6:51 a.m.
Wire up logging of VM taintint to the QEMU driver
- If running QEMU as root user/group or without capabilities
being cleared
- If passing custom QEMU command line args
- If issuing custom QEMU monitor commands
- If using a network interface config with an associated
shell script
- If using a disk config relying on format probing
The warnings, per-VM appear in the main libvirtd logs
11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2'
uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: high-privileges
11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2'
uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: disk-probing
The taint flags are reset when the VM is stopped.
* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Helper APIs
for logging taint warnings
* src/qemu/qemu_driver.c: Log tainting with custom QEMU monitor
commands and disk/net hotplug with unsupported configs
* src/qemu/qemu_process.c: Log tainting at startup based on
unsupported configs
---
src/qemu/qemu_domain.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_domain.h | 14 +++++++++-
src/qemu/qemu_driver.c | 8 ++---
src/qemu/qemu_process.c | 4 ++-
4 files changed, 82 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 3033ff5..938c063 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -33,6 +33,7 @@
#include "event.h"
#include "cpu/cpu.h"
#include "ignore-value.h"
+#include "uuid.h"
#include <sys/time.h>
@@ -742,3 +743,65 @@ cleanup:
virCPUDefFree(cpu);
return ret;
}
+
+void qemuDomainObjTaint(struct qemud_driver *driver ATTRIBUTE_UNUSED,
+ virDomainObjPtr obj,
+ enum virDomainTaintFlags taint)
+{
+ if (virDomainObjTaint(obj, taint)) {
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ virUUIDFormat(obj->def->uuid, uuidstr);
+
+ VIR_WARN("Domain id=%d name='%s' uuid=%s is tainted: %s",
+ obj->def->id,
+ obj->def->name,
+ uuidstr,
+ virDomainTaintTypeToString(taint));
+ }
+}
+
+
+void qemuDomainObjCheckTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj)
+{
+ int i;
+
+ if (!driver->clearEmulatorCapabilities ||
+ driver->user == 0 ||
+ driver->group == 0)
+ qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
+
+ if (obj->def->namespaceData) {
+ qemuDomainCmdlineDefPtr qemucmd = obj->def->namespaceData;
+ if (qemucmd->num_args || qemucmd->num_env)
+ qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_CUSTOM_ARGV);
+ }
+
+ for (i = 0 ; i < obj->def->ndisks ; i++)
+ qemuDomainObjCheckDiskTaint(driver, obj, obj->def->disks[i]);
+
+ for (i = 0 ; i < obj->def->nnets ; i++)
+ qemuDomainObjCheckNetTaint(driver, obj, obj->def->nets[i]);
+}
+
+
+void qemuDomainObjCheckDiskTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj,
+ virDomainDiskDefPtr disk)
+{
+ if (!disk->driverType &&
+ driver->allowDiskFormatProbing)
+ qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_DISK_PROBING);
+}
+
+
+void qemuDomainObjCheckNetTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj,
+ virDomainNetDefPtr net)
+{
+ if ((net->type == VIR_DOMAIN_NET_TYPE_ETHERNET &&
+ net->data.ethernet.script != NULL) ||
+ (net->type == VIR_DOMAIN_NET_TYPE_BRIDGE &&
+ net->data.bridge.script != NULL))
+ qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS);
+}
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index b0ecc5a..9f454f8 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -70,7 +70,6 @@ struct _qemuDomainObjPrivate {
qemuMonitorPtr mon;
virDomainChrSourceDefPtr monConfig;
int monJSON;
- int monitor_warned;
bool gotShutdown;
int nvcpupids;
@@ -116,4 +115,17 @@ char *qemuDomainFormatXML(struct qemud_driver *driver,
virDomainObjPtr vm,
int flags);
+void qemuDomainObjTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj,
+ enum virDomainTaintFlags taint);
+
+void qemuDomainObjCheckTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj);
+void qemuDomainObjCheckDiskTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj,
+ virDomainDiskDefPtr disk);
+void qemuDomainObjCheckNetTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj,
+ virDomainNetDefPtr net);
+
#endif /* __QEMU_DOMAIN_H__ */
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index dd89786..535a762 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3877,6 +3877,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
switch (dev->type) {
case VIR_DOMAIN_DEVICE_DISK:
+ qemuDomainObjCheckDiskTaint(driver, vm, dev->data.disk);
ret = qemuDomainAttachDeviceDiskLive(driver, vm, dev);
if (!ret)
dev->data.disk = NULL;
@@ -3889,6 +3890,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
break;
case VIR_DOMAIN_DEVICE_NET:
+ qemuDomainObjCheckNetTaint(driver, vm, dev->data.net);
ret = qemuDomainAttachNetDevice(dom->conn, driver, vm,
dev->data.net);
if (!ret)
@@ -6982,11 +6984,7 @@ static int qemuDomainMonitorCommand(virDomainPtr domain, const char
*cmd,
priv = vm->privateData;
- if (!priv->monitor_warned) {
- VIR_INFO("Qemu monitor command '%s' executed; libvirt results may be
unpredictable!",
- cmd);
- priv->monitor_warned = 1;
- }
+ qemuDomainObjTaint(driver, vm, VIR_DOMAIN_TAINT_CUSTOM_MONITOR);
hmp = !!(flags & VIR_DOMAIN_QEMU_MONITOR_COMMAND_HMP);
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 3460000..573336d 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2229,7 +2229,6 @@ int qemuProcessStart(virConnectPtr conn,
#endif
priv->monJSON = 0;
- priv->monitor_warned = 0;
priv->gotShutdown = false;
if ((ret = virFileDeletePid(driver->stateDir, vm->def->name)) != 0) {
@@ -2316,6 +2315,8 @@ int qemuProcessStart(virConnectPtr conn,
virCommandWriteArgLog(cmd, logfile);
+ qemuDomainObjCheckTaint(driver, vm);
+
if ((pos = lseek(logfile, 0, SEEK_END)) < 0)
VIR_WARN("Unable to seek to end of logfile: %s",
virStrerror(errno, ebuf, sizeof ebuf));
@@ -2595,6 +2596,7 @@ retry:
qemuProcessReturnPort(driver,
vm->def->graphics[0]->data.spice.tlsPort);
}
+ vm->taint = 0;
vm->pid = -1;
vm->def->id = -1;
vm->state = VIR_DOMAIN_SHUTOFF;
--
1.7.4.4