1. Patchew
  2. Libvirt
  3. View series

[libvirt] [PATCH] nwfilter: Handle opening for session

John Ferlan posted 1 patch 5 years, 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20180823125453.13167-1-jferlan@redhat.com
Test syntax-check passed
src/nwfilter/nwfilter_driver.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
[libvirt] [PATCH] nwfilter: Handle opening for session
Posted by John Ferlan 5 years, 7 months ago 
https://bugzilla.redhat.com/show_bug.cgi?id=1608275

Commit id 2870419eb (in part) added virGetConnectNWFilter to
allow opening drivers (interface, network, nwfilter, nodedev,
secret, and storage) based on context and commit id f14c37ce4c
started using the API; however, the nwfilterConnectOpen did
not handle session mode resulting in the following message
being logged when virDomainConfVMNWFilterTeardown was called
during the domain shutdown processing:

error : nwfilterConnectOpen:383 : internal error: unexpected
nwfilter URI path '/session', try nwfilter:///system

So similar to the other drivers add code in to check for
/session when not privileged.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/nwfilter/nwfilter_driver.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index ac3a964388..6c25293fd9 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -377,11 +377,20 @@ nwfilterConnectOpen(virConnectPtr conn,
         return VIR_DRV_OPEN_ERROR;
     }
 
-    if (STRNEQ(conn->uri->path, "/system")) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("unexpected nwfilter URI path '%s', try nwfilter:///system"),
-                       conn->uri->path);
-        return VIR_DRV_OPEN_ERROR;
+    if (driver->privileged) {
+        if (STRNEQ(conn->uri->path, "/system")) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("unexpected nwfilter URI path '%s', try nwfilter:///system"),
+                           conn->uri->path);
+            return VIR_DRV_OPEN_ERROR;
+        }
+    } else {
+        if (STRNEQ(conn->uri->path, "/session")) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("unexpected nwfilter URI path '%s', try nwfilter:///session"),
+                           conn->uri->path);
+            return VIR_DRV_OPEN_ERROR;
+        }
     }
 
     if (virConnectOpenEnsureACL(conn) < 0)
-- 
2.17.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] nwfilter: Handle opening for session
Posted by Daniel P. Berrangé 5 years, 7 months ago 
On Thu, Aug 23, 2018 at 08:54:53AM -0400, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1608275
> 
> Commit id 2870419eb (in part) added virGetConnectNWFilter to
> allow opening drivers (interface, network, nwfilter, nodedev,
> secret, and storage) based on context and commit id f14c37ce4c
> started using the API; however, the nwfilterConnectOpen did
> not handle session mode resulting in the following message
> being logged when virDomainConfVMNWFilterTeardown was called
> during the domain shutdown processing:
> 
> error : nwfilterConnectOpen:383 : internal error: unexpected
> nwfilter URI path '/session', try nwfilter:///system
> 
> So similar to the other drivers add code in to check for
> /session when not privileged.
> 
> Signed-off-by: John Ferlan <jferlan@redhat.com>
> ---
>  src/nwfilter/nwfilter_driver.c | 19 ++++++++++++++-----
>  1 file changed, 14 insertions(+), 5 deletions(-)
> 
> diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
> index ac3a964388..6c25293fd9 100644
> --- a/src/nwfilter/nwfilter_driver.c
> +++ b/src/nwfilter/nwfilter_driver.c
> @@ -377,11 +377,20 @@ nwfilterConnectOpen(virConnectPtr conn,
>          return VIR_DRV_OPEN_ERROR;
>      }
>  
> -    if (STRNEQ(conn->uri->path, "/system")) {
> -        virReportError(VIR_ERR_INTERNAL_ERROR,
> -                       _("unexpected nwfilter URI path '%s', try nwfilter:///system"),
> -                       conn->uri->path);
> -        return VIR_DRV_OPEN_ERROR;
> +    if (driver->privileged) {
> +        if (STRNEQ(conn->uri->path, "/system")) {
> +            virReportError(VIR_ERR_INTERNAL_ERROR,
> +                           _("unexpected nwfilter URI path '%s', try nwfilter:///system"),
> +                           conn->uri->path);
> +            return VIR_DRV_OPEN_ERROR;
> +        }
> +    } else {
> +        if (STRNEQ(conn->uri->path, "/session")) {
> +            virReportError(VIR_ERR_INTERNAL_ERROR,
> +                           _("unexpected nwfilter URI path '%s', try nwfilter:///session"),
> +                           conn->uri->path);
> +            return VIR_DRV_OPEN_ERROR;
> +        }
>      }

This isn't right - we should never open the driver in session mode - the
nwfilterStateInitialize() method explicitly skips initialization in an
unprivileged daemon because sesson mode is not supported.

So I think we need to change the virt drivers to not blindly run this
cleanup code in session mode.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-8c64711

© 2016 - 2024 Red Hat, Inc.