[PATCH v3 2/3] test_driver: Introduce testDomainObjCheckTaint

Martin Kletzander mkletzan at redhat.com
Fri Jul 9 13:07:35 UTC 2021 

On Wed, Jun 30, 2021 at 10:53:45AM +0800, Luke Yue wrote:
>In order to test the virDomainGetMessages for test driver, we need to
>check some taints or deprecations, so introduce testDomainObjCheckTaint
>for checking taints.
>
>As we introduced testDomainObjCheckTaint for test driver, the `dominfo`
>command in virshtest will now print tainting messages, so add them for
>test.
>

I do not know whether I'd duplicate all of the qemu driver code to
exercise some test driver APIs, but it's better than nothing.  To be
honest I don't know about any other better option =)

>Signed-off-by: Luke Yue <lukedyue at gmail.com>
>---
> src/test/test_driver.c | 57 ++++++++++++++++++++++++++++++++++++++++++
> tests/virshtest.c      |  2 ++
> 2 files changed, 59 insertions(+)
>
>diff --git a/src/test/test_driver.c b/src/test/test_driver.c
>index 35742fcde3..06ba7c4cd2 100644
>--- a/src/test/test_driver.c
>+++ b/src/test/test_driver.c
>@@ -9291,6 +9291,61 @@ testDomainCheckpointDelete(virDomainCheckpointPtr checkpoint,
>     return ret;
> }
>
>+static void
>+testDomainObjCheckDiskTaint(virDomainObj *obj,
>+                            virDomainDiskDef *disk)
>+{
>+    if (disk->rawio == VIR_TRISTATE_BOOL_YES)
>+        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
>+
>+    if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM &&
>+        virStorageSourceGetActualType(disk->src) == VIR_STORAGE_TYPE_BLOCK &&
>+        disk->src->path && virFileIsCDROM(disk->src->path) == 1)
>+        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_CDROM_PASSTHROUGH);
>+}
>+
>+static void
>+testDomainObjCheckHostdevTaint(virDomainObj *obj,
>+                               virDomainHostdevDef *hostdev)
>+{
>+    if (!virHostdevIsSCSIDevice(hostdev))
>+        return;
>+
>+    if (hostdev->source.subsys.u.scsi.rawio == VIR_TRISTATE_BOOL_YES)
>+        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
>+}
>+
>+static void
>+testDomainObjCheckNetTaint(virDomainObj *obj,
>+                           virDomainNetDef *net)
>+{
>+    /* script is only useful for NET_TYPE_ETHERNET (qemu) and
>+     * NET_TYPE_BRIDGE (xen), but could be (incorrectly) specified for
>+     * any interface type. In any case, it's adding user sauce into
>+     * the soup, so it should taint the domain.
>+     */
>+    if (net->script != NULL)
>+        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS);
>+}
>+
>+static void
>+testDomainObjCheckTaint(virDomainObj *obj)
>+{
>+    size_t i;
>+
>+    for (i = 0; i < obj->def->ndisks; i++)
>+        testDomainObjCheckDiskTaint(obj, obj->def->disks[i]);
>+
>+    for (i = 0; i < obj->def->nhostdevs; i++)
>+        testDomainObjCheckHostdevTaint(obj, obj->def->hostdevs[i]);
>+
>+    for (i = 0; i < obj->def->nnets; i++)
>+        testDomainObjCheckNetTaint(obj, obj->def->nets[i]);
>+
>+    if (obj->def->os.dtb)
>+        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_CUSTOM_DTB);
>+}
>+
> static int
> testDomainGetMessages(virDomainPtr dom,
>                       char ***msgs,
>@@ -9311,6 +9366,8 @@ testDomainGetMessages(virDomainPtr dom,
>     nmsgs = 0;
>     n = 0;
>
>+    testDomainObjCheckTaint(vm);
>+

I know it works here, but I would rather do it in testParseDomains() and
when creating a domain.  To make it done in a single place you could
utilise xmlopt callbacks which are called at different stages of parsing
an XML, be it domain or any other one.  That way this function does not
do anything that other drivers don't.

>     if (!flags || (flags & VIR_DOMAIN_MESSAGE_TAINTING)) {
>         nmsgs += __builtin_popcount(vm->taint);
>         *msgs = g_renew(char *, *msgs, nmsgs+1);
>diff --git a/tests/virshtest.c b/tests/virshtest.c
>index c1974c46cb..937448cefc 100644
>--- a/tests/virshtest.c
>+++ b/tests/virshtest.c
>@@ -22,6 +22,7 @@ main(void)
>
> # define DOM_UUID "ef861801-45b9-11cb-88e3-afbfe5370493"
> # define SECURITY_LABEL "libvirt-test (enforcing)"
>+# define MESSAGES "tainted: network configuration using opaque shell scripts"
>
> static const char *dominfo_fc4 = "\
> Id:             2\n\
>@@ -38,6 +39,7 @@ Managed save:   no\n\
> Security model: testSecurity\n\
> Security DOI:   \n\
> Security label: " SECURITY_LABEL "\n\
>+Messages:       " MESSAGES "\n\

Pity there's not much more than this, but again - better than nothing.

> \n";
> static const char *domuuid_fc4 = DOM_UUID "\n\n";
> static const char *domid_fc4 = "2\n\n";
>-- 
>2.32.0
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210709/fdefc6e2/attachment-0001.sig>

More information about the libvir-list mailing list