Re: [libvirt] [PATCH v2 8/8] qemu: support use of virtlogd with file based chardevs

Currently the file based character devices let QEMU write directly to a file on disk. This allows a malicious QEMU to inflict a denial of service by consuming all free space. Switch QEMU to use a pipe to virtlogd, which will enforce file rollover. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- src/qemu/qemu_command.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index e04e55e..462a019 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -3983,18 +3983,19 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, break; case VIR_DOMAIN_CHR_TYPE_FILE: - virBufferAsprintf(&buf, "file,id=char%s,path=%s", alias,

- dev->data.file.path); - if (dev->data.file.append != VIR_TRISTATE_SWITCH_ABSENT) { - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_FILE_APPEND)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("append not supported in this QEMU binary")); - goto error; - } + virBufferAsprintf(&buf, "file,id=char%s", alias); - virBufferAsprintf(&buf, ",append=%s", - virTristateSwitchTypeToString(dev->data.file.append)); + if (dev->data.file.append != VIR_TRISTATE_SWITCH_ABSENT && + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_FILE_APPEND)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("append not supported in this QEMU binary")); + goto error; } + if (qemuBuildChrChardevFileStr(virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_FILE_APPEND) ? + logManager : NULL, cmd, def, &buf, + "file", dev->data.file.path,

+ "append", dev->data.file.append) < 0) + goto error; break; case VIR_DOMAIN_CHR_TYPE_PIPE: