mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-11 09:17:52 +03:00
Use explicit logic rules for opening Xen sub-drivers
This commit is contained in:
Daniel P. Berrange
parent
a34bcb7829
commit
ea1c08e78d
10
ChangeLog
10
ChangeLog
@ -1,3 +1,13 @@
|
|||||||
|
Mon Mar 17 13:24:22 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
|
||||||
|
|
||||||
|
* configure.in: Add WITH_PROXY to config.h file
|
||||||
|
* src/remote_internal.c: Handle local Xen URIs if Xen drivers
|
||||||
|
declines them
|
||||||
|
* src/xen_unfied.c: Use explicit logic for opening sub-drivers
|
||||||
|
rather than a hacked loop.
|
||||||
|
* src/xend_internal.c: Don't complain about failing to open
|
||||||
|
xend when non-root read-only.
|
||||||
|
|
||||||
Mon Mar 17 17:55:56 CET 2008 Jim Meyering <meyering@redhat.com>
|
Mon Mar 17 17:55:56 CET 2008 Jim Meyering <meyering@redhat.com>
|
||||||
|
|
||||||
Treat ENOTSUP like ENODATA, after failed fgetfilecon.
|
Treat ENOTSUP like ENODATA, after failed fgetfilecon.
|
||||||
|
|||||||
@ -869,6 +869,9 @@ fi
|
|||||||
AC_MSG_RESULT([$with_xen_proxy])
|
AC_MSG_RESULT([$with_xen_proxy])
|
||||||
|
|
||||||
AM_CONDITIONAL(WITH_PROXY,[test "$with_xen_proxy" = "yes"])
|
AM_CONDITIONAL(WITH_PROXY,[test "$with_xen_proxy" = "yes"])
|
||||||
|
if test "$with_xen_proxy" = "yes"; then
|
||||||
|
AC_DEFINE(WITH_PROXY, 1, [Whether Xen proxy is enabled])
|
||||||
|
fi
|
||||||
|
|
||||||
dnl Enable building libvirtd?
|
dnl Enable building libvirtd?
|
||||||
AM_CONDITIONAL(WITH_LIBVIRTD,[test "x$with_libvirtd" = "xyes"])
|
AM_CONDITIONAL(WITH_LIBVIRTD,[test "x$with_libvirtd" = "xyes"])
|
||||||
|
|||||||
@ -835,6 +835,14 @@ remoteOpen (virConnectPtr conn,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
#if WITH_XEN
|
||||||
|
if (uri &&
|
||||||
|
uri->scheme && STREQ (uri->scheme, "xen") &&
|
||||||
|
(!uri->server || STREQ (uri->server, "")) &&
|
||||||
|
(!uri->path || STREQ(uri->path, "/"))) {
|
||||||
|
rflags |= VIR_DRV_OPEN_REMOTE_UNIX;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
priv->magic = DEAD;
|
priv->magic = DEAD;
|
||||||
priv->sock = -1;
|
priv->sock = -1;
|
||||||
|
|||||||
@ -42,6 +42,7 @@
|
|||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
#define DEBUG(fmt,...) VIR_DEBUG(__FILE__, fmt,__VA_ARGS__)
|
#define DEBUG(fmt,...) VIR_DEBUG(__FILE__, fmt,__VA_ARGS__)
|
||||||
|
#define DEBUG0(msg) VIR_DEBUG(__FILE__, "%s", msg)
|
||||||
|
|
||||||
static int
|
static int
|
||||||
xenUnifiedNodeGetInfo (virConnectPtr conn, virNodeInfoPtr info);
|
xenUnifiedNodeGetInfo (virConnectPtr conn, virNodeInfoPtr info);
|
||||||
@ -239,7 +240,7 @@ xenUnifiedProbe (void)
|
|||||||
static int
|
static int
|
||||||
xenUnifiedOpen (virConnectPtr conn, xmlURIPtr uri, virConnectAuthPtr auth, int flags)
|
xenUnifiedOpen (virConnectPtr conn, xmlURIPtr uri, virConnectAuthPtr auth, int flags)
|
||||||
{
|
{
|
||||||
int i, j;
|
int i;
|
||||||
xenUnifiedPrivatePtr priv;
|
xenUnifiedPrivatePtr priv;
|
||||||
|
|
||||||
/* Refuse any scheme which isn't "xen://" or "http://". */
|
/* Refuse any scheme which isn't "xen://" or "http://". */
|
||||||
@ -276,41 +277,73 @@ xenUnifiedOpen (virConnectPtr conn, xmlURIPtr uri, virConnectAuthPtr auth, int f
|
|||||||
priv->xshandle = NULL;
|
priv->xshandle = NULL;
|
||||||
priv->proxy = -1;
|
priv->proxy = -1;
|
||||||
|
|
||||||
for (i = 0; i < XEN_UNIFIED_NR_DRIVERS; ++i) {
|
|
||||||
priv->opened[i] = 0;
|
|
||||||
|
|
||||||
/* Only use XM driver for Xen <= 3.0.3 (ie xendConfigVersion <= 2) */
|
/* Hypervisor is only run as root & required to succeed */
|
||||||
if (drivers[i] == &xenXMDriver &&
|
if (getuid() == 0) {
|
||||||
priv->xendConfigVersion > 2)
|
DEBUG0("Trying hypervisor sub-driver");
|
||||||
continue;
|
if (drivers[XEN_UNIFIED_HYPERVISOR_OFFSET]->open(conn, uri, auth, flags) ==
|
||||||
|
VIR_DRV_OPEN_SUCCESS) {
|
||||||
/* Ignore proxy for root */
|
DEBUG0("Activated hypervisor sub-driver");
|
||||||
if (i == XEN_UNIFIED_PROXY_OFFSET && getuid() == 0)
|
priv->opened[XEN_UNIFIED_HYPERVISOR_OFFSET] = 1;
|
||||||
continue;
|
|
||||||
|
|
||||||
if (drivers[i]->open) {
|
|
||||||
DEBUG("trying Xen sub-driver %d", i);
|
|
||||||
if (drivers[i]->open (conn, uri, auth, flags) == VIR_DRV_OPEN_SUCCESS)
|
|
||||||
priv->opened[i] = 1;
|
|
||||||
DEBUG("Xen sub-driver %d open %s\n",
|
|
||||||
i, priv->opened[i] ? "ok" : "failed");
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* If as root, then all drivers must succeed.
|
/* XenD is required to suceed if root.
|
||||||
If non-root, then only proxy must succeed */
|
* If it fails as non-root, then the proxy driver may take over
|
||||||
if (!priv->opened[i] &&
|
*/
|
||||||
(getuid() == 0 || i == XEN_UNIFIED_PROXY_OFFSET)) {
|
DEBUG0("Trying XenD sub-driver");
|
||||||
for (j = 0; j < i; ++j)
|
if (drivers[XEN_UNIFIED_XEND_OFFSET]->open(conn, uri, auth, flags) ==
|
||||||
if (priv->opened[j]) drivers[j]->close (conn);
|
VIR_DRV_OPEN_SUCCESS) {
|
||||||
free (priv);
|
DEBUG0("Activated XenD sub-driver");
|
||||||
/* The assumption is that one of the underlying drivers
|
priv->opened[XEN_UNIFIED_XEND_OFFSET] = 1;
|
||||||
* has set virterror already.
|
|
||||||
*/
|
/* XenD is active, so try the xm & xs drivers too, both requird to
|
||||||
return VIR_DRV_OPEN_ERROR;
|
* succeed if root, optional otherwise */
|
||||||
|
if (priv->xendConfigVersion <= 2) {
|
||||||
|
DEBUG0("Trying XM sub-driver");
|
||||||
|
if (drivers[XEN_UNIFIED_XM_OFFSET]->open(conn, uri, auth, flags) ==
|
||||||
|
VIR_DRV_OPEN_SUCCESS) {
|
||||||
|
DEBUG0("Activated XM sub-driver");
|
||||||
|
priv->opened[XEN_UNIFIED_XM_OFFSET] = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
DEBUG0("Trying XS sub-driver");
|
||||||
|
if (drivers[XEN_UNIFIED_XS_OFFSET]->open(conn, uri, auth, flags) ==
|
||||||
|
VIR_DRV_OPEN_SUCCESS) {
|
||||||
|
DEBUG0("Activated XS sub-driver");
|
||||||
|
priv->opened[XEN_UNIFIED_XS_OFFSET] = 1;
|
||||||
|
} else {
|
||||||
|
if (getuid() == 0)
|
||||||
|
goto fail; /* XS is mandatory as root */
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (getuid() == 0) {
|
||||||
|
goto fail; /* XenD is mandatory as root */
|
||||||
|
} else {
|
||||||
|
#if WITH_PROXY
|
||||||
|
DEBUG0("Trying proxy sub-driver");
|
||||||
|
if (drivers[XEN_UNIFIED_PROXY_OFFSET]->open(conn, uri, auth, flags) ==
|
||||||
|
VIR_DRV_OPEN_SUCCESS) {
|
||||||
|
DEBUG0("Activated proxy sub-driver");
|
||||||
|
priv->opened[XEN_UNIFIED_PROXY_OFFSET] = 1;
|
||||||
|
} else {
|
||||||
|
goto fail; /* Proxy is mandatory if XenD failed */
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
DEBUG0("Handing off for remote driver");
|
||||||
|
return VIR_DRV_OPEN_DECLINED; /* Let remote_driver try instead */
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return VIR_DRV_OPEN_SUCCESS;
|
return VIR_DRV_OPEN_SUCCESS;
|
||||||
|
|
||||||
|
fail:
|
||||||
|
DEBUG0("Failed to activate a mandatory sub-driver");
|
||||||
|
for (i = 0 ; i < XEN_UNIFIED_NR_DRIVERS ; i++)
|
||||||
|
if (priv->opened[i]) drivers[i]->close(conn);
|
||||||
|
free(priv);
|
||||||
|
return VIR_DRV_OPEN_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define GET_PRIVATE(conn) \
|
#define GET_PRIVATE(conn) \
|
||||||
|
|||||||
@ -234,14 +234,13 @@ do_connect(virConnectPtr xend)
|
|||||||
close(s);
|
close(s);
|
||||||
errno = serrno;
|
errno = serrno;
|
||||||
s = -1;
|
s = -1;
|
||||||
/*
|
|
||||||
* not being able to connect via the socket as a normal user
|
/*
|
||||||
* is rather normal, this should fallback to the proxy (or
|
* Connecting to XenD as root is mandatory, so log this error
|
||||||
* remote) mechanism.
|
*/
|
||||||
*/
|
if (getuid() == 0) {
|
||||||
if ((getuid() == 0) || (xend->flags & VIR_CONNECT_RO)) {
|
virXendError(xend, VIR_ERR_INTERNAL_ERROR,
|
||||||
virXendError(xend, VIR_ERR_INTERNAL_ERROR,
|
_("failed to connect to xend"));
|
||||||
_("failed to connect to xend"));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user