[PATCH v3 2/3] test_driver: Introduce testDomainObjCheckTaint

Mon Jul 12 02:10:06 UTC 2021

On Fri, 2021-07-09 at 15:07 +0200, Martin Kletzander wrote:
> On Wed, Jun 30, 2021 at 10:53:45AM +0800, Luke Yue wrote:
> > In order to test the virDomainGetMessages for test driver, we need
> > to
> > check some taints or deprecations, so introduce
> > testDomainObjCheckTaint
> > for checking taints.
> > 
> > As we introduced testDomainObjCheckTaint for test driver, the
> > `dominfo`
> > command in virshtest will now print tainting messages, so add them
> > for
> > test.
> > 
> 
> I do not know whether I'd duplicate all of the qemu driver code to
> exercise some test driver APIs, but it's better than nothing.  To be
> honest I don't know about any other better option =)
> 
> > Signed-off-by: Luke Yue <lukedyue at gmail.com>
> > ---
> > src/test/test_driver.c | 57
> > ++++++++++++++++++++++++++++++++++++++++++
> > tests/virshtest.c      |  2 ++
> > 2 files changed, 59 insertions(+)
> > 
> > diff --git a/src/test/test_driver.c b/src/test/test_driver.c
> > index 35742fcde3..06ba7c4cd2 100644
> > --- a/src/test/test_driver.c
> > +++ b/src/test/test_driver.c
> > @@ -9291,6 +9291,61 @@
> > testDomainCheckpointDelete(virDomainCheckpointPtr checkpoint,
> >     return ret;
> > }
> > 
> > +static void
> > +testDomainObjCheckDiskTaint(virDomainObj *obj,
> > +                            virDomainDiskDef *disk)
> > +{
> > +    if (disk->rawio == VIR_TRISTATE_BOOL_YES)
> > +        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
> > +
> > +    if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM &&
> > +        virStorageSourceGetActualType(disk->src) ==
> > VIR_STORAGE_TYPE_BLOCK &&
> > +        disk->src->path && virFileIsCDROM(disk->src->path) == 1)
> > +        virDomainObjTaint(obj,
> > VIR_DOMAIN_TAINT_CDROM_PASSTHROUGH);
> > +}
> > +
> > +static void
> > +testDomainObjCheckHostdevTaint(virDomainObj *obj,
> > +                               virDomainHostdevDef *hostdev)
> > +{
> > +    if (!virHostdevIsSCSIDevice(hostdev))
> > +        return;
> > +
> > +    if (hostdev->source.subsys.u.scsi.rawio ==
> > VIR_TRISTATE_BOOL_YES)
> > +        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
> > +}
> > +
> > +static void
> > +testDomainObjCheckNetTaint(virDomainObj *obj,
> > +                           virDomainNetDef *net)
> > +{
> > +    /* script is only useful for NET_TYPE_ETHERNET (qemu) and
> > +     * NET_TYPE_BRIDGE (xen), but could be (incorrectly) specified
> > for
> > +     * any interface type. In any case, it's adding user sauce
> > into
> > +     * the soup, so it should taint the domain.
> > +     */
> > +    if (net->script != NULL)
> > +        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS);
> > +}
> > +
> > +static void
> > +testDomainObjCheckTaint(virDomainObj *obj)
> > +{
> > +    size_t i;
> > +
> > +    for (i = 0; i < obj->def->ndisks; i++)
> > +        testDomainObjCheckDiskTaint(obj, obj->def->disks[i]);
> > +
> > +    for (i = 0; i < obj->def->nhostdevs; i++)
> > +        testDomainObjCheckHostdevTaint(obj, obj->def-
> > >hostdevs[i]);
> > +
> > +    for (i = 0; i < obj->def->nnets; i++)
> > +        testDomainObjCheckNetTaint(obj, obj->def->nets[i]);
> > +
> > +    if (obj->def->os.dtb)
> > +        virDomainObjTaint(obj, VIR_DOMAIN_TAINT_CUSTOM_DTB);
> > +}
> > +
> > static int
> > testDomainGetMessages(virDomainPtr dom,
> >                       char ***msgs,
> > @@ -9311,6 +9366,8 @@ testDomainGetMessages(virDomainPtr dom,
> >     nmsgs = 0;
> >     n = 0;
> > 
> > +    testDomainObjCheckTaint(vm);
> > +
> 
> I know it works here, but I would rather do it in testParseDomains()
> and
> when creating a domain.  To make it done in a single place you could
> utilise xmlopt callbacks which are called at different stages of
> parsing
> an XML, be it domain or any other one.  That way this function does
> not
> do anything that other drivers don't.
> 

Thanks, I will take your advice and put it in testParseDomains()

> >     if (!flags || (flags & VIR_DOMAIN_MESSAGE_TAINTING)) {
> >         nmsgs += __builtin_popcount(vm->taint);
> >         *msgs = g_renew(char *, *msgs, nmsgs+1);
> > diff --git a/tests/virshtest.c b/tests/virshtest.c
> > index c1974c46cb..937448cefc 100644
> > --- a/tests/virshtest.c
> > +++ b/tests/virshtest.c
> > @@ -22,6 +22,7 @@ main(void)
> > 
> > # define DOM_UUID "ef861801-45b9-11cb-88e3-afbfe5370493"
> > # define SECURITY_LABEL "libvirt-test (enforcing)"
> > +# define MESSAGES "tainted: network configuration using opaque
> > shell scripts"
> > 
> > static const char *dominfo_fc4 = "\
> > Id:             2\n\
> > @@ -38,6 +39,7 @@ Managed save:   no\n\
> > Security model: testSecurity\n\
> > Security DOI:   \n\
> > Security label: " SECURITY_LABEL "\n\
> > +Messages:       " MESSAGES "\n\
> 
> Pity there's not much more than this, but again - better than
> nothing.

I created a new xml for testing and added more tainted configurations,
will send it with v4

Thanks!

> > \n";
> > static const char *domuuid_fc4 = DOM_UUID "\n\n";
> > static const char *domid_fc4 = "2\n\n";
> > -- 
> > 2.32.0
> > 