As well as taint warnings going to the main libvirt log,
add taint warnings to the per-domain logfile
Domain id=3 is tainted: high-privileges
Domain id=3 is tainted: disk-probing
Domain id=3 is tainted: shell-scripts
Domain id=3 is tainted: custom-monitor
* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Enhance
qemuDomainTaint to also log to the domain logfile
* src/qemu/qemu_driver.c: Pass -1 for logFD to taint methods to
auto-append to logfile
* src/qemu/qemu_process.c: Pass open logFD at startup for taint
methods
---
src/qemu/qemu_domain.c | 44 ++++++++++++++++++++++++++++++++------------
src/qemu/qemu_domain.h | 12 ++++++++----
src/qemu/qemu_driver.c | 6 +++---
src/qemu/qemu_process.c | 2 +-
4 files changed, 44 insertions(+), 20 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 694c637..92940f5 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -746,10 +746,13 @@ cleanup:
return ret;
}
-void qemuDomainObjTaint(struct qemud_driver *driver ATTRIBUTE_UNUSED,
+void qemuDomainObjTaint(struct qemud_driver *driver,
virDomainObjPtr obj,
- enum virDomainTaintFlags taint)
+ enum virDomainTaintFlags taint,
+ int logFD)
{
+ virErrorPtr orig_err = NULL;
+
if (virDomainObjTaint(obj, taint)) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(obj->def->uuid, uuidstr);
@@ -759,53 +762,70 @@ void qemuDomainObjTaint(struct qemud_driver *driver ATTRIBUTE_UNUSED,
obj->def->name,
uuidstr,
virDomainTaintTypeToString(taint));
+
+ /* We don't care about errors logging taint info, so
+ * preserve original error, and clear any error that
+ * is raised */
+ orig_err = virSaveLastError();
+ if (qemuDomainAppendLog(driver, obj, logFD,
+ "Domain id=%d is tainted: %s\n",
+ obj->def->id,
+ virDomainTaintTypeToString(taint)) < 0)
+ virResetLastError();
+ if (orig_err) {
+ virSetError(orig_err);
+ virFreeError(orig_err);
+ }
}
}
void qemuDomainObjCheckTaint(struct qemud_driver *driver,
- virDomainObjPtr obj)
+ virDomainObjPtr obj,
+ int logFD)
{
int i;
if (!driver->clearEmulatorCapabilities ||
driver->user == 0 ||
driver->group == 0)
- qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
+ qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, logFD);
if (obj->def->namespaceData) {
qemuDomainCmdlineDefPtr qemucmd = obj->def->namespaceData;
if (qemucmd->num_args || qemucmd->num_env)
- qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_CUSTOM_ARGV);
+ qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_CUSTOM_ARGV, logFD);
}
for (i = 0 ; i < obj->def->ndisks ; i++)
- qemuDomainObjCheckDiskTaint(driver, obj, obj->def->disks[i]);
+ qemuDomainObjCheckDiskTaint(driver, obj, obj->def->disks[i], logFD);
for (i = 0 ; i < obj->def->nnets ; i++)
- qemuDomainObjCheckNetTaint(driver, obj, obj->def->nets[i]);
+ qemuDomainObjCheckNetTaint(driver, obj, obj->def->nets[i], logFD);
}
void qemuDomainObjCheckDiskTaint(struct qemud_driver *driver,
virDomainObjPtr obj,
- virDomainDiskDefPtr disk)
+ virDomainDiskDefPtr disk,
+ int logFD)
{
if (!disk->driverType &&
driver->allowDiskFormatProbing)
- qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_DISK_PROBING);
+ qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_DISK_PROBING, logFD);
}
void qemuDomainObjCheckNetTaint(struct qemud_driver *driver,
virDomainObjPtr obj,
- virDomainNetDefPtr net)
+ virDomainNetDefPtr net,
+ int logFD)
{
if ((net->type == VIR_DOMAIN_NET_TYPE_ETHERNET &&
net->data.ethernet.script != NULL) ||
(net->type == VIR_DOMAIN_NET_TYPE_BRIDGE &&
net->data.bridge.script != NULL))
- qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS);
+ qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS, logFD);
}
@@ -909,7 +929,7 @@ int qemuDomainAppendLog(struct qemud_driver *driver,
virReportOOMError();
goto cleanup;
}
- if (safewrite(logFD, message, strlen(message)) < 0) {
+ if (safewrite(fd, message, strlen(message)) < 0) {
virReportSystemError(errno, _("Unable to write to domain logfile %s"),
obj->def->name);
goto cleanup;
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 3e4d1ec..fb1743f 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -117,16 +117,20 @@ char *qemuDomainFormatXML(struct qemud_driver *driver,
void qemuDomainObjTaint(struct qemud_driver *driver,
virDomainObjPtr obj,
- enum virDomainTaintFlags taint);
+ enum virDomainTaintFlags taint,
+ int logFD);
void qemuDomainObjCheckTaint(struct qemud_driver *driver,
- virDomainObjPtr obj);
+ virDomainObjPtr obj,
+ int logFD);
void qemuDomainObjCheckDiskTaint(struct qemud_driver *driver,
virDomainObjPtr obj,
- virDomainDiskDefPtr disk);
+ virDomainDiskDefPtr disk,
+ int logFD);
void qemuDomainObjCheckNetTaint(struct qemud_driver *driver,
virDomainObjPtr obj,
- virDomainNetDefPtr net);
+ virDomainNetDefPtr net,
+ int logFD);
int qemuDomainCreateLog(struct qemud_driver *driver, virDomainObjPtr vm, bool append);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 535a762..0fd0f10 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3877,7 +3877,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
switch (dev->type) {
case VIR_DOMAIN_DEVICE_DISK:
- qemuDomainObjCheckDiskTaint(driver, vm, dev->data.disk);
+ qemuDomainObjCheckDiskTaint(driver, vm, dev->data.disk, -1);
ret = qemuDomainAttachDeviceDiskLive(driver, vm, dev);
if (!ret)
dev->data.disk = NULL;
@@ -3890,7 +3890,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
break;
case VIR_DOMAIN_DEVICE_NET:
- qemuDomainObjCheckNetTaint(driver, vm, dev->data.net);
+ qemuDomainObjCheckNetTaint(driver, vm, dev->data.net, -1);
ret = qemuDomainAttachNetDevice(dom->conn, driver, vm,
dev->data.net);
if (!ret)
@@ -6984,7 +6984,7 @@ static int qemuDomainMonitorCommand(virDomainPtr domain, const char *cmd,
priv = vm->privateData;
- qemuDomainObjTaint(driver, vm, VIR_DOMAIN_TAINT_CUSTOM_MONITOR);
+ qemuDomainObjTaint(driver, vm, VIR_DOMAIN_TAINT_CUSTOM_MONITOR, -1);
hmp = !!(flags & VIR_DOMAIN_QEMU_MONITOR_COMMAND_HMP);
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index eca85ae..bd7c932 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2239,7 +2239,7 @@ int qemuProcessStart(virConnectPtr conn,
virCommandWriteArgLog(cmd, logfile);
- qemuDomainObjCheckTaint(driver, vm);
+ qemuDomainObjCheckTaint(driver, vm, logfile);
if ((pos = lseek(logfile, 0, SEEK_END)) < 0)
VIR_WARN("Unable to seek to end of logfile: %s",
--
1.7.4.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list