[PATCH v1 23/34] qemuDomainBuildNamespace: Populate inputs from daemon's namespace

Michal Privoznik <mprivozn@xxxxxxxxxx> · Wed, 22 Jul 2020 11:40:17 +0200

As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain inputs into daemon's
namespace.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 src/qemu/qemu_domain_namespace.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/qemu/qemu_domain_namespace.c b/src/qemu/qemu_domain_namespace.c
index 8a77c067c8..f709fbb616 100644
--- a/src/qemu/qemu_domain_namespace.c
+++ b/src/qemu/qemu_domain_namespace.c
@@ -732,11 +732,11 @@ qemuDomainSetupAllGraphics(virDomainObjPtr vm,
 
 static int
 qemuDomainSetupInput(virDomainInputDefPtr input,
-                     const struct qemuDomainCreateDeviceData *data)
+                     char ***paths)
 {
     const char *path = virDomainInputDefGetPath(input);
 
-    if (path && qemuDomainCreateDevice(path, data, false) < 0)
+    if (path && virStringListAdd(paths, path) < 0)
         return -1;
 
     return 0;
@@ -745,14 +745,14 @@ qemuDomainSetupInput(virDomainInputDefPtr input,
 
 static int
 qemuDomainSetupAllInputs(virDomainObjPtr vm,
-                         const struct qemuDomainCreateDeviceData *data)
+                         char ***paths)
 {
     size_t i;
 
     VIR_DEBUG("Setting up inputs");
     for (i = 0; i < vm->def->ninputs; i++) {
         if (qemuDomainSetupInput(vm->def->inputs[i],
-                                 data) < 0)
+                                 paths) < 0)
             return -1;
     }
     VIR_DEBUG("Setup all inputs");
@@ -885,6 +885,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
     if (qemuDomainSetupAllGraphics(vm, &paths) < 0)
         return -1;
 
+    if (qemuDomainSetupAllInputs(vm, &paths) < 0)
+        return -1;
+
     if (qemuDomainNamespaceMknodPaths(vm, (const char **) paths) < 0)
         return -1;
 
@@ -936,9 +939,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
     if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
         goto cleanup;
 
-    if (qemuDomainSetupAllInputs(vm, &data) < 0)
-        goto cleanup;
-
     if (qemuDomainSetupAllRNGs(vm, &data) < 0)
         goto cleanup;
 
@@ -1872,15 +1872,15 @@ int
 qemuDomainNamespaceSetupInput(virDomainObjPtr vm,
                               virDomainInputDefPtr input)
 {
-    const char *path = NULL;
+    VIR_AUTOSTRINGLIST paths = NULL;
 
     if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
         return 0;
 
-    if (!(path = virDomainInputDefGetPath(input)))
-        return 0;
+    if (qemuDomainSetupInput(input, &paths) < 0)
+        return -1;
 
-    if (path && qemuDomainNamespaceMknodPath(vm, path) < 0)
+    if (qemuDomainNamespaceMknodPaths(vm, (const char **) paths) < 0)
         return -1;
     return 0;
 }
-- 
2.26.2







