Re: [PATCH v2 08/10] qemu: cgroup and selinux for scsi hostdev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/04/13 20:01, Han Cheng wrote:
As libvirt gives guest minimal cgroup, we need to add sg into guest cgroup
whitelist for scsi hostdev. And we should set and restore selinux label
correctly for scsi hostdev.

Signed-off-by: Han Cheng <hanc.fnst@xxxxxxxxxxxxxx>
---
  src/qemu/qemu_cgroup.c          |   67 +++++++++++++++++++++++++++++++-------
  src/qemu/qemu_cgroup.h          |    3 ++
  src/security/security_selinux.c |   56 ++++++++++++++++++++++++++++++++
  3 files changed, 113 insertions(+), 13 deletions(-)

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index c9b4ca2..ea3d49b 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -194,6 +194,30 @@ int qemuSetupHostUsbDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
      return 0;
  }
+int qemuSetupHostScsiDeviceCgroup(virSCSIDevicePtr dev,
+                                     const char *path,
+                                     void *opaque)

Indentions.

+{
+    qemuCgroupData *data = opaque;
+    int rc;
+
+    VIR_DEBUG("Process path '%s' for SCSI device", path);
+    rc = virCgroupAllowDevicePath(data->cgroup, path,
+                                  (virSCSIDeviceGetReadonly(dev) ? VIR_CGROUP_DEVICE_READ
+                                   : VIR_CGROUP_DEVICE_RW));

No need for the around ().


+    virDomainAuditCgroupPath(data->vm, data->cgroup, "allow", path,
+                             virSCSIDeviceGetReadonly(dev) ? "r" : "rw", rc);
+    if (rc < 0) {
+        virReportSystemError(-rc,
+                             _("Unable to allow device %s"),
+                             path);
+        return -1;
+    }
+
+    return 0;
+
+}
+
  int qemuSetupCgroup(virQEMUDriverPtr driver,
                      virDomainObjPtr vm,
                      virBitmapPtr nodemask)
@@ -291,26 +315,43 @@ int qemuSetupCgroup(virQEMUDriverPtr driver,
for (i = 0; i < vm->def->nhostdevs; i++) {
              virDomainHostdevDefPtr hostdev = vm->def->hostdevs[i];
-            virUSBDevicePtr usb;
+            virUSBDevicePtr usb = NULL;
+            virSCSIDevicePtr scsi = NULL;
if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
                  continue;
-            if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB)
-                continue;
-            if (hostdev->missing)
-                continue;
+            switch (hostdev->source.subsys.type) {
+            case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
+                if (hostdev->missing)
+                    continue;
- if ((usb = virUSBDeviceNew(hostdev->source.subsys.u.usb.bus,
-                                       hostdev->source.subsys.u.usb.device,
-                                       NULL)) == NULL)
-                goto cleanup;
+                if ((usb = virUSBDeviceNew(hostdev->source.subsys.u.usb.bus,
+                                           hostdev->source.subsys.u.usb.device,
+                                           NULL)) == NULL)
+                    goto cleanup;
- if (virUSBDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup,
-                                        &data) < 0) {
+                if (virUSBDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup,
+                                            &data) < 0) {
+                    goto cleanup;
+                }
                  virUSBDeviceFree(usb);
-                goto cleanup;
+                break;
+            case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI:
+                if ((scsi = virSCSIDeviceNew(hostdev->source.subsys.u.scsi.adapter,
+                                             hostdev->source.subsys.u.scsi.bus,
+                                             hostdev->source.subsys.u.scsi.target,
+                                             hostdev->source.subsys.u.scsi.unit,
+                                             hostdev->readonly))== NULL)
+                    goto cleanup;
+
+                if (virSCSIDeviceFileIterate(scsi, qemuSetupHostScsiDeviceCgroup,
+                                             &data) < 0) {
+                    virSCSIDeviceFree(scsi);
+                    goto cleanup;
+                }
+                virSCSIDeviceFree(scsi);
+                break;
              }
-            virUSBDeviceFree(usb);
          }
      }
diff --git a/src/qemu/qemu_cgroup.h b/src/qemu/qemu_cgroup.h
index a677d07..b9c6807 100644
--- a/src/qemu/qemu_cgroup.h
+++ b/src/qemu/qemu_cgroup.h
@@ -45,6 +45,9 @@ int qemuTeardownDiskCgroup(virDomainObjPtr vm,
  int qemuSetupHostUsbDeviceCgroup(virUSBDevicePtr dev,
                                   const char *path,
                                   void *opaque);
+int qemuSetupHostScsiDeviceCgroup(virSCSIDevicePtr dev,
+                                     const char *path,
+                                     void *opaque);

Indention.

Otherwise looks good.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]