelInternal
All the SetFileCon calls only differ by the label they pass in.
Rework the conditionals to track what label we need, and use a
single SetFileCon call

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
efe3575e60 security: dac: Label externalDataStore
We mirror the labeling strategy that was used for its sibling
image

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
aa736c098e security: dac: break out SetImageLabelRelative
This will be used for recursing into externalDataStore

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
ee5a367d06 security: dac: Restore image label for externalDataStore
Rename the existing virSecurityDACRestoreImageLabelInt
to virSecurityDACRestoreImageLabelSingle, and extend the new
ImageLabelInt handle externalDataStore

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
c1f0b31267 security: dac: Add is_toplevel to SetImageLabelInternal
This will simplify future patches and make the logic easier to follow

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
a7262a664d security: dac: Drop !parent handling in SetImageLabelInternal
The only caller always passes in a non-null parent

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
527f377a92 storagefile: Fill in meta->externalDataStore
Add virStorageSourceNewFromExternalData, similar to
virStorageSourceNewFromBacking and use it to fill in a
virStorageSource for externalDataStore

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
884cc9d615 storagefile: Add externalDataStore member
Add the plumbing to track a externalDataStoreRaw as a virStorageSource

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
8863c03d7d storagefile: Split out virStorageSourceNewFromChild
Future patches will use this for external data file handling

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
f57336358c storagefile: Don't access backingStoreRaw directly in FromBackingRelative
For the only usage, the rel == parent->backingStoreRaw, so drop
the direct access

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
556f7c68a0 storagefile: Fill in meta->externalDataStoreRaw
Call qcow2GetExtensions to actually fill in the virStorageSource
externalDataStoreRaw member

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
b50adb40b2 storagefile: Add externalDataStoreRaw member
Add the plumbing to track a qcow2 external data file path in
virStorageSource

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:59 -04:00
Cole Robinson
9f0d364755 storagefile: Fix backing format \0 check
From qemu.git docs/interop/qcow2.txt

  == String header extensions ==

  Some header extensions (such as the backing file format name and
  the external data file name) are just a single string. In this case,
  the header extension length is the string length and the string is
  not '\0' terminated. (The header extension padding can make it look
  like a string is '\0' terminated, but neither is padding always
  necessary nor is there a guarantee that zero bytes are used
  for padding.)

So we shouldn't be checking for a \0 byte at the end of the backing
format section. I think in practice there always is a \0 but we
shouldn't depend on that.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 14:25:53 -04:00
Cole Robinson
c87784be89 storagefile: Rename qcow2GetExtensions 'format' argument
To backingFormat, which makes it more clear. Move it to the end of
the argument list which will scale nicer with future patches

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:22 -04:00
Cole Robinson
125dbad3af storagefile: Rename qcow2GetBackingStoreFormat
...to qcow2GetExtensions. We will extend it for more extension
parsing in future patches

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:22 -04:00
Cole Robinson
16fffd8257 storagefile: Push extension_end calc to qcow2GetBackingStoreFormat
This is a step towards making this qcow2GetBackingStoreFormat into
a generic qcow2 extensions parser

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:22 -04:00
Cole Robinson
bd6b4646c7 storagefile: Push 'start' into qcow2GetBackingStoreFormat
This is a step towards making this qcow2GetBackingStoreFormat into
a generic qcow2 extensions parser

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:22 -04:00
Cole Robinson
242e7ac590 storagefile: Use qcowXGetBackingStore directly
The qcow1 and qcow2 variants are identical, so remove the wrappers

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:22 -04:00
Cole Robinson
6017e7b3b8 storagefile: Drop now unused isQCow2 argument
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:21 -04:00
Cole Robinson
253f2cae4a storagefile: Check version to determine if qcow2 or not
Rather than require a boolean to be passed in

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:21 -04:00
Cole Robinson
8699899692 storagefile: qcow1: Let qcowXGetBackingStore fill in format
Letting qcowXGetBackingStore fill in format gives the same behavior
we were opencoding in qcow1GetBackingStore

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:21 -04:00
Cole Robinson
b00616870b storagefile: qcow1: Fix check for empty backing file
From f772b3d91f the intention of this code seems to be to set
format=NONE when the image does not have a backing file. However
'buf' here is the whole qcow1 file header. What we want to be
checking is 'res' which is the parsed backing file path.
qcowXGetBackingStore sets this to NULL when there's no backing file.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:21 -04:00
Cole Robinson
9f508ec7ca storagefile: qcow1: Check for BACKING_STORE_OK
Check explicitly for BACKING_STORE_OK and not its 0 value

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:21 -04:00
Cole Robinson
285adba549 storagefile: Make GetMetadataInternal static
It is only used in virstoragefile.c

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 13:41:21 -04:00
Daniel Henrique Barboza
65ec10e83f tests: add a test for driver.c:virConnectValidateURIPath()
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-10-11 12:20:08 -04:00
Michal Privoznik
4e95cdcbb3 security: Don't remember labels for TPM
https://bugzilla.redhat.com/show_bug.cgi?id=1755803

The /dev/tpmN file can be opened only once, as implemented in
drivers/char/tpm/tpm-dev.c:tpm_open() from the kernel's tree. Any
other attempt to open the file fails. And since we're opening the
file ourselves and passing the FD to qemu we will not succeed
opening the file again when locking it for seclabel remembering.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 17:05:55 +02:00
Michal Privoznik
2b44cf8c32 security_dac: Allow selective remember/recall for chardevs
While in most cases we want to remember/recall label for a
chardev, there are some special ones (like /dev/tpm0) where we
don't want to remember the seclabel nor recall it. See next
commit for rationale behind.

While the easiest way to implement this would be to just add new
argument to virSecurityDACSetChardevLabel() this one is also a
callback for virSecurityManagerSetChardevLabel() and thus has
more or less stable set of arguments. Therefore, the current
virSecurityDACSetChardevLabel() is renamed to
virSecurityDACSetChardevLabelHelper() and the original function
is set to call the new one.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 17:05:41 +02:00
Michal Privoznik
1a84a1ced1 security: Try to lock only paths with remember == true
So far all items on the chown/setfilecon list have the same
.remember value.  But this will change shortly. Therefore, don't
try to lock paths which we won't manipulate XATTRs for.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 17:01:08 +02:00
Cole Robinson
4dfc4d525e security: apparmor: Allow RO /usr/share/edk2/
On Fedora, already whitelisted paths to AAVMF and OVMF binaries
are symlinks to binaries under /usr/share/edk2/. Add that directory
to the RO whitelist so virt-aa-helper-test passes

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-10-11 10:52:54 -04:00
Andrea Bolognani
4d95f557d6 tests: Add capabilities for QEMU 4.2.0 on aarch64
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-10-11 09:37:33 +02:00
Andrea Bolognani
c5330fcefa tests: Add capabilities for QEMU 4.2.0 on ppc64
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-10-11 09:37:25 +02:00
Marek Marczykowski-Górecki
668dc9fe8c libxl: add slic_table <-> acpi_firmware conversion
This isn't exactly equivalent setting (acpi_firmware may point to
non-SLIC ACPI table), but it's the most behavior preserving option.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2019-10-10 21:02:09 -06:00
Marek Marczykowski-Górecki
f2899e44d9 tests: libxl: ACPI slic table test
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2019-10-10 21:02:03 -06:00
Ivan Kardykov
03e98a52d2 libxl: add acpi slic table support
Libxl driver did not support setup additional acpi firmware to xen
guest. It is necessary to activate OEM Windows installs. This patch
allow to define in OS section acpi table param (which supported domain
common schema).

Signed-off-by: Ivan Kardykov <kardykov@tabit.pro>
[added info to docs/formatdomain.html.in]
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2019-10-10 21:01:54 -06:00
Daniel Henrique Barboza
37b565c000 src/driver.c: remove duplicated code in virGetConnect* functions
All the 6 virGetConnect* functions in driver.c shares the
same code base. This patch creates a new static function
virGetConnectGeneric() that contains the common code to
be used with all other virGetConnect*.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-10-10 13:51:18 -04:00