[libvirt] [PATCH 5/5] qemu: add support for sending QEMU stdout/stderr to virtlogd

Wed Nov 4 08:17:00 UTC 2015

On Tue, Nov 03, 2015 at 16:04:24 +0000, Daniel Berrange wrote:
> Currently the QEMU stdout/stderr streams are written directly to
> a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those
> can be rotated by logrotate (using copytruncate option) this is
> not very efficient. It also leaves open a window of opportunity
> for a compromised/broken QEMU to DOS the host filesystem by
> writing lots of text to stdout/stderr.
> 
> This makes it possible to connect the stdout/stderr file handles
> to a pipe that is provided by virtlogd. The virtlogd daemon will
> read from this pipe and write data to the log file, performing
> file rotation whenever a pre-determined size limit is reached.
> 
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
>  cfg.mk                             |  2 +-
>  src/qemu/libvirtd_qemu.aug         |  1 +
>  src/qemu/qemu.conf                 | 15 +++++++++++++
>  src/qemu/qemu_conf.c               | 18 ++++++++++++++++
>  src/qemu/qemu_conf.h               |  1 +
>  src/qemu/qemu_domain.c             | 43 +++++++++++++++++++++++++++++++-------
>  src/qemu/qemu_process.c            | 42 +++++++++++++++++++++----------------
>  src/qemu/test_libvirtd_qemu.aug.in |  1 +
>  8 files changed, 96 insertions(+), 27 deletions(-)
> 

[...]

> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index f744419..e72ca20 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -4774,7 +4774,10 @@ int qemuProcessStart(virConnectPtr conn,
>  
>      qemuDomainObjCheckTaint(driver, vm, logfile);
>  
> -    if ((pos = lseek(logfile, 0, SEEK_END)) < 0)
> +    /* When using logd, the logfile FD is a pipe which is
> +     * not seekable... */
> +    if (!cfg->stdioLogD &&
> +        (pos = lseek(logfile, 0, SEEK_END)) < 0)
>          VIR_WARN("Unable to seek to end of logfile: %s",
>                   virStrerror(errno, ebuf, sizeof(ebuf)));

This will break the code that is in place to read the qemu log file in
case of a early qemu startup failure so that we can report a semi-useful
error message.

Additionally in case where you don't use QMP and qemu does not support
chardev info retrieval, this will also break the lookup of the PTYs for
serials/parallels/channels. As a solution here I'd rather see that we
drop support for such old qemus finally and not have to care about it
any more.

We probably need a set of APIs here, that will allow you to mark a place
in the logfile and a second API that will allow to retrieve the data
between the marker and the end.

Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20151104/b95e2d4e/attachment-0001.sig>