[libvirt] [PATCH] qemu: don't fill in nicindexes for session mode libvirtd

Laine Stump laine at laine.org
Tue Mar 10 11:58:49 UTC 2015


On 03/10/2015 04:39 AM, Richard W.M. Jones wrote:
> On Tue, Mar 10, 2015 at 02:32:04AM -0400, Laine Stump wrote:
>> Commit 4bbe1029f fixed a problem in commit f7afeddc by moving the call
>> to virNetDevGetIndex() to a location common to all interface types (so
>> that the niceindex array would be filled in for macvtap as well as tap
>> interfaces), but the location was *too* common, as the original call
>> to virNetDevGetIndex() had been in a section qualified by "if
>> (cfg->privileged)". The result was that the "fixed" libvirtd would try
>> to call virNetDevGetIndex() even for session mode libvirtd, and end up
>> failing with the log message:
>>
>>   Unable to open control socket: Operation not permitted
>>
>> To remedy that, this patch qualifies the call to virNetDevGetIndex()
>> in its new location with cfg->privileged.
>>
>> This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1198244
>> ---
>>
>> If someone (Rich?) needs this pushed before I am awake, please feel
>> free to push it. (also push to the 1.2.13-maint branch if you do)
>>
>>  src/qemu/qemu_command.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index 1510797..3d1483e 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -7861,6 +7861,7 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd,
>>      char **tapfdName = NULL;
>>      char **vhostfdName = NULL;
>>      int actualType = virDomainNetGetActualType(net);
>> +    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
>>      virNetDevBandwidthPtr actualBandwidth;
>>      size_t i;
>>  
>> @@ -7936,7 +7937,7 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd,
>>          /* network and bridge use a tap device, and direct uses a
>>           * macvtap device
>>           */
>> -        if (nicindexes && nnicindexes && net->ifname) {
>> +        if (cfg->privileged && nicindexes && nnicindexes && net->ifname) {
>>              if (virNetDevGetIndex(net->ifname, &nicindex) < 0 ||
>>                  VIR_APPEND_ELEMENT(*nicindexes, *nnicindexes, nicindex) < 0)
>>                  goto cleanup;
> Looks sensible, ACK.
>
> As Laine says, please make sure this gets into 1.2.13-maint because it
> currently affects all 1.2.13 / Rawhide users.

I just pushed it to master and to v1.2.13-maint.

>
> Also, why isn't there a regression test that would have picked this
> up?  A trivial reproducer is:
>
>   $ guestfish -a /dev/null --network run
>
> but any test case that launches a guest with a network interface as
> non-root would have caught this.

This fails only if a tap device is used, which requires a properly
configured qemu-bridge-helper and a bridge device with a particular name
(and that no other session mode libvirtd be currently running for the
user running the test), and we can't require that for the unit tests in
" make check", so it would need to be done in the tck tests.




More information about the libvir-list mailing list