diff options
author | Richard W.M. Jones <rjones@redhat.com> | 2012-09-17 13:38:38 +0100 |
---|---|---|
committer | Richard W.M. Jones <rjones@redhat.com> | 2012-09-17 13:45:19 +0100 |
commit | 2e17d78178eb085bdf54eb170bf036e0d7143c19 (patch) | |
tree | e95f850b6a50202ae55186e1bb93f072cc41dd40 /src | |
parent | e128a627fb8f39f4f4c11b782cef895bd79f0282 (diff) | |
download | libguestfs-2e17d78178eb085bdf54eb170bf036e0d7143c19.tar.gz libguestfs-2e17d78178eb085bdf54eb170bf036e0d7143c19.tar.xz libguestfs-2e17d78178eb085bdf54eb170bf036e0d7143c19.zip |
launch: libvirt: Disable sVirt if using a custom qemu (ie. setting <emulator>).
See:
https://bugzilla.redhat.com/show_bug.cgi?id=857659
especially Dan's comment 4.
Diffstat (limited to 'src')
-rw-r--r-- | src/launch-libvirt.c | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/src/launch-libvirt.c b/src/launch-libvirt.c index 619cc0eb..7d748750 100644 --- a/src/launch-libvirt.c +++ b/src/launch-libvirt.c @@ -92,8 +92,9 @@ xmlBufferDetach (xmlBufferPtr buf) } #endif -static xmlChar *construct_libvirt_xml (guestfs_h *g, const char *capabilities_xml, const char *kernel, const char *initrd, const char *appliance, const char *guestfsd_sock, const char *console_sock); +static xmlChar *construct_libvirt_xml (guestfs_h *g, const char *capabilities_xml, const char *kernel, const char *initrd, const char *appliance, const char *guestfsd_sock, const char *console_sock, int disable_svirt); static void libvirt_error (guestfs_h *g, const char *fs, ...); +static int is_custom_qemu (guestfs_h *g); static int is_blk (const char *path); static int random_chars (char *ret, size_t len); static void ignore_errors (void *ignore, virErrorPtr ignore2); @@ -114,6 +115,7 @@ launch_libvirt (guestfs_h *g, const char *libvirt_uri) int console = -1, r; uint32_t size; void *buf = NULL; + int disable_svirt = is_custom_qemu (g); /* At present you must add drives before starting the appliance. In * future when we enable hotplugging you won't need to do this. @@ -277,7 +279,8 @@ launch_libvirt (guestfs_h *g, const char *libvirt_uri) xml = construct_libvirt_xml (g, capabilities, kernel, initrd, appliance, - guestfsd_sock, console_sock); + guestfsd_sock, console_sock, + disable_svirt); if (!xml) goto cleanup; @@ -415,9 +418,16 @@ launch_libvirt (guestfs_h *g, const char *libvirt_uri) return -1; } +static int +is_custom_qemu (guestfs_h *g) +{ + return g->qemu && STRNEQ (g->qemu, QEMU); +} + static int construct_libvirt_xml_name (guestfs_h *g, xmlTextWriterPtr xo); static int construct_libvirt_xml_cpu (guestfs_h *g, xmlTextWriterPtr xo); static int construct_libvirt_xml_boot (guestfs_h *g, xmlTextWriterPtr xo, const char *kernel, const char *initrd, size_t appliance_index); +static int construct_libvirt_xml_seclabel (guestfs_h *g, xmlTextWriterPtr xo); static int construct_libvirt_xml_lifecycle (guestfs_h *g, xmlTextWriterPtr xo); static int construct_libvirt_xml_devices (guestfs_h *g, xmlTextWriterPtr xo, const char *appliance, size_t appliance_index, const char *guestfsd_sock, const char *console_sock); static int construct_libvirt_xml_qemu_cmdline (guestfs_h *g, xmlTextWriterPtr xo); @@ -436,7 +446,8 @@ static xmlChar * construct_libvirt_xml (guestfs_h *g, const char *capabilities_xml, const char *kernel, const char *initrd, const char *appliance, - const char *guestfsd_sock, const char *console_sock) + const char *guestfsd_sock, const char *console_sock, + int disable_svirt) { xmlChar *ret = NULL; xmlBufferPtr xb = NULL; @@ -481,6 +492,9 @@ construct_libvirt_xml (guestfs_h *g, const char *capabilities_xml, goto err; if (construct_libvirt_xml_boot (g, xo, kernel, initrd, appliance_index) == -1) goto err; + if (disable_svirt) + if (construct_libvirt_xml_seclabel (g, xo) == -1) + goto err; if (construct_libvirt_xml_lifecycle (g, xo) == -1) goto err; if (construct_libvirt_xml_devices (g, xo, appliance, appliance_index, @@ -635,6 +649,22 @@ construct_libvirt_xml_boot (guestfs_h *g, xmlTextWriterPtr xo, return -1; } +static int +construct_libvirt_xml_seclabel (guestfs_h *g, xmlTextWriterPtr xo) +{ + /* This disables SELinux/sVirt confinement. */ + XMLERROR (-1, xmlTextWriterStartElement (xo, BAD_CAST "seclabel")); + XMLERROR (-1, + xmlTextWriterWriteAttribute (xo, BAD_CAST "type", + BAD_CAST "none")); + XMLERROR (-1, xmlTextWriterEndElement (xo)); + + return 0; + + err: + return -1; +} + /* qemu -no-reboot */ static int construct_libvirt_xml_lifecycle (guestfs_h *g, xmlTextWriterPtr xo) @@ -664,7 +694,7 @@ construct_libvirt_xml_devices (guestfs_h *g, xmlTextWriterPtr xo, /* Path to qemu. Only write this if the user has changed the * default, otherwise allow libvirt to choose the best one. */ - if (g->qemu && STRNEQ (g->qemu, QEMU)) { + if (is_custom_qemu (g)) { XMLERROR (-1, xmlTextWriterStartElement (xo, BAD_CAST "emulator")); XMLERROR (-1, xmlTextWriterWriteString (xo, BAD_CAST g->qemu)); XMLERROR (-1, xmlTextWriterEndElement (xo)); |