[libvirt] [PATCH 11/17] util: Introduce libvirt_udevhelper
Daniel P. Berrange
berrange at redhat.com
Thu Oct 27 12:48:23 UTC 2016
On Thu, Oct 27, 2016 at 11:13:28AM +0200, Michal Sekletar wrote:
> On Thu, Oct 27, 2016 at 8:37 AM, Jiri Denemark <jdenemar at redhat.com> wrote:
>
> > Yeah, the rule should really be part of this series.
>
> I am working on udev hook-up. I found out that SECLABEL key doesn't
> support substitutions (see %c in man 7 udev). I need to fix that first
> and then we can have very simple udev rule file that employs helper.
> This is my WIP version,
>
> # /etc/udev/rules.d/99-virt.rules
> ACTION!="add|change", GOTO="virt_rules_end"
> SUBSYSTEM!="block", GOTO="virt_rules_end"
>
> PROGRAM="/usr/local/libexec/libvirt_udevhelper", OWNER="%c{1}",
> GROUP="%c{2}", SECLABEL{selinux}="%c{3}", TAG+="libvirt"
>
> LABEL="virt_rules_end"
>
> SECLABEL part doesn't work yet. Also helper uses DEVNODE env variable
> to obtain path to work with. It should use DEVNAME. This is my fault,
> because I told Michal to use DEVNODE. I've patched it locally for now.
> I will send PR to Michal with the fix.
>
> One more thing I want to work on is to close the possibility of a race
> when execution of a change event is in-flight and user starts VM. Then
> libvirtd writes to devices.udev file and launches qemu driver, but
> execution of prior change event may finish and hence reset permissions
> to whatever was there before libvirtd wrote to devices.udev database.
> That is why I am adding TAG to the device. What we could do, is to
> write devices.udev database and then trigger change event from
> libvirtd and locally wait for its completion (no need for event-loop
> integration), that would be indicated by TAG being present in the
> event environment. However, even w/o this, proposed patch series very
> much improves current state.
We absolutely don't want to be delegating permissions setting/labelling
to udev & waiting for it to complete asychronously in the background.
That leads to two completely different approaches for labelling files
vs block devices making debugging harder and the overall system more
complex & error prone.
We want to maintain libvirt setting all labelling synchronously itself.
The only integration we want with udev is to prevent it undoing what
libvirt has set.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
More information about the libvir-list
mailing list