Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

launch: libvirt: Disable sVirt if using a custom qemu (ie. setting <e…

…mulator>).

See:
https://bugzilla.redhat.com/show_bug.cgi?id=857659
especially Dan's comment 4.
  • Loading branch information...
commit 2e17d78178eb085bdf54eb170bf036e0d7143c19 1 parent e128a62
rwmjones rwmjones authored

Showing 1 changed file with 34 additions and 4 deletions. Show diff stats Hide diff stats

  1. +34 4 src/launch-libvirt.c
38 src/launch-libvirt.c
@@ -92,8 +92,9 @@ xmlBufferDetach (xmlBufferPtr buf)
92 92 }
93 93 #endif
94 94
95   -static xmlChar *construct_libvirt_xml (guestfs_h *g, const char *capabilities_xml, const char *kernel, const char *initrd, const char *appliance, const char *guestfsd_sock, const char *console_sock);
  95 +static xmlChar *construct_libvirt_xml (guestfs_h *g, const char *capabilities_xml, const char *kernel, const char *initrd, const char *appliance, const char *guestfsd_sock, const char *console_sock, int disable_svirt);
96 96 static void libvirt_error (guestfs_h *g, const char *fs, ...);
  97 +static int is_custom_qemu (guestfs_h *g);
97 98 static int is_blk (const char *path);
98 99 static int random_chars (char *ret, size_t len);
99 100 static void ignore_errors (void *ignore, virErrorPtr ignore2);
@@ -114,6 +115,7 @@ launch_libvirt (guestfs_h *g, const char *libvirt_uri)
114 115 int console = -1, r;
115 116 uint32_t size;
116 117 void *buf = NULL;
  118 + int disable_svirt = is_custom_qemu (g);
117 119
118 120 /* At present you must add drives before starting the appliance. In
119 121 * future when we enable hotplugging you won't need to do this.
@@ -277,7 +279,8 @@ launch_libvirt (guestfs_h *g, const char *libvirt_uri)
277 279
278 280 xml = construct_libvirt_xml (g, capabilities,
279 281 kernel, initrd, appliance,
280   - guestfsd_sock, console_sock);
  282 + guestfsd_sock, console_sock,
  283 + disable_svirt);
281 284 if (!xml)
282 285 goto cleanup;
283 286
@@ -415,9 +418,16 @@ launch_libvirt (guestfs_h *g, const char *libvirt_uri)
415 418 return -1;
416 419 }
417 420
  421 +static int
  422 +is_custom_qemu (guestfs_h *g)
  423 +{
  424 + return g->qemu && STRNEQ (g->qemu, QEMU);
  425 +}
  426 +
418 427 static int construct_libvirt_xml_name (guestfs_h *g, xmlTextWriterPtr xo);
419 428 static int construct_libvirt_xml_cpu (guestfs_h *g, xmlTextWriterPtr xo);
420 429 static int construct_libvirt_xml_boot (guestfs_h *g, xmlTextWriterPtr xo, const char *kernel, const char *initrd, size_t appliance_index);
  430 +static int construct_libvirt_xml_seclabel (guestfs_h *g, xmlTextWriterPtr xo);
421 431 static int construct_libvirt_xml_lifecycle (guestfs_h *g, xmlTextWriterPtr xo);
422 432 static int construct_libvirt_xml_devices (guestfs_h *g, xmlTextWriterPtr xo, const char *appliance, size_t appliance_index, const char *guestfsd_sock, const char *console_sock);
423 433 static int construct_libvirt_xml_qemu_cmdline (guestfs_h *g, xmlTextWriterPtr xo);
@@ -436,7 +446,8 @@ static xmlChar *
436 446 construct_libvirt_xml (guestfs_h *g, const char *capabilities_xml,
437 447 const char *kernel, const char *initrd,
438 448 const char *appliance,
439   - const char *guestfsd_sock, const char *console_sock)
  449 + const char *guestfsd_sock, const char *console_sock,
  450 + int disable_svirt)
440 451 {
441 452 xmlChar *ret = NULL;
442 453 xmlBufferPtr xb = NULL;
@@ -481,6 +492,9 @@ construct_libvirt_xml (guestfs_h *g, const char *capabilities_xml,
481 492 goto err;
482 493 if (construct_libvirt_xml_boot (g, xo, kernel, initrd, appliance_index) == -1)
483 494 goto err;
  495 + if (disable_svirt)
  496 + if (construct_libvirt_xml_seclabel (g, xo) == -1)
  497 + goto err;
484 498 if (construct_libvirt_xml_lifecycle (g, xo) == -1)
485 499 goto err;
486 500 if (construct_libvirt_xml_devices (g, xo, appliance, appliance_index,
@@ -635,6 +649,22 @@ construct_libvirt_xml_boot (guestfs_h *g, xmlTextWriterPtr xo,
635 649 return -1;
636 650 }
637 651
  652 +static int
  653 +construct_libvirt_xml_seclabel (guestfs_h *g, xmlTextWriterPtr xo)
  654 +{
  655 + /* This disables SELinux/sVirt confinement. */
  656 + XMLERROR (-1, xmlTextWriterStartElement (xo, BAD_CAST "seclabel"));
  657 + XMLERROR (-1,
  658 + xmlTextWriterWriteAttribute (xo, BAD_CAST "type",
  659 + BAD_CAST "none"));
  660 + XMLERROR (-1, xmlTextWriterEndElement (xo));
  661 +
  662 + return 0;
  663 +
  664 + err:
  665 + return -1;
  666 +}
  667 +
638 668 /* qemu -no-reboot */
639 669 static int
640 670 construct_libvirt_xml_lifecycle (guestfs_h *g, xmlTextWriterPtr xo)
@@ -664,7 +694,7 @@ construct_libvirt_xml_devices (guestfs_h *g, xmlTextWriterPtr xo,
664 694 /* Path to qemu. Only write this if the user has changed the
665 695 * default, otherwise allow libvirt to choose the best one.
666 696 */
667   - if (g->qemu && STRNEQ (g->qemu, QEMU)) {
  697 + if (is_custom_qemu (g)) {
668 698 XMLERROR (-1, xmlTextWriterStartElement (xo, BAD_CAST "emulator"));
669 699 XMLERROR (-1, xmlTextWriterWriteString (xo, BAD_CAST g->qemu));
670 700 XMLERROR (-1, xmlTextWriterEndElement (xo));

0 comments on commit 2e17d78

Please sign in to comment.
Something went wrong with that request. Please try again.