[libvirt] [PATCHv3 2/2] Iface: disallow network tuning in session mode globally

Erik Skultety eskultet at redhat.com
Thu Nov 6 11:38:52 UTC 2014 

Patch 43b67f2e disallowed network tuning only with qemu driver, however
this patch moved the check for root privileges into
virNetDevBandwidthSet function, so the call should now
fail in all possible cases. A mock function was created so that the test
suite doesn't fail because of unsufficient privileges.
---
 src/util/virnetdevbandwidth.c  |  8 ++++++++
 tests/Makefile.am              | 26 +++++++++++++++++++-------
 tests/virnetdevbandwidthmock.c | 28 ++++++++++++++++++++++++++++
 tests/virnetdevbandwidthtest.c |  2 +-
 4 files changed, 56 insertions(+), 8 deletions(-)
 create mode 100644 tests/virnetdevbandwidthmock.c

diff --git a/src/util/virnetdevbandwidth.c b/src/util/virnetdevbandwidth.c
index 5fa231a..9f2a159 100644
--- a/src/util/virnetdevbandwidth.c
+++ b/src/util/virnetdevbandwidth.c
@@ -21,6 +21,7 @@
  */
 
 #include <config.h>
+#include <unistd.h>
 
 #include "virnetdevbandwidth.h"
 #include "vircommand.h"
@@ -74,6 +75,13 @@ virNetDevBandwidthSet(const char *ifname,
         goto cleanup;
     }
 
+    if (geteuid() != 0) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("Network bandwidth tuning is not available"
+                         " in session mode"));
+        return -1;
+    }
+
     virNetDevBandwidthClear(ifname);
 
     if (bandwidth->in && bandwidth->in->average) {
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 7b22f90..a3e3ab3 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -167,7 +167,6 @@ test_programs = virshtest sockettest \
 	virstringtest \
 	virportallocatortest \
 	sysinfotest \
-	virnetdevbandwidthtest \
 	virkmodtest \
 	vircapstest \
 	domaincapstest \
@@ -318,7 +317,9 @@ test_programs += metadatatest
 test_programs += secretxml2xmltest
 
 if WITH_LINUX
-test_programs += virusbtest
+test_programs += virusbtest \
+	virnetdevbandwidthtest \
+	$(NULL)
 endif WITH_LINUX
 
 test_scripts = \
@@ -409,7 +410,9 @@ test_libraries += \
 endif WITH_DBUS
 
 if WITH_LINUX
-test_libraries += virusbmock.la
+test_libraries += virusbmock.la \
+		virnetdevbandwidthmock.la \
+		$(NULL)
 endif WITH_LINUX
 
 if WITH_TESTS
@@ -825,9 +828,6 @@ commandhelper_LDADD = \
 
 commandhelper_LDFLAGS = -static
 
-virnetdevbandwidthtest_SOURCES = \
-	virnetdevbandwidthtest.c testutils.h testutils.c
-virnetdevbandwidthtest_LDADD = $(LDADDS) $(LIBXML_LIBS)
 
 virkmodtest_SOURCES = \
 	virkmodtest.c testutils.h testutils.c
@@ -994,12 +994,24 @@ virusbtest_SOURCES = \
 	virusbtest.c testutils.h testutils.c
 virusbtest_LDADD = $(LDADDS)
 
+virnetdevbandwidthtest_SOURCES = \
+	virnetdevbandwidthtest.c testutils.h testutils.c
+virnetdevbandwidthtest_LDADD = $(LDADDS) $(LIBXML_LIBS)
+
 virusbmock_la_SOURCES = virusbmock.c
 virusbmock_la_CFLAGS = $(AM_CFLAGS)
 virusbmock_la_LDFLAGS = -module -avoid-version \
         -rpath /evil/libtool/hack/to/force/shared/lib/creation
+
+virnetdevbandwidthmock_la_SOURCES = \
+	virnetdevbandwidthmock.c
+virnetdevbandwidthmock_la_CFLAGS = $(AM_CFLAGS)
+virnetdevbandwidthmock_la_LDFLAGS = -module -avoid-version \
+        -rpath /evil/libtool/hack/to/force/shared/lib/creation
+
 else ! WITH_LINUX
-	EXTRA_DIST += virusbtest.c virusbmock.c
+	EXTRA_DIST += virusbtest.c virusbmock.c \
+		virnetdevbandwidthtest.c virnetdevbandwidthmock.c
 endif ! WITH_LINUX
 
 if WITH_DBUS
diff --git a/tests/virnetdevbandwidthmock.c b/tests/virnetdevbandwidthmock.c
new file mode 100644
index 0000000..e8edead
--- /dev/null
+++ b/tests/virnetdevbandwidthmock.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2013 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Author: Erik Skultety <eskultet at redhat.com>
+ */
+
+#include <config.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+uid_t geteuid(void)
+{
+    return 0;
+}
diff --git a/tests/virnetdevbandwidthtest.c b/tests/virnetdevbandwidthtest.c
index 384991e..cd24442 100644
--- a/tests/virnetdevbandwidthtest.c
+++ b/tests/virnetdevbandwidthtest.c
@@ -167,4 +167,4 @@ mymain(void)
     return ret;
 }
 
-VIRT_TEST_MAIN(mymain);
+VIRT_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virnetdevbandwidthmock.so")
-- 
1.9.3

More information about the libvir-list mailing list