On Wed, Apr 25, 2018 at 03:03:37PM +0100, Daniel P. Berrangé wrote:
On Wed, Apr 25, 2018 at 03:57:05PM +0200, Martin Kletzander wrote:That is a job of libvirtd and virtlogd has a dependency on it, so that will prevent it properly. Doing it one extra time in virtlogd might also cause AVC denials because it is not allowed to call that dbus method. This basically reverts df34363d58bbf424d5c8170a93d3ad5dcd4afb26, but manually due to the numerous changes since that was merged. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1547250Doh, I totally missed/forgot commit df34363d58bbf424d5c8170a93d3ad5dcd4afb26 and yet I wrote it :-( I think the problem described in that commit still exists, for *unprivileged* libvirtd, as that's not systemd managed. We've applied the inhibition for both privileged and unprivilegd libvirtd's though. We could optimize so that we only do the inhibit when running unprivileged. That would avoid the dbus AVC since only privileged libvirtd is running with virtd_t type IIRC.
I was looking for that actually, but I don't think that's as clean solution as it could be. I'll do it that way just to fix the issue for now. For the future, however, I'll try to cook up a patch that will add a callback to virNetServer (or virNetDaemon) that will be called to ask whether the daemon can be shut down. Then virNetDaemonAutoShutdownTimer() will actually ask whether daemon and its servers can be shut down instead of just asking for clients. But I'll post that afterwards as a "clean-up" ;)
Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx> --- src/logging/log_daemon.c | 19 ++----------------- src/logging/log_handler.c | 28 ++++------------------------ src/logging/log_handler.h | 11 ++--------- 3 files changed, 8 insertions(+), 50 deletions(-) diff --git a/src/logging/log_daemon.c b/src/logging/log_daemon.c index 35d7ebb6d2bb..9cf3fd4dbb5f 100644 --- a/src/logging/log_daemon.c +++ b/src/logging/log_daemon.c @@ -123,17 +123,6 @@ virLogDaemonFree(virLogDaemonPtr logd) } -static void -virLogDaemonInhibitor(bool inhibit, void *opaque) -{ - virLogDaemonPtr dmn = opaque; - - if (inhibit) - virNetDaemonAddShutdownInhibition(dmn->dmn); - else - virNetDaemonRemoveShutdownInhibition(dmn->dmn); -} - static virLogDaemonPtr virLogDaemonNew(virLogDaemonConfigPtr config, bool privileged) { @@ -185,9 +174,7 @@ virLogDaemonNew(virLogDaemonConfigPtr config, bool privileged) if (!(logd->handler = virLogHandlerNew(privileged, config->max_size, - config->max_backups, - virLogDaemonInhibitor, - logd))) + config->max_backups))) goto error; return logd; @@ -277,9 +264,7 @@ virLogDaemonNewPostExecRestart(virJSONValuePtr object, bool privileged, if (!(logd->handler = virLogHandlerNewPostExecRestart(child, privileged, config->max_size, - config->max_backups, - virLogDaemonInhibitor, - logd))) + config->max_backups))) goto error; return logd; diff --git a/src/logging/log_handler.c b/src/logging/log_handler.c index 40dfa8ecaebe..6d4e539f078e 100644 --- a/src/logging/log_handler.c +++ b/src/logging/log_handler.c @@ -65,9 +65,6 @@ struct _virLogHandler { virLogHandlerLogFilePtr *files; size_t nfiles; - - virLogHandlerShutdownInhibitor inhibitor; - void *opaque; }; static virClassPtr virLogHandlerClass; @@ -174,7 +171,6 @@ virLogHandlerDomainLogFileEvent(int watch, return; error: - handler->inhibitor(false, handler->opaque); virLogHandlerLogFileClose(handler, logfile); virObjectUnlock(handler); } @@ -183,9 +179,7 @@ virLogHandlerDomainLogFileEvent(int watch, virLogHandlerPtr virLogHandlerNew(bool privileged, size_t max_size, - size_t max_backups, - virLogHandlerShutdownInhibitor inhibitor, - void *opaque) + size_t max_backups) { virLogHandlerPtr handler; @@ -198,8 +192,6 @@ virLogHandlerNew(bool privileged, handler->privileged = privileged; handler->max_size = max_size; handler->max_backups = max_backups; - handler->inhibitor = inhibitor; - handler->opaque = opaque; return handler; @@ -220,8 +212,6 @@ virLogHandlerLogFilePostExecRestart(virLogHandlerPtr handler, if (VIR_ALLOC(file) < 0) return NULL; - handler->inhibitor(true, handler->opaque); - if ((path = virJSONValueObjectGetString(object, "path")) == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing 'path' field in JSON document")); @@ -276,7 +266,6 @@ virLogHandlerLogFilePostExecRestart(virLogHandlerPtr handler, return file; error: - handler->inhibitor(false, handler->opaque); virLogHandlerLogFileFree(file); return NULL; } @@ -286,9 +275,7 @@ virLogHandlerPtr virLogHandlerNewPostExecRestart(virJSONValuePtr object, bool privileged, size_t max_size, - size_t max_backups, - virLogHandlerShutdownInhibitor inhibitor, - void *opaque) + size_t max_backups) { virLogHandlerPtr handler; virJSONValuePtr files; @@ -297,9 +284,7 @@ virLogHandlerNewPostExecRestart(virJSONValuePtr object, if (!(handler = virLogHandlerNew(privileged, max_size, - max_backups, - inhibitor, - opaque))) + max_backups))) return NULL; if (!(files = virJSONValueObjectGet(object, "files"))) { @@ -349,10 +334,8 @@ virLogHandlerDispose(void *obj) virLogHandlerPtr handler = obj; size_t i; - for (i = 0; i < handler->nfiles; i++) { - handler->inhibitor(false, handler->opaque); + for (i = 0; i < handler->nfiles; i++) virLogHandlerLogFileFree(handler->files[i]); - } VIR_FREE(handler->files); } @@ -373,8 +356,6 @@ virLogHandlerDomainOpenLogFile(virLogHandlerPtr handler, virObjectLock(handler); - handler->inhibitor(true, handler->opaque); - for (i = 0; i < handler->nfiles; i++) { if (STREQ(virRotatingFileWriterGetPath(handler->files[i]->file), path)) { @@ -429,7 +410,6 @@ virLogHandlerDomainOpenLogFile(virLogHandlerPtr handler, error: VIR_FORCE_CLOSE(pipefd[0]); VIR_FORCE_CLOSE(pipefd[1]); - handler->inhibitor(false, handler->opaque); virLogHandlerLogFileFree(file); virObjectUnlock(handler); return -1; diff --git a/src/logging/log_handler.h b/src/logging/log_handler.h index 70be567ccc37..76df55c55e57 100644 --- a/src/logging/log_handler.h +++ b/src/logging/log_handler.h @@ -30,20 +30,13 @@ typedef struct _virLogHandler virLogHandler; typedef virLogHandler *virLogHandlerPtr; -typedef void (*virLogHandlerShutdownInhibitor)(bool inhibit, - void *opaque); - virLogHandlerPtr virLogHandlerNew(bool privileged, size_t max_size, - size_t max_backups, - virLogHandlerShutdownInhibitor inhibitor, - void *opaque); + size_t max_backups); virLogHandlerPtr virLogHandlerNewPostExecRestart(virJSONValuePtr child, bool privileged, size_t max_size, - size_t max_backups, - virLogHandlerShutdownInhibitor inhibitor, - void *opaque); + size_t max_backups); void virLogHandlerFree(virLogHandlerPtr handler); -- 2.17.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-listRegards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list