The domblklist command is designed to show a brief information about the blocks
of a domain. One piece of information that is shows is "Target" and "Source".
Before the modification, the Vhost disk of SPDK is displayed as "-". After
the modification, the socket associated with it can be displayed.
Signed-off-by: dinglimin <dinglimin@cmss.chinamobile.com>
Signed-off-by: imxcc <xingchaochao@huawei.com>
(cherry picked from commit ba96974243af5faf2eb7d9ad88a0bfd35b5f7e15)
virDevMapperGetTargets: Don't ignore EBADF
virdevmapper: Don't cache device-mapper major
virdevmapper: Handle kernel without device-mapper support
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
In one of my latest patch (v6.6.0~30) I was trying to remove
libdevmapper use in favor of our own implementation. However, the
code did not take into account that device mapper can be not
compiled into the kernel (e.g. be a separate module that's not
loaded) in which case /proc/devices won't have the device-mapper
major number and thus virDevMapperGetTargets() and/or
virIsDevMapperDevice() fails.
However, such failure is safe to ignore, because if device mapper
is missing then there can't be any multipath devices and thus we
don't need to allow the deps in CGroups, nor create them in the
domain private namespace, etc.
Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
Reported-by: Andrea Bolognani <abologna@redhat.com>
Reported-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
The device mapper major is needed in virIsDevMapperDevice() which
determines whether given device is managed by device-mapper. This
number is obtained by parsing /proc/devices and then stored in a
global variable so that the file doesn't have to be parsed again.
However, as it turns out this logic is flawed - the major number
is not static and can change as it can be specified as a
parameter when loading the dm-mod module.
Unfortunately, I was not able to come up with a good solution and
thus the /proc/devices file is being parsed every time we need
the device mapper major.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath
security: fix SELinux label generation logic
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
A process can access a file if the set of MCS categories
for the file is equal-to *or* a subset-of, the set of
MCS categories for the process.
If there are two VMs:
a) svirt_t:s0:c117
b) svirt_t:s0:c117,c720
Then VM (b) is able to access files labelled for VM (a).
IOW, we must discard case where the categories are equal
because that is a subset of many other valid category pairs.
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/153
CVE-2021-3631
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
'virStoragePoolObjListSearch' returns a locked and refed object, thus we
must release it on ACL permission failure.
Fixes: 7aa0e8c0cb8
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Currently the default values of retry_interval and retry_timeout are set
to -1, when 'driver' option exists without retry fileds. It conflicts
with the default values when the 'driver' option does not exist.
So let's set default values of retry_interval and retry_timeout to 0 when
retry policy is not enabled.
Signed-off-by: Jiahui Cen <cenjiahui@huawei.com>
Introduce error_policy=/rerror_policy='retry' to support
werror=/rerror=retry mechanism in qemu.
Add retry_interval parameter to control the interval between retries.
Add retry_timeout parameter to control the total retry times.
Signed-off-by: Jiahui Cen <cenjiahui@huawei.com>
Signed-off-by: Ying Fang <fangying1@huawei.com>
util: Move virIsDevMapperDevice() to virdevmapper.c
virdevmapper: Don't use libdevmapper to obtain dependencies
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
CVE-2020-14339
When building domain's private /dev in a namespace, libdevmapper
is consulted for getting full dependency tree of domain's disks.
The reason is that for a multipath devices all dependent devices
must be created in the namespace and allowed in CGroups.
However, this approach is very fragile as building of namespace
happens in the forked off child process, after mass close of FDs
and just before dropping privileges and execing QEMU. And it so
happens that when calling libdevmapper APIs, one of them opens
/dev/mapper/control and saves the FD into a global variable. The
FD is kept open until the lib is unlinked or dm_lib_release() is
called explicitly. We are doing neither.
However, the virDevMapperGetTargets() function is called also
from libvirtd (when setting up CGroups) and thus has to be thread
safe. Unfortunately, libdevmapper APIs are not thread safe (nor
async signal safe) and thus we can't use them. Reimplement what
libdevmapper would do using plain C (ioctl()-s, /proc/devices
parsing, /dev/mapper dirwalking, and so on).
Fixes: a30078cb832646177defd256e77c632905f1e6d0
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1858260
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
cherry-pick from commit 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-14339
When introducing virdevmapper.c (in v4.3.0-rc1~427) I didn't
realize there is a function that calls in devmapper. The function
is called virIsDevMapperDevice() and lives in virutil.c. Now that
we have a special file for handling devmapper move it there.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit dfa0e118f745fe3f4fe95975c6100f0fc6d788be
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
Because current firewalld version is too old(< 0.7.0) to support
the rule priority setting in the libvirt zone file, so we should
add --without-firewalld-zone to configure commandline.
More info can be found in the following link:
https://github.com/libvirt/libvirt/commit/3b71f2e4.
Signed-off-by: Alex Chen <alex.chen@huawei.com>
rpc: gendispatch: handle empty flags
rpc: add support for filtering @acls by uint params
rpc: require write acl for guest agent in virDomainInterfaceAddresses
qemu: agent: set ifname to NULL after freeing
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-25637
Add a requirement for domain:write if source is set to
VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT.
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit e4116eaa44cb366b59f7fe98f4b88d04c04970ad
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-25637
Add a new field to @acl annotations for filtering by
unsigned int parameters.
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit 50864dcda191eb35732dbd80fb6ca251a6bba923
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-25637
Prepare for omission of the <flagname> in remote_protocol.x
@acl annotations:
@acl: <object>:<permission>:<flagname>
so that we can add more field after, e.g.:
@acl: <object>:<permission>::<field>
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit 955029bd0ad7ef96000f529ac38204a8f4a96401
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
