Make taint warnings also go into the domain logfile

As well as taint warnings going to the main libvirt log, add taint warnings to the per-domain logfile Domain id=3 is tainted: high-privileges Domain id=3 is tainted: disk-probing Domain id=3 is tainted: shell-scripts Domain id=3 is tainted: custom-monitor * src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Enhance qemuDomainTaint to also log to the domain logfile * src/qemu/qemu_driver.c: Pass -1 for logFD to taint methods to auto-append to logfile * src/qemu/qemu_process.c: Pass open logFD at startup for taint methods

Make taint warnings also go into the domain logfile
As well as taint warnings going to the main libvirt log, add taint warnings to the per-domain logfile Domain id=3 is tainted: high-privileges Domain id=3 is tainted: disk-probing Domain id=3 is tainted: shell-scripts Domain id=3 is tainted: custom-monitor * src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Enhance qemuDomainTaint to also log to the domain logfile * src/qemu/qemu_driver.c: Pass -1 for logFD to taint methods to auto-append to logfile * src/qemu/qemu_process.c: Pass open logFD at startup for taint methods
f79cddad · Daniel P. Berrange · 1f1db0b5 · f79cddad · f79cddad · f79cddad
4 changed file
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -746,10 +746,13 @@ cleanup:
    return ret;
 }
-void qemuDomainObjTaint(struct qemud_driver *driver ATTRIBUTE_UNUSED,
+void qemuDomainObjTaint(struct qemud_driver *driver,
                        virDomainObjPtr obj,
-                        enum virDomainTaintFlags taint)
+                        enum virDomainTaintFlags taint,
+                        int logFD)
 {
+    virErrorPtr orig_err = NULL;
    if (virDomainObjTaint(obj, taint)) {
        char uuidstr[VIR_UUID_STRING_BUFLEN];
        virUUIDFormat(obj->def->uuid, uuidstr);
@@ -759,53 +762,70 @@ void qemuDomainObjTaint(struct qemud_driver *driver ATTRIBUTE_UNUSED,
                 obj->def->name,
                 uuidstr,
                 virDomainTaintTypeToString(taint));
+        /* We don't care about errors logging taint info, so
+         * preserve original error, and clear any error that
+         * is raised */
+        orig_err = virSaveLastError();
+        if (qemuDomainAppendLog(driver, obj, logFD,
+                                "Domain id=%d is tainted: %s\n",
+                                obj->def->id,
+                                virDomainTaintTypeToString(taint)) < 0)
+            virResetLastError();
+        if (orig_err) {
+            virSetError(orig_err);
+            virFreeError(orig_err);
+        }
    }
 }
 void qemuDomainObjCheckTaint(struct qemud_driver *driver,
-                             virDomainObjPtr obj)
+                             virDomainObjPtr obj,
+                             int logFD)
 {
    int i;
    if (!driver->clearEmulatorCapabilities ||
        driver->user == 0 ||
        driver->group == 0)
-        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES);
+        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, logFD);
    if (obj->def->namespaceData) {
        qemuDomainCmdlineDefPtr qemucmd = obj->def->namespaceData;
        if (qemucmd->num_args || qemucmd->num_env)
-            qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_CUSTOM_ARGV);
+            qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_CUSTOM_ARGV, logFD);
    }
    for (i = 0 ; i < obj->def->ndisks ; i++)
-        qemuDomainObjCheckDiskTaint(driver, obj, obj->def->disks[i]);
+        qemuDomainObjCheckDiskTaint(driver, obj, obj->def->disks[i], logFD);
    for (i = 0 ; i < obj->def->nnets ; i++)
-        qemuDomainObjCheckNetTaint(driver, obj, obj->def->nets[i]);
+        qemuDomainObjCheckNetTaint(driver, obj, obj->def->nets[i], logFD);
 }
 void qemuDomainObjCheckDiskTaint(struct qemud_driver *driver,
                                 virDomainObjPtr obj,
-                                 virDomainDiskDefPtr disk)
+                                 virDomainDiskDefPtr disk,
+                                 int logFD)
 {
    if (!disk->driverType &&
        driver->allowDiskFormatProbing)
-        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_DISK_PROBING);
+        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_DISK_PROBING, logFD);
 }
 void qemuDomainObjCheckNetTaint(struct qemud_driver *driver,
                                virDomainObjPtr obj,
-                                virDomainNetDefPtr net)
+                                virDomainNetDefPtr net,
+                                int logFD)
 {
    if ((net->type == VIR_DOMAIN_NET_TYPE_ETHERNET &&
         net->data.ethernet.script != NULL) ||
        (net->type == VIR_DOMAIN_NET_TYPE_BRIDGE &&
         net->data.bridge.script != NULL))
-        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS);
+        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_SHELL_SCRIPTS, logFD);
 }

--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -117,16 +117,20 @@ char *qemuDomainFormatXML(struct qemud_driver *driver,
 void qemuDomainObjTaint(struct qemud_driver *driver,
                        virDomainObjPtr obj,
-                        enum virDomainTaintFlags taint);
+                        enum virDomainTaintFlags taint,
+                        int logFD);
 void qemuDomainObjCheckTaint(struct qemud_driver *driver,
-                             virDomainObjPtr obj);
+                             virDomainObjPtr obj,
+                             int logFD);
 void qemuDomainObjCheckDiskTaint(struct qemud_driver *driver,
                                 virDomainObjPtr obj,
-                                 virDomainDiskDefPtr disk);
+                                 virDomainDiskDefPtr disk,
+                                 int logFD);
 void qemuDomainObjCheckNetTaint(struct qemud_driver *driver,
                                virDomainObjPtr obj,
-                                virDomainNetDefPtr net);
+                                virDomainNetDefPtr net,
+                                int logFD);
 int qemuDomainCreateLog(struct qemud_driver *driver, virDomainObjPtr vm, bool append);

--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3877,7 +3877,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
    switch (dev->type) {
    case VIR_DOMAIN_DEVICE_DISK:
-        qemuDomainObjCheckDiskTaint(driver, vm, dev->data.disk);
+        qemuDomainObjCheckDiskTaint(driver, vm, dev->data.disk, -1);
        ret = qemuDomainAttachDeviceDiskLive(driver, vm, dev);
        if (!ret)
            dev->data.disk = NULL;
@@ -3890,7 +3890,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
        break;
    case VIR_DOMAIN_DEVICE_NET:
-        qemuDomainObjCheckNetTaint(driver, vm, dev->data.net);
+        qemuDomainObjCheckNetTaint(driver, vm, dev->data.net, -1);
        ret = qemuDomainAttachNetDevice(dom->conn, driver, vm,
                                        dev->data.net);
        if (!ret)
@@ -6984,7 +6984,7 @@ static int qemuDomainMonitorCommand(virDomainPtr domain, const char *cmd,
    priv = vm->privateData;
-    qemuDomainObjTaint(driver, vm, VIR_DOMAIN_TAINT_CUSTOM_MONITOR);
+    qemuDomainObjTaint(driver, vm, VIR_DOMAIN_TAINT_CUSTOM_MONITOR, -1);
    hmp = !!(flags & VIR_DOMAIN_QEMU_MONITOR_COMMAND_HMP);

--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2239,7 +2239,7 @@ int qemuProcessStart(virConnectPtr conn,
    virCommandWriteArgLog(cmd, logfile);
-    qemuDomainObjCheckTaint(driver, vm);
+    qemuDomainObjCheckTaint(driver, vm, logfile);
    if ((pos = lseek(logfile, 0, SEEK_END)) < 0)
        VIR_WARN("Unable to seek to end of logfile: %s",