Wire up logging of VM taintint to the QEMU driver
- If running QEMU as root user/group or without capabilities
being cleared
- If passing custom QEMU command line args
- If issuing custom QEMU monitor commands
- If using a network interface config with an associated
shell script
- If using a disk config relying on format probing
The warnings, per-VM appear in the main libvirtd logs
11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2'
uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: high-privileges
11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2'
uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: disk-probing
And in the /var/log/libvirt/qemu/$VMNAME.log file
Domain id=2 is tainted: high-privileges
Domain id=2 is tainted: disk-probing
The taint flags are reset when the VM is stopped.
* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Helper APIs
for logging taint warnings
* src/qemu/qemu_driver.c: Log tainting with custom QEMU monitor
commands and disk/net hotplug with unsupported configs
* src/qemu/qemu_process.c: Log tainting at startup based on
unsupported configs
---
src/qemu/qemu_domain.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_domain.h | 16 +++++++++-
src/qemu/qemu_driver.c | 8 ++---
src/qemu/qemu_process.c | 4 ++-
4 files changed, 96 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a947b4e..78839cc 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -32,6 +32,7 @@
#include "event.h"
#include "cpu/cpu.h"
#include "ignore-value.h"
+#include "uuid.h"
#include <sys/time.h>
@@ -697,3 +698,77 @@ cleanup:
virCPUDefFree(cpu);
return ret;
}
+
+void qemuDomainObjTaint(virDomainObjPtr obj,
+ int taint,
+ int logFD)
+{
+ if (virDomainObjTaint(obj, taint)) {
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ virUUIDFormat(obj->def->uuid, uuidstr);
+
+ VIR_WARN("Domain id=%d name='%s' uuid=%s is tainted: %s",
+ obj->def->id,
+ obj->def->name,
+ uuidstr,
+ virDomainTaintTypeToString(taint));
+
+ if (logFD != -1) {
+ char *message;
+ if (virAsprintf(&message,
+ "Domain id=%d is tainted: %s\n",
+ obj->def->id,
+ virDomainTaintTypeToString(taint)) < 0)
+ return;
+ ignore_value(safewrite(logFD, message, strlen(message)));
+ }
+ }
+}
+
+
+void qemuDomainObjCheckTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj,
+ int logFD)
+{
+ int i;
+
+ if (!driver->clearEmulatorCapabilities ||
+ driver->user == 0 ||
+ driver->group == 0)
+ qemuDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, logFD);
+
+ if (obj->def->namespaceData) {
+ qemuDomainCmdlineDefPtr qemucmd = obj->def->namespaceData;
+ if (qemucmd->num_args || qemucmd->num_env)
+ qemuDomainObjTaint(obj, VIR_DOMAIN_TAINT_CUSTOM_ARGV, logFD);
+ }
+
+ for (i = 0 ; i < obj->def->ndisks ; i++)
+ qemuDomainObjCheckDiskTaint(driver, obj, obj->def->disks[i], logFD);
+
+ for (i = 0 ; i < obj->def->nnets ; i++)
+ qemuDomainObjCheckNetTaint(obj, obj->def->nets[i], logFD);
+}
+
+
+void qemuDomainObjCheckDiskTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj,
+ virDomainDiskDefPtr disk,
+ int logFD)
+{
+ if (!disk->driverType &&
+ driver->allowDiskFormatProbing)
+ qemuDomainObjTaint(obj, VIR_DOMAIN_TAINT_DISK_PROBING, logFD);
+}
+
+
+void qemuDomainObjCheckNetTaint(virDomainObjPtr obj,
+ virDomainNetDefPtr net,
+ int logFD)
+{
+ if ((net->type == VIR_DOMAIN_NET_TYPE_ETHERNET &&
+ net->data.ethernet.script != NULL) ||
+ (net->type == VIR_DOMAIN_NET_TYPE_BRIDGE &&
+ net->data.bridge.script != NULL))
+ qemuDomainObjTaint(obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS, logFD);
+}
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 8258900..dbef4e1 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -69,7 +69,6 @@ struct _qemuDomainObjPrivate {
qemuMonitorPtr mon;
virDomainChrSourceDefPtr monConfig;
int monJSON;
- int monitor_warned;
bool gotShutdown;
int nvcpupids;
@@ -113,4 +112,19 @@ char *qemuDomainFormatXML(struct qemud_driver *driver,
virDomainObjPtr vm,
int flags);
+void qemuDomainObjTaint(virDomainObjPtr obj,
+ int taint,
+ int logFD);
+
+void qemuDomainObjCheckTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj,
+ int logFD);
+void qemuDomainObjCheckDiskTaint(struct qemud_driver *driver,
+ virDomainObjPtr obj,
+ virDomainDiskDefPtr disk,
+ int logFD);
+void qemuDomainObjCheckNetTaint(virDomainObjPtr obj,
+ virDomainNetDefPtr net,
+ int logFD);
+
#endif /* __QEMU_DOMAIN_H__ */
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 0919503..13f9362 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3884,6 +3884,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
switch (dev->type) {
case VIR_DOMAIN_DEVICE_DISK:
+ qemuDomainObjCheckDiskTaint(driver, vm, dev->data.disk, -1);
ret = qemuDomainAttachDeviceDiskLive(driver, vm, dev, qemuCaps);
if (!ret)
dev->data.disk = NULL;
@@ -3896,6 +3897,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
break;
case VIR_DOMAIN_DEVICE_NET:
+ qemuDomainObjCheckNetTaint(vm, dev->data.net, -1);
ret = qemuDomainAttachNetDevice(dom->conn, driver, vm,
dev->data.net, qemuCaps);
if (!ret)
@@ -7001,11 +7003,7 @@ static int qemuDomainMonitorCommand(virDomainPtr domain,
const char *cmd,
priv = vm->privateData;
- if (!priv->monitor_warned) {
- VIR_INFO("Qemu monitor command '%s' executed; libvirt results may be
unpredictable!",
- cmd);
- priv->monitor_warned = 1;
- }
+ qemuDomainObjTaint(vm, VIR_DOMAIN_TAINT_CUSTOM_MONITOR, -1);
hmp = !!(flags & VIR_DOMAIN_QEMU_MONITOR_COMMAND_HMP);
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 7691cbe..c521dbf 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2229,7 +2229,6 @@ int qemuProcessStart(virConnectPtr conn,
#endif
priv->monJSON = 0;
- priv->monitor_warned = 0;
priv->gotShutdown = false;
if ((ret = virFileDeletePid(driver->stateDir, vm->def->name)) != 0) {
@@ -2316,6 +2315,8 @@ int qemuProcessStart(virConnectPtr conn,
virCommandWriteArgLog(cmd, logfile);
+ qemuDomainObjCheckTaint(driver, vm, logfile);
+
if ((pos = lseek(logfile, 0, SEEK_END)) < 0)
VIR_WARN("Unable to seek to end of logfile: %s",
virStrerror(errno, ebuf, sizeof ebuf));
@@ -2597,6 +2598,7 @@ retry:
qemuProcessReturnPort(driver,
vm->def->graphics[0]->data.spice.tlsPort);
}
+ vm->taint = 0;
vm->pid = -1;
vm->def->id = -1;
vm->state = VIR_DOMAIN_SHUTOFF;
--
1.7.4.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
