[libvirt] [PATCHv3 2/2] Iface: disallow network tuning in session mode globally

Michal Privoznik mprivozn at redhat.com
Thu Nov 6 13:30:35 UTC 2014


On 06.11.2014 12:38, Erik Skultety wrote:
> Patch 43b67f2e disallowed network tuning only with qemu driver, however
> this patch moved the check for root privileges into
> virNetDevBandwidthSet function, so the call should now
> fail in all possible cases. A mock function was created so that the test
> suite doesn't fail because of unsufficient privileges.
> ---
>   src/util/virnetdevbandwidth.c  |  8 ++++++++
>   tests/Makefile.am              | 26 +++++++++++++++++++-------
>   tests/virnetdevbandwidthmock.c | 28 ++++++++++++++++++++++++++++
>   tests/virnetdevbandwidthtest.c |  2 +-
>   4 files changed, 56 insertions(+), 8 deletions(-)
>   create mode 100644 tests/virnetdevbandwidthmock.c
>
> diff --git a/src/util/virnetdevbandwidth.c b/src/util/virnetdevbandwidth.c
> index 5fa231a..9f2a159 100644
> --- a/src/util/virnetdevbandwidth.c
> +++ b/src/util/virnetdevbandwidth.c
> @@ -21,6 +21,7 @@
>    */
>
>   #include <config.h>
> +#include <unistd.h>
>
>   #include "virnetdevbandwidth.h"
>   #include "vircommand.h"
> @@ -74,6 +75,13 @@ virNetDevBandwidthSet(const char *ifname,
>           goto cleanup;
>       }
>
> +    if (geteuid() != 0) {
> +        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> +                       _("Network bandwidth tuning is not available"
> +                         " in session mode"));
> +        return -1;
> +    }
> +

I wonder if we should have the same check in virNetDevBandwidthClear() 
since it's often used in pair with Set() and in fact it's called before 
the Set() function.

>       virNetDevBandwidthClear(ifname);
>
>       if (bandwidth->in && bandwidth->in->average) {
> diff --git a/tests/Makefile.am b/tests/Makefile.am
> index 7b22f90..a3e3ab3 100644
> --- a/tests/Makefile.am
> +++ b/tests/Makefile.am
> @@ -167,7 +167,6 @@ test_programs = virshtest sockettest \
>   	virstringtest \
>   	virportallocatortest \
>   	sysinfotest \
> -	virnetdevbandwidthtest \
>   	virkmodtest \
>   	vircapstest \
>   	domaincapstest \
> @@ -318,7 +317,9 @@ test_programs += metadatatest
>   test_programs += secretxml2xmltest
>
>   if WITH_LINUX
> -test_programs += virusbtest
> +test_programs += virusbtest \
> +	virnetdevbandwidthtest \
> +	$(NULL)
>   endif WITH_LINUX
>
>   test_scripts = \
> @@ -409,7 +410,9 @@ test_libraries += \
>   endif WITH_DBUS
>
>   if WITH_LINUX
> -test_libraries += virusbmock.la
> +test_libraries += virusbmock.la \
> +		virnetdevbandwidthmock.la \
> +		$(NULL)
>   endif WITH_LINUX
>
>   if WITH_TESTS
> @@ -825,9 +828,6 @@ commandhelper_LDADD = \
>
>   commandhelper_LDFLAGS = -static
>
> -virnetdevbandwidthtest_SOURCES = \
> -	virnetdevbandwidthtest.c testutils.h testutils.c
> -virnetdevbandwidthtest_LDADD = $(LDADDS) $(LIBXML_LIBS)
>
>   virkmodtest_SOURCES = \
>   	virkmodtest.c testutils.h testutils.c
> @@ -994,12 +994,24 @@ virusbtest_SOURCES = \
>   	virusbtest.c testutils.h testutils.c
>   virusbtest_LDADD = $(LDADDS)
>
> +virnetdevbandwidthtest_SOURCES = \
> +	virnetdevbandwidthtest.c testutils.h testutils.c
> +virnetdevbandwidthtest_LDADD = $(LDADDS) $(LIBXML_LIBS)
> +
>   virusbmock_la_SOURCES = virusbmock.c
>   virusbmock_la_CFLAGS = $(AM_CFLAGS)
>   virusbmock_la_LDFLAGS = -module -avoid-version \
>           -rpath /evil/libtool/hack/to/force/shared/lib/creation
> +
> +virnetdevbandwidthmock_la_SOURCES = \
> +	virnetdevbandwidthmock.c
> +virnetdevbandwidthmock_la_CFLAGS = $(AM_CFLAGS)
> +virnetdevbandwidthmock_la_LDFLAGS = -module -avoid-version \
> +        -rpath /evil/libtool/hack/to/force/shared/lib/creation
> +
>   else ! WITH_LINUX
> -	EXTRA_DIST += virusbtest.c virusbmock.c
> +	EXTRA_DIST += virusbtest.c virusbmock.c \
> +		virnetdevbandwidthtest.c virnetdevbandwidthmock.c
>   endif ! WITH_LINUX
>
>   if WITH_DBUS
> diff --git a/tests/virnetdevbandwidthmock.c b/tests/virnetdevbandwidthmock.c
> new file mode 100644
> index 0000000..e8edead
> --- /dev/null
> +++ b/tests/virnetdevbandwidthmock.c
> @@ -0,0 +1,28 @@
> +/*
> + * Copyright (C) 2013 Red Hat, Inc.

Looking at calendar reveals it 2014 :-P

> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library.  If not, see
> + * <http://www.gnu.org/licenses/>.
> + *
> + * Author: Erik Skultety <eskultet at redhat.com>
> + */
> +

Michal




More information about the libvir-list mailing list