From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 153657221988350.75985669943566; Mon, 10 Sep 2018 02:36:59 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C41C38125C; Mon, 10 Sep 2018 09:36:57 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1BE4A5C22A; Mon, 10 Sep 2018 09:36:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E1459181A12E; Mon, 10 Sep 2018 09:36:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9aqKd030695 for ; Mon, 10 Sep 2018 05:36:52 -0400 Received: by smtp.corp.redhat.com (Postfix) id C0CBA10EE839; Mon, 10 Sep 2018 09:36:52 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 60DE910EE836 for ; Mon, 10 Sep 2018 09:36:52 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:02 +0200 Message-Id: <29cedfe36a84004eeab93307382359d60eb93151.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 01/23] qemu_security: Fully implement qemuSecurityDomainSetPathLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Mon, 10 Sep 2018 09:36:58 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Even though the current use of the function does not require full implementation with transactions (none of the callers pass a path somewhere under /dev), it doesn't hurt either. Moreover, in future patches the paradigm is going to shift so that any API that touches a file is required to use transactions. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/qemu/qemu_domain.c | 3 +-- src/qemu/qemu_process.c | 15 ++++++--------- src/qemu/qemu_security.c | 30 ++++++++++++++++++++++++++++++ src/qemu/qemu_security.h | 6 +++++- 4 files changed, 42 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 5329899b13..6425c886a3 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -808,8 +808,7 @@ qemuDomainWriteMasterKeyFile(virQEMUDriverPtr driver, goto cleanup; } =20 - if (qemuSecurityDomainSetPathLabel(driver->securityManager, - vm->def, path, false) < 0) + if (qemuSecurityDomainSetPathLabel(driver, vm, path, false) < 0) goto cleanup; =20 ret =3D 0; diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index eb9904b7ba..3820e04f91 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -2790,8 +2790,7 @@ qemuProcessStartManagedPRDaemon(virDomainObjPtr vm) virCgroupAddMachineTask(priv->cgroup, cpid) < 0) goto cleanup; =20 - if (qemuSecurityDomainSetPathLabel(driver->securityManager, - vm->def, socketPath, true) < 0) + if (qemuSecurityDomainSetPathLabel(driver, vm, socketPath, true) < 0) goto cleanup; =20 priv->prDaemonRunning =3D true; @@ -3653,7 +3652,7 @@ qemuProcessNeedMemoryBackingPath(virDomainDefPtr def, =20 static int qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriverPtr driver, - virDomainDefPtr def, + virDomainObjPtr vm, const char *path, bool build) { @@ -3668,8 +3667,7 @@ qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriverP= tr driver, return -1; } =20 - if (qemuSecurityDomainSetPathLabel(driver->securityManager, - def, path, true) < 0) + if (qemuSecurityDomainSetPathLabel(driver, vm, path, true) < 0) return -1; } else { if (virFileDeleteTree(path) < 0) @@ -3705,7 +3703,7 @@ qemuProcessBuildDestroyMemoryPaths(virQEMUDriverPtr d= river, if (!path) goto cleanup; =20 - if (qemuProcessBuildDestroyMemoryPathsImpl(driver, vm->def, + if (qemuProcessBuildDestroyMemoryPathsImpl(driver, vm, path, build) < 0) goto cleanup; =20 @@ -3717,7 +3715,7 @@ qemuProcessBuildDestroyMemoryPaths(virQEMUDriverPtr d= river, if (qemuGetMemoryBackingDomainPath(vm->def, cfg, &path) < 0) goto cleanup; =20 - if (qemuProcessBuildDestroyMemoryPathsImpl(driver, vm->def, + if (qemuProcessBuildDestroyMemoryPathsImpl(driver, vm, path, build) < 0) goto cleanup; =20 @@ -4909,8 +4907,7 @@ qemuProcessMakeDir(virQEMUDriverPtr driver, goto cleanup; } =20 - if (qemuSecurityDomainSetPathLabel(driver->securityManager, - vm->def, path, true) < 0) + if (qemuSecurityDomainSetPathLabel(driver, vm, path, true) < 0) goto cleanup; =20 ret =3D 0; diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index af3be42854..268def309a 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -493,3 +493,33 @@ qemuSecurityCleanupTPMEmulator(virQEMUDriverPtr driver, { virSecurityManagerRestoreTPMLabels(driver->securityManager, def); } + + +int +qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver, + virDomainObjPtr vm, + const char *path, + bool allowSubtree) +{ + int ret =3D -1; + + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && + virSecurityManagerTransactionStart(driver->securityManager) < 0) + goto cleanup; + + if (virSecurityManagerDomainSetPathLabel(driver->securityManager, + vm->def, + path, + allowSubtree) < 0) + goto cleanup; + + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && + virSecurityManagerTransactionCommit(driver->securityManager, + vm->pid) < 0) + goto cleanup; + + ret =3D 0; + cleanup: + virSecurityManagerTransactionAbort(driver->securityManager); + return ret; +} diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index a189b63828..fd11fbdd9d 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -95,12 +95,16 @@ int qemuSecurityStartTPMEmulator(virQEMUDriverPtr drive= r, void qemuSecurityCleanupTPMEmulator(virQEMUDriverPtr driver, virDomainDefPtr def); =20 +int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver, + virDomainObjPtr vm, + const char *path, + bool allowSubtree); + /* Please note that for these APIs there is no wrapper yet. Do NOT blindly= add * new APIs here. If an API can touch a /dev file add a proper wrapper ins= tead. */ # define qemuSecurityCheckAllLabel virSecurityManagerCheckAllLabel # define qemuSecurityClearSocketLabel virSecurityManagerClearSocketLabel -# define qemuSecurityDomainSetPathLabel virSecurityManagerDomainSetPathLab= el # define qemuSecurityGenLabel virSecurityManagerGenLabel # define qemuSecurityGetBaseLabel virSecurityManagerGetBaseLabel # define qemuSecurityGetDOI virSecurityManagerGetDOI --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572238674191.84961353936694; Mon, 10 Sep 2018 02:37:18 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0D5465F7B8; Mon, 10 Sep 2018 09:37:17 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CF2A5106A7A0; Mon, 10 Sep 2018 09:37:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 852BE4A469; Mon, 10 Sep 2018 09:37:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9arju030708 for ; Mon, 10 Sep 2018 05:36:53 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6858210EE839; Mon, 10 Sep 2018 09:36:53 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0998E10EE836 for ; Mon, 10 Sep 2018 09:36:52 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:03 +0200 Message-Id: <8c74bd89f7cde4da320c1dc102cdb0eb99ebbb31.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 02/23] qemu_security: Fully implement qemuSecurity{Set, Restore}SavedStateLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 10 Sep 2018 09:37:17 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Even though the current use of the functions does not require full implementation with transactions (none of the callers passes a path somewhere under /dev), it doesn't hurt either. Moreover, in future patches the paradigm is going to shift so that any API that touches a file is required to use transactions. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/qemu/qemu_driver.c | 7 +++--- src/qemu/qemu_security.c | 56 ++++++++++++++++++++++++++++++++++++++++++++= ++++ src/qemu/qemu_security.h | 10 +++++++-- 3 files changed, 67 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 2f8d6915e1..6763c8cddc 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -4043,7 +4043,7 @@ qemuDomainScreenshot(virDomainPtr dom, } unlink_tmp =3D true; =20 - qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp); + qemuSecuritySetSavedStateLabel(driver, vm, tmp); =20 qemuDomainObjEnterMonitor(driver, vm); if (qemuMonitorScreendump(priv->mon, videoAlias, screen, tmp) < 0) { @@ -6662,8 +6662,7 @@ qemuDomainSaveImageStartVM(virConnectPtr conn, virObjectUnref(cookie); virCommandFree(cmd); VIR_FREE(errbuf); - if (qemuSecurityRestoreSavedStateLabel(driver->securityManager, - vm->def, path) < 0) + if (qemuSecurityRestoreSavedStateLabel(driver, vm, path) < 0) VIR_WARN("failed to restore save state label on %s", path); virObjectUnref(cfg); return ret; @@ -11828,7 +11827,7 @@ qemuDomainMemoryPeek(virDomainPtr dom, goto endjob; } =20 - qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp); + qemuSecuritySetSavedStateLabel(driver, vm, tmp); =20 priv =3D vm->privateData; qemuDomainObjEnterMonitor(driver, vm); diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 268def309a..c64fbdda38 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -523,3 +523,59 @@ qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver, virSecurityManagerTransactionAbort(driver->securityManager); return ret; } + + +int +qemuSecuritySetSavedStateLabel(virQEMUDriverPtr driver, + virDomainObjPtr vm, + const char *savefile) +{ + int ret =3D -1; + + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && + virSecurityManagerTransactionStart(driver->securityManager) < 0) + goto cleanup; + + if (virSecurityManagerSetSavedStateLabel(driver->securityManager, + vm->def, + savefile) < 0) + goto cleanup; + + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && + virSecurityManagerTransactionCommit(driver->securityManager, + vm->pid) < 0) + goto cleanup; + + ret =3D 0; + cleanup: + virSecurityManagerTransactionAbort(driver->securityManager); + return ret; +} + + +int +qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver, + virDomainObjPtr vm, + const char *savefile) +{ + int ret =3D -1; + + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && + virSecurityManagerTransactionStart(driver->securityManager) < 0) + goto cleanup; + + if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager, + vm->def, + savefile) < 0) + goto cleanup; + + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && + virSecurityManagerTransactionCommit(driver->securityManager, + vm->pid) < 0) + goto cleanup; + + ret =3D 0; + cleanup: + virSecurityManagerTransactionAbort(driver->securityManager); + return ret; +} diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index fd11fbdd9d..c57774deba 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -100,6 +100,14 @@ int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr dr= iver, const char *path, bool allowSubtree); =20 +int qemuSecuritySetSavedStateLabel(virQEMUDriverPtr driver, + virDomainObjPtr vm, + const char *savefile); + +int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver, + virDomainObjPtr vm, + const char *savefile); + /* Please note that for these APIs there is no wrapper yet. Do NOT blindly= add * new APIs here. If an API can touch a /dev file add a proper wrapper ins= tead. */ @@ -119,11 +127,9 @@ int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr dr= iver, # define qemuSecurityPreFork virSecurityManagerPreFork # define qemuSecurityReleaseLabel virSecurityManagerReleaseLabel # define qemuSecurityReserveLabel virSecurityManagerReserveLabel -# define qemuSecurityRestoreSavedStateLabel virSecurityManagerRestoreSaved= StateLabel # define qemuSecuritySetChildProcessLabel virSecurityManagerSetChildProces= sLabel # define qemuSecuritySetDaemonSocketLabel virSecurityManagerSetDaemonSocke= tLabel # define qemuSecuritySetImageFDLabel virSecurityManagerSetImageFDLabel -# define qemuSecuritySetSavedStateLabel virSecurityManagerSetSavedStateLab= el # define qemuSecuritySetSocketLabel virSecurityManagerSetSocketLabel # define qemuSecuritySetTapFDLabel virSecurityManagerSetTapFDLabel # define qemuSecurityStackAddNested virSecurityManagerStackAddNested --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572219895532.2286406765129; Mon, 10 Sep 2018 02:36:59 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 19E613082E54; Mon, 10 Sep 2018 09:36:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D81D13091376; Mon, 10 Sep 2018 09:36:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4D8584BB75; Mon, 10 Sep 2018 09:36:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9asox030718 for ; Mon, 10 Sep 2018 05:36:54 -0400 Received: by smtp.corp.redhat.com (Postfix) id 106CD10EE839; Mon, 10 Sep 2018 09:36:54 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id A556B10EE836 for ; Mon, 10 Sep 2018 09:36:53 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:04 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 03/23] qemu_security: Require full wrappers for APIs that might touch a file X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Mon, 10 Sep 2018 09:36:58 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" In the future, the transactions are not going to be optional and they will be run regardless of domain using namespace to collect list of paths to be relabeled. To make sure there won't be an API that goes behind transaction code back update the comment that serves as decision manual whether an API must be fully implemented or plain #define is sufficient. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/qemu/qemu_security.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index c57774deba..ba12eb3caf 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -109,7 +109,7 @@ int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr= driver, const char *savefile); =20 /* Please note that for these APIs there is no wrapper yet. Do NOT blindly= add - * new APIs here. If an API can touch a /dev file add a proper wrapper ins= tead. + * new APIs here. If an API can touch a file add a proper wrapper instead. */ # define qemuSecurityCheckAllLabel virSecurityManagerCheckAllLabel # define qemuSecurityClearSocketLabel virSecurityManagerClearSocketLabel --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572238683475.1669746859794; Mon, 10 Sep 2018 02:37:18 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1BE0F88312; Mon, 10 Sep 2018 09:37:17 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D2B855DA62; Mon, 10 Sep 2018 09:37:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 85DA64A46C; Mon, 10 Sep 2018 09:37:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9asj8030723 for ; Mon, 10 Sep 2018 05:36:54 -0400 Received: by smtp.corp.redhat.com (Postfix) id ADD9C10EE839; Mon, 10 Sep 2018 09:36:54 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D85C10EE836 for ; Mon, 10 Sep 2018 09:36:54 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:05 +0200 Message-Id: <31ce469d402b06d28e0ceda66dce91c74a51ba71.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 04/23] virSecurityManagerTransactionCommit: Accept pid == -1 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 10 Sep 2018 09:37:17 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" It will be desirable to run transactions more often than we currently do. Even if the domain we're relabeling the paths for does not run in a namespace. If that's the case, there is no need to fork() as we are already running in the right namespace. To differentiate whether transaction code should fork() or not the @pid argument now accepts -1 (which means do not fork). Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/security/security_dac.c | 22 ++++++++++++++-------- src/security/security_manager.c | 14 +++++++++----- src/security/security_selinux.c | 23 +++++++++++++++-------- 3 files changed, 38 insertions(+), 21 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 2a5f8639fe..926c9a33c1 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -485,11 +485,14 @@ virSecurityDACTransactionStart(virSecurityManagerPtr = mgr) * @mgr: security manager * @pid: domain's PID * - * Enters the @pid namespace (usually @pid refers to a domain) and - * performs all the chown()-s on the list. Note that the transaction is - * also freed, therefore new one has to be started after successful - * return from this function. Also it is considered as error if there's - * no transaction set and this function is called. + * If @pid is not -1 then enter the @pid namespace (usually @pid refers + * to a domain) and perform all the chown()-s on the list. If @pid is -1 + * then the transaction is performed in the namespace of the caller. + * + * Note that the transaction is also freed, therefore new one has to be + * started after successful return from this function. Also it is + * considered as error if there's no transaction set and this function + * is called. * * Returns: 0 on success, * -1 otherwise. @@ -514,9 +517,12 @@ virSecurityDACTransactionCommit(virSecurityManagerPtr = mgr ATTRIBUTE_UNUSED, goto cleanup; } =20 - if (virProcessRunInMountNamespace(pid, - virSecurityDACTransactionRun, - list) < 0) + if ((pid =3D=3D -1 && + virSecurityDACTransactionRun(pid, list) < 0) || + (pid !=3D -1 && + virProcessRunInMountNamespace(pid, + virSecurityDACTransactionRun, + list) < 0)) goto cleanup; =20 ret =3D 0; diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 21eb6f7452..9f770d8c53 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -267,11 +267,15 @@ virSecurityManagerTransactionStart(virSecurityManager= Ptr mgr) * @mgr: security manager * @pid: domain's PID * - * Enters the @pid namespace (usually @pid refers to a domain) and - * performs all the operations on the transaction list. Note that the - * transaction is also freed, therefore new one has to be started after - * successful return from this function. Also it is considered as error - * if there's no transaction set and this function is called. + * If @pid is not -1 then enter the @pid namespace (usually @pid refers + * to a domain) and perform all the operations on the transaction list. + * If @pid is -1 then the transaction is performed in the namespace of + * the caller. + * + * Note that the transaction is also freed, therefore new one has to be + * started after successful return from this function. Also it is + * considered as error if there's no transaction set and this function + * is called. * * Returns: 0 on success, * -1 otherwise. diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 96944d0202..288f3628f7 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1040,11 +1040,15 @@ virSecuritySELinuxTransactionStart(virSecurityManag= erPtr mgr) * @mgr: security manager * @pid: domain's PID * - * Enters the @pid namespace (usually @pid refers to a domain) and - * performs all the sefilecon()-s on the list. Note that the - * transaction is also freed, therefore new one has to be started after - * successful return from this function. Also it is considered as error - * if there's no transaction set and this function is called. + * If @pis is not -1 then enter the @pid namespace (usually @pid refers + * to a domain) and perform all the sefilecon()-s on the list. If @pid + * is -1 then the transaction is performed in the namespace of the + * caller. + * + * Note that the transaction is also freed, therefore new one has to be + * started after successful return from this function. Also it is + * considered as error if there's no transaction set and this function + * is called. * * Returns: 0 on success, * -1 otherwise. @@ -1066,9 +1070,12 @@ virSecuritySELinuxTransactionCommit(virSecurityManag= erPtr mgr ATTRIBUTE_UNUSED, goto cleanup; } =20 - if (virProcessRunInMountNamespace(pid, - virSecuritySELinuxTransactionRun, - list) < 0) + if ((pid =3D=3D -1 && + virSecuritySELinuxTransactionRun(pid, list) < 0) || + (pid !=3D -1 && + virProcessRunInMountNamespace(pid, + virSecuritySELinuxTransactionRun, + list) < 0)) goto cleanup; =20 ret =3D 0; --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572272046754.383005547379; Mon, 10 Sep 2018 02:37:52 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 92146A8F4; Mon, 10 Sep 2018 09:37:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5AECB20158AF; Mon, 10 Sep 2018 09:37:50 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F0ACE18005D0; Mon, 10 Sep 2018 09:37:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9atGq030737 for ; Mon, 10 Sep 2018 05:36:55 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7420610EE839; Mon, 10 Sep 2018 09:36:55 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id EA78B10EE836 for ; Mon, 10 Sep 2018 09:36:54 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:06 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 05/23] qemu_security: Run transactions more frequently X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 10 Sep 2018 09:37:51 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" And by "more frequently" I mean always. This is needed so that we have a single place where all the paths a thread wants to relabel are stored. This enables us to lock them all at once (for metadata), do the relabel and unlock at once again. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/qemu/qemu_security.c | 216 ++++++++++++++++++++++++++++---------------= ---- 1 file changed, 129 insertions(+), 87 deletions(-) diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index c64fbdda38..b538e08616 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -39,9 +39,12 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, { int ret =3D -1; qemuDomainObjPrivatePtr priv =3D vm->privateData; + pid_t pid =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerSetAllLabel(driver->securityManager, @@ -50,9 +53,7 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, priv->chardevStdioLogd) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -69,16 +70,21 @@ qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver, { qemuDomainObjPrivatePtr priv =3D vm->privateData; =20 - /* In contrast to qemuSecuritySetAllLabel, do not use - * secdriver transactions here. This function is called from - * qemuProcessStop() which is meant to do cleanup after qemu - * process died. If it did do, the namespace is gone as qemu - * was the only process running there. We would not succeed - * in entering the namespace then. */ + /* In contrast to qemuSecuritySetAllLabel, do not use vm->pid + * here. This function is called from qemuProcessStop() which + * is meant to do cleanup after qemu process died. The + * domain's namespace is gone as qemu was the only process + * running there. We would not succeed in entering the + * namespace then. */ + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) + return; + virSecurityManagerRestoreAllLabel(driver->securityManager, vm->def, migrated, priv->chardevStdioLogd); + + virSecurityManagerTransactionCommit(driver->securityManager, -1); } =20 =20 @@ -87,10 +93,13 @@ qemuSecuritySetDiskLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virDomainDiskDefPtr disk) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerSetDiskLabel(driver->securityManager, @@ -98,9 +107,7 @@ qemuSecuritySetDiskLabel(virQEMUDriverPtr driver, disk) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -115,10 +122,13 @@ qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virDomainDiskDefPtr disk) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerRestoreDiskLabel(driver->securityManager, @@ -126,9 +136,7 @@ qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver, disk) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -143,10 +151,13 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virStorageSourcePtr src) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerSetImageLabel(driver->securityManager, @@ -154,9 +165,7 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver, src) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -171,10 +180,13 @@ qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virStorageSourcePtr src) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerRestoreImageLabel(driver->securityManager, @@ -182,9 +194,7 @@ qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver, src) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -199,10 +209,13 @@ qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virDomainHostdevDefPtr hostdev) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerSetHostdevLabel(driver->securityManager, @@ -211,9 +224,7 @@ qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver, NULL) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -228,10 +239,13 @@ qemuSecurityRestoreHostdevLabel(virQEMUDriverPtr driv= er, virDomainObjPtr vm, virDomainHostdevDefPtr hostdev) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerRestoreHostdevLabel(driver->securityManager, @@ -240,9 +254,7 @@ qemuSecurityRestoreHostdevLabel(virQEMUDriverPtr driver, NULL) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -257,10 +269,13 @@ qemuSecuritySetMemoryLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virDomainMemoryDefPtr mem) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerSetMemoryLabel(driver->securityManager, @@ -268,9 +283,7 @@ qemuSecuritySetMemoryLabel(virQEMUDriverPtr driver, mem) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -285,10 +298,13 @@ qemuSecurityRestoreMemoryLabel(virQEMUDriverPtr drive= r, virDomainObjPtr vm, virDomainMemoryDefPtr mem) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerRestoreMemoryLabel(driver->securityManager, @@ -296,9 +312,7 @@ qemuSecurityRestoreMemoryLabel(virQEMUDriverPtr driver, mem) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -314,10 +328,13 @@ qemuSecuritySetInputLabel(virDomainObjPtr vm, { qemuDomainObjPrivatePtr priv =3D vm->privateData; virQEMUDriverPtr driver =3D priv->driver; + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerSetInputLabel(driver->securityManager, @@ -325,9 +342,7 @@ qemuSecuritySetInputLabel(virDomainObjPtr vm, input) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -343,10 +358,13 @@ qemuSecurityRestoreInputLabel(virDomainObjPtr vm, { qemuDomainObjPrivatePtr priv =3D vm->privateData; virQEMUDriverPtr driver =3D priv->driver; + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerRestoreInputLabel(driver->securityManager, @@ -354,9 +372,7 @@ qemuSecurityRestoreInputLabel(virDomainObjPtr vm, input) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -373,9 +389,12 @@ qemuSecuritySetChardevLabel(virQEMUDriverPtr driver, { int ret =3D -1; qemuDomainObjPrivatePtr priv =3D vm->privateData; + pid_t pid =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerSetChardevLabel(driver->securityManager, @@ -384,9 +403,7 @@ qemuSecuritySetChardevLabel(virQEMUDriverPtr driver, priv->chardevStdioLogd) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -403,9 +420,12 @@ qemuSecurityRestoreChardevLabel(virQEMUDriverPtr drive= r, { int ret =3D -1; qemuDomainObjPrivatePtr priv =3D vm->privateData; + pid_t pid =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerRestoreChardevLabel(driver->securityManager, @@ -414,9 +434,7 @@ qemuSecurityRestoreChardevLabel(virQEMUDriverPtr driver, priv->chardevStdioLogd) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -454,10 +472,21 @@ qemuSecurityStartTPMEmulator(virQEMUDriverPtr driver, int *cmdret) { int ret =3D -1; + bool transactionStarted =3D false; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) + return -1; + transactionStarted =3D true; =20 if (virSecurityManagerSetTPMLabels(driver->securityManager, - def) < 0) + def) < 0) { + virSecurityManagerTransactionAbort(driver->securityManager); + return -1; + } + + if (virSecurityManagerTransactionCommit(driver->securityManager, -1) <= 0) goto cleanup; + transactionStarted =3D false; =20 if (virSecurityManagerSetChildProcessLabel(driver->securityManager, def, cmd) < 0) @@ -481,8 +510,13 @@ qemuSecurityStartTPMEmulator(virQEMUDriverPtr driver, return 0; =20 cleanup: + if (!transactionStarted) + virSecurityManagerTransactionStart(driver->securityManager); + virSecurityManagerRestoreTPMLabels(driver->securityManager, def); =20 + virSecurityManagerTransactionCommit(driver->securityManager, -1); + virSecurityManagerTransactionAbort(driver->securityManager); return ret; } =20 @@ -491,7 +525,12 @@ void qemuSecurityCleanupTPMEmulator(virQEMUDriverPtr driver, virDomainDefPtr def) { + virSecurityManagerTransactionStart(driver->securityManager); + virSecurityManagerRestoreTPMLabels(driver->securityManager, def); + + virSecurityManagerTransactionCommit(driver->securityManager, -1); + virSecurityManagerTransactionAbort(driver->securityManager); } =20 =20 @@ -501,10 +540,13 @@ qemuSecurityDomainSetPathLabel(virQEMUDriverPtr drive= r, const char *path, bool allowSubtree) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerDomainSetPathLabel(driver->securityManager, @@ -513,9 +555,7 @@ qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver, allowSubtree) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -530,10 +570,13 @@ qemuSecuritySetSavedStateLabel(virQEMUDriverPtr drive= r, virDomainObjPtr vm, const char *savefile) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerSetSavedStateLabel(driver->securityManager, @@ -541,9 +584,7 @@ qemuSecuritySetSavedStateLabel(virQEMUDriverPtr driver, savefile) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; @@ -558,10 +599,13 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr d= river, virDomainObjPtr vm, const char *savefile) { + pid_t pid =3D -1; int ret =3D -1; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionStart(driver->securityManager) < 0) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) goto cleanup; =20 if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager, @@ -569,9 +613,7 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr dri= ver, savefile) < 0) goto cleanup; =20 - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) && - virSecurityManagerTransactionCommit(driver->securityManager, - vm->pid) < 0) + if (virSecurityManagerTransactionCommit(driver->securityManager, pid) = < 0) goto cleanup; =20 ret =3D 0; --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572303155212.03542004035899; Mon, 10 Sep 2018 02:38:23 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B31B280F8F; Mon, 10 Sep 2018 09:38:21 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 807CD3022846; Mon, 10 Sep 2018 09:38:21 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3CC3F4A469; Mon, 10 Sep 2018 09:38:21 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9au7O030744 for ; Mon, 10 Sep 2018 05:36:56 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1CF5510EE839; Mon, 10 Sep 2018 09:36:56 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id B146610EE836 for ; Mon, 10 Sep 2018 09:36:55 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:07 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 06/23] virlockspace: Allow caller to specify start and length offset in virLockSpaceAcquireResource X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Mon, 10 Sep 2018 09:38:22 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 So far the virLockSpaceAcquireResource() locks the first byte in the underlying file. But caller might want to lock other range. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan Reviewed-by: Daniel P. Berrang=C3=A9 --- src/locking/lock_daemon_dispatch.c | 3 +++ src/util/virlockspace.c | 15 ++++++++++----- src/util/virlockspace.h | 4 ++++ tests/virlockspacetest.c | 29 ++++++++++++++++++++++++----- 4 files changed, 41 insertions(+), 10 deletions(-) diff --git a/src/locking/lock_daemon_dispatch.c b/src/locking/lock_daemon_d= ispatch.c index 1b479db55d..10248ec0b5 100644 --- a/src/locking/lock_daemon_dispatch.c +++ b/src/locking/lock_daemon_dispatch.c @@ -50,6 +50,8 @@ virLockSpaceProtocolDispatchAcquireResource(virNetServerP= tr server ATTRIBUTE_UNU virNetServerClientGetPrivateData(client); virLockSpacePtr lockspace; unsigned int newFlags; + off_t start =3D 0; + off_t len =3D 1; =20 virMutexLock(&priv->lock); =20 @@ -84,6 +86,7 @@ virLockSpaceProtocolDispatchAcquireResource(virNetServerP= tr server ATTRIBUTE_UNU if (virLockSpaceAcquireResource(lockspace, args->name, priv->ownerPid, + start, len, newFlags) < 0) goto cleanup; =20 diff --git a/src/util/virlockspace.c b/src/util/virlockspace.c index 3364c843aa..60bfef4c5f 100644 --- a/src/util/virlockspace.c +++ b/src/util/virlockspace.c @@ -115,8 +115,10 @@ static void virLockSpaceResourceFree(virLockSpaceResou= rcePtr res) static virLockSpaceResourcePtr virLockSpaceResourceNew(virLockSpacePtr lockspace, const char *resname, - unsigned int flags, - pid_t owner) + pid_t owner, + off_t start, + off_t len, + unsigned int flags) { virLockSpaceResourcePtr res; bool shared =3D !!(flags & VIR_LOCK_SPACE_ACQUIRE_SHARED); @@ -157,7 +159,7 @@ virLockSpaceResourceNew(virLockSpacePtr lockspace, goto error; } =20 - if (virFileLock(res->fd, shared, 0, 1, false) < 0) { + if (virFileLock(res->fd, shared, start, len, false) < 0) { if (errno =3D=3D EACCES || errno =3D=3D EAGAIN) { virReportError(VIR_ERR_RESOURCE_BUSY, _("Lockspace resource '%s' is locked"), @@ -204,7 +206,7 @@ virLockSpaceResourceNew(virLockSpacePtr lockspace, goto error; } =20 - if (virFileLock(res->fd, shared, 0, 1, false) < 0) { + if (virFileLock(res->fd, shared, start, len, false) < 0) { if (errno =3D=3D EACCES || errno =3D=3D EAGAIN) { virReportError(VIR_ERR_RESOURCE_BUSY, _("Lockspace resource '%s' is locked"), @@ -612,6 +614,8 @@ int virLockSpaceDeleteResource(virLockSpacePtr lockspac= e, int virLockSpaceAcquireResource(virLockSpacePtr lockspace, const char *resname, pid_t owner, + off_t start, + off_t len, unsigned int flags) { int ret =3D -1; @@ -641,7 +645,8 @@ int virLockSpaceAcquireResource(virLockSpacePtr lockspa= ce, goto cleanup; } =20 - if (!(res =3D virLockSpaceResourceNew(lockspace, resname, flags, owner= ))) + if (!(res =3D virLockSpaceResourceNew(lockspace, resname, + owner, start, len, flags))) goto cleanup; =20 if (virHashAddEntry(lockspace->resources, resname, res) < 0) { diff --git a/src/util/virlockspace.h b/src/util/virlockspace.h index 041cf20396..24f2c89be6 100644 --- a/src/util/virlockspace.h +++ b/src/util/virlockspace.h @@ -22,6 +22,8 @@ #ifndef __VIR_LOCK_SPACE_H__ # define __VIR_LOCK_SPACE_H__ =20 +# include + # include "internal.h" # include "virjson.h" =20 @@ -50,6 +52,8 @@ typedef enum { int virLockSpaceAcquireResource(virLockSpacePtr lockspace, const char *resname, pid_t owner, + off_t start, + off_t len, unsigned int flags); =20 int virLockSpaceReleaseResource(virLockSpacePtr lockspace, diff --git a/tests/virlockspacetest.c b/tests/virlockspacetest.c index 75ad98a02c..2409809353 100644 --- a/tests/virlockspacetest.c +++ b/tests/virlockspacetest.c @@ -99,6 +99,8 @@ static int testLockSpaceResourceLockExcl(const void *args= ATTRIBUTE_UNUSED) { virLockSpacePtr lockspace; int ret =3D -1; + const off_t start =3D 0; + const off_t len =3D 1; =20 rmdir(LOCKSPACE_DIR); =20 @@ -111,13 +113,13 @@ static int testLockSpaceResourceLockExcl(const void *= args ATTRIBUTE_UNUSED) if (virLockSpaceCreateResource(lockspace, "foo") < 0) goto cleanup; =20 - if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), 0) < 0) + if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), start, le= n, 0) < 0) goto cleanup; =20 if (!virFileExists(LOCKSPACE_DIR "/foo")) goto cleanup; =20 - if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), 0) =3D=3D= 0) + if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), start, le= n, 0) =3D=3D 0) goto cleanup; =20 if (virLockSpaceDeleteResource(lockspace, "foo") =3D=3D 0) @@ -145,6 +147,8 @@ static int testLockSpaceResourceLockExclAuto(const void= *args ATTRIBUTE_UNUSED) { virLockSpacePtr lockspace; int ret =3D -1; + const off_t start =3D 0; + const off_t len =3D 1; =20 rmdir(LOCKSPACE_DIR); =20 @@ -158,6 +162,7 @@ static int testLockSpaceResourceLockExclAuto(const void= *args ATTRIBUTE_UNUSED) goto cleanup; =20 if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), + start, len, VIR_LOCK_SPACE_ACQUIRE_AUTOCREATE) < 0) goto cleanup; =20 @@ -183,6 +188,8 @@ static int testLockSpaceResourceLockShr(const void *arg= s ATTRIBUTE_UNUSED) { virLockSpacePtr lockspace; int ret =3D -1; + const off_t start =3D 0; + const off_t len =3D 1; =20 rmdir(LOCKSPACE_DIR); =20 @@ -196,13 +203,16 @@ static int testLockSpaceResourceLockShr(const void *a= rgs ATTRIBUTE_UNUSED) goto cleanup; =20 if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), + start, len, VIR_LOCK_SPACE_ACQUIRE_SHARED) < 0) goto cleanup; =20 - if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), 0) =3D=3D= 0) + if (virLockSpaceAcquireResource(lockspace, "foo", + geteuid(), start, len, 0) =3D=3D 0) goto cleanup; =20 if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), + start, len, VIR_LOCK_SPACE_ACQUIRE_SHARED) < 0) goto cleanup; =20 @@ -237,6 +247,8 @@ static int testLockSpaceResourceLockShrAuto(const void = *args ATTRIBUTE_UNUSED) { virLockSpacePtr lockspace; int ret =3D -1; + const off_t start =3D 0; + const off_t len =3D 1; =20 rmdir(LOCKSPACE_DIR); =20 @@ -250,6 +262,7 @@ static int testLockSpaceResourceLockShrAuto(const void = *args ATTRIBUTE_UNUSED) goto cleanup; =20 if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), + start, len, VIR_LOCK_SPACE_ACQUIRE_SHARED | VIR_LOCK_SPACE_ACQUIRE_AUTOCREATE) < 0) goto cleanup; @@ -258,6 +271,7 @@ static int testLockSpaceResourceLockShrAuto(const void = *args ATTRIBUTE_UNUSED) goto cleanup; =20 if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), + start, len, VIR_LOCK_SPACE_ACQUIRE_AUTOCREATE) =3D= =3D 0) goto cleanup; =20 @@ -265,6 +279,7 @@ static int testLockSpaceResourceLockShrAuto(const void = *args ATTRIBUTE_UNUSED) goto cleanup; =20 if (virLockSpaceAcquireResource(lockspace, "foo", geteuid(), + start, len, VIR_LOCK_SPACE_ACQUIRE_SHARED | VIR_LOCK_SPACE_ACQUIRE_AUTOCREATE) < 0) goto cleanup; @@ -297,6 +312,8 @@ static int testLockSpaceResourceLockPath(const void *ar= gs ATTRIBUTE_UNUSED) { virLockSpacePtr lockspace; int ret =3D -1; + const off_t start =3D 0; + const off_t len =3D 1; =20 rmdir(LOCKSPACE_DIR); =20 @@ -309,13 +326,15 @@ static int testLockSpaceResourceLockPath(const void *= args ATTRIBUTE_UNUSED) if (virLockSpaceCreateResource(lockspace, LOCKSPACE_DIR "/foo") < 0) goto cleanup; =20 - if (virLockSpaceAcquireResource(lockspace, LOCKSPACE_DIR "/foo", geteu= id(), 0) < 0) + if (virLockSpaceAcquireResource(lockspace, LOCKSPACE_DIR "/foo", + geteuid(), start, len, 0) < 0) goto cleanup; =20 if (!virFileExists(LOCKSPACE_DIR "/foo")) goto cleanup; =20 - if (virLockSpaceAcquireResource(lockspace, LOCKSPACE_DIR "/foo", geteu= id(), 0) =3D=3D 0) + if (virLockSpaceAcquireResource(lockspace, LOCKSPACE_DIR "/foo", + geteuid(), start, len, 0) =3D=3D 0) goto cleanup; =20 if (virLockSpaceDeleteResource(lockspace, LOCKSPACE_DIR "/foo") =3D=3D= 0) --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572276015628.6018540381938; Mon, 10 Sep 2018 02:37:56 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AC431307A281; Mon, 10 Sep 2018 09:37:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 771DD5D778; Mon, 10 Sep 2018 09:37:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2FC66181A139; Mon, 10 Sep 2018 09:37:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9aurF030749 for ; Mon, 10 Sep 2018 05:36:56 -0400 Received: by smtp.corp.redhat.com (Postfix) id BB18B10EE839; Mon, 10 Sep 2018 09:36:56 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 59FA510EE836 for ; Mon, 10 Sep 2018 09:36:56 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:08 +0200 Message-Id: <488bc7a63722cb40198e982a328f6e0296b6d079.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 07/23] lock_driver_lockd: Introduce VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA flag X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Mon, 10 Sep 2018 09:37:55 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This flag causes virtlockd to use different offset when locking the file. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/locking/lock_daemon_dispatch.c | 10 ++++++++-- src/locking/lock_driver_lockd.c | 3 ++- src/locking/lock_driver_lockd.h | 1 + 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/locking/lock_daemon_dispatch.c b/src/locking/lock_daemon_d= ispatch.c index 10248ec0b5..a683ad3d6b 100644 --- a/src/locking/lock_daemon_dispatch.c +++ b/src/locking/lock_daemon_dispatch.c @@ -37,6 +37,9 @@ VIR_LOG_INIT("locking.lock_daemon_dispatch"); =20 #include "lock_daemon_dispatch_stubs.h" =20 +#define DEFAULT_OFFSET 0 +#define METADATA_OFFSET 1 + static int virLockSpaceProtocolDispatchAcquireResource(virNetServerPtr server ATTRIBU= TE_UNUSED, virNetServerClientPtr client, @@ -50,13 +53,14 @@ virLockSpaceProtocolDispatchAcquireResource(virNetServe= rPtr server ATTRIBUTE_UNU virNetServerClientGetPrivateData(client); virLockSpacePtr lockspace; unsigned int newFlags; - off_t start =3D 0; + off_t start =3D DEFAULT_OFFSET; off_t len =3D 1; =20 virMutexLock(&priv->lock); =20 virCheckFlagsGoto(VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_SHARED | - VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE,= cleanup); + VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE | + VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA, c= leanup); =20 if (priv->restricted) { virReportError(VIR_ERR_OPERATION_DENIED, "%s", @@ -82,6 +86,8 @@ virLockSpaceProtocolDispatchAcquireResource(virNetServerP= tr server ATTRIBUTE_UNU newFlags |=3D VIR_LOCK_SPACE_ACQUIRE_SHARED; if (flags & VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE) newFlags |=3D VIR_LOCK_SPACE_ACQUIRE_AUTOCREATE; + if (flags & VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA) + start =3D METADATA_OFFSET; =20 if (virLockSpaceAcquireResource(lockspace, args->name, diff --git a/src/locking/lock_driver_lockd.c b/src/locking/lock_driver_lock= d.c index 16fce551c3..ca825e6026 100644 --- a/src/locking/lock_driver_lockd.c +++ b/src/locking/lock_driver_lockd.c @@ -723,7 +723,8 @@ static int virLockManagerLockDaemonRelease(virLockManag= erPtr lock, =20 args.flags &=3D ~(VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_SHARED | - VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE); + VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE | + VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA); =20 if (virNetClientProgramCall(program, client, diff --git a/src/locking/lock_driver_lockd.h b/src/locking/lock_driver_lock= d.h index 6931fe7425..bebd804365 100644 --- a/src/locking/lock_driver_lockd.h +++ b/src/locking/lock_driver_lockd.h @@ -25,6 +25,7 @@ enum virLockSpaceProtocolAcquireResourceFlags { VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_SHARED =3D (1 << 0), VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE =3D (1 << 1), + VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA =3D (1 << 2), }; =20 #endif /* __VIR_LOCK_DRIVER_LOCKD_H__ */ --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572307468810.2371331987787; Mon, 10 Sep 2018 02:38:27 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2D0BD6B; Mon, 10 Sep 2018 09:38:26 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EC07E5C229; Mon, 10 Sep 2018 09:38:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9B49818005DF; Mon, 10 Sep 2018 09:38:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9avV3030754 for ; Mon, 10 Sep 2018 05:36:57 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7FCF010EE839; Mon, 10 Sep 2018 09:36:57 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 01FB710EE836 for ; Mon, 10 Sep 2018 09:36:56 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:09 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 08/23] lock_driver: Introduce new VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 10 Sep 2018 09:38:26 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" We will want virtlockd to lock files on behalf of libvirtd and not qemu process, because it is libvirtd that needs an exclusive access not qemu. This requires new lock context. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/locking/lock_driver.h | 2 + src/locking/lock_driver_lockd.c | 291 ++++++++++++++++++++++++----------= ---- src/locking/lock_driver_sanlock.c | 37 +++-- 3 files changed, 214 insertions(+), 116 deletions(-) diff --git a/src/locking/lock_driver.h b/src/locking/lock_driver.h index 8b7cccc521..a9d2041c30 100644 --- a/src/locking/lock_driver.h +++ b/src/locking/lock_driver.h @@ -42,6 +42,8 @@ typedef enum { typedef enum { /* The managed object is a virtual guest domain */ VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN =3D 0, + /* The managed object is a daemon (e.g. libvirtd) */ + VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON =3D 1, } virLockManagerObjectType; =20 typedef enum { diff --git a/src/locking/lock_driver_lockd.c b/src/locking/lock_driver_lock= d.c index ca825e6026..8580d12340 100644 --- a/src/locking/lock_driver_lockd.c +++ b/src/locking/lock_driver_lockd.c @@ -56,10 +56,21 @@ struct _virLockManagerLockDaemonResource { }; =20 struct _virLockManagerLockDaemonPrivate { - unsigned char uuid[VIR_UUID_BUFLEN]; - char *name; - int id; - pid_t pid; + virLockManagerObjectType type; + union { + struct { + unsigned char uuid[VIR_UUID_BUFLEN]; + char *name; + int id; + pid_t pid; + } dom; + + struct { + unsigned char uuid[VIR_UUID_BUFLEN]; + char *name; + pid_t pid; + } daemon; + } t; =20 size_t nresources; virLockManagerLockDaemonResourcePtr resources; @@ -156,10 +167,24 @@ virLockManagerLockDaemonConnectionRegister(virLockMan= agerPtr lock, memset(&args, 0, sizeof(args)); =20 args.flags =3D 0; - memcpy(args.owner.uuid, priv->uuid, VIR_UUID_BUFLEN); - args.owner.name =3D priv->name; - args.owner.id =3D priv->id; - args.owner.pid =3D priv->pid; + + switch (priv->type) { + case VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN: + memcpy(args.owner.uuid, priv->t.dom.uuid, VIR_UUID_BUFLEN); + args.owner.name =3D priv->t.dom.name; + args.owner.id =3D priv->t.dom.id; + args.owner.pid =3D priv->t.dom.pid; + break; + + case VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON: + memcpy(args.owner.uuid, priv->t.daemon.uuid, VIR_UUID_BUFLEN); + args.owner.name =3D priv->t.daemon.name; + args.owner.pid =3D priv->t.daemon.pid; + break; + + default: + return -1; + } =20 if (virNetClientProgramCall(program, client, @@ -391,7 +416,18 @@ virLockManagerLockDaemonPrivateFree(virLockManagerLock= DaemonPrivatePtr priv) } VIR_FREE(priv->resources); =20 - VIR_FREE(priv->name); + switch (priv->type) { + case VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN: + VIR_FREE(priv->t.dom.name); + break; + + case VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON: + VIR_FREE(priv->t.daemon.name); + break; + + default: + break; + } VIR_FREE(priv); } =20 @@ -420,46 +456,82 @@ static int virLockManagerLockDaemonNew(virLockManager= Ptr lock, if (VIR_ALLOC(priv) < 0) return -1; =20 - switch (type) { + priv->type =3D type; + + switch ((virLockManagerObjectType) type) { case VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN: for (i =3D 0; i < nparams; i++) { if (STREQ(params[i].key, "uuid")) { - memcpy(priv->uuid, params[i].value.uuid, VIR_UUID_BUFLEN); + memcpy(priv->t.dom.uuid, params[i].value.uuid, VIR_UUID_BU= FLEN); } else if (STREQ(params[i].key, "name")) { - if (VIR_STRDUP(priv->name, params[i].value.str) < 0) + if (VIR_STRDUP(priv->t.dom.name, params[i].value.str) < 0) goto cleanup; } else if (STREQ(params[i].key, "id")) { - priv->id =3D params[i].value.iv; + priv->t.dom.id =3D params[i].value.iv; } else if (STREQ(params[i].key, "pid")) { - priv->pid =3D params[i].value.iv; + priv->t.dom.pid =3D params[i].value.iv; } else if (STREQ(params[i].key, "uri")) { /* ignored */ } else { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Unexpected parameter %s for object"), + _("Unexpected parameter %s for domain objec= t"), params[i].key); goto cleanup; } } - if (priv->id =3D=3D 0) { + if (priv->t.dom.id =3D=3D 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing ID parameter for domain object")); goto cleanup; } - if (priv->pid =3D=3D 0) + if (priv->t.dom.pid =3D=3D 0) VIR_DEBUG("Missing PID parameter for domain object"); - if (!priv->name) { + if (!priv->t.dom.name) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing name parameter for domain object")); goto cleanup; } - if (!virUUIDIsValid(priv->uuid)) { + if (!virUUIDIsValid(priv->t.dom.uuid)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing UUID parameter for domain object")); goto cleanup; } break; =20 + case VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON: + for (i =3D 0; i < nparams; i++) { + if (STREQ(params[i].key, "uuid")) { + memcpy(priv->t.daemon.uuid, params[i].value.uuid, VIR_UUID= _BUFLEN); + } else if (STREQ(params[i].key, "name")) { + if (VIR_STRDUP(priv->t.daemon.name, params[i].value.str) <= 0) + goto cleanup; + } else if (STREQ(params[i].key, "pid")) { + priv->t.daemon.pid =3D params[i].value.iv; + } else { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unexpected parameter %s for daemon objec= t"), + params[i].key); + goto cleanup; + } + } + + if (!virUUIDIsValid(priv->t.daemon.uuid)) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Missing UUID parameter for daemon object")); + goto cleanup; + } + if (!priv->t.daemon.name) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Missing name parameter for daemon object")); + goto cleanup; + } + if (priv->t.daemon.pid =3D=3D 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Missing PID parameter for daemon object")); + goto cleanup; + } + break; + default: virReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown lock manager object type %d"), @@ -494,107 +566,119 @@ static int virLockManagerLockDaemonAddResource(virL= ockManagerPtr lock, if (flags & VIR_LOCK_MANAGER_RESOURCE_READONLY) return 0; =20 - switch (type) { - case VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK: - if (params || nparams) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Unexpected parameters for disk resource")); - goto cleanup; - } - if (!driver->autoDiskLease) { - if (!(flags & (VIR_LOCK_MANAGER_RESOURCE_SHARED | - VIR_LOCK_MANAGER_RESOURCE_READONLY))) - priv->hasRWDisks =3D true; - return 0; - } + switch (priv->type) { + case VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN: =20 - /* XXX we should somehow pass in TYPE=3DBLOCK info - * from the domain_lock code, instead of assuming /dev - */ - if (STRPREFIX(name, "/dev") && - driver->lvmLockSpaceDir) { - VIR_DEBUG("Trying to find an LVM UUID for %s", name); - if (virStorageFileGetLVMKey(name, &newName) < 0) + switch (type) { + case VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK: + if (params || nparams) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Unexpected parameters for disk resource"= )); goto cleanup; + } + if (!driver->autoDiskLease) { + if (!(flags & (VIR_LOCK_MANAGER_RESOURCE_SHARED | + VIR_LOCK_MANAGER_RESOURCE_READONLY))) + priv->hasRWDisks =3D true; + return 0; + } =20 - if (newName) { - VIR_DEBUG("Got an LVM UUID %s for %s", newName, name); - if (VIR_STRDUP(newLockspace, driver->lvmLockSpaceDir) < 0) + /* XXX we should somehow pass in TYPE=3DBLOCK info + * from the domain_lock code, instead of assuming /dev + */ + if (STRPREFIX(name, "/dev") && + driver->lvmLockSpaceDir) { + VIR_DEBUG("Trying to find an LVM UUID for %s", name); + if (virStorageFileGetLVMKey(name, &newName) < 0) goto cleanup; - autoCreate =3D true; - break; + + if (newName) { + VIR_DEBUG("Got an LVM UUID %s for %s", newName, name); + if (VIR_STRDUP(newLockspace, driver->lvmLockSpaceDir) = < 0) + goto cleanup; + autoCreate =3D true; + break; + } + virResetLastError(); + /* Fallback to generic non-block code */ } - virResetLastError(); - /* Fallback to generic non-block code */ - } =20 - if (STRPREFIX(name, "/dev") && - driver->scsiLockSpaceDir) { - VIR_DEBUG("Trying to find an SCSI ID for %s", name); - if (virStorageFileGetSCSIKey(name, &newName) < 0) - goto cleanup; + if (STRPREFIX(name, "/dev") && + driver->scsiLockSpaceDir) { + VIR_DEBUG("Trying to find an SCSI ID for %s", name); + if (virStorageFileGetSCSIKey(name, &newName) < 0) + goto cleanup; + + if (newName) { + VIR_DEBUG("Got an SCSI ID %s for %s", newName, name); + if (VIR_STRDUP(newLockspace, driver->scsiLockSpaceDir)= < 0) + goto cleanup; + autoCreate =3D true; + break; + } + virResetLastError(); + /* Fallback to generic non-block code */ + } =20 - if (newName) { - VIR_DEBUG("Got an SCSI ID %s for %s", newName, name); - if (VIR_STRDUP(newLockspace, driver->scsiLockSpaceDir) < 0) + if (driver->fileLockSpaceDir) { + if (VIR_STRDUP(newLockspace, driver->fileLockSpaceDir) < 0) + goto cleanup; + if (virCryptoHashString(VIR_CRYPTO_HASH_SHA256, name, &new= Name) < 0) goto cleanup; autoCreate =3D true; - break; + VIR_DEBUG("Using indirect lease %s for %s", newName, name); + } else { + if (VIR_STRDUP(newLockspace, "") < 0) + goto cleanup; + if (VIR_STRDUP(newName, name) < 0) + goto cleanup; + VIR_DEBUG("Using direct lease for %s", name); } - virResetLastError(); - /* Fallback to generic non-block code */ - } =20 - if (driver->fileLockSpaceDir) { - if (VIR_STRDUP(newLockspace, driver->fileLockSpaceDir) < 0) - goto cleanup; - if (virCryptoHashString(VIR_CRYPTO_HASH_SHA256, name, &newName= ) < 0) + break; + case VIR_LOCK_MANAGER_RESOURCE_TYPE_LEASE: { + size_t i; + char *path =3D NULL; + char *lockspace =3D NULL; + for (i =3D 0; i < nparams; i++) { + if (STREQ(params[i].key, "offset")) { + if (params[i].value.ul !=3D 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Offset must be zero for this loc= k manager")); + goto cleanup; + } + } else if (STREQ(params[i].key, "lockspace")) { + lockspace =3D params[i].value.str; + } else if (STREQ(params[i].key, "path")) { + path =3D params[i].value.str; + } else { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unexpected parameter %s for lease re= source"), + params[i].key); + goto cleanup; + } + } + if (!path || !lockspace) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Missing path or lockspace for lease reso= urce")); goto cleanup; - autoCreate =3D true; - VIR_DEBUG("Using indirect lease %s for %s", newName, name); - } else { - if (VIR_STRDUP(newLockspace, "") < 0) + } + if (virAsprintf(&newLockspace, "%s/%s", + path, lockspace) < 0) goto cleanup; if (VIR_STRDUP(newName, name) < 0) goto cleanup; - VIR_DEBUG("Using direct lease for %s", name); - } =20 + } break; + default: + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unknown lock manager object type %d for doma= in lock object"), + type); + goto cleanup; + } break; - case VIR_LOCK_MANAGER_RESOURCE_TYPE_LEASE: { - size_t i; - char *path =3D NULL; - char *lockspace =3D NULL; - for (i =3D 0; i < nparams; i++) { - if (STREQ(params[i].key, "offset")) { - if (params[i].value.ul !=3D 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Offset must be zero for this lock ma= nager")); - goto cleanup; - } - } else if (STREQ(params[i].key, "lockspace")) { - lockspace =3D params[i].value.str; - } else if (STREQ(params[i].key, "path")) { - path =3D params[i].value.str; - } else { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Unexpected parameter %s for lease resour= ce"), - params[i].key); - goto cleanup; - } - } - if (!path || !lockspace) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Missing path or lockspace for lease resource= ")); - goto cleanup; - } - if (virAsprintf(&newLockspace, "%s/%s", - path, lockspace) < 0) - goto cleanup; - if (VIR_STRDUP(newName, name) < 0) - goto cleanup; =20 - } break; + case VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON: default: virReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown lock manager object type %d"), @@ -639,7 +723,8 @@ static int virLockManagerLockDaemonAcquire(virLockManag= erPtr lock, virCheckFlags(VIR_LOCK_MANAGER_ACQUIRE_REGISTER_ONLY | VIR_LOCK_MANAGER_ACQUIRE_RESTRICT, -1); =20 - if (priv->nresources =3D=3D 0 && + if (priv->type =3D=3D VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN && + priv->nresources =3D=3D 0 && priv->hasRWDisks && driver->requireLeaseForDisks) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sa= nlock.c index 39c2f94a76..fe422d3be6 100644 --- a/src/locking/lock_driver_sanlock.c +++ b/src/locking/lock_driver_sanlock.c @@ -513,21 +513,32 @@ static int virLockManagerSanlockNew(virLockManagerPtr= lock, =20 priv->flags =3D flags; =20 - for (i =3D 0; i < nparams; i++) { - param =3D ¶ms[i]; + switch ((virLockManagerObjectType) type) { + case VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN: + for (i =3D 0; i < nparams; i++) { + param =3D ¶ms[i]; =20 - if (STREQ(param->key, "uuid")) { - memcpy(priv->vm_uuid, param->value.uuid, 16); - } else if (STREQ(param->key, "name")) { - if (VIR_STRDUP(priv->vm_name, param->value.str) < 0) - goto error; - } else if (STREQ(param->key, "pid")) { - priv->vm_pid =3D param->value.iv; - } else if (STREQ(param->key, "id")) { - priv->vm_id =3D param->value.ui; - } else if (STREQ(param->key, "uri")) { - priv->vm_uri =3D param->value.cstr; + if (STREQ(param->key, "uuid")) { + memcpy(priv->vm_uuid, param->value.uuid, 16); + } else if (STREQ(param->key, "name")) { + if (VIR_STRDUP(priv->vm_name, param->value.str) < 0) + goto error; + } else if (STREQ(param->key, "pid")) { + priv->vm_pid =3D param->value.iv; + } else if (STREQ(param->key, "id")) { + priv->vm_id =3D param->value.ui; + } else if (STREQ(param->key, "uri")) { + priv->vm_uri =3D param->value.cstr; + } } + break; + + case VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON: + default: + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unknown lock manager object type %d"), + type); + goto error; } =20 /* Sanlock needs process registration, but the only way how to probe --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572311440983.142725307691; Mon, 10 Sep 2018 02:38:31 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 12C64A6E1E; Mon, 10 Sep 2018 09:38:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C82695C22B; Mon, 10 Sep 2018 09:38:29 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7CD4D181A71E; Mon, 10 Sep 2018 09:38:29 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9aw6D030767 for ; Mon, 10 Sep 2018 05:36:58 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2763010EE839; Mon, 10 Sep 2018 09:36:58 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id BC71610EE836 for ; Mon, 10 Sep 2018 09:36:57 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:10 +0200 Message-Id: <3759e96812e5ff2f79529cf20a53b1d5d1265f4e.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 09/23] _virLockManagerLockDaemonPrivate: Move @hasRWDisks into dom union X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Mon, 10 Sep 2018 09:38:30 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The fact whether domain has or doesn't have RW disks is specific to VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN and therefore should reside in union specific to it. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/locking/lock_driver_lockd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/locking/lock_driver_lockd.c b/src/locking/lock_driver_lock= d.c index 8580d12340..98953500b7 100644 --- a/src/locking/lock_driver_lockd.c +++ b/src/locking/lock_driver_lockd.c @@ -63,6 +63,8 @@ struct _virLockManagerLockDaemonPrivate { char *name; int id; pid_t pid; + + bool hasRWDisks; } dom; =20 struct { @@ -74,8 +76,6 @@ struct _virLockManagerLockDaemonPrivate { =20 size_t nresources; virLockManagerLockDaemonResourcePtr resources; - - bool hasRWDisks; }; =20 =20 @@ -579,7 +579,7 @@ static int virLockManagerLockDaemonAddResource(virLockM= anagerPtr lock, if (!driver->autoDiskLease) { if (!(flags & (VIR_LOCK_MANAGER_RESOURCE_SHARED | VIR_LOCK_MANAGER_RESOURCE_READONLY))) - priv->hasRWDisks =3D true; + priv->t.dom.hasRWDisks =3D true; return 0; } =20 @@ -725,7 +725,7 @@ static int virLockManagerLockDaemonAcquire(virLockManag= erPtr lock, =20 if (priv->type =3D=3D VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN && priv->nresources =3D=3D 0 && - priv->hasRWDisks && + priv->t.dom.hasRWDisks && driver->requireLeaseForDisks) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Read/write, exclusive access, disks were present= , but no leases specified")); --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572286765502.0988100183673; Mon, 10 Sep 2018 02:38:06 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6A4DE369B7; Mon, 10 Sep 2018 09:38:05 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 331435D778; Mon, 10 Sep 2018 09:38:05 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D46CA181A13B; Mon, 10 Sep 2018 09:38:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9awZ7030780 for ; Mon, 10 Sep 2018 05:36:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id C3A5110EE839; Mon, 10 Sep 2018 09:36:58 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6477010EE836 for ; Mon, 10 Sep 2018 09:36:58 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:11 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 10/23] lock_driver: Introduce VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Mon, 10 Sep 2018 09:38:06 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This is a new type of object that lock drivers can handle. Currently, it is supported by lockd driver only. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/locking/lock_driver.h | 2 ++ src/locking/lock_driver_lockd.c | 47 ++++++++++++++++++++++++++++-------= ---- src/locking/lock_driver_sanlock.c | 3 ++- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/src/locking/lock_driver.h b/src/locking/lock_driver.h index a9d2041c30..9be0abcfba 100644 --- a/src/locking/lock_driver.h +++ b/src/locking/lock_driver.h @@ -51,6 +51,8 @@ typedef enum { VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK =3D 0, /* A lease against an arbitrary resource */ VIR_LOCK_MANAGER_RESOURCE_TYPE_LEASE =3D 1, + /* The resource to be locked is a metadata */ + VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA =3D 2, } virLockManagerResourceType; =20 typedef enum { diff --git a/src/locking/lock_driver_lockd.c b/src/locking/lock_driver_lock= d.c index 98953500b7..cb294ac694 100644 --- a/src/locking/lock_driver_lockd.c +++ b/src/locking/lock_driver_lockd.c @@ -557,7 +557,7 @@ static int virLockManagerLockDaemonAddResource(virLockM= anagerPtr lock, virLockManagerLockDaemonPrivatePtr priv =3D lock->privateData; char *newName =3D NULL; char *newLockspace =3D NULL; - bool autoCreate =3D false; + int newFlags =3D 0; int ret =3D -1; =20 virCheckFlags(VIR_LOCK_MANAGER_RESOURCE_READONLY | @@ -569,7 +569,7 @@ static int virLockManagerLockDaemonAddResource(virLockM= anagerPtr lock, switch (priv->type) { case VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN: =20 - switch (type) { + switch ((virLockManagerResourceType) type) { case VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK: if (params || nparams) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -596,7 +596,7 @@ static int virLockManagerLockDaemonAddResource(virLockM= anagerPtr lock, VIR_DEBUG("Got an LVM UUID %s for %s", newName, name); if (VIR_STRDUP(newLockspace, driver->lvmLockSpaceDir) = < 0) goto cleanup; - autoCreate =3D true; + newFlags |=3D VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE= _AUTOCREATE; break; } virResetLastError(); @@ -613,7 +613,7 @@ static int virLockManagerLockDaemonAddResource(virLockM= anagerPtr lock, VIR_DEBUG("Got an SCSI ID %s for %s", newName, name); if (VIR_STRDUP(newLockspace, driver->scsiLockSpaceDir)= < 0) goto cleanup; - autoCreate =3D true; + newFlags |=3D VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE= _AUTOCREATE; break; } virResetLastError(); @@ -625,7 +625,7 @@ static int virLockManagerLockDaemonAddResource(virLockM= anagerPtr lock, goto cleanup; if (virCryptoHashString(VIR_CRYPTO_HASH_SHA256, name, &new= Name) < 0) goto cleanup; - autoCreate =3D true; + newFlags |=3D VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUT= OCREATE; VIR_DEBUG("Using indirect lease %s for %s", newName, name); } else { if (VIR_STRDUP(newLockspace, "") < 0) @@ -670,6 +670,8 @@ static int virLockManagerLockDaemonAddResource(virLockM= anagerPtr lock, goto cleanup; =20 } break; + + case VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA: default: virReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown lock manager object type %d for doma= in lock object"), @@ -679,6 +681,29 @@ static int virLockManagerLockDaemonAddResource(virLock= ManagerPtr lock, break; =20 case VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON: + switch ((virLockManagerResourceType) type) { + case VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA: + if (params || nparams) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Unexpected parameters for metadata resou= rce")); + goto cleanup; + } + if (VIR_STRDUP(newLockspace, "") < 0 || + VIR_STRDUP(newName, name) < 0) + goto cleanup; + newFlags |=3D VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADAT= A; + break; + + case VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK: + case VIR_LOCK_MANAGER_RESOURCE_TYPE_LEASE: + default: + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unknown lock manager object type %d for daem= on lock object"), + type); + goto cleanup; + } + break; + default: virReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown lock manager object type %d"), @@ -686,19 +711,15 @@ static int virLockManagerLockDaemonAddResource(virLoc= kManagerPtr lock, goto cleanup; } =20 + if (flags & VIR_LOCK_MANAGER_RESOURCE_SHARED) + newFlags |=3D VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_SHARED; + if (VIR_EXPAND_N(priv->resources, priv->nresources, 1) < 0) goto cleanup; =20 VIR_STEAL_PTR(priv->resources[priv->nresources-1].lockspace, newLocksp= ace); VIR_STEAL_PTR(priv->resources[priv->nresources-1].name, newName); - - if (flags & VIR_LOCK_MANAGER_RESOURCE_SHARED) - priv->resources[priv->nresources-1].flags |=3D - VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_SHARED; - - if (autoCreate) - priv->resources[priv->nresources-1].flags |=3D - VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE; + priv->resources[priv->nresources-1].flags =3D newFlags; =20 ret =3D 0; cleanup: diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sa= nlock.c index fe422d3be6..9393e7d9a2 100644 --- a/src/locking/lock_driver_sanlock.c +++ b/src/locking/lock_driver_sanlock.c @@ -815,7 +815,7 @@ static int virLockManagerSanlockAddResource(virLockMana= gerPtr lock, if (flags & VIR_LOCK_MANAGER_RESOURCE_READONLY) return 0; =20 - switch (type) { + switch ((virLockManagerResourceType) type) { case VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK: if (driver->autoDiskLease) { if (virLockManagerSanlockAddDisk(driver, lock, name, nparams, = params, @@ -839,6 +839,7 @@ static int virLockManagerSanlockAddResource(virLockMana= gerPtr lock, return -1; break; =20 + case VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA: default: virReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown lock manager object type %d for domain l= ock object"), --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572316228847.8000634999804; Mon, 10 Sep 2018 02:38:36 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BDBCA3082144; Mon, 10 Sep 2018 09:38:33 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 882DF106A790; Mon, 10 Sep 2018 09:38:33 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3F3A3181A870; Mon, 10 Sep 2018 09:38:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9axTv030789 for ; Mon, 10 Sep 2018 05:36:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6B78110EE839; Mon, 10 Sep 2018 09:36:59 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0C84010EE836 for ; Mon, 10 Sep 2018 09:36:58 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:12 +0200 Message-Id: <0e1178c3c9da0f806dfee2fbea7f76e8ef658d0a.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 11/23] lock_driver: Introduce VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Mon, 10 Sep 2018 09:38:35 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Soon there will be a virtlockd client that wants to either lock all the resources or none (in order to avoid virtlockd killing the client on connection close). Because on the RPC layer we can only acquire one resource at a time, we have to perform a rollback once we hit a resource that can't be acquired. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/locking/lock_driver.h | 4 ++ src/locking/lock_driver_lockd.c | 84 +++++++++++++++++++++++++++++--------= ---- 2 files changed, 64 insertions(+), 24 deletions(-) diff --git a/src/locking/lock_driver.h b/src/locking/lock_driver.h index 9be0abcfba..8d236471d4 100644 --- a/src/locking/lock_driver.h +++ b/src/locking/lock_driver.h @@ -67,6 +67,10 @@ typedef enum { VIR_LOCK_MANAGER_ACQUIRE_REGISTER_ONLY =3D (1 << 0), /* Prevent further lock/unlock calls from this process */ VIR_LOCK_MANAGER_ACQUIRE_RESTRICT =3D (1 << 1), + /* In case when acquiring more resources which one of them + * can't be acquired, perform a rollback and release all + * resources acquired so far. */ + VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK =3D (1 << 2), } virLockManagerAcquireFlags; =20 typedef enum { diff --git a/src/locking/lock_driver_lockd.c b/src/locking/lock_driver_lock= d.c index cb294ac694..3068a72507 100644 --- a/src/locking/lock_driver_lockd.c +++ b/src/locking/lock_driver_lockd.c @@ -729,6 +729,34 @@ static int virLockManagerLockDaemonAddResource(virLock= ManagerPtr lock, } =20 =20 +static int virLockManagerLockDaemonReleaseImpl(virNetClientPtr client, + virNetClientProgramPtr prog= ram, + int *counter, + virLockManagerLockDaemonRes= ourcePtr res) +{ + virLockSpaceProtocolReleaseResourceArgs args; + + memset(&args, 0, sizeof(args)); + + args.path =3D res->lockspace; + args.name =3D res->name; + args.flags =3D res->flags; + + args.flags &=3D + ~(VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_SHARED | + VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE | + VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA); + + return virNetClientProgramCall(program, + client, + (*counter)++, + VIR_LOCK_SPACE_PROTOCOL_PROC_RELEASE_RE= SOURCE, + 0, NULL, NULL, NULL, + (xdrproc_t)xdr_virLockSpaceProtocolRele= aseResourceArgs, &args, + (xdrproc_t)xdr_void, NULL); +} + + static int virLockManagerLockDaemonAcquire(virLockManagerPtr lock, const char *state ATTRIBUTE_UNU= SED, unsigned int flags, @@ -739,10 +767,13 @@ static int virLockManagerLockDaemonAcquire(virLockMan= agerPtr lock, virNetClientProgramPtr program =3D NULL; int counter =3D 0; int rv =3D -1; + ssize_t i; + ssize_t lastGood =3D -1; virLockManagerLockDaemonPrivatePtr priv =3D lock->privateData; =20 virCheckFlags(VIR_LOCK_MANAGER_ACQUIRE_REGISTER_ONLY | - VIR_LOCK_MANAGER_ACQUIRE_RESTRICT, -1); + VIR_LOCK_MANAGER_ACQUIRE_RESTRICT | + VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK, -1); =20 if (priv->type =3D=3D VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN && priv->nresources =3D=3D 0 && @@ -761,7 +792,6 @@ static int virLockManagerLockDaemonAcquire(virLockManag= erPtr lock, goto cleanup; =20 if (!(flags & VIR_LOCK_MANAGER_ACQUIRE_REGISTER_ONLY)) { - size_t i; for (i =3D 0; i < priv->nresources; i++) { virLockSpaceProtocolAcquireResourceArgs args; =20 @@ -779,6 +809,7 @@ static int virLockManagerLockDaemonAcquire(virLockManag= erPtr lock, (xdrproc_t)xdr_virLockSpaceProtoco= lAcquireResourceArgs, &args, (xdrproc_t)xdr_void, NULL) < 0) goto cleanup; + lastGood =3D i; } } =20 @@ -789,8 +820,30 @@ static int virLockManagerLockDaemonAcquire(virLockMana= gerPtr lock, rv =3D 0; =20 cleanup: - if (rv !=3D 0 && fd) - VIR_FORCE_CLOSE(*fd); + if (rv < 0) { + int saved_errno =3D errno; + virErrorPtr origerr; + + virErrorPreserveLast(&origerr); + if (fd) + VIR_FORCE_CLOSE(*fd); + + if (client && program && + flags & VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK && + !(flags & VIR_LOCK_MANAGER_ACQUIRE_REGISTER_ONLY)) { + for (i =3D lastGood; i >=3D 0; i--) { + virLockManagerLockDaemonResourcePtr res =3D &priv->resourc= es[i]; + + if (virLockManagerLockDaemonReleaseImpl(client, program, + &counter, res) < 0) + VIR_WARN("Unable to release resource lockspace=3D%s na= me=3D%s", + res->lockspace, res->name); + } + } + + virErrorRestore(&origerr); + errno =3D saved_errno; + } virNetClientClose(client); virObjectUnref(client); virObjectUnref(program); @@ -818,27 +871,10 @@ static int virLockManagerLockDaemonRelease(virLockMan= agerPtr lock, goto cleanup; =20 for (i =3D 0; i < priv->nresources; i++) { - virLockSpaceProtocolReleaseResourceArgs args; + virLockManagerLockDaemonResourcePtr res =3D &priv->resources[i]; =20 - memset(&args, 0, sizeof(args)); - - if (priv->resources[i].lockspace) - args.path =3D priv->resources[i].lockspace; - args.name =3D priv->resources[i].name; - args.flags =3D priv->resources[i].flags; - - args.flags &=3D - ~(VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_SHARED | - VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE | - VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA); - - if (virNetClientProgramCall(program, - client, - counter++, - VIR_LOCK_SPACE_PROTOCOL_PROC_RELEASE_R= ESOURCE, - 0, NULL, NULL, NULL, - (xdrproc_t)xdr_virLockSpaceProtocolRel= easeResourceArgs, &args, - (xdrproc_t)xdr_void, NULL) < 0) + if (virLockManagerLockDaemonReleaseImpl(client, program, + &counter, res) < 0) goto cleanup; } =20 --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 153657227999723.014470599511583; Mon, 10 Sep 2018 02:37:59 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 85BBD308212A; Mon, 10 Sep 2018 09:37:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4D0816090A; Mon, 10 Sep 2018 09:37:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 00340181A13B; Mon, 10 Sep 2018 09:37:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b0ds030794 for ; Mon, 10 Sep 2018 05:37:00 -0400 Received: by smtp.corp.redhat.com (Postfix) id 138A410EE839; Mon, 10 Sep 2018 09:37:00 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id A87D610EE836 for ; Mon, 10 Sep 2018 09:36:59 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:13 +0200 Message-Id: <59f7963ee0748c96e0aac3a008cc8d0263b3c1c3.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 12/23] lock_daemon_dispatch: Check for ownerPid rather than ownerId X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Mon, 10 Sep 2018 09:37:59 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" At the beginning of each dispatch function we check if owner attributes were registered (these consist of ID, UUID, PID and name). The check then consists of checking if ID is not zero. This is not going to work with VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON which doesn't set ID. Switch to setting PID which is available for both cases. Signed-off-by: Michal Privoznik --- src/locking/lock_daemon_dispatch.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/locking/lock_daemon_dispatch.c b/src/locking/lock_daemon_d= ispatch.c index a683ad3d6b..36a2462592 100644 --- a/src/locking/lock_daemon_dispatch.c +++ b/src/locking/lock_daemon_dispatch.c @@ -68,7 +68,7 @@ virLockSpaceProtocolDispatchAcquireResource(virNetServerP= tr server ATTRIBUTE_UNU goto cleanup; } =20 - if (!priv->ownerId) { + if (!priv->ownerPid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("lock owner details have not been registered")); goto cleanup; @@ -129,7 +129,7 @@ virLockSpaceProtocolDispatchCreateResource(virNetServer= Ptr server ATTRIBUTE_UNUS goto cleanup; } =20 - if (!priv->ownerId) { + if (!priv->ownerPid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("lock owner details have not been registered")); goto cleanup; @@ -178,7 +178,7 @@ virLockSpaceProtocolDispatchDeleteResource(virNetServer= Ptr server ATTRIBUTE_UNUS goto cleanup; } =20 - if (!priv->ownerId) { + if (!priv->ownerPid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("lock owner details have not been registered")); goto cleanup; @@ -227,7 +227,7 @@ virLockSpaceProtocolDispatchNew(virNetServerPtr server = ATTRIBUTE_UNUSED, goto cleanup; } =20 - if (!priv->ownerId) { + if (!priv->ownerPid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("lock owner details have not been registered")); goto cleanup; @@ -282,7 +282,7 @@ virLockSpaceProtocolDispatchRegister(virNetServerPtr se= rver ATTRIBUTE_UNUSED, goto cleanup; } =20 - if (!args->owner.id) { + if (!args->owner.pid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("lock owner details have not been registered")); goto cleanup; @@ -329,7 +329,7 @@ virLockSpaceProtocolDispatchReleaseResource(virNetServe= rPtr server ATTRIBUTE_UNU goto cleanup; } =20 - if (!priv->ownerId) { + if (!priv->ownerPid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("lock owner details have not been registered")); goto cleanup; @@ -379,7 +379,7 @@ virLockSpaceProtocolDispatchRestrict(virNetServerPtr se= rver ATTRIBUTE_UNUSED, goto cleanup; } =20 - if (!priv->ownerId) { + if (!priv->ownerPid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("lock owner details have not been registered")); goto cleanup; --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572320219545.3878621007728; Mon, 10 Sep 2018 02:38:40 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4ABF788E4F; Mon, 10 Sep 2018 09:38:38 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1415E5D9C7; Mon, 10 Sep 2018 09:38:38 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C07694A46F; Mon, 10 Sep 2018 09:38:37 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b0Tj030800 for ; Mon, 10 Sep 2018 05:37:00 -0400 Received: by smtp.corp.redhat.com (Postfix) id AFC2A10EE839; Mon, 10 Sep 2018 09:37:00 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 50C9210EE836 for ; Mon, 10 Sep 2018 09:37:00 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:14 +0200 Message-Id: <219bf0fafa9099fa413177149c85700fa8ee385d.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 13/23] lock_manager: Allow disabling configFile for virLockManagerPluginNew X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Mon, 10 Sep 2018 09:38:39 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" In some cases we might want to not load the lock driver config. Alter virLockManagerPluginNew() and the lock drivers to cope with this fact. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/locking/lock_driver.h | 4 ++++ src/locking/lock_driver_lockd.c | 4 +++- src/locking/lock_driver_sanlock.c | 4 +++- src/locking/lock_manager.c | 10 +++++++--- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/locking/lock_driver.h b/src/locking/lock_driver.h index 8d236471d4..f938b1df2a 100644 --- a/src/locking/lock_driver.h +++ b/src/locking/lock_driver.h @@ -124,6 +124,7 @@ struct _virLockManagerParam { /** * virLockDriverInit: * @version: the libvirt requested plugin ABI version + * @configFile: path to config file * @flags: the libvirt requested plugin optional extras * * Allow the plugin to validate the libvirt requested @@ -131,6 +132,9 @@ struct _virLockManagerParam { * to block its use in versions of libvirtd which are * too old to support key features. * + * The @configFile variable points to config file that the driver + * should load. If NULL, no config file should be loaded. + * * NB: A plugin may be loaded multiple times, for different * libvirt drivers (eg QEMU, LXC, UML) * diff --git a/src/locking/lock_driver_lockd.c b/src/locking/lock_driver_lock= d.c index 3068a72507..7566c4abe1 100644 --- a/src/locking/lock_driver_lockd.c +++ b/src/locking/lock_driver_lockd.c @@ -365,8 +365,10 @@ static int virLockManagerLockDaemonInit(unsigned int v= ersion, driver->requireLeaseForDisks =3D true; driver->autoDiskLease =3D true; =20 - if (virLockManagerLockDaemonLoadConfig(configFile) < 0) + if (configFile && + virLockManagerLockDaemonLoadConfig(configFile) < 0) { goto error; + } =20 if (driver->autoDiskLease) { if (driver->fileLockSpaceDir && diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sa= nlock.c index 9393e7d9a2..66953c70d5 100644 --- a/src/locking/lock_driver_sanlock.c +++ b/src/locking/lock_driver_sanlock.c @@ -450,8 +450,10 @@ static int virLockManagerSanlockInit(unsigned int vers= ion, goto error; } =20 - if (virLockManagerSanlockLoadConfig(driver, configFile) < 0) + if (configFile && + virLockManagerSanlockLoadConfig(driver, configFile) < 0) { goto error; + } =20 if (driver->autoDiskLease && !driver->hostID) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", diff --git a/src/locking/lock_manager.c b/src/locking/lock_manager.c index 4ef9f9e692..84d0c30d37 100644 --- a/src/locking/lock_manager.c +++ b/src/locking/lock_manager.c @@ -105,6 +105,8 @@ static void virLockManagerLogParams(size_t nparams, /** * virLockManagerPluginNew: * @name: the name of the plugin + * @driverName: the hypervisor driver that loads the plugin + * @configDir: path to dir where config files are stored * @flag: optional plugin flags * * Attempt to load the plugin $(libdir)/libvirt/lock-driver/@name.so @@ -130,11 +132,13 @@ virLockManagerPluginPtr virLockManagerPluginNew(const= char *name, char *configFile =3D NULL; =20 VIR_DEBUG("name=3D%s driverName=3D%s configDir=3D%s flags=3D0x%x", - name, driverName, configDir, flags); + name, NULLSTR(driverName), NULLSTR(configDir), flags); =20 - if (virAsprintf(&configFile, "%s/%s-%s.conf", - configDir, driverName, name) < 0) + if (driverName && configDir && + virAsprintf(&configFile, "%s/%s-%s.conf", + configDir, driverName, name) < 0) { return NULL; + } =20 if (STREQ(name, "nop")) { driver =3D &virLockDriverNop; --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572324706513.2566041134245; Mon, 10 Sep 2018 02:38:44 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 57B78369CF; Mon, 10 Sep 2018 09:38:42 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1968B608F3; Mon, 10 Sep 2018 09:38:42 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A5DA2181AC20; Mon, 10 Sep 2018 09:38:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b1cV030812 for ; Mon, 10 Sep 2018 05:37:01 -0400 Received: by smtp.corp.redhat.com (Postfix) id 579A010EE839; Mon, 10 Sep 2018 09:37:01 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id ECADF10EE836 for ; Mon, 10 Sep 2018 09:37:00 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:15 +0200 Message-Id: <632696652108979d99ec850beb5b013e9e0da9b2.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 14/23] qemu_conf: Introduce metadata_lock_manager X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Mon, 10 Sep 2018 09:38:44 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This config option allows users to set and enable lock manager for domain metadata. The lock manager is going to be used by security drivers to serialize each other when changing a file ownership or changing the SELinux label. The only supported lock manager is 'lockd' for now. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 8 ++++++++ src/qemu/qemu_conf.c | 13 +++++++++++++ src/qemu/qemu_conf.h | 1 + src/qemu/test_libvirtd_qemu.aug.in | 1 + 5 files changed, 24 insertions(+) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index ddc4bbfd1d..42e325d4fb 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -98,6 +98,7 @@ module Libvirtd_qemu =3D | bool_entry "relaxed_acs_check" | bool_entry "allow_disk_format_probing" | str_entry "lock_manager" + | str_entry "metadata_lock_manager" =20 let rpc_entry =3D int_entry "max_queued" | int_entry "keepalive_interval" diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index cd57b3cc69..84492719c4 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -659,6 +659,14 @@ #lock_manager =3D "lockd" =20 =20 +# To serialize two or more daemons trying to change metadata on a +# file (e.g. a file on NFS share), libvirt offers a locking +# mechanism. Currently, only "lockd" is supported (or no locking +# at all if unset). Note that this is independent of lock_manager +# described above. +# +#metadata_lock_manager =3D "lockd" + =20 # Set limit of maximum APIs queued on one domain. All other APIs # over this threshold will fail on acquiring job lock. Specially, diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index a4f545ef92..46318b7b2a 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -428,6 +428,7 @@ static void virQEMUDriverConfigDispose(void *obj) virStringListFree(cfg->securityDriverNames); =20 VIR_FREE(cfg->lockManagerName); + VIR_FREE(cfg->metadataLockManagerName); =20 virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares); =20 @@ -838,6 +839,18 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr= cfg, =20 if (virConfGetValueString(conf, "lock_manager", &cfg->lockManagerName)= < 0) goto cleanup; + + if (virConfGetValueString(conf, "metadata_lock_manager", + &cfg->metadataLockManagerName) < 0) + goto cleanup; + if (cfg->metadataLockManagerName && + STRNEQ(cfg->metadataLockManagerName, "lockd")) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown metadata lock manager name %s"), + cfg->metadataLockManagerName); + goto cleanup; + } + if (virConfGetValueString(conf, "stdio_handler", &stdioHandler) < 0) goto cleanup; if (stdioHandler) { diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index a8d84efea2..c227ac72cc 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -186,6 +186,7 @@ struct _virQEMUDriverConfig { bool autoStartBypassCache; =20 char *lockManagerName; + char *metadataLockManagerName; =20 int keepAliveInterval; unsigned int keepAliveCount; diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index f1e8806ad2..451e73126e 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -81,6 +81,7 @@ module Test_libvirtd_qemu =3D { "mac_filter" =3D "1" } { "relaxed_acs_check" =3D "1" } { "lock_manager" =3D "lockd" } +{ "metadata_lock_manager" =3D "lockd" } { "max_queued" =3D "0" } { "keepalive_interval" =3D "5" } { "keepalive_count" =3D "5" } --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 15365722914381018.775440514932; Mon, 10 Sep 2018 02:38:11 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 13094D4E56; Mon, 10 Sep 2018 09:38:10 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B803420158A9; Mon, 10 Sep 2018 09:38:09 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5C8FF181A530; Mon, 10 Sep 2018 09:38:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b2KR030827 for ; Mon, 10 Sep 2018 05:37:02 -0400 Received: by smtp.corp.redhat.com (Postfix) id 01C4310EE839; Mon, 10 Sep 2018 09:37:02 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9476A10EE836 for ; Mon, 10 Sep 2018 09:37:01 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:16 +0200 Message-Id: <85a2ff196a5f51bf0a29394d4521dd3532b1ed2f.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 15/23] security_manager: Load lock plugin on init X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Mon, 10 Sep 2018 09:38:10 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Now that we know what metadata lock manager user wishes to use we can load it when initializing security driver. This is achieved by adding new argument to virSecurityManagerNewDriver() and subsequently to all functions that end up calling it. The cfg.mk change is needed in order to allow lock_manager.h inclusion in security driver without 'syntax-check' complaining. This is safe thing to do as locking APIs will always exist (it's only backend implementation that changes). However, instead of allowing the include for all other drivers (like cpu, network, and so on) allow it only for security driver. This will still trigger the error if including from other drivers. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- cfg.mk | 4 +++- src/lxc/lxc_controller.c | 3 ++- src/lxc/lxc_driver.c | 2 +- src/qemu/qemu_driver.c | 3 +++ src/security/security_manager.c | 22 ++++++++++++++++++++++ src/security/security_manager.h | 2 ++ tests/seclabeltest.c | 2 +- tests/securityselinuxlabeltest.c | 2 +- tests/securityselinuxtest.c | 2 +- tests/testutilsqemu.c | 2 +- 10 files changed, 37 insertions(+), 7 deletions(-) diff --git a/cfg.mk b/cfg.mk index 609ae869c2..e0a7b5105a 100644 --- a/cfg.mk +++ b/cfg.mk @@ -787,8 +787,10 @@ sc_prohibit_cross_inclusion: case $$dir in \ util/) safe=3D"util";; \ access/ | conf/) safe=3D"($$dir|conf|util)";; \ - cpu/| network/| node_device/| rpc/| security/| storage/) \ + cpu/| network/| node_device/| rpc/| storage/) \ safe=3D"($$dir|util|conf|storage)";; \ + security/) \ + safe=3D"($$dir|util|conf|storage|locking)";; \ xenapi/ | xenconfig/ ) safe=3D"($$dir|util|conf|xen|cpu)";; \ *) safe=3D"($$dir|$(mid_dirs)|util)";; \ esac; \ diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 4e84391bf5..5f957eb1f8 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -2625,7 +2625,8 @@ int main(int argc, char *argv[]) ctrl->handshakeFd =3D handshakeFd; =20 if (!(ctrl->securityManager =3D virSecurityManagerNew(securityDriver, - LXC_DRIVER_NAME, 0= ))) + LXC_DRIVER_NAME, + "nop", 0))) goto cleanup; =20 if (ctrl->def->seclabels) { diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 8867645cdc..93aa25e9e6 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1532,7 +1532,7 @@ lxcSecurityInit(virLXCDriverConfigPtr cfg) flags |=3D VIR_SECURITY_MANAGER_REQUIRE_CONFINED; =20 virSecurityManagerPtr mgr =3D virSecurityManagerNew(cfg->securityDrive= rName, - LXC_DRIVER_NAME, fla= gs); + LXC_DRIVER_NAME, "no= p", flags); if (!mgr) goto error; =20 diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 6763c8cddc..4ac0d86803 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -355,6 +355,7 @@ qemuSecurityInit(virQEMUDriverPtr driver) while (names && *names) { if (!(mgr =3D qemuSecurityNew(*names, QEMU_DRIVER_NAME, + cfg->metadataLockManagerName, flags))) goto error; if (!stack) { @@ -370,6 +371,7 @@ qemuSecurityInit(virQEMUDriverPtr driver) } else { if (!(mgr =3D qemuSecurityNew(NULL, QEMU_DRIVER_NAME, + cfg->metadataLockManagerName, flags))) goto error; if (!(stack =3D qemuSecurityNewStack(mgr))) @@ -386,6 +388,7 @@ qemuSecurityInit(virQEMUDriverPtr driver) cfg->user, cfg->group, flags, + cfg->metadataLockManagerName, qemuSecurityChownCallback))) goto error; if (!stack) { diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 9f770d8c53..5c8370c159 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -28,6 +28,7 @@ #include "viralloc.h" #include "virobject.h" #include "virlog.h" +#include "locking/lock_manager.h" =20 #define VIR_FROM_THIS VIR_FROM_SECURITY =20 @@ -40,6 +41,8 @@ struct _virSecurityManager { unsigned int flags; const char *virtDriver; void *privateData; + + virLockManagerPluginPtr lockPlugin; }; =20 static virClassPtr virSecurityManagerClass; @@ -52,6 +55,9 @@ void virSecurityManagerDispose(void *obj) =20 if (mgr->drv->close) mgr->drv->close(mgr); + + virObjectUnref(mgr->lockPlugin); + VIR_FREE(mgr->privateData); } =20 @@ -71,6 +77,7 @@ VIR_ONCE_GLOBAL_INIT(virSecurityManager); static virSecurityManagerPtr virSecurityManagerNewDriver(virSecurityDriverPtr drv, const char *virtDriver, + const char *lockManagerPluginName, unsigned int flags) { virSecurityManagerPtr mgr =3D NULL; @@ -90,6 +97,14 @@ virSecurityManagerNewDriver(virSecurityDriverPtr drv, if (!(mgr =3D virObjectLockableNew(virSecurityManagerClass))) goto error; =20 + if (!lockManagerPluginName) + lockManagerPluginName =3D "nop"; + + if (!(mgr->lockPlugin =3D virLockManagerPluginNew(lockManagerPluginNam= e, + NULL, NULL, 0))) { + goto error; + } + mgr->drv =3D drv; mgr->flags =3D flags; mgr->virtDriver =3D virtDriver; @@ -112,6 +127,7 @@ virSecurityManagerNewStack(virSecurityManagerPtr primar= y) virSecurityManagerPtr mgr =3D virSecurityManagerNewDriver(&virSecurityDriverStack, virSecurityManagerGetDriver(primary), + NULL, primary->flags); =20 if (!mgr) @@ -120,6 +136,8 @@ virSecurityManagerNewStack(virSecurityManagerPtr primar= y) if (virSecurityStackAddNested(mgr, primary) < 0) goto error; =20 + mgr->lockPlugin =3D virObjectRef(mgr->lockPlugin); + return mgr; error: virObjectUnref(mgr); @@ -142,6 +160,7 @@ virSecurityManagerNewDAC(const char *virtDriver, uid_t user, gid_t group, unsigned int flags, + const char *lockManagerPluginName, virSecurityManagerDACChownCallback chownCallback) { virSecurityManagerPtr mgr; @@ -152,6 +171,7 @@ virSecurityManagerNewDAC(const char *virtDriver, =20 mgr =3D virSecurityManagerNewDriver(&virSecurityDriverDAC, virtDriver, + lockManagerPluginName, flags & VIR_SECURITY_MANAGER_NEW_MAS= K); =20 if (!mgr) @@ -173,6 +193,7 @@ virSecurityManagerNewDAC(const char *virtDriver, virSecurityManagerPtr virSecurityManagerNew(const char *name, const char *virtDriver, + const char *lockManagerPluginName, unsigned int flags) { virSecurityDriverPtr drv =3D virSecurityDriverLookup(name, virtDriver); @@ -201,6 +222,7 @@ virSecurityManagerNew(const char *name, =20 return virSecurityManagerNewDriver(drv, virtDriver, + lockManagerPluginName, flags); } =20 diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 1ead369e82..c537e1c994 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -45,6 +45,7 @@ typedef enum { =20 virSecurityManagerPtr virSecurityManagerNew(const char *name, const char *virtDriver, + const char *lockManagerPluginN= ame, unsigned int flags); =20 virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr pri= mary); @@ -70,6 +71,7 @@ virSecurityManagerPtr virSecurityManagerNewDAC(const char= *virtDriver, uid_t user, gid_t group, unsigned int flags, + const char *lockManagerPlug= inName, virSecurityManagerDACChownC= allback chownCallback); =20 int virSecurityManagerPreFork(virSecurityManagerPtr mgr); diff --git a/tests/seclabeltest.c b/tests/seclabeltest.c index 4cda80cec2..6aafc45e64 100644 --- a/tests/seclabeltest.c +++ b/tests/seclabeltest.c @@ -18,7 +18,7 @@ mymain(void) if (virThreadInitialize() < 0) return EXIT_FAILURE; =20 - mgr =3D virSecurityManagerNew(NULL, "QEMU", VIR_SECURITY_MANAGER_DEFAU= LT_CONFINED); + mgr =3D virSecurityManagerNew(NULL, "QEMU", "nop", VIR_SECURITY_MANAGE= R_DEFAULT_CONFINED); if (mgr =3D=3D NULL) { fprintf(stderr, "Failed to start security driver"); return EXIT_FAILURE; diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabelt= est.c index 48fee7cd28..85797411eb 100644 --- a/tests/securityselinuxlabeltest.c +++ b/tests/securityselinuxlabeltest.c @@ -349,7 +349,7 @@ mymain(void) if (!rc) return EXIT_AM_SKIP; =20 - if (!(mgr =3D virSecurityManagerNew("selinux", "QEMU", + if (!(mgr =3D virSecurityManagerNew("selinux", "QEMU", "nop", VIR_SECURITY_MANAGER_DEFAULT_CONFINE= D | VIR_SECURITY_MANAGER_PRIVILEGED))) { VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n", diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c index a785e9a7da..652981c895 100644 --- a/tests/securityselinuxtest.c +++ b/tests/securityselinuxtest.c @@ -275,7 +275,7 @@ mymain(void) int ret =3D 0; virSecurityManagerPtr mgr; =20 - if (!(mgr =3D virSecurityManagerNew("selinux", "QEMU", + if (!(mgr =3D virSecurityManagerNew("selinux", "QEMU", "nop", VIR_SECURITY_MANAGER_DEFAULT_CONFINE= D | VIR_SECURITY_MANAGER_PRIVILEGED))) { fprintf(stderr, "Unable to initialize security driver: %s\n", diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index 70bed461b5..f9972f7adc 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -717,7 +717,7 @@ int qemuTestDriverInit(virQEMUDriver *driver) if (qemuTestCapsCacheInsert(driver->qemuCapsCache, NULL) < 0) goto error; =20 - if (!(mgr =3D virSecurityManagerNew("none", "qemu", + if (!(mgr =3D virSecurityManagerNew("none", "qemu", "nop", VIR_SECURITY_MANAGER_PRIVILEGED))) goto error; if (!(driver->securityManager =3D virSecurityManagerNewStack(mgr))) --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572283970759.7849756770349; Mon, 10 Sep 2018 02:38:03 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AA926C058CA0; Mon, 10 Sep 2018 09:38:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6952E5D9C7; Mon, 10 Sep 2018 09:38:02 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 154334A460; Mon, 10 Sep 2018 09:38:02 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b259030839 for ; Mon, 10 Sep 2018 05:37:02 -0400 Received: by smtp.corp.redhat.com (Postfix) id 9C0B310EE839; Mon, 10 Sep 2018 09:37:02 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3CC9910EE836 for ; Mon, 10 Sep 2018 09:37:02 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:17 +0200 Message-Id: <34c1c3c209d5b2f2cf9f5811098c15d62f4d452e.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 16/23] security_manager: Introduce metadata locking APIs X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Mon, 10 Sep 2018 09:38:03 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Two new APIs are added so that security driver can lock and unlock paths it wishes to touch. These APIs are not for other drivers to call but security drivers (DAC and SELinux). That is the reason these APIs are not exposed through our libvirt_private.syms file. Three interesting things happen in this commit. The first is the global @lockManagerMutex. Unfortunately, this has to exist so that there is only on thread talking to virtlockd at a time. If there were more threads and one of them closed the connection prematurely, it would cause virtlockd killing libvirtd. Instead of complicated code that would handle that, let's have a mutex and keep the code simple. The second interesting thing is keeping connection open between lock and unlock API calls. This is achieved by duplicating client FD and keeping it open until unlock is called. This trick is used by regular disk content locking code when the FD is leaked to qemu. Finally, the third thing is polling implemented at client side. Since virtlockd has only one thread that handles locking requests, all it can do is either acquire lock or error out. Therefore, the polling has to be implemented in client. The polling is capped at 60 second timeout, which should be plenty since the metadata lock is held only for a fraction of a second. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/security/security_manager.c | 135 ++++++++++++++++++++++++++++++++++++= ++++ src/security/security_manager.h | 7 +++ 2 files changed, 142 insertions(+) diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 5c8370c159..dd5c3ac7e5 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -29,11 +29,15 @@ #include "virobject.h" #include "virlog.h" #include "locking/lock_manager.h" +#include "virfile.h" +#include "virtime.h" =20 #define VIR_FROM_THIS VIR_FROM_SECURITY =20 VIR_LOG_INIT("security.security_manager"); =20 +virMutex lockManagerMutex =3D VIR_MUTEX_INITIALIZER; + struct _virSecurityManager { virObjectLockable parent; =20 @@ -43,6 +47,7 @@ struct _virSecurityManager { void *privateData; =20 virLockManagerPluginPtr lockPlugin; + int fd; }; =20 static virClassPtr virSecurityManagerClass; @@ -57,6 +62,7 @@ void virSecurityManagerDispose(void *obj) mgr->drv->close(mgr); =20 virObjectUnref(mgr->lockPlugin); + VIR_FORCE_CLOSE(mgr->fd); =20 VIR_FREE(mgr->privateData); } @@ -109,6 +115,7 @@ virSecurityManagerNewDriver(virSecurityDriverPtr drv, mgr->flags =3D flags; mgr->virtDriver =3D virtDriver; VIR_STEAL_PTR(mgr->privateData, privateData); + mgr->fd =3D -1; =20 if (drv->open(mgr) < 0) goto error; @@ -1263,3 +1270,131 @@ virSecurityManagerRestoreTPMLabels(virSecurityManag= erPtr mgr, =20 return 0; } + + +static virLockManagerPtr +virSecurityManagerNewLockManager(virSecurityManagerPtr mgr, + const char * const *paths, + size_t npaths) +{ + virLockManagerPtr lock; + virLockManagerParam params[] =3D { + { .type =3D VIR_LOCK_MANAGER_PARAM_TYPE_UUID, + .key =3D "uuid", + }, + { .type =3D VIR_LOCK_MANAGER_PARAM_TYPE_STRING, + .key =3D "name", + .value =3D { .cstr =3D "libvirtd-sec" }, + }, + { .type =3D VIR_LOCK_MANAGER_PARAM_TYPE_UINT, + .key =3D "pid", + .value =3D { .iv =3D getpid() }, + }, + }; + const unsigned int flags =3D 0; + size_t i; + + if (virGetHostUUID(params[0].value.uuid) < 0) + return NULL; + + if (!(lock =3D virLockManagerNew(virLockManagerPluginGetDriver(mgr->lo= ckPlugin), + VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON, + ARRAY_CARDINALITY(params), + params, + flags))) + return NULL; + + for (i =3D 0; i < npaths; i++) { + if (virLockManagerAddResource(lock, + VIR_LOCK_MANAGER_RESOURCE_TYPE_METAD= ATA, + paths[i], 0, NULL, 0) < 0) + goto error; + } + + return lock; + error: + virLockManagerFree(lock); + return NULL; +} + + +/* How many seconds should we try to acquire the lock before + * giving up. */ +#define LOCK_ACQUIRE_TIMEOUT 60 + +int +virSecurityManagerMetadataLock(virSecurityManagerPtr mgr, + const char * const *paths, + size_t npaths) +{ + virLockManagerPtr lock; + virTimeBackOffVar timebackoff; + int fd =3D -1; + int rv; + int ret =3D -1; + + virMutexLock(&lockManagerMutex); + + if (!(lock =3D virSecurityManagerNewLockManager(mgr, paths, npaths))) + goto cleanup; + + if (virTimeBackOffStart(&timebackoff, 1, LOCK_ACQUIRE_TIMEOUT * 1000) = < 0) + goto cleanup; + while (virTimeBackOffWait(&timebackoff)) { + rv =3D virLockManagerAcquire(lock, NULL, + VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK, + VIR_DOMAIN_LOCK_FAILURE_DEFAULT, &fd); + + if (rv >=3D 0) + break; + + if (virGetLastErrorCode() =3D=3D VIR_ERR_RESOURCE_BUSY) + continue; + + goto cleanup; + } + + if (rv < 0) + goto cleanup; + + mgr->fd =3D fd; + fd =3D -1; + + ret =3D 0; + cleanup: + virLockManagerFree(lock); + VIR_FORCE_CLOSE(fd); + if (ret < 0) + virMutexUnlock(&lockManagerMutex); + return ret; +} + + +int +virSecurityManagerMetadataUnlock(virSecurityManagerPtr mgr, + const char * const *paths, + size_t npaths) +{ + virLockManagerPtr lock; + int fd; + int ret =3D -1; + + /* lockManagerMutex acquired from previous + * virSecurityManagerMetadataLock() call. */ + + fd =3D mgr->fd; + mgr->fd =3D -1; + + if (!(lock =3D virSecurityManagerNewLockManager(mgr, paths, npaths))) + goto cleanup; + + if (virLockManagerRelease(lock, NULL, 0) < 0) + goto cleanup; + + ret =3D 0; + cleanup: + virLockManagerFree(lock); + VIR_FORCE_CLOSE(fd); + virMutexUnlock(&lockManagerMutex); + return ret; +} diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index c537e1c994..10ebe5cc29 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -199,4 +199,11 @@ int virSecurityManagerSetTPMLabels(virSecurityManagerP= tr mgr, int virSecurityManagerRestoreTPMLabels(virSecurityManagerPtr mgr, virDomainDefPtr vm); =20 +int virSecurityManagerMetadataLock(virSecurityManagerPtr mgr, + const char * const *paths, + size_t npaths); +int virSecurityManagerMetadataUnlock(virSecurityManagerPtr mgr, + const char * const *paths, + size_t npaths); + #endif /* VIR_SECURITY_MANAGER_H__ */ --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572288563281.7935267570675; Mon, 10 Sep 2018 02:38:08 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 28B66308AA12; Mon, 10 Sep 2018 09:38:07 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DA1F8106A79A; Mon, 10 Sep 2018 09:38:06 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8728E4A469; Mon, 10 Sep 2018 09:38:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b3RY030847 for ; Mon, 10 Sep 2018 05:37:03 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4437410EE839; Mon, 10 Sep 2018 09:37:03 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id D91F710EE836 for ; Mon, 10 Sep 2018 09:37:02 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:18 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 17/23] security_dac: Move transaction handling up one level X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Mon, 10 Sep 2018 09:38:07 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" So far the whole transaction handling is done virSecurityDACSetOwnershipInternal(). This needs to change for the sake of security label remembering and locking. Otherwise we would be locking a path when only appending it to transaction list and not when actually relabelling it. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/security/security_dac.c | 65 ++++++++++++++++++++++++++++++-----------= ---- 1 file changed, 44 insertions(+), 21 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 926c9a33c1..52e28b5fda 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -77,12 +77,13 @@ struct _virSecurityDACChownItem { const virStorageSource *src; uid_t uid; gid_t gid; + bool restore; }; =20 typedef struct _virSecurityDACChownList virSecurityDACChownList; typedef virSecurityDACChownList *virSecurityDACChownListPtr; struct _virSecurityDACChownList { - virSecurityDACDataPtr priv; + virSecurityManagerPtr manager; virSecurityDACChownItemPtr *items; size_t nItems; }; @@ -95,7 +96,8 @@ virSecurityDACChownListAppend(virSecurityDACChownListPtr = list, const char *path, const virStorageSource *src, uid_t uid, - gid_t gid) + gid_t gid, + bool restore) { int ret =3D -1; char *tmp =3D NULL; @@ -111,6 +113,7 @@ virSecurityDACChownListAppend(virSecurityDACChownListPt= r list, item->src =3D src; item->uid =3D uid; item->gid =3D gid; + item->restore =3D restore; =20 if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0) goto cleanup; @@ -159,25 +162,29 @@ static int virSecurityDACTransactionAppend(const char *path, const virStorageSource *src, uid_t uid, - gid_t gid) + gid_t gid, + bool restore) { virSecurityDACChownListPtr list =3D virThreadLocalGet(&chownList); if (!list) return 0; =20 - if (virSecurityDACChownListAppend(list, path, src, uid, gid) < 0) + if (virSecurityDACChownListAppend(list, path, src, uid, gid, restore) = < 0) return -1; =20 return 1; } =20 =20 -static int virSecurityDACSetOwnershipInternal(const virSecurityDACData *pr= iv, - const virStorageSource *src, - const char *path, - uid_t uid, - gid_t gid); +static int virSecurityDACSetOwnership(virSecurityManagerPtr mgr, + const virStorageSource *src, + const char *path, + uid_t uid, + gid_t gid); =20 +static int virSecurityDACRestoreFileLabelInternal(virSecurityManagerPtr mg= r, + const virStorageSource *= src, + const char *path); /** * virSecurityDACTransactionRun: * @pid: process pid @@ -201,11 +208,16 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUS= ED, virSecurityDACChownItemPtr item =3D list->items[i]; =20 /* TODO Implement rollback */ - if (virSecurityDACSetOwnershipInternal(list->priv, - item->src, - item->path, - item->uid, - item->gid) < 0) + if ((!item->restore && + virSecurityDACSetOwnership(list->manager, + item->src, + item->path, + item->uid, + item->gid) < 0) || + (item->restore && + virSecurityDACRestoreFileLabelInternal(list->manager, + item->src, + item->path) < 0)) return -1; } =20 @@ -455,7 +467,6 @@ virSecurityDACPreFork(virSecurityManagerPtr mgr) static int virSecurityDACTransactionStart(virSecurityManagerPtr mgr) { - virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityDACChownListPtr list; =20 list =3D virThreadLocalGet(&chownList); @@ -468,7 +479,7 @@ virSecurityDACTransactionStart(virSecurityManagerPtr mg= r) if (VIR_ALLOC(list) < 0) return -1; =20 - list->priv =3D priv; + list->manager =3D mgr; =20 if (virThreadLocalSet(&chownList, list) < 0) { virReportSystemError(errno, "%s", @@ -564,11 +575,6 @@ virSecurityDACSetOwnershipInternal(const virSecurityDA= CData *priv, /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ =20 - if ((rc =3D virSecurityDACTransactionAppend(path, src, uid, gid)) < 0) - return -1; - else if (rc > 0) - return 0; - VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'", NULLSTR(src ? src->path : path), (long)uid, (long)gid); =20 @@ -640,11 +646,20 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); struct stat sb; + int rc; =20 if (!path && src && src->path && virStorageSourceIsLocalStorage(src)) path =3D src->path; =20 + /* Be aware that this function might run in a separate process. + * Therefore, any driver state changes would be thrown away. */ + + if ((rc =3D virSecurityDACTransactionAppend(path, src, uid, gid, false= )) < 0) + return -1; + else if (rc > 0) + return 0; + if (path) { if (stat(path, &sb) < 0) { virReportSystemError(errno, _("unable to stat: %s"), path); @@ -676,6 +691,14 @@ virSecurityDACRestoreFileLabelInternal(virSecurityMana= gerPtr mgr, virStorageSourceIsLocalStorage(src)) path =3D src->path; =20 + /* Be aware that this function might run in a separate process. + * Therefore, any driver state changes would be thrown away. */ + + if ((rv =3D virSecurityDACTransactionAppend(path, src, uid, gid, true)= ) < 0) + return -1; + else if (rv > 0) + return 0; + if (path) { rv =3D virSecurityDACRecallLabel(priv, path, &uid, &gid); if (rv < 0) --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572293232327.11799894879505; Mon, 10 Sep 2018 02:38:13 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 990D5308624C; Mon, 10 Sep 2018 09:38:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 626005D791; Mon, 10 Sep 2018 09:38:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 11100181A530; Mon, 10 Sep 2018 09:38:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b3UA030852 for ; Mon, 10 Sep 2018 05:37:04 -0400 Received: by smtp.corp.redhat.com (Postfix) id DFCCD10EE839; Mon, 10 Sep 2018 09:37:03 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8118610EE836 for ; Mon, 10 Sep 2018 09:37:03 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:19 +0200 Message-Id: <56d3cf61b9ec2c3154f71838d382fc5ecb50d961.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 18/23] security_dac: Fix info messages when chown()-ing X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Mon, 10 Sep 2018 09:38:12 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Firstly, the message that says we're setting uid:gid shouldn't be called from virSecurityDACSetOwnershipInternal() because virSecurityDACRestoreFileLabelInternal() is calling it too. Secondly, there are places between us reporting label restore and us actually doing it where we can quit. Don't say we're doing something until we are actually about to do it. Signed-off-by: Michal Privoznik --- src/security/security_dac.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 52e28b5fda..414e226f0f 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -575,9 +575,6 @@ virSecurityDACSetOwnershipInternal(const virSecurityDAC= Data *priv, /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ =20 - VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'", - NULLSTR(src ? src->path : path), (long)uid, (long)gid); - if (priv && src && priv->chownCallback) { rc =3D priv->chownCallback(src, uid, gid); /* here path is used only for error messages */ @@ -670,6 +667,9 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, return -1; } =20 + VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'", + NULLSTR(src ? src->path : path), (long)uid, (long)gid); + return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid); } =20 @@ -684,9 +684,6 @@ virSecurityDACRestoreFileLabelInternal(virSecurityManag= erPtr mgr, uid_t uid =3D 0; /* By default return to root:root */ gid_t gid =3D 0; =20 - VIR_INFO("Restoring DAC user and group on '%s'", - NULLSTR(src ? src->path : path)); - if (!path && src && src->path && virStorageSourceIsLocalStorage(src)) path =3D src->path; @@ -707,6 +704,9 @@ virSecurityDACRestoreFileLabelInternal(virSecurityManag= erPtr mgr, return 0; } =20 + VIR_INFO("Restoring DAC user and group on '%s' to %ld:%ld", + NULLSTR(src ? src->path : path), (long)uid, (long)gid); + return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid); } =20 --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572327744552.5405983314224; Mon, 10 Sep 2018 02:38:47 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 40AC42D1A5; Mon, 10 Sep 2018 09:38:46 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 078151A7E9; Mon, 10 Sep 2018 09:38:46 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9CB2D4BB7F; Mon, 10 Sep 2018 09:38:45 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b47q030857 for ; Mon, 10 Sep 2018 05:37:04 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8788310EE839; Mon, 10 Sep 2018 09:37:04 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 289B410EE836 for ; Mon, 10 Sep 2018 09:37:04 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:20 +0200 Message-Id: <96d553b06114083250051244f79a42fb4565bbd1.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 19/23] security_dac: Lock metadata when running transaction X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Mon, 10 Sep 2018 09:38:47 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Lock all the paths we want to relabel to mutually exclude other libvirt daemons. The only culprit here hitch here is that directories can't be locked. Therefore, when relabeling a directory do not lock it (this happens only when setting up some domain private paths anyway, e.g. huge pages directory). Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/security/security_dac.c | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 414e226f0f..e8fd4a9132 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -202,8 +202,28 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSE= D, void *opaque) { virSecurityDACChownListPtr list =3D opaque; + const char **paths =3D NULL; + size_t npaths =3D 0; size_t i; + int rv; + int ret =3D -1; =20 + if (VIR_ALLOC_N(paths, list->nItems) < 0) + return -1; + + for (i =3D 0; i < list->nItems; i++) { + const char *p =3D list->items[i]->path; + + if (virFileIsDir(p)) + continue; + + VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); + } + + if (virSecurityManagerMetadataLock(list->manager, paths, npaths) < 0) + goto cleanup; + + rv =3D 0; for (i =3D 0; i < list->nItems; i++) { virSecurityDACChownItemPtr item =3D list->items[i]; =20 @@ -217,11 +237,22 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUS= ED, (item->restore && virSecurityDACRestoreFileLabelInternal(list->manager, item->src, - item->path) < 0)) - return -1; + item->path) < 0)) { + rv =3D -1; + break; + } } =20 - return 0; + if (virSecurityManagerMetadataUnlock(list->manager, paths, npaths) < 0) + goto cleanup; + + if (rv < 0) + goto cleanup; + + ret =3D 0; + cleanup: + VIR_FREE(paths); + return ret; } =20 =20 --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572331695820.0232006561374; Mon, 10 Sep 2018 02:38:51 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2BD453084026; Mon, 10 Sep 2018 09:38:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EA3305C22A; Mon, 10 Sep 2018 09:38:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9EC984A46F; Mon, 10 Sep 2018 09:38:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b5oe030866 for ; Mon, 10 Sep 2018 05:37:05 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2F3A910EE839; Mon, 10 Sep 2018 09:37:05 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id C47CF10EE836 for ; Mon, 10 Sep 2018 09:37:04 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:21 +0200 Message-Id: <35fbfe2fab5767b130c261adf41918a59b0a7455.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 20/23] virSecuritySELinuxRestoreFileLabel: Rename 'err' label X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Mon, 10 Sep 2018 09:38:51 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This label is used in both successful and error paths. Therefore it should be named 'cleanup' and not 'err'. Signed-off-by: Michal Privoznik Reviewed-by: John Ferlan --- src/security/security_selinux.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 288f3628f7..35f18e1738 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1306,13 +1306,13 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManag= erPtr mgr, if (virFileResolveLink(path, &newpath) < 0) { VIR_WARN("cannot resolve symlink %s: %s", path, virStrerror(errno, ebuf, sizeof(ebuf))); - goto err; + goto cleanup; } =20 if (stat(newpath, &buf) !=3D 0) { VIR_WARN("cannot stat %s: %s", newpath, virStrerror(errno, ebuf, sizeof(ebuf))); - goto err; + goto cleanup; } =20 if (getContext(mgr, newpath, buf.st_mode, &fcon) < 0) { @@ -1325,7 +1325,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManager= Ptr mgr, rc =3D virSecuritySELinuxSetFilecon(mgr, newpath, fcon); } =20 - err: + cleanup: freecon(fcon); VIR_FREE(newpath); return rc; --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572297217923.5493310401802; Mon, 10 Sep 2018 02:38:17 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DB04F30833A6; Mon, 10 Sep 2018 09:38:15 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A133C307CD90; Mon, 10 Sep 2018 09:38:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 28F13181A55B; Mon, 10 Sep 2018 09:38:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b5fb030879 for ; Mon, 10 Sep 2018 05:37:06 -0400 Received: by smtp.corp.redhat.com (Postfix) id CB97410EE839; Mon, 10 Sep 2018 09:37:05 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6C7FE10EE836 for ; Mon, 10 Sep 2018 09:37:05 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:22 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 21/23] virSecuritySELinuxRestoreFileLabel: Adjust code pattern X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Mon, 10 Sep 2018 09:38:16 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Firstly, the following code pattern is harder to follow: if (func() < 0) { error(); } else { /* success */ } We should put 'goto cleanup' into the error branch and move the else branch one level up. Secondly, 'rc' should really be named 'ret' because it holds return value of the function. Not some intermediate value. Signed-off-by: Michal Privoznik --- src/security/security_selinux.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 35f18e1738..72d12c9df1 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1291,9 +1291,9 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManager= Ptr mgr, { struct stat buf; security_context_t fcon =3D NULL; - int rc =3D -1; char *newpath =3D NULL; char ebuf[1024]; + int ret =3D -1; =20 /* Some paths are auto-generated, so let's be safe here and do * nothing if nothing is needed. @@ -1320,15 +1320,18 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManag= erPtr mgr, * which makes this an expected non error */ VIR_WARN("cannot lookup default selinux label for %s", newpath); - rc =3D 0; - } else { - rc =3D virSecuritySELinuxSetFilecon(mgr, newpath, fcon); + ret =3D 0; + goto cleanup; } =20 + if (virSecuritySELinuxSetFilecon(mgr, newpath, fcon) < 0) + goto cleanup; + + ret =3D 0; cleanup: freecon(fcon); VIR_FREE(newpath); - return rc; + return ret; } =20 =20 --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572297904946.3708407472584; Mon, 10 Sep 2018 02:38:17 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 284C986677; Mon, 10 Sep 2018 09:38:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E589318154; Mon, 10 Sep 2018 09:38:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 92FC3181A71E; Mon, 10 Sep 2018 09:38:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b63N030891 for ; Mon, 10 Sep 2018 05:37:06 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7342B10EE839; Mon, 10 Sep 2018 09:37:06 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1467E10EE836 for ; Mon, 10 Sep 2018 09:37:05 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:23 +0200 Message-Id: <608bcbae0c61ed65110ff70e438d04ae98e588d9.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 22/23] security_selinux: Move transaction handling up one level X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 10 Sep 2018 09:38:16 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" So far the whole transaction handling is done virSecuritySELinuxSetFileconHelper(). This needs to change for the sake of security label remembering and locking. Otherwise we would be locking a path when only appending it to transaction list and not when actually relabelling it. Signed-off-by: Michal Privoznik --- src/security/security_selinux.c | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 72d12c9df1..f6416010f9 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1146,20 +1146,14 @@ virSecuritySELinuxGetProcessLabel(virSecurityManage= rPtr mgr ATTRIBUTE_UNUSED, * return 1 if labelling was not possible. Otherwise, require a label * change, and return 0 for success, -1 for failure. */ static int -virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon, - bool optional, bool privileged) +virSecuritySELinuxSetFileconImpl(const char *path, const char *tcon, + bool optional, bool privileged) { security_context_t econ; - int rc; =20 /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ =20 - if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional))= < 0) - return -1; - else if (rc > 0) - return 0; - VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon); =20 if (setfilecon_raw(path, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) { @@ -1213,6 +1207,22 @@ virSecuritySELinuxSetFileconHelper(const char *path,= const char *tcon, return 0; } =20 + +static int +virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon, + bool optional, bool privileged) +{ + int rc; + + if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional))= < 0) + return -1; + else if (rc > 0) + return 0; + + return virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileg= ed); +} + + static int virSecuritySELinuxSetFileconOptional(virSecurityManagerPtr mgr, const char *path, const char *tcon) @@ -1289,10 +1299,12 @@ static int virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, const char *path) { + bool privileged =3D virSecurityManagerGetPrivileged(mgr); struct stat buf; security_context_t fcon =3D NULL; char *newpath =3D NULL; char ebuf[1024]; + int rc; int ret =3D -1; =20 /* Some paths are auto-generated, so let's be safe here and do @@ -1324,7 +1336,12 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManage= rPtr mgr, goto cleanup; } =20 - if (virSecuritySELinuxSetFilecon(mgr, newpath, fcon) < 0) + if ((rc =3D virSecuritySELinuxTransactionAppend(path, fcon, false)) < = 0) + return -1; + else if (rc > 0) + return 0; + + if (virSecuritySELinuxSetFileconImpl(newpath, fcon, false, privileged)= < 0) goto cleanup; =20 ret =3D 0; --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 05:37:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572335940195.71861912093084; Mon, 10 Sep 2018 02:38:55 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 06F6530821F3; Mon, 10 Sep 2018 09:38:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C925D600C9; Mon, 10 Sep 2018 09:38:53 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 78EB1181A55B; Mon, 10 Sep 2018 09:38:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b7mv030906 for ; Mon, 10 Sep 2018 05:37:07 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1B28810EE839; Mon, 10 Sep 2018 09:37:07 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id B05EB10EE836 for ; Mon, 10 Sep 2018 09:37:06 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:24 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 23/23] security_dac: Lock metadata when running transaction X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Mon, 10 Sep 2018 09:38:55 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Lock all the paths we want to relabel to mutually exclude other libvirt daemons. The only culprit here hitch here is that directories can't be locked. Therefore, when relabeling a directory do not lock it (this happens only when setting up some domain private paths anyway, e.g. huge pages directory). Signed-off-by: Michal Privoznik --- src/security/security_selinux.c | 43 +++++++++++++++++++++++++++++++++++--= ---- 1 file changed, 37 insertions(+), 6 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index f6416010f9..056637e4cb 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -90,7 +90,7 @@ struct _virSecuritySELinuxContextItem { typedef struct _virSecuritySELinuxContextList virSecuritySELinuxContextLis= t; typedef virSecuritySELinuxContextList *virSecuritySELinuxContextListPtr; struct _virSecuritySELinuxContextList { - bool privileged; + virSecurityManagerPtr manager; virSecuritySELinuxContextItemPtr *items; size_t nItems; }; @@ -212,8 +212,29 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_U= NUSED, void *opaque) { virSecuritySELinuxContextListPtr list =3D opaque; + bool privileged =3D virSecurityManagerGetPrivileged(list->manager); + const char **paths =3D NULL; + size_t npaths =3D 0; size_t i; + int rv; + int ret =3D -1; =20 + if (VIR_ALLOC_N(paths, list->nItems) < 0) + return -1; + + for (i =3D 0; i < list->nItems; i++) { + const char *p =3D list->items[i]->path; + + if (virFileIsDir(p)) + continue; + + VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); + } + + if (virSecurityManagerMetadataLock(list->manager, paths, npaths) < 0) + goto cleanup; + + rv =3D 0; for (i =3D 0; i < list->nItems; i++) { virSecuritySELinuxContextItemPtr item =3D list->items[i]; =20 @@ -221,11 +242,22 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_= UNUSED, if (virSecuritySELinuxSetFileconHelper(item->path, item->tcon, item->optional, - list->privileged) < 0) - return -1; + privileged) < 0) { + rv =3D -1; + break; + } } =20 - return 0; + if (virSecurityManagerMetadataUnlock(list->manager, paths, npaths) < 0) + goto cleanup; + + if (rv < 0) + goto cleanup; + + ret =3D 0; + cleanup: + VIR_FREE(paths); + return ret; } =20 =20 @@ -1010,7 +1042,6 @@ virSecuritySELinuxGetDOI(virSecurityManagerPtr mgr AT= TRIBUTE_UNUSED) static int virSecuritySELinuxTransactionStart(virSecurityManagerPtr mgr) { - bool privileged =3D virSecurityManagerGetPrivileged(mgr); virSecuritySELinuxContextListPtr list; =20 list =3D virThreadLocalGet(&contextList); @@ -1023,7 +1054,7 @@ virSecuritySELinuxTransactionStart(virSecurityManager= Ptr mgr) if (VIR_ALLOC(list) < 0) return -1; =20 - list->privileged =3D privileged; + list->manager =3D mgr; =20 if (virThreadLocalSet(&contextList, list) < 0) { virReportSystemError(errno, "%s", --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list