From e8394ab5b5d2e8a03eceddcd3b91b48c5ccc25e4 Mon Sep 17 00:00:00 2001 From: Daniel P. Berrange Date: Aug 23 2010 18:45:47 +0000 Subject: Update 0.8.3 release --- diff --git a/libvirt-0.8.2-01-extract-backing-store-format.patch b/libvirt-0.8.2-01-extract-backing-store-format.patch deleted file mode 100644 index 569cf0a..0000000 --- a/libvirt-0.8.2-01-extract-backing-store-format.patch +++ /dev/null @@ -1,356 +0,0 @@ -From 953440bd12608a20007ee5da5ab69fbbe910bd28 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Mon, 14 Jun 2010 15:53:59 +0100 -Subject: [PATCH 01/11] Extract the backing store format as well as name, if available - -When QEMU opens a backing store for a QCow2 file, it will -normally auto-probe for the format of the backing store, -rather than assuming it has the same format as the referencing -file. There is a QCow2 extension that allows an explicit format -for the backing store to be embedded in the referencing file. -This closes the auto-probing security hole in QEMU. - -This backing store format can be useful for libvirt users -of virStorageFileGetMetadata, so extract this data and report -it. - -QEMU does not require disk image backing store files to be in -the same format the file linkee. It will auto-probe the disk -format for the backing store when opening it. If the backing -store was intended to be a raw file this could be a security -hole, because a guest may have written data into its disk that -then makes the backing store look like a qcow2 file. If it can -trick QEMU into thinking the raw file is a qcow2 file, it can -access arbitrary files on the host by adding further backing -store links. - -To address this, callers of virStorageFileGetMeta need to be -told of the backing store format. If no format is declared, -they can make a decision whether to allow format probing or -not. ---- - src/util/storage_file.c | 206 +++++++++++++++++++++++++++++++++++++++++------ - src/util/storage_file.h | 2 + - 2 files changed, 183 insertions(+), 25 deletions(-) - -diff --git a/src/util/storage_file.c b/src/util/storage_file.c -index 0adea40..80f743e 100644 ---- a/src/util/storage_file.c -+++ b/src/util/storage_file.c -@@ -78,12 +78,33 @@ struct FileTypeInfo { - int qcowCryptOffset; /* Byte offset from start of file - * where to find encryption mode, - * -1 if encryption is not used */ -- int (*getBackingStore)(char **res, const unsigned char *buf, size_t buf_size); -+ int (*getBackingStore)(char **res, int *format, -+ const unsigned char *buf, size_t buf_size); - }; - --static int cowGetBackingStore(char **, const unsigned char *, size_t); --static int qcowXGetBackingStore(char **, const unsigned char *, size_t); --static int vmdk4GetBackingStore(char **, const unsigned char *, size_t); -+static int cowGetBackingStore(char **, int *, -+ const unsigned char *, size_t); -+static int qcow1GetBackingStore(char **, int *, -+ const unsigned char *, size_t); -+static int qcow2GetBackingStore(char **, int *, -+ const unsigned char *, size_t); -+static int vmdk4GetBackingStore(char **, int *, -+ const unsigned char *, size_t); -+ -+#define QCOWX_HDR_VERSION (4) -+#define QCOWX_HDR_BACKING_FILE_OFFSET (QCOWX_HDR_VERSION+4) -+#define QCOWX_HDR_BACKING_FILE_SIZE (QCOWX_HDR_BACKING_FILE_OFFSET+8) -+#define QCOWX_HDR_IMAGE_SIZE (QCOWX_HDR_BACKING_FILE_SIZE+4+4) -+ -+#define QCOW1_HDR_CRYPT (QCOWX_HDR_IMAGE_SIZE+8+1+1) -+#define QCOW2_HDR_CRYPT (QCOWX_HDR_IMAGE_SIZE+8) -+ -+#define QCOW1_HDR_TOTAL_SIZE (QCOW1_HDR_CRYPT+4+8) -+#define QCOW2_HDR_TOTAL_SIZE (QCOW2_HDR_CRYPT+4+4+8+8+4+4+8) -+ -+#define QCOW2_HDR_EXTENSION_END 0 -+#define QCOW2_HDR_EXTENSION_BACKING_FORMAT 0xE2792ACA -+ - - - static struct FileTypeInfo const fileTypeInfo[] = { -@@ -119,11 +140,11 @@ static struct FileTypeInfo const fileTypeInfo[] = { - /* QCow */ - { VIR_STORAGE_FILE_QCOW, "QFI", NULL, - LV_BIG_ENDIAN, 4, 1, -- 4+4+8+4+4, 8, 1, 4+4+8+4+4+8+1+1+2, qcowXGetBackingStore }, -+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore }, - /* QCow 2 */ - { VIR_STORAGE_FILE_QCOW2, "QFI", NULL, - LV_BIG_ENDIAN, 4, 2, -- 4+4+8+4+4, 8, 1, 4+4+8+4+4+8, qcowXGetBackingStore }, -+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore }, - /* VMDK 3 */ - /* XXX Untested - { VIR_STORAGE_FILE_VMDK, "COWD", NULL, -@@ -142,11 +163,14 @@ static struct FileTypeInfo const fileTypeInfo[] = { - - static int - cowGetBackingStore(char **res, -+ int *format, - const unsigned char *buf, - size_t buf_size) - { - #define COW_FILENAME_MAXLEN 1024 - *res = NULL; -+ *format = VIR_STORAGE_FILE_AUTO; -+ - if (buf_size < 4+4+ COW_FILENAME_MAXLEN) - return BACKING_STORE_INVALID; - if (buf[4+4] == '\0') /* cow_header_v2.backing_file[0] */ -@@ -160,31 +184,98 @@ cowGetBackingStore(char **res, - return BACKING_STORE_OK; - } - -+ -+static int -+qcow2GetBackingStoreFormat(int *format, -+ const unsigned char *buf, -+ size_t buf_size, -+ size_t extension_start, -+ size_t extension_end) -+{ -+ size_t offset = extension_start; -+ -+ /* -+ * The extensions take format of -+ * -+ * int32: magic -+ * int32: length -+ * byte[length]: payload -+ * -+ * Unknown extensions can be ignored by skipping -+ * over "length" bytes in the data stream. -+ */ -+ while (offset < (buf_size-8) && -+ offset < (extension_end-8)) { -+ unsigned int magic = -+ (buf[offset] << 24) + -+ (buf[offset+1] << 16) + -+ (buf[offset+2] << 8) + -+ (buf[offset+3]); -+ unsigned int len = -+ (buf[offset+4] << 24) + -+ (buf[offset+5] << 16) + -+ (buf[offset+6] << 8) + -+ (buf[offset+7]); -+ -+ offset += 8; -+ -+ if ((offset + len) < offset) -+ break; -+ -+ if ((offset + len) > buf_size) -+ break; -+ -+ switch (magic) { -+ case QCOW2_HDR_EXTENSION_END: -+ goto done; -+ -+ case QCOW2_HDR_EXTENSION_BACKING_FORMAT: -+ if (buf[offset+len] != '\0') -+ break; -+ *format = virStorageFileFormatTypeFromString( -+ ((const char *)buf)+offset); -+ break; -+ } -+ -+ offset += len; -+ } -+ -+done: -+ -+ return 0; -+} -+ -+ - static int - qcowXGetBackingStore(char **res, -+ int *format, - const unsigned char *buf, -- size_t buf_size) -+ size_t buf_size, -+ bool isQCow2) - { - unsigned long long offset; - unsigned long size; - - *res = NULL; -- if (buf_size < 4+4+8+4) -+ if (format) -+ *format = VIR_STORAGE_FILE_AUTO; -+ -+ if (buf_size < QCOWX_HDR_BACKING_FILE_OFFSET+8+4) - return BACKING_STORE_INVALID; -- offset = (((unsigned long long)buf[4+4] << 56) -- | ((unsigned long long)buf[4+4+1] << 48) -- | ((unsigned long long)buf[4+4+2] << 40) -- | ((unsigned long long)buf[4+4+3] << 32) -- | ((unsigned long long)buf[4+4+4] << 24) -- | ((unsigned long long)buf[4+4+5] << 16) -- | ((unsigned long long)buf[4+4+6] << 8) -- | buf[4+4+7]); /* QCowHeader.backing_file_offset */ -+ offset = (((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET] << 56) -+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+1] << 48) -+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+2] << 40) -+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+3] << 32) -+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+4] << 24) -+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+5] << 16) -+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+6] << 8) -+ | buf[QCOWX_HDR_BACKING_FILE_OFFSET+7]); /* QCowHeader.backing_file_offset */ - if (offset > buf_size) - return BACKING_STORE_INVALID; -- size = ((buf[4+4+8] << 24) -- | (buf[4+4+8+1] << 16) -- | (buf[4+4+8+2] << 8) -- | buf[4+4+8+3]); /* QCowHeader.backing_file_size */ -+ size = ((buf[QCOWX_HDR_BACKING_FILE_SIZE] << 24) -+ | (buf[QCOWX_HDR_BACKING_FILE_SIZE+1] << 16) -+ | (buf[QCOWX_HDR_BACKING_FILE_SIZE+2] << 8) -+ | buf[QCOWX_HDR_BACKING_FILE_SIZE+3]); /* QCowHeader.backing_file_size */ - if (size == 0) - return BACKING_STORE_OK; - if (offset + size > buf_size || offset + size < offset) -@@ -197,12 +288,63 @@ qcowXGetBackingStore(char **res, - } - memcpy(*res, buf + offset, size); - (*res)[size] = '\0'; -+ -+ /* -+ * Traditionally QCow2 files had a layout of -+ * -+ * [header] -+ * [backingStoreName] -+ * -+ * Although the backingStoreName typically followed -+ * the header immediately, this was not required by -+ * the format. By specifying a higher byte offset for -+ * the backing file offset in the header, it was -+ * possible to leave space between the header and -+ * start of backingStore. -+ * -+ * This hack is now used to store extensions to the -+ * qcow2 format: -+ * -+ * [header] -+ * [extensions] -+ * [backingStoreName] -+ * -+ * Thus the file region to search for extensions is -+ * between the end of the header (QCOW2_HDR_TOTAL_SIZE) -+ * and the start of the backingStoreName (offset) -+ */ -+ if (isQCow2) -+ qcow2GetBackingStoreFormat(format, buf, buf_size, QCOW2_HDR_TOTAL_SIZE, offset); -+ - return BACKING_STORE_OK; - } - - - static int -+qcow1GetBackingStore(char **res, -+ int *format, -+ const unsigned char *buf, -+ size_t buf_size) -+{ -+ /* QCow1 doesn't have the extensions capability -+ * used to store backing format */ -+ *format = VIR_STORAGE_FILE_AUTO; -+ return qcowXGetBackingStore(res, NULL, buf, buf_size, false); -+} -+ -+static int -+qcow2GetBackingStore(char **res, -+ int *format, -+ const unsigned char *buf, -+ size_t buf_size) -+{ -+ return qcowXGetBackingStore(res, format, buf, buf_size, true); -+} -+ -+ -+static int - vmdk4GetBackingStore(char **res, -+ int *format, - const unsigned char *buf, - size_t buf_size) - { -@@ -212,6 +354,14 @@ vmdk4GetBackingStore(char **res, - size_t len; - - *res = NULL; -+ /* -+ * Technically this should have been VMDK, since -+ * VMDK spec / VMWare impl only support VMDK backed -+ * by VMDK. QEMU isn't following this though and -+ * does probing on VMDK backing files, hence we set -+ * AUTO -+ */ -+ *format = VIR_STORAGE_FILE_AUTO; - - if (buf_size <= 0x200) - return BACKING_STORE_INVALID; -@@ -358,9 +508,12 @@ virStorageFileGetMetadataFromFD(const char *path, - /* Validation passed, we know the file format now */ - meta->format = fileTypeInfo[i].type; - if (fileTypeInfo[i].getBackingStore != NULL) { -- char *base; -+ char *backing; -+ int backingFormat; - -- switch (fileTypeInfo[i].getBackingStore(&base, head, len)) { -+ switch (fileTypeInfo[i].getBackingStore(&backing, -+ &backingFormat, -+ head, len)) { - case BACKING_STORE_OK: - break; - -@@ -370,13 +523,16 @@ virStorageFileGetMetadataFromFD(const char *path, - case BACKING_STORE_ERROR: - return -1; - } -- if (base != NULL) { -- meta->backingStore = absolutePathFromBaseFile(path, base); -- VIR_FREE(base); -+ if (backing != NULL) { -+ meta->backingStore = absolutePathFromBaseFile(path, backing); -+ VIR_FREE(backing); - if (meta->backingStore == NULL) { - virReportOOMError(); - return -1; - } -+ meta->backingStoreFormat = backingFormat; -+ } else { -+ meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO; - } - } - return 0; -diff --git a/src/util/storage_file.h b/src/util/storage_file.h -index 58533ee..6328ba7 100644 ---- a/src/util/storage_file.h -+++ b/src/util/storage_file.h -@@ -28,6 +28,7 @@ - # include - - enum virStorageFileFormat { -+ VIR_STORAGE_FILE_AUTO = -1, - VIR_STORAGE_FILE_RAW = 0, - VIR_STORAGE_FILE_DIR, - VIR_STORAGE_FILE_BOCHS, -@@ -47,6 +48,7 @@ VIR_ENUM_DECL(virStorageFileFormat); - typedef struct _virStorageFileMetadata { - int format; - char *backingStore; -+ int backingStoreFormat; - unsigned long long capacity; - bool encrypted; - } virStorageFileMetadata; --- -1.7.1.1 - diff --git a/libvirt-0.8.2-02-remove-type-field.patch b/libvirt-0.8.2-02-remove-type-field.patch deleted file mode 100644 index 74672f5..0000000 --- a/libvirt-0.8.2-02-remove-type-field.patch +++ /dev/null @@ -1,159 +0,0 @@ -From cab428b1d4d432965cee6f5afb67265557706715 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Mon, 14 Jun 2010 16:39:32 +0100 -Subject: [PATCH 02/11] Remove 'type' field from FileTypeInfo struct - -Instead of including a field in FileTypeInfo struct for the -disk format, rely on the array index matching the format. -Use verify() to assert the correct number of elements in the -array. - -* src/util/storage_file.c: remove type field from FileTypeInfo ---- - src/util/storage_file.c | 108 +++++++++++++++++++++++----------------------- - 1 files changed, 54 insertions(+), 54 deletions(-) - -diff --git a/src/util/storage_file.c b/src/util/storage_file.c -index 80f743e..df0e3a1 100644 ---- a/src/util/storage_file.c -+++ b/src/util/storage_file.c -@@ -58,7 +58,6 @@ enum { - - /* Either 'magic' or 'extension' *must* be provided */ - struct FileTypeInfo { -- int type; /* One of the constants above */ - const char *magic; /* Optional string of file magic - * to check at head of file */ - const char *extension; /* Optional file extension to check */ -@@ -108,58 +107,59 @@ static int vmdk4GetBackingStore(char **, int *, - - - static struct FileTypeInfo const fileTypeInfo[] = { -- /* Bochs */ -- /* XXX Untested -- { VIR_STORAGE_FILE_BOCHS, "Bochs Virtual HD Image", NULL, -- LV_LITTLE_ENDIAN, 64, 0x20000, -- 32+16+16+4+4+4+4+4, 8, 1, -1, NULL },*/ -- /* CLoop */ -- /* XXX Untested -- { VIR_STORAGE_VOL_CLOOP, "#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1\n", NULL, -- LV_LITTLE_ENDIAN, -1, 0, -- -1, 0, 0, -1, NULL }, */ -- /* Cow */ -- { VIR_STORAGE_FILE_COW, "OOOM", NULL, -- LV_BIG_ENDIAN, 4, 2, -- 4+4+1024+4, 8, 1, -1, cowGetBackingStore }, -- /* DMG */ -- /* XXX QEMU says there's no magic for dmg, but we should check... */ -- { VIR_STORAGE_FILE_DMG, NULL, ".dmg", -- 0, -1, 0, -- -1, 0, 0, -1, NULL }, -- /* XXX there's probably some magic for iso we can validate too... */ -- { VIR_STORAGE_FILE_ISO, NULL, ".iso", -- 0, -1, 0, -- -1, 0, 0, -1, NULL }, -- /* Parallels */ -- /* XXX Untested -- { VIR_STORAGE_FILE_PARALLELS, "WithoutFreeSpace", NULL, -- LV_LITTLE_ENDIAN, 16, 2, -- 16+4+4+4+4, 4, 512, -1, NULL }, -- */ -- /* QCow */ -- { VIR_STORAGE_FILE_QCOW, "QFI", NULL, -- LV_BIG_ENDIAN, 4, 1, -- QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore }, -- /* QCow 2 */ -- { VIR_STORAGE_FILE_QCOW2, "QFI", NULL, -- LV_BIG_ENDIAN, 4, 2, -- QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore }, -- /* VMDK 3 */ -- /* XXX Untested -- { VIR_STORAGE_FILE_VMDK, "COWD", NULL, -- LV_LITTLE_ENDIAN, 4, 1, -- 4+4+4, 4, 512, -1, NULL }, -- */ -- /* VMDK 4 */ -- { VIR_STORAGE_FILE_VMDK, "KDMV", NULL, -- LV_LITTLE_ENDIAN, 4, 1, -- 4+4+4, 8, 512, -1, vmdk4GetBackingStore }, -- /* Connectix / VirtualPC */ -- { VIR_STORAGE_FILE_VPC, "conectix", NULL, -- LV_BIG_ENDIAN, 12, 0x10000, -- 8 + 4 + 4 + 8 + 4 + 4 + 2 + 2 + 4, 8, 1, -1, NULL}, -+ [VIR_STORAGE_FILE_RAW] = { NULL, NULL, LV_LITTLE_ENDIAN, -1, 0, 0, 0, 0, 0, NULL }, -+ [VIR_STORAGE_FILE_DIR] = { NULL, NULL, LV_LITTLE_ENDIAN, -1, 0, 0, 0, 0, 0, NULL }, -+ [VIR_STORAGE_FILE_BOCHS] = { -+ /*"Bochs Virtual HD Image", */ /* Untested */ NULL, -+ NULL, -+ LV_LITTLE_ENDIAN, 64, 0x20000, -+ 32+16+16+4+4+4+4+4, 8, 1, -1, NULL -+ }, -+ [VIR_STORAGE_FILE_CLOOP] = { -+ /*"#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1\n", */ /* Untested */ NULL, -+ NULL, -+ LV_LITTLE_ENDIAN, -1, 0, -+ -1, 0, 0, -1, NULL -+ }, -+ [VIR_STORAGE_FILE_COW] = { -+ "OOOM", NULL, -+ LV_BIG_ENDIAN, 4, 2, -+ 4+4+1024+4, 8, 1, -1, cowGetBackingStore -+ }, -+ [VIR_STORAGE_FILE_DMG] = { -+ NULL, /* XXX QEMU says there's no magic for dmg, but we should check... */ -+ ".dmg", -+ 0, -1, 0, -+ -1, 0, 0, -1, NULL -+ }, -+ [VIR_STORAGE_FILE_ISO] = { -+ NULL, /* XXX there's probably some magic for iso we can validate too... */ -+ ".iso", -+ 0, -1, 0, -+ -1, 0, 0, -1, NULL -+ }, -+ [VIR_STORAGE_FILE_QCOW] = { -+ "QFI", NULL, -+ LV_BIG_ENDIAN, 4, 1, -+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore, -+ }, -+ [VIR_STORAGE_FILE_QCOW2] = { -+ "QFI", NULL, -+ LV_BIG_ENDIAN, 4, 2, -+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore, -+ }, -+ [VIR_STORAGE_FILE_VMDK] = { -+ "KDMV", NULL, -+ LV_LITTLE_ENDIAN, 4, 1, -+ 4+4+4, 8, 512, -1, vmdk4GetBackingStore -+ }, -+ [VIR_STORAGE_FILE_VPC] = { -+ "conectix", NULL, -+ LV_BIG_ENDIAN, 12, 0x10000, -+ 8 + 4 + 4 + 8 + 4 + 4 + 2 + 2 + 4, 8, 1, -1, NULL -+ }, - }; -+verify(ARRAY_CARDINALITY(fileTypeInfo) == VIR_STORAGE_FILE_LAST); - - static int - cowGetBackingStore(char **res, -@@ -506,7 +506,7 @@ virStorageFileGetMetadataFromFD(const char *path, - } - - /* Validation passed, we know the file format now */ -- meta->format = fileTypeInfo[i].type; -+ meta->format = i; - if (fileTypeInfo[i].getBackingStore != NULL) { - char *backing; - int backingFormat; -@@ -546,7 +546,7 @@ virStorageFileGetMetadataFromFD(const char *path, - if (!virFileHasSuffix(path, fileTypeInfo[i].extension)) - continue; - -- meta->format = fileTypeInfo[i].type; -+ meta->format = i; - return 0; - } - --- -1.7.1.1 - diff --git a/libvirt-0.8.2-03-refactor-metadata-extract.patch b/libvirt-0.8.2-03-refactor-metadata-extract.patch deleted file mode 100644 index d868825..0000000 --- a/libvirt-0.8.2-03-refactor-metadata-extract.patch +++ /dev/null @@ -1,585 +0,0 @@ -From 57482ca0be29e9e92e242c9acb577e0b770c01d1 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Tue, 15 Jun 2010 14:58:10 +0100 -Subject: [PATCH 03/11] Refactor virStorageFileGetMetadataFromFD to separate functionality - -The virStorageFileGetMetadataFromFD did two jobs in one. First -it probed for storage type, then it extracted metadata for the -type. It is desirable to be able to separate these jobs, allowing -probing without querying metadata, and querying metadata without -probing. - -To prepare for this, split out probing code into a new pair of -methods - - virStorageFileProbeFormatFromFD - virStorageFileProbeFormat - -* src/util/storage_file.c, src/util/storage_file.h, - src/libvirt_private.syms: Introduce virStorageFileProbeFormat - and virStorageFileProbeFormatFromFD ---- - src/libvirt_private.syms | 2 + - src/util/storage_file.c | 460 +++++++++++++++++++++++++++++++++------------- - src/util/storage_file.h | 4 + - 3 files changed, 335 insertions(+), 131 deletions(-) - -diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms -index 778ceb1..4607f49 100644 ---- a/src/libvirt_private.syms -+++ b/src/libvirt_private.syms -@@ -628,6 +628,8 @@ virStorageGenerateQcowPassphrase; - # storage_file.h - virStorageFileFormatTypeToString; - virStorageFileFormatTypeFromString; -+virStorageFileProbeFormat; -+virStorageFileProbeFormatFromFD; - virStorageFileGetMetadata; - virStorageFileGetMetadataFromFD; - virStorageFileIsSharedFS; -diff --git a/src/util/storage_file.c b/src/util/storage_file.c -index df0e3a1..221268b 100644 ---- a/src/util/storage_file.c -+++ b/src/util/storage_file.c -@@ -104,6 +104,9 @@ static int vmdk4GetBackingStore(char **, int *, - #define QCOW2_HDR_EXTENSION_END 0 - #define QCOW2_HDR_EXTENSION_BACKING_FORMAT 0xE2792ACA - -+/* VMDK needs at least this to find backing store, -+ * other formats are less */ -+#define STORAGE_MAX_HEAD (20*512) - - - static struct FileTypeInfo const fileTypeInfo[] = { -@@ -349,9 +352,14 @@ vmdk4GetBackingStore(char **res, - size_t buf_size) - { - static const char prefix[] = "parentFileNameHint=\""; -- -- char desc[20*512 + 1], *start, *end; -+ char *desc, *start, *end; - size_t len; -+ int ret = BACKING_STORE_ERROR; -+ -+ if (VIR_ALLOC_N(desc, STORAGE_MAX_HEAD + 1) < 0) { -+ virReportOOMError(); -+ goto cleanup; -+ } - - *res = NULL; - /* -@@ -363,29 +371,42 @@ vmdk4GetBackingStore(char **res, - */ - *format = VIR_STORAGE_FILE_AUTO; - -- if (buf_size <= 0x200) -- return BACKING_STORE_INVALID; -+ if (buf_size <= 0x200) { -+ ret = BACKING_STORE_INVALID; -+ goto cleanup; -+ } - len = buf_size - 0x200; -- if (len > sizeof(desc) - 1) -- len = sizeof(desc) - 1; -+ if (len > STORAGE_MAX_HEAD) -+ len = STORAGE_MAX_HEAD; - memcpy(desc, buf + 0x200, len); - desc[len] = '\0'; - start = strstr(desc, prefix); -- if (start == NULL) -- return BACKING_STORE_OK; -+ if (start == NULL) { -+ ret = BACKING_STORE_OK; -+ goto cleanup; -+ } - start += strlen(prefix); - end = strchr(start, '"'); -- if (end == NULL) -- return BACKING_STORE_INVALID; -- if (end == start) -- return BACKING_STORE_OK; -+ if (end == NULL) { -+ ret = BACKING_STORE_INVALID; -+ goto cleanup; -+ } -+ if (end == start) { -+ ret = BACKING_STORE_OK; -+ goto cleanup; -+ } - *end = '\0'; - *res = strdup(start); - if (*res == NULL) { - virReportOOMError(); -- return BACKING_STORE_ERROR; -+ goto cleanup; - } -- return BACKING_STORE_OK; -+ -+ ret = BACKING_STORE_OK; -+ -+cleanup: -+ VIR_FREE(desc); -+ return ret; - } - - /** -@@ -411,148 +432,325 @@ absolutePathFromBaseFile(const char *base_file, const char *path) - return res; - } - --/** -- * Probe the header of a file to determine what type of disk image -- * it is, and info about its capacity if available. -- */ --int --virStorageFileGetMetadataFromFD(const char *path, -- int fd, -- virStorageFileMetadata *meta) -+ -+static bool -+virStorageFileMatchesMagic(int format, -+ unsigned char *buf, -+ size_t buflen) - { -- unsigned char head[20*512]; /* vmdk4GetBackingStore needs this much. */ -- int len, i; -+ int mlen; - -- memset(meta, 0, sizeof (*meta)); -+ if (fileTypeInfo[format].magic == NULL) -+ return false; - -- /* If all else fails, call it a raw file */ -- meta->format = VIR_STORAGE_FILE_RAW; -+ /* Validate magic data */ -+ mlen = strlen(fileTypeInfo[format].magic); -+ if (mlen > buflen) -+ return false; - -- if ((len = read(fd, head, sizeof(head))) < 0) { -- virReportSystemError(errno, _("cannot read header '%s'"), path); -- return -1; -+ if (memcmp(buf, fileTypeInfo[format].magic, mlen) != 0) -+ return false; -+ -+ return true; -+} -+ -+ -+static bool -+virStorageFileMatchesExtension(int format, -+ const char *path) -+{ -+ if (fileTypeInfo[format].extension == NULL) -+ return false; -+ -+ if (virFileHasSuffix(path, fileTypeInfo[format].extension)) -+ return true; -+ -+ return false; -+} -+ -+ -+static bool -+virStorageFileMatchesVersion(int format, -+ unsigned char *buf, -+ size_t buflen) -+{ -+ int version; -+ -+ /* Validate version number info */ -+ if (fileTypeInfo[format].versionOffset == -1) -+ return false; -+ -+ if ((fileTypeInfo[format].versionOffset + 4) > buflen) -+ return false; -+ -+ if (fileTypeInfo[format].endian == LV_LITTLE_ENDIAN) { -+ version = -+ (buf[fileTypeInfo[format].versionOffset+3] << 24) | -+ (buf[fileTypeInfo[format].versionOffset+2] << 16) | -+ (buf[fileTypeInfo[format].versionOffset+1] << 8) | -+ (buf[fileTypeInfo[format].versionOffset]); -+ } else { -+ version = -+ (buf[fileTypeInfo[format].versionOffset] << 24) | -+ (buf[fileTypeInfo[format].versionOffset+1] << 16) | -+ (buf[fileTypeInfo[format].versionOffset+2] << 8) | -+ (buf[fileTypeInfo[format].versionOffset+3]); - } -+ if (version != fileTypeInfo[format].versionNumber) -+ return false; - -- /* First check file magic */ -- for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) { -- int mlen; -- -- if (fileTypeInfo[i].magic == NULL) -- continue; -- -- /* Validate magic data */ -- mlen = strlen(fileTypeInfo[i].magic); -- if (mlen > len) -- continue; -- if (memcmp(head, fileTypeInfo[i].magic, mlen) != 0) -- continue; -- -- /* Validate version number info */ -- if (fileTypeInfo[i].versionNumber != -1) { -- int version; -- -- if (fileTypeInfo[i].endian == LV_LITTLE_ENDIAN) { -- version = (head[fileTypeInfo[i].versionOffset+3] << 24) | -- (head[fileTypeInfo[i].versionOffset+2] << 16) | -- (head[fileTypeInfo[i].versionOffset+1] << 8) | -- head[fileTypeInfo[i].versionOffset]; -- } else { -- version = (head[fileTypeInfo[i].versionOffset] << 24) | -- (head[fileTypeInfo[i].versionOffset+1] << 16) | -- (head[fileTypeInfo[i].versionOffset+2] << 8) | -- head[fileTypeInfo[i].versionOffset+3]; -- } -- if (version != fileTypeInfo[i].versionNumber) -- continue; -- } -+ return true; -+} - -- /* Optionally extract capacity from file */ -- if (fileTypeInfo[i].sizeOffset != -1) { -- if (fileTypeInfo[i].endian == LV_LITTLE_ENDIAN) { -- meta->capacity = -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+7] << 56) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+6] << 48) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+5] << 40) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+4] << 32) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+3] << 24) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+2] << 16) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+1] << 8) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset]); -- } else { -- meta->capacity = -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset] << 56) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+1] << 48) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+2] << 40) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+3] << 32) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+4] << 24) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+5] << 16) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+6] << 8) | -- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+7]); -- } -- /* Avoid unlikely, but theoretically possible overflow */ -- if (meta->capacity > (ULLONG_MAX / fileTypeInfo[i].sizeMultiplier)) -- continue; -- meta->capacity *= fileTypeInfo[i].sizeMultiplier; -- } - -- if (fileTypeInfo[i].qcowCryptOffset != -1) { -- int crypt_format; -+static int -+virStorageFileGetMetadataFromBuf(int format, -+ const char *path, -+ unsigned char *buf, -+ size_t buflen, -+ virStorageFileMetadata *meta) -+{ -+ /* XXX we should consider moving virStorageBackendUpdateVolInfo -+ * code into this method, for non-magic files -+ */ -+ if (!fileTypeInfo[format].magic) { -+ return 0; -+ } - -- crypt_format = (head[fileTypeInfo[i].qcowCryptOffset] << 24) | -- (head[fileTypeInfo[i].qcowCryptOffset+1] << 16) | -- (head[fileTypeInfo[i].qcowCryptOffset+2] << 8) | -- head[fileTypeInfo[i].qcowCryptOffset+3]; -- meta->encrypted = crypt_format != 0; -+ /* Optionally extract capacity from file */ -+ if (fileTypeInfo[format].sizeOffset != -1) { -+ if ((fileTypeInfo[format].sizeOffset + 8) > buflen) -+ return 1; -+ -+ if (fileTypeInfo[format].endian == LV_LITTLE_ENDIAN) { -+ meta->capacity = -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+7] << 56) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+6] << 48) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+5] << 40) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+4] << 32) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+3] << 24) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+2] << 16) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+1] << 8) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset]); -+ } else { -+ meta->capacity = -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset] << 56) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+1] << 48) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+2] << 40) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+3] << 32) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+4] << 24) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+5] << 16) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+6] << 8) | -+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+7]); - } -+ /* Avoid unlikely, but theoretically possible overflow */ -+ if (meta->capacity > (ULLONG_MAX / fileTypeInfo[format].sizeMultiplier)) -+ return 1; -+ meta->capacity *= fileTypeInfo[format].sizeMultiplier; -+ } - -- /* Validation passed, we know the file format now */ -- meta->format = i; -- if (fileTypeInfo[i].getBackingStore != NULL) { -- char *backing; -- int backingFormat; -+ if (fileTypeInfo[format].qcowCryptOffset != -1) { -+ int crypt_format; - -- switch (fileTypeInfo[i].getBackingStore(&backing, -- &backingFormat, -- head, len)) { -- case BACKING_STORE_OK: -- break; -+ crypt_format = -+ (buf[fileTypeInfo[format].qcowCryptOffset] << 24) | -+ (buf[fileTypeInfo[format].qcowCryptOffset+1] << 16) | -+ (buf[fileTypeInfo[format].qcowCryptOffset+2] << 8) | -+ (buf[fileTypeInfo[format].qcowCryptOffset+3]); -+ meta->encrypted = crypt_format != 0; -+ } - -- case BACKING_STORE_INVALID: -- continue; -+ if (fileTypeInfo[format].getBackingStore != NULL) { -+ char *backing; -+ int backingFormat; -+ int ret = fileTypeInfo[format].getBackingStore(&backing, -+ &backingFormat, -+ buf, buflen); -+ if (ret == BACKING_STORE_INVALID) -+ return 1; -+ -+ if (ret == BACKING_STORE_ERROR) -+ return -1; - -- case BACKING_STORE_ERROR: -+ if (backing != NULL) { -+ meta->backingStore = absolutePathFromBaseFile(path, backing); -+ VIR_FREE(backing); -+ if (meta->backingStore == NULL) { -+ virReportOOMError(); - return -1; - } -- if (backing != NULL) { -- meta->backingStore = absolutePathFromBaseFile(path, backing); -- VIR_FREE(backing); -- if (meta->backingStore == NULL) { -- virReportOOMError(); -- return -1; -- } -- meta->backingStoreFormat = backingFormat; -- } else { -- meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO; -- } -+ meta->backingStoreFormat = backingFormat; -+ } else { -+ meta->backingStore = NULL; -+ meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO; -+ } -+ } -+ -+ return 0; -+} -+ -+ -+static int -+virStorageFileProbeFormatFromBuf(const char *path, -+ unsigned char *buf, -+ size_t buflen) -+{ -+ int format = VIR_STORAGE_FILE_RAW; -+ int i; -+ -+ /* First check file magic */ -+ for (i = 0 ; i < VIR_STORAGE_FILE_LAST ; i++) { -+ if (virStorageFileMatchesMagic(i, buf, buflen) && -+ virStorageFileMatchesVersion(i, buf, buflen)) { -+ format = i; -+ goto cleanup; - } -- return 0; - } - - /* No magic, so check file extension */ -- for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) { -- if (fileTypeInfo[i].extension == NULL) -- continue; -+ for (i = 0 ; i < VIR_STORAGE_FILE_LAST ; i++) { -+ if (virStorageFileMatchesExtension(i, path)) { -+ format = i; -+ goto cleanup; -+ } -+ } - -- if (!virFileHasSuffix(path, fileTypeInfo[i].extension)) -- continue; -+cleanup: -+ return format; -+} - -- meta->format = i; -- return 0; -+ -+/** -+ * virStorageFileProbeFormatFromFD: -+ * -+ * Probe for the format of 'fd' (which is an open file descriptor -+ * pointing to 'path'), returning the detected disk format. -+ * -+ * Callers are advised never to trust the returned 'format' -+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a -+ * malicious guest can turn a file into any other non-raw -+ * format at will. -+ * -+ * Best option: Don't use this function -+ */ -+int -+virStorageFileProbeFormatFromFD(const char *path, int fd) -+{ -+ unsigned char *head; -+ ssize_t len = STORAGE_MAX_HEAD; -+ int ret = -1; -+ -+ if (VIR_ALLOC_N(head, len) < 0) { -+ virReportOOMError(); -+ return -1; - } - -- return 0; -+ if (lseek(fd, 0, SEEK_SET) == (off_t)-1) { -+ virReportSystemError(errno, _("cannot set to start of '%s'"), path); -+ goto cleanup; -+ } -+ -+ if ((len = read(fd, head, len)) < 0) { -+ virReportSystemError(errno, _("cannot read header '%s'"), path); -+ goto cleanup; -+ } -+ -+ ret = virStorageFileProbeFormatFromBuf(path, head, len); -+ -+cleanup: -+ VIR_FREE(head); -+ return ret; -+} -+ -+ -+/** -+ * virStorageFileProbeFormat: -+ * -+ * Probe for the format of 'path', returning the detected -+ * disk format. -+ * -+ * Callers are advised never to trust the returned 'format' -+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a -+ * malicious guest can turn a raw file into any other non-raw -+ * format at will. -+ * -+ * Best option: Don't use this function -+ */ -+int -+virStorageFileProbeFormat(const char *path) -+{ -+ int fd, ret; -+ -+ if ((fd = open(path, O_RDONLY)) < 0) { -+ virReportSystemError(errno, _("cannot open file '%s'"), path); -+ return -1; -+ } -+ -+ ret = virStorageFileProbeFormatFromFD(path, fd); -+ -+ close(fd); -+ -+ return ret; - } - -+/** -+ * virStorageFileGetMetadataFromFD: -+ * -+ * Probe for the format of 'fd' (which is an open file descriptor -+ * for the file 'path'), filling 'meta' with the detected -+ * format and other associated metadata. -+ * -+ * Callers are advised never to trust the returned 'meta->format' -+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a -+ * malicious guest can turn a raw file into any other non-raw -+ * format at will. -+ */ -+int -+virStorageFileGetMetadataFromFD(const char *path, -+ int fd, -+ virStorageFileMetadata *meta) -+{ -+ unsigned char *head; -+ ssize_t len = STORAGE_MAX_HEAD; -+ int ret = -1; -+ -+ if (VIR_ALLOC_N(head, len) < 0) { -+ virReportOOMError(); -+ return -1; -+ } -+ -+ memset(meta, 0, sizeof (*meta)); -+ -+ if (lseek(fd, 0, SEEK_SET) == (off_t)-1) { -+ virReportSystemError(errno, _("cannot set to start of '%s'"), path); -+ goto cleanup; -+ } -+ -+ if ((len = read(fd, head, len)) < 0) { -+ virReportSystemError(errno, _("cannot read header '%s'"), path); -+ goto cleanup; -+ } -+ -+ meta->format = virStorageFileProbeFormatFromBuf(path, head, len); -+ -+ ret = virStorageFileGetMetadataFromBuf(meta->format, path, head, len, meta); -+ -+cleanup: -+ VIR_FREE(head); -+ return ret; -+} -+ -+/** -+ * virStorageFileGetMetadata: -+ * -+ * Probe for the format of 'path', filling 'meta' with the detected -+ * format and other associated metadata. -+ * -+ * Callers are advised never to trust the returned 'meta->format' -+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a -+ * malicious guest can turn a raw file into any other non-raw -+ * format at will. -+ */ - int - virStorageFileGetMetadata(const char *path, - virStorageFileMetadata *meta) -diff --git a/src/util/storage_file.h b/src/util/storage_file.h -index 6328ba7..3420d44 100644 ---- a/src/util/storage_file.h -+++ b/src/util/storage_file.h -@@ -57,6 +57,10 @@ typedef struct _virStorageFileMetadata { - # define DEV_BSIZE 512 - # endif - -+int virStorageFileProbeFormat(const char *path); -+int virStorageFileProbeFormatFromFD(const char *path, -+ int fd); -+ - int virStorageFileGetMetadata(const char *path, - virStorageFileMetadata *meta); - int virStorageFileGetMetadataFromFD(const char *path, --- -1.7.1.1 - diff --git a/libvirt-0.8.2-04-require-storage-format.patch b/libvirt-0.8.2-04-require-storage-format.patch deleted file mode 100644 index deb4c37..0000000 --- a/libvirt-0.8.2-04-require-storage-format.patch +++ /dev/null @@ -1,285 +0,0 @@ -From 726a63a437efd96510ce316bf30d16f213d4db27 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Tue, 15 Jun 2010 16:15:51 +0100 -Subject: [PATCH 04/11] Require format to be passed into virStorageFileGetMetadata - -Require the disk image to be passed into virStorageFileGetMetadata. -If this is set to VIR_STORAGE_FILE_AUTO, then the format will be -resolved using probing. This makes it easier to control when -probing will be used - -* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c, - src/security/security_selinux.c, src/security/virt-aa-helper.c: - Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata. -* src/storage/storage_backend_fs.c: Probe for disk format before - calling virStorageFileGetMetadata. -* src/util/storage_file.h, src/util/storage_file.c: Remove format - from virStorageFileMeta struct & require it to be passed into - method. ---- - src/qemu/qemu_driver.c | 27 +++++++++++++++++--- - src/qemu/qemu_security_dac.c | 4 ++- - src/security/security_selinux.c | 4 ++- - src/security/virt-aa-helper.c | 4 ++- - src/storage/storage_backend_fs.c | 11 ++++++-- - src/util/storage_file.c | 50 +++++++++++++++++++++++++------------ - src/util/storage_file.h | 3 +- - 7 files changed, 76 insertions(+), 27 deletions(-) - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 487bfa3..97f2990 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -3069,7 +3069,9 @@ static int qemuSetupDiskCgroup(virCgroupPtr cgroup, - } - } - -- rc = virStorageFileGetMetadata(path, &meta); -+ rc = virStorageFileGetMetadata(path, -+ VIR_STORAGE_FILE_AUTO, -+ &meta); - if (rc < 0) - VIR_WARN("Unable to lookup parent image for %s", path); - -@@ -3119,7 +3121,9 @@ static int qemuTeardownDiskCgroup(virCgroupPtr cgroup, - } - } - -- rc = virStorageFileGetMetadata(path, &meta); -+ rc = virStorageFileGetMetadata(path, -+ VIR_STORAGE_FILE_AUTO, -+ &meta); - if (rc < 0) - VIR_WARN("Unable to lookup parent image for %s", path); - -@@ -9614,6 +9618,7 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom, - virDomainDiskDefPtr disk = NULL; - struct stat sb; - int i; -+ int format; - - virCheckFlags(0, -1); - -@@ -9658,7 +9663,21 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom, - } - - /* Probe for magic formats */ -- if (virStorageFileGetMetadataFromFD(path, fd, &meta) < 0) -+ if (disk->driverType) { -+ if ((format = virStorageFileFormatTypeFromString(disk->driverType)) < 0) { -+ qemuReportError(VIR_ERR_INTERNAL_ERROR, -+ _("unknown disk format %s for %s"), -+ disk->driverType, disk->src); -+ goto cleanup; -+ } -+ } else { -+ if ((format = virStorageFileProbeFormat(disk->src)) < 0) -+ goto cleanup; -+ } -+ -+ if (virStorageFileGetMetadataFromFD(path, fd, -+ format, -+ &meta) < 0) - goto cleanup; - - /* Get info for normal formats */ -@@ -9706,7 +9725,7 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom, - highest allocated extent from QEMU */ - if (virDomainObjIsActive(vm) && - disk->type == VIR_DOMAIN_DISK_TYPE_BLOCK && -- meta.format != VIR_STORAGE_FILE_RAW && -+ format != VIR_STORAGE_FILE_RAW && - S_ISBLK(sb.st_mode)) { - qemuDomainObjPrivatePtr priv = vm->privateData; - if (qemuDomainObjBeginJob(vm) < 0) -diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c -index 95015b0..acfe48e 100644 ---- a/src/qemu/qemu_security_dac.c -+++ b/src/qemu/qemu_security_dac.c -@@ -115,7 +115,9 @@ qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, - virStorageFileMetadata meta; - int ret; - -- ret = virStorageFileGetMetadata(path, &meta); -+ ret = virStorageFileGetMetadata(path, -+ VIR_STORAGE_FILE_AUTO, -+ &meta); - - if (path != disk->src) - VIR_FREE(path); -diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c -index e5eef19..5c0f002 100644 ---- a/src/security/security_selinux.c -+++ b/src/security/security_selinux.c -@@ -457,7 +457,9 @@ SELinuxSetSecurityImageLabel(virDomainObjPtr vm, - virStorageFileMetadata meta; - int ret; - -- ret = virStorageFileGetMetadata(path, &meta); -+ ret = virStorageFileGetMetadata(path, -+ VIR_STORAGE_FILE_AUTO, -+ &meta); - - if (path != disk->src) - VIR_FREE(path); -diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c -index c66f107..2c045e6 100644 ---- a/src/security/virt-aa-helper.c -+++ b/src/security/virt-aa-helper.c -@@ -830,7 +830,9 @@ get_files(vahControl * ctl) - do { - virStorageFileMetadata meta; - -- ret = virStorageFileGetMetadata(path, &meta); -+ ret = virStorageFileGetMetadata(path, -+ VIR_STORAGE_FILE_AUTO, -+ &meta); - - if (path != ctl->def->disks[i]->src) - VIR_FREE(path); -diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c -index f0cd770..d3ac0fe 100644 ---- a/src/storage/storage_backend_fs.c -+++ b/src/storage/storage_backend_fs.c -@@ -75,14 +75,19 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target, - - memset(&meta, 0, sizeof(meta)); - -- if (virStorageFileGetMetadataFromFD(target->path, fd, &meta) < 0) { -+ if ((target->format = virStorageFileProbeFormatFromFD(target->path, fd)) < 0) { - close(fd); - return -1; - } - -- close(fd); -+ if (virStorageFileGetMetadataFromFD(target->path, fd, -+ target->format, -+ &meta) < 0) { -+ close(fd); -+ return -1; -+ } - -- target->format = meta.format; -+ close(fd); - - if (backingStore) { - *backingStore = meta.backingStore; -diff --git a/src/util/storage_file.c b/src/util/storage_file.c -index 221268b..9712d92 100644 ---- a/src/util/storage_file.c -+++ b/src/util/storage_file.c -@@ -696,18 +696,23 @@ virStorageFileProbeFormat(const char *path) - /** - * virStorageFileGetMetadataFromFD: - * -- * Probe for the format of 'fd' (which is an open file descriptor -- * for the file 'path'), filling 'meta' with the detected -- * format and other associated metadata. -+ * Extract metadata about the storage volume with the specified -+ * image format. If image format is VIR_STORAGE_FILE_AUTO, it -+ * will probe to automatically identify the format. - * -- * Callers are advised never to trust the returned 'meta->format' -- * unless it is listed as VIR_STORAGE_FILE_RAW, since a -- * malicious guest can turn a raw file into any other non-raw -- * format at will. -+ * Callers are advised never to use VIR_STORAGE_FILE_AUTO as a -+ * format, since a malicious guest can turn a raw file into any -+ * other non-raw format at will. -+ * -+ * If the returned meta.backingStoreFormat is VIR_STORAGE_FILE_AUTO -+ * it indicates the image didn't specify an explicit format for its -+ * backing store. Callers are advised against probing for the -+ * backing store format in this case. - */ - int - virStorageFileGetMetadataFromFD(const char *path, - int fd, -+ int format, - virStorageFileMetadata *meta) - { - unsigned char *head; -@@ -731,9 +736,16 @@ virStorageFileGetMetadataFromFD(const char *path, - goto cleanup; - } - -- meta->format = virStorageFileProbeFormatFromBuf(path, head, len); -+ if (format == VIR_STORAGE_FILE_AUTO) -+ format = virStorageFileProbeFormatFromBuf(path, head, len); -+ -+ if (format < 0 || -+ format >= VIR_STORAGE_FILE_LAST) { -+ virReportSystemError(EINVAL, _("unknown storage file format %d"), format); -+ return -1; -+ } - -- ret = virStorageFileGetMetadataFromBuf(meta->format, path, head, len, meta); -+ ret = virStorageFileGetMetadataFromBuf(format, path, head, len, meta); - - cleanup: - VIR_FREE(head); -@@ -743,16 +755,22 @@ cleanup: - /** - * virStorageFileGetMetadata: - * -- * Probe for the format of 'path', filling 'meta' with the detected -- * format and other associated metadata. -+ * Extract metadata about the storage volume with the specified -+ * image format. If image format is VIR_STORAGE_FILE_AUTO, it -+ * will probe to automatically identify the format. - * -- * Callers are advised never to trust the returned 'meta->format' -- * unless it is listed as VIR_STORAGE_FILE_RAW, since a -- * malicious guest can turn a raw file into any other non-raw -- * format at will. -+ * Callers are advised never to use VIR_STORAGE_FILE_AUTO as a -+ * format, since a malicious guest can turn a raw file into any -+ * other non-raw format at will. -+ * -+ * If the returned meta.backingStoreFormat is VIR_STORAGE_FILE_AUTO -+ * it indicates the image didn't specify an explicit format for its -+ * backing store. Callers are advised against probing for the -+ * backing store format in this case. - */ - int - virStorageFileGetMetadata(const char *path, -+ int format, - virStorageFileMetadata *meta) - { - int fd, ret; -@@ -762,7 +780,7 @@ virStorageFileGetMetadata(const char *path, - return -1; - } - -- ret = virStorageFileGetMetadataFromFD(path, fd, meta); -+ ret = virStorageFileGetMetadataFromFD(path, fd, format, meta); - - close(fd); - -diff --git a/src/util/storage_file.h b/src/util/storage_file.h -index 3420d44..6853182 100644 ---- a/src/util/storage_file.h -+++ b/src/util/storage_file.h -@@ -46,7 +46,6 @@ enum virStorageFileFormat { - VIR_ENUM_DECL(virStorageFileFormat); - - typedef struct _virStorageFileMetadata { -- int format; - char *backingStore; - int backingStoreFormat; - unsigned long long capacity; -@@ -62,9 +61,11 @@ int virStorageFileProbeFormatFromFD(const char *path, - int fd); - - int virStorageFileGetMetadata(const char *path, -+ int format, - virStorageFileMetadata *meta); - int virStorageFileGetMetadataFromFD(const char *path, - int fd, -+ int format, - virStorageFileMetadata *meta); - - int virStorageFileIsSharedFS(const char *path); --- -1.7.1.1 - diff --git a/libvirt-0.8.2-05-disk-path-iterator.patch b/libvirt-0.8.2-05-disk-path-iterator.patch deleted file mode 100644 index 4f74940..0000000 --- a/libvirt-0.8.2-05-disk-path-iterator.patch +++ /dev/null @@ -1,170 +0,0 @@ -From ac5067f1e2e98181ee0e9230f756697f50d853eb Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Mon, 14 Jun 2010 18:09:15 +0100 -Subject: [PATCH 05/11] Add an API for iterating over disk paths - -There is duplicated code which iterates over disk backing stores -performing some action. Provide a convenient helper for doing -this to eliminate duplication & risk of mistakes with disk format -probing - -* src/conf/domain_conf.c, src/conf/domain_conf.h, - src/libvirt_private.syms: Add virDomainDiskDefForeachPath() ---- - src/conf/domain_conf.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++ - src/conf/domain_conf.h | 11 +++++ - src/libvirt_private.syms | 1 + - 3 files changed, 111 insertions(+), 0 deletions(-) - -diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c -index 378c06e..b20ca97 100644 ---- a/src/conf/domain_conf.c -+++ b/src/conf/domain_conf.c -@@ -45,6 +45,7 @@ - #include "macvtap.h" - #include "nwfilter_conf.h" - #include "ignore-value.h" -+#include "storage_file.h" - - #define VIR_FROM_THIS VIR_FROM_DOMAIN - -@@ -7273,4 +7274,102 @@ done: - } - - -+int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk, -+ bool allowProbing, -+ bool ignoreOpenFailure, -+ virDomainDiskDefPathIterator iter, -+ void *opaque) -+{ -+ virHashTablePtr paths; -+ int format; -+ int ret = -1; -+ size_t depth = 0; -+ char *nextpath = NULL; -+ -+ if (!disk->src) -+ return 0; -+ -+ if (disk->driverType) { -+ const char *formatStr = disk->driverType; -+ if (STREQ(formatStr, "aio")) -+ formatStr = "raw"; /* Xen compat */ -+ -+ if ((format = virStorageFileFormatTypeFromString(formatStr)) < 0) { -+ virDomainReportError(VIR_ERR_INTERNAL_ERROR, -+ _("unknown disk format '%s' for %s"), -+ disk->driverType, disk->src); -+ return -1; -+ } -+ } else { -+ if (allowProbing) { -+ format = VIR_STORAGE_FILE_AUTO; -+ } else { -+ virDomainReportError(VIR_ERR_INTERNAL_ERROR, -+ _("no disk format for %s and probing is disabled"), -+ disk->src); -+ return -1; -+ } -+ } -+ -+ paths = virHashCreate(5); -+ -+ do { -+ virStorageFileMetadata meta; -+ const char *path = nextpath ? nextpath : disk->src; -+ int fd; -+ -+ if (iter(disk, path, depth, opaque) < 0) -+ goto cleanup; -+ -+ if (virHashLookup(paths, path)) { -+ virDomainReportError(VIR_ERR_INTERNAL_ERROR, -+ _("backing store for %s is self-referential"), -+ disk->src); -+ goto cleanup; -+ } -+ -+ if ((fd = open(path, O_RDONLY)) < 0) { -+ if (ignoreOpenFailure) { -+ char ebuf[1024]; -+ VIR_WARN("Ignoring open failure on %s: %s", path, -+ virStrerror(errno, ebuf, sizeof(ebuf))); -+ break; -+ } else { -+ virReportSystemError(errno, -+ _("unable to open disk path %s"), -+ path); -+ goto cleanup; -+ } -+ } -+ -+ if (virStorageFileGetMetadataFromFD(path, fd, format, &meta) < 0) { -+ close(fd); -+ goto cleanup; -+ } -+ close(fd); -+ -+ if (virHashAddEntry(paths, path, (void*)0x1) < 0) { -+ virReportOOMError(); -+ goto cleanup; -+ } -+ -+ depth++; -+ nextpath = meta.backingStore; -+ -+ format = meta.backingStoreFormat; -+ -+ if (format == VIR_STORAGE_FILE_AUTO && -+ !allowProbing) -+ format = VIR_STORAGE_FILE_RAW; /* Stops further recursion */ -+ } while (nextpath); -+ -+ ret = 0; -+ -+cleanup: -+ virHashFree(paths, NULL); -+ VIR_FREE(nextpath); -+ -+ return ret; -+} -+ - #endif /* ! PROXY */ -diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h -index 01da17e..d46869e 100644 ---- a/src/conf/domain_conf.h -+++ b/src/conf/domain_conf.h -@@ -1079,6 +1079,17 @@ int virDomainChrDefForeach(virDomainDefPtr def, - void *opaque); - - -+typedef int (*virDomainDiskDefPathIterator)(virDomainDiskDefPtr disk, -+ const char *path, -+ size_t depth, -+ void *opaque); -+ -+int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk, -+ bool allowProbing, -+ bool ignoreOpenFailure, -+ virDomainDiskDefPathIterator iter, -+ void *opaque); -+ - VIR_ENUM_DECL(virDomainVirt) - VIR_ENUM_DECL(virDomainBoot) - VIR_ENUM_DECL(virDomainFeature) -diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms -index 4607f49..b5f3695 100644 ---- a/src/libvirt_private.syms -+++ b/src/libvirt_private.syms -@@ -225,6 +225,7 @@ virDomainSnapshotDefFormat; - virDomainSnapshotAssignDef; - virDomainObjAssignDef; - virDomainChrDefForeach; -+virDomainDiskDefForeachPath; - - - # domain_event.h --- -1.7.1.1 - diff --git a/libvirt-0.8.2-06-use-disk-iterator.patch b/libvirt-0.8.2-06-use-disk-iterator.patch deleted file mode 100644 index 028710e..0000000 --- a/libvirt-0.8.2-06-use-disk-iterator.patch +++ /dev/null @@ -1,506 +0,0 @@ -From 54c1bb731d2b19a46a594cf9682c022f1e1114d2 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Tue, 15 Jun 2010 16:40:47 +0100 -Subject: [PATCH 06/11] Convert all disk backing store loops to shared helper API - -Update the QEMU cgroups code, QEMU DAC security driver, SELinux -and AppArmour security drivers over to use the shared helper API -virDomainDiskDefForeachPath(). - -* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c, - src/security/security_selinux.c, src/security/virt-aa-helper.c: - Convert over to use virDomainDiskDefForeachPath() ---- - src/qemu/qemu_driver.c | 161 ++++++++++++++++---------------------- - src/qemu/qemu_security_dac.c | 47 ++++-------- - src/security/security_selinux.c | 67 +++++++---------- - src/security/virt-aa-helper.c | 71 ++++++++---------- - 4 files changed, 142 insertions(+), 204 deletions(-) - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 97f2990..99aeffa 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -3040,107 +3040,82 @@ static const char *const defaultDeviceACL[] = { - #define DEVICE_PTY_MAJOR 136 - #define DEVICE_SND_MAJOR 116 - --static int qemuSetupDiskCgroup(virCgroupPtr cgroup, -- virDomainObjPtr vm, -- virDomainDiskDefPtr disk) --{ -- char *path = disk->src; -- int ret = -1; - -- while (path != NULL) { -- virStorageFileMetadata meta; -- int rc; -+static int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, -+ const char *path, -+ size_t depth ATTRIBUTE_UNUSED, -+ void *opaque) -+{ -+ virCgroupPtr cgroup = opaque; -+ int rc; - -- VIR_DEBUG("Process path '%s' for disk", path); -- rc = virCgroupAllowDevicePath(cgroup, path); -- if (rc != 0) { -- /* Get this for non-block devices */ -- if (rc == -EINVAL) { -- VIR_DEBUG("Ignoring EINVAL for %s", path); -- } else if (rc == -EACCES) { /* Get this for root squash NFS */ -- VIR_DEBUG("Ignoring EACCES for %s", path); -- } else { -- virReportSystemError(-rc, -- _("Unable to allow device %s for %s"), -- path, vm->def->name); -- if (path != disk->src) -- VIR_FREE(path); -- goto cleanup; -- } -+ VIR_DEBUG("Process path %s for disk", path); -+ /* XXX RO vs RW */ -+ rc = virCgroupAllowDevicePath(cgroup, path); -+ if (rc != 0) { -+ /* Get this for non-block devices */ -+ if (rc == -EINVAL) { -+ VIR_DEBUG("Ignoring EINVAL for %s", path); -+ } else if (rc == -EACCES) { /* Get this for root squash NFS */ -+ VIR_DEBUG("Ignoring EACCES for %s", path); -+ } else { -+ virReportSystemError(-rc, -+ _("Unable to allow access for disk path %s"), -+ path); -+ return -1; - } -- -- rc = virStorageFileGetMetadata(path, -- VIR_STORAGE_FILE_AUTO, -- &meta); -- if (rc < 0) -- VIR_WARN("Unable to lookup parent image for %s", path); -- -- if (path != disk->src) -- VIR_FREE(path); -- path = NULL; -- -- if (rc < 0) -- break; /* Treating as non fatal */ -- -- path = meta.backingStore; - } -+ return 0; -+} - -- ret = 0; - --cleanup: -- return ret; -+static int qemuSetupDiskCgroup(virCgroupPtr cgroup, -+ virDomainDiskDefPtr disk) -+{ -+ return virDomainDiskDefForeachPath(disk, -+ true, -+ true, -+ qemuSetupDiskPathAllow, -+ cgroup); - } - - --static int qemuTeardownDiskCgroup(virCgroupPtr cgroup, -- virDomainObjPtr vm, -- virDomainDiskDefPtr disk) -+static int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, -+ const char *path, -+ size_t depth ATTRIBUTE_UNUSED, -+ void *opaque) - { -- char *path = disk->src; -- int ret = -1; -- -- while (path != NULL) { -- virStorageFileMetadata meta; -- int rc; -+ virCgroupPtr cgroup = opaque; -+ int rc; - -- VIR_DEBUG("Process path '%s' for disk", path); -- rc = virCgroupDenyDevicePath(cgroup, path); -- if (rc != 0) { -- /* Get this for non-block devices */ -- if (rc == -EINVAL) { -- VIR_DEBUG("Ignoring EINVAL for %s", path); -- } else if (rc == -EACCES) { /* Get this for root squash NFS */ -- VIR_DEBUG("Ignoring EACCES for %s", path); -- } else { -- virReportSystemError(-rc, -- _("Unable to deny device %s for %s"), -- path, vm->def->name); -- if (path != disk->src) -- VIR_FREE(path); -- goto cleanup; -- } -+ VIR_DEBUG("Process path %s for disk", path); -+ /* XXX RO vs RW */ -+ rc = virCgroupDenyDevicePath(cgroup, path); -+ if (rc != 0) { -+ /* Get this for non-block devices */ -+ if (rc == -EINVAL) { -+ VIR_DEBUG("Ignoring EINVAL for %s", path); -+ } else if (rc == -EACCES) { /* Get this for root squash NFS */ -+ VIR_DEBUG("Ignoring EACCES for %s", path); -+ } else { -+ virReportSystemError(-rc, -+ _("Unable to allow access for disk path %s"), -+ path); -+ return -1; - } -- -- rc = virStorageFileGetMetadata(path, -- VIR_STORAGE_FILE_AUTO, -- &meta); -- if (rc < 0) -- VIR_WARN("Unable to lookup parent image for %s", path); -- -- if (path != disk->src) -- VIR_FREE(path); -- path = NULL; -- -- if (rc < 0) -- break; /* Treating as non fatal */ -- -- path = meta.backingStore; - } -+ return 0; -+} - -- ret = 0; - --cleanup: -- return ret; -+static int qemuTeardownDiskCgroup(virCgroupPtr cgroup, -+ virDomainDiskDefPtr disk) -+{ -+ return virDomainDiskDefForeachPath(disk, -+ true, -+ true, -+ qemuTeardownDiskPathDeny, -+ cgroup); - } - - -@@ -3204,7 +3179,7 @@ static int qemuSetupCgroup(struct qemud_driver *driver, - } - - for (i = 0; i < vm->def->ndisks ; i++) { -- if (qemuSetupDiskCgroup(cgroup, vm, vm->def->disks[i]) < 0) -+ if (qemuSetupDiskCgroup(cgroup, vm->def->disks[i]) < 0) - goto cleanup; - } - -@@ -8035,7 +8010,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom, - vm->def->name); - goto endjob; - } -- if (qemuSetupDiskCgroup(cgroup, vm, dev->data.disk) < 0) -+ if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0) - goto endjob; - } - -@@ -8080,7 +8055,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom, - /* Fallthrough */ - } - if (ret != 0 && cgroup) { -- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0) -+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0) - VIR_WARN("Failed to teardown cgroup for disk path %s", - NULLSTR(dev->data.disk->src)); - } -@@ -8280,7 +8255,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom, - vm->def->name); - goto endjob; - } -- if (qemuSetupDiskCgroup(cgroup, vm, dev->data.disk) < 0) -+ if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0) - goto endjob; - } - -@@ -8303,7 +8278,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom, - } - - if (ret != 0 && cgroup) { -- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0) -+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0) - VIR_WARN("Failed to teardown cgroup for disk path %s", - NULLSTR(dev->data.disk->src)); - } -@@ -8430,7 +8405,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver, - VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); - - if (cgroup != NULL) { -- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0) -+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0) - VIR_WARN("Failed to teardown cgroup for disk path %s", - NULLSTR(dev->data.disk->src)); - } -@@ -8493,7 +8468,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver, - VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); - - if (cgroup != NULL) { -- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0) -+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0) - VIR_WARN("Failed to teardown cgroup for disk path %s", - NULLSTR(dev->data.disk->src)); - } -diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c -index acfe48e..770010d 100644 ---- a/src/qemu/qemu_security_dac.c -+++ b/src/qemu/qemu_security_dac.c -@@ -98,45 +98,28 @@ err: - - - static int -+qemuSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, -+ const char *path, -+ size_t depth ATTRIBUTE_UNUSED, -+ void *opaque ATTRIBUTE_UNUSED) -+{ -+ return qemuSecurityDACSetOwnership(path, driver->user, driver->group); -+} -+ -+ -+static int - qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, - virDomainDiskDefPtr disk) - - { -- const char *path; -- - if (!driver->privileged || !driver->dynamicOwnership) - return 0; - -- if (!disk->src) -- return 0; -- -- path = disk->src; -- do { -- virStorageFileMetadata meta; -- int ret; -- -- ret = virStorageFileGetMetadata(path, -- VIR_STORAGE_FILE_AUTO, -- &meta); -- -- if (path != disk->src) -- VIR_FREE(path); -- path = NULL; -- -- if (ret < 0) -- return -1; -- -- if (meta.backingStore != NULL && -- qemuSecurityDACSetOwnership(meta.backingStore, -- driver->user, driver->group) < 0) { -- VIR_FREE(meta.backingStore); -- return -1; -- } -- -- path = meta.backingStore; -- } while (path != NULL); -- -- return qemuSecurityDACSetOwnership(disk->src, driver->user, driver->group); -+ return virDomainDiskDefForeachPath(disk, -+ true, -+ false, -+ qemuSecurityDACSetSecurityFileLabel, -+ NULL); - } - - -diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c -index 5c0f002..d191118 100644 ---- a/src/security/security_selinux.c -+++ b/src/security/security_selinux.c -@@ -439,54 +439,43 @@ SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm, - - - static int -+SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk, -+ const char *path, -+ size_t depth, -+ void *opaque) -+{ -+ const virSecurityLabelDefPtr secdef = opaque; -+ -+ if (depth == 0) { -+ if (disk->shared) { -+ return SELinuxSetFilecon(path, default_image_context); -+ } else if (disk->readonly) { -+ return SELinuxSetFilecon(path, default_content_context); -+ } else if (secdef->imagelabel) { -+ return SELinuxSetFilecon(path, secdef->imagelabel); -+ } else { -+ return 0; -+ } -+ } else { -+ return SELinuxSetFilecon(path, default_content_context); -+ } -+} -+ -+static int - SELinuxSetSecurityImageLabel(virDomainObjPtr vm, - virDomainDiskDefPtr disk) - - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; -- const char *path; - - if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) - return 0; - -- if (!disk->src) -- return 0; -- -- path = disk->src; -- do { -- virStorageFileMetadata meta; -- int ret; -- -- ret = virStorageFileGetMetadata(path, -- VIR_STORAGE_FILE_AUTO, -- &meta); -- -- if (path != disk->src) -- VIR_FREE(path); -- path = NULL; -- -- if (ret < 0) -- break; -- -- if (meta.backingStore != NULL && -- SELinuxSetFilecon(meta.backingStore, -- default_content_context) < 0) { -- VIR_FREE(meta.backingStore); -- return -1; -- } -- -- path = meta.backingStore; -- } while (path != NULL); -- -- if (disk->shared) { -- return SELinuxSetFilecon(disk->src, default_image_context); -- } else if (disk->readonly) { -- return SELinuxSetFilecon(disk->src, default_content_context); -- } else if (secdef->imagelabel) { -- return SELinuxSetFilecon(disk->src, secdef->imagelabel); -- } -- -- return 0; -+ return virDomainDiskDefForeachPath(disk, -+ true, -+ false, -+ SELinuxSetSecurityFileLabel, -+ secdef); - } - - -diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c -index 2c045e6..9ed0cd3 100644 ---- a/src/security/virt-aa-helper.c -+++ b/src/security/virt-aa-helper.c -@@ -36,7 +36,6 @@ - #include "uuid.h" - #include "hostusb.h" - #include "pci.h" --#include "storage_file.h" - - static char *progname; - -@@ -801,6 +800,28 @@ file_iterate_pci_cb(pciDevice *dev ATTRIBUTE_UNUSED, - } - - static int -+add_file_path(virDomainDiskDefPtr disk, -+ const char *path, -+ size_t depth, -+ void *opaque) -+{ -+ virBufferPtr buf = opaque; -+ int ret; -+ -+ if (depth == 0) { -+ if (disk->readonly) -+ ret = vah_add_file(buf, path, "r"); -+ else -+ ret = vah_add_file(buf, path, "rw"); -+ } else { -+ ret = vah_add_file(buf, path, "r"); -+ } -+ -+ return ret; -+} -+ -+ -+static int - get_files(vahControl * ctl) - { - virBuffer buf = VIR_BUFFER_INITIALIZER; -@@ -821,45 +842,15 @@ get_files(vahControl * ctl) - goto clean; - } - -- for (i = 0; i < ctl->def->ndisks; i++) -- if (ctl->def->disks[i] && ctl->def->disks[i]->src) { -- int ret; -- const char *path; -- -- path = ctl->def->disks[i]->src; -- do { -- virStorageFileMetadata meta; -- -- ret = virStorageFileGetMetadata(path, -- VIR_STORAGE_FILE_AUTO, -- &meta); -- -- if (path != ctl->def->disks[i]->src) -- VIR_FREE(path); -- path = NULL; -- -- if (ret < 0) { -- vah_warning("could not open path, skipping"); -- continue; -- } -- -- if (meta.backingStore != NULL && -- (ret = vah_add_file(&buf, meta.backingStore, "rw")) != 0) { -- VIR_FREE(meta.backingStore); -- goto clean; -- } -- -- path = meta.backingStore; -- } while (path != NULL); -- -- if (ctl->def->disks[i]->readonly) -- ret = vah_add_file(&buf, ctl->def->disks[i]->src, "r"); -- else -- ret = vah_add_file(&buf, ctl->def->disks[i]->src, "rw"); -- -- if (ret != 0) -- goto clean; -- } -+ for (i = 0; i < ctl->def->ndisks; i++) { -+ int ret = virDomainDiskDefForeachPath(ctl->def->disks[i], -+ true, -+ false, -+ add_file_path, -+ &buf); -+ if (ret != 0) -+ goto clean; -+ } - - for (i = 0; i < ctl->def->nserials; i++) - if (ctl->def->serials[i] && ctl->def->serials[i]->data.file.path) --- -1.7.1.1 - diff --git a/libvirt-0.8.2-07-secdriver-params.patch b/libvirt-0.8.2-07-secdriver-params.patch deleted file mode 100644 index 08adca0..0000000 --- a/libvirt-0.8.2-07-secdriver-params.patch +++ /dev/null @@ -1,1152 +0,0 @@ -From bbf8c57b06ec1b63ae814114867eaceebb7dc166 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Tue, 15 Jun 2010 17:44:19 +0100 -Subject: [PATCH 07/11] Pass security driver object into all security driver callbacks - -The implementation of security driver callbacks often needs -to access the security driver object. Currently only a handful -of callbacks include the driver object as a parameter. Later -patches require this is many more places. - -* src/qemu/qemu_driver.c: Pass in the security driver object - to all callbacks -* src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, - src/security/security_apparmor.c, src/security/security_driver.h, - src/security/security_selinux.c: Add a virSecurityDriverPtr - param to all security callbacks ---- - src/qemu/qemu_driver.c | 88 ++++++++++++++++++++----------- - src/qemu/qemu_security_dac.c | 44 +++++++++++----- - src/qemu/qemu_security_stacked.c | 107 +++++++++++++++++++++++++------------- - src/security/security_apparmor.c | 57 +++++++++++++------- - src/security/security_driver.h | 40 ++++++++++---- - src/security/security_selinux.c | 56 +++++++++++++------ - 6 files changed, 260 insertions(+), 132 deletions(-) - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 99aeffa..616547c 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -1278,7 +1278,8 @@ qemuReconnectDomain(void *payload, const char *name ATTRIBUTE_UNUSED, void *opaq - - if (driver->securityDriver && - driver->securityDriver->domainReserveSecurityLabel && -- driver->securityDriver->domainReserveSecurityLabel(obj) < 0) -+ driver->securityDriver->domainReserveSecurityLabel(driver->securityDriver, -+ obj) < 0) - goto error; - - if (obj->def->id >= driver->nextvmid) -@@ -3401,13 +3402,15 @@ static int qemudStartVMDaemon(virConnectPtr conn, - DEBUG0("Generating domain security label (if required)"); - if (driver->securityDriver && - driver->securityDriver->domainGenSecurityLabel && -- driver->securityDriver->domainGenSecurityLabel(vm) < 0) -+ driver->securityDriver->domainGenSecurityLabel(driver->securityDriver, -+ vm) < 0) - goto cleanup; - - DEBUG0("Generating setting domain security labels (if required)"); - if (driver->securityDriver && - driver->securityDriver->domainSetSecurityAllLabel && -- driver->securityDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0) { -+ driver->securityDriver->domainSetSecurityAllLabel(driver->securityDriver, -+ vm, stdin_path) < 0) { - if (stdin_path && virStorageFileIsSharedFS(stdin_path) != 1) - goto cleanup; - } -@@ -3766,10 +3769,12 @@ static void qemudShutdownVMDaemon(struct qemud_driver *driver, - /* Reset Security Labels */ - if (driver->securityDriver && - driver->securityDriver->domainRestoreSecurityAllLabel) -- driver->securityDriver->domainRestoreSecurityAllLabel(vm, migrated); -+ driver->securityDriver->domainRestoreSecurityAllLabel(driver->securityDriver, -+ vm, migrated); - if (driver->securityDriver && - driver->securityDriver->domainReleaseSecurityLabel) -- driver->securityDriver->domainReleaseSecurityLabel(vm); -+ driver->securityDriver->domainReleaseSecurityLabel(driver->securityDriver, -+ vm); - - /* Clear out dynamically assigned labels */ - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) { -@@ -5171,7 +5176,8 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path, - if ((!bypassSecurityDriver) && - driver->securityDriver && - driver->securityDriver->domainSetSavedStateLabel && -- driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1) -+ driver->securityDriver->domainSetSavedStateLabel(driver->securityDriver, -+ vm, path) == -1) - goto endjob; - - if (header.compressed == QEMUD_SAVE_FORMAT_RAW) { -@@ -5206,7 +5212,8 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path, - if ((!bypassSecurityDriver) && - driver->securityDriver && - driver->securityDriver->domainRestoreSavedStateLabel && -- driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1) -+ driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver, -+ vm, path) == -1) - VIR_WARN("failed to restore save state label on %s", path); - - if (cgroup != NULL) { -@@ -5253,7 +5260,8 @@ endjob: - if ((!bypassSecurityDriver) && - driver->securityDriver && - driver->securityDriver->domainRestoreSavedStateLabel && -- driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1) -+ driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver, -+ vm, path) == -1) - VIR_WARN("failed to restore save state label on %s", path); - } - -@@ -5488,7 +5496,8 @@ static int qemudDomainCoreDump(virDomainPtr dom, - - if (driver->securityDriver && - driver->securityDriver->domainSetSavedStateLabel && -- driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1) -+ driver->securityDriver->domainSetSavedStateLabel(driver->securityDriver, -+ vm, path) == -1) - goto endjob; - - /* Migrate will always stop the VM, so the resume condition is -@@ -5531,7 +5540,8 @@ static int qemudDomainCoreDump(virDomainPtr dom, - - if (driver->securityDriver && - driver->securityDriver->domainRestoreSavedStateLabel && -- driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1) -+ driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver, -+ vm, path) == -1) - goto endjob; - - endjob: -@@ -5914,12 +5924,13 @@ static int qemudDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr sec - * QEMU monitor hasn't seen SIGHUP/ERR on poll(). - */ - if (virDomainObjIsActive(vm)) { -- if (driver->securityDriver && driver->securityDriver->domainGetSecurityProcessLabel) { -- if (driver->securityDriver->domainGetSecurityProcessLabel(vm, seclabel) == -1) { -- qemuReportError(VIR_ERR_INTERNAL_ERROR, -- "%s", _("Failed to get security label")); -- goto cleanup; -- } -+ if (driver->securityDriver && -+ driver->securityDriver->domainGetSecurityProcessLabel && -+ driver->securityDriver->domainGetSecurityProcessLabel(driver->securityDriver, -+ vm, seclabel) < 0) { -+ qemuReportError(VIR_ERR_INTERNAL_ERROR, -+ "%s", _("Failed to get security label")); -+ goto cleanup; - } - } - -@@ -6325,7 +6336,8 @@ qemudDomainSaveImageStartVM(virConnectPtr conn, - out: - if (driver->securityDriver && - driver->securityDriver->domainRestoreSavedStateLabel && -- driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1) -+ driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver, -+ vm, path) == -1) - VIR_WARN("failed to restore save state label on %s", path); - - return ret; -@@ -7039,7 +7051,8 @@ static int qemudDomainChangeEjectableMedia(struct qemud_driver *driver, - - if (driver->securityDriver && - driver->securityDriver->domainSetSecurityImageLabel && -- driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0) -+ driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver, -+ vm, disk) < 0) - return -1; - - if (!(driveAlias = qemuDeviceDriveHostAlias(origdisk, qemuCmdFlags))) -@@ -7068,7 +7081,8 @@ static int qemudDomainChangeEjectableMedia(struct qemud_driver *driver, - - if (driver->securityDriver && - driver->securityDriver->domainRestoreSecurityImageLabel && -- driver->securityDriver->domainRestoreSecurityImageLabel(vm, origdisk) < 0) -+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver, -+ vm, origdisk) < 0) - VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src); - - VIR_FREE(origdisk->src); -@@ -7086,7 +7100,8 @@ error: - VIR_FREE(driveAlias); - if (driver->securityDriver && - driver->securityDriver->domainRestoreSecurityImageLabel && -- driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0) -+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver, -+ vm, disk) < 0) - VIR_WARN("Unable to restore security label on new media %s", disk->src); - return -1; - } -@@ -7113,7 +7128,8 @@ static int qemudDomainAttachPciDiskDevice(struct qemud_driver *driver, - - if (driver->securityDriver && - driver->securityDriver->domainSetSecurityImageLabel && -- driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0) -+ driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver, -+ vm, disk) < 0) - return -1; - - if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) { -@@ -7180,7 +7196,8 @@ error: - - if (driver->securityDriver && - driver->securityDriver->domainRestoreSecurityImageLabel && -- driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0) -+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver, -+ vm, disk) < 0) - VIR_WARN("Unable to restore security label on %s", disk->src); - - return -1; -@@ -7322,7 +7339,8 @@ static int qemudDomainAttachSCSIDisk(struct qemud_driver *driver, - - if (driver->securityDriver && - driver->securityDriver->domainSetSecurityImageLabel && -- driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0) -+ driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver, -+ vm, disk) < 0) - return -1; - - /* We should have an address already, so make sure */ -@@ -7408,7 +7426,8 @@ error: - - if (driver->securityDriver && - driver->securityDriver->domainRestoreSecurityImageLabel && -- driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0) -+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver, -+ vm, disk) < 0) - VIR_WARN("Unable to restore security label on %s", disk->src); - - return -1; -@@ -7435,7 +7454,8 @@ static int qemudDomainAttachUsbMassstorageDevice(struct qemud_driver *driver, - - if (driver->securityDriver && - driver->securityDriver->domainSetSecurityImageLabel && -- driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0) -+ driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver, -+ vm, disk) < 0) - return -1; - - if (!disk->src) { -@@ -7491,7 +7511,8 @@ error: - - if (driver->securityDriver && - driver->securityDriver->domainRestoreSecurityImageLabel && -- driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0) -+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver, -+ vm, disk) < 0) - VIR_WARN("Unable to restore security label on %s", disk->src); - - return -1; -@@ -7928,7 +7949,8 @@ static int qemudDomainAttachHostDevice(struct qemud_driver *driver, - - if (driver->securityDriver && - driver->securityDriver->domainSetSecurityHostdevLabel && -- driver->securityDriver->domainSetSecurityHostdevLabel(vm, hostdev) < 0) -+ driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver, -+ vm, hostdev) < 0) - return -1; - - switch (hostdev->source.subsys.type) { -@@ -7956,7 +7978,8 @@ static int qemudDomainAttachHostDevice(struct qemud_driver *driver, - error: - if (driver->securityDriver && - driver->securityDriver->domainRestoreSecurityHostdevLabel && -- driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, hostdev) < 0) -+ driver->securityDriver->domainRestoreSecurityHostdevLabel(driver->securityDriver, -+ vm, hostdev) < 0) - VIR_WARN0("Unable to restore host device labelling on hotplug fail"); - - return -1; -@@ -8401,7 +8424,8 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver, - - if (driver->securityDriver && - driver->securityDriver->domainRestoreSecurityImageLabel && -- driver->securityDriver->domainRestoreSecurityImageLabel(vm, dev->data.disk) < 0) -+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver, -+ vm, dev->data.disk) < 0) - VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); - - if (cgroup != NULL) { -@@ -8464,7 +8488,8 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver, - - if (driver->securityDriver && - driver->securityDriver->domainRestoreSecurityImageLabel && -- driver->securityDriver->domainRestoreSecurityImageLabel(vm, dev->data.disk) < 0) -+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver, -+ vm, dev->data.disk) < 0) - VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); - - if (cgroup != NULL) { -@@ -8889,7 +8914,8 @@ static int qemudDomainDetachHostDevice(struct qemud_driver *driver, - - if (driver->securityDriver && - driver->securityDriver->domainRestoreSecurityHostdevLabel && -- driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, dev->data.hostdev) < 0) -+ driver->securityDriver->domainRestoreSecurityHostdevLabel(driver->securityDriver, -+ vm, dev->data.hostdev) < 0) - VIR_WARN0("Failed to restore host device labelling"); - - return ret; -diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c -index 770010d..0bbcf69 100644 ---- a/src/qemu/qemu_security_dac.c -+++ b/src/qemu/qemu_security_dac.c -@@ -108,7 +108,8 @@ qemuSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, - - - static int --qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, -+qemuSecurityDACSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm ATTRIBUTE_UNUSED, - virDomainDiskDefPtr disk) - - { -@@ -124,7 +125,8 @@ qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, - - - static int --qemuSecurityDACRestoreSecurityImageLabelInt(virDomainObjPtr vm ATTRIBUTE_UNUSED, -+qemuSecurityDACRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm ATTRIBUTE_UNUSED, - virDomainDiskDefPtr disk, - int migrated) - { -@@ -166,10 +168,11 @@ qemuSecurityDACRestoreSecurityImageLabelInt(virDomainObjPtr vm ATTRIBUTE_UNUSED, - - - static int --qemuSecurityDACRestoreSecurityImageLabel(virDomainObjPtr vm, -+qemuSecurityDACRestoreSecurityImageLabel(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - virDomainDiskDefPtr disk) - { -- return qemuSecurityDACRestoreSecurityImageLabelInt(vm, disk, 0); -+ return qemuSecurityDACRestoreSecurityImageLabelInt(drv, vm, disk, 0); - } - - -@@ -192,7 +195,8 @@ qemuSecurityDACSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, - - - static int --qemuSecurityDACSetSecurityHostdevLabel(virDomainObjPtr vm, -+qemuSecurityDACSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainHostdevDefPtr dev) - - { -@@ -261,7 +265,8 @@ qemuSecurityDACRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, - - - static int --qemuSecurityDACRestoreSecurityHostdevLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, -+qemuSecurityDACRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm ATTRIBUTE_UNUSED, - virDomainHostdevDefPtr dev) - - { -@@ -407,7 +412,8 @@ qemuSecurityDACRestoreChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, - - - static int --qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm, -+qemuSecurityDACRestoreSecurityAllLabel(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - int migrated) - { - int i; -@@ -420,12 +426,14 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm, - vm->def->name, migrated); - - for (i = 0 ; i < vm->def->nhostdevs ; i++) { -- if (qemuSecurityDACRestoreSecurityHostdevLabel(vm, -+ if (qemuSecurityDACRestoreSecurityHostdevLabel(drv, -+ vm, - vm->def->hostdevs[i]) < 0) - rc = -1; - } - for (i = 0 ; i < vm->def->ndisks ; i++) { -- if (qemuSecurityDACRestoreSecurityImageLabelInt(vm, -+ if (qemuSecurityDACRestoreSecurityImageLabelInt(drv, -+ vm, - vm->def->disks[i], - migrated) < 0) - rc = -1; -@@ -461,7 +469,9 @@ qemuSecurityDACSetChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, - - - static int --qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED) -+qemuSecurityDACSetSecurityAllLabel(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, -+ const char *stdin_path ATTRIBUTE_UNUSED) - { - int i; - -@@ -472,11 +482,15 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path AT - /* XXX fixme - we need to recursively label the entriy tree :-( */ - if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR) - continue; -- if (qemuSecurityDACSetSecurityImageLabel(vm, vm->def->disks[i]) < 0) -+ if (qemuSecurityDACSetSecurityImageLabel(drv, -+ vm, -+ vm->def->disks[i]) < 0) - return -1; - } - for (i = 0 ; i < vm->def->nhostdevs ; i++) { -- if (qemuSecurityDACSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0) -+ if (qemuSecurityDACSetSecurityHostdevLabel(drv, -+ vm, -+ vm->def->hostdevs[i]) < 0) - return -1; - } - -@@ -503,7 +517,8 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path AT - - - static int --qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, -+qemuSecurityDACSetSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm ATTRIBUTE_UNUSED, - const char *savefile) - { - if (!driver->privileged) -@@ -514,7 +529,8 @@ qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, - - - static int --qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, -+qemuSecurityDACRestoreSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm ATTRIBUTE_UNUSED, - const char *savefile) - { - if (!driver->privileged) -diff --git a/src/qemu/qemu_security_stacked.c b/src/qemu/qemu_security_stacked.c -index df76135..432d095 100644 ---- a/src/qemu/qemu_security_stacked.c -+++ b/src/qemu/qemu_security_stacked.c -@@ -57,18 +57,21 @@ qemuSecurityStackedVerify(virDomainDefPtr def) - - - static int --qemuSecurityStackedGenLabel(virDomainObjPtr vm) -+qemuSecurityStackedGenLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm) - { - int rc = 0; - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainGenSecurityLabel && -- driver->securitySecondaryDriver->domainGenSecurityLabel(vm) < 0) -+ driver->securitySecondaryDriver->domainGenSecurityLabel(driver->securitySecondaryDriver, -+ vm) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainGenSecurityLabel && -- driver->securityPrimaryDriver->domainGenSecurityLabel(vm) < 0) -+ driver->securityPrimaryDriver->domainGenSecurityLabel(driver->securityPrimaryDriver, -+ vm) < 0) - rc = -1; - - return rc; -@@ -76,18 +79,21 @@ qemuSecurityStackedGenLabel(virDomainObjPtr vm) - - - static int --qemuSecurityStackedReleaseLabel(virDomainObjPtr vm) -+qemuSecurityStackedReleaseLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm) - { - int rc = 0; - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainReleaseSecurityLabel && -- driver->securitySecondaryDriver->domainReleaseSecurityLabel(vm) < 0) -+ driver->securitySecondaryDriver->domainReleaseSecurityLabel(driver->securitySecondaryDriver, -+ vm) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainReleaseSecurityLabel && -- driver->securityPrimaryDriver->domainReleaseSecurityLabel(vm) < 0) -+ driver->securityPrimaryDriver->domainReleaseSecurityLabel(driver->securityPrimaryDriver, -+ vm) < 0) - rc = -1; - - return rc; -@@ -95,18 +101,21 @@ qemuSecurityStackedReleaseLabel(virDomainObjPtr vm) - - - static int --qemuSecurityStackedReserveLabel(virDomainObjPtr vm) -+qemuSecurityStackedReserveLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm) - { - int rc = 0; - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainReserveSecurityLabel && -- driver->securitySecondaryDriver->domainReserveSecurityLabel(vm) < 0) -+ driver->securitySecondaryDriver->domainReserveSecurityLabel(driver->securitySecondaryDriver, -+ vm) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainReserveSecurityLabel && -- driver->securityPrimaryDriver->domainReserveSecurityLabel(vm) < 0) -+ driver->securityPrimaryDriver->domainReserveSecurityLabel(driver->securityPrimaryDriver, -+ vm) < 0) - rc = -1; - - return rc; -@@ -114,19 +123,22 @@ qemuSecurityStackedReserveLabel(virDomainObjPtr vm) - - - static int --qemuSecurityStackedSetSecurityImageLabel(virDomainObjPtr vm, -+qemuSecurityStackedSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainDiskDefPtr disk) - { - int rc = 0; - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainSetSecurityImageLabel && -- driver->securitySecondaryDriver->domainSetSecurityImageLabel(vm, disk) < 0) -+ driver->securitySecondaryDriver->domainSetSecurityImageLabel(driver->securitySecondaryDriver, -+ vm, disk) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainSetSecurityImageLabel && -- driver->securityPrimaryDriver->domainSetSecurityImageLabel(vm, disk) < 0) -+ driver->securityPrimaryDriver->domainSetSecurityImageLabel(driver->securityPrimaryDriver, -+ vm, disk) < 0) - rc = -1; - - return rc; -@@ -134,19 +146,22 @@ qemuSecurityStackedSetSecurityImageLabel(virDomainObjPtr vm, - - - static int --qemuSecurityStackedRestoreSecurityImageLabel(virDomainObjPtr vm, -+qemuSecurityStackedRestoreSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainDiskDefPtr disk) - { - int rc = 0; - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainRestoreSecurityImageLabel && -- driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0) -+ driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(driver->securitySecondaryDriver, -+ vm, disk) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainRestoreSecurityImageLabel && -- driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0) -+ driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(driver->securityPrimaryDriver, -+ vm, disk) < 0) - rc = -1; - - return rc; -@@ -154,7 +169,8 @@ qemuSecurityStackedRestoreSecurityImageLabel(virDomainObjPtr vm, - - - static int --qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm, -+qemuSecurityStackedSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainHostdevDefPtr dev) - - { -@@ -162,12 +178,14 @@ qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm, - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainSetSecurityHostdevLabel && -- driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0) -+ driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(driver->securitySecondaryDriver, -+ vm, dev) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainSetSecurityHostdevLabel && -- driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0) -+ driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(driver->securityPrimaryDriver, -+ vm, dev) < 0) - rc = -1; - - return rc; -@@ -175,20 +193,22 @@ qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm, - - - static int --qemuSecurityStackedRestoreSecurityHostdevLabel(virDomainObjPtr vm, -+qemuSecurityStackedRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainHostdevDefPtr dev) -- - { - int rc = 0; - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel && -- driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0) -+ driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(driver->securitySecondaryDriver, -+ vm, dev) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel && -- driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0) -+ driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(driver->securityPrimaryDriver, -+ vm, dev) < 0) - rc = -1; - - return rc; -@@ -196,18 +216,22 @@ qemuSecurityStackedRestoreSecurityHostdevLabel(virDomainObjPtr vm, - - - static int --qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path) -+qemuSecurityStackedSetSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, -+ const char *stdin_path) - { - int rc = 0; - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainSetSecurityAllLabel && -- driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0) -+ driver->securitySecondaryDriver->domainSetSecurityAllLabel(driver->securitySecondaryDriver, -+ vm, stdin_path) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainSetSecurityAllLabel && -- driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0) -+ driver->securityPrimaryDriver->domainSetSecurityAllLabel(driver->securityPrimaryDriver, -+ vm, stdin_path) < 0) - rc = -1; - - return rc; -@@ -215,19 +239,22 @@ qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_pat - - - static int --qemuSecurityStackedRestoreSecurityAllLabel(virDomainObjPtr vm, -+qemuSecurityStackedRestoreSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - int migrated) - { - int rc = 0; - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainRestoreSecurityAllLabel && -- driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(vm, migrated) < 0) -+ driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(driver->securitySecondaryDriver, -+ vm, migrated) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainRestoreSecurityAllLabel && -- driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(vm, migrated) < 0) -+ driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(driver->securityPrimaryDriver, -+ vm, migrated) < 0) - rc = -1; - - return rc; -@@ -235,19 +262,22 @@ qemuSecurityStackedRestoreSecurityAllLabel(virDomainObjPtr vm, - - - static int --qemuSecurityStackedSetSavedStateLabel(virDomainObjPtr vm, -+qemuSecurityStackedSetSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - const char *savefile) - { - int rc = 0; - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainSetSavedStateLabel && -- driver->securitySecondaryDriver->domainSetSavedStateLabel(vm, savefile) < 0) -+ driver->securitySecondaryDriver->domainSetSavedStateLabel(driver->securitySecondaryDriver, -+ vm, savefile) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainSetSavedStateLabel && -- driver->securityPrimaryDriver->domainSetSavedStateLabel(vm, savefile) < 0) -+ driver->securityPrimaryDriver->domainSetSavedStateLabel(driver->securityPrimaryDriver, -+ vm, savefile) < 0) - rc = -1; - - return rc; -@@ -255,19 +285,22 @@ qemuSecurityStackedSetSavedStateLabel(virDomainObjPtr vm, - - - static int --qemuSecurityStackedRestoreSavedStateLabel(virDomainObjPtr vm, -+qemuSecurityStackedRestoreSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - const char *savefile) - { - int rc = 0; - - if (driver->securitySecondaryDriver && - driver->securitySecondaryDriver->domainRestoreSavedStateLabel && -- driver->securitySecondaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0) -+ driver->securitySecondaryDriver->domainRestoreSavedStateLabel(driver->securitySecondaryDriver, -+ vm, savefile) < 0) - rc = -1; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainRestoreSavedStateLabel && -- driver->securityPrimaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0) -+ driver->securityPrimaryDriver->domainRestoreSavedStateLabel(driver->securityPrimaryDriver, -+ vm, savefile) < 0) - rc = -1; - - return rc; -@@ -296,14 +329,16 @@ qemuSecurityStackedSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, - } - - static int --qemuSecurityStackedGetProcessLabel(virDomainObjPtr vm, -+qemuSecurityStackedGetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virSecurityLabelPtr seclabel) - { - int rc = 0; - - if (driver->securityPrimaryDriver && - driver->securityPrimaryDriver->domainGetSecurityProcessLabel && -- driver->securityPrimaryDriver->domainGetSecurityProcessLabel(vm, -+ driver->securityPrimaryDriver->domainGetSecurityProcessLabel(driver->securityPrimaryDriver, -+ vm, - seclabel) < 0) - rc = -1; - -diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c -index e883f69..cb5c739 100644 ---- a/src/security/security_apparmor.c -+++ b/src/security/security_apparmor.c -@@ -148,7 +148,8 @@ profile_status_file(const char *str) - * load (add) a profile. Will create one if necessary - */ - static int --load_profile(const char *profile, virDomainObjPtr vm, -+load_profile(virSecurityDriverPtr drv, -+ const char *profile, virDomainObjPtr vm, - const char *fn) - { - int rc = -1, status, ret; -@@ -281,7 +282,8 @@ cleanup: - * NULL. - */ - static int --reload_profile(virDomainObjPtr vm, const char *fn) -+reload_profile(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, const char *fn) - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; - int rc = -1; -@@ -295,7 +297,7 @@ reload_profile(virDomainObjPtr vm, const char *fn) - - /* Update the profile only if it is loaded */ - if (profile_loaded(secdef->imagelabel) >= 0) { -- if (load_profile(secdef->imagelabel, vm, fn) < 0) { -+ if (load_profile(drv, secdef->imagelabel, vm, fn) < 0) { - virSecurityReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot update AppArmor profile " - "\'%s\'"), -@@ -357,7 +359,8 @@ AppArmorSecurityDriverOpen(virSecurityDriverPtr drv) - * called on shutdown. - */ - static int --AppArmorGenSecurityLabel(virDomainObjPtr vm) -+AppArmorGenSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm) - { - int rc = -1; - char *profile_name = NULL; -@@ -411,14 +414,15 @@ AppArmorGenSecurityLabel(virDomainObjPtr vm) - } - - static int --AppArmorSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path) -+AppArmorSetSecurityAllLabel(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, const char *stdin_path) - { - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) - return 0; - - /* if the profile is not already loaded, then load one */ - if (profile_loaded(vm->def->seclabel.label) < 0) { -- if (load_profile(vm->def->seclabel.label, vm, stdin_path) < 0) { -+ if (load_profile(drv, vm->def->seclabel.label, vm, stdin_path) < 0) { - virSecurityReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot generate AppArmor profile " - "\'%s\'"), vm->def->seclabel.label); -@@ -433,7 +437,9 @@ AppArmorSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path) - * running. - */ - static int --AppArmorGetSecurityProcessLabel(virDomainObjPtr vm, virSecurityLabelPtr sec) -+AppArmorGetSecurityProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, -+ virSecurityLabelPtr sec) - { - int rc = -1; - char *profile_name = NULL; -@@ -465,7 +471,8 @@ AppArmorGetSecurityProcessLabel(virDomainObjPtr vm, virSecurityLabelPtr sec) - * more details. Currently called via qemudShutdownVMDaemon. - */ - static int --AppArmorReleaseSecurityLabel(virDomainObjPtr vm) -+AppArmorReleaseSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm) - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; - -@@ -478,7 +485,8 @@ AppArmorReleaseSecurityLabel(virDomainObjPtr vm) - - - static int --AppArmorRestoreSecurityAllLabel(virDomainObjPtr vm, -+AppArmorRestoreSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - int migrated ATTRIBUTE_UNUSED) - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; -@@ -533,15 +541,17 @@ AppArmorSetSecurityProcessLabel(virSecurityDriverPtr drv, virDomainObjPtr vm) - - /* Called when hotplugging */ - static int --AppArmorRestoreSecurityImageLabel(virDomainObjPtr vm, -+AppArmorRestoreSecurityImageLabel(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - virDomainDiskDefPtr disk ATTRIBUTE_UNUSED) - { -- return reload_profile(vm, NULL); -+ return reload_profile(drv, vm, NULL); - } - - /* Called when hotplugging */ - static int --AppArmorSetSecurityImageLabel(virDomainObjPtr vm, virDomainDiskDefPtr disk) -+AppArmorSetSecurityImageLabel(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, virDomainDiskDefPtr disk) - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; - int rc = -1; -@@ -566,7 +576,7 @@ AppArmorSetSecurityImageLabel(virDomainObjPtr vm, virDomainDiskDefPtr disk) - - /* update the profile only if it is loaded */ - if (profile_loaded(secdef->imagelabel) >= 0) { -- if (load_profile(secdef->imagelabel, vm, disk->src) < 0) { -+ if (load_profile(drv, secdef->imagelabel, vm, disk->src) < 0) { - virSecurityReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot update AppArmor profile " - "\'%s\'"), -@@ -600,14 +610,16 @@ AppArmorSecurityVerify(virDomainDefPtr def) - } - - static int --AppArmorReserveSecurityLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED) -+AppArmorReserveSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm ATTRIBUTE_UNUSED) - { - /* NOOP. Nothing to reserve with AppArmor */ - return 0; - } - - static int --AppArmorSetSecurityHostdevLabel(virDomainObjPtr vm, -+AppArmorSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED) - - { -@@ -621,7 +633,8 @@ AppArmorSetSecurityHostdevLabel(virDomainObjPtr vm, - } - - static int --AppArmorRestoreSecurityHostdevLabel(virDomainObjPtr vm, -+AppArmorRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED) - - { -@@ -634,18 +647,20 @@ AppArmorRestoreSecurityHostdevLabel(virDomainObjPtr vm, - } - - static int --AppArmorSetSavedStateLabel(virDomainObjPtr vm, -- const char *savefile) -+AppArmorSetSavedStateLabel(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, -+ const char *savefile) - { -- return reload_profile(vm, savefile); -+ return reload_profile(drv, vm, savefile); - } - - - static int --AppArmorRestoreSavedStateLabel(virDomainObjPtr vm, -+AppArmorRestoreSavedStateLabel(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - const char *savefile ATTRIBUTE_UNUSED) - { -- return reload_profile(vm, NULL); -+ return reload_profile(drv, vm, NULL); - } - - virSecurityDriver virAppArmorSecurityDriver = { -diff --git a/src/security/security_driver.h b/src/security/security_driver.h -index 99260a4..61c9eb0 100644 ---- a/src/security/security_driver.h -+++ b/src/security/security_driver.h -@@ -28,32 +28,48 @@ typedef enum { - - typedef struct _virSecurityDriver virSecurityDriver; - typedef virSecurityDriver *virSecurityDriverPtr; -+ -+typedef struct _virSecurityDriverState virSecurityDriverState; -+typedef virSecurityDriverState *virSecurityDriverStatePtr; -+ - typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void); - typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv); --typedef int (*virSecurityDomainRestoreImageLabel) (virDomainObjPtr vm, -+typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - virDomainDiskDefPtr disk); - typedef int (*virSecurityDomainSetSocketLabel) (virSecurityDriverPtr drv, - virDomainObjPtr vm); - typedef int (*virSecurityDomainClearSocketLabel)(virSecurityDriverPtr drv, - virDomainObjPtr vm); --typedef int (*virSecurityDomainSetImageLabel) (virDomainObjPtr vm, -+typedef int (*virSecurityDomainSetImageLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - virDomainDiskDefPtr disk); --typedef int (*virSecurityDomainRestoreHostdevLabel) (virDomainObjPtr vm, -+typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - virDomainHostdevDefPtr dev); --typedef int (*virSecurityDomainSetHostdevLabel) (virDomainObjPtr vm, -+typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - virDomainHostdevDefPtr dev); --typedef int (*virSecurityDomainSetSavedStateLabel) (virDomainObjPtr vm, -+typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - const char *savefile); --typedef int (*virSecurityDomainRestoreSavedStateLabel) (virDomainObjPtr vm, -+typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - const char *savefile); --typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec); --typedef int (*virSecurityDomainReserveLabel) (virDomainObjPtr sec); --typedef int (*virSecurityDomainReleaseLabel) (virDomainObjPtr sec); --typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec, -+typedef int (*virSecurityDomainGenLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr sec); -+typedef int (*virSecurityDomainReserveLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr sec); -+typedef int (*virSecurityDomainReleaseLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr sec); -+typedef int (*virSecurityDomainSetAllLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr sec, - const char *stdin_path); --typedef int (*virSecurityDomainRestoreAllLabel) (virDomainObjPtr vm, -+typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - int migrated); --typedef int (*virSecurityDomainGetProcessLabel) (virDomainObjPtr vm, -+typedef int (*virSecurityDomainGetProcessLabel) (virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - virSecurityLabelPtr sec); - typedef int (*virSecurityDomainSetProcessLabel) (virSecurityDriverPtr drv, - virDomainObjPtr vm); -diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c -index d191118..cc3812b 100644 ---- a/src/security/security_selinux.c -+++ b/src/security/security_selinux.c -@@ -156,7 +156,8 @@ SELinuxInitialize(void) - } - - static int --SELinuxGenSecurityLabel(virDomainObjPtr vm) -+SELinuxGenSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm) - { - int rc = -1; - char mcs[1024]; -@@ -220,7 +221,8 @@ done: - } - - static int --SELinuxReserveSecurityLabel(virDomainObjPtr vm) -+SELinuxReserveSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm) - { - security_context_t pctx; - context_t ctx = NULL; -@@ -275,7 +277,8 @@ SELinuxSecurityDriverOpen(virSecurityDriverPtr drv) - } - - static int --SELinuxGetSecurityProcessLabel(virDomainObjPtr vm, -+SELinuxGetSecurityProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virSecurityLabelPtr sec) - { - security_context_t ctx; -@@ -387,7 +390,8 @@ err: - } - - static int --SELinuxRestoreSecurityImageLabelInt(virDomainObjPtr vm, -+SELinuxRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainDiskDefPtr disk, - int migrated) - { -@@ -431,10 +435,11 @@ SELinuxRestoreSecurityImageLabelInt(virDomainObjPtr vm, - - - static int --SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm, -+SELinuxRestoreSecurityImageLabel(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, - virDomainDiskDefPtr disk) - { -- return SELinuxRestoreSecurityImageLabelInt(vm, disk, 0); -+ return SELinuxRestoreSecurityImageLabelInt(drv, vm, disk, 0); - } - - -@@ -462,7 +467,8 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk, - } - - static int --SELinuxSetSecurityImageLabel(virDomainObjPtr vm, -+SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainDiskDefPtr disk) - - { -@@ -500,7 +506,8 @@ SELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, - } - - static int --SELinuxSetSecurityHostdevLabel(virDomainObjPtr vm, -+SELinuxSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainHostdevDefPtr dev) - - { -@@ -568,7 +575,8 @@ SELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, - } - - static int --SELinuxRestoreSecurityHostdevLabel(virDomainObjPtr vm, -+SELinuxRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - virDomainHostdevDefPtr dev) - - { -@@ -715,7 +723,8 @@ SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, - - - static int --SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm, -+SELinuxRestoreSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - int migrated ATTRIBUTE_UNUSED) - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; -@@ -728,11 +737,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm, - return 0; - - for (i = 0 ; i < vm->def->nhostdevs ; i++) { -- if (SELinuxRestoreSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0) -+ if (SELinuxRestoreSecurityHostdevLabel(drv, -+ vm, -+ vm->def->hostdevs[i]) < 0) - rc = -1; - } - for (i = 0 ; i < vm->def->ndisks ; i++) { -- if (SELinuxRestoreSecurityImageLabelInt(vm, -+ if (SELinuxRestoreSecurityImageLabelInt(drv, -+ vm, - vm->def->disks[i], - migrated) < 0) - rc = -1; -@@ -756,7 +768,8 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm, - } - - static int --SELinuxReleaseSecurityLabel(virDomainObjPtr vm) -+SELinuxReleaseSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm) - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; - -@@ -779,7 +792,8 @@ SELinuxReleaseSecurityLabel(virDomainObjPtr vm) - - - static int --SELinuxSetSavedStateLabel(virDomainObjPtr vm, -+SELinuxSetSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - const char *savefile) - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; -@@ -792,7 +806,8 @@ SELinuxSetSavedStateLabel(virDomainObjPtr vm, - - - static int --SELinuxRestoreSavedStateLabel(virDomainObjPtr vm, -+SELinuxRestoreSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, - const char *savefile) - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; -@@ -963,7 +978,9 @@ SELinuxSetSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, - - - static int --SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path) -+SELinuxSetSecurityAllLabel(virSecurityDriverPtr drv, -+ virDomainObjPtr vm, -+ const char *stdin_path) - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; - int i; -@@ -978,11 +995,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path) - vm->def->disks[i]->src, vm->def->disks[i]->dst); - continue; - } -- if (SELinuxSetSecurityImageLabel(vm, vm->def->disks[i]) < 0) -+ if (SELinuxSetSecurityImageLabel(drv, -+ vm, vm->def->disks[i]) < 0) - return -1; - } - for (i = 0 ; i < vm->def->nhostdevs ; i++) { -- if (SELinuxSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0) -+ if (SELinuxSetSecurityHostdevLabel(drv, -+ vm, -+ vm->def->hostdevs[i]) < 0) - return -1; - } - --- -1.7.1.1 - diff --git a/libvirt-0.8.2-08-disable-disk-probing.patch b/libvirt-0.8.2-08-disable-disk-probing.patch deleted file mode 100644 index 5952ad5..0000000 --- a/libvirt-0.8.2-08-disable-disk-probing.patch +++ /dev/null @@ -1,468 +0,0 @@ -From dac2b936e77f6c76c11f162e4b175492e4803acb Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Tue, 15 Jun 2010 17:58:58 +0100 -Subject: [PATCH 08/11] Disable all disk probing in QEMU driver & add config option to re-enable - -Disk format probing is now disabled by default. A new config -option in /etc/qemu/qemu.conf will re-enable it for existing -deployments where this causes trouble ---- - src/qemu/libvirtd_qemu.aug | 1 + - src/qemu/qemu.conf | 12 ++++++++++++ - src/qemu/qemu_conf.c | 4 ++++ - src/qemu/qemu_conf.h | 1 + - src/qemu/qemu_driver.c | 36 +++++++++++++++++++++++------------- - src/qemu/qemu_security_dac.c | 2 +- - src/qemu/test_libvirtd_qemu.aug | 4 ++++ - src/security/security_apparmor.c | 12 ++++++++---- - src/security/security_driver.c | 16 ++++++++++++++-- - src/security/security_driver.h | 10 ++++++++-- - src/security/security_selinux.c | 9 ++++++--- - src/security/virt-aa-helper.c | 10 +++++++++- - tests/seclabeltest.c | 2 +- - 13 files changed, 92 insertions(+), 27 deletions(-) - -diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug -index 7c9f271..47d0525 100644 ---- a/src/qemu/libvirtd_qemu.aug -+++ b/src/qemu/libvirtd_qemu.aug -@@ -40,6 +40,7 @@ module Libvirtd_qemu = - | bool_entry "relaxed_acs_check" - | bool_entry "vnc_allow_host_audio" - | bool_entry "clear_emulator_capabilities" -+ | bool_entry "allow_disk_format_probing" - - (* Each enty in the config is one of the following three ... *) - let entry = vnc_entry -diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf -index 93934f3..dc8eb83 100644 ---- a/src/qemu/qemu.conf -+++ b/src/qemu/qemu.conf -@@ -187,3 +187,15 @@ - # exploit the privileges and possibly do damage to the host. - # - # clear_emulator_capabilities = 1 -+ -+ -+ -+# If allow_disk_format_probing is enabled, libvirt will probe disk -+# images to attempt to identify their format, when not otherwise -+# specified in the XML. This is disabled by default. -+# -+# WARNING: Enabling probing is a security hole in almost all -+# deployments. It is strongly recommended that users update their -+# guest XML elements to include -+# elements instead of enabling this option. -+# allow_disk_format_probing = 1 -diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c -index 988220b..3ba48bf 100644 ---- a/src/qemu/qemu_conf.c -+++ b/src/qemu/qemu_conf.c -@@ -365,6 +365,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, - CHECK_TYPE ("clear_emulator_capabilities", VIR_CONF_LONG); - if (p) driver->clearEmulatorCapabilities = p->l; - -+ p = virConfGetValue (conf, "allow_disk_format_probing"); -+ CHECK_TYPE ("allow_disk_format_probing", VIR_CONF_LONG); -+ if (p) driver->allowDiskFormatProbing = p->l; -+ - virConfFree (conf); - return 0; - } -diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h -index ab5f158..30e9f20 100644 ---- a/src/qemu/qemu_conf.h -+++ b/src/qemu/qemu_conf.h -@@ -141,6 +141,7 @@ struct qemud_driver { - unsigned int relaxedACS : 1; - unsigned int vncAllowHostAudio : 1; - unsigned int clearEmulatorCapabilities : 1; -+ unsigned int allowDiskFormatProbing : 1; - - virCapsPtr caps; - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 616547c..3c479c5 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -1322,7 +1322,8 @@ qemudSecurityInit(struct qemud_driver *qemud_drv) - qemuSecurityDACSetDriver(qemud_drv); - - ret = virSecurityDriverStartup(&security_drv, -- qemud_drv->securityDriverName); -+ qemud_drv->securityDriverName, -+ qemud_drv->allowDiskFormatProbing); - if (ret == -1) { - VIR_ERROR0(_("Failed to start security driver")); - return -1; -@@ -3070,11 +3071,12 @@ static int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, - } - - --static int qemuSetupDiskCgroup(virCgroupPtr cgroup, -+static int qemuSetupDiskCgroup(struct qemud_driver *driver, -+ virCgroupPtr cgroup, - virDomainDiskDefPtr disk) - { - return virDomainDiskDefForeachPath(disk, -- true, -+ driver->allowDiskFormatProbing, - true, - qemuSetupDiskPathAllow, - cgroup); -@@ -3109,11 +3111,12 @@ static int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, - } - - --static int qemuTeardownDiskCgroup(virCgroupPtr cgroup, -+static int qemuTeardownDiskCgroup(struct qemud_driver *driver, -+ virCgroupPtr cgroup, - virDomainDiskDefPtr disk) - { - return virDomainDiskDefForeachPath(disk, -- true, -+ driver->allowDiskFormatProbing, - true, - qemuTeardownDiskPathDeny, - cgroup); -@@ -3180,7 +3183,7 @@ static int qemuSetupCgroup(struct qemud_driver *driver, - } - - for (i = 0; i < vm->def->ndisks ; i++) { -- if (qemuSetupDiskCgroup(cgroup, vm->def->disks[i]) < 0) -+ if (qemuSetupDiskCgroup(driver, cgroup, vm->def->disks[i]) < 0) - goto cleanup; - } - -@@ -8033,7 +8036,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom, - vm->def->name); - goto endjob; - } -- if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0) -+ if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0) - goto endjob; - } - -@@ -8078,7 +8081,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom, - /* Fallthrough */ - } - if (ret != 0 && cgroup) { -- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0) -+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) - VIR_WARN("Failed to teardown cgroup for disk path %s", - NULLSTR(dev->data.disk->src)); - } -@@ -8278,7 +8281,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom, - vm->def->name); - goto endjob; - } -- if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0) -+ if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0) - goto endjob; - } - -@@ -8301,7 +8304,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom, - } - - if (ret != 0 && cgroup) { -- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0) -+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) - VIR_WARN("Failed to teardown cgroup for disk path %s", - NULLSTR(dev->data.disk->src)); - } -@@ -8429,7 +8432,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver, - VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); - - if (cgroup != NULL) { -- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0) -+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) - VIR_WARN("Failed to teardown cgroup for disk path %s", - NULLSTR(dev->data.disk->src)); - } -@@ -8493,7 +8496,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver, - VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); - - if (cgroup != NULL) { -- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0) -+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0) - VIR_WARN("Failed to teardown cgroup for disk path %s", - NULLSTR(dev->data.disk->src)); - } -@@ -9672,8 +9675,15 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom, - goto cleanup; - } - } else { -- if ((format = virStorageFileProbeFormat(disk->src)) < 0) -+ if (driver->allowDiskFormatProbing) { -+ if ((format = virStorageFileProbeFormat(disk->src)) < 0) -+ goto cleanup; -+ } else { -+ qemuReportError(VIR_ERR_INTERNAL_ERROR, -+ _("no disk format for %s and probing is disabled"), -+ disk->src); - goto cleanup; -+ } - } - - if (virStorageFileGetMetadataFromFD(path, fd, -diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c -index 0bbcf69..55dc0c6 100644 ---- a/src/qemu/qemu_security_dac.c -+++ b/src/qemu/qemu_security_dac.c -@@ -117,7 +117,7 @@ qemuSecurityDACSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, - return 0; - - return virDomainDiskDefForeachPath(disk, -- true, -+ driver->allowDiskFormatProbing, - false, - qemuSecurityDACSetSecurityFileLabel, - NULL); -diff --git a/src/qemu/test_libvirtd_qemu.aug b/src/qemu/test_libvirtd_qemu.aug -index 3326cc5..f0c4a0d 100644 ---- a/src/qemu/test_libvirtd_qemu.aug -+++ b/src/qemu/test_libvirtd_qemu.aug -@@ -101,6 +101,8 @@ relaxed_acs_check = 1 - vnc_allow_host_audio = 1 - - clear_emulator_capabilities = 0 -+ -+allow_disk_format_probing = 1 - " - - test Libvirtd_qemu.lns get conf = -@@ -212,3 +214,5 @@ clear_emulator_capabilities = 0 - { "vnc_allow_host_audio" = "1" } - { "#empty" } - { "clear_emulator_capabilities" = "0" } -+{ "#empty" } -+{ "allow_disk_format_probing" = "1" } -diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c -index cb5c739..c5f9829 100644 ---- a/src/security/security_apparmor.c -+++ b/src/security/security_apparmor.c -@@ -157,6 +157,8 @@ load_profile(virSecurityDriverPtr drv, - char *xml = NULL; - int pipefd[2]; - pid_t child; -+ const char *probe = virSecurityDriverGetAllowDiskFormatProbing(drv) -+ ? "1" : "0"; - - if (pipe(pipefd) < -1) { - virReportSystemError(errno, "%s", _("unable to create pipe")); -@@ -172,19 +174,19 @@ load_profile(virSecurityDriverPtr drv, - - if (create) { - const char *const argv[] = { -- VIRT_AA_HELPER, "-c", "-u", profile, NULL -+ VIRT_AA_HELPER, "-p", probe, "-c", "-u", profile, NULL - }; - ret = virExec(argv, NULL, NULL, &child, - pipefd[0], NULL, NULL, VIR_EXEC_NONE); - } else if (fn) { - const char *const argv[] = { -- VIRT_AA_HELPER, "-r", "-u", profile, "-f", fn, NULL -+ VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, "-f", fn, NULL - }; - ret = virExec(argv, NULL, NULL, &child, - pipefd[0], NULL, NULL, VIR_EXEC_NONE); - } else { - const char *const argv[] = { -- VIRT_AA_HELPER, "-r", "-u", profile, NULL -+ VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, NULL - }; - ret = virExec(argv, NULL, NULL, &child, - pipefd[0], NULL, NULL, VIR_EXEC_NONE); -@@ -347,9 +349,11 @@ AppArmorSecurityDriverProbe(void) - * currently not used. - */ - static int --AppArmorSecurityDriverOpen(virSecurityDriverPtr drv) -+AppArmorSecurityDriverOpen(virSecurityDriverPtr drv, -+ bool allowDiskFormatProbing) - { - virSecurityDriverSetDOI(drv, SECURITY_APPARMOR_VOID_DOI); -+ virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing); - return 0; - } - -diff --git a/src/security/security_driver.c b/src/security/security_driver.c -index aac9f78..9e32fa4 100644 ---- a/src/security/security_driver.c -+++ b/src/security/security_driver.c -@@ -56,7 +56,8 @@ virSecurityDriverVerify(virDomainDefPtr def) - - int - virSecurityDriverStartup(virSecurityDriverPtr *drv, -- const char *name) -+ const char *name, -+ bool allowDiskFormatProbing) - { - unsigned int i; - -@@ -72,7 +73,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv, - switch (tmp->probe()) { - case SECURITY_DRIVER_ENABLE: - virSecurityDriverInit(tmp); -- if (tmp->open(tmp) == -1) { -+ if (tmp->open(tmp, allowDiskFormatProbing) == -1) { - return -1; - } else { - *drv = tmp; -@@ -125,3 +126,14 @@ virSecurityDriverGetModel(virSecurityDriverPtr drv) - { - return drv->name; - } -+ -+void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv, -+ bool allowDiskFormatProbing) -+{ -+ drv->_private.allowDiskFormatProbing = allowDiskFormatProbing; -+} -+ -+bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv) -+{ -+ return drv->_private.allowDiskFormatProbing; -+} -diff --git a/src/security/security_driver.h b/src/security/security_driver.h -index 61c9eb0..d768f32 100644 ---- a/src/security/security_driver.h -+++ b/src/security/security_driver.h -@@ -33,7 +33,8 @@ typedef struct _virSecurityDriverState virSecurityDriverState; - typedef virSecurityDriverState *virSecurityDriverStatePtr; - - typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void); --typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv); -+typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv, -+ bool allowDiskFormatProbing); - typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityDriverPtr drv, - virDomainObjPtr vm, - virDomainDiskDefPtr disk); -@@ -102,12 +103,14 @@ struct _virSecurityDriver { - */ - struct { - char doi[VIR_SECURITY_DOI_BUFLEN]; -+ bool allowDiskFormatProbing; - } _private; - }; - - /* Global methods */ - int virSecurityDriverStartup(virSecurityDriverPtr *drv, -- const char *name); -+ const char *name, -+ bool allowDiskFormatProbing); - - int - virSecurityDriverVerify(virDomainDefPtr def); -@@ -120,7 +123,10 @@ virSecurityDriverVerify(virDomainDefPtr def); - void virSecurityDriverInit(virSecurityDriverPtr drv); - int virSecurityDriverSetDOI(virSecurityDriverPtr drv, - const char *doi); -+void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv, -+ bool allowDiskFormatProbing); - const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv); - const char *virSecurityDriverGetModel(virSecurityDriverPtr drv); -+bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv); - - #endif /* __VIR_SECURITY_H__ */ -diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c -index cc3812b..a9dd836 100644 ---- a/src/security/security_selinux.c -+++ b/src/security/security_selinux.c -@@ -266,13 +266,15 @@ SELinuxSecurityDriverProbe(void) - } - - static int --SELinuxSecurityDriverOpen(virSecurityDriverPtr drv) -+SELinuxSecurityDriverOpen(virSecurityDriverPtr drv, -+ bool allowDiskFormatProbing) - { - /* - * Where will the DOI come from? SELinux configuration, or qemu - * configuration? For the moment, we'll just set it to "0". - */ - virSecurityDriverSetDOI(drv, SECURITY_SELINUX_VOID_DOI); -+ virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing); - return SELinuxInitialize(); - } - -@@ -467,18 +469,19 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk, - } - - static int --SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, -+SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv, - virDomainObjPtr vm, - virDomainDiskDefPtr disk) - - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; -+ bool allowDiskFormatProbing = virSecurityDriverGetAllowDiskFormatProbing(drv); - - if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) - return 0; - - return virDomainDiskDefForeachPath(disk, -- true, -+ allowDiskFormatProbing, - false, - SELinuxSetSecurityFileLabel, - secdef); -diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c -index 9ed0cd3..521545d 100644 ---- a/src/security/virt-aa-helper.c -+++ b/src/security/virt-aa-helper.c -@@ -40,6 +40,7 @@ - static char *progname; - - typedef struct { -+ bool allowDiskFormatProbing; - char uuid[PROFILE_NAME_SIZE]; /* UUID of vm */ - bool dryrun; /* dry run */ - char cmd; /* 'c' create -@@ -844,7 +845,7 @@ get_files(vahControl * ctl) - - for (i = 0; i < ctl->def->ndisks; i++) { - int ret = virDomainDiskDefForeachPath(ctl->def->disks[i], -- true, -+ ctl->allowDiskFormatProbing, - false, - add_file_path, - &buf); -@@ -943,6 +944,7 @@ vahParseArgv(vahControl * ctl, int argc, char **argv) - { - int arg, idx = 0; - struct option opt[] = { -+ {"probing", 1, 0, 'p' }, - {"add", 0, 0, 'a'}, - {"create", 0, 0, 'c'}, - {"dryrun", 0, 0, 'd'}, -@@ -991,6 +993,12 @@ vahParseArgv(vahControl * ctl, int argc, char **argv) - PROFILE_NAME_SIZE) == NULL) - vah_error(ctl, 1, "error copying UUID"); - break; -+ case 'p': -+ if (STREQ(optarg, "1")) -+ ctl->allowDiskFormatProbing = true; -+ else -+ ctl->allowDiskFormatProbing = false; -+ break; - default: - vah_error(ctl, 1, "unsupported option"); - break; -diff --git a/tests/seclabeltest.c b/tests/seclabeltest.c -index 26d1f86..ef3f026 100644 ---- a/tests/seclabeltest.c -+++ b/tests/seclabeltest.c -@@ -15,7 +15,7 @@ main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) - const char *doi, *model; - virSecurityDriverPtr security_drv; - -- ret = virSecurityDriverStartup (&security_drv, "selinux"); -+ ret = virSecurityDriverStartup (&security_drv, "selinux", false); - if (ret == -1) - { - fprintf (stderr, "Failed to start security driver"); --- -1.7.1.1 - diff --git a/libvirt-0.8.2-09-set-default-driver.patch b/libvirt-0.8.2-09-set-default-driver.patch deleted file mode 100644 index 93c4ca5..0000000 --- a/libvirt-0.8.2-09-set-default-driver.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 3534cd47a57ee9cf7041472511444784f14d6939 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Mon, 14 Jun 2010 16:08:55 +0100 -Subject: [PATCH 09/11] Add ability to set a default driver name/type when parsing disks - -Record a default driver name/type in capabilities struct. Use this -when parsing disks if value is not set in XML config. - -* src/conf/capabilities.h: Record default driver name/type for disks -* src/conf/domain_conf.c: Fallback to default driver name/type - when parsing disks -* src/qemu/qemu_driver.c: Set default driver name/type to raw ---- - src/conf/capabilities.h | 2 ++ - src/conf/domain_conf.c | 16 +++++++++++++++- - src/qemu/qemu_driver.c | 8 ++++++++ - 3 files changed, 25 insertions(+), 1 deletions(-) - -diff --git a/src/conf/capabilities.h b/src/conf/capabilities.h -index 9290c82..f676eb8 100644 ---- a/src/conf/capabilities.h -+++ b/src/conf/capabilities.h -@@ -123,6 +123,8 @@ struct _virCaps { - virCapsGuestPtr *guests; - unsigned char macPrefix[VIR_MAC_PREFIX_BUFLEN]; - unsigned int emulatorRequired : 1; -+ const char *defaultDiskDriverName; -+ const char *defaultDiskDriverType; - void *(*privateDataAllocFunc)(void); - void (*privateDataFreeFunc)(void *); - int (*privateDataXMLFormat)(virBufferPtr, void *); -diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c -index b20ca97..f3b8cfa 100644 ---- a/src/conf/domain_conf.c -+++ b/src/conf/domain_conf.c -@@ -1639,6 +1639,16 @@ virDomainDiskDefParseXML(virCapsPtr caps, - def->serial = serial; - serial = NULL; - -+ if (!def->driverType && -+ caps->defaultDiskDriverType && -+ !(def->driverType = strdup(caps->defaultDiskDriverType))) -+ goto no_memory; -+ -+ if (!def->driverName && -+ caps->defaultDiskDriverName && -+ !(def->driverName = strdup(caps->defaultDiskDriverName))) -+ goto no_memory; -+ - if (def->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE - && virDomainDiskDefAssignAddress(caps, def) < 0) - goto error; -@@ -1659,6 +1669,9 @@ cleanup: - - return def; - -+no_memory: -+ virReportOOMError(); -+ - error: - virDomainDiskDefFree(def); - def = NULL; -@@ -4275,7 +4288,8 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps, - if (n && VIR_ALLOC_N(def->disks, n) < 0) - goto no_memory; - for (i = 0 ; i < n ; i++) { -- virDomainDiskDefPtr disk = virDomainDiskDefParseXML(caps, nodes[i], -+ virDomainDiskDefPtr disk = virDomainDiskDefParseXML(caps, -+ nodes[i], - flags); - if (!disk) - goto error; -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 3c479c5..14b790e 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -1357,6 +1357,14 @@ qemuCreateCapabilities(virCapsPtr oldcaps, - return NULL; - } - -+ if (driver->allowDiskFormatProbing) { -+ caps->defaultDiskDriverName = NULL; -+ caps->defaultDiskDriverType = NULL; -+ } else { -+ caps->defaultDiskDriverName = "qemu"; -+ caps->defaultDiskDriverType = "raw"; -+ } -+ - /* Domain XML parser hooks */ - caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc; - caps->privateDataFreeFunc = qemuDomainObjPrivateFree; --- -1.7.1.1 - diff --git a/libvirt-0.8.2-10-qemu-img-format-handling.patch b/libvirt-0.8.2-10-qemu-img-format-handling.patch deleted file mode 100644 index 813bf16..0000000 --- a/libvirt-0.8.2-10-qemu-img-format-handling.patch +++ /dev/null @@ -1,291 +0,0 @@ -From 2ba8625d6d148fa489586efabdfaf2ef20903762 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Wed, 16 Jun 2010 14:14:05 +0100 -Subject: [PATCH 10/11] Rewrite qemu-img backing store format handling - -When creating qcow2 files with a backing store, it is important -to set an explicit format to prevent QEMU probing. The storage -backend was only doing this if it found a 'kvm-img' binary. This -is wrong because plenty of kvm-img binaries don't support an -explicit format, and plenty of 'qemu-img' binaries do support -a format. The result was that most qcow2 files were not getting -a backing store format. - -This patch runs 'qemu-img -h' to check for the two support -argument formats - - '-o backing_format=raw' - '-F raw' - -and use whichever option it finds - -* src/storage/storage_backend.c: Query binary to determine - how to set the backing store format ---- - src/storage/storage_backend.c | 214 +++++++++++++++++++++++++++++------------ - 1 files changed, 152 insertions(+), 62 deletions(-) - -diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c -index aba8937..c185693 100644 ---- a/src/storage/storage_backend.c -+++ b/src/storage/storage_backend.c -@@ -561,6 +561,69 @@ static int virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool, - return 0; - } - -+enum { -+ QEMU_IMG_BACKING_FORMAT_NONE = 0, -+ QEMU_IMG_BACKING_FORMAT_FLAG, -+ QEMU_IMG_BACKING_FORMAT_OPTIONS, -+}; -+ -+static int virStorageBackendQEMUImgBackingFormat(const char *qemuimg) -+{ -+ const char *const qemuarg[] = { qemuimg, "-h", NULL }; -+ const char *const qemuenv[] = { "LC_ALL=C", NULL }; -+ pid_t child = 0; -+ int status; -+ int newstdout = -1; -+ char *help = NULL; -+ enum { MAX_HELP_OUTPUT_SIZE = 1024*8 }; -+ int len; -+ char *start; -+ char *end; -+ char *tmp; -+ int ret = -1; -+ -+ if (virExec(qemuarg, qemuenv, NULL, -+ &child, -1, &newstdout, NULL, VIR_EXEC_CLEAR_CAPS) < 0) -+ goto cleanup; -+ -+ if ((len = virFileReadLimFD(newstdout, MAX_HELP_OUTPUT_SIZE, &help)) < 0) { -+ virReportSystemError(errno, -+ _("Unable to read '%s -h' output"), -+ qemuimg); -+ goto cleanup; -+ } -+ -+ start = strstr(help, " create "); -+ end = strstr(start, "\n"); -+ if ((tmp = strstr(start, "-F fmt")) && tmp < end) -+ ret = QEMU_IMG_BACKING_FORMAT_FLAG; -+ else if ((tmp = strstr(start, "[-o options]")) && tmp < end) -+ ret = QEMU_IMG_BACKING_FORMAT_OPTIONS; -+ else -+ ret = QEMU_IMG_BACKING_FORMAT_NONE; -+ -+cleanup: -+ VIR_FREE(help); -+ close(newstdout); -+rewait: -+ if (child) { -+ if (waitpid(child, &status, 0) != child) { -+ if (errno == EINTR) -+ goto rewait; -+ -+ VIR_ERROR(_("Unexpected exit status from qemu %d pid %lu"), -+ WEXITSTATUS(status), (unsigned long)child); -+ } -+ if (WEXITSTATUS(status) != 0) { -+ VIR_WARN("Unexpected exit status '%d', qemu probably failed", -+ WEXITSTATUS(status)); -+ } -+ } -+ -+ return ret; -+} -+ -+ - static int - virStorageBackendCreateQemuImg(virConnectPtr conn, - virStoragePoolObjPtr pool, -@@ -568,10 +631,9 @@ virStorageBackendCreateQemuImg(virConnectPtr conn, - virStorageVolDefPtr inputvol, - unsigned int flags ATTRIBUTE_UNUSED) - { -- int ret; -+ int ret = -1; - char size[100]; - char *create_tool; -- short use_kvmimg; - - const char *type = virStorageFileFormatTypeToString(vol->target.format); - const char *backingType = vol->backingStore.path ? -@@ -582,41 +644,10 @@ virStorageBackendCreateQemuImg(virConnectPtr conn, - const char *inputPath = inputvol ? inputvol->target.path : NULL; - /* Treat input block devices as 'raw' format */ - const char *inputType = inputPath ? -- virStorageFileFormatTypeToString(inputvol->type == VIR_STORAGE_VOL_BLOCK ? VIR_STORAGE_FILE_RAW : inputvol->target.format) : -- NULL; -- -- const char **imgargv; -- /* The extra NULL field is for indicating encryption (-e). */ -- const char *imgargvnormal[] = { -- NULL, "create", -- "-f", type, -- vol->target.path, -- size, -- NULL, -- NULL -- }; -- /* Extra NULL fields are for including "backingType" when using -- * kvm-img (-F backingType), and for indicating encryption (-e). -- */ -- const char *imgargvbacking[] = { -- NULL, "create", -- "-f", type, -- "-b", vol->backingStore.path, -- vol->target.path, -- size, -- NULL, -- NULL, -- NULL, -- NULL -- }; -- const char *convargv[] = { -- NULL, "convert", -- "-f", inputType, -- "-O", type, -- inputPath, -- vol->target.path, -- NULL, -- }; -+ virStorageFileFormatTypeToString(inputvol->type == VIR_STORAGE_VOL_BLOCK ? -+ VIR_STORAGE_FILE_RAW : -+ inputvol->target.format) : -+ NULL; - - if (type == NULL) { - virStorageReportError(VIR_ERR_INTERNAL_ERROR, -@@ -690,44 +721,103 @@ virStorageBackendCreateQemuImg(virConnectPtr conn, - } - } - -- if ((create_tool = virFindFileInPath("kvm-img")) != NULL) -- use_kvmimg = 1; -- else if ((create_tool = virFindFileInPath("qemu-img")) != NULL) -- use_kvmimg = 0; -- else { -+ /* Size in KB */ -+ snprintf(size, sizeof(size), "%lluK", vol->capacity/1024); -+ -+ /* KVM is usually ahead of qemu on features, so try that first */ -+ create_tool = virFindFileInPath("kvm-img"); -+ if (!create_tool) -+ create_tool = virFindFileInPath("qemu-img"); -+ -+ if (!create_tool) { - virStorageReportError(VIR_ERR_INTERNAL_ERROR, - "%s", _("unable to find kvm-img or qemu-img")); - return -1; - } - - if (inputvol) { -- convargv[0] = create_tool; -- imgargv = convargv; -+ const char *imgargv[] = { -+ create_tool, -+ "convert", -+ "-f", inputType, -+ "-O", type, -+ inputPath, -+ vol->target.path, -+ NULL, -+ }; -+ -+ ret = virStorageBackendCreateExecCommand(pool, vol, imgargv); - } else if (vol->backingStore.path) { -- imgargvbacking[0] = create_tool; -- if (use_kvmimg) { -- imgargvbacking[6] = "-F"; -- imgargvbacking[7] = backingType; -- imgargvbacking[8] = vol->target.path; -- imgargvbacking[9] = size; -+ const char *imgargv[] = { -+ create_tool, -+ "create", -+ "-f", type, -+ "-b", vol->backingStore.path, -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ NULL -+ }; -+ int imgformat = virStorageBackendQEMUImgBackingFormat(create_tool); -+ char *optflag = NULL; -+ if (imgformat < 0) -+ goto cleanup; -+ -+ switch (imgformat) { -+ case QEMU_IMG_BACKING_FORMAT_FLAG: -+ imgargv[6] = "-F"; -+ imgargv[7] = backingType; -+ imgargv[8] = vol->target.path; -+ imgargv[9] = size; -+ if (vol->target.encryption != NULL) -+ imgargv[10] = "-e"; -+ break; -+ -+ case QEMU_IMG_BACKING_FORMAT_OPTIONS: -+ if (virAsprintf(&optflag, "backing_fmt=%s", backingType) < 0) { -+ virReportOOMError(); -+ goto cleanup; -+ } -+ imgargv[6] = "-o"; -+ imgargv[7] = optflag; -+ imgargv[8] = vol->target.path; -+ imgargv[9] = size; - if (vol->target.encryption != NULL) -- imgargvbacking[10] = "-e"; -- } else if (vol->target.encryption != NULL) -- imgargvbacking[8] = "-e"; -- imgargv = imgargvbacking; -+ imgargv[10] = "-e"; -+ break; -+ -+ default: -+ VIR_INFO("Unable to set backing store format for %s with %s", -+ vol->target.path, create_tool); -+ imgargv[6] = vol->target.path; -+ imgargv[7] = size; -+ if (vol->target.encryption != NULL) -+ imgargv[8] = "-e"; -+ } -+ -+ ret = virStorageBackendCreateExecCommand(pool, vol, imgargv); -+ VIR_FREE(optflag); - } else { -- imgargvnormal[0] = create_tool; -- imgargv = imgargvnormal; -+ /* The extra NULL field is for indicating encryption (-e). */ -+ const char *imgargv[] = { -+ create_tool, -+ "create", -+ "-f", type, -+ vol->target.path, -+ size, -+ NULL, -+ NULL -+ }; - if (vol->target.encryption != NULL) - imgargv[6] = "-e"; -- } - -+ ret = virStorageBackendCreateExecCommand(pool, vol, imgargv); -+ } - -- /* Size in KB */ -- snprintf(size, sizeof(size), "%lluK", vol->capacity/1024); -- -- ret = virStorageBackendCreateExecCommand(pool, vol, imgargv); -- VIR_FREE(imgargv[0]); -+ cleanup: -+ VIR_FREE(create_tool); - - return ret; - } --- -1.7.1.1 - diff --git a/libvirt-0.8.2-11-storage-vol-backing.patch b/libvirt-0.8.2-11-storage-vol-backing.patch deleted file mode 100644 index 7ffcc57..0000000 --- a/libvirt-0.8.2-11-storage-vol-backing.patch +++ /dev/null @@ -1,165 +0,0 @@ -From d33f44c2e74de28c89b64cdc2c0a6564662e075c Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Fri, 9 Jul 2010 11:28:40 +0100 -Subject: [PATCH 11/11] Use the extract backing store format in storage volume lookup - -The storage volume lookup code was probing for the backing store -format, instead of using the format extracted from the file -itself. This meant it could report in accurate information. If -a format is included in the file, then use that in preference, -with probing as a fallback. - -* src/storage/storage_backend_fs.c: Use extracted backing store - format ---- - src/storage/storage_backend_fs.c | 80 +++++++++++++++++--------------------- - 1 files changed, 36 insertions(+), 44 deletions(-) - -diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c -index d3ac0fe..ffb0071 100644 ---- a/src/storage/storage_backend_fs.c -+++ b/src/storage/storage_backend_fs.c -@@ -51,6 +51,7 @@ - static int - virStorageBackendProbeTarget(virStorageVolTargetPtr target, - char **backingStore, -+ int *backingStoreFormat, - unsigned long long *allocation, - unsigned long long *capacity, - virStorageEncryptionPtr *encryption) -@@ -58,6 +59,10 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target, - int fd, ret; - virStorageFileMetadata meta; - -+ if (backingStore) -+ *backingStore = NULL; -+ if (backingStoreFormat) -+ *backingStoreFormat = VIR_STORAGE_FILE_AUTO; - if (encryption) - *encryption = NULL; - -@@ -89,22 +94,30 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target, - - close(fd); - -- if (backingStore) { -- *backingStore = meta.backingStore; -- meta.backingStore = NULL; -+ if (meta.backingStore) { -+ if (backingStore) { -+ *backingStore = meta.backingStore; -+ meta.backingStore = NULL; -+ if (meta.backingStoreFormat == VIR_STORAGE_FILE_AUTO) { -+ if ((*backingStoreFormat = virStorageFileProbeFormat(*backingStore)) < 0) { -+ close(fd); -+ goto cleanup; -+ } -+ } else { -+ *backingStoreFormat = meta.backingStoreFormat; -+ } -+ } else { -+ VIR_FREE(meta.backingStore); -+ } - } - -- VIR_FREE(meta.backingStore); -- - if (capacity && meta.capacity) - *capacity = meta.capacity; - - if (encryption != NULL && meta.encrypted) { - if (VIR_ALLOC(*encryption) < 0) { - virReportOOMError(); -- if (backingStore) -- VIR_FREE(*backingStore); -- return -1; -+ goto cleanup; - } - - switch (target->format) { -@@ -124,6 +137,11 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target, - } - - return 0; -+ -+cleanup: -+ if (backingStore) -+ VIR_FREE(*backingStore); -+ return -1; - } - - #if WITH_STORAGE_FS -@@ -585,6 +603,7 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED, - while ((ent = readdir(dir)) != NULL) { - int ret; - char *backingStore; -+ int backingStoreFormat; - - if (VIR_ALLOC(vol) < 0) - goto no_memory; -@@ -604,6 +623,7 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED, - - if ((ret = virStorageBackendProbeTarget(&vol->target, - &backingStore, -+ &backingStoreFormat, - &vol->allocation, - &vol->capacity, - &vol->target.encryption)) < 0) { -@@ -619,46 +639,18 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED, - } - - if (backingStore != NULL) { -- if (vol->target.format == VIR_STORAGE_FILE_QCOW2 && -- STRPREFIX("fmt:", backingStore)) { -- char *fmtstr = backingStore + 4; -- char *path = strchr(fmtstr, ':'); -- if (!path) { -- VIR_FREE(backingStore); -- } else { -- *path = '\0'; -- if ((vol->backingStore.format = -- virStorageFileFormatTypeFromString(fmtstr)) < 0) { -- VIR_FREE(backingStore); -- } else { -- memmove(backingStore, path, strlen(path) + 1); -- vol->backingStore.path = backingStore; -- -- if (virStorageBackendUpdateVolTargetInfo(&vol->backingStore, -- NULL, -- NULL) < 0) -- VIR_FREE(vol->backingStore); -- } -- } -- } else { -- vol->backingStore.path = backingStore; -- -- if ((ret = virStorageBackendProbeTarget(&vol->backingStore, -- NULL, NULL, NULL, -- NULL)) < 0) { -- if (ret == -1) -- goto cleanup; -- else { -- /* Silently ignore non-regular files, -- * eg '.' '..', 'lost+found' */ -- VIR_FREE(vol->backingStore); -- } -- } -+ vol->backingStore.path = backingStore; -+ vol->backingStore.format = backingStoreFormat; -+ -+ if (virStorageBackendUpdateVolTargetInfo(&vol->backingStore, -+ NULL, -+ NULL) < 0) { -+ VIR_FREE(vol->backingStore.path); -+ goto cleanup; - } - } - - -- - if (VIR_REALLOC_N(pool->volumes.objs, - pool->volumes.count+1) < 0) - goto no_memory; --- -1.7.1.1 - diff --git a/libvirt-0.8.2-apply-iptables-sport-mapping.patch b/libvirt-0.8.2-apply-iptables-sport-mapping.patch deleted file mode 100644 index d929a34..0000000 --- a/libvirt-0.8.2-apply-iptables-sport-mapping.patch +++ /dev/null @@ -1,265 +0,0 @@ -From 112a309bc7839e95c558b535143f855ce89cca8c Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Thu, 10 Jun 2010 12:50:38 -0400 -Subject: [PATCH] CVE-2010-2242 Apply a source port mapping to virtual network masquerading - -IPtables will seek to preserve the source port unchanged when -doing masquerading, if possible. NFS has a pseudo-security -option where it checks for the source port <= 1023 before -allowing a mount request. If an admin has used this to make the -host OS trusted for mounts, the default iptables behaviour will -potentially allow NAT'd guests access too. This needs to be -stopped. - -With this change, the iptables -t nat -L -n -v rules for the -default network will be - -Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes) - pkts bytes target prot opt in out source destination - 14 840 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 - 75 5752 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 - 0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24 - -* src/network/bridge_driver.c: Add masquerade rules for TCP - and UDP protocols -* src/util/iptables.c, src/util/iptables.c: Add source port - mappings for TCP & UDP protocols when masquerading. ---- - src/network/bridge_driver.c | 73 ++++++++++++++++++++++++++++++++++++++++-- - src/util/iptables.c | 70 +++++++++++++++++++++++++++++------------ - src/util/iptables.h | 6 ++- - 3 files changed, 122 insertions(+), 27 deletions(-) - -diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c -index 72255c1..80ed57a 100644 ---- a/src/network/bridge_driver.c -+++ b/src/network/bridge_driver.c -@@ -638,18 +638,74 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver, - goto masqerr2; - } - -- /* enable masquerading */ -+ /* -+ * Enable masquerading. -+ * -+ * We need to end up with 3 rules in the table in this order -+ * -+ * 1. protocol=tcp with sport mapping restricton -+ * 2. protocol=udp with sport mapping restricton -+ * 3. generic any protocol -+ * -+ * The sport mappings are required, because default IPtables -+ * MASQUERADE is maintain port number unchanged where possible. -+ * -+ * NFS can be configured to only "trust" port numbers < 1023. -+ * -+ * Guests using NAT thus need to be prevented from having port -+ * numbers < 1023, otherwise they can bypass the NFS "security" -+ * check on the source port number. -+ * -+ * Since we use '--insert' to add rules to the header of the -+ * chain, we actually need to add them in the reverse of the -+ * order just mentioned ! -+ */ -+ -+ /* First the generic masquerade rule for other protocols */ - if ((err = iptablesAddForwardMasquerade(driver->iptables, - network->def->network, -- network->def->forwardDev))) { -+ network->def->forwardDev, -+ NULL))) { - virReportSystemError(err, - _("failed to add iptables rule to enable masquerading to '%s'"), - network->def->forwardDev ? network->def->forwardDev : NULL); - goto masqerr3; - } - -+ /* UDP with a source port restriction */ -+ if ((err = iptablesAddForwardMasquerade(driver->iptables, -+ network->def->network, -+ network->def->forwardDev, -+ "udp"))) { -+ virReportSystemError(err, -+ _("failed to add iptables rule to enable UDP masquerading to '%s'"), -+ network->def->forwardDev ? network->def->forwardDev : NULL); -+ goto masqerr4; -+ } -+ -+ /* TCP with a source port restriction */ -+ if ((err = iptablesAddForwardMasquerade(driver->iptables, -+ network->def->network, -+ network->def->forwardDev, -+ "tcp"))) { -+ virReportSystemError(err, -+ _("failed to add iptables rule to enable TCP masquerading to '%s'"), -+ network->def->forwardDev ? network->def->forwardDev : NULL); -+ goto masqerr5; -+ } -+ - return 1; - -+ masqerr5: -+ iptablesRemoveForwardMasquerade(driver->iptables, -+ network->def->network, -+ network->def->forwardDev, -+ "udp"); -+ masqerr4: -+ iptablesRemoveForwardMasquerade(driver->iptables, -+ network->def->network, -+ network->def->forwardDev, -+ NULL); - masqerr3: - iptablesRemoveForwardAllowRelatedIn(driver->iptables, - network->def->network, -@@ -814,8 +870,17 @@ networkRemoveIptablesRules(struct network_driver *driver, - if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) { - if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) { - iptablesRemoveForwardMasquerade(driver->iptables, -- network->def->network, -- network->def->forwardDev); -+ network->def->network, -+ network->def->forwardDev, -+ "tcp"); -+ iptablesRemoveForwardMasquerade(driver->iptables, -+ network->def->network, -+ network->def->forwardDev, -+ "udp"); -+ iptablesRemoveForwardMasquerade(driver->iptables, -+ network->def->network, -+ network->def->forwardDev, -+ NULL); - iptablesRemoveForwardAllowRelatedIn(driver->iptables, - network->def->network, - network->def->bridge, -diff --git a/src/util/iptables.c b/src/util/iptables.c -index d06b857..f63e8c6 100644 ---- a/src/util/iptables.c -+++ b/src/util/iptables.c -@@ -692,25 +692,49 @@ iptablesRemoveForwardRejectIn(iptablesContext *ctx, - */ - static int - iptablesForwardMasquerade(iptablesContext *ctx, -- const char *network, -- const char *physdev, -- int action) -+ const char *network, -+ const char *physdev, -+ const char *protocol, -+ int action) - { -- if (physdev && physdev[0]) { -- return iptablesAddRemoveRule(ctx->nat_postrouting, -- action, -- "--source", network, -- "!", "--destination", network, -- "--out-interface", physdev, -- "--jump", "MASQUERADE", -- NULL); -+ if (protocol && protocol[0]) { -+ if (physdev && physdev[0]) { -+ return iptablesAddRemoveRule(ctx->nat_postrouting, -+ action, -+ "--source", network, -+ "-p", protocol, -+ "!", "--destination", network, -+ "--out-interface", physdev, -+ "--jump", "MASQUERADE", -+ "--to-ports", "1024-65535", -+ NULL); -+ } else { -+ return iptablesAddRemoveRule(ctx->nat_postrouting, -+ action, -+ "--source", network, -+ "-p", protocol, -+ "!", "--destination", network, -+ "--jump", "MASQUERADE", -+ "--to-ports", "1024-65535", -+ NULL); -+ } - } else { -- return iptablesAddRemoveRule(ctx->nat_postrouting, -- action, -- "--source", network, -- "!", "--destination", network, -- "--jump", "MASQUERADE", -- NULL); -+ if (physdev && physdev[0]) { -+ return iptablesAddRemoveRule(ctx->nat_postrouting, -+ action, -+ "--source", network, -+ "!", "--destination", network, -+ "--out-interface", physdev, -+ "--jump", "MASQUERADE", -+ NULL); -+ } else { -+ return iptablesAddRemoveRule(ctx->nat_postrouting, -+ action, -+ "--source", network, -+ "!", "--destination", network, -+ "--jump", "MASQUERADE", -+ NULL); -+ } - } - } - -@@ -719,6 +743,7 @@ iptablesForwardMasquerade(iptablesContext *ctx, - * @ctx: pointer to the IP table context - * @network: the source network name - * @physdev: the physical input device or NULL -+ * @protocol: the network protocol or NULL - * - * Add rules to the IP table context to allow masquerading - * network @network on @physdev. This allow the bridge to -@@ -729,9 +754,10 @@ iptablesForwardMasquerade(iptablesContext *ctx, - int - iptablesAddForwardMasquerade(iptablesContext *ctx, - const char *network, -- const char *physdev) -+ const char *physdev, -+ const char *protocol) - { -- return iptablesForwardMasquerade(ctx, network, physdev, ADD); -+ return iptablesForwardMasquerade(ctx, network, physdev, protocol, ADD); - } - - /** -@@ -739,6 +765,7 @@ iptablesAddForwardMasquerade(iptablesContext *ctx, - * @ctx: pointer to the IP table context - * @network: the source network name - * @physdev: the physical input device or NULL -+ * @protocol: the network protocol or NULL - * - * Remove rules from the IP table context to stop masquerading - * network @network on @physdev. This stops the bridge from -@@ -749,7 +776,8 @@ iptablesAddForwardMasquerade(iptablesContext *ctx, - int - iptablesRemoveForwardMasquerade(iptablesContext *ctx, - const char *network, -- const char *physdev) -+ const char *physdev, -+ const char *protocol) - { -- return iptablesForwardMasquerade(ctx, network, physdev, REMOVE); -+ return iptablesForwardMasquerade(ctx, network, physdev, protocol, REMOVE); - } -diff --git a/src/util/iptables.h b/src/util/iptables.h -index 7d55a6d..b47d854 100644 ---- a/src/util/iptables.h -+++ b/src/util/iptables.h -@@ -85,9 +85,11 @@ int iptablesRemoveForwardRejectIn (iptablesContext *ctx, - - int iptablesAddForwardMasquerade (iptablesContext *ctx, - const char *network, -- const char *physdev); -+ const char *physdev, -+ const char *protocol); - int iptablesRemoveForwardMasquerade (iptablesContext *ctx, - const char *network, -- const char *physdev); -+ const char *physdev, -+ const char *protocol); - - #endif /* __QEMUD_IPTABLES_H__ */ --- -1.6.6.1 - diff --git a/libvirt.spec b/libvirt.spec index 154cf40..4634e34 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -184,25 +184,11 @@ Summary: Library providing a simple API virtualization Name: libvirt -Version: 0.8.2 -Release: 3%{?dist}%{?extra_release} +Version: 0.8.3 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz -# Patches 1-> 11 CVE-2010-2237, 2238, 2239 -Patch1: libvirt-0.8.2-01-extract-backing-store-format.patch -Patch2: libvirt-0.8.2-02-remove-type-field.patch -Patch3: libvirt-0.8.2-03-refactor-metadata-extract.patch -Patch4: libvirt-0.8.2-04-require-storage-format.patch -Patch5: libvirt-0.8.2-05-disk-path-iterator.patch -Patch6: libvirt-0.8.2-06-use-disk-iterator.patch -Patch7: libvirt-0.8.2-07-secdriver-params.patch -Patch8: libvirt-0.8.2-08-disable-disk-probing.patch -Patch9: libvirt-0.8.2-09-set-default-driver.patch -Patch10: libvirt-0.8.2-10-qemu-img-format-handling.patch -Patch11: libvirt-0.8.2-11-storage-vol-backing.patch -# CVE-2010-2242 -Patch12: libvirt-0.8.2-apply-iptables-sport-mapping.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root URL: http://libvirt.org/ BuildRequires: python-devel @@ -216,7 +202,7 @@ Requires: %{name}-client = %{version}-%{release} Requires: bridge-utils %endif %if %{with_network} -Requires: dnsmasq +Requires: dnsmasq >= 2.41 Requires: iptables %endif %if %{with_nwfilter} @@ -314,7 +300,7 @@ BuildRequires: avahi-devel BuildRequires: libselinux-devel %endif %if %{with_network} -BuildRequires: dnsmasq +BuildRequires: dnsmasq >= 2.41 %endif BuildRequires: bridge-utils %if %{with_sasl} @@ -438,18 +424,6 @@ of recent versions of Linux (and other OSes). %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 %build %if ! %{with_xen} @@ -613,7 +587,7 @@ gzip -9 ChangeLog rm -fr %{buildroot} %makeinstall -for i in domain-events/events-c dominfo domsuspend hellolibvirt python xml/nwfilter +for i in domain-events/events-c dominfo domsuspend hellolibvirt openauth python xml/nwfilter do (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in) done @@ -862,6 +836,8 @@ fi %attr(0755, root, root) %{_libexecdir}/libvirt_parthelper %attr(0755, root, root) %{_sbindir}/libvirtd +%{_mandir}/man8/libvirtd.8* + %doc docs/*.xml %endif @@ -921,6 +897,7 @@ fi %doc examples/domain-events/events-c %doc examples/dominfo %doc examples/domsuspend +%doc examples/openauth %doc examples/xml %if %{with_python} @@ -937,6 +914,9 @@ fi %endif %changelog +* Mon Aug 23 2010 Daniel P. Berrange - 0.8.3-1 +- Upstream release 0.8.3 + * Wed Jul 21 2010 David Malcolm - 0.8.2-3 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild