Commit Graph

47726 Commits

Author SHA1 Message Date
Peter Krempa
c9ee6f1d57 docs: ACL: Mention the ACL object name along with the corresponding libvirt object name
It's not trivial to figure out the ACL object name from our
documentation. Add it above the table outlining existing permissions.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 18:26:47 +01:00
Peter Krempa
0b69e2b995 docs: Fix generated names for ACL objects
Both the object name and permission name in ACL use '-' instead of '_'
separator when referring to them in the docs or even when used inside of
polkit. Unfortunately the generators used for generating our docs don't
honour this in certain cases which would result in broken names in the
API docs (once they will be generated).

Rename both object and permission name to use dash and reflect that in
the anchor names in the documentation.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-02-20 18:26:16 +01:00
Temuri Doghonadze
91431db94b Translated using Weblate (Georgian)
Currently translated at 1.7% (185 of 10405 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ka/

Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
2023-02-20 11:05:43 +01:00
Michal Privoznik
fbd36ae01b selinux: Don't ignore ENOENT in Permissive mode
In selinux driver there's virSecuritySELinuxSetFileconImpl()
which is responsible for actual setting of SELinux label on given
file and handling possible failures. In fhe failure handling code
we decide whether failure is fatal or not. But there is a bug:
depending on SELinux mode (Permissive vs. Enforcing) the ENOENT
is either ignored or considered fatal. This not correct - ENOENT
must always be fatal for couple of reasons:

- In virSecurityStackTransactionCommit() the seclabels are set
  for individual secdrivers (e.g. SELinux first and then DAC),
  but if one secdriver succeeds and another one fails, then no
  rollback is performed for the successful one leaking remembered
  labels.

- QEMU would fail opening the file anyways (if neither of
  secdrivers reported error and thus cancelled domain startup)

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2004850
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-02-20 11:04:21 +01:00
Michal Privoznik
466920ea1d selinux: Swap two blocks handling setfilecon_raw() failure
In virSecuritySELinuxSetFileconImpl() we have code that handles
setfilecon_raw() failure. The code consists of two blocks: one
for dealing with shared filesystem like NFS (errno is ENOTSUP or
EROFS) and the other block that's dealing with EPERM for
privileged daemon. Well, the order of these two blocks is a bit
confusing because the comment above them mentions the NFS case
but EPERM block follows. Swap these two blocks to make it less
confusing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-02-20 11:02:51 +01:00
Michal Privoznik
029a892abd qemu_passt: Let passt write the PID file
The way we start passt currently is: we use
virCommandSetPidFile() to use our virCommand machinery to acquire
the PID file and leak opened FD into passt. Then, we use
virPidFile*() APIs to read the PID file (which is needed when
placing it into CGroups or killing it). But this does not fly
really because passt daemonizes itself. Thus the process we
started dies soon and thus the PID file is closed and unlocked.

We could work around this by passing '--foreground' argument, but
that weakens passt as it can't create new PID namespace (because
it doesn't fork()).

The solution is to let passt write the PID file, but since it
does not lock the file and closes it as soon as it is written, we
have to switch to those virPidFile APIs which don't expect PID
file to be locked.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-20 09:43:14 +01:00
Michal Privoznik
e5bfc661bc qemu_passt: Deduplicate passt killing code
There are two places where we kill passt:

1) qemuPasstStop() - called transitively from qemuProcessStop(),
2) qemuPasstStart() - after failed start.

Now, the code from 2) lack error preservation (so if there's
another error during cleanup we might overwrite the original
error). Therefore, move the internals of qemuPasstStop() into a
separate function and call it from both places.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-20 09:43:14 +01:00
Michal Privoznik
02355840ce qemu_passt: Report passt's error on failed start
When starting passt, it may write something onto its stderr
(convincing it to print even more is addressed later). Pass this
string we read to user.

Since we're not daemonizing passt anymore (see previous commit),
we can let virCommand module do all the heavy lifting and switch
to virCommandSetErrorBuffer() instead of reading error from an
FD.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-20 09:43:14 +01:00
Michal Privoznik
c0efdbdb9f qemu_passt: Avoid double daemonizing passt
When passt is started, it daemonizes itself by default. There's
no point in having our virCommand module daemonize it too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-20 09:43:14 +01:00
Peter Krempa
ecca805336 docs: ACL: Show which permissions are allowed for unauthenticated connections
Certain APIs are allowed also without authentication but the ACL page
didn't outline which. Generate a new column with the information.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 09:22:51 +01:00
Peter Krempa
74bdc2abb9 libvirt-nodedev: Allow read-only access to virNodeDeviceGetAutostart
Fetching whether a node-device is marked for autostart can be allowed
from read-only connections similarly to other objects.

Fixes: c6607a25b9
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 09:22:51 +01:00
Peter Krempa
87ed6ff7cd access: Allow 'node-device.read' permission for anonymous users
For all other objects we allow the 'read' permission for anonymous
users. In fact the idea is to allow all permissions users using the
readonly connection would have.

This impacts the following APIs (in terms of RPC procedure names):

  $ git grep -A 3 node_device:read | grep REMOTE
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_GET_XML_DESC = 114,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_GET_PARENT = 115,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_NUM_OF_CAPS = 116,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_LIST_CAPS = 117,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_GET_AUTOSTART = 433,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_IS_PERSISTENT = 435,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_IS_ACTIVE = 436,

Fixes: a93cd08f
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 09:22:51 +01:00
Michal Privoznik
15e5eb8a76 qemu_extdevice: Add a comment into qemuExtDevicesSetupCgroup()
The way setting up CGroups for external helpers work, is:
qemuExtDevicesHasDevice() is called first to determine whether
there is a helper process running, the CGroup controller is
created and then qemuExtDevicesSetupCgroup() is called to place
helpers into the CGroup. But when one reads just
qemuExtDevicesSetupCgroup() it's easy to miss this hidden logic.
Therefore, add a warning at the beginning of the function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-16 10:50:39 +01:00
Michal Privoznik
598a73335d qemu_passt: Report error when getting passt PID failed
If qemuPasstGetPid() fails, or the passt's PID is -1 then
qemuPasstSetupCgroup() returns early without any error message
set. Report an appropriate error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-15 16:21:26 +01:00
Michal Privoznik
b7b058d5f4 qemu_extdevice: Make qemuExtDevicesHasDevice() check def->nets
We can have external helper processes running for domain
<interface/> too (e.g. slirp or passt). But this is not reflected
in qemuExtDevicesHasDevice() which simply ignores these.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-15 16:21:26 +01:00
Michal Privoznik
c16214087c Revert "qemu: allow passt to self-daemonize"
This reverts commit 0c4e716835.

This patch was pushed by my mistake. Even though it got ACKed on
the list, I've raised couple of issues with it. They will be
fixed in next commits.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-15 16:21:26 +01:00
Peter Krempa
edac6ca756 scripts: check-html-refernces: Add checking for image file usage
Check both that a file is referenced from our pages and also that pages
reference existing images.

The mode for dumping external references now also dumps images.

'--ignore-image' can be used repeatedly to suppress errors for specific
images.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
0e3970bf9b docs: logos: Turn 'README' into rST, generate an index and link to images
The logo directory wasn't really referenced from anywhere. Additionally
there wasn't any reasonable index for all the image files which we have.

Turn the README file into rST and display the images it references. Link
to the new index file from the docs page.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
e886274234 kbase: eventloop: Fix path to referenced images
The images are referenced from '../images/' but the document is two
layers deep thus '../../images' needs to be used

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
61dcca1b23 scripts: check-html-references: Detect pages that are not linked to
Prevent sub-pages without a way to reach them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
5f3a897b93 docs: Add sub-page for all golang modules
Our documentation has pages for 4 go modules, 2 current and 2 obsolete
ones, but points only to one of them and directly to golang's docs page.

Add a sub-page where all 4 sub-pages for the modules are linked.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
f3e44016fa docs: manpages: Add missing manpages to index
The manpages for 'virt-pki-query-dn', 'virt-qemu-qmp-proxy' and
'virt-ssh-helper.rst' were not referenced from the manpage index or any
other place.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
00956b55bf scripts: check-html-references: Improve error messages and don't mess with relative paths
Now that we have the source file name as a custom attribute we can use
it to report which file actually needs to be edited to fix the error:

 ERROR: 'docs/uri.rst': broken link to: 'drvqemu.html#exaple'

rather than:

 broken link targets:
 docs/uri.html broken link: drvqemu.html#exaple

which pointed to file which does not exist in the source directory.

This also allows us to delete all the relative path handling needed to
report at least somewhat user-legible errors before.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
70211d7368 scripts: check-html-references: Rename --prefix to --webroot and make it mandatory
Force users to pass the path to the root of the webpage the script
should check. The script lives in a different subdirectory so the
default of the current directory doesn't make much sense.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
65edcfd68f docs: XSL: Add source document name as custom data attribute for <html>
The html standard allows custom data attributes on any element in the
format of 'data-*' which are not interpreted. We can use it to embed the
name of the source document used to generate the page so that our
checker tools can use the friendly name.

https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
8c8eff610a virLogCleanerShutdown: Don't call g_regex_unref on NULL regex
Shutdown of virtlogd prints:

  (process:54742): GLib-CRITICAL **: 11:00:40.873: g_regex_unref: assertion 'regex != NULL' failed

Use g_clear_pointer instead which prevents it in the NULL case.

Fixes: 69eeef5dfb
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:36:17 +01:00
Peter Krempa
b3f8e072fe rpc: Don't warn about "max_client_requests" in single-threaded daemons
The warning about max_client_requests is hit inside virtlogd every time
a VM starts which spams the logs.

Emit the warning only when the client request limit is not 1 and add a
warning into the daemon config to not configure it too low instead.

Fixes: 031878c236
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2145188
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:36:17 +01:00
Peter Krempa
761cb8a087 rpc: client: Don't check return value of virNetMessageNew
virNetServerClientDispatchRead checked the return value but it's not
necessary any more as it can't return NULL nowadays.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:36:17 +01:00
Michal Privoznik
b61c66d1de test: Introduce chxml2xmltest
Whilst reviewing a patch upstream (that ended up as
v9.0.0-200-g092176e5ec), I realized we don't have a single
xml2xml test for CH driver. Well, introduce the test with one
simple test case for now.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-02-14 13:59:45 +01:00
Peter Krempa
c433c2434c qemu: blockjob: Handle 'pending' blockjob state only when we need it
The 'pending' state needs to be handled by the blockjob code only when
the snapshot code requests a block-commit without auto-finalization.

If we always handle it we fail to properly remove the blockjob data for
the 'blockdev-create' job as that also transitions trhough 'pending' but
we'd never update it once it reaches 'concluded' as the code already
thinks that the job has finished and is no longer watching it.

Introduce a 'processPending' property into block job data and set it
only when we know that we need to process 'pending'.

Fixes: 90d9bc9d74
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2168769
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-02-13 14:20:01 +01:00
Piotr Drąg
c699f5e4ee Translated using Weblate (Polish)
Currently translated at 22.0% (2292 of 10405 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/pl/

Co-authored-by: Piotr Drąg <piotrdrag@gmail.com>
Signed-off-by: Piotr Drąg <piotrdrag@gmail.com>
2023-02-13 13:20:21 +01:00
Andrea Bolognani
3820a0ce41 conf: Allow conventional PCI devices to be marked as integrated
Integrated PCI devices can be either PCIe (virtio-iommu) or
conventional PCI (pvpanic-pci). Right now libvirt will refuse
to assign an address on pcie.0 for the latter, but that's an
undesirable limitation that we can easily remove.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-13 10:01:08 +01:00
Praveen K Paladugu
092176e5ec ch: Do not add stub console to ch VMs
virDomainDefAddConsoleCompat in post parsing step appends a stub console
of type VIR_DOMAIN_CHR_TYPE_NULL to ch VMs' Domain XML. Cloud-hypervisor's
deviceValidateCallback (chValidateDomainDeviceDef) checks that the type of
stub console is not of type VIR_DOMAIN_CHR_TYPE_PTY and throws an error.

This commit introduces NO_STUB_CONSOLE feature check to Domain features and
uses it to skip adding stub console to ch VMs.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-10 15:23:21 +01:00
Michal Privoznik
03f76e577d qemu_extdevice: Do cleanup host only for VIR_DOMAIN_TPM_TYPE_EMULATOR
We only set up host for VIR_DOMAIN_TPM_TYPE_EMULATOR and thus
similarly, we should do cleanup for the same type. This also
fixes a crasher, in which qemuTPMEmulatorCleanupHost() accesses
tpm->data.emulator.storagepath which is NULL for
VIR_DOMAIN_TPM_TYPE_EXTERNAL.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2168762
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-02-10 10:49:13 +01:00
Thomas Huth
a38ad6f687 cpu_s390: Implement getVendorForModel for IBM Z
When running "virsh domcapabilities" on a s390x host, all the CPU
models show up with vendor='unknown' - which sounds kind of weird
since the vendor of these mainframe CPUs is well known: IBM.
All CPUs starting with either "z" or "gen" match a real mainframe
CPU by IBM, so let's return the string "IBM" for those now.
The only remaining ones are now the artifical "qemu" and "max"
models from QEMU itself, so it should be OK to get an "unknown"
vendor for those two.

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Boris Fiuczynski<fiuczy@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-10 09:15:03 +01:00
Laine Stump
0c4e716835 qemu: allow passt to self-daemonize
I initially had the passt process being started in an identical
fashion to the slirp-helper - libvirt was daemonizing the new process
and recording its pid in a pidfile. The problem with this is that,
since it is daemonized immediately, any startup error in passt happens
after the daemonization, and thus isn't seen by libvirt - libvirt
believes that the process has started successfully and continues on
its merry way. The result was that sometimes a guest would be started,
but there would be no passt process for qemu to use for network
traffic.

Instead, we should be starting passt in the same manner we start
dnsmasq - we just exec it as normal (along with a request that passt
create the pidfile, which is just another option on the passt
commandline) and wait for the child process to exit; passt then has a
chance to parse its commandline and complete all the setup prior to
daemonizing itself; if it encounters an error and exits with a non-0
code, libvirt will see the code and know about the failure. We can
then grab the output from stderr, log that so the "user" has some idea
of what went wrong, and then fail the guest startup.

Signed-off-by: Laine Stump <laine@redhat.com>
2023-02-09 11:23:04 +01:00
Peter Krempa
86cfe93ef7 qemuProcessRefreshDisks: Don't skip filling of disk information if tray state didn't change
Commit 5ef2582646 added emitting of even when refreshign disk state,
where it wanted to avoid sending the event if disk state didn't change.
This was achieved by using 'continue' in the loop filling the
information. Unfortunately this skips extraction of whether the device
has a tray which is propagated into internal structures, which in turn
broke cdrom media change as the code thought there's no tray for the
device.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2166411
Fixes: 5ef2582646
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
2023-02-09 10:17:08 +01:00
Michal Privoznik
e4cf477701 remote_driver: Work around broken clang
In recent commit of v9.0.0-191-gc71c159248 I've introduced
remoteConnectFormatURI() function and in the function @query
variable. Even though, the variable is used, clang-13 fails to
see it. Surprisingly, newer clang is not affected. Fortunately,
swapping the order in which variables are set makes clang happy
again.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-09 10:12:00 +01:00
Martin Kletzander
8a63add283 Revert ".gitignore: Ignore cscope and other *tags files"
This reverts commit f2d379e7cb.

Any tool-related ignores should go to user's global ignore file or the user's
local exclude file which is per-project.  See git-config(1) and gitignore(5) for
more details.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Not-Ignored-by: Ján Tomko <jtomko@redhat.com>
2023-02-08 17:24:31 +01:00
Michal Privoznik
d133d73f54 remote: Pass 'mode' and 'socket' URI parameters to virt-ssh-helper
When handling virConnectOpen(), we parse given URI, specifically
all those parameters we know, like ?mode, ?socket, ?name, etc.
ignoring those we don't recognize yet. Then, we reconstruct the
URI back, but ignoring all parameters we've parsed. In other
words:

  qemu:///system?mode=legacy&foo=bar

becomes:

  qemu:///system?foo=bar

The reconstructed URI is then passed to the corresponding driver
(QEMU in our example) with intent of it parsing parameters
further (or just ignoring them). But for some transport modes,
where virt-ssh-helper is ran on the remote host (libssh, libssh2,
ssh) we need to pass ?mode and ?socket parameters, so that it can
do the right thing, e.g. for 'mode=legacy' start the monolithic
daemon, or for 'socket=' connect to the given socket.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/433
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-08 16:50:45 +01:00
Michal Privoznik
cdb1aa996a viruri: Introduce virURIParamsSetIgnore()
The aim of this helper is to manipulate the .ignore value for
given list of parameters. For instance:

  virURIParamsSetIgnore(uri, false, {"mode", "socket", NULL});

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-08 16:50:45 +01:00
Michal Privoznik
c71c159248 remote_driver: Move URI re-generation into a function
There's a piece of code in doRemoteOpen() that is going to be
called twice. Instead of duplicating the code, move it into a
function that will be called twice, later on.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-08 16:50:45 +01:00
Michal Privoznik
77b4a67cf6 virt-ssh-helper: Accept ?socket= in connection URI
Similarly to the previous commit, let's accept "socket" parameter
in the connection URI. This change will allow us to use
virt-ssh-helper instead of 'nc' in all cases (done in one of
future commits).

Please note, when the parameter is used it effectively disables
automatic daemon spawning and an error is reported. But this is
intentional - so that the helper behaves just like regular
virConnectOpen() with different transport than ssh, e.g. unix.

But this 'change' is acceptable - there's no way for users to
make our remote code pass the argument to virt-ssh-helper, yet.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-08 16:50:45 +01:00
Michal Privoznik
8275a06182 virt-ssh-helper: Accept ?mode= in connection URI
When split daemons were introduced, we also made connection URI
accept new parameter: mode={auto,legacy,direct} so that a client
can force connecting to either old, monolithic daemon, or to
split daemon (see v5.7.0-rc1~257 for more info).

Now, the change was done to the remote driver, but not to
virt-ssh-helper. True, our remote driver code still does not pass
the 'mode' parameter, but that will be addressed in next commits.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-08 16:50:45 +01:00
Michal Privoznik
16d0425fbe doRemoteOpen(): Rename 'failed' label to 'error'
Our own coding style suggest not inventing new names for labels
and stick with 'cleanup' (when the path is used in both,
successful and unsuccessful returns), or 'error' (when the code
below the label is used only upon error). Well, 'failed' label
falls into the latter category. Rename it then.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-08 16:50:45 +01:00
Michal Privoznik
77d417d9ef Drop checks for virURIFormat() retval
The virURIFormat() function either returns a string, or aborts
(on OOM). There's no way this function can return NULL (as of
v7.2.0-rc1~277). Therefore, it doesn't make sense to check its
retval against NULL.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-08 16:50:45 +01:00
Michal Privoznik
65b9d9a619 viruri: Search params case insensitively
Our URI handling code (doRemoteOpen() specifically), uses case
insensitive parsing of query part of URI. For instance:

  qemu:///system?socket=/some/path
  qemu:///system?SoCkEt=/some/path

are the same URI. Even though the latter is probably not used
anywhere, let's switch to STRCASEEQ() instead of STREQ() at two
places: virURIGetParam() and virURICheckUnixSocket().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-08 16:50:44 +01:00
Erik Skultety
917749314c ci: Test with latest Avocado again
Test with the following fix:
https://github.com/avocado-framework/avocado/pull/5567/commits

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-08 16:36:10 +01:00
Michal Privoznik
5155ab4b2a qemu_namespace: Deal with nested mounts when umount()-ing /dev
In one of recent commits (v9.0.0-rc1~106) I've made our QEMU
namespace code umount the original /dev. One of the reasons was
enhanced security, because previously we just mounted a tmpfs
over the original /dev. Thus a malicious QEMU could just
umount("/dev") and it would get to the original /dev with all
nodes.

Now, on some systems this introduced a regression:

   failed to umount devfs on /dev: Device or resource busy

But how this could be? We've moved all file systems mounted under
/dev to a temporary location. Or have we? As it turns out, not
quite. If there are two file systems mounted on the same target,
e.g. like this:

  mount -t tmpfs tmpfs /dev/shm/ && mount -t tmpfs tmpfs /dev/shm/

then only the top most (i.e. the last one) is moved. See
qemuDomainUnshareNamespace() for more info.

Now, we could enhance our code to deal with these "doubled" mount
points. Or, since it is the top most file system that is
accessible anyways (and this one is preserved), we can
umount("/dev") in a recursive fashion.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167302
Fixes: 379c0ce4bf
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2023-02-08 08:39:17 +01:00
Michal Privoznik
697c16e39a qemu_process: Produce better debug message wrt domain namespaces
When going through debug log of a domain startup process, one can
meet the following line:

  debug : qemuProcessLaunch:7668 : Building mount namespace

But this is in fact wrong. Firstly, domain namespaces are just
enabled in domain's privateData. Secondly, the debug message says
nothing about actual state of namespace - whether it was enabled
or not.

Therefore, move the debug printing into
qemuProcessEnableDomainNamespaces() and tweak it so that the
actual value is reflected.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2023-02-08 08:37:28 +01:00