Some configuration setups for guests are allowed, but strongly discouraged and unsupportable in production systems. Introduce a concept of 'tainting' to virDomainObjPtr to allow such setups to be identified. Drivers can then log warnings at suitable times * src/conf/domain_conf.c, src/conf/domain_conf.h: Declare taint flags and add parsing/formatting of domain status XML --- src/conf/domain_conf.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 16 ++++++++++++++ src/libvirt_private.syms | 3 ++ 3 files changed, 70 insertions(+), 0 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 2a681d9..8fe375f 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -50,6 +50,13 @@ #define VIR_FROM_THIS VIR_FROM_DOMAIN +VIR_ENUM_IMPL(virDomainTaint, VIR_DOMAIN_TAINT_LAST, + "custom-argv", + "custom-monitor", + "high-privileges", + "shell-scripts", + "disk-probing"); + VIR_ENUM_IMPL(virDomainVirt, VIR_DOMAIN_VIRT_LAST, "qemu", "kqemu", @@ -510,6 +517,20 @@ virDomainObjPtr virDomainFindByName(const virDomainObjListPtr doms, return obj; } + +bool virDomainObjTaint(virDomainObjPtr obj, + enum virDomainTaintFlags taint) +{ + int flag = (1 << taint); + + if (obj->taint & flag) + return false; + + obj->taint |= flag; + return true; +} + + static void virDomainGraphicsAuthDefClear(virDomainGraphicsAuthDefPtr def) { @@ -6250,6 +6271,8 @@ static virDomainObjPtr virDomainObjParseXML(virCapsPtr caps, xmlNodePtr config; xmlNodePtr oldnode; virDomainObjPtr obj; + xmlNodePtr *nodes = NULL; + int i, n; if (!(obj = virDomainObjNew(caps))) return NULL; @@ -6288,6 +6311,26 @@ static virDomainObjPtr virDomainObjParseXML(virCapsPtr caps, } obj->pid = (pid_t)val; + if ((n = virXPathNodeSet("./taint", ctxt, &nodes)) < 0) { + virDomainReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("failed to parse taint flags")); + goto error; + } + for (i = 0 ; i < n ; i++) { + char *str = virXMLPropString(nodes[i], "flag"); + if (str) { + int flag = virDomainTaintTypeFromString(str); + VIR_FREE(str); + if (flag < 0) { + virDomainReportError(VIR_ERR_INTERNAL_ERROR, + _("Unknown taint flag %s"), str); + goto error; + } + virDomainObjTaint(obj, flag); + } + } + VIR_FREE(nodes); + if (caps->privateDataXMLParse && ((caps->privateDataXMLParse)(ctxt, obj->privateData)) < 0) goto error; @@ -6297,6 +6340,7 @@ static virDomainObjPtr virDomainObjParseXML(virCapsPtr caps, error: /* obj was never shared, so unref should return 0 */ ignore_value(virDomainObjUnref(obj)); + VIR_FREE(nodes); return NULL; } @@ -8454,11 +8498,18 @@ static char *virDomainObjFormat(virCapsPtr caps, { char *config_xml = NULL; virBuffer buf = VIR_BUFFER_INITIALIZER; + int i; virBufferVSprintf(&buf, "<domstatus state='%s' pid='%d'>\n", virDomainStateTypeToString(obj->state), obj->pid); + for (i = 0 ; i < VIR_DOMAIN_TAINT_LAST ; i++) { + if (obj->taint & (1 << i)) + virBufferVSprintf(&buf, " <taint flag='%s'/>\n", + virDomainTaintTypeToString(i)); + } + if (caps->privateDataXMLFormat && ((caps->privateDataXMLFormat)(&buf, obj->privateData)) < 0) goto error; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 1dadf98..a0f820c 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1182,6 +1182,16 @@ struct _virDomainDef { virDomainXMLNamespace ns; }; +enum virDomainTaintFlags { + VIR_DOMAIN_TAINT_CUSTOM_ARGV, /* Custom ARGV passthrough from XML */ + VIR_DOMAIN_TAINT_CUSTOM_MONITOR, /* Custom monitor commands issued */ + VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, /* Running with undesirably high privileges */ + VIR_DOMAIN_TAINT_SHELL_SCRIPTS, /* Network configuration using opaque shell scripts */ + VIR_DOMAIN_TAINT_DISK_PROBING, /* Relying on potentially unsafe disk format probing */ + + VIR_DOMAIN_TAINT_LAST +}; + /* Guest VM runtime state */ typedef struct _virDomainObj virDomainObj; typedef virDomainObj *virDomainObjPtr; @@ -1204,6 +1214,8 @@ struct _virDomainObj { void *privateData; void (*privateDataFreeFunc)(void *); + + int taint; }; typedef struct _virDomainObjList virDomainObjList; @@ -1231,6 +1243,8 @@ virDomainObjPtr virDomainFindByUUID(const virDomainObjListPtr doms, virDomainObjPtr virDomainFindByName(const virDomainObjListPtr doms, const char *name); +bool virDomainObjTaint(virDomainObjPtr obj, + enum virDomainTaintFlags taint); void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def); void virDomainInputDefFree(virDomainInputDefPtr def); @@ -1429,6 +1443,8 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk, typedef const char* (*virLifecycleToStringFunc)(int type); typedef int (*virLifecycleFromStringFunc)(const char *type); +VIR_ENUM_DECL(virDomainTaint) + VIR_ENUM_DECL(virDomainVirt) VIR_ENUM_DECL(virDomainBoot) VIR_ENUM_DECL(virDomainFeature) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 1b22be6..508b044 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -300,6 +300,7 @@ virDomainObjListNumOfDomains; virDomainObjLock; virDomainObjRef; virDomainObjSetDefTransient; +virDomainObjTaint; virDomainObjUnlock; virDomainObjUnref; virDomainRemoveInactive; @@ -324,6 +325,8 @@ virDomainSoundModelTypeFromString; virDomainSoundModelTypeToString; virDomainStateTypeFromString; virDomainStateTypeToString; +virDomainTaintTypeFromString; +virDomainTaintTypeToString; virDomainTimerModeTypeFromString; virDomainTimerModeTypeToString; virDomainTimerNameTypeFromString; -- 1.7.4.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list