2010/7/26 Daniel P. Berrange <berrange@xxxxxxxxxx>:
> On Sat, Jul 24, 2010 at 12:28:11AM +0200, Jamie Strandboge wrote:
>> On Fri, 2010-07-23 at 19:24 +0200, Matthias Bolte wrote:
>> > virt-aa-helper used to ignore errors when opening files.
>> > Commit a8853344994a7c6aaca882a5e949ab5536821ab5 refactored
>> > the related code and changed this behavior. virt-aa-helper
>> > didn't ignore open errors anymore and virt-aa-helper-test
>> > fails.
>> >
>> > Make sure that virt-aa-helper ignores open errors again.
>> > ---
>> > src/security/virt-aa-helper.c | 2 +-
>> > 1 files changed, 1 insertions(+), 1 deletions(-)
>> >
>> > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
>> > index 521545d..16b1920 100644
>> > --- a/src/security/virt-aa-helper.c
>> > +++ b/src/security/virt-aa-helper.c
>> > @@ -846,7 +846,7 @@ get_files(vahControl * ctl)
>> > for (i = 0; i < ctl->def->ndisks; i++) {
>> > int ret = virDomainDiskDefForeachPath(ctl->def->disks[i],
>> > ctl->allowDiskFormatProbing,
>> > - false,
>> > + true,
>> > add_file_path,
>> > &buf);
>> > if (ret != 0)
>>
>> I'm not 100% sure on this one. I have been developing patches to adjust
>> for the new behavior on older releases and I did some shuffling to get
>> this to work with 'false'. I'm not ready to submit at this time, and
>> won't be able to get to it until the week after next. If this blocks
>> Matthias' work, then feel free to commit and I'll post with a different
>> patch if needed. Otherwise, we can wait.
>
> What is the scenario in which 'false' breaks things ? We use 'false' for
> the selinux driver already. The problem with 'true' is that it means the
> user will never see potentially important errors.
>
> Regards,
> Daniel
Maybe it's a problem that's triggered by the test only.
Passing 'false' makes virt-aa-helper-test fail for tests that involve
non-existing files:
$ ./virt-aa-helper-test
FAIL: exited with '1'
create (non-existent disk): '--dryrun -c -u
libvirt-00000000-0000-0000-0000-0123456789ab':
FAIL: exited with '1'
replace (non-existent disk): '--dryrun -r -u
libvirt-00000000-0000-0000-0000-0123456789ab':
Here's the command that virt-aa-helper-test executes for the first failing test:
$ LD_LIBRARY_PATH="../src/.libs/" ../src/virt-aa-helper --dryrun -c -u
libvirt-00000000-0000-0000-0000-0123456789ab <
/tmp/tmp.IFQ5dqTvp6/test.xml
virt-aa-helper: warning: path does not exist, skipping file type checks
virt-aa-helper: error: invalid VM definition
Here's the content of /tmp/tmp.IFQ5dqTvp6/test.xml
<domain type='kvm'>
<name>virt-aa-helper-test</name>
<uuid>00000000-0000-0000-0000-0123456789ab</uuid>
<memory>524288</memory>
<currentMemory>524288</currentMemory>
<vcpu>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/tmp/tmp.IFQ5dqTvp6/nonexistant.img'/>
<target dev='hda' bus='ide'/>
</disk>
<interface type='network'>
<mac address='52:54:00:50:4b:26'/>
<source network='default'/>
<model type='virtio'/>
</interface>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1'/>
<video>
<model type='cirrus' vram='9216' heads='1'/>
</video>
</devices>
</domain>
I noticed that this failed because the rewrite to use
virDomainDiskDefForeachPath changed the handling of non-existing
files. So I changed it back. That might not be the proper solution,
but it works. I seems that Jamie is working on a better solution for
that case.
Matthias
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list