[libvirt-users] Obtaining the PID of a domain's QEMU process from C

Hello all, I'm currently writing a C program that uses the libvirt API and I need a way to obtain the pid of a given domain's QEMU process. Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get the pid of clients that connect to it, and I would like to use that pid to look up the domain in libvirt to determine the proper domain ID to return to the client. As far as I can tell, libvirt doesn't expose this information in an easy to access manner. Of course it is possible to call `ps` and grep for the information I'm looking for, but I was hoping for a cleaner solution. If anybody knows how to do this, advice would be greatly appreciated. Thanks in advance, Shawn

On 2/28/19 8:31 PM, Shawn Anastasio wrote:
Hello all,
I'm currently writing a C program that uses the libvirt API and I need a way to obtain the pid of a given domain's QEMU process.
Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get the pid of clients that connect to it, and I would like to use that pid to look up the domain in libvirt to determine the proper domain ID to return to the client.
As far as I can tell, libvirt doesn't expose this information in an easy to access manner. Of course it is possible to call `ps` and grep for the information I'm looking for, but I was hoping for a cleaner solution.
If anybody knows how to do this, advice would be greatly appreciated.
Thanks in advance,
There isn't any libvirt API for getting the qemu pid, so I think going outside libvirt is your only option - Cole

On 3/1/19 2:31 AM, Shawn Anastasio wrote:
Hello all,
I'm currently writing a C program that uses the libvirt API and I need a way to obtain the pid of a given domain's QEMU process.
Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get the pid of clients that connect to it, and I would like to use that pid to look up the domain in libvirt to determine the proper domain ID to return to the client.
As far as I can tell, libvirt doesn't expose this information in an easy to access manner. Of course it is possible to call `ps` and grep for the information I'm looking for, but I was hoping for a cleaner solution.
If anybody knows how to do this, advice would be greatly appreciated.
There isn't an API for that as we don't want users to fiddle with qemu behid its back. Anyway, apart from ps there might be a solution. Libvirt of course know the PID and stores it - in the status XML. This is a file that libvirt uses to store runtime information for the domain in case the daemon restarts. It's located under /var/run/libvirt/qemu/$domain.xml. But you'll need root priviledges to read it. Also, it is very wise to follow the comment at the beginning of the file and not modify it ;-) And just like with any libvirt internals, we make no guarantees they won't change in the long run. Michal

Thanks for the response. /var/run/libvirt/qemu/ seems to be exactly what I'm looking for. It would, however, be nice to be able to access this file without root privileges. Is there any way to access the file using the credentials from a connected virConnectPtr? If not, I can stick to my current workaround of walking /proc and scanning each PID's cmdline for the VM's UUID string. Thanks, Shawn On 3/9/19 9:32 AM, Michal Prívozník wrote:
On 3/1/19 2:31 AM, Shawn Anastasio wrote:
Hello all,
I'm currently writing a C program that uses the libvirt API and I need a way to obtain the pid of a given domain's QEMU process.
Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get the pid of clients that connect to it, and I would like to use that pid to look up the domain in libvirt to determine the proper domain ID to return to the client.
As far as I can tell, libvirt doesn't expose this information in an easy to access manner. Of course it is possible to call `ps` and grep for the information I'm looking for, but I was hoping for a cleaner solution.
If anybody knows how to do this, advice would be greatly appreciated.
There isn't an API for that as we don't want users to fiddle with qemu behid its back. Anyway, apart from ps there might be a solution. Libvirt of course know the PID and stores it - in the status XML. This is a file that libvirt uses to store runtime information for the domain in case the daemon restarts. It's located under /var/run/libvirt/qemu/$domain.xml. But you'll need root priviledges to read it.
Also, it is very wise to follow the comment at the beginning of the file and not modify it ;-) And just like with any libvirt internals, we make no guarantees they won't change in the long run.
Michal

On Sat, 9 Mar 2019 at 17:27, Shawn Anastasio <shawn@anastas.io> wrote:
Thanks for the response. /var/run/libvirt/qemu/ seems to be exactly what I'm looking for. It would, however, be nice to be able to access this file without root privileges.
Use a tiny setuid C program that reads the relevant file and writes it to a known UNIX-domain socket that has more liberal permissions? On past experience, I wouldn't expect this to end up being supported in libvirt, though there's nothing to stop you creating your own patched version. Cheers, - Peter

On 3/9/19 1:14 PM, Peter Crowther wrote:
Use a tiny setuid C program that reads the relevant file and writes it to a known UNIX-domain socket that has more liberal permissions?
Indeed this is a possibility, but I was hoping for a cleaner solution that fit in with libvirt's existing authentication mechanisms.
I wouldn't expect this to end up being supported in libvirt, though there's nothing to stop you creating your own patched version.
That's a shame, but it's certainly not the end of the world. I may end up running my daemon as root, forking before dropping privileges, and using the child to open the files and pass them to the parent using SCM_RIGHTS or something. Thanks, Shawn

On Sat, Mar 09, 2019 at 04:32:00PM +0100, Michal Prívozník wrote:
On 3/1/19 2:31 AM, Shawn Anastasio wrote:
Hello all,
I'm currently writing a C program that uses the libvirt API and I need a way to obtain the pid of a given domain's QEMU process.
Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get the pid of clients that connect to it, and I would like to use that pid to look up the domain in libvirt to determine the proper domain ID to return to the client.
As far as I can tell, libvirt doesn't expose this information in an easy to access manner. Of course it is possible to call `ps` and grep for the information I'm looking for, but I was hoping for a cleaner solution.
If anybody knows how to do this, advice would be greatly appreciated.
There isn't an API for that as we don't want users to fiddle with qemu
That's right, and it should stay that way. On the other hand, the same way we can't prevent anyone from editing /etc/libvirt/qemu/<domain>.xml or /var/run/libvirt/qemu/<domain>.xml or run the 'ps' command or whatever we might as well report the PID as part of virConnectListAllDomains data. I don't have a problem with reporting PIDs in principle, provided it's used for informatory purposes. Having said that, there's the question of why libvirt should report something that it doesn't need to consume, IOW we report machine ID which we can use to control the machine, we also report UUID which we can consume, but we'd do absolutely nothing with the PID besides reporting it. Another thing is that reporting PIDs of machines running on a remote host is quite useless for locally running clients. Erik
behid its back. Anyway, apart from ps there might be a solution. Libvirt of course know the PID and stores it - in the status XML. This is a file that libvirt uses to store runtime information for the domain in case the daemon restarts. It's located under /var/run/libvirt/qemu/$domain.xml. But you'll need root priviledges to read it.
Also, it is very wise to follow the comment at the beginning of the file and not modify it ;-) And just like with any libvirt internals, we make no guarantees they won't change in the long run.
Michal
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users

On 3/11/19 9:02 AM, Erik Skultety wrote:
On Sat, Mar 09, 2019 at 04:32:00PM +0100, Michal Prívozník wrote:
On 3/1/19 2:31 AM, Shawn Anastasio wrote:
Hello all,
I'm currently writing a C program that uses the libvirt API and I need a way to obtain the pid of a given domain's QEMU process.
Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get the pid of clients that connect to it, and I would like to use that pid to look up the domain in libvirt to determine the proper domain ID to return to the client.
As far as I can tell, libvirt doesn't expose this information in an easy to access manner. Of course it is possible to call `ps` and grep for the information I'm looking for, but I was hoping for a cleaner solution.
If anybody knows how to do this, advice would be greatly appreciated.
There isn't an API for that as we don't want users to fiddle with qemu
That's right, and it should stay that way. On the other hand, the same way we can't prevent anyone from editing /etc/libvirt/qemu/<domain>.xml or /var/run/libvirt/qemu/<domain>.xml or run the 'ps' command or whatever we might as well report the PID as part of virConnectListAllDomains data. I don't have a problem with reporting PIDs in principle, provided it's used for informatory purposes. Having said that, there's the question of why libvirt should report something that it doesn't need to consume, IOW we report machine ID which we can use to control the machine, we also report UUID which we can consume, but we'd do absolutely nothing with the PID besides reporting it. Another thing is that reporting PIDs of machines running on a remote host is quite useless for locally running clients.
Alternatively, we may do what LXC driver already does -> domain ID is PID of init running within the container. In QEMU driver, the domain ID can be PID of qemu then. Michal

On Mon, Mar 11, 2019 at 09:33:30AM +0100, Michal Privoznik wrote:
On 3/11/19 9:02 AM, Erik Skultety wrote:
On Sat, Mar 09, 2019 at 04:32:00PM +0100, Michal Prívozník wrote:
On 3/1/19 2:31 AM, Shawn Anastasio wrote:
Hello all,
I'm currently writing a C program that uses the libvirt API and I need a way to obtain the pid of a given domain's QEMU process.
Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get the pid of clients that connect to it, and I would like to use that pid to look up the domain in libvirt to determine the proper domain ID to return to the client.
As far as I can tell, libvirt doesn't expose this information in an easy to access manner. Of course it is possible to call `ps` and grep for the information I'm looking for, but I was hoping for a cleaner solution.
If anybody knows how to do this, advice would be greatly appreciated.
There isn't an API for that as we don't want users to fiddle with qemu
That's right, and it should stay that way. On the other hand, the same way we can't prevent anyone from editing /etc/libvirt/qemu/<domain>.xml or /var/run/libvirt/qemu/<domain>.xml or run the 'ps' command or whatever we might as well report the PID as part of virConnectListAllDomains data. I don't have a problem with reporting PIDs in principle, provided it's used for informatory purposes. Having said that, there's the question of why libvirt should report something that it doesn't need to consume, IOW we report machine ID which we can use to control the machine, we also report UUID which we can consume, but we'd do absolutely nothing with the PID besides reporting it. Another thing is that reporting PIDs of machines running on a remote host is quite useless for locally running clients.
Alternatively, we may do what LXC driver already does -> domain ID is PID of init running within the container. In QEMU driver, the domain ID can be PID of qemu then.
I would not want todo that - in fact I've wanted to remove that aspect of the LXC driver as it is misleading. People think its the PID of the first proess in the container, but it is in fact the PID of the controller in the host. Also I like low-numbered domain IDs :-) Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

On Mon, Mar 11, 2019 at 09:46:11AM +0000, Daniel P. Berrangé wrote:
On Mon, Mar 11, 2019 at 09:33:30AM +0100, Michal Privoznik wrote:
On 3/11/19 9:02 AM, Erik Skultety wrote:
On Sat, Mar 09, 2019 at 04:32:00PM +0100, Michal Prívozník wrote:
On 3/1/19 2:31 AM, Shawn Anastasio wrote:
Hello all,
I'm currently writing a C program that uses the libvirt API and I need a way to obtain the pid of a given domain's QEMU process.
Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get the pid of clients that connect to it, and I would like to use that pid to look up the domain in libvirt to determine the proper domain ID to return to the client.
As far as I can tell, libvirt doesn't expose this information in an easy to access manner. Of course it is possible to call `ps` and grep for the information I'm looking for, but I was hoping for a cleaner solution.
If anybody knows how to do this, advice would be greatly appreciated.
There isn't an API for that as we don't want users to fiddle with qemu
That's right, and it should stay that way. On the other hand, the same way we can't prevent anyone from editing /etc/libvirt/qemu/<domain>.xml or /var/run/libvirt/qemu/<domain>.xml or run the 'ps' command or whatever we might as well report the PID as part of virConnectListAllDomains data. I don't have a problem with reporting PIDs in principle, provided it's used for informatory purposes. Having said that, there's the question of why libvirt should report something that it doesn't need to consume, IOW we report machine ID which we can use to control the machine, we also report UUID which we can consume, but we'd do absolutely nothing with the PID besides reporting it. Another thing is that reporting PIDs of machines running on a remote host is quite useless for locally running clients.
Alternatively, we may do what LXC driver already does -> domain ID is PID of init running within the container. In QEMU driver, the domain ID can be PID of qemu then.
I would not want todo that - in fact I've wanted to remove that aspect of the LXC driver as it is misleading. People think its the PID of the first proess in the container, but it is in fact the PID of the controller in the host. Also I like low-numbered domain IDs :-)
Do you also have an opinion about potentially exposing PID as part of the virDomain data I mentioned above (eventhough I'm a bit skeptical about that myself)? Erik

On Mon, Mar 11, 2019 at 10:49:45AM +0100, Erik Skultety wrote:
On Mon, Mar 11, 2019 at 09:46:11AM +0000, Daniel P. Berrangé wrote:
On Mon, Mar 11, 2019 at 09:33:30AM +0100, Michal Privoznik wrote:
On 3/11/19 9:02 AM, Erik Skultety wrote:
On Sat, Mar 09, 2019 at 04:32:00PM +0100, Michal Prívozník wrote:
On 3/1/19 2:31 AM, Shawn Anastasio wrote:
Hello all,
I'm currently writing a C program that uses the libvirt API and I need a way to obtain the pid of a given domain's QEMU process.
Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get the pid of clients that connect to it, and I would like to use that pid to look up the domain in libvirt to determine the proper domain ID to return to the client.
As far as I can tell, libvirt doesn't expose this information in an easy to access manner. Of course it is possible to call `ps` and grep for the information I'm looking for, but I was hoping for a cleaner solution.
If anybody knows how to do this, advice would be greatly appreciated.
There isn't an API for that as we don't want users to fiddle with qemu
That's right, and it should stay that way. On the other hand, the same way we can't prevent anyone from editing /etc/libvirt/qemu/<domain>.xml or /var/run/libvirt/qemu/<domain>.xml or run the 'ps' command or whatever we might as well report the PID as part of virConnectListAllDomains data. I don't have a problem with reporting PIDs in principle, provided it's used for informatory purposes. Having said that, there's the question of why libvirt should report something that it doesn't need to consume, IOW we report machine ID which we can use to control the machine, we also report UUID which we can consume, but we'd do absolutely nothing with the PID besides reporting it. Another thing is that reporting PIDs of machines running on a remote host is quite useless for locally running clients.
Alternatively, we may do what LXC driver already does -> domain ID is PID of init running within the container. In QEMU driver, the domain ID can be PID of qemu then.
I would not want todo that - in fact I've wanted to remove that aspect of the LXC driver as it is misleading. People think its the PID of the first proess in the container, but it is in fact the PID of the controller in the host. Also I like low-numbered domain IDs :-)
Do you also have an opinion about potentially exposing PID as part of the virDomain data I mentioned above (eventhough I'm a bit skeptical about that myself)?
I would not like to expose any PID because it puts across the misleading impression that the VM is represented by a single process. It is increasingly clear that QEMU is heading in a direction of splitting up to provide a multitude of processes each with distinct jobs. As such I think it is important that the notion of how many processes are used remain an internal impl detail not exposed to applications. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (7)
-
Cole Robinson
-
Daniel P. Berrangé
-
Erik Skultety
-
Michal Privoznik
-
Michal Prívozník
-
Peter Crowther
-
Shawn Anastasio