tests: fix stat mocking with Fedora rawhide
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Signed-off-by: imxcc <xingchaochao@huawei.com>
GLibC has a really complicated way of dealing with the 'stat' function
historically, which means our mocks in turn have to look at four
different possible functions to replace, stat, stat64, __xstat,
__xstat64.
In Fedora 33 and earlier:
- libvirt.so links to __xstat64
- libc.so library exports stat, stat64, __xstat, __xstat64
- sys/stat.h header exposes stat and __xstat
In Fedora 34 rawhide:
- libvirt.so links to stat64
- libc.so library exports stat, stat64, __xstat, __xstat64
- sys/stat.h header exposes stat
Historically we only looked at the exported symbols from libc.so to
decide which to mock.
In F34 though we must not consider __xstat / __xstat64 though because
they only existance for binary compatibility. Newly built binaries
won't reference them.
Thus we must introduce a header file check into our logic for deciding
which symbol to mock. We must ignore the __xstat / __xstat64 symbols
if they don't appear in the sys/stat.h header, even if they appear
in libc.so
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Signed-off-by: imxcc <xingchaochao@huawei.com>
Currently the default values of retry_interval and retry_timeout are set
to -1, when 'driver' option exists without retry fileds. It conflicts
with the default values when the 'driver' option does not exist.
So let's set default values of retry_interval and retry_timeout to 0 when
retry policy is not enabled.
Signed-off-by: Jiahui Cen <cenjiahui@huawei.com>
Introduce error_policy=/rerror_policy='retry' to support
werror=/rerror=retry mechanism in qemu.
Add retry_interval parameter to control the interval between retries.
Add retry_timeout parameter to control the total retry times.
Signed-off-by: Jiahui Cen <cenjiahui@huawei.com>
Signed-off-by: Ying Fang <fangying1@huawei.com>
util: Move virIsDevMapperDevice() to virdevmapper.c
virdevmapper: Don't use libdevmapper to obtain dependencies
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
CVE-2020-14339
When building domain's private /dev in a namespace, libdevmapper
is consulted for getting full dependency tree of domain's disks.
The reason is that for a multipath devices all dependent devices
must be created in the namespace and allowed in CGroups.
However, this approach is very fragile as building of namespace
happens in the forked off child process, after mass close of FDs
and just before dropping privileges and execing QEMU. And it so
happens that when calling libdevmapper APIs, one of them opens
/dev/mapper/control and saves the FD into a global variable. The
FD is kept open until the lib is unlinked or dm_lib_release() is
called explicitly. We are doing neither.
However, the virDevMapperGetTargets() function is called also
from libvirtd (when setting up CGroups) and thus has to be thread
safe. Unfortunately, libdevmapper APIs are not thread safe (nor
async signal safe) and thus we can't use them. Reimplement what
libdevmapper would do using plain C (ioctl()-s, /proc/devices
parsing, /dev/mapper dirwalking, and so on).
Fixes: a30078cb832646177defd256e77c632905f1e6d0
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1858260
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
cherry-pick from commit 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-14339
When introducing virdevmapper.c (in v4.3.0-rc1~427) I didn't
realize there is a function that calls in devmapper. The function
is called virIsDevMapperDevice() and lives in virutil.c. Now that
we have a special file for handling devmapper move it there.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit dfa0e118f745fe3f4fe95975c6100f0fc6d788be
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
rpc: gendispatch: handle empty flags
rpc: add support for filtering @acls by uint params
rpc: require write acl for guest agent in virDomainInterfaceAddresses
qemu: agent: set ifname to NULL after freeing
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-25637
Add a requirement for domain:write if source is set to
VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT.
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit e4116eaa44cb366b59f7fe98f4b88d04c04970ad
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-25637
Add a new field to @acl annotations for filtering by
unsigned int parameters.
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit 50864dcda191eb35732dbd80fb6ca251a6bba923
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-25637
Prepare for omission of the <flagname> in remote_protocol.x
@acl annotations:
@acl: <object>:<permission>:<flagname>
so that we can add more field after, e.g.:
@acl: <object>:<permission>::<field>
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit 955029bd0ad7ef96000f529ac38204a8f4a96401
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
cherry-pick patchs list:
2ab8dba5 qemuDomainGetUnplugTimeout: Add G_GNUC_NO_INLINE
423664a6 virNetDevSwitchdevFeature: Make failure to get 'family_id' non-fatal
ca616274 virNetDevGetFamilyId: Change signature
67b973b5 qemuDomainDefPostParse: Fail if unable to fill machine type
67e19fc9 qemu: Revoke access to mirror on failed blockcopy
93b15ba0 qemu: fix hang in p2p + xbzrle compression + parallel migration
a13ac587 util: fix iteration in virSocketAddrResolveService
88011ed2 libxl: fix crash when initializing driver
Signed-off-by: AlexChen <alex.chen@huawei.com>
