Re: [libvirt] [PATCH 5/5] qemu: add support for sending QEMU stdout/stderr to virtlogd
On Wed, Nov 04, 2015 at 09:17:00AM +0100, Peter Krempa wrote:
On Tue, Nov 03, 2015 at 16:04:24 +0000, Daniel Berrange wrote:
> Currently the QEMU stdout/stderr streams are written directly to
> a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those
> can be rotated by logrotate (using copytruncate option) this is
> not very efficient. It also leaves open a window of opportunity
> for a compromised/broken QEMU to DOS the host filesystem by
> writing lots of text to stdout/stderr.
>
> This makes it possible to connect the stdout/stderr file handles
> to a pipe that is provided by virtlogd. The virtlogd daemon will
> read from this pipe and write data to the log file, performing
> file rotation whenever a pre-determined size limit is reached.
>
> Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
> ---
> cfg.mk | 2 +-
> src/qemu/libvirtd_qemu.aug | 1 +
> src/qemu/qemu.conf | 15 +++++++++++++
> src/qemu/qemu_conf.c | 18 ++++++++++++++++
> src/qemu/qemu_conf.h | 1 +
> src/qemu/qemu_domain.c | 43 +++++++++++++++++++++++++++++++-------
> src/qemu/qemu_process.c | 42 +++++++++++++++++++++----------------
> src/qemu/test_libvirtd_qemu.aug.in | 1 +
> 8 files changed, 96 insertions(+), 27 deletions(-)
>
[...]
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index f744419..e72ca20 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -4774,7 +4774,10 @@ int qemuProcessStart(virConnectPtr conn,
>
> qemuDomainObjCheckTaint(driver, vm, logfile);
>
> - if ((pos = lseek(logfile, 0, SEEK_END)) < 0)
> + /* When using logd, the logfile FD is a pipe which is
> + * not seekable... */
> + if (!cfg->stdioLogD &&
> + (pos = lseek(logfile, 0, SEEK_END)) < 0)
> VIR_WARN("Unable to seek to end of logfile: %s",
> virStrerror(errno, ebuf, sizeof(ebuf)));
This will break the code that is in place to read the qemu log file in
case of a early qemu startup failure so that we can report a semi-useful
error message.
Ohh, yes, I should have known this was useful for something really :-)
Additionally in case where you don't use QMP and qemu does not
support
chardev info retrieval, this will also break the lookup of the PTYs for
serials/parallels/channels. As a solution here I'd rather see that we
drop support for such old qemus finally and not have to care about it
any more.
So this relies on the 'info chardev' command which was added in:
commit 5ccfae10a79e52654c9edc68da6d05f29466b4f9
Author: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
Date: Fri Oct 31 17:31:29 2008 +0000
Implement "info chardev" command. (Gerd Hoffmann)
This is QEMU v1.0 or later. Given that it is 7 years old, I think we
are justified in raising our min QEMU version to 1.0. There's probably
a fair bit of other cruft we'll kill by doing this.
We probably need a set of APIs here, that will allow you to mark a
place
in the logfile and a second API that will allow to retrieve the data
between the marker and the end.
Yeah, I'll investigate this.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|