virt-host-validate: distinguish exists vs accessible for devices

Currently we just check that various devices are accessible. This leads to inaccurate errors reported for /dev/kvm and /dev/vhost-net if they exist but an unprivileged user lacks access. Switch existing checks to look for file existance, and add a separate check for accessibility of /dev/kvm since some distros don't grant users access by default. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com> (cherry picked from commit fd6d506c)

virt-host-validate: distinguish exists vs accessible for devices
Currently we just check that various devices are accessible. This leads to inaccurate errors reported for /dev/kvm and /dev/vhost-net if they exist but an unprivileged user lacks access. Switch existing checks to look for file existance, and add a separate check for accessibility of /dev/kvm since some distros don't grant users access by default. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com> (cherry picked from commit fd6d506c)
07518f77 · Daniel P. Berrange · Cole Robinson · 26295a0e · 07518f77 · 07518f77
3 changed file
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -115,12 +115,29 @@ void virHostMsgFail(virHostValidateLevel level,
 }
-int virHostValidateDevice(const char *hvname,
+int virHostValidateDeviceExists(const char *hvname,
                                const char *dev_name,
                                virHostValidateLevel level,
                                const char *hint)
 {
-    virHostMsgCheck(hvname, "for device %s", dev_name);
+    virHostMsgCheck(hvname, "if device %s exists", dev_name);
+    if (access(dev_name, F_OK) < 0) {
+        virHostMsgFail(level, hint);
+        return -1;
+    }
+    virHostMsgPass();
+    return 0;
+}
+int virHostValidateDeviceAccessible(const char *hvname,
+                                    const char *dev_name,
+                                    virHostValidateLevel level,
+                                    const char *hint)
+{
+    virHostMsgCheck(hvname, "if device %s is accessible", dev_name);
    if (access(dev_name, R_OK|W_OK) < 0) {
        virHostMsgFail(level, hint);

--- a/tools/virt-host-validate-common.h
+++ b/tools/virt-host-validate-common.h
@@ -42,7 +42,12 @@ extern void virHostMsgPass(void);
 extern void virHostMsgFail(virHostValidateLevel level,
                           const char *hint);
-extern int virHostValidateDevice(const char *hvname,
+extern int virHostValidateDeviceExists(const char *hvname,
+                                       const char *dev_name,
+                                       virHostValidateLevel level,
+                                       const char *hint);
+extern int virHostValidateDeviceAccessible(const char *hvname,
                                           const char *dev_name,
                                           virHostValidateLevel level,
                                           const char *hint);

--- a/tools/virt-host-validate-qemu.c
+++ b/tools/virt-host-validate-qemu.c
@@ -20,7 +20,6 @@
 */
 #include <config.h>
 #include "virt-host-validate-qemu.h"
 #include "virt-host-validate-common.h"
@@ -32,23 +31,28 @@ int virHostValidateQEMU(void)
    if (virHostValidateHasCPUFlag("svm") ||
        virHostValidateHasCPUFlag("vmx")) {
        virHostMsgPass();
-        if (virHostValidateDevice("QEMU", "/dev/kvm",
+        if (virHostValidateDeviceExists("QEMU", "/dev/kvm",
                                        VIR_HOST_VALIDATE_FAIL,
                                        _("Check that the 'kvm-intel' or 'kvm-amd' modules are "
                                          "loaded & the BIOS has enabled virtualization")) < 0)
            ret = -1;
+        else if (virHostValidateDeviceAccessible("QEMU", "/dev/kvm",
+                                                 VIR_HOST_VALIDATE_FAIL,
+                                                 _("Check /dev/kvm is world writable or you are in "
+                                                   "a group that is allowed to access it")) < 0)
+            ret = -1;
    } else {
        virHostMsgFail(VIR_HOST_VALIDATE_WARN,
                       _("Only emulated CPUs are available, performance will be significantly limited"));
    }
-    if (virHostValidateDevice("QEMU", "/dev/vhost-net",
+    if (virHostValidateDeviceExists("QEMU", "/dev/vhost-net",
                                    VIR_HOST_VALIDATE_WARN,
                                    _("Load the 'vhost_net' module to improve performance "
                                      "of virtio networking")) < 0)
        ret = -1;
-    if (virHostValidateDevice("QEMU", "/dev/net/tun",
+    if (virHostValidateDeviceExists("QEMU", "/dev/net/tun",
                                    VIR_HOST_VALIDATE_FAIL,
                                    _("Load the 'tun' module to enable networking for QEMU guests")) < 0)
        ret = -1;