10:43 a.m.
From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 3 Mar 2009 17:42:53 +0100
Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
---
qemud/libvirtd.conf | 4 ++--
qemud/libvirtd_qemu.aug | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/qemud/libvirtd.conf b/qemud/libvirtd.conf
index 1fd5918..0e0b40c 100644
--- a/qemud/libvirtd.conf
+++ b/qemud/libvirtd.conf
@@ -289,7 +289,7 @@
# separated by spaces.
#
# e.g:
-# log_filters="3:remote 4:event"
+#log_filters = "3:remote 4:event"
# to only get warning or errors from the remote layer and only errors from
# the event layer.
@@ -311,5 +311,5 @@
#
# Multiple output can be defined , they just need to be separated by spaces.
# e.g.:
-# log_outputs="3:syslog:libvirtd"
+#log_outputs = "3:syslog:libvirtd"
# to log all warnings and errors to syslog under the libvirtd ident
diff --git a/qemud/libvirtd_qemu.aug b/qemud/libvirtd_qemu.aug
index b2e4318..e297a5f 100644
--- a/qemud/libvirtd_qemu.aug
+++ b/qemud/libvirtd_qemu.aug
@@ -27,6 +27,7 @@ module Libvirtd_qemu =
| str_entry "vnc_tls_x509_cert_dir"
| bool_entry "vnc_tls_x509_verify"
| str_entry "vnc_password"
+ | str_entry "security_driver"
(* Each enty in the config is one of the following three ... *)
let entry = vnc_entry
@@ -41,4 +42,3 @@ module Libvirtd_qemu =
. Util.stdexcl
let xfm = transform lns filter
-
--
1.6.2.rc1.285.gc5f54
10:48 a.m.
On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
>From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 3 Mar 2009 17:42:53 +0100
Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
---
qemud/libvirtd.conf | 4 ++--
qemud/libvirtd_qemu.aug | 2 +-
If changing this, should also change qemud/test_libvirtd_qemu.aug
so it validates the parsing of it.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
12:39 p.m.
Daniel P. Berrange wrote:
On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
> >From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001
> From: Jim Meyering <meyering(a)redhat.com>
> Date: Tue, 3 Mar 2009 17:42:53 +0100
> Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
>
> ---
> qemud/libvirtd.conf | 4 ++--
> qemud/libvirtd_qemu.aug | 2 +-
If changing this, should also change qemud/test_libvirtd_qemu.aug
so it validates the parsing of it.
Hmm... rather than continue the duplication,
[qemud/test_libvirtd_qemu.aug has the entire content of src/qemu.conf
two times, first with double quotes escaped, second with curly braces]
this patch makes it so test_libvirtd_qemu.aug is generated,
and by doing that, adds coverage for "security_driver".
The same code should work for test_libvirtd.aug.
From 8ff1830e4c5584cdfc0755b512c400dd60d6bc7e Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 3 Mar 2009 19:31:49 +0100
Subject: [PATCH] Generate augeas test file from qemu.conf, to test new
"security_driver"
* qemud/Makefile.am (test_libvirtd_qemu.aug): New rule.
* qemud/test_libvirtd_qemu.aug: Regenerate to reflect the addition
of the new "security_driver" configuration parameter.
---
qemud/Makefile.am | 14 ++++++++++++++
qemud/test_libvirtd_qemu.aug | 18 ++++++++++++++++++
2 files changed, 32 insertions(+), 0 deletions(-)
diff --git a/qemud/Makefile.am b/qemud/Makefile.am
index 924e8ad..fa56ed8 100644
--- a/qemud/Makefile.am
+++ b/qemud/Makefile.am
@@ -252,6 +252,20 @@ check-local:
test -x '$(AUGPARSE)' \
&& '$(AUGPARSE)' -I $(srcdir) $(srcdir)/test_libvirtd_qemu.aug || :
+# Generate augeas test file from qemu.conf.
+test_libvirtd_qemu.aug: $(top_srcdir)/src/qemu.conf
+ ( printf 'module Test_libvirtd_qemu =\n' \
+ && printf '\n let conf = "' \
+ && perl -pe 's/^# (\w+ =)/$$1/;s/"/\\"/g' $<
\
+ && printf '"\n\n test Libvirtd_qemu.lns get conf =\n' \
+ && perl -pe 's/^# (\w+ =)/$$1/;' \
+ -e 's/^# *([^\n]*)/{ "#comment" = "$$1" }/;' \
+ -e 's/^$$/{ "#empty" }/;' \
+ -e 's/^(\w+) =/"$$1" =/;' \
+ -e 's/ = ([^"]\S*)$$/ = "$$1"/;' \
+ -e 's/^(".*)/{ $$1 }/;' $<; \
+ ) > $@-t && mv $@-t $@
+
else
install-init:
diff --git a/qemud/test_libvirtd_qemu.aug b/qemud/test_libvirtd_qemu.aug
index 083ccba..518336b 100644
--- a/qemud/test_libvirtd_qemu.aug
+++ b/qemud/test_libvirtd_qemu.aug
@@ -60,6 +60,15 @@ vnc_tls_x509_verify = 1
# example here before you set this
#
vnc_password = \"XYZ12345\"
+
+
+# The default security driver is SELinux. If SELinux is disabled
+# on the host, then the security driver will automatically disable
+# itself. If you wish to disable QEMU SELinux security driver while
+# leaving SELinux enabled for the host in general, then set this
+# to 'none' instead
+#
+security_driver = \"selinux\"
"
test Libvirtd_qemu.lns get conf =
@@ -123,3 +132,12 @@ vnc_password = \"XYZ12345\"
{ "#comment" = "example here before you set this" }
{ "#comment" = "" }
{ "vnc_password" = "XYZ12345" }
+{ "#empty" }
+{ "#empty" }
+{ "#comment" = "The default security driver is SELinux. If SELinux is
disabled" }
+{ "#comment" = "on the host, then the security driver will automatically
disable" }
+{ "#comment" = "itself. If you wish to disable QEMU SELinux security
driver while" }
+{ "#comment" = "leaving SELinux enabled for the host in general, then set
this" }
+{ "#comment" = "to 'none' instead" }
+{ "#comment" = "" }
+{ "security_driver" = "selinux" }
--
1.6.2.rc1.285.gc5f54
1:54 p.m.
On Tue, 2009-03-03 at 19:39 +0100, Jim Meyering wrote:
Daniel P. Berrange wrote:
> On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
>> >From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001
>> From: Jim Meyering <meyering(a)redhat.com>
>> Date: Tue, 3 Mar 2009 17:42:53 +0100
>> Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
>>
>> ---
>> qemud/libvirtd.conf | 4 ++--
>> qemud/libvirtd_qemu.aug | 2 +-
>
> If changing this, should also change qemud/test_libvirtd_qemu.aug
> so it validates the parsing of it.
Hmm... rather than continue the duplication,
[qemud/test_libvirtd_qemu.aug has the entire content of src/qemu.conf
two times, first with double quotes escaped, second with curly braces]
this patch makes it so test_libvirtd_qemu.aug is generated,
Ugh .. I guess I really need to add a function to Augeas to read a
string from a file.
David
3:10 p.m.
David Lutterkort wrote:
On Tue, 2009-03-03 at 19:39 +0100, Jim Meyering wrote:
> Daniel P. Berrange wrote:
> > On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
> >> >From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001
> >> From: Jim Meyering <meyering(a)redhat.com>
> >> Date: Tue, 3 Mar 2009 17:42:53 +0100
> >> Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add
"security_driver".
> >>
> >> ---
> >> qemud/libvirtd.conf | 4 ++--
> >> qemud/libvirtd_qemu.aug | 2 +-
> >
> > If changing this, should also change qemud/test_libvirtd_qemu.aug
> > so it validates the parsing of it.
>
> Hmm... rather than continue the duplication,
> [qemud/test_libvirtd_qemu.aug has the entire content of src/qemu.conf
> two times, first with double quotes escaped, second with curly braces]
>
> this patch makes it so test_libvirtd_qemu.aug is generated,
Ugh .. I guess I really need to add a function to Augeas to read a
string from a file.
I'd much prefer that.
It would have made part of the task much easier ;-)
10:48 a.m.
Jim Meyering wrote:
>From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00
2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 3 Mar 2009 17:42:53 +0100
Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
---
qemud/libvirtd.conf | 4 ++--
qemud/libvirtd_qemu.aug | 2 +-
That was supposed to include only the qemud/libvirtd_qemu.aug change.
Here's the adjusted patch:
From ac49dbce8f8cd54a55b060f90ca43af0c13f813d Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 3 Mar 2009 17:42:53 +0100
Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
---
qemud/libvirtd_qemu.aug | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/qemud/libvirtd_qemu.aug b/qemud/libvirtd_qemu.aug
index b2e4318..e297a5f 100644
--- a/qemud/libvirtd_qemu.aug
+++ b/qemud/libvirtd_qemu.aug
@@ -27,6 +27,7 @@ module Libvirtd_qemu =
| str_entry "vnc_tls_x509_cert_dir"
| bool_entry "vnc_tls_x509_verify"
| str_entry "vnc_password"
+ | str_entry "security_driver"
(* Each enty in the config is one of the following three ... *)
let entry = vnc_entry
@@ -41,4 +42,3 @@ module Libvirtd_qemu =
. Util.stdexcl
let xfm = transform lns filter
-
--
1.6.2.rc1.285.gc5f54
10:50 a.m.
On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
>From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 3 Mar 2009 17:42:53 +0100
Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
---
qemud/libvirtd.conf | 4 ++--
qemud/libvirtd_qemu.aug | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/qemud/libvirtd.conf b/qemud/libvirtd.conf
index 1fd5918..0e0b40c 100644
--- a/qemud/libvirtd.conf
+++ b/qemud/libvirtd.conf
@@ -289,7 +289,7 @@
# separated by spaces.
#
# e.g:
-# log_filters="3:remote 4:event"
+#log_filters = "3:remote 4:event"
# to only get warning or errors from the remote layer and only errors from
# the event layer.
@@ -311,5 +311,5 @@
#
# Multiple output can be defined , they just need to be separated by spaces.
# e.g.:
-# log_outputs="3:syslog:libvirtd"
+#log_outputs = "3:syslog:libvirtd"
# to log all warnings and errors to syslog under the libvirtd ident
okay, all other examples use spaces around the equal sign, thanks
I didn't noticed that when adding them.
diff --git a/qemud/libvirtd_qemu.aug b/qemud/libvirtd_qemu.aug
index b2e4318..e297a5f 100644
--- a/qemud/libvirtd_qemu.aug
+++ b/qemud/libvirtd_qemu.aug
@@ -27,6 +27,7 @@ module Libvirtd_qemu =
| str_entry "vnc_tls_x509_cert_dir"
| bool_entry "vnc_tls_x509_verify"
| str_entry "vnc_password"
+ | str_entry "security_driver"
(* Each enty in the config is one of the following three ... *)
let entry = vnc_entry
@@ -41,4 +42,3 @@ module Libvirtd_qemu =
. Util.stdexcl
let xfm = transform lns filter
-
okay, ACK
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
1:35 p.m.
Daniel Veillard wrote:
On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
> >From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001
> diff --git a/qemud/libvirtd.conf b/qemud/libvirtd.conf
> index 1fd5918..0e0b40c 100644
> --- a/qemud/libvirtd.conf
> +++ b/qemud/libvirtd.conf
> @@ -289,7 +289,7 @@
> # separated by spaces.
> #
> # e.g:
> -# log_filters="3:remote 4:event"
> +#log_filters = "3:remote 4:event"
> # to only get warning or errors from the remote layer and only errors from
> # the event layer.
>
> @@ -311,5 +311,5 @@
> #
> # Multiple output can be defined , they just need to be separated by spaces.
> # e.g.:
> -# log_outputs="3:syslog:libvirtd"
> +#log_outputs = "3:syslog:libvirtd"
> # to log all warnings and errors to syslog under the libvirtd ident
okay, all other examples use spaces around the equal sign, thanks
I didn't noticed that when adding them.
Thanks, but as I hinted, that change was incomplete.
The important bit (mentioned at top) was to remove the space
between "#" and param name.
Once I did that, the daemon-conf test failed because
setting log_outputs to that sample value sent all expected output
to the log file rather than to stderr where the test requires it.
Here's the complete patch:
[not urgent, just better coverage]
From 3c7c3bfcbf0c7fdac65b70124e8a6d7790b16844 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 3 Mar 2009 20:31:55 +0100
Subject: [PATCH] tests: exercise log_outputs and log_filters along with the rest
* tests/daemon-conf: Handle log_outputs and log_filters specially,
now that they're recognized.
* qemud/libvirtd.conf: Use required formatting so that daemon-conf
also tests log_outputs and log_filters.
---
qemud/libvirtd.conf | 4 ++--
tests/daemon-conf | 8 +++++++-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/qemud/libvirtd.conf b/qemud/libvirtd.conf
index 1fd5918..0e0b40c 100644
--- a/qemud/libvirtd.conf
+++ b/qemud/libvirtd.conf
@@ -289,7 +289,7 @@
# separated by spaces.
#
# e.g:
-# log_filters="3:remote 4:event"
+#log_filters = "3:remote 4:event"
# to only get warning or errors from the remote layer and only errors from
# the event layer.
@@ -311,5 +311,5 @@
#
# Multiple output can be defined , they just need to be separated by spaces.
# e.g.:
-# log_outputs="3:syslog:libvirtd"
+#log_outputs = "3:syslog:libvirtd"
# to log all warnings and errors to syslog under the libvirtd ident
diff --git a/tests/daemon-conf b/tests/daemon-conf
index a5e86ae..43ea705 100755
--- a/tests/daemon-conf
+++ b/tests/daemon-conf
@@ -20,7 +20,12 @@ grep '[a-z_] *= *[^ ]' "$conf" | grep -vE
'^#[a-z_]+ = ' \
&& { echo "$0: found unexpected lines (above) in $conf" 1>&2;
exit 1; }
# Start with the sample libvirtd.conf file, uncommenting all real directives.
-sed -n 's/^#\([^ #]\)/\1/p' "$conf" > tmp.conf
+# Be careful to set log_outputs so that all log output goes to stderr,
+# and use an empty string for "log_filters".
+sed -n 's/^#\([^ #]\)/\1/p' "$conf" \
+ | sed -e 's/^\(log_outputs =\).*/\1 "0:stderr"/' \
+ -e 's/^\(log_filters =\).*/\1 ""/' \
+ > tmp.conf
# Iterate through that list of directives, corrupting one RHS at a
# time and running libvirtd with the resulting config. Each libvirtd
@@ -44,6 +49,7 @@ while :; do
case $rhs in
# '"'*) msg='should be a string';;
+ '"?:'*) msg='expecting a separator';;
'"'*) msg='invalid type: got long; expected string';;
[0-9]*) msg='invalid type: got string; expected long';;
'['*) msg='must be a string or list of strings';;
--
1.6.2.rc1.285.gc5f54
5743
days inactive
5743
days old
7 comments
4 participants
participants (4)
-
Daniel P. Berrange -
Daniel Veillard -
David Lutterkort -
Jim Meyering