[libvirt] [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".

From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 3 Mar 2009 17:42:53 +0100 Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
--- qemud/libvirtd.conf | 4 ++-- qemud/libvirtd_qemu.aug | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/qemud/libvirtd.conf b/qemud/libvirtd.conf index 1fd5918..0e0b40c 100644 --- a/qemud/libvirtd.conf +++ b/qemud/libvirtd.conf @@ -289,7 +289,7 @@ # separated by spaces. # # e.g: -# log_filters="3:remote 4:event" +#log_filters = "3:remote 4:event" # to only get warning or errors from the remote layer and only errors from # the event layer. @@ -311,5 +311,5 @@ # # Multiple output can be defined , they just need to be separated by spaces. # e.g.: -# log_outputs="3:syslog:libvirtd" +#log_outputs = "3:syslog:libvirtd" # to log all warnings and errors to syslog under the libvirtd ident diff --git a/qemud/libvirtd_qemu.aug b/qemud/libvirtd_qemu.aug index b2e4318..e297a5f 100644 --- a/qemud/libvirtd_qemu.aug +++ b/qemud/libvirtd_qemu.aug @@ -27,6 +27,7 @@ module Libvirtd_qemu = | str_entry "vnc_tls_x509_cert_dir" | bool_entry "vnc_tls_x509_verify" | str_entry "vnc_password" + | str_entry "security_driver" (* Each enty in the config is one of the following three ... *) let entry = vnc_entry @@ -41,4 +42,3 @@ module Libvirtd_qemu = . Util.stdexcl let xfm = transform lns filter - -- 1.6.2.rc1.285.gc5f54

On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 3 Mar 2009 17:42:53 +0100 Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
--- qemud/libvirtd.conf | 4 ++-- qemud/libvirtd_qemu.aug | 2 +-
If changing this, should also change qemud/test_libvirtd_qemu.aug so it validates the parsing of it. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

Daniel P. Berrange wrote:
On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 3 Mar 2009 17:42:53 +0100 Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
--- qemud/libvirtd.conf | 4 ++-- qemud/libvirtd_qemu.aug | 2 +-
If changing this, should also change qemud/test_libvirtd_qemu.aug so it validates the parsing of it.
Hmm... rather than continue the duplication, [qemud/test_libvirtd_qemu.aug has the entire content of src/qemu.conf two times, first with double quotes escaped, second with curly braces] this patch makes it so test_libvirtd_qemu.aug is generated, and by doing that, adds coverage for "security_driver". The same code should work for test_libvirtd.aug.
From 8ff1830e4c5584cdfc0755b512c400dd60d6bc7e Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 3 Mar 2009 19:31:49 +0100 Subject: [PATCH] Generate augeas test file from qemu.conf, to test new "security_driver"
* qemud/Makefile.am (test_libvirtd_qemu.aug): New rule. * qemud/test_libvirtd_qemu.aug: Regenerate to reflect the addition of the new "security_driver" configuration parameter. --- qemud/Makefile.am | 14 ++++++++++++++ qemud/test_libvirtd_qemu.aug | 18 ++++++++++++++++++ 2 files changed, 32 insertions(+), 0 deletions(-) diff --git a/qemud/Makefile.am b/qemud/Makefile.am index 924e8ad..fa56ed8 100644 --- a/qemud/Makefile.am +++ b/qemud/Makefile.am @@ -252,6 +252,20 @@ check-local: test -x '$(AUGPARSE)' \ && '$(AUGPARSE)' -I $(srcdir) $(srcdir)/test_libvirtd_qemu.aug || : +# Generate augeas test file from qemu.conf. +test_libvirtd_qemu.aug: $(top_srcdir)/src/qemu.conf + ( printf 'module Test_libvirtd_qemu =\n' \ + && printf '\n let conf = "' \ + && perl -pe 's/^# (\w+ =)/$$1/;s/"/\\"/g' $< \ + && printf '"\n\n test Libvirtd_qemu.lns get conf =\n' \ + && perl -pe 's/^# (\w+ =)/$$1/;' \ + -e 's/^# *([^\n]*)/{ "#comment" = "$$1" }/;' \ + -e 's/^$$/{ "#empty" }/;' \ + -e 's/^(\w+) =/"$$1" =/;' \ + -e 's/ = ([^"]\S*)$$/ = "$$1"/;' \ + -e 's/^(".*)/{ $$1 }/;' $<; \ + ) > $@-t && mv $@-t $@ + else install-init: diff --git a/qemud/test_libvirtd_qemu.aug b/qemud/test_libvirtd_qemu.aug index 083ccba..518336b 100644 --- a/qemud/test_libvirtd_qemu.aug +++ b/qemud/test_libvirtd_qemu.aug @@ -60,6 +60,15 @@ vnc_tls_x509_verify = 1 # example here before you set this # vnc_password = \"XYZ12345\" + + +# The default security driver is SELinux. If SELinux is disabled +# on the host, then the security driver will automatically disable +# itself. If you wish to disable QEMU SELinux security driver while +# leaving SELinux enabled for the host in general, then set this +# to 'none' instead +# +security_driver = \"selinux\" " test Libvirtd_qemu.lns get conf = @@ -123,3 +132,12 @@ vnc_password = \"XYZ12345\" { "#comment" = "example here before you set this" } { "#comment" = "" } { "vnc_password" = "XYZ12345" } +{ "#empty" } +{ "#empty" } +{ "#comment" = "The default security driver is SELinux. If SELinux is disabled" } +{ "#comment" = "on the host, then the security driver will automatically disable" } +{ "#comment" = "itself. If you wish to disable QEMU SELinux security driver while" } +{ "#comment" = "leaving SELinux enabled for the host in general, then set this" } +{ "#comment" = "to 'none' instead" } +{ "#comment" = "" } +{ "security_driver" = "selinux" } -- 1.6.2.rc1.285.gc5f54

On Tue, 2009-03-03 at 19:39 +0100, Jim Meyering wrote:
Daniel P. Berrange wrote:
On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 3 Mar 2009 17:42:53 +0100 Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
--- qemud/libvirtd.conf | 4 ++-- qemud/libvirtd_qemu.aug | 2 +-
If changing this, should also change qemud/test_libvirtd_qemu.aug so it validates the parsing of it.
Hmm... rather than continue the duplication, [qemud/test_libvirtd_qemu.aug has the entire content of src/qemu.conf two times, first with double quotes escaped, second with curly braces]
this patch makes it so test_libvirtd_qemu.aug is generated,
Ugh .. I guess I really need to add a function to Augeas to read a string from a file. David

David Lutterkort wrote:
On Tue, 2009-03-03 at 19:39 +0100, Jim Meyering wrote:
Daniel P. Berrange wrote:
On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 3 Mar 2009 17:42:53 +0100 Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
--- qemud/libvirtd.conf | 4 ++-- qemud/libvirtd_qemu.aug | 2 +-
If changing this, should also change qemud/test_libvirtd_qemu.aug so it validates the parsing of it.
Hmm... rather than continue the duplication, [qemud/test_libvirtd_qemu.aug has the entire content of src/qemu.conf two times, first with double quotes escaped, second with curly braces]
this patch makes it so test_libvirtd_qemu.aug is generated,
Ugh .. I guess I really need to add a function to Augeas to read a string from a file.
I'd much prefer that. It would have made part of the task much easier ;-)

Jim Meyering wrote:
From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 3 Mar 2009 17:42:53 +0100 Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
--- qemud/libvirtd.conf | 4 ++-- qemud/libvirtd_qemu.aug | 2 +-
That was supposed to include only the qemud/libvirtd_qemu.aug change. Here's the adjusted patch:
From ac49dbce8f8cd54a55b060f90ca43af0c13f813d Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 3 Mar 2009 17:42:53 +0100 Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
--- qemud/libvirtd_qemu.aug | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/qemud/libvirtd_qemu.aug b/qemud/libvirtd_qemu.aug index b2e4318..e297a5f 100644 --- a/qemud/libvirtd_qemu.aug +++ b/qemud/libvirtd_qemu.aug @@ -27,6 +27,7 @@ module Libvirtd_qemu = | str_entry "vnc_tls_x509_cert_dir" | bool_entry "vnc_tls_x509_verify" | str_entry "vnc_password" + | str_entry "security_driver" (* Each enty in the config is one of the following three ... *) let entry = vnc_entry @@ -41,4 +42,3 @@ module Libvirtd_qemu = . Util.stdexcl let xfm = transform lns filter - -- 1.6.2.rc1.285.gc5f54

On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 3 Mar 2009 17:42:53 +0100 Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
--- qemud/libvirtd.conf | 4 ++-- qemud/libvirtd_qemu.aug | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/qemud/libvirtd.conf b/qemud/libvirtd.conf index 1fd5918..0e0b40c 100644 --- a/qemud/libvirtd.conf +++ b/qemud/libvirtd.conf @@ -289,7 +289,7 @@ # separated by spaces. # # e.g: -# log_filters="3:remote 4:event" +#log_filters = "3:remote 4:event" # to only get warning or errors from the remote layer and only errors from # the event layer.
@@ -311,5 +311,5 @@ # # Multiple output can be defined , they just need to be separated by spaces. # e.g.: -# log_outputs="3:syslog:libvirtd" +#log_outputs = "3:syslog:libvirtd" # to log all warnings and errors to syslog under the libvirtd ident
okay, all other examples use spaces around the equal sign, thanks I didn't noticed that when adding them.
diff --git a/qemud/libvirtd_qemu.aug b/qemud/libvirtd_qemu.aug index b2e4318..e297a5f 100644 --- a/qemud/libvirtd_qemu.aug +++ b/qemud/libvirtd_qemu.aug @@ -27,6 +27,7 @@ module Libvirtd_qemu = | str_entry "vnc_tls_x509_cert_dir" | bool_entry "vnc_tls_x509_verify" | str_entry "vnc_password" + | str_entry "security_driver"
(* Each enty in the config is one of the following three ... *) let entry = vnc_entry @@ -41,4 +42,3 @@ module Libvirtd_qemu = . Util.stdexcl
let xfm = transform lns filter -
okay, ACK Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

Daniel Veillard wrote:
On Tue, Mar 03, 2009 at 05:43:28PM +0100, Jim Meyering wrote:
From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001 diff --git a/qemud/libvirtd.conf b/qemud/libvirtd.conf index 1fd5918..0e0b40c 100644 --- a/qemud/libvirtd.conf +++ b/qemud/libvirtd.conf @@ -289,7 +289,7 @@ # separated by spaces. # # e.g: -# log_filters="3:remote 4:event" +#log_filters = "3:remote 4:event" # to only get warning or errors from the remote layer and only errors from # the event layer.
@@ -311,5 +311,5 @@ # # Multiple output can be defined , they just need to be separated by spaces. # e.g.: -# log_outputs="3:syslog:libvirtd" +#log_outputs = "3:syslog:libvirtd" # to log all warnings and errors to syslog under the libvirtd ident
okay, all other examples use spaces around the equal sign, thanks I didn't noticed that when adding them.
Thanks, but as I hinted, that change was incomplete. The important bit (mentioned at top) was to remove the space between "#" and param name. Once I did that, the daemon-conf test failed because setting log_outputs to that sample value sent all expected output to the log file rather than to stderr where the test requires it. Here's the complete patch: [not urgent, just better coverage]
From 3c7c3bfcbf0c7fdac65b70124e8a6d7790b16844 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 3 Mar 2009 20:31:55 +0100 Subject: [PATCH] tests: exercise log_outputs and log_filters along with the rest
* tests/daemon-conf: Handle log_outputs and log_filters specially, now that they're recognized. * qemud/libvirtd.conf: Use required formatting so that daemon-conf also tests log_outputs and log_filters. --- qemud/libvirtd.conf | 4 ++-- tests/daemon-conf | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/qemud/libvirtd.conf b/qemud/libvirtd.conf index 1fd5918..0e0b40c 100644 --- a/qemud/libvirtd.conf +++ b/qemud/libvirtd.conf @@ -289,7 +289,7 @@ # separated by spaces. # # e.g: -# log_filters="3:remote 4:event" +#log_filters = "3:remote 4:event" # to only get warning or errors from the remote layer and only errors from # the event layer. @@ -311,5 +311,5 @@ # # Multiple output can be defined , they just need to be separated by spaces. # e.g.: -# log_outputs="3:syslog:libvirtd" +#log_outputs = "3:syslog:libvirtd" # to log all warnings and errors to syslog under the libvirtd ident diff --git a/tests/daemon-conf b/tests/daemon-conf index a5e86ae..43ea705 100755 --- a/tests/daemon-conf +++ b/tests/daemon-conf @@ -20,7 +20,12 @@ grep '[a-z_] *= *[^ ]' "$conf" | grep -vE '^#[a-z_]+ = ' \ && { echo "$0: found unexpected lines (above) in $conf" 1>&2; exit 1; } # Start with the sample libvirtd.conf file, uncommenting all real directives. -sed -n 's/^#\([^ #]\)/\1/p' "$conf" > tmp.conf +# Be careful to set log_outputs so that all log output goes to stderr, +# and use an empty string for "log_filters". +sed -n 's/^#\([^ #]\)/\1/p' "$conf" \ + | sed -e 's/^\(log_outputs =\).*/\1 "0:stderr"/' \ + -e 's/^\(log_filters =\).*/\1 ""/' \ + > tmp.conf # Iterate through that list of directives, corrupting one RHS at a # time and running libvirtd with the resulting config. Each libvirtd @@ -44,6 +49,7 @@ while :; do case $rhs in # '"'*) msg='should be a string';; + '"?:'*) msg='expecting a separator';; '"'*) msg='invalid type: got long; expected string';; [0-9]*) msg='invalid type: got string; expected long';; '['*) msg='must be a string or list of strings';; -- 1.6.2.rc1.285.gc5f54
participants (4)
-
Daniel P. Berrange
-
Daniel Veillard
-
David Lutterkort
-
Jim Meyering