On Fri, 2021-07-09 at 15:07 +0200, Martin Kletzander wrote:
> On Wed, Jun 30, 2021 at 10:53:45AM +0800, Luke Yue wrote:
> > In order to test the virDomainGetMessages for test driver, we need
> > to
> > check some taints or deprecations, so introduce
> > testDomainObjCheckTaint
> > for checking taints.
> >
> > As we introduced testDomainObjCheckTaint for test driver, the
> > `dominfo`
> > command in virshtest will now print tainting messages, so add them
> > for
> > test.
> >
>
> I do not know whether I'd duplicate all of the qemu driver code to
> exercise some test driver APIs, but it's better than nothing. To be
> honest I don't know about any other better option =)
>
> > Signed-off-by: Luke Yue <luked...@gmail.com>
> > ---
> > src/test/test_driver.c | 57
> > ++++++++++++++++++++++++++++++++++++++++++
> > tests/virshtest.c | 2 ++
> > 2 files changed, 59 insertions(+)
> >
> > diff --git a/src/test/test_driver.c b/src/test/test_driver.c
> > index 35742fcde3..06ba7c4cd2 100644
> > --- a/src/test/test_driver.c
> > +++ b/src/test/test_driver.c
> > @@ -9291,6 +9291,61 @@
> > testDomainCheckpointDelete(virDomainCheckpointPtr checkpoint,
> > return ret;
> > }
> >
> > +static void
> > +testDomainObjCheckDiskTaint(virDomainObj *obj,
> > + virDomainDiskDef *disk)
> > +{
> > + if (disk->rawio == VIR_TRISTATE_BOOL_YES)
> > + virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
> > +
> > + if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM &&
> > + virStorageSourceGetActualType(disk->src) ==
> > VIR_STORAGE_TYPE_BLOCK &&
> > + disk->src->path && virFileIsCDROM(disk->src->path) == 1)
> > + virDomainObjTaint(obj,
> > VIR_DOMAIN_TAINT_CDROM_PASSTHROUGH);
> > +}
> > +
> > +static void
> > +testDomainObjCheckHostdevTaint(virDomainObj *obj,
> > + virDomainHostdevDef *hostdev)
> > +{
> > + if (!virHostdevIsSCSIDevice(hostdev))
> > + return;
> > +
> > + if (hostdev->source.subsys.u.scsi.rawio ==
> > VIR_TRISTATE_BOOL_YES)
> > + virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
> > +}
> > +
> > +static void
> > +testDomainObjCheckNetTaint(virDomainObj *obj,
> > + virDomainNetDef *net)
> > +{
> > + /* script is only useful for NET_TYPE_ETHERNET (qemu) and
> > + * NET_TYPE_BRIDGE (xen), but could be (incorrectly) specified
> > for
> > + * any interface type. In any case, it's adding user sauce
> > into
> > + * the soup, so it should taint the domain.
> > + */
> > + if (net->script != NULL)
> > + virDomainObjTaint(obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS);
> > +}
> > +
> > +static void
> > +testDomainObjCheckTaint(virDomainObj *obj)
> > +{
> > + size_t i;
> > +
> > + for (i = 0; i < obj->def->ndisks; i++)
> > + testDomainObjCheckDiskTaint(obj, obj->def->disks[i]);
> > +
> > + for (i = 0; i < obj->def->nhostdevs; i++)
> > + testDomainObjCheckHostdevTaint(obj, obj->def-
> > >hostdevs[i]);
> > +
> > + for (i = 0; i < obj->def->nnets; i++)
> > + testDomainObjCheckNetTaint(obj, obj->def->nets[i]);
> > +
> > + if (obj->def->os.dtb)
> > + virDomainObjTaint(obj, VIR_DOMAIN_TAINT_CUSTOM_DTB);
> > +}
> > +
> > static int
> > testDomainGetMessages(virDomainPtr dom,
> > char ***msgs,
> > @@ -9311,6 +9366,8 @@ testDomainGetMessages(virDomainPtr dom,
> > nmsgs = 0;
> > n = 0;
> >
> > + testDomainObjCheckTaint(vm);
> > +
>
> I know it works here, but I would rather do it in testParseDomains()
> and
> when creating a domain. To make it done in a single place you could
> utilise xmlopt callbacks which are called at different stages of
> parsing
> an XML, be it domain or any other one. That way this function does
> not
> do anything that other drivers don't.
>
Thanks, I will take your advice and put it in testParseDomains()
> > if (!flags || (flags & VIR_DOMAIN_MESSAGE_TAINTING)) {
> > nmsgs += __builtin_popcount(vm->taint);
> > *msgs = g_renew(char *, *msgs, nmsgs+1);
> > diff --git a/tests/virshtest.c b/tests/virshtest.c
> > index c1974c46cb..937448cefc 100644
> > --- a/tests/virshtest.c
> > +++ b/tests/virshtest.c
> > @@ -22,6 +22,7 @@ main(void)
> >
> > # define DOM_UUID "ef861801-45b9-11cb-88e3-afbfe5370493"
> > # define SECURITY_LABEL "libvirt-test (enforcing)"
> > +# define MESSAGES "tainted: network configuration using opaque
> > shell scripts"
> >
> > static const char *dominfo_fc4 = "\
> > Id: 2\n\
> > @@ -38,6 +39,7 @@ Managed save: no\n\
> > Security model: testSecurity\n\
> > Security DOI: \n\
> > Security label: " SECURITY_LABEL "\n\
> > +Messages: " MESSAGES "\n\
>
> Pity there's not much more than this, but again - better than
> nothing.
I created a new xml for testing and added more tainted configurations,
will send it with v4
Thanks!
> > \n";
> > static const char *domuuid_fc4 = DOM_UUID "\n\n";
> > static const char *domid_fc4 = "2\n\n";
> > --
> > 2.32.0
> >
