Given how intrusive previous patches are, it might happen that
there's a bug or imperfection. Lets give users a way out: if they
set 'namespaces' to an empty array in qemu.conf the feature is
suppressed.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 8 ++++++++
src/qemu/qemu_conf.c | 33 +++++++++++++++++++++++++++++++++
src/qemu/qemu_conf.h | 2 ++
src/qemu/qemu_domain.c | 3 ++-
src/qemu/test_libvirtd_qemu.aug.in | 3 +++
6 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index f3cc9e684..de723b254 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -70,6 +70,7 @@ module Libvirtd_qemu =
| str_array_entry "cgroup_controllers"
| str_array_entry "cgroup_device_acl"
| int_entry "seccomp_sandbox"
+ | str_array_entry "namespaces"
let save_entry = str_entry "save_image_format"
| str_entry "dump_image_format"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 2b2bd6031..a8cd369cb 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -665,3 +665,11 @@
# Defaults to 4
#
#gluster_debug_level = 9
+
+# To enhance security, QEMU driver is capable of creating private namespaces
+# for each domain started. Well, so far only "mount" namespace is supported.
If
+# enabled it means qemu process is unable to see all the devices on the system,
+# only those configured for the domain in question. Libvirt then manages
+# devices entries throughout the domain lifetime. This namespace is turned on
+# by default.
+#namespaces = [ "mount" ]
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index ccefbe890..d8b8ce8df 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -314,6 +314,12 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
cfg->glusterDebugLevel = 4;
cfg->stdioLogD = true;
+ if (!(cfg->namespaces = virBitmapNew(QEMU_DOMAIN_NS_LAST)))
+ goto error;
+
+ if (virBitmapSetBit(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) < 0)
+ goto error;
+
#ifdef DEFAULT_LOADER_NVRAM
if (virFirmwareParseList(DEFAULT_LOADER_NVRAM,
&cfg->firmwares,
@@ -349,6 +355,7 @@ static void virQEMUDriverConfigDispose(void *obj)
{
virQEMUDriverConfigPtr cfg = obj;
+ virBitmapFree(cfg->namespaces);
virStringListFree(cfg->cgroupDeviceACL);
@@ -433,6 +440,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
char **hugetlbfs = NULL;
char **nvram = NULL;
char *corestr = NULL;
+ char **namespaces = NULL;
/* Just check the file is readable before opening it, otherwise
* libvirt emits an error.
@@ -798,6 +806,31 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
if (virConfGetValueUInt(conf, "gluster_debug_level",
&cfg->glusterDebugLevel) < 0)
goto cleanup;
+ if (virConfGetValueStringList(conf, "namespaces", false, &namespaces)
< 0)
+ goto cleanup;
+
+ if (namespaces) {
+ virBitmapClearAll(cfg->namespaces);
+
+ for (i = 0; namespaces[i]; i++) {
+ int ns = qemuDomainNamespaceTypeFromString(namespaces[i]);
+
+ if (ns < 0) {
+ virReportError(VIR_ERR_CONF_SYNTAX,
+ _("Unknown namespace: %s"),
+ namespaces[i]);
+ goto cleanup;
+ }
+
+ if (virBitmapSetBit(cfg->namespaces, ns) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to enable namespace: %s"),
+ namespaces[i]);
+ goto cleanup;
+ }
+ }
+ }
+
ret = 0;
cleanup:
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index f6e325760..5ea5923dc 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -90,6 +90,8 @@ struct _virQEMUDriverConfig {
gid_t group;
bool dynamicOwnership;
+ virBitmapPtr namespaces;
+
int cgroupControllers;
char **cgroupDeviceACL;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a5dc7bbd2..0308170e7 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -7311,7 +7311,8 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver,
char *devPath = NULL;
char *devptsPath = NULL;
- if (!virQEMUDriverIsPrivileged(driver)) {
+ if (!virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) ||
+ !virQEMUDriverIsPrivileged(driver)) {
ret = 0;
goto cleanup;
}
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index f586e956d..a749f0900 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -91,3 +91,6 @@ module Test_libvirtd_qemu =
}
{ "stdio_handler" = "logd" }
{ "gluster_debug_level" = "9" }
+{ "namespaces"
+ { "1" = "mount" }
+}
--
2.11.0