#cgroup_device_acl = [
# "/dev/null", "/dev/full", "/dev/zero",
# "/dev/random", "/dev/urandom",
-# "/dev/ptmx", "/dev/kvm"
+# "/dev/ptmx", "/dev/kvm",
+# "/dev/userfaultfd"
#]
#
# RDMA migration requires the following extra files to be added to the list:
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm",
+ "/dev/userfaultfd",
NULL,
};
#define DEVICE_PTY_MAJOR 136
}
+static int
+qemuProcessAllowPostCopyMigration(virDomainObj *vm)
+{
+ qemuDomainObjPrivate *priv = vm->privateData;
+ virQEMUDriver *driver = priv->driver;
+ g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
+ const char *const *devices = (const char *const *) cfg->cgroupDeviceACL;
+ const char *uffd = "/dev/userfaultfd";
+ int rc;
+
+ if (!virFileExists(uffd)) {
+ VIR_DEBUG("%s is not supported by the host", uffd);
+ return 0;
+ }
+
+ if (!devices)
+ devices = defaultDeviceACL;
+
+ if (!g_strv_contains(devices, uffd)) {
+ VIR_DEBUG("%s is not allowed by device ACL", uffd);
+ return 0;
+ }
+
+ VIR_DEBUG("Labeling %s in mount namespace", uffd);
+ if ((rc = qemuSecurityDomainSetMountNSPathLabel(driver, vm, uffd)) < 0)
+ return -1;
+
+ if (rc == 1)
+ VIR_DEBUG("Mount namespace is not enabled, leaving %s as is", uffd);
+
+ return 0;
+}
+
+
static int
qemuProcessInitPasswords(virQEMUDriver *driver,
virDomainObj *vm,
qemuProcessStartManagedPRDaemon(vm) < 0)
goto cleanup;
+ VIR_DEBUG("Setting up permissions to allow post-copy migration");
+ if (qemuProcessAllowPostCopyMigration(vm) < 0)
+ goto cleanup;
+
VIR_DEBUG("Setting domain security labels");
if (qemuSecuritySetAllLabel(driver,
vm,
}
+/**
+ * qemuSecurityDomainSetMountNSPathLabel:
+ *
+ * Label given path in mount namespace. If mount namespace is not enabled,
+ * nothing is labeled at all.
+ *
+ * Because the label is only applied in mount namespace, there's no need to
+ * restore it.
+ *
+ * Returns 0 on success,
+ * 1 when mount namespace is not enabled,
+ * -1 on error.
+ */
+int
+qemuSecurityDomainSetMountNSPathLabel(virQEMUDriver *driver,
+ virDomainObj *vm,
+ const char *path)
+{
+ int ret = -1;
+
+ if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) {
+ VIR_DEBUG("Not labeling '%s': mount namespace disabled for domain '%s'",
+ path, vm->def->name);
+ return 1;
+ }
+
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ goto cleanup;
+
+ if (virSecurityManagerDomainSetPathLabel(driver->securityManager,
+ vm->def, path, false) < 0)
+ goto cleanup;
+
+ if (virSecurityManagerTransactionCommit(driver->securityManager,
+ vm->pid, false) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+ cleanup:
+ virSecurityManagerTransactionAbort(driver->securityManager);
+ return ret;
+}
+
+
/**
* qemuSecurityCommandRun:
* @driver: the QEMU driver
virDomainObj *vm,
const char *path);
+int
+qemuSecurityDomainSetMountNSPathLabel(virQEMUDriver *driver,
+ virDomainObj *vm,
+ const char *path);
+
int qemuSecurityCommandRun(virQEMUDriver *driver,
virDomainObj *vm,
virCommand *cmd,
{ "5" = "/dev/urandom" }
{ "6" = "/dev/ptmx" }
{ "7" = "/dev/kvm" }
+ { "8" = "/dev/userfaultfd" }
}
{ "save_image_format" = "raw" }
{ "dump_image_format" = "raw" }
projects / libvirt.git / commitdiff