On 02/04/2014 05:49 PM, Michal Privoznik wrote:
> This new flag is to be used for tainting domains which
> XML definition was altered at runtime by a hook script.
>
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> ---
> src/conf/domain_conf.c | 3 ++-
> src/conf/domain_conf.h | 1 +
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 28e24f9..98ac8c8 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -107,7 +107,8 @@ VIR_ENUM_IMPL(virDomainTaint, VIR_DOMAIN_TAINT_LAST,
> "shell-scripts",
> "disk-probing",
> "external-launch",
> - "host-cpu");
> + "host-cpu",
> + "hook-script");
So I came back to this series after considering network tainting again.
In the case of networks, your patch just always tainted the network
whenever a hook script was present. But in the case of domains, you're
only tainting it if the hook script modified the XML *and* libvirt
accepted/used that modified XML.
This makes me think two things:
1) we should probably be consistent, so if we only taint the domain if
the hook modifies the XML and we use that XML, then maybe we shouldn't
taint networks just because a hook script was called (or maybe domains
should always get a "hook-script" taint if a script is run at all, and a
different taint if the hook modifies the XML - see (2))
2) The real reason we're tainting the domain here is because a hook
modified the xml, NOT just because a hook was run, so the reason should
probably be something like "hook-modified-xml". In the future, we may
want to also taint all domains that had a script run at all, and in that
case we would still have "hook-script" available to use.
Other than that, this and PATCH 2/2 are fine - ACK.
>
> VIR_ENUM_IMPL(virDomainVirt, VIR_DOMAIN_VIRT_LAST,
> "qemu",
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index d8f2e49..dc5f8a1 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -2109,6 +2109,7 @@ enum virDomainTaintFlags {
> VIR_DOMAIN_TAINT_DISK_PROBING, /* Relying on potentially unsafe disk format probing */
> VIR_DOMAIN_TAINT_EXTERNAL_LAUNCH, /* Externally launched guest domain */
> VIR_DOMAIN_TAINT_HOST_CPU, /* Host CPU passthrough in use */
> + VIR_DOMAIN_TAINT_HOOK, /* Domain (possibly) changed via hook script */
>
> VIR_DOMAIN_TAINT_LAST
> };
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list