[libvirt] [PATCH RFC 6/7] qemu: Spawn qemu under mount namespace

Mon Nov 14 17:10:22 UTC 2016

On Mon, Nov 14, 2016 at 06:07:43PM +0100, Michal Privoznik wrote:
> On 14.11.2016 17:57, Daniel P. Berrange wrote:
> > On Mon, Nov 14, 2016 at 05:43:30PM +0100, Michal Privoznik wrote:
> >> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> >> ---
> >>  src/qemu/qemu_domain.c  | 233 ++++++++++++++++++++++++++++++++++++++++++++++++
> >>  src/qemu/qemu_domain.h  |   8 ++
> >>  src/qemu/qemu_process.c |  13 +++
> >>  3 files changed, 254 insertions(+)
> >>
> >> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> >> index 8cba755..3a0170c 100644
> >> --- a/src/qemu/qemu_domain.c
> >> +++ b/src/qemu/qemu_domain.c
> >> @@ -55,6 +55,7 @@
> >>  
> >>  #include <sys/time.h>
> >>  #include <fcntl.h>
> >> +#include <sys/mount.h>
> >>  
> >>  #include <libxml/xpathInternals.h>
> >>  
> >> @@ -86,6 +87,21 @@ VIR_ENUM_IMPL(qemuDomainAsyncJob, QEMU_ASYNC_JOB_LAST,
> >>                "start",
> >>  );
> >>  
> >> +#define QEMU_DEV_MAJ_MEMORY  1
> >> +#define QEMU_DEV_MAJ_TTY     5
> >> +#define QEMU_DEV_MAJ_KVM     10
> >> +#define QEMU_DEV_MAJ_PTY     136
> >> +
> >> +#define QEMU_DEV_MIN_CONSOLE 1
> >> +#define QEMU_DEV_MIN_FULL    7
> >> +#define QEMU_DEV_MIN_FUSE    229
> >> +#define QEMU_DEV_MIN_KVM     232
> >> +#define QEMU_DEV_MIN_NULL    3
> >> +#define QEMU_DEV_MIN_PTMX    2
> >> +#define QEMU_DEV_MIN_RANDOM  8
> >> +#define QEMU_DEV_MIN_TTY     0
> >> +#define QEMU_DEV_MIN_URANDOM 9
> >> +#define QEMU_DEV_MIN_ZERO    5
> >>  
> >>  struct _qemuDomainLogContext {
> >>      int refs;
> >> @@ -6658,3 +6674,220 @@ qemuDomainSupportsVideoVga(virDomainVideoDefPtr video,
> >>  
> >>      return true;
> >>  }
> >> +
> >> +
> >> +static int
> >> +qemuDomainPopulateDevices(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
> >> +                          virDomainObjPtr vm ATTRIBUTE_UNUSED,
> >> +                          const char *path)
> >> +{
> >> +    int ret = -1;
> >> +    virFileDevices devs[] = {
> >> +        { QEMU_DEV_MAJ_MEMORY, QEMU_DEV_MIN_NULL, 0666, "/null" },
> >> +        { QEMU_DEV_MAJ_MEMORY, QEMU_DEV_MIN_ZERO, 0666, "/zero" },
> >> +        { QEMU_DEV_MAJ_MEMORY, QEMU_DEV_MIN_FULL, 0666, "/full" },
> >> +        { QEMU_DEV_MAJ_KVM,  QEMU_DEV_MIN_KVM, 0660, "/kvm"},
> >> +        { QEMU_DEV_MAJ_MEMORY, QEMU_DEV_MIN_RANDOM, 0666, "/random" },
> >> +        { QEMU_DEV_MAJ_MEMORY, QEMU_DEV_MIN_URANDOM, 0666, "/urandom" },
> >> +        { QEMU_DEV_MAJ_TTY, QEMU_DEV_MIN_TTY, 0666, "/tty" },
> > 
> > BTW, QEMU shouldn't need /dev/tty
> 
> Yeah, I'm probably gonna replace this with cfg->cgroupDeviceACL (or with
>  defaultDeviceACL[] from qemu_cgroup.c) anyway because some files are
> missing here.

Arguably we should not really need to hardcode the MAJ/MIN numbers in
here at all. We can just stat() the /dev/FOO file in the host to learn
the correct major/minor number and copy that. We also don't really need
to care about the permissions either - they can all be 0600 since we
can either immediately give ownership to the 'qemu' user, or the DAC
driver will do that for us. Either way we don't need to change perms
per device.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|