Re: [PATCH v3 2/3] test_driver: Introduce testDomainObjCheckTaint

On Wed, Jun 30, 2021 at 10:53:45AM +0800, Luke Yue wrote: > In order to test the virDomainGetMessages for test driver, we need > to > check some taints or deprecations, so introduce > testDomainObjCheckTaint > for checking taints. > > As we introduced testDomainObjCheckTaint for test driver, the > `dominfo` > command in virshtest will now print tainting messages, so add them > for > test. > I do not know whether I'd duplicate all of the qemu driver code to exercise some test driver APIs, but it's better than nothing.  To be honest I don't know about any other better option =) > Signed-off-by: Luke Yue <lukedyue(a)gmail.com&gt; > --- > src/test/test_driver.c | 57 > ++++++++++++++++++++++++++++++++++++++++++ > tests/virshtest.c      |  2 ++ > 2 files changed, 59 insertions(+) > > diff --git a/src/test/test_driver.c b/src/test/test_driver.c > index 35742fcde3..06ba7c4cd2 100644 > --- a/src/test/test_driver.c > +++ b/src/test/test_driver.c > @@ -9291,6 +9291,61 @@ > testDomainCheckpointDelete(virDomainCheckpointPtr checkpoint, >     return ret; > } > > +static void > +testDomainObjCheckDiskTaint(virDomainObj *obj, > +                            virDomainDiskDef *disk) > +{ > +    if (disk->rawio == VIR_TRISTATE_BOOL_YES) > +        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES); > + > +    if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM && > +        virStorageSourceGetActualType(disk->src) == > VIR_STORAGE_TYPE_BLOCK && > +        disk->src->path && virFileIsCDROM(disk->src->path) == 1) > +        virDomainObjTaint(obj, > VIR_DOMAIN_TAINT_CDROM_PASSTHROUGH); > +} > + > +static void > +testDomainObjCheckHostdevTaint(virDomainObj *obj, > +                               virDomainHostdevDef *hostdev) > +{ > +    if (!virHostdevIsSCSIDevice(hostdev)) > +        return; > + > +    if (hostdev->source.subsys.u.scsi.rawio == > VIR_TRISTATE_BOOL_YES) > +        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES); > +} > + > +static void > +testDomainObjCheckNetTaint(virDomainObj *obj, > +                           virDomainNetDef *net) > +{ > +    /* script is only useful for NET_TYPE_ETHERNET (qemu) and > +     * NET_TYPE_BRIDGE (xen), but could be (incorrectly) specified > for > +     * any interface type. In any case, it's adding user sauce > into > +     * the soup, so it should taint the domain. > +     */ > +    if (net->script != NULL) > +        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS); > +} > + > +static void > +testDomainObjCheckTaint(virDomainObj *obj) > +{ > +    size_t i; > + > +    for (i = 0; i < obj->def->ndisks; i++) > +        testDomainObjCheckDiskTaint(obj, obj->def->disks[i]); > + > +    for (i = 0; i < obj->def->nhostdevs; i++) > +        testDomainObjCheckHostdevTaint(obj, obj->def- > >hostdevs[i]); > + > +    for (i = 0; i < obj->def->nnets; i++) > +        testDomainObjCheckNetTaint(obj, obj->def->nets[i]); > + > +    if (obj->def->os.dtb) > +        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_CUSTOM_DTB); > +} > + > static int > testDomainGetMessages(virDomainPtr dom, >                       char ***msgs, > @@ -9311,6 +9366,8 @@ testDomainGetMessages(virDomainPtr dom, >     nmsgs = 0; >     n = 0; > > +    testDomainObjCheckTaint(vm); > + I know it works here, but I would rather do it in testParseDomains() and when creating a domain.  To make it done in a single place you could utilise xmlopt callbacks which are called at different stages of parsing an XML, be it domain or any other one.  That way this function does not do anything that other drivers don't.

>     if (!flags || (flags & VIR_DOMAIN_MESSAGE_TAINTING)) { >         nmsgs += __builtin_popcount(vm->taint); >         *msgs = g_renew(char *, *msgs, nmsgs+1); > diff --git a/tests/virshtest.c b/tests/virshtest.c > index c1974c46cb..937448cefc 100644 > --- a/tests/virshtest.c > +++ b/tests/virshtest.c > @@ -22,6 +22,7 @@ main(void) > > # define DOM_UUID "ef861801-45b9-11cb-88e3-afbfe5370493" > # define SECURITY_LABEL "libvirt-test (enforcing)" > +# define MESSAGES "tainted: network configuration using opaque > shell scripts" > > static const char *dominfo_fc4 = "\ > Id:             2\n\ > @@ -38,6 +39,7 @@ Managed save:   no\n\ > Security model: testSecurity\n\ > Security DOI:   \n\ > Security label: " SECURITY_LABEL "\n\ > +Messages:       " MESSAGES "\n\ Pity there's not much more than this, but again - better than nothing.

> \n"; > static const char *domuuid_fc4 = DOM_UUID "\n\n"; > static const char *domid_fc4 = "2\n\n"; > -- > 2.32.0 >