[PATCH v3 2/3] test_driver: Introduce testDomainObjCheckTaint
Luke Yue
lukedyue at gmail.com
Wed Jun 30 02:53:45 UTC 2021
In order to test the virDomainGetMessages for test driver, we need to
check some taints or deprecations, so introduce testDomainObjCheckTaint
for checking taints.
As we introduced testDomainObjCheckTaint for test driver, the `dominfo`
command in virshtest will now print tainting messages, so add them for
test.
Signed-off-by: Luke Yue <lukedyue at gmail.com>
---
src/test/test_driver.c | 57 ++++++++++++++++++++++++++++++++++++++++++
tests/virshtest.c | 2 ++
2 files changed, 59 insertions(+)
diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index 35742fcde3..06ba7c4cd2 100644
--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
@@ -9291,6 +9291,61 @@ testDomainCheckpointDelete(virDomainCheckpointPtr checkpoint,
return ret;
}
+static void
+testDomainObjCheckDiskTaint(virDomainObj *obj,
+ virDomainDiskDef *disk)
+{
+ if (disk->rawio == VIR_TRISTATE_BOOL_YES)
+ virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
+
+ if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM &&
+ virStorageSourceGetActualType(disk->src) == VIR_STORAGE_TYPE_BLOCK &&
+ disk->src->path && virFileIsCDROM(disk->src->path) == 1)
+ virDomainObjTaint(obj, VIR_DOMAIN_TAINT_CDROM_PASSTHROUGH);
+}
+
+static void
+testDomainObjCheckHostdevTaint(virDomainObj *obj,
+ virDomainHostdevDef *hostdev)
+{
+ if (!virHostdevIsSCSIDevice(hostdev))
+ return;
+
+ if (hostdev->source.subsys.u.scsi.rawio == VIR_TRISTATE_BOOL_YES)
+ virDomainObjTaint(obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
+}
+
+static void
+testDomainObjCheckNetTaint(virDomainObj *obj,
+ virDomainNetDef *net)
+{
+ /* script is only useful for NET_TYPE_ETHERNET (qemu) and
+ * NET_TYPE_BRIDGE (xen), but could be (incorrectly) specified for
+ * any interface type. In any case, it's adding user sauce into
+ * the soup, so it should taint the domain.
+ */
+ if (net->script != NULL)
+ virDomainObjTaint(obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS);
+}
+
+static void
+testDomainObjCheckTaint(virDomainObj *obj)
+{
+ size_t i;
+
+ for (i = 0; i < obj->def->ndisks; i++)
+ testDomainObjCheckDiskTaint(obj, obj->def->disks[i]);
+
+ for (i = 0; i < obj->def->nhostdevs; i++)
+ testDomainObjCheckHostdevTaint(obj, obj->def->hostdevs[i]);
+
+ for (i = 0; i < obj->def->nnets; i++)
+ testDomainObjCheckNetTaint(obj, obj->def->nets[i]);
+
+ if (obj->def->os.dtb)
+ virDomainObjTaint(obj, VIR_DOMAIN_TAINT_CUSTOM_DTB);
+}
+
static int
testDomainGetMessages(virDomainPtr dom,
char ***msgs,
@@ -9311,6 +9366,8 @@ testDomainGetMessages(virDomainPtr dom,
nmsgs = 0;
n = 0;
+ testDomainObjCheckTaint(vm);
+
if (!flags || (flags & VIR_DOMAIN_MESSAGE_TAINTING)) {
nmsgs += __builtin_popcount(vm->taint);
*msgs = g_renew(char *, *msgs, nmsgs+1);
diff --git a/tests/virshtest.c b/tests/virshtest.c
index c1974c46cb..937448cefc 100644
--- a/tests/virshtest.c
+++ b/tests/virshtest.c
@@ -22,6 +22,7 @@ main(void)
# define DOM_UUID "ef861801-45b9-11cb-88e3-afbfe5370493"
# define SECURITY_LABEL "libvirt-test (enforcing)"
+# define MESSAGES "tainted: network configuration using opaque shell scripts"
static const char *dominfo_fc4 = "\
Id: 2\n\
@@ -38,6 +39,7 @@ Managed save: no\n\
Security model: testSecurity\n\
Security DOI: \n\
Security label: " SECURITY_LABEL "\n\
+Messages: " MESSAGES "\n\
\n";
static const char *domuuid_fc4 = DOM_UUID "\n\n";
static const char *domid_fc4 = "2\n\n";
--
2.32.0
More information about the libvir-list
mailing list