|
 |
c1c534 |
From 2661dd59c5885adddb522be5e5542461f4e8bf3c Mon Sep 17 00:00:00 2001
|
|
|
c1c534 |
Message-Id: <2661dd59c5885adddb522be5e5542461f4e8bf3c@dist-git>
|
|
|
c1c534 |
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
|
|
c1c534 |
Date: Mon, 27 Nov 2017 14:21:01 +0100
|
|
|
c1c534 |
Subject: [PATCH] qemu: functions for dealing with input device namespaces and
|
|
|
c1c534 |
labels
|
|
|
c1c534 |
MIME-Version: 1.0
|
|
|
c1c534 |
Content-Type: text/plain; charset=UTF-8
|
|
|
c1c534 |
Content-Transfer-Encoding: 8bit
|
|
|
c1c534 |
|
|
|
c1c534 |
Introudce functions that will let us create the evdevs in namespaces
|
|
|
c1c534 |
and label the devices on input device hotplug/hotunplug.
|
|
|
c1c534 |
|
|
|
c1c534 |
(cherry picked from commit c4c7a18c4b8107b3521880eb20a94c928bdeacb0)
|
|
|
c1c534 |
|
|
|
c1c534 |
https://bugzilla.redhat.com/show_bug.cgi?id=1509866
|
|
|
c1c534 |
|
|
|
c1c534 |
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
|
|
c1c534 |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
c1c534 |
---
|
|
|
c1c534 |
src/qemu/qemu_domain.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
c1c534 |
src/qemu/qemu_domain.h | 6 ++++
|
|
|
c1c534 |
src/qemu/qemu_security.c | 58 ++++++++++++++++++++++++++++++++++++++
|
|
|
c1c534 |
src/qemu/qemu_security.h | 6 ++++
|
|
|
c1c534 |
4 files changed, 142 insertions(+)
|
|
|
c1c534 |
|
|
|
c1c534 |
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
|
|
|
c1c534 |
index dbe9ed5e98..138f773c22 100644
|
|
|
c1c534 |
--- a/src/qemu/qemu_domain.c
|
|
|
c1c534 |
+++ b/src/qemu/qemu_domain.c
|
|
|
c1c534 |
@@ -9997,6 +9997,78 @@ qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr driver,
|
|
|
c1c534 |
}
|
|
|
c1c534 |
|
|
|
c1c534 |
|
|
|
c1c534 |
+int
|
|
|
c1c534 |
+qemuDomainNamespaceSetupInput(virDomainObjPtr vm,
|
|
|
c1c534 |
+ virDomainInputDefPtr input)
|
|
|
c1c534 |
+{
|
|
|
c1c534 |
+ qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
c1c534 |
+ virQEMUDriverPtr driver = priv->driver;
|
|
|
c1c534 |
+ virQEMUDriverConfigPtr cfg = NULL;
|
|
|
c1c534 |
+ char **devMountsPath = NULL;
|
|
|
c1c534 |
+ size_t ndevMountsPath = 0;
|
|
|
c1c534 |
+ const char *path = NULL;
|
|
|
c1c534 |
+ int ret = -1;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (!(path = virDomainInputDefGetPath(input)))
|
|
|
c1c534 |
+ return 0;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
|
|
|
c1c534 |
+ return 0;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ cfg = virQEMUDriverGetConfig(driver);
|
|
|
c1c534 |
+ if (qemuDomainGetPreservedMounts(cfg, vm,
|
|
|
c1c534 |
+ &devMountsPath, NULL,
|
|
|
c1c534 |
+ &ndevMountsPath) < 0)
|
|
|
c1c534 |
+ goto cleanup;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (qemuDomainAttachDeviceMknod(driver, vm, path,
|
|
|
c1c534 |
+ devMountsPath, ndevMountsPath) < 0)
|
|
|
c1c534 |
+ goto cleanup;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ ret = 0;
|
|
|
c1c534 |
+ cleanup:
|
|
|
c1c534 |
+ virStringListFreeCount(devMountsPath, ndevMountsPath);
|
|
|
c1c534 |
+ virObjectUnref(cfg);
|
|
|
c1c534 |
+ return ret;
|
|
|
c1c534 |
+}
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+int
|
|
|
c1c534 |
+qemuDomainNamespaceTeardownInput(virDomainObjPtr vm,
|
|
|
c1c534 |
+ virDomainInputDefPtr input)
|
|
|
c1c534 |
+{
|
|
|
c1c534 |
+ qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
c1c534 |
+ virQEMUDriverPtr driver = priv->driver;
|
|
|
c1c534 |
+ virQEMUDriverConfigPtr cfg = NULL;
|
|
|
c1c534 |
+ char **devMountsPath = NULL;
|
|
|
c1c534 |
+ size_t ndevMountsPath = 0;
|
|
|
c1c534 |
+ const char *path = NULL;
|
|
|
c1c534 |
+ int ret = -1;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (!(path = virDomainInputDefGetPath(input)))
|
|
|
c1c534 |
+ return 0;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
|
|
|
c1c534 |
+ return 0;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ cfg = virQEMUDriverGetConfig(driver);
|
|
|
c1c534 |
+ if (qemuDomainGetPreservedMounts(cfg, vm,
|
|
|
c1c534 |
+ &devMountsPath, NULL,
|
|
|
c1c534 |
+ &ndevMountsPath) < 0)
|
|
|
c1c534 |
+ goto cleanup;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (qemuDomainDetachDeviceUnlink(driver, vm, path,
|
|
|
c1c534 |
+ devMountsPath, ndevMountsPath) < 0)
|
|
|
c1c534 |
+ goto cleanup;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ ret = 0;
|
|
|
c1c534 |
+ cleanup:
|
|
|
c1c534 |
+ virStringListFreeCount(devMountsPath, ndevMountsPath);
|
|
|
c1c534 |
+ virObjectUnref(cfg);
|
|
|
c1c534 |
+ return ret;
|
|
|
c1c534 |
+}
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+
|
|
|
c1c534 |
/**
|
|
|
c1c534 |
* qemuDomainDiskLookupByNodename:
|
|
|
c1c534 |
* @def: domain definition to look for the disk
|
|
|
c1c534 |
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
|
|
|
c1c534 |
index caf583373f..1a82922415 100644
|
|
|
c1c534 |
--- a/src/qemu/qemu_domain.h
|
|
|
c1c534 |
+++ b/src/qemu/qemu_domain.h
|
|
|
c1c534 |
@@ -969,6 +969,12 @@ int qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr driver,
|
|
|
c1c534 |
virDomainObjPtr vm,
|
|
|
c1c534 |
virDomainRNGDefPtr rng);
|
|
|
c1c534 |
|
|
|
c1c534 |
+int qemuDomainNamespaceSetupInput(virDomainObjPtr vm,
|
|
|
c1c534 |
+ virDomainInputDefPtr input);
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+int qemuDomainNamespaceTeardownInput(virDomainObjPtr vm,
|
|
|
c1c534 |
+ virDomainInputDefPtr input);
|
|
|
c1c534 |
+
|
|
|
c1c534 |
virDomainDiskDefPtr qemuDomainDiskLookupByNodename(virDomainDefPtr def,
|
|
|
c1c534 |
const char *nodename,
|
|
|
c1c534 |
virStorageSourcePtr *src,
|
|
|
c1c534 |
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
|
|
|
c1c534 |
index 6fc3b0bb6e..e7d2bbd5a3 100644
|
|
|
c1c534 |
--- a/src/qemu/qemu_security.c
|
|
|
c1c534 |
+++ b/src/qemu/qemu_security.c
|
|
|
c1c534 |
@@ -306,3 +306,61 @@ qemuSecurityRestoreMemoryLabel(virQEMUDriverPtr driver,
|
|
|
c1c534 |
virSecurityManagerTransactionAbort(driver->securityManager);
|
|
|
c1c534 |
return ret;
|
|
|
c1c534 |
}
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+int
|
|
|
c1c534 |
+qemuSecuritySetInputLabel(virDomainObjPtr vm,
|
|
|
c1c534 |
+ virDomainInputDefPtr input)
|
|
|
c1c534 |
+{
|
|
|
c1c534 |
+ qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
c1c534 |
+ virQEMUDriverPtr driver = priv->driver;
|
|
|
c1c534 |
+ int ret = -1;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
|
|
|
c1c534 |
+ virSecurityManagerTransactionStart(driver->securityManager) < 0)
|
|
|
c1c534 |
+ goto cleanup;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (virSecurityManagerSetInputLabel(driver->securityManager,
|
|
|
c1c534 |
+ vm->def,
|
|
|
c1c534 |
+ input) < 0)
|
|
|
c1c534 |
+ goto cleanup;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
|
|
|
c1c534 |
+ virSecurityManagerTransactionCommit(driver->securityManager,
|
|
|
c1c534 |
+ vm->pid) < 0)
|
|
|
c1c534 |
+ goto cleanup;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ ret = 0;
|
|
|
c1c534 |
+ cleanup:
|
|
|
c1c534 |
+ virSecurityManagerTransactionAbort(driver->securityManager);
|
|
|
c1c534 |
+ return ret;
|
|
|
c1c534 |
+}
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+int
|
|
|
c1c534 |
+qemuSecurityRestoreInputLabel(virDomainObjPtr vm,
|
|
|
c1c534 |
+ virDomainInputDefPtr input)
|
|
|
c1c534 |
+{
|
|
|
c1c534 |
+ qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
|
c1c534 |
+ virQEMUDriverPtr driver = priv->driver;
|
|
|
c1c534 |
+ int ret = -1;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
|
|
|
c1c534 |
+ virSecurityManagerTransactionStart(driver->securityManager) < 0)
|
|
|
c1c534 |
+ goto cleanup;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (virSecurityManagerRestoreInputLabel(driver->securityManager,
|
|
|
c1c534 |
+ vm->def,
|
|
|
c1c534 |
+ input) < 0)
|
|
|
c1c534 |
+ goto cleanup;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
|
|
|
c1c534 |
+ virSecurityManagerTransactionCommit(driver->securityManager,
|
|
|
c1c534 |
+ vm->pid) < 0)
|
|
|
c1c534 |
+ goto cleanup;
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+ ret = 0;
|
|
|
c1c534 |
+ cleanup:
|
|
|
c1c534 |
+ virSecurityManagerTransactionAbort(driver->securityManager);
|
|
|
c1c534 |
+ return ret;
|
|
|
c1c534 |
+}
|
|
|
c1c534 |
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
|
|
|
c1c534 |
index 7b25855bf9..76d63f06ec 100644
|
|
|
c1c534 |
--- a/src/qemu/qemu_security.h
|
|
|
c1c534 |
+++ b/src/qemu/qemu_security.h
|
|
|
c1c534 |
@@ -70,6 +70,12 @@ int qemuSecurityRestoreMemoryLabel(virQEMUDriverPtr driver,
|
|
|
c1c534 |
virDomainObjPtr vm,
|
|
|
c1c534 |
virDomainMemoryDefPtr mem);
|
|
|
c1c534 |
|
|
|
c1c534 |
+int qemuSecuritySetInputLabel(virDomainObjPtr vm,
|
|
|
c1c534 |
+ virDomainInputDefPtr input);
|
|
|
c1c534 |
+
|
|
|
c1c534 |
+int qemuSecurityRestoreInputLabel(virDomainObjPtr vm,
|
|
|
c1c534 |
+ virDomainInputDefPtr input);
|
|
|
c1c534 |
+
|
|
|
c1c534 |
/* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
|
|
|
c1c534 |
* new APIs here. If an API can touch a /dev file add a proper wrapper instead.
|
|
|
c1c534 |
*/
|
|
|
c1c534 |
--
|
|
|
c1c534 |
2.15.1
|
|
|
c1c534 |
|