[PATCH v1 24/34] qemuDomainBuildNamespace: Populate RNGs from daemon's namespace
As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain RNGs into daemon's
namespace.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_domain_namespace.c | 40 +++++++++-----------------------
1 file changed, 11 insertions(+), 29 deletions(-)
diff --git a/src/qemu/qemu_domain_namespace.c b/src/qemu/qemu_domain_namespace.c
index f709fbb616..2ab10cb9f0 100644
--- a/src/qemu/qemu_domain_namespace.c
+++ b/src/qemu/qemu_domain_namespace.c
@@ -762,11 +762,11 @@ qemuDomainSetupAllInputs(virDomainObjPtr vm,
static int
qemuDomainSetupRNG(virDomainRNGDefPtr rng,
- const struct qemuDomainCreateDeviceData *data)
+ char ***paths)
{
switch ((virDomainRNGBackend) rng->backend) {
case VIR_DOMAIN_RNG_BACKEND_RANDOM:
- if (qemuDomainCreateDevice(rng->source.file, data, false) < 0)
+ if (virStringListAdd(paths, rng->source.file) < 0)
return -1;
break;
@@ -783,14 +783,14 @@ qemuDomainSetupRNG(virDomainRNGDefPtr rng,
static int
qemuDomainSetupAllRNGs(virDomainObjPtr vm,
- const struct qemuDomainCreateDeviceData *data)
+ char ***paths)
{
size_t i;
VIR_DEBUG("Setting up RNGs");
for (i = 0; i < vm->def->nrngs; i++) {
if (qemuDomainSetupRNG(vm->def->rngs[i],
- data) < 0)
+ paths) < 0)
return -1;
}
@@ -888,6 +888,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupAllInputs(vm, &paths) < 0)
return -1;
+ if (qemuDomainSetupAllRNGs(vm, &paths) < 0)
+ return -1;
+
if (qemuDomainNamespaceMknodPaths(vm, (const char **) paths) < 0)
return -1;
@@ -939,9 +942,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
goto cleanup;
- if (qemuDomainSetupAllRNGs(vm, &data) < 0)
- goto cleanup;
-
if (qemuDomainSetupLoader(vm, &data) < 0)
goto cleanup;
@@ -1581,16 +1581,6 @@ qemuDomainDetachDeviceUnlink(virQEMUDriverPtr driver
G_GNUC_UNUSED,
}
-static int
-qemuDomainNamespaceMknodPath(virDomainObjPtr vm,
- const char *path)
-{
- const char *paths[] = { path, NULL };
-
- return qemuDomainNamespaceMknodPaths(vm, paths);
-}
-
-
static int
qemuDomainNamespaceUnlinkPaths(virDomainObjPtr vm,
const char **paths,
@@ -1818,23 +1808,15 @@ int
qemuDomainNamespaceSetupRNG(virDomainObjPtr vm,
virDomainRNGDefPtr rng)
{
- const char *path = NULL;
+ VIR_AUTOSTRINGLIST paths = NULL;
if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
return 0;
- switch ((virDomainRNGBackend) rng->backend) {
- case VIR_DOMAIN_RNG_BACKEND_RANDOM:
- path = rng->source.file;
- break;
+ if (qemuDomainSetupRNG(rng, &paths) < 0)
+ return -1;
- case VIR_DOMAIN_RNG_BACKEND_EGD:
- case VIR_DOMAIN_RNG_BACKEND_BUILTIN:
- case VIR_DOMAIN_RNG_BACKEND_LAST:
- break;
- }
-
- if (path && qemuDomainNamespaceMknodPath(vm, path) < 0)
+ if (qemuDomainNamespaceMknodPaths(vm, (const char **) paths) < 0)
return -1;
return 0;
--
2.26.2