Tuning NUMA or network interface parameters require root privileges, thus an attempt to set some of these parameters in session mode should be invalid followed by an error. As an example might be memory tuning which raises an error in such case. This patch provides similar behavior for numatune and domiftune. Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1126762 --- src/qemu/qemu_command.c | 33 ++++++++++++++++++++++++++++++++- src/qemu/qemu_driver.c | 20 ++++++++++++++++++++ 2 files changed, 52 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index c84c7c3..c021080 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7443,7 +7443,7 @@ qemuBuildCommandLine(virConnectPtr conn, emulator = def->emulator; if (!cfg->privileged) { - /* If we have no cgroups than we can have no tunings that + /* If we have no cgroups then we can have no tunings that * require them */ if (def->mem.hard_limit || def->mem.soft_limit || @@ -7466,6 +7466,37 @@ qemuBuildCommandLine(virConnectPtr conn, _("CPU tuning is not available in session mode")); goto error; } + + if (virDomainNumatuneGetNodeset(def->numatune, NULL, -1) || + virDomainNumatuneGetMode(def->numatune, -1)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("NUMA tuning is not available in session mode")); + goto error; + } + + virDomainNetDefPtr *nets = def->nets; + size_t nnets = def->nnets; + for (i = 0; i < nnets; i++) { + if (nets[i]->bandwidth) { + if (nets[i]->bandwidth->in && + (nets[i]->bandwidth->in->average || + nets[i]->bandwidth->in->peak || + nets[i]->bandwidth->in->burst)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Network bandwidth tuning is not available in session mode")); + goto error; + } + + if (nets[i]->bandwidth->out && + (nets[i]->bandwidth->out->average || + nets[i]->bandwidth->out->peak || + nets[i]->bandwidth->out->burst)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Network bandwidth tuning is not available in session mode")); + goto error; + } + } + } } for (i = 0; i < def->ngraphics; ++i) { diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 239a300..b46e12f 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -8779,6 +8779,12 @@ qemuDomainSetNumaParameters(virDomainPtr dom, if (virDomainSetNumaParametersEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; + if (!cfg->privileged) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("NUMA tuning is not available in session mode")); + goto cleanup; + } + if (!(caps = virQEMUDriverGetCapabilities(driver, false))) goto cleanup; @@ -8870,6 +8876,7 @@ qemuDomainGetNumaParameters(virDomainPtr dom, size_t i; virDomainObjPtr vm = NULL; virDomainDefPtr persistentDef = NULL; + virQEMUDriverConfigPtr cfg = NULL; char *nodeset = NULL; int ret = -1; virCapsPtr caps = NULL; @@ -8888,10 +8895,17 @@ qemuDomainGetNumaParameters(virDomainPtr dom, return -1; priv = vm->privateData; + cfg = virQEMUDriverGetConfig(driver); if (virDomainGetNumaParametersEnsureACL(dom->conn, vm->def) < 0) goto cleanup; + if (!cfg->privileged) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("NUMA tuning is not available in session mode")); + goto cleanup; + } + if (!(caps = virQEMUDriverGetCapabilities(driver, false))) goto cleanup; @@ -9889,6 +9903,12 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom, if (virDomainSetInterfaceParametersEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; + if (!cfg->privileged) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("Network bandwidth tuning is not available in session mode")); + goto cleanup; + } + if (!(caps = virQEMUDriverGetCapabilities(driver, false))) goto cleanup; -- 1.9.3