On Wed, Jun 30, 2021 at 10:53:45AM +0800, Luke Yue wrote:
In order to test the virDomainGetMessages for test driver, we need to
check some taints or deprecations, so introduce testDomainObjCheckTaint
for checking taints.

As we introduced testDomainObjCheckTaint for test driver, the `dominfo`
command in virshtest will now print tainting messages, so add them for
test.


I do not know whether I'd duplicate all of the qemu driver code to
exercise some test driver APIs, but it's better than nothing.  To be
honest I don't know about any other better option =)

Signed-off-by: Luke Yue <luked...@gmail.com>
---
src/test/test_driver.c | 57 ++++++++++++++++++++++++++++++++++++++++++
tests/virshtest.c      |  2 ++
2 files changed, 59 insertions(+)

diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index 35742fcde3..06ba7c4cd2 100644
--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
@@ -9291,6 +9291,61 @@ testDomainCheckpointDelete(virDomainCheckpointPtr 
checkpoint,
    return ret;
}

+static void
+testDomainObjCheckDiskTaint(virDomainObj *obj,
+                            virDomainDiskDef *disk)
+{
+    if (disk->rawio == VIR_TRISTATE_BOOL_YES)
+        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
+
+    if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM &&
+        virStorageSourceGetActualType(disk->src) == VIR_STORAGE_TYPE_BLOCK &&
+        disk->src->path && virFileIsCDROM(disk->src->path) == 1)
+        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_CDROM_PASSTHROUGH);
+}
+
+static void
+testDomainObjCheckHostdevTaint(virDomainObj *obj,
+                               virDomainHostdevDef *hostdev)
+{
+    if (!virHostdevIsSCSIDevice(hostdev))
+        return;
+
+    if (hostdev->source.subsys.u.scsi.rawio == VIR_TRISTATE_BOOL_YES)
+        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
+}
+
+static void
+testDomainObjCheckNetTaint(virDomainObj *obj,
+                           virDomainNetDef *net)
+{
+    /* script is only useful for NET_TYPE_ETHERNET (qemu) and
+     * NET_TYPE_BRIDGE (xen), but could be (incorrectly) specified for
+     * any interface type. In any case, it's adding user sauce into
+     * the soup, so it should taint the domain.
+     */
+    if (net->script != NULL)
+        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS);
+}
+
+static void
+testDomainObjCheckTaint(virDomainObj *obj)
+{
+    size_t i;
+
+    for (i = 0; i < obj->def->ndisks; i++)
+        testDomainObjCheckDiskTaint(obj, obj->def->disks[i]);
+
+    for (i = 0; i < obj->def->nhostdevs; i++)
+        testDomainObjCheckHostdevTaint(obj, obj->def->hostdevs[i]);
+
+    for (i = 0; i < obj->def->nnets; i++)
+        testDomainObjCheckNetTaint(obj, obj->def->nets[i]);
+
+    if (obj->def->os.dtb)
+        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_CUSTOM_DTB);
+}
+
static int
testDomainGetMessages(virDomainPtr dom,
                      char ***msgs,
@@ -9311,6 +9366,8 @@ testDomainGetMessages(virDomainPtr dom,
    nmsgs = 0;
    n = 0;

+    testDomainObjCheckTaint(vm);
+

I know it works here, but I would rather do it in testParseDomains() and
when creating a domain.  To make it done in a single place you could
utilise xmlopt callbacks which are called at different stages of parsing
an XML, be it domain or any other one.  That way this function does not
do anything that other drivers don't.

    if (!flags || (flags & VIR_DOMAIN_MESSAGE_TAINTING)) {
        nmsgs += __builtin_popcount(vm->taint);
        *msgs = g_renew(char *, *msgs, nmsgs+1);
diff --git a/tests/virshtest.c b/tests/virshtest.c
index c1974c46cb..937448cefc 100644
--- a/tests/virshtest.c
+++ b/tests/virshtest.c
@@ -22,6 +22,7 @@ main(void)

# define DOM_UUID "ef861801-45b9-11cb-88e3-afbfe5370493"
# define SECURITY_LABEL "libvirt-test (enforcing)"
+# define MESSAGES "tainted: network configuration using opaque shell scripts"

static const char *dominfo_fc4 = "\
Id:             2\n\
@@ -38,6 +39,7 @@ Managed save:   no\n\
Security model: testSecurity\n\
Security DOI:   \n\
Security label: " SECURITY_LABEL "\n\
+Messages:       " MESSAGES "\n\

Pity there's not much more than this, but again - better than nothing.

\n";
static const char *domuuid_fc4 = DOM_UUID "\n\n";
static const char *domid_fc4 = "2\n\n";
--
2.32.0

Attachment: signature.asc
Description: PGP signature

Reply via email to