git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Wed, 4 May 2011 10:59:20 +0000 (11:59 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Fri, 6 May 2011 11:02:02 +0000 (12:02 +0100)
commit	718ac9b52f367669c3b3ae9463b3bc2cf3aed106
tree	6bd7ecad45a12b454227bbf5f6bf5716a0cfa70f	tree
parent	7998465005e2ebf26f6e65f5bdb886487374bb18	commit \| diff

Log taint warnings in QEMU driver

Wire up logging of VM tainting to the QEMU driver

- If running QEMU as root user/group or without capabilities
   being cleared
- If passing custom QEMU command line args
- If issuing custom QEMU monitor commands
- If using a network interface config with an associated
   shell script
- If using a disk config relying on format probing

The warnings, per-VM appear in the main libvirtd logs

  11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: high-privileges
  11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: disk-probing

The taint flags are reset when the VM is stopped.

* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Helper APIs
  for logging taint warnings
* src/qemu/qemu_driver.c: Log tainting with custom QEMU monitor
  commands and disk/net hotplug with unsupported configs
* src/qemu/qemu_process.c: Log tainting at startup based on
  unsupported configs

src/qemu/qemu_domain.c		diff \| blob \| blame \| history
src/qemu/qemu_domain.h		diff \| blob \| blame \| history
src/qemu/qemu_driver.c		diff \| blob \| blame \| history
src/qemu/qemu_process.c		diff \| blob \| blame \| history