4:32 a.m.
The terms "whitelist" / "blacklist" perpetuate the notion that
white is good and black is bad[1]. Their usage is trivially
eliminated from libvirt with a variety of alternative terms.
The replacements are more applicable to the usage context in
most cases. The only exceptions are
• Libvirt needs to keep "seccomp-blacklist" back compat for
running guest capabilities on upgrade
• kmod uses "blacklist" for modprobe config file key
The terms "master" / "slave" have inescapable historical context
that makes them a bad choice for metaphors in software[1]. Again
there are a variety of alternatives that can be used, many of which
are more applicable to the usage context. Eliminating all usage
though is not practical, due to libvirt's need to interface with
external systems, where the terminology is part of the formal API.
The unfixable exceptions are:
• Libvirt uses slave=NNN master=NNN in XML schema for FreeBSD nmdm devs
• Linux kernel sysfs uses "slave_$NIC" for bonding NIC members
• Linux kernel mount options MS_SLAVE for mount propagation
• QEMU uses "slave" in many device/property names
• Jenkins website calls the libvirt plugin "libvirt-slave"
• VirtualBox uses 'Slave' in many config file attributes
Note, this doesn't attempt to remove cases of the word "master" which
are used in isolation, only those paired with usage of the word "slave".
Remaining usage of "master" needs evaluating, as some of these contexts
are none the less implicitly associated with the "master/slave" concept.
Nothing in the po/ directory is updated. This will be updated when
we refresh translations at time of freeze.
There should be no functional change in any of these patches with the
exception of the patch tweaking matching for NICs in the interface
driver.
[1] There are many docs on the web covering this in detail, with
one fairly clear description being:
https://tools.ietf.org/id/draft-knodel-terminology-00.html
Daniel P. Berrangé (23):
scripts: remove use of the term 'whitelist' from build helpers
rpc: remove use of the term 'whitelist' from RPC code
cgroup: remove use of the term 'whitelist' from cgroup code
qemu: remove use of the terms 'whitelist' and 'blacklist' from CPU
code
qemu: remove use of the term 'blacklist' in seccomp capability
util: use short form -g arg to scsi_id
docs: remove use of the term 'whitelist' from documentation
util: rename method to virKModIsProhibited
nodedev: remove use of the term 'blacklist' from enumeration code
build: remove use of the term 'blacklist' from helper files
src: remove use of the term 'whitelist' from remaining code
interface: use a constant for the sysfs bond device file prefix
interface: remove most use of the term 'slave' from bonding code
docs: remove use of the term 'enslaved' wrt tap & bridge devices
tools: remove use of the term 'slave' in code dealing with bridges
util: remove use of the terms 'master' and 'slave' in PTY code
qemu: remove use of the terms 'master' and 'slave' when iterating CPUs
lxc: remove use of the terms 'master' and 'slave' in PTY setup
docs: update link to the libvirt jenkins plugin
docs: remove use of the term 'slave' in Jenkins agent docs
conf: remove use of the terms 'master' and 'slave' in mndm config
lxc: replace use of term 'slave' filesystem mount setup
build: add syntax-check rules for undesirable terms
build-aux/syntax-check.mk | 18 ++++-
docs/apps.html.in | 6 +-
docs/drvqemu.html.in | 12 ++--
docs/firewall.html.in | 6 +-
docs/formatdomain.html.in | 4 +-
docs/internals/rpc.html.in | 9 +--
docs/kbase/qemu-passthrough-security.rst | 3 +-
docs/schemas/interface.rng | 2 +-
m4/virt-compile-warnings.m4 | 2 +-
scripts/check-aclrules.py | 8 +--
scripts/check-file-access.py | 16 ++---
scripts/mock-noinline.py | 1 -
src/bhyve/bhyve_driver.c | 2 +-
src/bhyve/bhyve_parse_command.c | 20 +++---
src/conf/domain_conf.c | 24 +++----
src/conf/domain_conf.h | 4 +-
src/interface/interface_backend_udev.c | 65 +++++++++----------
src/libvirt.c | 2 +-
src/libvirt_private.syms | 2 +-
src/lxc/lxc_cgroup.c | 2 +-
src/lxc/lxc_controller.c | 20 +++---
src/node_device/node_device_udev.c | 6 +-
src/qemu/qemu.conf | 4 +-
src/qemu/qemu_capabilities.c | 22 +++----
src/qemu/qemu_capabilities.h | 6 +-
src/qemu/qemu_cgroup.c | 2 +-
src/qemu/qemu_command.c | 6 +-
src/qemu/qemu_conf.c | 4 +-
src/qemu/qemu_domain.c | 10 ++-
src/qemu/qemu_monitor.c | 46 ++++++-------
src/remote/libvirtd.conf.in | 6 +-
src/remote/remote_daemon_dispatch.c | 4 +-
src/rpc/gendispatch.pl | 2 +-
src/rpc/virnetsaslcontext.c | 10 +--
src/rpc/virnetsaslcontext.h | 2 +-
src/rpc/virnettlscontext.c | 32 ++++-----
src/rpc/virnettlscontext.h | 4 +-
src/util/vircgroup.c | 2 +-
src/util/virfile.c | 42 ++++++------
src/util/virkmod.c | 24 +++----
src/util/virkmod.h | 2 +-
src/util/virnetdevtap.c | 2 +-
src/util/virpci.c | 4 +-
src/util/virprocess.c | 2 +-
src/util/virstoragefile.c | 4 +-
src/vbox/vbox_common.c | 4 +-
tests/Makefile.am | 4 +-
...hitelist.txt => permitted_file_access.txt} | 6 +-
.../caps_2.11.0.s390x.xml | 2 +-
.../caps_2.11.0.x86_64.xml | 2 +-
.../caps_2.12.0.aarch64.xml | 2 +-
.../caps_2.12.0.ppc64.xml | 2 +-
.../caps_2.12.0.s390x.xml | 2 +-
.../caps_2.12.0.x86_64.xml | 2 +-
.../qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 2 +-
.../caps_3.0.0.riscv32.xml | 2 +-
.../caps_3.0.0.riscv64.xml | 2 +-
.../qemucapabilitiesdata/caps_3.0.0.s390x.xml | 2 +-
.../caps_3.0.0.x86_64.xml | 2 +-
.../qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 2 +-
.../caps_3.1.0.x86_64.xml | 2 +-
.../caps_4.0.0.aarch64.xml | 2 +-
.../qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 2 +-
.../caps_4.0.0.riscv32.xml | 2 +-
.../caps_4.0.0.riscv64.xml | 2 +-
.../qemucapabilitiesdata/caps_4.0.0.s390x.xml | 2 +-
.../caps_4.0.0.x86_64.xml | 2 +-
.../caps_4.1.0.x86_64.xml | 2 +-
.../caps_4.2.0.aarch64.xml | 2 +-
.../qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 2 +-
.../qemucapabilitiesdata/caps_4.2.0.s390x.xml | 2 +-
.../caps_4.2.0.x86_64.xml | 2 +-
.../caps_5.0.0.aarch64.xml | 2 +-
.../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 2 +-
.../caps_5.0.0.riscv64.xml | 2 +-
.../caps_5.0.0.x86_64.xml | 2 +-
.../caps_5.1.0.x86_64.xml | 2 +-
.../qemustatusxml2xmldata/backup-pull-in.xml | 2 +-
.../blockjob-blockdev-in.xml | 2 +-
tests/qemuxml2argvtest.c | 2 +-
tests/virconfdata/libvirtd.conf | 6 +-
tests/virconfdata/libvirtd.out | 6 +-
tools/virsh-interface.c | 16 ++---
83 files changed, 301 insertions(+), 281 deletions(-)
rename tests/{file_access_whitelist.txt => permitted_file_access.txt} (82%)
--
2.24.1
4:32 a.m.
New subject: [libvirt PATCH 01/23] scripts: remove use of the term 'whitelist' from build helpers
The term "permitted list" is a better choice for the filtering
logic applied.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
scripts/check-aclrules.py | 8 ++++----
scripts/check-file-access.py | 16 ++++++++--------
scripts/mock-noinline.py | 1 -
tests/Makefile.am | 4 ++--
...s_whitelist.txt => permitted_file_access.txt} | 6 +++---
5 files changed, 17 insertions(+), 18 deletions(-)
rename tests/{file_access_whitelist.txt => permitted_file_access.txt} (82%)
diff --git a/scripts/check-aclrules.py b/scripts/check-aclrules.py
index a1fa473174..2335e8cfdd 100755
--- a/scripts/check-aclrules.py
+++ b/scripts/check-aclrules.py
@@ -35,7 +35,7 @@
import re
import sys
-whitelist = {
+permitted = {
"connectClose": True,
"connectIsEncrypted": True,
"connectIsSecure": True,
@@ -58,7 +58,7 @@ whitelist = {
# XXX this vzDomainMigrateConfirm3Params looks
# bogus - determine why it doesn't have a valid
# ACL check.
-implwhitelist = {
+implpermitted = {
"vzDomainMigrateConfirm3Params": True,
}
@@ -230,8 +230,8 @@ def process_file(filename):
api not in ["no", "name"] and
table != "virStateDriver"):
if (impl not in acls and
- api not in whitelist and
- impl not in implwhitelist):
+ api not in permitted and
+ impl not in implpermitted):
print(("%s:%d Missing ACL check in " +
"function '%s' for '%s'") %
(filename, lineno, impl, api),
diff --git a/scripts/check-file-access.py b/scripts/check-file-access.py
index dd39de2d79..aa120cafac 100755
--- a/scripts/check-file-access.py
+++ b/scripts/check-file-access.py
@@ -25,16 +25,16 @@ import re
import sys
if len(sys.argv) != 3:
- print("syntax: %s ACCESS-FILE ACCESS-WHITELIST")
+ print("syntax: %s ACCESS-FILE PERMITTED-ACCESS-FILE")
sys.exit(1)
access_file = sys.argv[1]
-whitelist_file = sys.argv[2]
+permitted_file = sys.argv[2]
known_actions = ["open", "fopen", "access",
"stat", "lstat", "connect"]
files = []
-whitelist = []
+permitted = []
with open(access_file, "r") as fh:
for line in fh:
@@ -52,7 +52,7 @@ with open(access_file, "r") as fh:
else:
raise Exception("Malformed line %s" % line)
-with open(whitelist_file, "r") as fh:
+with open(permitted_file, "r") as fh:
for line in fh:
line = line.rstrip("\n")
@@ -70,7 +70,7 @@ with open(whitelist_file, "r") as fh:
"progname": m.group(4),
"testname": m.group(6),
}
- whitelist.append(rec)
+ permitted.append(rec)
else:
m =
re.search(r'''^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$''', line)
if m is not None:
@@ -81,18 +81,18 @@ with open(whitelist_file, "r") as fh:
"progname": m.group(3),
"testname": m.group(5),
}
- whitelist.append(rec)
+ permitted.append(rec)
else:
raise Exception("Malformed line %s" % line)
-# Now we should check if %traces is included in $whitelist. For
+# Now we should check if %traces is included in $permitted. For
# now checking just keys is sufficient
err = False
for file in files:
match = False
- for rule in whitelist:
+ for rule in permitted:
if not re.match("^" + rule["path"] + "$",
file["path"]):
continue
diff --git a/scripts/mock-noinline.py b/scripts/mock-noinline.py
index 4fc60c0be3..a8b7680c11 100644
--- a/scripts/mock-noinline.py
+++ b/scripts/mock-noinline.py
@@ -23,7 +23,6 @@ noninlined = {}
mocked = {}
# Functions in public header don't get the noinline annotation
-# so whitelist them here
noninlined["virEventAddTimeout"] = True
# This one confuses the script as its defined in the mock file
# but is actually just a local helper
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 3505c40f42..65d1ceeefd 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -458,14 +458,14 @@ check-access: file-access-clean
VIR_TEST_FILE_ACCESS=1 $(MAKE) $(AM_MAKEFLAGS) check
$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/check-file-access.py \
$(abs_builddir)/test_file_access.txt \
- $(abs_srcdir)/file_access_whitelist.txt | sort -u
+ $(abs_srcdir)/permitted_file_access.txt | sort -u
file-access-clean:
test_file_access.txt
endif WITH_LINUX
EXTRA_DIST += \
- file_access_whitelist.txt
+ permitted_file_access.txt
if WITH_TESTS
noinst_PROGRAMS = $(test_programs) $(test_helpers)
diff --git a/tests/file_access_whitelist.txt b/tests/permitted_file_access.txt
similarity index 82%
rename from tests/file_access_whitelist.txt
rename to tests/permitted_file_access.txt
index 5ec7ee63bb..52292d56be 100644
--- a/tests/file_access_whitelist.txt
+++ b/tests/permitted_file_access.txt
@@ -1,6 +1,6 @@
-# This is a whitelist that allows accesses to files not in our
-# build directory nor source directory. The records are in the
-# following formats:
+# This is a list of files not in our build directory nor source
+# directory which are permitted to be accessed by tests. The
+# records are in the following formats:
#
# $path: $progname: $testname
# $path: $action: $progname: $testname
--
2.24.1
5:02 a.m.
New subject: [libvirt PATCH 01/23] scripts: remove use of the term 'whitelist' from build helpers
On Fri, Jun 19, 2020 at 10:32:38 +0100, Daniel Berrange wrote:
The term "permitted list" is a better choice for the
filtering
logic applied.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
scripts/check-aclrules.py | 8 ++++----
scripts/check-file-access.py | 16 ++++++++--------
scripts/mock-noinline.py | 1 -
tests/Makefile.am | 4 ++--
...s_whitelist.txt => permitted_file_access.txt} | 6 +++---
5 files changed, 17 insertions(+), 18 deletions(-)
rename tests/{file_access_whitelist.txt => permitted_file_access.txt} (82%)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 02/23] rpc: remove use of the term 'whitelist' from RPC code
The term "access control list" better describes the concept involved.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/internals/rpc.html.in | 9 ++++----
src/remote/libvirtd.conf.in | 6 +++---
src/remote/remote_daemon_dispatch.c | 4 ++--
src/rpc/virnetsaslcontext.c | 10 ++++-----
src/rpc/virnetsaslcontext.h | 2 +-
src/rpc/virnettlscontext.c | 32 ++++++++++++++---------------
src/rpc/virnettlscontext.h | 4 ++--
tests/virconfdata/libvirtd.conf | 6 +++---
tests/virconfdata/libvirtd.out | 6 +++---
9 files changed, 40 insertions(+), 39 deletions(-)
diff --git a/docs/internals/rpc.html.in b/docs/internals/rpc.html.in
index 40d844f31c..129945bf1c 100644
--- a/docs/internals/rpc.html.in
+++ b/docs/internals/rpc.html.in
@@ -447,7 +447,8 @@ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S
(reply)
<dt><code>virNetSASLContextPtr</code>
(virnetsaslcontext.h)</dt>
<dd>The virNetSASLContext APIs maintain SASL state for a network
service (server or client). This is primarily used on the server
- to provide a whitelist of allowed SASL usernames for clients.
+ to provide an access control list of SASL usernames permitted as
+ clients.
</dd>
<dt><code>virNetSASLSessionPtr</code>
(virnetsaslcontext.h)</dt>
@@ -460,7 +461,7 @@ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S
(reply)
<dt><code>virNetTLSContextPtr</code>
(virnettlscontext.h)</dt>
<dd>The virNetTLSContext APIs maintain TLS state for a network
service (server or client). This is primarily used on the server
- to provide a whitelist of allowed x509 distinguished names, as
+ to provide an access control list of x509 distinguished names, as
well as diffie-hellman keys. It can also do validation of
x509 certificates prior to initiating a connection, in order
to improve detection of configuration errors.
@@ -760,8 +761,8 @@ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S
(reply)
next step is to decode the RPC header. The header is validated to
ensure the request is sensible, ie the server should not receive a
method reply from a client. If the client has not yet authenticated,
- a security check is also applied to make sure the procedure is on the
- whitelist of those allowed prior to auth. If the packet is a method
+ an access control list check is also performed to make sure the procedure
+ is one of those allowed prior to auth. If the packet is a method
call, it will be placed on a global processing queue. The event loop
thread is now done with the packet for the time being.
</p>
diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in
index 34741183cc..2607fbad86 100644
--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@@ -253,11 +253,11 @@
# will be rejected.
#
# Default is to always verify. Uncommenting this will disable
-# verification - make sure an IP whitelist is set
+# verification.
#tls_no_verify_certificate = 1
-# A whitelist of allowed x509 Distinguished Names
+# An access control list of allowed x509 Distinguished Names
# This list may contain wildcards such as
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
@@ -282,7 +282,7 @@
@END@
-# A whitelist of allowed SASL usernames. The format for username
+# An access control list of allowed SASL usernames. The format for username
# depends on the SASL authentication mechanism. Kerberos usernames
# look like username@REALM
#
diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c
index 831e7d165c..67b86cff78 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -3861,7 +3861,7 @@ remoteDispatchAuthSaslStart(virNetServerPtr server,
if (err == VIR_NET_SASL_CONTINUE) {
ret->complete = 0;
} else {
- /* Check username whitelist ACL */
+ /* Check username ACL */
if ((err = remoteSASLFinish(server, client)) < 0) {
if (err == -2)
goto authdeny;
@@ -3957,7 +3957,7 @@ remoteDispatchAuthSaslStep(virNetServerPtr server,
if (err == VIR_NET_SASL_CONTINUE) {
ret->complete = 0;
} else {
- /* Check username whitelist ACL */
+ /* Check username ACL */
if ((err = remoteSASLFinish(server, client)) < 0) {
if (err == -2)
goto authdeny;
diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c
index e7ed8f4390..9253771787 100644
--- a/src/rpc/virnetsaslcontext.c
+++ b/src/rpc/virnetsaslcontext.c
@@ -36,7 +36,7 @@ VIR_LOG_INIT("rpc.netsaslcontext");
struct _virNetSASLContext {
virObjectLockable parent;
- const char *const*usernameWhitelist;
+ const char *const *usernameACL;
};
struct _virNetSASLSession {
@@ -121,7 +121,7 @@ virNetSASLContextPtr virNetSASLContextNewClient(void)
return ctxt;
}
-virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitelist)
+virNetSASLContextPtr virNetSASLContextNewServer(const char *const *usernameACL)
{
virNetSASLContextPtr ctxt;
@@ -132,7 +132,7 @@ virNetSASLContextPtr virNetSASLContextNewServer(const char
*const*usernameWhitel
if (!(ctxt = virObjectLockableNew(virNetSASLContextClass)))
return NULL;
- ctxt->usernameWhitelist = usernameWhitelist;
+ ctxt->usernameACL = usernameACL;
return ctxt;
}
@@ -146,7 +146,7 @@ int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
virObjectLock(ctxt);
/* If the list is not set, allow any DN. */
- wildcards = ctxt->usernameWhitelist;
+ wildcards = ctxt->usernameACL;
if (!wildcards) {
ret = 1; /* No ACL, allow all */
goto cleanup;
@@ -162,7 +162,7 @@ int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
}
/* Denied */
- VIR_ERROR(_("SASL client identity '%s' not allowed in whitelist"),
identity);
+ VIR_ERROR(_("SASL client identity '%s' not allowed by ACL"),
identity);
/* This is the most common error: make it informative. */
virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
diff --git a/src/rpc/virnetsaslcontext.h b/src/rpc/virnetsaslcontext.h
index 4d1845e643..618230f42d 100644
--- a/src/rpc/virnetsaslcontext.h
+++ b/src/rpc/virnetsaslcontext.h
@@ -38,7 +38,7 @@ enum {
};
virNetSASLContextPtr virNetSASLContextNewClient(void);
-virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitelist);
+virNetSASLContextPtr virNetSASLContextNewServer(const char *const *usernameACL);
int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
const char *identity);
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index a8104cf484..168f3010ae 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -60,7 +60,7 @@ struct _virNetTLSContext {
bool isServer;
bool requireValidCert;
- const char *const*x509dnWhitelist;
+ const char *const *x509dnACL;
char *priority;
};
@@ -356,8 +356,8 @@ static int virNetTLSContextCheckCertKeyPurpose(gnutls_x509_crt_t
cert,
/* Check DN is on tls_allowed_dn_list. */
static int
-virNetTLSContextCheckCertDNWhitelist(const char *dname,
- const char *const*wildcards)
+virNetTLSContextCheckCertDNACL(const char *dname,
+ const char *const *wildcards)
{
while (*wildcards) {
if (g_pattern_match_simple(*wildcards, dname))
@@ -367,7 +367,7 @@ virNetTLSContextCheckCertDNWhitelist(const char *dname,
}
/* Log the client's DN for debugging */
- VIR_DEBUG("Failed whitelist check for client DN '%s'", dname);
+ VIR_DEBUG("Failed ACL check for client DN '%s'", dname);
/* This is the most common error: make it informative. */
virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
@@ -385,10 +385,10 @@ virNetTLSContextCheckCertDN(gnutls_x509_crt_t cert,
const char *certFile,
const char *hostname,
const char *dname,
- const char *const* whitelist)
+ const char *const *acl)
{
- if (whitelist && dname &&
- virNetTLSContextCheckCertDNWhitelist(dname, whitelist) <= 0)
+ if (acl && dname &&
+ virNetTLSContextCheckCertDNACL(dname, acl) <= 0)
return -1;
if (hostname &&
@@ -675,7 +675,7 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert,
const char *cacrl,
const char *cert,
const char *key,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert,
@@ -740,7 +740,7 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert,
}
ctxt->requireValidCert = requireValidCert;
- ctxt->x509dnWhitelist = x509dnWhitelist;
+ ctxt->x509dnACL = x509dnACL;
ctxt->isServer = isServer;
PROBE(RPC_TLS_CONTEXT_NEW,
@@ -855,7 +855,7 @@ static int virNetTLSContextLocateCredentials(const char *pkipath,
static virNetTLSContextPtr virNetTLSContextNewPath(const char *pkipath,
bool tryUserPkiPath,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert,
@@ -869,7 +869,7 @@ static virNetTLSContextPtr virNetTLSContextNewPath(const char
*pkipath,
return NULL;
ctxt = virNetTLSContextNew(cacert, cacrl, cert, key,
- x509dnWhitelist, priority, sanityCheckCert,
+ x509dnACL, priority, sanityCheckCert,
requireValidCert, isServer);
VIR_FREE(cacert);
@@ -882,12 +882,12 @@ static virNetTLSContextPtr virNetTLSContextNewPath(const char
*pkipath,
virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath,
bool tryUserPkiPath,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert)
{
- return virNetTLSContextNewPath(pkipath, tryUserPkiPath, x509dnWhitelist, priority,
+ return virNetTLSContextNewPath(pkipath, tryUserPkiPath, x509dnACL, priority,
sanityCheckCert, requireValidCert, true);
}
@@ -906,12 +906,12 @@ virNetTLSContextPtr virNetTLSContextNewServer(const char *cacert,
const char *cacrl,
const char *cert,
const char *key,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert)
{
- return virNetTLSContextNew(cacert, cacrl, cert, key, x509dnWhitelist, priority,
+ return virNetTLSContextNew(cacert, cacrl, cert, key, x509dnACL, priority,
sanityCheckCert, requireValidCert, true);
}
@@ -1063,7 +1063,7 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr
ctxt,
VIR_DEBUG("Peer DN is %s", dname);
if (virNetTLSContextCheckCertDN(cert, "[session]",
sess->hostname, dname,
- ctxt->x509dnWhitelist) < 0) {
+ ctxt->x509dnACL) < 0) {
gnutls_x509_crt_deinit(cert);
goto authdeny;
}
diff --git a/src/rpc/virnettlscontext.h b/src/rpc/virnettlscontext.h
index fe885aed9a..8ac84027b2 100644
--- a/src/rpc/virnettlscontext.h
+++ b/src/rpc/virnettlscontext.h
@@ -34,7 +34,7 @@ void virNetTLSInit(void);
virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath,
bool tryUserPkiPath,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert);
@@ -49,7 +49,7 @@ virNetTLSContextPtr virNetTLSContextNewServer(const char *cacert,
const char *cacrl,
const char *cert,
const char *key,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert);
diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.conf
index 791d6c972b..6d1fd33dcd 100644
--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@@ -174,11 +174,11 @@ crl_file = "/etc/pki/CA/crl.pem"
# will be rejected.
#
# Default is to always verify. Uncommenting this will disable
-# verification - make sure an IP whitelist is set
+# verification.
tls_no_verify_certificate = 1
-# A whitelist of allowed x509 Distinguished Names
+# An access control list of allowed x509 Distinguished Names
# This list may contain wildcards such as
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
@@ -194,7 +194,7 @@ tls_no_verify_certificate = 1
tls_allowed_dn_list = ["DN1", "DN2"]
-# A whitelist of allowed SASL usernames. The format for usernames
+# An access control list of allowed SASL usernames. The format for usernames
# depends on the SASL authentication mechanism. Kerberos usernames
# look like username@REALM
#
diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out
index cfdd23fd21..ce50480b8c 100644
--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@@ -140,9 +140,9 @@ crl_file = "/etc/pki/CA/crl.pem"
# will be rejected.
#
# Default is to always verify. Uncommenting this will disable
-# verification - make sure an IP whitelist is set
+# verification.
tls_no_verify_certificate = 1
-# A whitelist of allowed x509 Distinguished Names
+# An access control list of allowed x509 Distinguished Names
# This list may contain wildcards such as
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
@@ -156,7 +156,7 @@ tls_no_verify_certificate = 1
#
# By default, no DN's are checked
tls_allowed_dn_list = [ "DN1", "DN2" ]
-# A whitelist of allowed SASL usernames. The format for usernames
+# An access control list of allowed SASL usernames. The format for usernames
# depends on the SASL authentication mechanism. Kerberos usernames
# look like username@REALM
#
--
2.24.1
5:04 a.m.
New subject: [libvirt PATCH 02/23] rpc: remove use of the term 'whitelist' from RPC code
On Fri, Jun 19, 2020 at 10:32:39 +0100, Daniel Berrange wrote:
The term "access control list" better describes the concept
involved.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/internals/rpc.html.in | 9 ++++----
src/remote/libvirtd.conf.in | 6 +++---
src/remote/remote_daemon_dispatch.c | 4 ++--
src/rpc/virnetsaslcontext.c | 10 ++++-----
src/rpc/virnetsaslcontext.h | 2 +-
src/rpc/virnettlscontext.c | 32 ++++++++++++++---------------
src/rpc/virnettlscontext.h | 4 ++--
tests/virconfdata/libvirtd.conf | 6 +++---
tests/virconfdata/libvirtd.out | 6 +++---
9 files changed, 40 insertions(+), 39 deletions(-)
IMO this commit is changing too many places at the same time, but given
that RPC internals aren't really touched that often downstream I'm okay
with it in this instance.
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 03/23] cgroup: remove use of the term 'whitelist' from cgroup code
The term "access control list" better describes the concept involved.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/drvqemu.html.in | 12 ++++++------
docs/kbase/qemu-passthrough-security.rst | 3 ++-
src/lxc/lxc_cgroup.c | 2 +-
src/qemu/qemu.conf | 2 +-
src/qemu/qemu_cgroup.c | 2 +-
src/util/vircgroup.c | 2 +-
6 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in
index b6d731bb59..31d3fee213 100644
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -468,12 +468,12 @@ chmod o+x /path/to/directory
for resource management. It is implemented via a number of
"controllers",
each controller covering a specific task/functional area. One of the
available controllers is the "devices" controller, which is able to
- setup whitelists of block/character devices that a cgroup should be
- allowed to access. If the "devices" controller is mounted on a host,
- then libvirt will automatically create a dedicated cgroup for each
- QEMU virtual machine and setup the device whitelist so that the QEMU
- process can only access shared devices, and explicitly disks images
- backed by block devices.
+ setup access control lists of block/character devices that a cgroup
+ should be allowed to access. If the "devices" controller is mounted on a
+ host, then libvirt will automatically create a dedicated cgroup for each
+ QEMU virtual machine and setup the device access control list so that the
+ QEMU process can only access shared devices, and explicitly assigned disks
+ images backed by block devices.
</p>
<p>
diff --git a/docs/kbase/qemu-passthrough-security.rst
b/docs/kbase/qemu-passthrough-security.rst
index 5f761cbfcb..4381d9f3a6 100644
--- a/docs/kbase/qemu-passthrough-security.rst
+++ b/docs/kbase/qemu-passthrough-security.rst
@@ -110,7 +110,8 @@ Granting access per VM
policy on a per VM basis.
* Cgroups - a custom cgroup is created per VM and this will either use the
- ``devices`` controller or an ``BPF`` rule to whitelist a set of device nodes.
+ ``devices`` controller or an ``BPF`` rule to define an access control list
+ for the set of device nodes.
There is no way to change this policy on a per VM basis.
Disabling security protection per VM
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index e71f37d2b1..d13f2adde5 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -374,7 +374,7 @@ static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def,
return -1;
}
- VIR_DEBUG("Device whitelist complete");
+ VIR_DEBUG("Device ACL setup complete");
return 0;
}
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 404961c53e..f89dbd2c3a 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -464,7 +464,7 @@
# What cgroup controllers to make use of with QEMU guests
#
# - 'cpu' - use for scheduler tunables
-# - 'devices' - use for device whitelisting
+# - 'devices' - use for device access control
# - 'memory' - use for memory tunables
# - 'blkio' - use for block devices I/O tunables
# - 'cpuset' - use for CPUs and memory nodes
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index d92202f847..57c5b6e69b 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -745,7 +745,7 @@ qemuSetupDevicesCgroup(virDomainObjPtr vm)
if (rv < 0) {
if (virLastErrorIsSystemErrno(EPERM)) {
virResetLastError();
- VIR_WARN("Group devices ACL is not accessible, disabling
whitelisting");
+ VIR_WARN("Group devices ACL is not accessible, disabling
filtering");
return 0;
}
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index bb535df4f2..e20cc71c78 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -773,7 +773,7 @@ virCgroupSetPartitionSuffix(const char *path, char **res)
return ret;
for (i = 0; tokens[i] != NULL; i++) {
- /* Whitelist the 3 top level fixed dirs
+ /* Special case the 3 top level fixed dirs
* NB i == 0 is "", since we have leading '/'
*/
if (i == 1 &&
--
2.24.1
5:07 a.m.
New subject: [libvirt PATCH 03/23] cgroup: remove use of the term 'whitelist' from cgroup code
On Fri, Jun 19, 2020 at 10:32:40 +0100, Daniel Berrange wrote:
The term "access control list" better describes the concept
involved.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/drvqemu.html.in | 12 ++++++------
docs/kbase/qemu-passthrough-security.rst | 3 ++-
src/lxc/lxc_cgroup.c | 2 +-
src/qemu/qemu.conf | 2 +-
src/qemu/qemu_cgroup.c | 2 +-
src/util/vircgroup.c | 2 +-
6 files changed, 12 insertions(+), 11 deletions(-)
Preferably at least docs changes are kept separate.
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 04/23] qemu: remove use of the terms 'whitelist' and 'blacklist' from CPU code
When listing CPU models, we need to filter the data based on sets
of permitted and forbidden CPU models.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_capabilities.c | 18 +++++++++---------
src/qemu/qemu_capabilities.h | 4 ++--
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 484fff99e5..68fcbd3c4f 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -2256,8 +2256,8 @@ virQEMUCapsAddCPUDefinitions(virQEMUCapsPtr qemuCaps,
static virDomainCapsCPUModelsPtr
virQEMUCapsCPUDefsToModels(qemuMonitorCPUDefsPtr defs,
- const char **modelWhitelist,
- const char **modelBlacklist)
+ const char **modelAllowed,
+ const char **modelForbidden)
{
g_autoptr(virDomainCapsCPUModels) cpuModels = NULL;
size_t i;
@@ -2268,10 +2268,10 @@ virQEMUCapsCPUDefsToModels(qemuMonitorCPUDefsPtr defs,
for (i = 0; i < defs->ncpus; i++) {
qemuMonitorCPUDefInfoPtr cpu = defs->cpus + i;
- if (modelWhitelist && !virStringListHasString(modelWhitelist,
cpu->name))
+ if (modelAllowed && !virStringListHasString(modelAllowed, cpu->name))
continue;
- if (modelBlacklist && virStringListHasString(modelBlacklist,
cpu->name))
+ if (modelForbidden && virStringListHasString(modelForbidden,
cpu->name))
continue;
if (virDomainCapsCPUModelsAdd(cpuModels, cpu->name, cpu->usable,
@@ -2286,15 +2286,15 @@ virQEMUCapsCPUDefsToModels(qemuMonitorCPUDefsPtr defs,
virDomainCapsCPUModelsPtr
virQEMUCapsGetCPUModels(virQEMUCapsPtr qemuCaps,
virDomainVirtType type,
- const char **modelWhitelist,
- const char **modelBlacklist)
+ const char **modelAllowed,
+ const char **modelForbidden)
{
qemuMonitorCPUDefsPtr defs;
if (!(defs = virQEMUCapsGetAccel(qemuCaps, type)->cpuModels))
return NULL;
- return virQEMUCapsCPUDefsToModels(defs, modelWhitelist, modelBlacklist);
+ return virQEMUCapsCPUDefsToModels(defs, modelAllowed, modelForbidden);
}
@@ -5976,14 +5976,14 @@ virQEMUCapsFillDomainCPUCaps(virQEMUCapsPtr qemuCaps,
if (virQEMUCapsIsCPUModeSupported(qemuCaps, hostarch, domCaps->virttype,
VIR_CPU_MODE_CUSTOM,
domCaps->machine)) {
- const char *blacklist[] = { "host", NULL };
+ const char *forbidden[] = { "host", NULL };
VIR_AUTOSTRINGLIST models = NULL;
if (virCPUGetModels(domCaps->arch, &models) >= 0) {
domCaps->cpu.custom = virQEMUCapsGetCPUModels(qemuCaps,
domCaps->virttype,
(const char **)models,
- blacklist);
+ forbidden);
} else {
domCaps->cpu.custom = NULL;
}
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 92d42ed80b..ad93816d41 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -629,8 +629,8 @@ int virQEMUCapsAddCPUDefinitions(virQEMUCapsPtr qemuCaps,
virDomainCapsCPUUsable usable);
virDomainCapsCPUModelsPtr virQEMUCapsGetCPUModels(virQEMUCapsPtr qemuCaps,
virDomainVirtType type,
- const char **modelWhitelist,
- const char **modelBlacklist);
+ const char **modelAllowed,
+ const char **modelForbidden);
int virQEMUCapsFetchCPUModels(qemuMonitorPtr mon,
virArch arch,
virDomainCapsCPUModelsPtr *cpuModels);
--
2.24.1
5:09 a.m.
New subject: [libvirt PATCH 04/23] qemu: remove use of the terms 'whitelist' and 'blacklist' from CPU code
On Fri, Jun 19, 2020 at 10:32:41 +0100, Daniel Berrange wrote:
When listing CPU models, we need to filter the data based on sets
of permitted and forbidden CPU models.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_capabilities.c | 18 +++++++++---------
src/qemu/qemu_capabilities.h | 4 ++--
2 files changed, 11 insertions(+), 11 deletions(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in seccomp capability
The concept we're really testing for is whether QEMU supports
the seccomp syscall filter groups. We need to keep one place
using the old term to deal with upgrades from existing hosts
with running VMs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu.conf | 2 +-
src/qemu/qemu_capabilities.c | 4 ++--
src/qemu/qemu_capabilities.h | 2 +-
src/qemu/qemu_command.c | 4 ++--
src/qemu/qemu_domain.c | 10 +++++++---
tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 2 +-
tests/qemustatusxml2xmldata/backup-pull-in.xml | 2 +-
tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml | 2 +-
tests/qemuxml2argvtest.c | 2 +-
37 files changed, 45 insertions(+), 41 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index f89dbd2c3a..99b9ce53e5 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -704,7 +704,7 @@
# If it is unset (or -1), then seccomp will be enabled
# only if QEMU >= 2.11.0 is detected, otherwise it is
# left disabled. This ensures the default config gets
-# protection for new QEMU using the blacklist approach.
+# protection for new QEMU with filter groups.
#
#seccomp_sandbox = 1
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 68fcbd3c4f..310be800e2 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -468,7 +468,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
/* 285 */
"qcow2-luks",
"pcie-pci-bridge",
- "seccomp-blacklist",
+ "seccomp-filter-groups",
"query-cpus-fast",
"disk-write-cache",
@@ -3292,7 +3292,7 @@ static struct virQEMUCapsCommandLineProps virQEMUCapsCommandLine[] =
{
{ "vnc", "vnc", QEMU_CAPS_VNC_MULTI_SERVERS },
{ "chardev", "reconnect", QEMU_CAPS_CHARDEV_RECONNECT },
{ "sandbox", "enable", QEMU_CAPS_SECCOMP_SANDBOX },
- { "sandbox", "elevateprivileges", QEMU_CAPS_SECCOMP_BLACKLIST },
+ { "sandbox", "elevateprivileges", QEMU_CAPS_SECCOMP_FILTER_GROUPS
},
{ "chardev", "fd", QEMU_CAPS_CHARDEV_FD_PASS },
{ "overcommit", NULL, QEMU_CAPS_OVERCOMMIT },
{ "smp-opts", "dies", QEMU_CAPS_SMP_DIES },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index ad93816d41..0ee3e357cb 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -448,7 +448,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check
*/
/* 285 */
QEMU_CAPS_QCOW2_LUKS, /* qcow2 format support LUKS encryption */
QEMU_CAPS_DEVICE_PCIE_PCI_BRIDGE, /* -device pcie-pci-bridge */
- QEMU_CAPS_SECCOMP_BLACKLIST, /* -sandbox.elevateprivileges */
+ QEMU_CAPS_SECCOMP_FILTER_GROUPS, /* -sandbox.elevateprivileges */
QEMU_CAPS_QUERY_CPUS_FAST, /* query-cpus-fast command */
QEMU_CAPS_DISK_WRITE_CACHE, /* qemu block frontends support write-cache param */
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f27246b4c6..37113a433a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9517,8 +9517,8 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
return 0;
}
- /* Use blacklist by default if supported */
- if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_BLACKLIST)) {
+ /* Block undesirable syscall groups by default if supported */
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_FILTER_GROUPS)) {
virCommandAddArgList(cmd, "-sandbox",
"on,obsolete=deny,elevateprivileges=deny,"
"spawn=deny,resourcecontrol=deny",
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 72874ee4fd..56ec5c0352 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
if (str) {
int flag = virQEMUCapsTypeFromString(str);
if (flag < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Unknown qemu capabilities flag %s"),
str);
- goto error;
+ if (g_str_equal(str, "seccomp-blacklist")) {
+ flag = QEMU_CAPS_SECCOMP_FILTER_GROUPS;
+ } else {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unknown qemu capabilities flag %s"),
str);
+ goto error;
+ }
}
virQEMUCapsSet(qemuCaps, flag);
}
diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
index 0391f4b81e..9822f50827 100644
--- a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
@@ -99,7 +99,7 @@
<flag name='virtio-mouse-ccw'/>
<flag name='virtio-tablet-ccw'/>
<flag name='qcow2-luks'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
<flag name='pr-manager-helper'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
index 9eaafb4ba6..3e5e3b4ad3 100644
--- a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
@@ -173,7 +173,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
<flag name='pr-manager-helper'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
index a5d6dc3bef..3c5f8235fe 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
@@ -134,7 +134,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
index d1ed9f6e28..e5a02c382e 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
@@ -131,7 +131,7 @@
<flag name='machine.pseries.max-cpu-compat'/>
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
index cef6ebb9ad..238b05240c 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
@@ -99,7 +99,7 @@
<flag name='virtio-mouse-ccw'/>
<flag name='virtio-tablet-ccw'/>
<flag name='qcow2-luks'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
index 6d48699e3e..6011f2f4a2 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
@@ -170,7 +170,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
index e4a560bac5..a1643260ab 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
@@ -130,7 +130,7 @@
<flag name='machine.pseries.max-cpu-compat'/>
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml
b/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml
index 71f9b0c37f..6d1e3d8cd5 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml
@@ -75,7 +75,7 @@
<flag name='iscsi.password-secret'/>
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml
b/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml
index 279078d541..a6994acac3 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml
@@ -75,7 +75,7 @@
<flag name='iscsi.password-secret'/>
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml
b/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml
index f1ed34c612..4d80f9c6ba 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml
@@ -101,7 +101,7 @@
<flag name='virtio-mouse-ccw'/>
<flag name='virtio-tablet-ccw'/>
<flag name='qcow2-luks'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
index ae1836b28f..e31cb7c345 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
@@ -172,7 +172,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
index 0dc0393c22..d01de900c9 100644
--- a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
@@ -131,7 +131,7 @@
<flag name='machine.pseries.max-cpu-compat'/>
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml
index d4ff21fdac..177dedbfb5 100644
--- a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml
@@ -172,7 +172,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
index 404a39af03..7afec03c2f 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
@@ -135,7 +135,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
index cb0232173c..81ed3b58de 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
@@ -138,7 +138,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml
index 11475306f9..bfb38b6eae 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml
@@ -139,7 +139,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml
index 608590a35b..801a7c368e 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml
@@ -139,7 +139,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
index f4d20169e0..0be526ce7f 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
@@ -101,7 +101,7 @@
<flag name='virtio-mouse-ccw'/>
<flag name='virtio-tablet-ccw'/>
<flag name='qcow2-luks'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml
index 0e66a4c847..930f508048 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml
@@ -171,7 +171,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml
index f2d3902e6c..e1481979e8 100644
--- a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml
@@ -171,7 +171,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml
b/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml
index 98cee36669..bc643545ac 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml
@@ -137,7 +137,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml
index 70c826e0cf..ed3c865747 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml
@@ -138,7 +138,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml
b/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml
index 0b174ffeec..335a06d897 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml
@@ -101,7 +101,7 @@
<flag name='virtio-mouse-ccw'/>
<flag name='virtio-tablet-ccw'/>
<flag name='qcow2-luks'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml
index eaf71eb469..009536f0b4 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml
@@ -172,7 +172,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
index f2d691734f..b2f6e0ed30 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
@@ -139,7 +139,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
index b3f673b0f6..c9cb2c0639 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
@@ -140,7 +140,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
index 3119f6deb7..75c2fbfd54 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
@@ -139,7 +139,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
index 6d1c779272..a01395cf53 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
@@ -172,7 +172,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
index 26a7985add..7c36716d88 100644
--- a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
@@ -172,7 +172,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemustatusxml2xmldata/backup-pull-in.xml
b/tests/qemustatusxml2xmldata/backup-pull-in.xml
index 1db978a3ac..76d723cf76 100644
--- a/tests/qemustatusxml2xmldata/backup-pull-in.xml
+++ b/tests/qemustatusxml2xmldata/backup-pull-in.xml
@@ -189,7 +189,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml
b/tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml
index cc17a17ff4..a4d9d57666 100644
--- a/tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml
+++ b/tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml
@@ -189,7 +189,7 @@
<flag name='dump-completed'/>
<flag name='qcow2-luks'/>
<flag name='pcie-pci-bridge'/>
- <flag name='seccomp-blacklist'/>
+ <flag name='seccomp-filter-groups'/>
<flag name='query-cpus-fast'/>
<flag name='disk-write-cache'/>
<flag name='nbd-tls'/>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index d5b2a21b5a..0989abd042 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -921,7 +921,7 @@ mymain(void)
DO_TEST("minimal", NONE);
DO_TEST("minimal-sandbox",
- QEMU_CAPS_SECCOMP_BLACKLIST);
+ QEMU_CAPS_SECCOMP_FILTER_GROUPS);
DO_TEST_PARSE_ERROR("minimal-no-memory", NONE);
DO_TEST("minimal-msg-timestamp", QEMU_CAPS_MSG_TIMESTAMP);
--
2.24.1
4:55 a.m.
New subject: [libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in seccomp capability
On Fri, Jun 19, 2020 at 10:32:42 +0100, Daniel Berrange wrote:
The concept we're really testing for is whether QEMU supports
the seccomp syscall filter groups. We need to keep one place
using the old term to deal with upgrades from existing hosts
with running VMs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 72874ee4fd..56ec5c0352 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
if (str) {
int flag = virQEMUCapsTypeFromString(str);
if (flag < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Unknown qemu capabilities flag %s"),
str);
- goto error;
+ if (g_str_equal(str, "seccomp-blacklist")) {
+ flag = QEMU_CAPS_SECCOMP_FILTER_GROUPS;
+ } else {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unknown qemu capabilities flag %s"),
str);
I think this should become an array so that we can extend it arbitrarily
later. This concept may come in useful.
Additionally making it with a proper explanation will prevent us from
having a magic constant in a random place in the code without proper
explanation.
6:56 a.m.
New subject: [libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in seccomp capability
On a Friday in 2020, Daniel P. Berrangé wrote:
The concept we're really testing for is whether QEMU supports
the seccomp syscall filter groups. We need to keep one place
using the old term to deal with upgrades from existing hosts
with running VMs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu.conf | 2 +-
src/qemu/qemu_capabilities.c | 4 ++--
src/qemu/qemu_capabilities.h | 2 +-
src/qemu/qemu_command.c | 4 ++--
src/qemu/qemu_domain.c | 10 +++++++---
tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 2 +-
tests/qemustatusxml2xmldata/backup-pull-in.xml | 2 +-
tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml | 2 +-
tests/qemuxml2argvtest.c | 2 +-
37 files changed, 45 insertions(+), 41 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index f89dbd2c3a..99b9ce53e5 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -704,7 +704,7 @@
# If it is unset (or -1), then seccomp will be enabled
# only if QEMU >= 2.11.0 is detected, otherwise it is
# left disabled. This ensures the default config gets
-# protection for new QEMU using the blacklist approach.
+# protection for new QEMU with filter groups.
#
#seccomp_sandbox = 1
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 68fcbd3c4f..310be800e2 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -468,7 +468,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
/* 285 */
"qcow2-luks",
"pcie-pci-bridge",
- "seccomp-blacklist",
+ "seccomp-filter-groups",
"query-cpus-fast",
"disk-write-cache",
@@ -3292,7 +3292,7 @@ static struct virQEMUCapsCommandLineProps virQEMUCapsCommandLine[] =
{
{ "vnc", "vnc", QEMU_CAPS_VNC_MULTI_SERVERS },
{ "chardev", "reconnect", QEMU_CAPS_CHARDEV_RECONNECT },
{ "sandbox", "enable", QEMU_CAPS_SECCOMP_SANDBOX },
- { "sandbox", "elevateprivileges", QEMU_CAPS_SECCOMP_BLACKLIST },
+ { "sandbox", "elevateprivileges", QEMU_CAPS_SECCOMP_FILTER_GROUPS
},
{ "chardev", "fd", QEMU_CAPS_CHARDEV_FD_PASS },
{ "overcommit", NULL, QEMU_CAPS_OVERCOMMIT },
{ "smp-opts", "dies", QEMU_CAPS_SMP_DIES },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index ad93816d41..0ee3e357cb 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -448,7 +448,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check
*/
/* 285 */
QEMU_CAPS_QCOW2_LUKS, /* qcow2 format support LUKS encryption */
QEMU_CAPS_DEVICE_PCIE_PCI_BRIDGE, /* -device pcie-pci-bridge */
- QEMU_CAPS_SECCOMP_BLACKLIST, /* -sandbox.elevateprivileges */
+ QEMU_CAPS_SECCOMP_FILTER_GROUPS, /* -sandbox.elevateprivileges */
QEMU_CAPS_QUERY_CPUS_FAST, /* query-cpus-fast command */
QEMU_CAPS_DISK_WRITE_CACHE, /* qemu block frontends support write-cache param */
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f27246b4c6..37113a433a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9517,8 +9517,8 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
return 0;
}
- /* Use blacklist by default if supported */
- if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_BLACKLIST)) {
+ /* Block undesirable syscall groups by default if supported */
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_FILTER_GROUPS)) {
While 'filter groups' describes the underlying QEMU functionality
better, we only use it to deny syscalls. So using 'blocklist' as
proposed in the RFC you linked would better show the contrast between
this and the old approach.
virCommandAddArgList(cmd, "-sandbox",
"on,obsolete=deny,elevateprivileges=deny,"
"spawn=deny,resourcecontrol=deny",
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 72874ee4fd..56ec5c0352 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
if (str) {
int flag = virQEMUCapsTypeFromString(str);
if (flag < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Unknown qemu capabilities flag %s"),
str);
- goto error;
+ if (g_str_equal(str, "seccomp-blacklist")) {
+ flag = QEMU_CAPS_SECCOMP_FILTER_GROUPS;
I'd just leave the XML as-is, to avoid introducing this special-casing.
Jano
+ } else {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unknown qemu capabilities flag %s"),
str);
+ goto error;
+ }
}
virQEMUCapsSet(qemuCaps, flag);
}
7:23 a.m.
New subject: [libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in seccomp capability
On Fri, Jun 19, 2020 at 01:56:55PM +0200, Ján Tomko wrote:
On a Friday in 2020, Daniel P. Berrangé wrote:
> The concept we're really testing for is whether QEMU supports
> the seccomp syscall filter groups. We need to keep one place
> using the old term to deal with upgrades from existing hosts
> with running VMs.
>
> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> ---
> src/qemu/qemu.conf | 2 +-
> src/qemu/qemu_capabilities.c | 4 ++--
> src/qemu/qemu_capabilities.h | 2 +-
> src/qemu/qemu_command.c | 4 ++--
> src/qemu/qemu_domain.c | 10 +++++++---
> tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 2 +-
> tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 2 +-
> tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 2 +-
> tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 2 +-
> tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 2 +-
> tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 2 +-
> tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 2 +-
> tests/qemustatusxml2xmldata/backup-pull-in.xml | 2 +-
> tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml | 2 +-
> tests/qemuxml2argvtest.c | 2 +-
> 37 files changed, 45 insertions(+), 41 deletions(-)
>
> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> index f89dbd2c3a..99b9ce53e5 100644
> --- a/src/qemu/qemu.conf
> +++ b/src/qemu/qemu.conf
> @@ -704,7 +704,7 @@
> # If it is unset (or -1), then seccomp will be enabled
> # only if QEMU >= 2.11.0 is detected, otherwise it is
> # left disabled. This ensures the default config gets
> -# protection for new QEMU using the blacklist approach.
> +# protection for new QEMU with filter groups.
> #
> #seccomp_sandbox = 1
>
> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> index 68fcbd3c4f..310be800e2 100644
> --- a/src/qemu/qemu_capabilities.c
> +++ b/src/qemu/qemu_capabilities.c
> @@ -468,7 +468,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
> /* 285 */
> "qcow2-luks",
> "pcie-pci-bridge",
> - "seccomp-blacklist",
> + "seccomp-filter-groups",
> "query-cpus-fast",
> "disk-write-cache",
>
> @@ -3292,7 +3292,7 @@ static struct virQEMUCapsCommandLineProps
virQEMUCapsCommandLine[] = {
> { "vnc", "vnc", QEMU_CAPS_VNC_MULTI_SERVERS },
> { "chardev", "reconnect", QEMU_CAPS_CHARDEV_RECONNECT },
> { "sandbox", "enable", QEMU_CAPS_SECCOMP_SANDBOX },
> - { "sandbox", "elevateprivileges",
QEMU_CAPS_SECCOMP_BLACKLIST },
> + { "sandbox", "elevateprivileges",
QEMU_CAPS_SECCOMP_FILTER_GROUPS },
> { "chardev", "fd", QEMU_CAPS_CHARDEV_FD_PASS },
> { "overcommit", NULL, QEMU_CAPS_OVERCOMMIT },
> { "smp-opts", "dies", QEMU_CAPS_SMP_DIES },
> diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
> index ad93816d41..0ee3e357cb 100644
> --- a/src/qemu/qemu_capabilities.h
> +++ b/src/qemu/qemu_capabilities.h
> @@ -448,7 +448,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for
syntax-check */
> /* 285 */
> QEMU_CAPS_QCOW2_LUKS, /* qcow2 format support LUKS encryption */
> QEMU_CAPS_DEVICE_PCIE_PCI_BRIDGE, /* -device pcie-pci-bridge */
> - QEMU_CAPS_SECCOMP_BLACKLIST, /* -sandbox.elevateprivileges */
> + QEMU_CAPS_SECCOMP_FILTER_GROUPS, /* -sandbox.elevateprivileges */
> QEMU_CAPS_QUERY_CPUS_FAST, /* query-cpus-fast command */
> QEMU_CAPS_DISK_WRITE_CACHE, /* qemu block frontends support write-cache param
*/
>
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index f27246b4c6..37113a433a 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -9517,8 +9517,8 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
> return 0;
> }
>
> - /* Use blacklist by default if supported */
> - if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_BLACKLIST)) {
> + /* Block undesirable syscall groups by default if supported */
> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_FILTER_GROUPS)) {
While 'filter groups' describes the underlying QEMU functionality
better, we only use it to deny syscalls. So using 'blocklist' as
proposed in the RFC you linked would better show the contrast between
this and the old approach.
I don't want to name it based on libvirt's /current/ usage, as we
could alter that usage in future, hence naming it based on the QEMU
conceptual feature.
> virCommandAddArgList(cmd, "-sandbox",
> "on,obsolete=deny,elevateprivileges=deny,"
> "spawn=deny,resourcecontrol=deny",
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index 72874ee4fd..56ec5c0352 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
> if (str) {
> int flag = virQEMUCapsTypeFromString(str);
> if (flag < 0) {
> - virReportError(VIR_ERR_INTERNAL_ERROR,
> - _("Unknown qemu capabilities flag
%s"), str);
> - goto error;
> + if (g_str_equal(str, "seccomp-blacklist")) {
> + flag = QEMU_CAPS_SECCOMP_FILTER_GROUPS;
I'd just leave the XML as-is, to avoid introducing this special-casing.
Renaming the capability lets us eliminate this from all the capabilities
test data files we have (and the ones we cointinue to add in future), so
I think it is a net win to just have this 2 line special case.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
7:33 a.m.
New subject: [libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in seccomp capability
On a Friday in 2020, Daniel P. Berrangé wrote:
On Fri, Jun 19, 2020 at 01:56:55PM +0200, Ján Tomko wrote:
> On a Friday in 2020, Daniel P. Berrangé wrote:
> > The concept we're really testing for is whether QEMU supports
> > the seccomp syscall filter groups. We need to keep one place
> > using the old term to deal with upgrades from existing hosts
> > with running VMs.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> > ---
> > src/qemu/qemu.conf | 2 +-
> > src/qemu/qemu_capabilities.c | 4 ++--
> > src/qemu/qemu_capabilities.h | 2 +-
> > src/qemu/qemu_command.c | 4 ++--
> > src/qemu/qemu_domain.c | 10 +++++++---
> > tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 2 +-
> > tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 2 +-
> > tests/qemustatusxml2xmldata/backup-pull-in.xml | 2 +-
> > tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml | 2 +-
> > tests/qemuxml2argvtest.c | 2 +-
> > 37 files changed, 45 insertions(+), 41 deletions(-)
> >
> > diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> > index f89dbd2c3a..99b9ce53e5 100644
> > --- a/src/qemu/qemu.conf
> > +++ b/src/qemu/qemu.conf
> > @@ -704,7 +704,7 @@
> > # If it is unset (or -1), then seccomp will be enabled
> > # only if QEMU >= 2.11.0 is detected, otherwise it is
> > # left disabled. This ensures the default config gets
> > -# protection for new QEMU using the blacklist approach.
> > +# protection for new QEMU with filter groups.
> > #
> > #seccomp_sandbox = 1
> >
> > diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> > index 68fcbd3c4f..310be800e2 100644
> > --- a/src/qemu/qemu_capabilities.c
> > +++ b/src/qemu/qemu_capabilities.c
> > @@ -468,7 +468,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
> > /* 285 */
> > "qcow2-luks",
> > "pcie-pci-bridge",
> > - "seccomp-blacklist",
> > + "seccomp-filter-groups",
> > "query-cpus-fast",
> > "disk-write-cache",
> >
> > @@ -3292,7 +3292,7 @@ static struct virQEMUCapsCommandLineProps
virQEMUCapsCommandLine[] = {
> > { "vnc", "vnc", QEMU_CAPS_VNC_MULTI_SERVERS },
> > { "chardev", "reconnect", QEMU_CAPS_CHARDEV_RECONNECT
},
> > { "sandbox", "enable", QEMU_CAPS_SECCOMP_SANDBOX },
> > - { "sandbox", "elevateprivileges",
QEMU_CAPS_SECCOMP_BLACKLIST },
> > + { "sandbox", "elevateprivileges",
QEMU_CAPS_SECCOMP_FILTER_GROUPS },
> > { "chardev", "fd", QEMU_CAPS_CHARDEV_FD_PASS },
> > { "overcommit", NULL, QEMU_CAPS_OVERCOMMIT },
> > { "smp-opts", "dies", QEMU_CAPS_SMP_DIES },
> > diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
> > index ad93816d41..0ee3e357cb 100644
> > --- a/src/qemu/qemu_capabilities.h
> > +++ b/src/qemu/qemu_capabilities.h
> > @@ -448,7 +448,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for
syntax-check */
> > /* 285 */
> > QEMU_CAPS_QCOW2_LUKS, /* qcow2 format support LUKS encryption */
> > QEMU_CAPS_DEVICE_PCIE_PCI_BRIDGE, /* -device pcie-pci-bridge */
> > - QEMU_CAPS_SECCOMP_BLACKLIST, /* -sandbox.elevateprivileges */
> > + QEMU_CAPS_SECCOMP_FILTER_GROUPS, /* -sandbox.elevateprivileges */
> > QEMU_CAPS_QUERY_CPUS_FAST, /* query-cpus-fast command */
> > QEMU_CAPS_DISK_WRITE_CACHE, /* qemu block frontends support write-cache
param */
> >
> > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> > index f27246b4c6..37113a433a 100644
> > --- a/src/qemu/qemu_command.c
> > +++ b/src/qemu/qemu_command.c
> > @@ -9517,8 +9517,8 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
> > return 0;
> > }
> >
> > - /* Use blacklist by default if supported */
> > - if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_BLACKLIST)) {
> > + /* Block undesirable syscall groups by default if supported */
> > + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_FILTER_GROUPS)) {
>
> While 'filter groups' describes the underlying QEMU functionality
> better, we only use it to deny syscalls. So using 'blocklist' as
> proposed in the RFC you linked would better show the contrast between
> this and the old approach.
I don't want to name it based on libvirt's /current/ usage, as we
could alter that usage in future, hence naming it based on the QEMU
conceptual feature.
> > virCommandAddArgList(cmd, "-sandbox",
> >
"on,obsolete=deny,elevateprivileges=deny,"
> > "spawn=deny,resourcecontrol=deny",
> > diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> > index 72874ee4fd..56ec5c0352 100644
> > --- a/src/qemu/qemu_domain.c
> > +++ b/src/qemu/qemu_domain.c
> > @@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
> > if (str) {
> > int flag = virQEMUCapsTypeFromString(str);
> > if (flag < 0) {
> > - virReportError(VIR_ERR_INTERNAL_ERROR,
> > - _("Unknown qemu capabilities flag
%s"), str);
> > - goto error;
> > + if (g_str_equal(str, "seccomp-blacklist")) {
> > + flag = QEMU_CAPS_SECCOMP_FILTER_GROUPS;
>
> I'd just leave the XML as-is, to avoid introducing this special-casing.
Renaming the capability lets us eliminate this from all the capabilities
test data files we have (and the ones we cointinue to add in future), so
I think it is a net win to just have this 2 line special case.
Sigh,
Jano
8:05 a.m.
New subject: [libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in seccomp capability
On Fri, Jun 19, 2020 at 13:23:24 +0100, Daniel Berrange wrote:
On Fri, Jun 19, 2020 at 01:56:55PM +0200, Ján Tomko wrote:
> On a Friday in 2020, Daniel P. Berrangé wrote:
[...]
> > diff --git a/src/qemu/qemu_domain.c
b/src/qemu/qemu_domain.c
> > index 72874ee4fd..56ec5c0352 100644
> > --- a/src/qemu/qemu_domain.c
> > +++ b/src/qemu/qemu_domain.c
> > @@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
> > if (str) {
> > int flag = virQEMUCapsTypeFromString(str);
> > if (flag < 0) {
> > - virReportError(VIR_ERR_INTERNAL_ERROR,
> > - _("Unknown qemu capabilities flag
%s"), str);
> > - goto error;
> > + if (g_str_equal(str, "seccomp-blacklist")) {
> > + flag = QEMU_CAPS_SECCOMP_FILTER_GROUPS;
>
> I'd just leave the XML as-is, to avoid introducing this special-casing.
Renaming the capability lets us eliminate this from all the capabilities
test data files we have (and the ones we cointinue to add in future), so
I think it is a net win to just have this 2 line special case.
I will consider this being a win/improvement of the code if you make it
a generic concept for renaming capabilities as I've mentioned in my
review. Having a one-off hack seems to be too forced without any
possible improvement in the code.
I will happily ack it it's made a generic concept.
8:25 a.m.
New subject: [libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in seccomp capability
On Fri, Jun 19, 2020 at 03:05:40PM +0200, Peter Krempa wrote:
On Fri, Jun 19, 2020 at 13:23:24 +0100, Daniel Berrange wrote:
> On Fri, Jun 19, 2020 at 01:56:55PM +0200, Ján Tomko wrote:
> > On a Friday in 2020, Daniel P. Berrangé wrote:
[...]
> > > diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> > > index 72874ee4fd..56ec5c0352 100644
> > > --- a/src/qemu/qemu_domain.c
> > > +++ b/src/qemu/qemu_domain.c
> > > @@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr
ctxt,
> > > if (str) {
> > > int flag = virQEMUCapsTypeFromString(str);
> > > if (flag < 0) {
> > > - virReportError(VIR_ERR_INTERNAL_ERROR,
> > > - _("Unknown qemu capabilities flag
%s"), str);
> > > - goto error;
> > > + if (g_str_equal(str, "seccomp-blacklist"))
{
> > > + flag = QEMU_CAPS_SECCOMP_FILTER_GROUPS;
> >
> > I'd just leave the XML as-is, to avoid introducing this special-casing.
>
> Renaming the capability lets us eliminate this from all the capabilities
> test data files we have (and the ones we cointinue to add in future), so
> I think it is a net win to just have this 2 line special case.
I will consider this being a win/improvement of the code if you make it
a generic concept for renaming capabilities as I've mentioned in my
review. Having a one-off hack seems to be too forced without any
possible improvement in the code.
I will happily ack it it's made a generic concept.
Yes, that's what I'm already working on doing.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
4:32 a.m.
New subject: [libvirt PATCH 06/23] util: use short form -g arg to scsi_id
We can't change the term used by scsi_id for its CLI arg, but
we can avoid it by picking the short form instead.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/util/virstoragefile.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index a6357abb08..b4337c2736 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -1365,7 +1365,7 @@ virStorageFileGetSCSIKey(const char *path,
cmd = virCommandNewArgList("/lib/udev/scsi_id",
"--replace-whitespace",
- "--whitelisted",
+ "-g",
"--device", path,
NULL
);
@@ -1433,7 +1433,7 @@ virStorageFileGetNPIVKey(const char *path,
cmd = virCommandNewArgList("/lib/udev/scsi_id",
"--replace-whitespace",
- "--whitelisted",
+ "-g",
"--export",
"--device", path,
NULL
--
2.24.1
4:56 a.m.
New subject: [libvirt PATCH 06/23] util: use short form -g arg to scsi_id
On Fri, Jun 19, 2020 at 10:32:43 +0100, Daniel Berrange wrote:
We can't change the term used by scsi_id for its CLI arg, but
we can avoid it by picking the short form instead.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/util/virstoragefile.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index a6357abb08..b4337c2736 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -1365,7 +1365,7 @@ virStorageFileGetSCSIKey(const char *path,
cmd = virCommandNewArgList("/lib/udev/scsi_id",
"--replace-whitespace",
- "--whitelisted",
+ "-g",
IMO this decreases the readability of the code.
5:17 a.m.
New subject: [libvirt PATCH 06/23] util: use short form -g arg to scsi_id
On Fri, Jun 19, 2020 at 11:56:07AM +0200, Peter Krempa wrote:
On Fri, Jun 19, 2020 at 10:32:43 +0100, Daniel Berrange wrote:
> We can't change the term used by scsi_id for its CLI arg, but
> we can avoid it by picking the short form instead.
>
> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> ---
> src/util/virstoragefile.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
> index a6357abb08..b4337c2736 100644
> --- a/src/util/virstoragefile.c
> +++ b/src/util/virstoragefile.c
> @@ -1365,7 +1365,7 @@ virStorageFileGetSCSIKey(const char *path,
>
> cmd = virCommandNewArgList("/lib/udev/scsi_id",
> "--replace-whitespace",
> - "--whitelisted",
> + "-g",
IMO this decreases the readability of the code.
I agree, but I think that doesn't really matter in the big picture
as this is not code that is a serious maint burden in libvirt.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
5:31 a.m.
New subject: [libvirt PATCH 06/23] util: use short form -g arg to scsi_id
On Fri, Jun 19, 2020 at 11:17:49 +0100, Daniel Berrange wrote:
On Fri, Jun 19, 2020 at 11:56:07AM +0200, Peter Krempa wrote:
> On Fri, Jun 19, 2020 at 10:32:43 +0100, Daniel Berrange wrote:
> > We can't change the term used by scsi_id for its CLI arg, but
> > we can avoid it by picking the short form instead.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> > ---
> > src/util/virstoragefile.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
> > index a6357abb08..b4337c2736 100644
> > --- a/src/util/virstoragefile.c
> > +++ b/src/util/virstoragefile.c
> > @@ -1365,7 +1365,7 @@ virStorageFileGetSCSIKey(const char *path,
> >
> > cmd = virCommandNewArgList("/lib/udev/scsi_id",
> > "--replace-whitespace",
> > - "--whitelisted",
> > + "-g",
>
> IMO this decreases the readability of the code.
I agree, but I think that doesn't really matter in the big picture
as this is not code that is a serious maint burden in libvirt.
It still a parameter of a tool we use rather than our own. Since there
is no technical reason for it and IMO makes the code worse I will not
provide the R-B for this patch.
6:09 a.m.
New subject: [libvirt PATCH 06/23] util: use short form -g arg to scsi_id
On Fri, Jun 19, 2020 at 12:31:22PM +0200, Peter Krempa wrote:
On Fri, Jun 19, 2020 at 11:17:49 +0100, Daniel Berrange wrote:
> On Fri, Jun 19, 2020 at 11:56:07AM +0200, Peter Krempa wrote:
> > On Fri, Jun 19, 2020 at 10:32:43 +0100, Daniel Berrange wrote:
> > > We can't change the term used by scsi_id for its CLI arg, but
> > > we can avoid it by picking the short form instead.
> > >
> > > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> > > ---
> > > src/util/virstoragefile.c | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
> > > index a6357abb08..b4337c2736 100644
> > > --- a/src/util/virstoragefile.c
> > > +++ b/src/util/virstoragefile.c
> > > @@ -1365,7 +1365,7 @@ virStorageFileGetSCSIKey(const char *path,
> > >
> > > cmd = virCommandNewArgList("/lib/udev/scsi_id",
> > > "--replace-whitespace",
> > > - "--whitelisted",
> > > + "-g",
> >
> > IMO this decreases the readability of the code.
>
> I agree, but I think that doesn't really matter in the big picture
> as this is not code that is a serious maint burden in libvirt.
It still a parameter of a tool we use rather than our own. Since there
is no technical reason for it and IMO makes the code worse I will not
provide the R-B for this patch.
No matter what the spelling used is, I've no idea what the option
actually does, or why we need it, not helped by the lack of a manpage
for scsi_id on Fedora. So in terms of understanding the code, both the
before and after state are bad. What I'll do is add a comment to describe
the purpose of adding the option....once I find out what that purpose
actually is....
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
8:12 a.m.
New subject: [libvirt PATCH 06/23] util: use short form -g arg to scsi_id
On Fri, Jun 19, 2020 at 12:09:07 +0100, Daniel Berrange wrote:
On Fri, Jun 19, 2020 at 12:31:22PM +0200, Peter Krempa wrote:
> On Fri, Jun 19, 2020 at 11:17:49 +0100, Daniel Berrange wrote:
> > On Fri, Jun 19, 2020 at 11:56:07AM +0200, Peter Krempa wrote:
> > > On Fri, Jun 19, 2020 at 10:32:43 +0100, Daniel Berrange wrote:
> > > > We can't change the term used by scsi_id for its CLI arg, but
> > > > we can avoid it by picking the short form instead.
> > > >
> > > > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> > > > ---
> > > > src/util/virstoragefile.c | 4 ++--
> > > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
> > > > index a6357abb08..b4337c2736 100644
> > > > --- a/src/util/virstoragefile.c
> > > > +++ b/src/util/virstoragefile.c
> > > > @@ -1365,7 +1365,7 @@ virStorageFileGetSCSIKey(const char *path,
> > > >
> > > > cmd = virCommandNewArgList("/lib/udev/scsi_id",
> > > > "--replace-whitespace",
> > > > - "--whitelisted",
> > > > + "-g",
> > >
> > > IMO this decreases the readability of the code.
> >
> > I agree, but I think that doesn't really matter in the big picture
> > as this is not code that is a serious maint burden in libvirt.
>
> It still a parameter of a tool we use rather than our own. Since there
> is no technical reason for it and IMO makes the code worse I will not
> provide the R-B for this patch.
No matter what the spelling used is, I've no idea what the option
actually does, or why we need it, not helped by the lack of a manpage
for scsi_id on Fedora. So in terms of understanding the code, both the
before and after state are bad. What I'll do is add a comment to describe
the purpose of adding the option....once I find out what that purpose
actually is....
I'll consider a net win if you describe/document the options used for
the command regardless of which spelling is used.
4:32 a.m.
New subject: [libvirt PATCH 07/23] docs: remove use of the term 'whitelist' from documentation
The term is redundant in the context used.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/firewall.html.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/firewall.html.in b/docs/firewall.html.in
index e86ab0d974..bfb5a47b1c 100644
--- a/docs/firewall.html.in
+++ b/docs/firewall.html.in
@@ -311,7 +311,7 @@ f5c78134-9da4-0c60-a9f0-fb37bc21ac1f no-other-rarp-traffic
<p>To associate the clean-traffic filter with a guest, edit the
guest XML config and change the <code><interface></code>
element
to include a <code><filterref></code> and also specify
the
- whitelisted <code><ip address/></code> the guest is
allowed to
+ <code><ip address/></code> that the guest is allowed to
use:
</p>
<pre>
--
2.24.1
5:10 a.m.
New subject: [libvirt PATCH 07/23] docs: remove use of the term 'whitelist' from documentation
On Fri, Jun 19, 2020 at 10:32:44 +0100, Daniel Berrange wrote:
The term is redundant in the context used.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/firewall.html.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 08/23] util: rename method to virKModIsProhibited
This naming better matches the semantics usage of the test.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/libvirt_private.syms | 2 +-
src/util/virfile.c | 2 +-
src/util/virkmod.c | 24 ++++++++++++------------
src/util/virkmod.h | 2 +-
src/util/virpci.c | 4 ++--
5 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 42f8d7c222..c3ea3840d8 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2403,7 +2403,7 @@ virKeycodeValueTranslate;
# util/virkmod.h
virKModConfig;
-virKModIsBlacklisted;
+virKModIsProhibited;
virKModLoad;
virKModUnload;
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 20260a2e58..58dfd29304 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -897,7 +897,7 @@ virFileNBDDeviceFindUnused(void)
static bool
virFileNBDLoadDriver(void)
{
- if (virKModIsBlacklisted(NBD_DRIVER)) {
+ if (virKModIsProhibited(NBD_DRIVER)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Failed to load nbd module: "
"administratively prohibited"));
diff --git a/src/util/virkmod.c b/src/util/virkmod.c
index 12cb5920e8..9454581fa8 100644
--- a/src/util/virkmod.c
+++ b/src/util/virkmod.c
@@ -134,32 +134,32 @@ virKModUnload(const char *module)
/**
- * virKModIsBlacklisted:
- * @module: Name of the module to check for on the blacklist
+ * virKModIsProhibited:
+ * @module: Name of the module to check
*
- * Search the output of the configuration data for the module being
- * blacklisted.
+ * Determine if loading of @module is prohibited by admin
+ * configuration.
*
- * returns true when found blacklisted, false otherwise.
+ * returns true when found prohibited, false otherwise.
*/
bool
-virKModIsBlacklisted(const char *module)
+virKModIsProhibited(const char *module)
{
size_t i;
- g_autofree char *drvblklst = NULL;
+ g_autofree char *drvmatch = NULL;
g_autofree char *outbuf = NULL;
- drvblklst = g_strdup_printf("blacklist %s\n", module);
+ drvmatch = g_strdup_printf("blacklist %s\n", module);
/* modprobe will convert all '-' into '_', so we need to as well */
- for (i = 0; i < drvblklst[i]; i++)
- if (drvblklst[i] == '-')
- drvblklst[i] = '_';
+ for (i = 0; i < drvmatch[i]; i++)
+ if (drvmatch[i] == '-')
+ drvmatch[i] = '_';
if (doModprobe("-c", NULL, &outbuf, NULL) < 0)
return false;
- if (strstr(outbuf, drvblklst))
+ if (strstr(outbuf, drvmatch))
return true;
return false;
diff --git a/src/util/virkmod.h b/src/util/virkmod.h
index f05cf83cf6..bd2fa1a1c7 100644
--- a/src/util/virkmod.h
+++ b/src/util/virkmod.h
@@ -28,5 +28,5 @@ char *virKModLoad(const char *, bool)
ATTRIBUTE_NONNULL(1);
char *virKModUnload(const char *)
ATTRIBUTE_NONNULL(1);
-bool virKModIsBlacklisted(const char *)
+bool virKModIsProhibited(const char *)
ATTRIBUTE_NONNULL(1);
diff --git a/src/util/virpci.c b/src/util/virpci.c
index 786b1393e6..e367d5d1e9 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -1023,10 +1023,10 @@ virPCIProbeStubDriver(virPCIStubDriver driver)
}
cleanup:
- /* If we know failure was because of blacklist, let's report that;
+ /* If we know failure was because of admin config, let's report that;
* otherwise, report a more generic failure message
*/
- if (virKModIsBlacklisted(drvname)) {
+ if (virKModIsProhibited(drvname)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Failed to load PCI stub module %s: "
"administratively prohibited"),
--
2.24.1
5:14 a.m.
New subject: [libvirt PATCH 08/23] util: rename method to virKModIsProhibited
On Fri, Jun 19, 2020 at 10:32:45 +0100, Daniel Berrange wrote:
This naming better matches the semantics usage of the test.
I this instance I disagree that it's better as it's diverging from the
terminology used by modprobe and doesn't really describe it any better
than it did before, so I'd prefer if it's not sold as being better.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/libvirt_private.syms | 2 +-
src/util/virfile.c | 2 +-
src/util/virkmod.c | 24 ++++++++++++------------
src/util/virkmod.h | 2 +-
src/util/virpci.c | 4 ++--
5 files changed, 17 insertions(+), 17 deletions(-)
I don't have problem with the change per-se, just the justification for
it.
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 09/23] nodedev: remove use of the term 'blacklist' from enumeration code
The term "ignored" is a better choice for the filtering performed
on devices from udev.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/node_device/node_device_udev.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
index bdf0b03add..cec99cb898 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -1397,7 +1397,7 @@ udevProcessDeviceListEntry(struct udev *udev,
* Do not bother enumerating over subsystems that do not
* contain interesting devices.
*/
-const char *subsystem_blacklist[] = {
+const char *subsystem_ignored[] = {
"acpi", "tty", "vc", "i2c",
};
@@ -1406,8 +1406,8 @@ udevEnumerateAddMatches(struct udev_enumerate *udev_enumerate)
{
size_t i;
- for (i = 0; i < G_N_ELEMENTS(subsystem_blacklist); i++) {
- const char *s = subsystem_blacklist[i];
+ for (i = 0; i < G_N_ELEMENTS(subsystem_ignored); i++) {
+ const char *s = subsystem_ignored[i];
if (udev_enumerate_add_nomatch_subsystem(udev_enumerate, s) < 0) {
virReportSystemError(errno, "%s", _("failed to add susbsystem
filter"));
return -1;
--
2.24.1
5:15 a.m.
New subject: [libvirt PATCH 09/23] nodedev: remove use of the term 'blacklist' from enumeration code
On Fri, Jun 19, 2020 at 10:32:46 +0100, Daniel Berrange wrote:
The term "ignored" is a better choice for the filtering
performed
on devices from udev.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/node_device/node_device_udev.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 10/23] build: remove use of the term 'blacklist' from helper files
The term is redundant or easily substituted with 'prohibit'.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
build-aux/syntax-check.mk | 2 +-
m4/virt-compile-warnings.m4 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk
index d47a92b530..2e49b5172e 100644
--- a/build-aux/syntax-check.mk
+++ b/build-aux/syntax-check.mk
@@ -1155,7 +1155,7 @@ sc_prohibit_class:
# exists some filesystems will only ever return DT_UNKNOWN.
# This field should only be used by code which is exclusively
# run platforms supporting "d_type" and must expect DT_UNKNOWN.
-# We blacklist it to discourage accidental usage which has
+# We prohibit it to discourage accidental usage which has
# happened many times. Add an exclude rule if it is genuinely
# needed and the above restrictions are acceptable.
sc_prohibit_dirent_d_type:
diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index d3538d59f8..4ebc25302c 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -123,7 +123,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
# Get all possible GCC warnings
gl_MANYWARN_ALL_GCC([maybewarn])
- # Remove the ones we don't want, blacklisted earlier
+ # Remove the ones we don't want
gl_MANYWARN_COMPLEMENT([wantwarn], [$maybewarn], [$dontwarn])
# -Wunused-functin is implied by -Wall we must turn it
--
2.24.1
5:18 a.m.
New subject: [libvirt PATCH 10/23] build: remove use of the term 'blacklist' from helper files
On Fri, Jun 19, 2020 at 10:32:47 +0100, Daniel Berrange wrote:
The term is redundant or easily substituted with 'prohibit'.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
build-aux/syntax-check.mk | 2 +-
m4/virt-compile-warnings.m4 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk
index d47a92b530..2e49b5172e 100644
--- a/build-aux/syntax-check.mk
+++ b/build-aux/syntax-check.mk
@@ -1155,7 +1155,7 @@ sc_prohibit_class:
# exists some filesystems will only ever return DT_UNKNOWN.
# This field should only be used by code which is exclusively
# run platforms supporting "d_type" and must expect DT_UNKNOWN.
-# We blacklist it to discourage accidental usage which has
+# We prohibit it to discourage accidental usage which has
This may or may not make sence depending on how syntax check is ported
to meson. You can use my R-b for this hunk if this survives the rewrite.
# happened many times. Add an exclude rule if it is genuinely
# needed and the above restrictions are acceptable.
sc_prohibit_dirent_d_type:
diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index d3538d59f8..4ebc25302c 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -123,7 +123,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
# Get all possible GCC warnings
gl_MANYWARN_ALL_GCC([maybewarn])
- # Remove the ones we don't want, blacklisted earlier
+ # Remove the ones we don't want
gl_MANYWARN_COMPLEMENT([wantwarn], [$maybewarn], [$dontwarn])
IMO this change doesn't make sense in the light of the meson rewrite.
# -Wunused-functin is implied by -Wall we must turn it
--
2.24.1
6:14 a.m.
New subject: [libvirt PATCH 10/23] build: remove use of the term 'blacklist' from helper files
On Fri, Jun 19, 2020 at 12:18:23PM +0200, Peter Krempa wrote:
On Fri, Jun 19, 2020 at 10:32:47 +0100, Daniel Berrange wrote:
> The term is redundant or easily substituted with 'prohibit'.
>
> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> ---
> build-aux/syntax-check.mk | 2 +-
> m4/virt-compile-warnings.m4 | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk
> index d47a92b530..2e49b5172e 100644
> --- a/build-aux/syntax-check.mk
> +++ b/build-aux/syntax-check.mk
> @@ -1155,7 +1155,7 @@ sc_prohibit_class:
> # exists some filesystems will only ever return DT_UNKNOWN.
> # This field should only be used by code which is exclusively
> # run platforms supporting "d_type" and must expect DT_UNKNOWN.
> -# We blacklist it to discourage accidental usage which has
> +# We prohibit it to discourage accidental usage which has
This may or may not make sence depending on how syntax check is ported
to meson. You can use my R-b for this hunk if this survives the rewrite.
I'd expect this file to be unchanged with meson. This is why we
changed it to be independant of the current makefile infra when
getting rid of gnulib.
> # happened many times. Add an exclude rule if it is genuinely
> # needed and the above restrictions are acceptable.
> sc_prohibit_dirent_d_type:
> diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
> index d3538d59f8..4ebc25302c 100644
> --- a/m4/virt-compile-warnings.m4
> +++ b/m4/virt-compile-warnings.m4
> @@ -123,7 +123,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
> # Get all possible GCC warnings
> gl_MANYWARN_ALL_GCC([maybewarn])
>
> - # Remove the ones we don't want, blacklisted earlier
> + # Remove the ones we don't want
> gl_MANYWARN_COMPLEMENT([wantwarn], [$maybewarn], [$dontwarn])
IMO this change doesn't make sense in the light of the meson rewrite.
Sure, this will go away when meson switch arrives, but we've still not
got a clear ETA for that, so we shouldn't reject changes to the existing
build system in the meantime.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
7:02 a.m.
New subject: [libvirt PATCH 10/23] build: remove use of the term 'blacklist' from helper files
On Mon, Jun 22, 2020 at 12:14:56 +0100, Daniel Berrange wrote:
On Fri, Jun 19, 2020 at 12:18:23PM +0200, Peter Krempa wrote:
> On Fri, Jun 19, 2020 at 10:32:47 +0100, Daniel Berrange wrote:
> > The term is redundant or easily substituted with 'prohibit'.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> > ---
[...]
> > diff --git a/m4/virt-compile-warnings.m4
b/m4/virt-compile-warnings.m4
> > index d3538d59f8..4ebc25302c 100644
> > --- a/m4/virt-compile-warnings.m4
> > +++ b/m4/virt-compile-warnings.m4
> > @@ -123,7 +123,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
> > # Get all possible GCC warnings
> > gl_MANYWARN_ALL_GCC([maybewarn])
> >
> > - # Remove the ones we don't want, blacklisted earlier
> > + # Remove the ones we don't want
> > gl_MANYWARN_COMPLEMENT([wantwarn], [$maybewarn], [$dontwarn])
>
> IMO this change doesn't make sense in the light of the meson rewrite.
Sure, this will go away when meson switch arrives, but we've still not
got a clear ETA for that, so we shouldn't reject changes to the existing
build system in the meantime.
Main reason is to minimize conflicts with Pavel's effort. This hunk is
here since 2012, so waiting even for amonth doesn't seem to be that much
of a problem.
4:32 a.m.
New subject: [libvirt PATCH 11/23] src: remove use of the term 'whitelist' from remaining code
The terms can be avoided with simple tweaks.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/libvirt.c | 2 +-
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_conf.c | 4 ++--
src/rpc/gendispatch.pl | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/libvirt.c b/src/libvirt.c
index b2d0ba3d23..a0a21fd5d2 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -1025,7 +1025,7 @@ virConnectOpenInternal(const char *name,
bool matchScheme = false;
size_t s;
if (!ret->uri) {
- VIR_DEBUG("No URI, skipping driver with URI whitelist");
+ VIR_DEBUG("No URI, skipping driver with URI scheme
filtering");
continue;
}
if (embed && !virConnectDriverTab[i]->embeddable) {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 37113a433a..ff539b1556 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9526,7 +9526,7 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
return 0;
}
- /* Seccomp whitelist is opt-in */
+ /* Seccomp sandbox is opt-in */
if (cfg->seccompSandbox > 0)
virCommandAddArgList(cmd, "-sandbox", "on", NULL);
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 33b3989268..c54f82a75f 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1854,8 +1854,8 @@ qemuSetUnprivSGIO(virDomainDeviceDefPtr dev)
/* By default, filter the SG_IO commands, i.e. set unpriv_sgio to 0. */
val = (disk->sgio == VIR_DOMAIN_DEVICE_SGIO_UNFILTERED);
- /* Do not do anything if unpriv_sgio is not supported by the kernel and the
- * whitelist is enabled. But if requesting unfiltered access, always call
+ /* Do not do anything if unpriv_sgio is not supported by the kernel and
+ * filtering is enabled. But if requesting unfiltered access, always call
* virSetDeviceUnprivSGIO, to report an error for unsupported unpriv_sgio.
*/
if ((virFileExists(sysfs_path) || val == 1) &&
diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl
index 0b2ae59910..6c947beee1 100755
--- a/src/rpc/gendispatch.pl
+++ b/src/rpc/gendispatch.pl
@@ -171,7 +171,7 @@ sub get_conn_method {
if ($proc =~ /Connect.*Network/) {
return "remoteGetNetworkConn";
}
- # Carefully whitelist a few APIs with NodeDevice name
+ # Special case a few APIs with NodeDevice name
# prefix which actually get handled by the virt drivers
if ($proc =~ /Node.*Device/ &&
!($proc =~ /NodeDeviceReset/ ||
--
2.24.1
5:19 a.m.
New subject: [libvirt PATCH 11/23] src: remove use of the term 'whitelist' from remaining code
On Fri, Jun 19, 2020 at 10:32:48 +0100, Daniel Berrange wrote:
The terms can be avoided with simple tweaks.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/libvirt.c | 2 +-
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_conf.c | 4 ++--
src/rpc/gendispatch.pl | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
Again looks like too many changes crammed together, but given that it's
mostly comments:
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
6:43 a.m.
New subject: [libvirt PATCH 11/23] src: remove use of the term 'whitelist' from remaining code
On a Friday in 2020, Daniel P. Berrangé wrote:
The terms can be avoided with simple tweaks.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/libvirt.c | 2 +-
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_conf.c | 4 ++--
src/rpc/gendispatch.pl | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/libvirt.c b/src/libvirt.c
index b2d0ba3d23..a0a21fd5d2 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -1025,7 +1025,7 @@ virConnectOpenInternal(const char *name,
bool matchScheme = false;
size_t s;
if (!ret->uri) {
- VIR_DEBUG("No URI, skipping driver with URI whitelist");
+ VIR_DEBUG("No URI, skipping driver with URI scheme
filtering");
continue;
}
if (embed && !virConnectDriverTab[i]->embeddable) {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 37113a433a..ff539b1556 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9526,7 +9526,7 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
return 0;
}
- /* Seccomp whitelist is opt-in */
+ /* Seccomp sandbox is opt-in */
This is incorrect, we use the seccomp sandbox by default on newer QEMUs.
Jano
11:43 a.m.
New subject: [libvirt PATCH 11/23] src: remove use of the term 'whitelist' from remaining code
On Fri, Jun 19, 2020 at 01:43:46PM +0200, Ján Tomko wrote:
On a Friday in 2020, Daniel P. Berrangé wrote:
> The terms can be avoided with simple tweaks.
>
> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> ---
> src/libvirt.c | 2 +-
> src/qemu/qemu_command.c | 2 +-
> src/qemu/qemu_conf.c | 4 ++--
> src/rpc/gendispatch.pl | 2 +-
> 4 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/src/libvirt.c b/src/libvirt.c
> index b2d0ba3d23..a0a21fd5d2 100644
> --- a/src/libvirt.c
> +++ b/src/libvirt.c
> @@ -1025,7 +1025,7 @@ virConnectOpenInternal(const char *name,
> bool matchScheme = false;
> size_t s;
> if (!ret->uri) {
> - VIR_DEBUG("No URI, skipping driver with URI whitelist");
> + VIR_DEBUG("No URI, skipping driver with URI scheme
filtering");
> continue;
> }
> if (embed && !virConnectDriverTab[i]->embeddable) {
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 37113a433a..ff539b1556 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -9526,7 +9526,7 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
> return 0;
> }
>
> - /* Seccomp whitelist is opt-in */
> + /* Seccomp sandbox is opt-in */
This is incorrect, we use the seccomp sandbox by default on newer QEMUs.
This comment is against the code that deals with the old style QEMU
seccomp code, which rquires an explicit opt-in. The new style seccom
is further up above the diff hunk context seen here.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
3:20 a.m.
New subject: [libvirt PATCH 11/23] src: remove use of the term 'whitelist' from remaining code
On a Monday in 2020, Daniel P. Berrangé wrote:
On Fri, Jun 19, 2020 at 01:43:46PM +0200, Ján Tomko wrote:
> On a Friday in 2020, Daniel P. Berrangé wrote:
> > The terms can be avoided with simple tweaks.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> > ---
> > src/libvirt.c | 2 +-
> > src/qemu/qemu_command.c | 2 +-
> > src/qemu/qemu_conf.c | 4 ++--
> > src/rpc/gendispatch.pl | 2 +-
> > 4 files changed, 5 insertions(+), 5 deletions(-)
> >
> > diff --git a/src/libvirt.c b/src/libvirt.c
> > index b2d0ba3d23..a0a21fd5d2 100644
> > --- a/src/libvirt.c
> > +++ b/src/libvirt.c
> > @@ -1025,7 +1025,7 @@ virConnectOpenInternal(const char *name,
> > bool matchScheme = false;
> > size_t s;
> > if (!ret->uri) {
> > - VIR_DEBUG("No URI, skipping driver with URI
whitelist");
> > + VIR_DEBUG("No URI, skipping driver with URI scheme
filtering");
> > continue;
> > }
> > if (embed && !virConnectDriverTab[i]->embeddable) {
> > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> > index 37113a433a..ff539b1556 100644
> > --- a/src/qemu/qemu_command.c
> > +++ b/src/qemu/qemu_command.c
> > @@ -9526,7 +9526,7 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
> > return 0;
> > }
> >
> > - /* Seccomp whitelist is opt-in */
> > + /* Seccomp sandbox is opt-in */
>
> This is incorrect, we use the seccomp sandbox by default on newer QEMUs.
This comment is against the code that deals with the old style QEMU
seccomp code, which rquires an explicit opt-in. The new style seccom
is further up above the diff hunk context seen here.
I am specifically talking about the context. I wrote the comment to
contrast against the new-style sandbox.
If you don't want to preserve the contrast in here, just delete the
comment.
Jano
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
4:32 a.m.
New subject: [libvirt PATCH 12/23] interface: use a constant for the sysfs bond device file prefix
Two methods needs to deal with the fixed filename prefix on the
NIC name used by bond devices. The code is clearer if they both
make use of a defined constant.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/interface/interface_backend_udev.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/src/interface/interface_backend_udev.c
b/src/interface/interface_backend_udev.c
index e388f98536..f0594aa59c 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -527,8 +527,16 @@ udevInterfaceLookupByMACString(virConnectPtr conn, const char
*macstr)
return ret;
}
+/*
+ * Name prefix for sysfs symlinks that indicate which
+ * NICs are part of the bonded device
+ */
+#define BOND_NIC_PREFIX "slave_"
+
/**
- * Helper function for finding bond slaves using scandir()
+ * Helper function for finding NICs that are members of a
+ * bond device by using scandir() over the sysfs net interface
+ * dir
*
* @param entry - directory entry passed by scandir()
*
@@ -542,7 +550,7 @@ udevBondScanDirFilter(const struct dirent *entry)
* interface sysfs entry and references the slaves as slave_eth0 for
* example.
*/
- if (STRPREFIX(entry->d_name, "slave_"))
+ if (STRPREFIX(entry->d_name, BOND_NIC_PREFIX))
return 1;
return 0;
@@ -763,21 +771,15 @@ udevGetIfaceDefBond(struct udev *udev,
ifacedef->data.bond.nbItf = slave_count;
for (i = 0; i < slave_count; i++) {
- /* Names are slave_interface. e.g. slave_eth0
- * so we use the part after the _
- */
- tmp_str = strchr(slave_list[i]->d_name, '_');
- if (!tmp_str || strlen(tmp_str) < 2) {
+ if (!STRPREFIX(nic_list[i]->d_name, BOND_NIC_PREFIX)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Invalid enslaved interface name '%s' seen for
"
"bond '%s'"), slave_list[i]->d_name,
name);
goto error;
}
- /* go past the _ */
- tmp_str++;
ifacedef->data.bond.itf[i] =
- udevGetIfaceDef(udev, tmp_str);
+ udevGetIfaceDef(udev, nic_list[i]->d_name + strlen(BOND_NIC_PREFIX));
if (!ifacedef->data.bond.itf[i]) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Could not get interface information for '%s', which is
"
--
2.24.1
5:25 a.m.
New subject: [libvirt PATCH 12/23] interface: use a constant for the sysfs bond device file prefix
On Fri, Jun 19, 2020 at 10:32:49 +0100, Daniel Berrange wrote:
Two methods needs to deal with the fixed filename prefix on the
NIC name used by bond devices. The code is clearer if they both
make use of a defined constant.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/interface/interface_backend_udev.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/src/interface/interface_backend_udev.c
b/src/interface/interface_backend_udev.c
index e388f98536..f0594aa59c 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -527,8 +527,16 @@ udevInterfaceLookupByMACString(virConnectPtr conn, const char
*macstr)
return ret;
}
+/*
+ * Name prefix for sysfs symlinks that indicate which
+ * NICs are part of the bonded device
+ */
+#define BOND_NIC_PREFIX "slave_"
+
/**
- * Helper function for finding bond slaves using scandir()
+ * Helper function for finding NICs that are members of a
+ * bond device by using scandir() over the sysfs net interface
+ * dir
*
* @param entry - directory entry passed by scandir()
*
@@ -542,7 +550,7 @@ udevBondScanDirFilter(const struct dirent *entry)
* interface sysfs entry and references the slaves as slave_eth0 for
* example.
*/
- if (STRPREFIX(entry->d_name, "slave_"))
+ if (STRPREFIX(entry->d_name, BOND_NIC_PREFIX))
return 1;
return 0;
@@ -763,21 +771,15 @@ udevGetIfaceDefBond(struct udev *udev,
ifacedef->data.bond.nbItf = slave_count;
for (i = 0; i < slave_count; i++) {
- /* Names are slave_interface. e.g. slave_eth0
- * so we use the part after the _
- */
- tmp_str = strchr(slave_list[i]->d_name, '_');
- if (!tmp_str || strlen(tmp_str) < 2) {
+ if (!STRPREFIX(nic_list[i]->d_name, BOND_NIC_PREFIX)) {
Fails to compile:
.../libvirt/src/interface/interface_backend_udev.c:774:24: error: 'nic_list'
undeclared (first use in this function)
774 | if (!STRPREFIX(nic_list[i]->d_name, BOND_NIC_PREFIX)) {
| ^~~~~~~~
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Invalid enslaved interface name '%s' seen for
"
"bond '%s'"), slave_list[i]->d_name,
name);
goto error;
}
- /* go past the _ */
- tmp_str++;
ifacedef->data.bond.itf[i] =
- udevGetIfaceDef(udev, tmp_str);
+ udevGetIfaceDef(udev, nic_list[i]->d_name + strlen(BOND_NIC_PREFIX));
if (!ifacedef->data.bond.itf[i]) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Could not get interface information for '%s', which is
"
--
2.24.1
4:32 a.m.
New subject: [libvirt PATCH 13/23] interface: remove most use of the term 'slave' from bonding code
We can't change the filenames used in sysfs, but we don't have
to use that terminology in our code processing the list of NICs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/schemas/interface.rng | 2 +-
src/interface/interface_backend_udev.c | 43 ++++++++++++--------------
2 files changed, 21 insertions(+), 24 deletions(-)
diff --git a/docs/schemas/interface.rng b/docs/schemas/interface.rng
index a4fddaaedc..2530077190 100644
--- a/docs/schemas/interface.rng
+++ b/docs/schemas/interface.rng
@@ -237,7 +237,7 @@
</optional>
<oneOrMore>
- <!-- The slave interfaces -->
+ <!-- The attached interfaces -->
<ref name="bare-ethernet-interface"/>
</oneOrMore>
</interleave>
diff --git a/src/interface/interface_backend_udev.c
b/src/interface/interface_backend_udev.c
index f0594aa59c..f5961a93df 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -546,9 +546,7 @@ static int
udevBondScanDirFilter(const struct dirent *entry)
{
/* This is ugly so if anyone has a better suggestion, please improve
- * this. Unfortunately the kernel stores everything in the top level
- * interface sysfs entry and references the slaves as slave_eth0 for
- * example.
+ * this.
*/
if (STRPREFIX(entry->d_name, BOND_NIC_PREFIX))
return 1;
@@ -591,8 +589,8 @@ udevGetIfaceDefBond(struct udev *udev,
const char *name,
virInterfaceDef *ifacedef)
{
- struct dirent **slave_list = NULL;
- int slave_count = 0;
+ struct dirent **nic_list = NULL;
+ int nic_count = 0;
size_t i;
const char *tmp_str;
int tmp_int;
@@ -754,27 +752,26 @@ udevGetIfaceDefBond(struct udev *udev,
}
ifacedef->data.bond.target = g_strdup(tmp_str);
- /* Slaves of the bond */
- /* Get each slave in the bond */
- slave_count = scandir(udev_device_get_syspath(dev), &slave_list,
+ /* Get each NIC that is a member of the bond */
+ nic_count = scandir(udev_device_get_syspath(dev), &nic_list,
udevBondScanDirFilter, alphasort);
- if (slave_count < 0) {
+ if (nic_count < 0) {
virReportSystemError(errno,
- _("Could not get slaves of bond '%s'"), name);
+ _("Could not get interfaces for bond '%s'"), name);
goto error;
}
- /* Allocate our list of slave devices */
- if (VIR_ALLOC_N(ifacedef->data.bond.itf, slave_count) < 0)
+ /* Allocate our list of bonded devices */
+ if (VIR_ALLOC_N(ifacedef->data.bond.itf, nic_count) < 0)
goto error;
- ifacedef->data.bond.nbItf = slave_count;
+ ifacedef->data.bond.nbItf = nic_count;
- for (i = 0; i < slave_count; i++) {
+ for (i = 0; i < nic_count; i++) {
if (!STRPREFIX(nic_list[i]->d_name, BOND_NIC_PREFIX)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Invalid enslaved interface name '%s' seen for
"
- "bond '%s'"), slave_list[i]->d_name,
name);
+ _("Invalid bonded interface name '%s' seen for
"
+ "bond '%s'"), nic_list[i]->d_name,
name);
goto error;
}
@@ -782,21 +779,21 @@ udevGetIfaceDefBond(struct udev *udev,
udevGetIfaceDef(udev, nic_list[i]->d_name + strlen(BOND_NIC_PREFIX));
if (!ifacedef->data.bond.itf[i]) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Could not get interface information for '%s', which is
"
- "a enslaved in bond '%s'"), slave_list[i]->d_name,
name);
+ _("Could not get interface information for '%s', which
"
+ "is part of bond '%s'"), nic_list[i]->d_name,
name);
goto error;
}
- VIR_FREE(slave_list[i]);
+ VIR_FREE(nic_list[i]);
}
- VIR_FREE(slave_list);
+ VIR_FREE(nic_list);
return 0;
error:
- for (i = 0; slave_count != -1 && i < slave_count; i++)
- VIR_FREE(slave_list[i]);
- VIR_FREE(slave_list);
+ for (i = 0; nic_count != -1 && i < nic_count; i++)
+ VIR_FREE(nic_list[i]);
+ VIR_FREE(nic_list);
return -1;
}
--
2.24.1
5:25 a.m.
New subject: [libvirt PATCH 13/23] interface: remove most use of the term 'slave' from bonding code
On Fri, Jun 19, 2020 at 10:32:50 +0100, Daniel Berrange wrote:
We can't change the filenames used in sysfs, but we don't
have
to use that terminology in our code processing the list of NICs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/schemas/interface.rng | 2 +-
src/interface/interface_backend_udev.c | 43 ++++++++++++--------------
2 files changed, 21 insertions(+), 24 deletions(-)
diff --git a/docs/schemas/interface.rng b/docs/schemas/interface.rng
index a4fddaaedc..2530077190 100644
--- a/docs/schemas/interface.rng
+++ b/docs/schemas/interface.rng
@@ -237,7 +237,7 @@
</optional>
<oneOrMore>
- <!-- The slave interfaces -->
+ <!-- The attached interfaces -->
<ref name="bare-ethernet-interface"/>
</oneOrMore>
</interleave>
diff --git a/src/interface/interface_backend_udev.c
b/src/interface/interface_backend_udev.c
index f0594aa59c..f5961a93df 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -546,9 +546,7 @@ static int
udevBondScanDirFilter(const struct dirent *entry)
{
/* This is ugly so if anyone has a better suggestion, please improve
- * this. Unfortunately the kernel stores everything in the top level
- * interface sysfs entry and references the slaves as slave_eth0 for
- * example.
+ * this.
*/
if (STRPREFIX(entry->d_name, BOND_NIC_PREFIX))
return 1;
@@ -591,8 +589,8 @@ udevGetIfaceDefBond(struct udev *udev,
const char *name,
virInterfaceDef *ifacedef)
{
- struct dirent **slave_list = NULL;
- int slave_count = 0;
+ struct dirent **nic_list = NULL;
+ int nic_count = 0;
Patch ordering problem with previous one?
5:57 a.m.
New subject: [libvirt PATCH 13/23] interface: remove most use of the term 'slave' from bonding code
On Fri, Jun 19, 2020 at 12:25:49PM +0200, Peter Krempa wrote:
On Fri, Jun 19, 2020 at 10:32:50 +0100, Daniel Berrange wrote:
> We can't change the filenames used in sysfs, but we don't have
> to use that terminology in our code processing the list of NICs.
>
> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> ---
> docs/schemas/interface.rng | 2 +-
> src/interface/interface_backend_udev.c | 43 ++++++++++++--------------
> 2 files changed, 21 insertions(+), 24 deletions(-)
>
> diff --git a/docs/schemas/interface.rng b/docs/schemas/interface.rng
> index a4fddaaedc..2530077190 100644
> --- a/docs/schemas/interface.rng
> +++ b/docs/schemas/interface.rng
> @@ -237,7 +237,7 @@
> </optional>
>
> <oneOrMore>
> - <!-- The slave interfaces -->
> + <!-- The attached interfaces -->
> <ref name="bare-ethernet-interface"/>
> </oneOrMore>
> </interleave>
> diff --git a/src/interface/interface_backend_udev.c
b/src/interface/interface_backend_udev.c
> index f0594aa59c..f5961a93df 100644
> --- a/src/interface/interface_backend_udev.c
> +++ b/src/interface/interface_backend_udev.c
> @@ -546,9 +546,7 @@ static int
> udevBondScanDirFilter(const struct dirent *entry)
> {
> /* This is ugly so if anyone has a better suggestion, please improve
> - * this. Unfortunately the kernel stores everything in the top level
> - * interface sysfs entry and references the slaves as slave_eth0 for
> - * example.
> + * this.
> */
> if (STRPREFIX(entry->d_name, BOND_NIC_PREFIX))
> return 1;
> @@ -591,8 +589,8 @@ udevGetIfaceDefBond(struct udev *udev,
> const char *name,
> virInterfaceDef *ifacedef)
> {
> - struct dirent **slave_list = NULL;
> - int slave_count = 0;
> + struct dirent **nic_list = NULL;
> + int nic_count = 0;
Patch ordering problem with previous one?
Opps, yes, will fix.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
4:32 a.m.
New subject: [libvirt PATCH 14/23] docs: remove use of the term 'enslaved' wrt tap & bridge devices
Network interfaces are simply attached to a bridge device.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/firewall.html.in | 4 ++--
docs/formatdomain.html.in | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/docs/firewall.html.in b/docs/firewall.html.in
index bfb5a47b1c..2d55021d9b 100644
--- a/docs/firewall.html.in
+++ b/docs/firewall.html.in
@@ -12,7 +12,7 @@
<li>The virtual network driver
<br /><br />
This provides an isolated bridge device (ie no physical NICs
- enslaved). Guest TAP devices are attached to this bridge.
+ attached). Guest TAP devices are attached to this bridge.
Guests can talk to each other and the host, and optionally the
wider world.
<br /><br />
@@ -46,7 +46,7 @@
</p>
<p>Thus the virtual network driver in libvirt was invented. This takes
the form of an isolated bridge device (ie one with no physical NICs
- enslaved). The TAP devices associated with the guest NICs are attached
+ attached). The TAP devices associated with the guest NICs are attached
to the bridge device. This immediately allows guests on a single host
to talk to each other and to the host OS (modulo host IPtables rules).
</p>
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 07d0fa5c70..3f4d633909 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -5785,11 +5785,11 @@
<p>
Provides a bridge from the VM directly to the LAN. This assumes
there is a bridge device on the host which has one or more of the hosts
- physical NICs enslaved. The guest VM will have an associated tun device
+ physical NICs attached. The guest VM will have an associated tun device
created with a name of vnetN, which can also be overridden with the
<target> element (see
<a href="#elementsNICSTargetOverride">overriding the target
element</a>).
- The tun device will be enslaved to the bridge. The IP range / network
+ The tun device will be attached to the bridge. The IP range / network
configuration is whatever is used on the LAN. This provides the guest VM
full incoming & outgoing net access just like a physical machine.
</p>
--
2.24.1
5:26 a.m.
New subject: [libvirt PATCH 14/23] docs: remove use of the term 'enslaved' wrt tap & bridge devices
On Fri, Jun 19, 2020 at 10:32:51 +0100, Daniel Berrange wrote:
Network interfaces are simply attached to a bridge device.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/firewall.html.in | 4 ++--
docs/formatdomain.html.in | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 15/23] tools: remove use of the term 'slave' in code dealing with bridges
Network interfaces are simply attached to a bridge device.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
tools/virsh-interface.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/tools/virsh-interface.c b/tools/virsh-interface.c
index a3cdf8630f..d754998d52 100644
--- a/tools/virsh-interface.c
+++ b/tools/virsh-interface.c
@@ -922,17 +922,17 @@ cmdInterfaceBridge(vshControl *ctl, const vshCmd *cmd)
goto cleanup;
}
- /* set the type of the inner/slave interface to the original
+ /* set the type of the attached interface to the original
* if_type, and the name to the original if_name.
*/
if (!xmlSetProp(if_node, BAD_CAST "type", BAD_CAST if_type)) {
- vshError(ctl, _("Failed to set new slave interface type to '%s' in
xml document"),
+ vshError(ctl, _("Failed to set new attached interface type to '%s'
in xml document"),
if_type);
goto cleanup;
}
if (!xmlSetProp(if_node, BAD_CAST "name", BAD_CAST if_name)) {
- vshError(ctl, _("Failed to set new slave interface name to '%s' in
xml document"),
+ vshError(ctl, _("Failed to set new attached interface name to '%s'
in xml document"),
if_name);
goto cleanup;
}
@@ -1010,7 +1010,7 @@ cmdInterfaceBridge(vshControl *ctl, const vshCmd *cmd)
*/
static const vshCmdInfo info_interface_unbridge[] = {
{.name = "help",
- .data = N_("undefine a bridge device after detaching its slave device")
+ .data = N_("undefine a bridge device after detaching its device(s)")
},
{.name = "desc",
.data = N_("unbridge a network device")
@@ -1026,7 +1026,7 @@ static const vshCmdOptDef opts_interface_unbridge[] = {
},
{.name = "no-start",
.type = VSH_OT_BOOL,
- .help = N_("don't start the un-slaved interface immediately (not
recommended)")
+ .help = N_("don't start the detached interface immediately (not
recommended)")
},
{.name = NULL}
};
@@ -1103,8 +1103,8 @@ cmdInterfaceUnbridge(vshControl *ctl, const vshCmd *cmd)
goto cleanup;
}
- /* Change the type and name of the outer/master interface to
- * the type/name of the attached slave interface.
+ /* Change the type and name of the bridge interface to
+ * the type/name of the attached interface.
*/
if (!(if_name = virXMLPropString(if_node, "name"))) {
vshError(ctl, _("Device attached to bridge %s has no name"), br_name);
@@ -1154,7 +1154,7 @@ cmdInterfaceUnbridge(vshControl *ctl, const vshCmd *cmd)
xmlDocDumpMemory(xml_doc, &if_xml, &if_xml_size);
if (!if_xml || if_xml_size <= 0) {
- vshError(ctl, _("Failed to format new xml document for un-enslaved interface
%s"),
+ vshError(ctl, _("Failed to format new xml document for detached interface
%s"),
if_name);
goto cleanup;
}
--
2.24.1
5:32 a.m.
New subject: [libvirt PATCH 15/23] tools: remove use of the term 'slave' in code dealing with bridges
On Fri, Jun 19, 2020 at 10:32:52 +0100, Daniel Berrange wrote:
Network interfaces are simply attached to a bridge device.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
tools/virsh-interface.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 16/23] util: remove use of the terms 'master' and 'slave' in PTY code
The two sides of a PTY can be referred to as primary and secondary
TTYs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/util/virfile.c | 40 ++++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 20 deletions(-)
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 58dfd29304..1eebcf1b22 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -3127,20 +3127,20 @@ virFileBuildPath(const char *dir, const char *name, const char
*ext)
return path;
}
-/* Open a non-blocking master side of a pty. If ttyName is not NULL,
- * then populate it with the name of the slave. If rawmode is set,
- * also put the master side into raw mode before returning. */
+/* Open a non-blocking primary side of a pty. If ttyName is not NULL,
+ * then populate it with the name of the secondary peer. If rawmode is
+ * set, also put the primary side into raw mode before returning. */
#ifndef WIN32
int
-virFileOpenTty(int *ttymaster, char **ttyName, int rawmode)
+virFileOpenTty(int *ttyprimary, char **ttyName, int rawmode)
{
/* XXX A word of caution - on some platforms (Solaris and HP-UX),
- * additional ioctl() calls are needs after opening the slave
+ * additional ioctl() calls are needs after opening the secondary
* before it will cause isatty() to return true. Should we make
- * virFileOpenTty also return the opened slave fd, so the caller
+ * virFileOpenTty also return the opened secondary fd, so the caller
* doesn't have to worry about that mess? */
int ret = -1;
- int slave = -1;
+ int secondary = -1;
g_autofree char *name = NULL;
/* Unfortunately, we can't use the name argument of openpty, since
@@ -3148,31 +3148,31 @@ virFileOpenTty(int *ttymaster, char **ttyName, int rawmode)
* Likewise, we can't use the termios argument: we have to use
* read-modify-write since there is no portable way to initialize
* a struct termios without use of tcgetattr. */
- if (openpty(ttymaster, &slave, NULL, NULL, NULL) < 0)
+ if (openpty(ttyprimary, &secondary, NULL, NULL, NULL) < 0)
return -1;
/* What a shame that openpty cannot atomically set FD_CLOEXEC, but
* that using posix_openpt/grantpt/unlockpt/ptsname is not
* thread-safe, and that ptsname_r is not portable. */
- if (virSetNonBlock(*ttymaster) < 0 ||
- virSetCloseExec(*ttymaster) < 0)
+ if (virSetNonBlock(*ttyprimary) < 0 ||
+ virSetCloseExec(*ttyprimary) < 0)
goto cleanup;
- /* While Linux supports tcgetattr on either the master or the
- * slave, Solaris requires it to be on the slave. */
+ /* While Linux supports tcgetattr on either the primary or the
+ * secondary, Solaris requires it to be on the secondary. */
if (rawmode) {
struct termios ttyAttr;
- if (tcgetattr(slave, &ttyAttr) < 0)
+ if (tcgetattr(secondary, &ttyAttr) < 0)
goto cleanup;
cfmakeraw(&ttyAttr);
- if (tcsetattr(slave, TCSADRAIN, &ttyAttr) < 0)
+ if (tcsetattr(secondary, TCSADRAIN, &ttyAttr) < 0)
goto cleanup;
}
- /* ttyname_r on the slave is required by POSIX, while ptsname_r on
- * the master is a glibc extension, and the POSIX ptsname is not
+ /* ttyname_r on the secondary is required by POSIX, while ptsname_r on
+ * the primary is a glibc extension, and the POSIX ptsname is not
* thread-safe. Since openpty gave us both descriptors, guess
* which way we will determine the name? :) */
if (ttyName) {
@@ -3184,7 +3184,7 @@ virFileOpenTty(int *ttymaster, char **ttyName, int rawmode)
if (VIR_ALLOC_N(name, len) < 0)
goto cleanup;
- while ((rc = ttyname_r(slave, name, len)) == ERANGE) {
+ while ((rc = ttyname_r(secondary, name, len)) == ERANGE) {
if (VIR_RESIZE_N(name, len, len, len) < 0)
goto cleanup;
}
@@ -3200,14 +3200,14 @@ virFileOpenTty(int *ttymaster, char **ttyName, int rawmode)
cleanup:
if (ret != 0)
- VIR_FORCE_CLOSE(*ttymaster);
- VIR_FORCE_CLOSE(slave);
+ VIR_FORCE_CLOSE(*ttyprimary);
+ VIR_FORCE_CLOSE(secondary);
return ret;
}
#else /* WIN32 */
int
-virFileOpenTty(int *ttymaster G_GNUC_UNUSED,
+virFileOpenTty(int *ttyprimary G_GNUC_UNUSED,
char **ttyName G_GNUC_UNUSED,
int rawmode G_GNUC_UNUSED)
{
--
2.24.1
5:35 a.m.
New subject: [libvirt PATCH 16/23] util: remove use of the terms 'master' and 'slave' in PTY code
On Fri, Jun 19, 2020 at 10:32:53 +0100, Daniel Berrange wrote:
The two sides of a PTY can be referred to as primary and secondary
TTYs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/util/virfile.c | 40 ++++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 20 deletions(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com
4:32 a.m.
New subject: [libvirt PATCH 17/23] qemu: remove use of the terms 'master' and 'slave' when iterating CPUs
When querying QEMU we have to iterate over two nested sets
of CPUs. The terms "main vcpu" and "sub vcpu" are a good
representation.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_monitor.c | 46 ++++++++++++++++++++---------------------
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 3ec22b939f..5033cbeabf 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -1734,8 +1734,8 @@ qemuMonitorGetCPUInfoHotplug(struct
qemuMonitorQueryHotpluggableCpusEntry *hotpl
char *tmp;
int order = 1;
size_t totalvcpus = 0;
- size_t mastervcpu; /* this iterator is used for iterating hotpluggable entities */
- size_t slavevcpu; /* this corresponds to subentries of a hotpluggable entry */
+ size_t mainvcpu; /* this iterator is used for iterating hotpluggable entities */
+ size_t subvcpu; /* this corresponds to subentries of a hotpluggable entry */
size_t anyvcpu; /* this iterator is used for any vcpu entry in the result */
size_t i;
size_t j;
@@ -1777,31 +1777,31 @@ qemuMonitorGetCPUInfoHotplug(struct
qemuMonitorQueryHotpluggableCpusEntry *hotpl
/* transfer appropriate data from the hotpluggable list to corresponding
* entries. the entries returned by qemu may in fact describe multiple
* logical vcpus in the guest */
- mastervcpu = 0;
+ mainvcpu = 0;
for (i = 0; i < nhotplugvcpus; i++) {
- vcpus[mastervcpu].online = !!hotplugvcpus[i].qom_path;
- vcpus[mastervcpu].hotpluggable = !!hotplugvcpus[i].alias ||
- !vcpus[mastervcpu].online;
- vcpus[mastervcpu].socket_id = hotplugvcpus[i].socket_id;
- vcpus[mastervcpu].die_id = hotplugvcpus[i].die_id;
- vcpus[mastervcpu].core_id = hotplugvcpus[i].core_id;
- vcpus[mastervcpu].thread_id = hotplugvcpus[i].thread_id;
- vcpus[mastervcpu].node_id = hotplugvcpus[i].node_id;
- vcpus[mastervcpu].vcpus = hotplugvcpus[i].vcpus;
- vcpus[mastervcpu].qom_path = g_steal_pointer(&hotplugvcpus[i].qom_path);
- vcpus[mastervcpu].alias = g_steal_pointer(&hotplugvcpus[i].alias);
- vcpus[mastervcpu].type = g_steal_pointer(&hotplugvcpus[i].type);
- vcpus[mastervcpu].props = g_steal_pointer(&hotplugvcpus[i].props);
- vcpus[mastervcpu].id = hotplugvcpus[i].enable_id;
-
- /* copy state information to slave vcpus */
- for (slavevcpu = mastervcpu + 1; slavevcpu < mastervcpu +
hotplugvcpus[i].vcpus; slavevcpu++) {
- vcpus[slavevcpu].online = vcpus[mastervcpu].online;
- vcpus[slavevcpu].hotpluggable = vcpus[mastervcpu].hotpluggable;
+ vcpus[mainvcpu].online = !!hotplugvcpus[i].qom_path;
+ vcpus[mainvcpu].hotpluggable = !!hotplugvcpus[i].alias ||
+ !vcpus[mainvcpu].online;
+ vcpus[mainvcpu].socket_id = hotplugvcpus[i].socket_id;
+ vcpus[mainvcpu].die_id = hotplugvcpus[i].die_id;
+ vcpus[mainvcpu].core_id = hotplugvcpus[i].core_id;
+ vcpus[mainvcpu].thread_id = hotplugvcpus[i].thread_id;
+ vcpus[mainvcpu].node_id = hotplugvcpus[i].node_id;
+ vcpus[mainvcpu].vcpus = hotplugvcpus[i].vcpus;
+ vcpus[mainvcpu].qom_path = g_steal_pointer(&hotplugvcpus[i].qom_path);
+ vcpus[mainvcpu].alias = g_steal_pointer(&hotplugvcpus[i].alias);
+ vcpus[mainvcpu].type = g_steal_pointer(&hotplugvcpus[i].type);
+ vcpus[mainvcpu].props = g_steal_pointer(&hotplugvcpus[i].props);
+ vcpus[mainvcpu].id = hotplugvcpus[i].enable_id;
+
+ /* copy state information to sub vcpus */
+ for (subvcpu = mainvcpu + 1; subvcpu < mainvcpu + hotplugvcpus[i].vcpus;
subvcpu++) {
+ vcpus[subvcpu].online = vcpus[mainvcpu].online;
+ vcpus[subvcpu].hotpluggable = vcpus[mainvcpu].hotpluggable;
}
/* calculate next master vcpu (hotpluggable unit) entry */
- mastervcpu += hotplugvcpus[i].vcpus;
+ mainvcpu += hotplugvcpus[i].vcpus;
}
/* match entries from query cpus to the output array taking into account
--
2.24.1
5:35 a.m.
New subject: [libvirt PATCH 17/23] qemu: remove use of the terms 'master' and 'slave' when iterating CPUs
On Fri, Jun 19, 2020 at 10:32:54 +0100, Daniel Berrange wrote:
When querying QEMU we have to iterate over two nested sets
of CPUs. The terms "main vcpu" and "sub vcpu" are a good
representation.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_monitor.c | 46 ++++++++++++++++++++---------------------
1 file changed, 23 insertions(+), 23 deletions(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 18/23] lxc: remove use of the terms 'master' and 'slave' in PTY setup
The two sides of a PTY can be referred to as primary and secondary
TTYs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/lxc/lxc_controller.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 2e865e0e7c..59b44dde1f 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -2054,25 +2054,25 @@ static int lxcSetPersonality(virDomainDefPtr def)
}
/* Create a private tty using the private devpts at PTMX, returning
- * the master in *TTYMASTER and the name of the slave, _from the
+ * the primary in @ttyprimary and the name of the secondary, _from the
* perspective of the guest after remounting file systems_, in
- * *TTYNAME. Heavily borrowed from glibc, but doesn't require that
+ * @ttyName. Heavily borrowed from glibc, but doesn't require that
* devpts == "/dev/pts" */
static int
-lxcCreateTty(virLXCControllerPtr ctrl, int *ttymaster,
+lxcCreateTty(virLXCControllerPtr ctrl, int *ttyprimary,
char **ttyName, char **ttyHostPath)
{
int ret = -1;
int ptyno;
int unlock = 0;
- if ((*ttymaster = open(ctrl->devptmx, O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0)
+ if ((*ttyprimary = open(ctrl->devptmx, O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0)
goto cleanup;
- if (ioctl(*ttymaster, TIOCSPTLCK, &unlock) < 0)
+ if (ioctl(*ttyprimary, TIOCSPTLCK, &unlock) < 0)
goto cleanup;
- if (ioctl(*ttymaster, TIOCGPTN, &ptyno) < 0)
+ if (ioctl(*ttyprimary, TIOCGPTN, &ptyno) < 0)
goto cleanup;
/* If mount() succeeded at honoring newinstance, then the kernel
@@ -2088,7 +2088,7 @@ lxcCreateTty(virLXCControllerPtr ctrl, int *ttymaster,
cleanup:
if (ret != 0) {
- VIR_FORCE_CLOSE(*ttymaster);
+ VIR_FORCE_CLOSE(*ttyprimary);
g_free(*ttyName);
*ttyName = NULL;
}
--
2.24.1
5:36 a.m.
New subject: [libvirt PATCH 18/23] lxc: remove use of the terms 'master' and 'slave' in PTY setup
On Fri, Jun 19, 2020 at 10:32:55 +0100, Daniel Berrange wrote:
The two sides of a PTY can be referred to as primary and secondary
TTYs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/lxc/lxc_controller.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 19/23] docs: update link to the libvirt jenkins plugin
The wiki page we currently link to is just a redirect for
back compat.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/apps.html.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/apps.html.in b/docs/apps.html.in
index 629d740c28..c24717faa2 100644
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@@ -138,7 +138,7 @@
</dl>
<dl>
- <dt><a
href="https://wiki.jenkins-ci.org/display/JENKINS/Libvirt+Slaves+Plu...
+ <dt><a
href="https://plugins.jenkins.io/libvirt-slave/">Jenkins</a></dt>
<dd>
This plugin for Jenkins adds a way to control guest domains hosted
on Xen or QEMU/KVM. You configure a Jenkins Slave,
--
2.24.1
5:37 a.m.
New subject: [libvirt PATCH 19/23] docs: update link to the libvirt jenkins plugin
On Fri, Jun 19, 2020 at 10:32:56 +0100, Daniel Berrange wrote:
The wiki page we currently link to is just a redirect for
back compat.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/apps.html.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 20/23] docs: remove use of the term 'slave' in Jenkins agent docs
Jenkins replaced use of the term 'slave' with 'agent' when
describing its architecture.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/apps.html.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/apps.html.in b/docs/apps.html.in
index c24717faa2..c6d9a24fa7 100644
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@@ -141,9 +141,9 @@
<dt><a
href="https://plugins.jenkins.io/libvirt-slave/">Jenkins</a></dt>
<dd>
This plugin for Jenkins adds a way to control guest domains hosted
- on Xen or QEMU/KVM. You configure a Jenkins Slave,
+ on Xen or QEMU/KVM. You configure a Jenkins Agent,
selecting the guest domain and hypervisor. When you need to build a
- job on a specific Slave, its guest domain is started, then the job is
+ job on a specific Agent, its guest domain is started, then the job is
run. When the build process is finished, the guest domain is shut
down, ready to be used again as required.
</dd>
--
2.24.1
5:42 a.m.
New subject: [libvirt PATCH 20/23] docs: remove use of the term 'slave' in Jenkins agent docs
On Fri, Jun 19, 2020 at 10:32:57 +0100, Daniel Berrange wrote:
Jenkins replaced use of the term 'slave' with 'agent'
when
describing its architecture.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/apps.html.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:32 a.m.
New subject: [libvirt PATCH 21/23] conf: remove use of the terms 'master' and 'slave' in mndm config
We can't change the attribute names in the public XML schema
without breaking back compat, so the best we can do is replace
the terms in our internal structs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/bhyve/bhyve_driver.c | 2 +-
src/bhyve/bhyve_parse_command.c | 20 ++++++++++----------
src/conf/domain_conf.c | 24 ++++++++++++------------
src/conf/domain_conf.h | 4 ++--
src/util/virnetdevtap.c | 2 +-
src/vbox/vbox_common.c | 4 ++--
6 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c
index b6204c7fb9..5a8be9fd0f 100644
--- a/src/bhyve/bhyve_driver.c
+++ b/src/bhyve/bhyve_driver.c
@@ -1072,7 +1072,7 @@ bhyveDomainOpenConsole(virDomainPtr dom,
chr = vm->def->serials[0];
- if (virFDStreamOpenPTY(st, chr->source->data.nmdm.slave,
+ if (virFDStreamOpenPTY(st, chr->source->data.nmdm.secondary,
0, 0, O_RDWR) < 0)
goto cleanup;
diff --git a/src/bhyve/bhyve_parse_command.c b/src/bhyve/bhyve_parse_command.c
index 76423730d9..3daf2572cb 100644
--- a/src/bhyve/bhyve_parse_command.c
+++ b/src/bhyve/bhyve_parse_command.c
@@ -290,8 +290,8 @@ bhyveParseBhyveLPCArg(virDomainDefPtr def,
goto error;
chr->source->type = VIR_DOMAIN_CHR_TYPE_NMDM;
- chr->source->data.nmdm.master = NULL;
- chr->source->data.nmdm.slave = NULL;
+ chr->source->data.nmdm.primary = NULL;
+ chr->source->data.nmdm.secondary = NULL;
chr->deviceType = VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL;
if (!STRPREFIX(param, "/dev/nmdm")) {
@@ -301,24 +301,24 @@ bhyveParseBhyveLPCArg(virDomainDefPtr def,
goto error;
}
- chr->source->data.nmdm.master = g_strdup(param);
- chr->source->data.nmdm.slave =
g_strdup(chr->source->data.file.path);
+ chr->source->data.nmdm.primary = g_strdup(param);
+ chr->source->data.nmdm.secondary =
g_strdup(chr->source->data.file.path);
- /* If the last character of the master is 'A', the slave will be
'B'
+ /* If the last character of the primary is 'A', the secondary will be
'B'
* and vice versa */
- last = strlen(chr->source->data.nmdm.master) - 1;
+ last = strlen(chr->source->data.nmdm.primary) - 1;
switch (chr->source->data.file.path[last]) {
case 'A':
- chr->source->data.nmdm.slave[last] = 'B';
+ chr->source->data.nmdm.secondary[last] = 'B';
break;
case 'B':
- chr->source->data.nmdm.slave[last] = 'A';
+ chr->source->data.nmdm.secondary[last] = 'A';
break;
default:
virReportError(VIR_ERR_OPERATION_FAILED,
- _("Failed to set slave for %s: last letter not
"
+ _("Failed to set secondary for %s: last letter not
"
"'A' or 'B'"),
- NULLSTR(chr->source->data.nmdm.master));
+ NULLSTR(chr->source->data.nmdm.primary));
goto error;
}
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index e9336fd72d..2e272c44ea 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2596,8 +2596,8 @@ virDomainChrSourceDefClear(virDomainChrSourceDefPtr def)
break;
case VIR_DOMAIN_CHR_TYPE_NMDM:
- VIR_FREE(def->data.nmdm.master);
- VIR_FREE(def->data.nmdm.slave);
+ VIR_FREE(def->data.nmdm.primary);
+ VIR_FREE(def->data.nmdm.secondary);
break;
case VIR_DOMAIN_CHR_TYPE_UDP:
@@ -2671,8 +2671,8 @@ virDomainChrSourceDefCopy(virDomainChrSourceDefPtr dest,
break;
case VIR_DOMAIN_CHR_TYPE_NMDM:
- dest->data.nmdm.master = g_strdup(src->data.nmdm.master);
- dest->data.nmdm.slave = g_strdup(src->data.nmdm.slave);
+ dest->data.nmdm.primary = g_strdup(src->data.nmdm.primary);
+ dest->data.nmdm.secondary = g_strdup(src->data.nmdm.secondary);
break;
}
@@ -2724,8 +2724,8 @@ virDomainChrSourceDefIsEqual(const virDomainChrSourceDef *src,
return STREQ_NULLABLE(src->data.file.path, tgt->data.file.path);
break;
case VIR_DOMAIN_CHR_TYPE_NMDM:
- return STREQ_NULLABLE(src->data.nmdm.master, tgt->data.nmdm.master)
&&
- STREQ_NULLABLE(src->data.nmdm.slave, tgt->data.nmdm.slave);
+ return STREQ_NULLABLE(src->data.nmdm.primary, tgt->data.nmdm.primary)
&&
+ STREQ_NULLABLE(src->data.nmdm.secondary, tgt->data.nmdm.secondary);
break;
case VIR_DOMAIN_CHR_TYPE_UDP:
return STREQ_NULLABLE(src->data.udp.bindHost, tgt->data.udp.bindHost)
&&
@@ -6220,13 +6220,13 @@ virDomainChrSourceDefValidate(const virDomainChrSourceDef
*src_def,
break;
case VIR_DOMAIN_CHR_TYPE_NMDM:
- if (!src_def->data.nmdm.master) {
+ if (!src_def->data.nmdm.primary) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Missing master path attribute for nmdm
device"));
return -1;
}
- if (!src_def->data.nmdm.slave) {
+ if (!src_def->data.nmdm.secondary) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Missing slave path attribute for nmdm device"));
return -1;
@@ -13253,8 +13253,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
break;
case VIR_DOMAIN_CHR_TYPE_NMDM:
- def->data.nmdm.master = virXMLPropString(cur, "master");
- def->data.nmdm.slave = virXMLPropString(cur, "slave");
+ def->data.nmdm.primary = virXMLPropString(cur, "master");
+ def->data.nmdm.secondary = virXMLPropString(cur, "slave");
break;
case VIR_DOMAIN_CHR_TYPE_LAST:
@@ -26853,8 +26853,8 @@ virDomainChrSourceDefFormat(virBufferPtr buf,
case VIR_DOMAIN_CHR_TYPE_NMDM:
virBufferEscapeString(buf, "<source master='%s' ",
- def->data.nmdm.master);
- virBufferEscapeString(buf, "slave='%s'/>\n",
def->data.nmdm.slave);
+ def->data.nmdm.primary);
+ virBufferEscapeString(buf, "slave='%s'/>\n",
def->data.nmdm.secondary);
break;
case VIR_DOMAIN_CHR_TYPE_UDP:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 41715c75f2..00a0e02cd1 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1201,8 +1201,8 @@ struct _virDomainChrSourceDef {
int append; /* enum virTristateSwitch */
} file; /* pty, file, pipe, or device */
struct {
- char *master;
- char *slave;
+ char *primary;
+ char *secondary;
} nmdm;
struct {
char *host;
diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
index 7bd30ea0f9..6272e03f42 100644
--- a/src/util/virnetdevtap.c
+++ b/src/util/virnetdevtap.c
@@ -687,7 +687,7 @@ int virNetDevTapCreateInBridgePort(const char *brname,
/* We need to set the interface MAC before adding it
* to the bridge, because the bridge assumes the lowest
- * MAC of all enslaved interfaces & we don't want it
+ * MAC of all member interfaces & we don't want it
* seeing the kernel allocate random MAC for the TAP
* device before we set our static MAC.
*/
diff --git a/src/vbox/vbox_common.c b/src/vbox/vbox_common.c
index 15f8eb074a..493639d6d9 100644
--- a/src/vbox/vbox_common.c
+++ b/src/vbox/vbox_common.c
@@ -3344,8 +3344,8 @@ vboxDumpDisks(virDomainDefPtr def, vboxDriverPtr data, IMachine
*machine)
switch ((enum StorageBus) storageBus) {
case StorageBus_IDE:
disk->bus = VIR_DOMAIN_DISK_BUS_IDE;
- disk->info.addr.drive.bus = devicePort; /* primary, secondary */
- disk->info.addr.drive.unit = deviceSlot; /* master, slave */
+ disk->info.addr.drive.bus = devicePort;
+ disk->info.addr.drive.unit = deviceSlot;
break;
case StorageBus_SATA:
--
2.24.1
5:44 a.m.
New subject: [libvirt PATCH 21/23] conf: remove use of the terms 'master' and 'slave' in mndm config
On Fri, Jun 19, 2020 at 10:32:58 +0100, Daniel Berrange wrote:
We can't change the attribute names in the public XML schema
without breaking back compat, so the best we can do is replace
the terms in our internal structs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/bhyve/bhyve_driver.c | 2 +-
src/bhyve/bhyve_parse_command.c | 20 ++++++++++----------
src/conf/domain_conf.c | 24 ++++++++++++------------
src/conf/domain_conf.h | 4 ++--
src/util/virnetdevtap.c | 2 +-
src/vbox/vbox_common.c | 4 ++--
6 files changed, 28 insertions(+), 28 deletions(-)
[...]
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 41715c75f2..00a0e02cd1 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1201,8 +1201,8 @@ struct _virDomainChrSourceDef {
int append; /* enum virTristateSwitch */
} file; /* pty, file, pipe, or device */
struct {
- char *master;
- char *slave;
+ char *primary;
+ char *secondary;
} nmdm;
I'm not persuaded that it's worth diverging the internal names from the
XML names since we have to stick with those.
NACK
4:32 a.m.
New subject: [libvirt PATCH 22/23] lxc: replace use of term 'slave' filesystem mount setup
Refer to the notion of mount propagation instead which describes
the actual behaviour more clearly.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/lxc/lxc_controller.c | 6 +++---
src/util/virprocess.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 59b44dde1f..89f9773b2c 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -2116,9 +2116,9 @@ virLXCControllerSetupPrivateNS(void)
*
* Thus we call unshare(CLONE_NS) so that we can see
* the guest's new /dev/pts, without it becoming
- * visible to the host OS. We also put the root FS
- * into slave mode, just in case it was currently
- * marked as shared
+ * visible to the host OS. We also disable mount
+ * propagation out of the root FS, in case it was
+ * currently allowing bi-directional propagation.
*/
return virProcessSetupPrivateMountNS();
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index afb1f9b79f..a9afa2e665 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -1288,7 +1288,7 @@ virProcessSetupPrivateMountNS(void)
if (mount("", "/", "none", MS_SLAVE|MS_REC, NULL) <
0) {
virReportSystemError(errno, "%s",
- _("Failed to switch root mount into slave
mode"));
+ _("Failed disable mount propagation out of the root
filesystem"));
return -1;
}
--
2.24.1
5:45 a.m.
New subject: [libvirt PATCH 22/23] lxc: replace use of term 'slave' filesystem mount setup
On Fri, Jun 19, 2020 at 10:32:59 +0100, Daniel Berrange wrote:
Refer to the notion of mount propagation instead which describes
the actual behaviour more clearly.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/lxc/lxc_controller.c | 6 +++---
src/util/virprocess.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
4:33 a.m.
New subject: [libvirt PATCH 23/23] build: add syntax-check rules for undesirable terms
We don't check for "master", because there are too many
cases that we're not trying to eliminate at this time.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
build-aux/syntax-check.mk | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk
index 2e49b5172e..50b15e114a 100644
--- a/build-aux/syntax-check.mk
+++ b/build-aux/syntax-check.mk
@@ -1922,6 +1922,16 @@ sc_prohibit_path_max_allocation:
halt='Avoid stack allocations of size PATH_MAX' \
$(_sc_search_regexp)
+sc_prohibit_whitelist_blacklist:
+ @prohibit='(white-?list|black-?list)' \
+ halt='Avoid the terms "whitelist" and "blacklist"' \
+ $(_sc_search_regexp)
+
+sc_prohibit_slave:
+ @prohibit='slave' \
+ halt='Avoid the term "slave"' \
+ $(_sc_search_regexp)
+
ifneq ($(_gl-Makefile),)
syntax-check: spacing-check test-wrap-argv \
prohibit-duplicate-header mock-noinline group-qemu-caps \
@@ -2128,3 +2138,9 @@ exclude_file_name_regexp--sc_prohibit_backslash_alignment = \
exclude_file_name_regexp--sc_prohibit_select = \
^build-aux/syntax-check\.mk|src/util/vireventglibwatch\.c$$
+
+exclude_file_name_regexp--sc_prohibit_whitelist_blacklist = \
+
^(build-aux/syntax-check\.mk|po/.*\.pot?|src/util/virkmod\.c|src/qemu/qemu_domain\.c)$$
+
+exclude_file_name_regexp--sc_prohibit_slave = \
+
^build-aux/syntax-check\.mk|po/.*\.pot?|tests/qemucapabilitiesdata/.*\.replies|docs/apps.html.in|tests/bhyve.*|docs/drvbhyve.html.in|docs/formatdomain.html.in|docs/schemas/domaincommon.rng|src/conf/domain_conf\.c|src/interface/interface_backend_udev\.c|src/security/apparmor/usr\.sbin\.libvirtd\.in$$
--
2.24.1
5:47 a.m.
New subject: [libvirt PATCH 23/23] build: add syntax-check rules for undesirable terms
On Fri, Jun 19, 2020 at 10:33:00 +0100, Daniel Berrange wrote:
We don't check for "master", because there are too
many
cases that we're not trying to eliminate at this time.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
build-aux/syntax-check.mk | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
I don't think there's a technical reason forbiding these and it's almost
borderline censorship. I refuse to put my R-b on this one.
6:03 a.m.
New subject: [libvirt PATCH 23/23] build: add syntax-check rules for undesirable terms
On Fri, Jun 19, 2020 at 12:47:07PM +0200, Peter Krempa wrote:
On Fri, Jun 19, 2020 at 10:33:00 +0100, Daniel Berrange wrote:
> We don't check for "master", because there are too many
> cases that we're not trying to eliminate at this time.
>
> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> ---
> build-aux/syntax-check.mk | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
I don't think there's a technical reason forbiding these and it's almost
borderline censorship. I refuse to put my R-b on this one.
Few of the syntax check rules are technical in nature. They're largely
about enforcing our desired coding/style policies. Preventing reintroduction
of terminology we've just eliminated is totally in scope for what syntax
check does. The goal is to automate checks that humans are otherwise bad
at doing, because we'll easily miss this kind of thing in manual reviews.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
7:11 a.m.
New subject: [libvirt PATCH 23/23] build: add syntax-check rules for undesirable terms
On a Friday in 2020, Peter Krempa wrote:
On Fri, Jun 19, 2020 at 10:33:00 +0100, Daniel Berrange wrote:
> We don't check for "master", because there are too many
> cases that we're not trying to eliminate at this time.
>
Even if you consider the terms undesirable, consider using them in the
commit summary instead of mentioning what you're not trying to do.
> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> ---
> build-aux/syntax-check.mk | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
I don't think there's a technical reason forbiding these and it's almost
borderline censorship. I refuse to put my R-b on this one.
Given how many files are excepted, I think it's a waste of electricty to
even check for these.
Jano
7:33 a.m.
New subject: [libvirt PATCH 23/23] build: add syntax-check rules for undesirable terms
On Fri, Jun 19, 2020 at 02:11:09PM +0200, Ján Tomko wrote:
On a Friday in 2020, Peter Krempa wrote:
> On Fri, Jun 19, 2020 at 10:33:00 +0100, Daniel Berrange wrote:
> > We don't check for "master", because there are too many
> > cases that we're not trying to eliminate at this time.
> >
Even if you consider the terms undesirable, consider using them in the
commit summary instead of mentioning what you're not trying to do.
> > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> > ---
> > build-aux/syntax-check.mk | 16 ++++++++++++++++
> > 1 file changed, 16 insertions(+)
>
> I don't think there's a technical reason forbiding these and it's
almost
> borderline censorship. I refuse to put my R-b on this one.
>
Given how many files are excepted, I think it's a waste of electricty to
even check for these.
We have > 10,000 files in source control, of which only 150 are
exempted and time required to check that won't even register
in the noise. We shouldn't be relying on reviewers to check things
that can trivially be automated, when we know reviewers often miss
things.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
9:33 a.m.
New subject: [libvirt PATCH 23/23] build: add syntax-check rules for undesirable terms
On Fri, 2020-06-19 at 13:33 +0100, Daniel P. Berrangé wrote:
On Fri, Jun 19, 2020 at 02:11:09PM +0200, Ján Tomko wrote:
> On a Friday in 2020, Peter Krempa wrote:
> > On Fri, Jun 19, 2020 at 10:33:00 +0100, Daniel Berrange wrote:
> > > We don't check for "master", because there are too many
> > > cases that we're not trying to eliminate at this time.
> > >
>
> Even if you consider the terms undesirable, consider using them in
> the
> commit summary instead of mentioning what you're not trying to do.
>
> > > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> > > ---
> > > build-aux/syntax-check.mk | 16 ++++++++++++++++
> > > 1 file changed, 16 insertions(+)
> >
> > I don't think there's a technical reason forbiding these and it's
> > almost
> > borderline censorship. I refuse to put my R-b on this one.
> >
>
> Given how many files are excepted, I think it's a waste of
> electricty to
> even check for these.
We have > 10,000 files in source control, of which only 150 are
exempted and time required to check that won't even register
in the noise. We shouldn't be relying on reviewers to check things
that can trivially be automated, when we know reviewers often miss
things.
Regards,
Daniel
Personally, I would be glad to have syntax-check catch a patch of mine
if I accidentally use one of these terms that we've decided are
undesirable. If it is necessary to use one of these terms in a patch,
and I can convince others that it is necessary, I can always submit a
patch adding an exception. But it forces me to think about the
terminology a bit more carefully, which seems like a reasonable thing.
I see no censorship concerns.
Jonathon
6:45 a.m.
New subject: [libvirt PATCH 23/23] build: add syntax-check rules for undesirable terms
Is this patch really necessary?
Manually removing the now undesirable terms it's okay (I mean, not quite,
but I'm too tired of this same discussion over and over again everywhere,
so I give up), because at least it requires a bit of thought and analysis.
Prohibiting the words altogether will eliminate valid use. With this patch
I'll now be forbid to write a comment such as
/* This is code is needed because module X is in the blacklist */
Unless I'm doing a comment in qemu_domain.c or virkmod.c. This is extreme, and
I don't think the existing Libvirt syntax-check mechanics will be able to detect
allowed usage of these terms.
IMO this patch should be dropped. Instead, these new "undesirable terms"
directions
should (in really, must) be included as documentation in hacking.rst, since we're
now serious about all the offending terms stuff, and each new eventual case evaluated
separately during code review. Yes, something will eventually go through, but then
one that cares enough can simply remove the undesirable word with a patch. This is
way saner than annoying the developer with syntax-check rules for uses of a word
that we actually allow, but it happened to be in a different file.
Thanks,
DHB
On 6/19/20 6:33 AM, Daniel P. Berrangé wrote:
We don't check for "master", because there are too
many
cases that we're not trying to eliminate at this time.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
build-aux/syntax-check.mk | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk
index 2e49b5172e..50b15e114a 100644
--- a/build-aux/syntax-check.mk
+++ b/build-aux/syntax-check.mk
@@ -1922,6 +1922,16 @@ sc_prohibit_path_max_allocation:
halt='Avoid stack allocations of size PATH_MAX' \
$(_sc_search_regexp)
+sc_prohibit_whitelist_blacklist:
+ @prohibit='(white-?list|black-?list)' \
+ halt='Avoid the terms "whitelist" and "blacklist"' \
+ $(_sc_search_regexp)
+
+sc_prohibit_slave:
+ @prohibit='slave' \
+ halt='Avoid the term "slave"' \
+ $(_sc_search_regexp)
+
ifneq ($(_gl-Makefile),)
syntax-check: spacing-check test-wrap-argv \
prohibit-duplicate-header mock-noinline group-qemu-caps \
@@ -2128,3 +2138,9 @@ exclude_file_name_regexp--sc_prohibit_backslash_alignment = \
exclude_file_name_regexp--sc_prohibit_select = \
^build-aux/syntax-check\.mk|src/util/vireventglibwatch\.c$$
+
+exclude_file_name_regexp--sc_prohibit_whitelist_blacklist = \
+
^(build-aux/syntax-check\.mk|po/.*\.pot?|src/util/virkmod\.c|src/qemu/qemu_domain\.c)$$
+
+exclude_file_name_regexp--sc_prohibit_slave = \
+
^build-aux/syntax-check\.mk|po/.*\.pot?|tests/qemucapabilitiesdata/.*\.replies|docs/apps.html.in|tests/bhyve.*|docs/drvbhyve.html.in|docs/formatdomain.html.in|docs/schemas/domaincommon.rng|src/conf/domain_conf\.c|src/interface/interface_backend_udev\.c|src/security/apparmor/usr\.sbin\.libvirtd\.in$$
7:29 a.m.
New subject: [libvirt PATCH 23/23] build: add syntax-check rules for undesirable terms
On Fri, Jun 19, 2020 at 08:45:41AM -0300, Daniel Henrique Barboza wrote:
Is this patch really necessary?
Manually removing the now undesirable terms it's okay (I mean, not quite,
but I'm too tired of this same discussion over and over again everywhere,
so I give up), because at least it requires a bit of thought and analysis.
Prohibiting the words altogether will eliminate valid use. With this patch
I'll now be forbid to write a comment such as
/* This is code is needed because module X is in the blacklist */
Yes, that is entirely the intention because there's no need to
add such a comment in the first place. It can easily be written as
/* This is code is needed because module X is prohibited */
Unless I'm doing a comment in qemu_domain.c or virkmod.c. This is
extreme, and
I don't think the existing Libvirt syntax-check mechanics will be able to detect
allowed usage of these terms.
The only allowed usage of the terms is that which already exists in the
code which are unable to be eliminated due to interactions with external
tools/API. No new instances should be introduced, which is what the
syntax-check rule validates.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
1613
days inactive
1617
days old
67 comments
5 participants
participants (5)
-
Daniel Henrique Barboza -
Daniel P. Berrangé -
Jonathon Jongsma -
Ján Tomko -
Peter Krempa