On Wed, May 26, 2010 at 04:53:02PM +0100, Balazs Lecz wrote: > This patch adds a new boolean hypervisor parameter to the KVM hypervisor, > named 'use_chroot'. > If it's turned on for an instance, than KVM is started in "chroot mode": > Ganeti creates an empty directory for the instance and passes the path > of this dir to KVM via the -chroot flag. > KVM changes its root to this directory after starting up. > > I've also added a "quarantine" feature for moving any unexpected files to > a separate directory for later analysis. > > Signed-off-by: Balazs Lecz <[email protected]> > --- > lib/constants.py | 3 ++ > lib/hypervisor/hv_kvm.py | 52 ++++++++++++++++++++++++++++++++++++++++++++- > man/gnt-instance.sgml | 19 ++++++++++++++++ > 3 files changed, 72 insertions(+), 2 deletions(-) > > diff --git a/lib/constants.py b/lib/constants.py > index 7392a95..a6cdcd6 100644 > --- a/lib/constants.py > +++ b/lib/constants.py > @@ -496,6 +496,7 @@ HV_SECURITY_MODEL = "security_model" > HV_SECURITY_DOMAIN = "security_domain" > HV_KVM_FLAG = "kvm_flag" > HV_VHOST_NET = "vhost_net" > +HV_KVM_USE_CHROOT = "use_chroot" > > HVS_PARAMETER_TYPES = { > HV_BOOT_ORDER: VTYPE_STRING, > @@ -527,6 +528,7 @@ HVS_PARAMETER_TYPES = { > HV_SECURITY_DOMAIN: VTYPE_STRING, > HV_KVM_FLAG: VTYPE_STRING, > HV_VHOST_NET: VTYPE_BOOL, > + HV_KVM_USE_CHROOT: VTYPE_BOOL, > } > > HVS_PARAMETERS = frozenset(HVS_PARAMETER_TYPES.keys()) > @@ -795,6 +797,7 @@ HVC_DEFAULTS = { > HV_SECURITY_DOMAIN: '', > HV_KVM_FLAG: "", > HV_VHOST_NET: False, > + HV_KVM_USE_CHROOT: False, > }, > HT_FAKE: { > }, > diff --git a/lib/hypervisor/hv_kvm.py b/lib/hypervisor/hv_kvm.py > index af04dca..fdb7fd6 100644 > --- a/lib/hypervisor/hv_kvm.py > +++ b/lib/hypervisor/hv_kvm.py > @@ -23,6 +23,7 @@ > > """ > > +import errno > import os > import os.path > import re > @@ -51,7 +52,16 @@ class KVMHypervisor(hv_base.BaseHypervisor): > _UIDS_DIR = _ROOT_DIR + "/uid" # contains instances reserved uids > _CTRL_DIR = _ROOT_DIR + "/ctrl" # contains instances control sockets > _CONF_DIR = _ROOT_DIR + "/conf" # contains instances startup data > - _DIRS = [_ROOT_DIR, _PIDS_DIR, _UIDS_DIR, _CTRL_DIR, _CONF_DIR] > + # KVM instances with chroot enabled are started in empty chroot > directories. > + _CHROOT_DIR = _ROOT_DIR + "/chroot" # for empty chroot directories > + # After an instance is stopped, its chroot directory is removed. > + # If the chroot directory is not empty, it can't be removed. > + # A non-empty chroot directory indicates a possible security incident. > + # To support forensics, the non-empty chroot directory is quarantined in > + # a separate directory, called 'chroot-quarantine'. > + _CHROOT_QUARANTINE_DIR = _ROOT_DIR + "/chroot-quarantine" > + _DIRS = [_ROOT_DIR, _PIDS_DIR, _UIDS_DIR, _CTRL_DIR, _CONF_DIR, > + _CHROOT_DIR, _CHROOT_QUARANTINE_DIR] > > PARAMETERS = { > constants.HV_KERNEL_PATH: hv_base.OPT_FILE_CHECK, > @@ -87,6 +97,7 @@ class KVMHypervisor(hv_base.BaseHypervisor): > constants.HV_KVM_FLAG: > hv_base.ParamInSet(False, constants.HT_KVM_FLAG_VALUES), > constants.HV_VHOST_NET: hv_base.NO_CHECK, > + constants.HV_KVM_USE_CHROOT: hv_base.NO_CHECK, > } > > _MIGRATION_STATUS_RE = re.compile('Migration\s+status:\s+(\w+)', > @@ -230,6 +241,21 @@ class KVMHypervisor(hv_base.BaseHypervisor): > return utils.PathJoin(cls._CONF_DIR, "%s.runtime" % instance_name) > > @classmethod > + def _InstanceChrootDir(cls, instance_name): > + """Returns the name of the KVM chroot dir of the instance > + > + """ > + return utils.PathJoin(cls._CHROOT_DIR, "%s" % instance_name)
"%s" % a -> a? > + > + @classmethod > + def _InstanceChrootQuarantineDir(cls, instance_name): > + """Returns the name of the KVM chroot quarantine dir of the instance > + > + """ > + return utils.PathJoin(cls._CHROOT_QUARANTINE_DIR, "%s_%s" > + % (instance_name, utils.TimestampForFilename())) "%s_%s" -> , instance_name, utils.Timestamp… (i.e. two-levels structure)? iustin
