[libvirt] [PATCHv3 2/2] Iface: disallow network tuning in session mode globally
Michal Privoznik
mprivozn at redhat.com
Thu Nov 6 13:30:35 UTC 2014
On 06.11.2014 12:38, Erik Skultety wrote:
> Patch 43b67f2e disallowed network tuning only with qemu driver, however
> this patch moved the check for root privileges into
> virNetDevBandwidthSet function, so the call should now
> fail in all possible cases. A mock function was created so that the test
> suite doesn't fail because of unsufficient privileges.
> ---
> src/util/virnetdevbandwidth.c | 8 ++++++++
> tests/Makefile.am | 26 +++++++++++++++++++-------
> tests/virnetdevbandwidthmock.c | 28 ++++++++++++++++++++++++++++
> tests/virnetdevbandwidthtest.c | 2 +-
> 4 files changed, 56 insertions(+), 8 deletions(-)
> create mode 100644 tests/virnetdevbandwidthmock.c
>
> diff --git a/src/util/virnetdevbandwidth.c b/src/util/virnetdevbandwidth.c
> index 5fa231a..9f2a159 100644
> --- a/src/util/virnetdevbandwidth.c
> +++ b/src/util/virnetdevbandwidth.c
> @@ -21,6 +21,7 @@
> */
>
> #include <config.h>
> +#include <unistd.h>
>
> #include "virnetdevbandwidth.h"
> #include "vircommand.h"
> @@ -74,6 +75,13 @@ virNetDevBandwidthSet(const char *ifname,
> goto cleanup;
> }
>
> + if (geteuid() != 0) {
> + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> + _("Network bandwidth tuning is not available"
> + " in session mode"));
> + return -1;
> + }
> +
I wonder if we should have the same check in virNetDevBandwidthClear()
since it's often used in pair with Set() and in fact it's called before
the Set() function.
> virNetDevBandwidthClear(ifname);
>
> if (bandwidth->in && bandwidth->in->average) {
> diff --git a/tests/Makefile.am b/tests/Makefile.am
> index 7b22f90..a3e3ab3 100644
> --- a/tests/Makefile.am
> +++ b/tests/Makefile.am
> @@ -167,7 +167,6 @@ test_programs = virshtest sockettest \
> virstringtest \
> virportallocatortest \
> sysinfotest \
> - virnetdevbandwidthtest \
> virkmodtest \
> vircapstest \
> domaincapstest \
> @@ -318,7 +317,9 @@ test_programs += metadatatest
> test_programs += secretxml2xmltest
>
> if WITH_LINUX
> -test_programs += virusbtest
> +test_programs += virusbtest \
> + virnetdevbandwidthtest \
> + $(NULL)
> endif WITH_LINUX
>
> test_scripts = \
> @@ -409,7 +410,9 @@ test_libraries += \
> endif WITH_DBUS
>
> if WITH_LINUX
> -test_libraries += virusbmock.la
> +test_libraries += virusbmock.la \
> + virnetdevbandwidthmock.la \
> + $(NULL)
> endif WITH_LINUX
>
> if WITH_TESTS
> @@ -825,9 +828,6 @@ commandhelper_LDADD = \
>
> commandhelper_LDFLAGS = -static
>
> -virnetdevbandwidthtest_SOURCES = \
> - virnetdevbandwidthtest.c testutils.h testutils.c
> -virnetdevbandwidthtest_LDADD = $(LDADDS) $(LIBXML_LIBS)
>
> virkmodtest_SOURCES = \
> virkmodtest.c testutils.h testutils.c
> @@ -994,12 +994,24 @@ virusbtest_SOURCES = \
> virusbtest.c testutils.h testutils.c
> virusbtest_LDADD = $(LDADDS)
>
> +virnetdevbandwidthtest_SOURCES = \
> + virnetdevbandwidthtest.c testutils.h testutils.c
> +virnetdevbandwidthtest_LDADD = $(LDADDS) $(LIBXML_LIBS)
> +
> virusbmock_la_SOURCES = virusbmock.c
> virusbmock_la_CFLAGS = $(AM_CFLAGS)
> virusbmock_la_LDFLAGS = -module -avoid-version \
> -rpath /evil/libtool/hack/to/force/shared/lib/creation
> +
> +virnetdevbandwidthmock_la_SOURCES = \
> + virnetdevbandwidthmock.c
> +virnetdevbandwidthmock_la_CFLAGS = $(AM_CFLAGS)
> +virnetdevbandwidthmock_la_LDFLAGS = -module -avoid-version \
> + -rpath /evil/libtool/hack/to/force/shared/lib/creation
> +
> else ! WITH_LINUX
> - EXTRA_DIST += virusbtest.c virusbmock.c
> + EXTRA_DIST += virusbtest.c virusbmock.c \
> + virnetdevbandwidthtest.c virnetdevbandwidthmock.c
> endif ! WITH_LINUX
>
> if WITH_DBUS
> diff --git a/tests/virnetdevbandwidthmock.c b/tests/virnetdevbandwidthmock.c
> new file mode 100644
> index 0000000..e8edead
> --- /dev/null
> +++ b/tests/virnetdevbandwidthmock.c
> @@ -0,0 +1,28 @@
> +/*
> + * Copyright (C) 2013 Red Hat, Inc.
Looking at calendar reveals it 2014 :-P
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library. If not, see
> + * <http://www.gnu.org/licenses/>.
> + *
> + * Author: Erik Skultety <eskultet at redhat.com>
> + */
> +
Michal
More information about the libvir-list
mailing list