[libvirt] [PATCH] security: Set permissions for kernel/initrd
by Cole Robinson
Fixes URL installs when running virt-install as root on Fedora.
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
src/qemu/qemu_security_dac.c | 21 +++++++++++++++++++++
src/security/security_selinux.c | 16 ++++++++++++++++
2 files changed, 37 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index 6911f48..1883fbe 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -332,6 +332,15 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
vm->def->disks[i]) < 0)
rc = -1;
}
+
+ if (vm->def->os.kernel &&
+ qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
+ rc = -1;
+
+ if (vm->def->os.initrd &&
+ qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
+ rc = -1;
+
return rc;
}
@@ -356,6 +365,18 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
return -1;
}
+ if (vm->def->os.kernel &&
+ qemuSecurityDACSetOwnership(vm->def->os.kernel,
+ driver->user,
+ driver->group) < 0)
+ return -1;
+
+ if (vm->def->os.initrd &&
+ qemuSecurityDACSetOwnership(vm->def->os.initrd,
+ driver->user,
+ driver->group) < 0)
+ return -1;
+
return 0;
}
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index b2c8581..975b315 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -616,6 +616,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
rc = -1;
}
+ if (vm->def->os.kernel &&
+ SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
+ rc = -1;
+
+ if (vm->def->os.initrd &&
+ SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
+ rc = -1;
+
return rc;
}
@@ -736,6 +744,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
return -1;
}
+ if (vm->def->os.kernel &&
+ SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
+ return -1;
+
+ if (vm->def->os.initrd &&
+ SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
+ return -1;
+
return 0;
}
--
1.6.6.1
15 years, 1 month
[libvirt] [PATCH] qemu: Fix USB by product with security enabled
by Cole Robinson
We need to call PrepareHostdevs to determine the USB device path before
any security calls. PrepareHostUSBDevices was also incorrectly skipping
all USB devices.
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
src/qemu/qemu_driver.c | 11 ++++++-----
1 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 26b5600..0fa9b2f 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2360,7 +2360,7 @@ qemuPrepareHostUSBDevices(struct qemud_driver *driver ATTRIBUTE_UNUSED,
if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
continue;
- if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+ if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB)
continue;
/* Resolve a vendor/product to bus/device */
@@ -2703,6 +2703,11 @@ static int qemudStartVMDaemon(virConnectPtr conn,
return -1;
}
+ DEBUG0("Preparing host devices");
+ /* Must be run before security labelling */
+ if (qemuPrepareHostDevices(driver, vm->def) < 0)
+ goto cleanup;
+
DEBUG0("Generating domain security label (if required)");
/* If you are using a SecurityDriver with dynamic labelling,
then generate a security label for isolation */
@@ -2769,10 +2774,6 @@ static int qemudStartVMDaemon(virConnectPtr conn,
if (qemuSetupCgroup(driver, vm) < 0)
goto cleanup;
- DEBUG0("Preparing host devices");
- if (qemuPrepareHostDevices(driver, vm->def) < 0)
- goto cleanup;
-
if (VIR_ALLOC(priv->monConfig) < 0) {
virReportOOMError();
goto cleanup;
--
1.6.6
15 years, 1 month
[libvirt] libvirt modifying iptables rules
by Varrun Ramani
Hi
I am right now undertaking a project which deals with verification of
firewall rules. I wish to know which applications/libraries modify/query
firewall rules. I came to know that libvirt modifies iptables rules. Can
anyone let me know for what purposes/how libvirt modifies the rules?
Thanks & Regards
Varrun Ramani
15 years, 1 month
[libvirt] [PATCH] qemu: pass the information when disks are read-only
by Daniel Veillard
The problem is that even when the user indicates that a drive has to be
opened as read-only (for example a cd-rom) qemu didn't get the
information and tried to open read-write. This could get really nasty
in case SELinux is monitoring that no read-write access is attempted:
https://bugzilla.redhat.com/show_bug.cgi?id=536760
Patch is relatively simple and based on teh assumption that if the
-device qemu options are allowed then qemu also knows about the
readonly option (this was added to the help string quite later so
we should not rely on that in this case).
* src/qemu/qemu_conf.c: add the ",readonly=on" for read-only disks
and also parse it back in qemuParseCommandLineDisk()
* tests/qemuxml2argvtest.c
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.args
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.xml:
add a specific regression test
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 40ca221..fb23c52 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -2398,6 +2398,9 @@ qemuBuildDriveStr(virDomainDiskDefPtr disk,
if (bootable &&
disk->device == VIR_DOMAIN_DISK_DEVICE_DISK)
virBufferAddLit(&opt, ",boot=on");
+ if (disk->readonly &&
+ qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)
+ virBufferAddLit(&opt, ",readonly=on");
if (disk->driverType &&
disk->type != VIR_DOMAIN_DISK_TYPE_DIR &&
qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_FORMAT)
@@ -4694,6 +4697,9 @@ qemuParseCommandLineDisk(const char *val,
_("cannot parse drive unit '%s'"), val);
goto cleanup;
}
+ } else if (STREQ(keywords[i], "readonly")) {
+ if ((values[i] == NULL) || STREQ(values[i], "on"))
+ def->readonly = 1;
}
}
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.args
new file mode 100644
index 0000000..fbc3226
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.args
@@ -0,0 +1 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -nodefaults -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -drive file=/dev/HostVG/QEMUGuest1,if=none,id=drive-ide0-0-0 -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive file=/dev/sr0,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -usb -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.xml
new file mode 100644
index 0000000..39c3a1c
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.xml
@@ -0,0 +1,30 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory>219200</memory>
+ <currentMemory>219200</currentMemory>
+ <vcpu>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' unit='0'/>
+ </disk>
+ <disk type='block' device='cdrom'>
+ <source dev='/dev/sr0'/>
+ <target dev='hdc' bus='ide'/>
+ <readonly/>
+ <address type='drive' controller='0' bus='1' unit='0'/>
+ </disk>
+ <controller type='ide' index='0'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 4ca946a..e3762c9 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -249,6 +249,8 @@ mymain(int argc, char **argv)
QEMUD_CMD_FLAG_DRIVE_BOOT | QEMUD_CMD_FLAG_DRIVE_FORMAT);
DO_TEST("disk-drive-fat", QEMUD_CMD_FLAG_DRIVE |
QEMUD_CMD_FLAG_DRIVE_BOOT | QEMUD_CMD_FLAG_DRIVE_FORMAT);
+ DO_TEST("disk-drive-readonly-disk", QEMUD_CMD_FLAG_DRIVE |
+ QEMUD_CMD_FLAG_DEVICE);
DO_TEST("disk-drive-fmt-qcow", QEMUD_CMD_FLAG_DRIVE |
QEMUD_CMD_FLAG_DRIVE_BOOT | QEMUD_CMD_FLAG_DRIVE_FORMAT);
DO_TEST("disk-drive-shared", QEMUD_CMD_FLAG_DRIVE |
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
15 years, 1 month
[libvirt] [PATCH] qemudDomainAttachSCSIDisk: handle empty controller list
by Jim Meyering
Clang found something that might be a real bug.
I suspect that ...drive.controller will always be at least one,
but we should not have to dive into the code trying to figure
that out. It's easier/better here just to handle the potential trouble:
clang saw that if it *was* zero, then the following "for" loop
would not be entered, and "cont" would not be initialized.
On the very next statement "cont" (uninitialized) would be dereferenced.
>From 21ec1a8ae0218a5e8d789410318a973518ffec6c Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 2 Mar 2010 17:45:10 +0100
Subject: [PATCH] qemudDomainAttachSCSIDisk: handle empty controller list
* src/qemu/qemu_driver.c (qemudDomainAttachSCSIDisk): Handle
the (theoretical) case of an empty controller list, so that
clang does not think the subsequent dereference of "cont"
would dereference an undefined variable (due to preceding
loop not iterating even once).
---
src/qemu/qemu_driver.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 7f7c459..efb1857 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5671,18 +5671,24 @@ static int qemudDomainAttachSCSIDisk(struct qemud_driver *driver,
if (qemuAssignDeviceDiskAlias(disk, qemuCmdFlags) < 0)
goto error;
if (!(devstr = qemuBuildDriveDevStr(disk)))
goto error;
}
if (!(drivestr = qemuBuildDriveStr(disk, 0, qemuCmdFlags)))
goto error;
+ if (disk->info.addr.drive.controller <= 0) {
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
+ _("no drive controller for %s"), disk->dst);
+ goto error;
+ }
+
for (i = 0 ; i <= disk->info.addr.drive.controller ; i++) {
cont = qemuDomainFindOrCreateSCSIDiskController(driver, vm, i, qemuCmdFlags);
if (!cont)
goto error;
}
if (cont->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) {
qemuReportError(VIR_ERR_INTERNAL_ERROR,
_("SCSI controller %d was missing its PCI address"), cont->idx);
--
1.7.0.1.414.g89213d
15 years, 1 month
[libvirt] eject ISO from cdrom
by Shi Jin
Hi there,
I am using libvirt+qemu/kvm.
For a guest VM that is running, I could change its cdrom media by running the following virsh command:
virsh attach-disk <vm-id> <path-to-iso-file> hdc --driver file --type cdrom --mode readonly
This will change the media in the cdrom for the guest VM.
Once I am done, I can use virt-manager to disconnect the iso file to the cdrom. The resulting xml file looks like (only showing the relevant part)
<disk type='file' device='cdrom'>
<target dev='hdc' bus='ide'/>
<readonly/>
</disk>
However, I am having trouble to do the same task (eject cd media) using virsh command. I am successful in running the "virsh attach-device 1 emptyCD.xml" command where the emptyCD.xml is an xml without the source file path, just like the one above. However, I want to do it by a single command without the need to create xml files. It should be something like
> virsh attach-disk 1 "" hdc --driver file --type cdrom --mode readonly
However, virsh does not like the empty string "".
I also looked at the virt-manager source code, in this case, the python script is
912 if curpath:
913 # Disconnect cdrom
914 self.change_cdrom_media(dev_id_info, None, _type=None)
Basically a None parameter is pass to the API. All I need to find out is how to do the same thing in the "virsh attach-disk" command.
Do you have any suggestions/comments?
Thanks a lot.
Shi
--
Shi Jin, PhD
15 years, 1 month
[libvirt] How to differentiate creation from migration?
by Richard Maciel
Hi,
I work on a project that makes use of libvirt (called libvirt-cim) and
we created an algorithm to detect when a new machine is created.
However, I need to filter the ones created by the migration operation.
Does libvirt provides a way to distinguish a machine created by
'migrate' command from a machine created by the 'define' command
(virDomainDefineXML API call)?
Thanks in advance,
Richard Maciel
15 years, 1 month
[libvirt] libvirt regression in managing qemu-system-arm
by Chris Tyler
I've been experimenting with using libvirt to manage qemu-system-arm
VMs, and it's working fine in F12. However, in F13Alpha, the wrong
arguments are passed to the emulator -- I suspect that the x86 platform
versions of qemu accept new argument formats, and qemu-system-arm hasn't
been updated. The versions in F13alpha are qemu-system-arm 0.12.3 and
libvirt 0.7.6.
Could this be reverted, or the old code conditionally invoked?
Sample ARM root filesystem, domain XML, and kernel are located at
http://cdot.senecac.on.ca/arm -- as well as a wrapper script
for /usr/bin/qemu-system-arm that edits the command-line arguments.
Thanks for considering this--
-Chris
15 years, 1 month
[libvirt] [PATCH] esx: Improve documentation about remote URIs
by Matthias Bolte
---
docs/drvesx.html.in | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/docs/drvesx.html.in b/docs/drvesx.html.in
index 9b413ab..6855298 100644
--- a/docs/drvesx.html.in
+++ b/docs/drvesx.html.in
@@ -32,6 +32,14 @@ gsx://example.com (GSX over HTTPS)
esx://example.com/?transport=http (ESX over HTTP)
esx://example.com/?no_verify=1 (ESX over HTTPS, but doesn't verify the server's SSL certificate)
</pre>
+ <p>
+ <strong>Note</strong>: In contrast to other drivers, the ESX driver is
+ a client-side-only driver. That means you cannot use the
+ <a href="remote.html">remote transport mechanism</a> provided by the
+ remote driver and libvirtd. Instead the ESX driver communicates to the
+ ESX server using HTTP(S). Therefore, you cannot use URIs like
+ <code>esx+ssh://example.com</code>.
+ </p>
<h3><a name="uriformat">URI Format</a></h3>
--
1.6.3.3
15 years, 1 month
