7:37 a.m.
Not everybody is going to use the new virUdevMgr module. Some
users have their own set of udev rules and they don't need
libvirt to step in that area. Lets give users choice to enable or
disable this feature.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 5 +++++
src/qemu/qemu_conf.c | 3 +++
src/qemu/qemu_conf.h | 5 +++++
src/qemu/qemu_driver.c | 8 ++++++++
src/qemu/test_libvirtd_qemu.aug.in | 1 +
6 files changed, 23 insertions(+)
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 73ebeda..08e0803 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -70,6 +70,7 @@ module Libvirtd_qemu =
| str_array_entry "cgroup_controllers"
| str_array_entry "cgroup_device_acl"
| int_entry "seccomp_sandbox"
+ | bool_entry "write_udev"
let save_entry = str_entry "save_image_format"
| str_entry "dump_image_format"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index c4fcb6d..a34975a 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -293,6 +293,11 @@
# guests will be blocked. Defaults to 0.
#security_require_confined = 1
+# In order to avoid races between libvirt and udev who also changes security
+# labels on devices, libvirt can let know what devices belong a domain managed
+# by libvirt and thus reason udev to not mangle security labels.
+#write_udev = 1
+
# The user for QEMU processes run by the system instance. It can be
# specified as a user name or as a user id. The qemu driver will try to
# parse this value first as a name and then, if the name doesn't exist,
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 109668b..c0be670 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -795,6 +795,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
}
}
+ if (virConfGetValueBool(conf, "write_udev", &cfg->writeUdev) <
0)
+ goto cleanup;
+
ret = 0;
cleanup:
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 12b2661..b42eea7 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -192,6 +192,8 @@ struct _virQEMUDriverConfig {
virFirmwarePtr *firmwares;
size_t nfirmwares;
+
+ bool writeUdev;
};
/* Main driver state */
@@ -269,6 +271,9 @@ struct _virQEMUDriver {
/* Immutable pointer, self-locking APIs */
virHashAtomicPtr migrationErrors;
+
+ /* Immutable pointer, self-locking APIs*/
+ virUdevMgrPtr udevMgr;
};
typedef struct _qemuDomainCmdlineDef qemuDomainCmdlineDef;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3a51826..7dbbc25 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -378,6 +378,10 @@ qemuSecurityInit(virQEMUDriverPtr driver)
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
unsigned int flags = 0;
+ if (cfg->writeUdev &&
+ !(driver->udevMgr = virUdevMgrNew()))
+ goto error;
+
if (cfg->allowDiskFormatProbing)
flags |= VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE;
if (cfg->securityDefaultConfined)
@@ -395,6 +399,7 @@ qemuSecurityInit(virQEMUDriverPtr driver)
QEMU_DRIVER_NAME,
flags)))
goto error;
+ virSecurityManagerSetUdevManager(mgr, driver->udevMgr);
if (!stack) {
if (!(stack = virSecurityManagerNewStack(mgr)))
goto error;
@@ -410,6 +415,7 @@ qemuSecurityInit(virQEMUDriverPtr driver)
QEMU_DRIVER_NAME,
flags)))
goto error;
+ virSecurityManagerSetUdevManager(mgr, driver->udevMgr);
if (!(stack = virSecurityManagerNewStack(mgr)))
goto error;
mgr = NULL;
@@ -424,6 +430,7 @@ qemuSecurityInit(virQEMUDriverPtr driver)
flags,
qemuSecurityChownCallback)))
goto error;
+ virSecurityManagerSetUdevManager(mgr, driver->udevMgr);
if (!stack) {
if (!(stack = virSecurityManagerNewStack(mgr)))
goto error;
@@ -1091,6 +1098,7 @@ qemuStateCleanup(void)
VIR_FREE(qemu_driver->qemuImgBinary);
virObjectUnref(qemu_driver->securityManager);
+ virObjectUnref(qemu_driver->udevMgr);
ebtablesContextFree(qemu_driver->ebtables);
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 805fa0e..112f343 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -33,6 +33,7 @@ module Test_libvirtd_qemu =
{ "security_driver" = "selinux" }
{ "security_default_confined" = "1" }
{ "security_require_confined" = "1" }
+{ "write_udev" = "1" }
{ "user" = "root" }
{ "group" = "root" }
{ "dynamic_ownership" = "1" }
--
2.8.4