def run(test, params, env):
"""
Test svirt in virt-clone.
"""
VIRT_CLONE = None
try:
VIRT_CLONE = utils_misc.find_command("virt-clone")
except ValueError:
raise error.TestNAError("No virt-clone command found.")
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_virt_clone_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_virt_clone_vm_sec_type", "dynamic")
sec_model = params.get("svirt_virt_clone_vm_sec_model", "selinux")
sec_label = params.get("svirt_virt_clone_vm_sec_label", None)
sec_relabel = params.get("svirt_virt_clone_vm_sec_relabel", "yes")
sec_dict = {'type': sec_type, 'model': sec_model, 'label': sec_label,
'relabel': sec_relabel}
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get varialbles about image.
img_label = params.get('svirt_virt_clone_disk_label')
# Label the disks of VM with img_label.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
for disk in disks.values():
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
utils_selinux.set_context_of_file(filename=disk_path,
context=img_label)
# Set selinux of host.
backup_sestatus = utils_selinux.get_status()
utils_selinux.set_status(host_sestatus)
# Set the context of the VM.
vmxml.set_seclabel([sec_dict])
vmxml.sync()
clone_name = ("%s-clone" % vm.name)
try:
cmd = ("%s --original %s --name %s --auto-clone" %
(VIRT_CLONE, vm.name, clone_name))
cmd_result = utils.run(cmd, ignore_status=True)
if cmd_result.exit_status:
raise error.TestFail("Failed to execute virt-clone command."
"Detail: %s." % cmd_result)
finally:
# clean up
for path, label in backup_labels_of_disks.items():
utils_selinux.set_context_of_file(filename=path, context=label)
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
if not virsh.domstate(clone_name).exit_status:
libvirt_vm.VM(clone_name, params, None, None).remove_with_storage()
def test_context(self):
"""
Test the context related method.
"""
output = "output system_u:object_r:svirt_t:s0-s1:c250,c280 test"
result = utils_selinux.get_context_from_str(context=output)
self.assertEqual(result, "system_u:object_r:svirt_t:s0-s1:c250,c280")
result = utils_selinux.get_context_of_file(filename=__file__)
utils_selinux.set_context_of_file(filename=__file__, context=result)
utils_selinux.get_context_of_process(pid=1)
def test_context(self):
"""
Test the context related method.
"""
output = "output system_u:object_r:svirt_t:s0-s1:c250,c280 test"
result = utils_selinux.get_context_from_str(string=output)
self.assertEqual(result, "system_u:object_r:svirt_t:s0-s1:c250,c280")
result = utils_selinux.get_context_of_file(filename=__file__)
utils_selinux.set_context_of_file(filename=__file__, context=result)
utils_selinux.get_context_of_process(pid=1)
def run(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Label the VM and disk with proper label.
(3).Save VM and check the context.
(4).Restore VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_save_restore_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_save_restore_vm_sec_type", "dynamic")
sec_model = params.get("svirt_save_restore_vm_sec_model", "selinux")
sec_label = params.get("svirt_save_restore_vm_sec_label", None)
sec_relabel = params.get("svirt_save_restore_vm_sec_relabel", "yes")
sec_dict = {'type': sec_type, 'model': sec_model, 'label': sec_label,
'relabel': sec_relabel}
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get variables about image.
img_label = params.get('svirt_save_restore_disk_label')
# Label the disks of VM with img_label.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
for disk in list(disks.values()):
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
utils_selinux.set_context_of_file(filename=disk_path,
context=img_label)
# Set selinux of host.
backup_sestatus = utils_selinux.get_status()
utils_selinux.set_status(host_sestatus)
# Set the context of the VM.
vmxml.set_seclabel([sec_dict])
vmxml.sync()
# Init a path to save VM.
save_path = os.path.join(data_dir.get_tmp_dir(), "svirt_save")
try:
# Start VM to check the VM is able to access the image or not.
try:
vm.start()
vm.save_to_file(path=save_path)
vm.restore_from_file(path=save_path)
# Save and restore VM successfully.
if status_error:
test.fail("Test succeeded in negative case.")
except virt_vm.VMError as e:
if not status_error:
error_msg = "Test failed in positive case.\n error: %s\n" % e
if str(e).count("getfd"):
error_msg += ("For more info please refer to"
" https://bugzilla.redhat.com/show_bug.cgi?id=976632")
test.fail(error_msg)
finally:
# clean up
for path, label in list(backup_labels_of_disks.items()):
utils_selinux.set_context_of_file(filename=path, context=label)
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
def run(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Config qemu conf if need
(3).Label the VM and disk with proper label.
(4).Start VM and check the context.
(5).Destroy VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_start_destroy_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_start_destroy_vm_sec_type", "dynamic")
sec_model = params.get("svirt_start_destroy_vm_sec_model", "selinux")
sec_label = params.get("svirt_start_destroy_vm_sec_label", None)
sec_baselabel = params.get("svirt_start_destroy_vm_sec_baselabel", None)
security_driver = params.get("security_driver", None)
security_default_confined = params.get("security_default_confined", None)
security_require_confined = params.get("security_require_confined", None)
no_sec_model = 'yes' == params.get("no_sec_model", 'no')
sec_relabel = params.get("svirt_start_destroy_vm_sec_relabel", "yes")
sec_dict = {'type': sec_type, 'relabel': sec_relabel}
sec_dict_list = []
def _set_sec_model(model):
"""
Set sec_dict_list base on given sec model type
"""
sec_dict_copy = sec_dict.copy()
sec_dict_copy['model'] = model
if sec_type != "none":
if sec_type == "dynamic" and sec_baselabel:
sec_dict_copy['baselabel'] = sec_baselabel
else:
sec_dict_copy['label'] = sec_label
sec_dict_list.append(sec_dict_copy)
if not no_sec_model:
if "," in sec_model:
sec_models = sec_model.split(",")
for model in sec_models:
_set_sec_model(model)
else:
_set_sec_model(sec_model)
else:
sec_dict_list.append(sec_dict)
logging.debug("sec_dict_list is: %s" % sec_dict_list)
poweroff_with_destroy = ("destroy" == params.get(
"svirt_start_destroy_vm_poweroff", "destroy"))
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get varialbles about image.
img_label = params.get('svirt_start_destroy_disk_label')
# Backup disk Labels.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
backup_ownership_of_disks = {}
for disk in disks.values():
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
f = os.open(disk_path, 0)
stat_re = os.fstat(f)
backup_ownership_of_disks[disk_path] = "%s:%s" % (stat_re.st_uid,
stat_re.st_gid)
# Backup selinux of host.
backup_sestatus = utils_selinux.get_status()
qemu_conf = utils_config.LibvirtQemuConfig()
libvirtd = utils_libvirtd.Libvirtd()
def _resolve_label(label_string):
labels = label_string.split(":")
label_type = labels[2]
if len(labels) == 4:
label_range = labels[3]
elif len(labels) > 4:
label_range = "%s:%s" % (labels[3], labels[4])
else:
label_range = None
return (label_type, label_range)
def _check_label_equal(label1, label2):
label1s = label1.split(":")
label2s = label2.split(":")
for i in range(len(label1s)):
if label1s[i] != label2s[i]:
return False
return True
try:
# Set disk label
(img_label_type, img_label_range) = _resolve_label(img_label)
for disk in disks.values():
disk_path = disk['source']
dir_path = "%s(/.*)?" % os.path.dirname(disk_path)
# Using semanage set context persistently
utils_selinux.set_defcon(context_type=img_label_type,
pathregex=dir_path,
context_range=img_label_range)
o_r = utils_selinux.verify_defcon(pathname=disk_path,
readonly=False,
forcedesc=True)
orig_label_type = backup_labels_of_disks[disk_path].split(":")[2]
if o_r and (orig_label_type != img_label_type):
raise error.TestFail("change disk label(%s) failed" % img_label_type)
os.chown(disk_path, 107, 107)
# Set selinux of host.
utils_selinux.set_status(host_sestatus)
# Set qemu conf
if security_driver:
qemu_conf.set_string('security_driver', security_driver)
if security_default_confined:
qemu_conf.security_default_confined = security_default_confined
if security_require_confined:
qemu_conf.security_require_confined = security_require_confined
if (security_driver or security_default_confined or
security_require_confined):
logging.debug("the qemu.conf content is: %s" % qemu_conf)
libvirtd.restart()
# Set the context of the VM.
vmxml.set_seclabel(sec_dict_list)
vmxml.sync()
logging.debug("the domain xml is: %s" % vmxml.xmltreefile)
# restart libvirtd
libvirtd.restart()
# Start VM to check the VM is able to access the image or not.
try:
vm.start()
# Start VM successfully.
# VM with seclabel can access the image with the context.
if status_error:
raise error.TestFail("Test succeeded in negative case.")
# Check the label of VM and image when VM is running.
vm_context = utils_selinux.get_context_of_process(vm.get_pid())
if (sec_type == "static") and (not vm_context == sec_label):
raise error.TestFail("Label of VM is not expected after "
"starting.\n"
"Detail: vm_context=%s, sec_label=%s"
% (vm_context, sec_label))
disk_context = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (sec_relabel == "no") and (not disk_context == img_label):
raise error.TestFail("Label of disk is not expected after VM "
"starting.\n"
"Detail: disk_context=%s, img_label=%s."
% (disk_context, img_label))
if sec_relabel == "yes" and not no_sec_model:
vmxml = VMXML.new_from_dumpxml(vm_name)
imagelabel = vmxml.get_seclabel()[0]['imagelabel']
# the disk context is 'system_u:object_r:svirt_image_t:s0',
# when VM started, the MLS/MCS Range will be added automatically.
# imagelabel turns to be 'system_u:object_r:svirt_image_t:s0:cxx,cxxx'
# but we shouldn't check the MCS range.
if not _check_label_equal(disk_context, imagelabel):
raise error.TestFail("Label of disk is not relabeled by "
"VM\nDetal: disk_context="
"%s, imagelabel=%s"
% (disk_context, imagelabel))
# Check the label of disk after VM being destroyed.
if poweroff_with_destroy:
vm.destroy(gracefully=False)
else:
vm.wait_for_login()
vm.shutdown()
img_label_after = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (not img_label_after == img_label):
# Bug 547546 - RFE: the security drivers must remember original
# permissions/labels and restore them after
# https://bugzilla.redhat.com/show_bug.cgi?id=547546
err_msg = "Label of disk is not restored in VM shuting down.\n"
err_msg += "Detail: img_label_after=%s, " % img_label_after
err_msg += "img_label_before=%s.\n" % img_label
err_msg += "More info in https://bugzilla.redhat.com/show_bug"
err_msg += ".cgi?id=547546"
raise error.TestFail(err_msg)
except virt_vm.VMStartError, e:
# Starting VM failed.
# VM with seclabel can not access the image with the context.
if not status_error:
raise error.TestFail("Test failed in positive case."
"error: %s" % e)
finally:
# clean up
for path, label in backup_labels_of_disks.items():
# Using semanage set context persistently
dir_path = "%s(/.*)?" % os.path.dirname(path)
(img_label_type, img_label_range) = _resolve_label(label)
utils_selinux.set_defcon(context_type=img_label_type,
pathregex=dir_path,
context_range=img_label_range)
utils_selinux.verify_defcon(pathname=path,
readonly=False,
forcedesc=True)
for path, label in backup_ownership_of_disks.items():
label_list = label.split(":")
os.chown(path, int(label_list[0]), int(label_list[1]))
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
if (security_driver or security_default_confined or
security_require_confined):
qemu_conf.restore()
libvirtd.restart()
def run(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Config qemu conf if need
(3).Label the VM and disk with proper label.
(4).Start VM and check the context.
(5).Destroy VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_start_destroy_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_start_destroy_vm_sec_type", "dynamic")
sec_model = params.get("svirt_start_destroy_vm_sec_model", "selinux")
sec_label = params.get("svirt_start_destroy_vm_sec_label", None)
sec_baselabel = params.get("svirt_start_destroy_vm_sec_baselabel", None)
security_driver = params.get("security_driver", None)
security_default_confined = params.get("security_default_confined", None)
security_require_confined = params.get("security_require_confined", None)
no_sec_model = 'yes' == params.get("no_sec_model", 'no')
sec_relabel = params.get("svirt_start_destroy_vm_sec_relabel", "yes")
sec_dict = {'type': sec_type, 'relabel': sec_relabel}
sec_dict_list = []
def _set_sec_model(model):
"""
Set sec_dict_list base on given sec model type
"""
sec_dict_copy = sec_dict.copy()
sec_dict_copy['model'] = model
if sec_type != "none":
if sec_type == "dynamic" and sec_baselabel:
sec_dict_copy['baselabel'] = sec_baselabel
else:
sec_dict_copy['label'] = sec_label
sec_dict_list.append(sec_dict_copy)
if not no_sec_model:
if "," in sec_model:
sec_models = sec_model.split(",")
for model in sec_models:
_set_sec_model(model)
else:
_set_sec_model(sec_model)
else:
sec_dict_list.append(sec_dict)
logging.debug("sec_dict_list is: %s" % sec_dict_list)
poweroff_with_destroy = ("destroy" == params.get(
"svirt_start_destroy_vm_poweroff", "destroy"))
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get varialbles about image.
img_label = params.get('svirt_start_destroy_disk_label')
# Backup disk Labels.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
backup_ownership_of_disks = {}
for disk in disks.values():
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
f = os.open(disk_path, 0)
stat_re = os.fstat(f)
backup_ownership_of_disks[disk_path] = "%s:%s" % (stat_re.st_uid,
stat_re.st_gid)
# Backup selinux of host.
backup_sestatus = utils_selinux.get_status()
qemu_conf = utils_config.LibvirtQemuConfig()
libvirtd = utils_libvirtd.Libvirtd()
def _resolve_label(label_string):
labels = label_string.split(":")
label_type = labels[2]
if len(labels) == 4:
label_range = labels[3]
elif len(labels) > 4:
label_range = "%s:%s" % (labels[3], labels[4])
else:
label_range = None
return (label_type, label_range)
def _check_label_equal(label1, label2):
label1s = label1.split(":")
label2s = label2.split(":")
for i in range(len(label1s)):
if label1s[i] != label2s[i]:
return False
return True
try:
# Set disk label
(img_label_type, img_label_range) = _resolve_label(img_label)
for disk in disks.values():
disk_path = disk['source']
dir_path = "%s(/.*)?" % os.path.dirname(disk_path)
# Using semanage set context persistently
utils_selinux.set_defcon(context_type=img_label_type,
pathregex=dir_path,
context_range=img_label_range)
o_r = utils_selinux.verify_defcon(pathname=disk_path,
readonly=False,
forcedesc=True)
orig_label_type = backup_labels_of_disks[disk_path].split(":")[2]
if o_r and (orig_label_type != img_label_type):
raise error.TestFail("change disk label(%s) failed" %
img_label_type)
os.chown(disk_path, 107, 107)
# Set selinux of host.
utils_selinux.set_status(host_sestatus)
# Set qemu conf
if security_driver:
qemu_conf.set_string('security_driver', security_driver)
if security_default_confined:
qemu_conf.security_default_confined = security_default_confined
if security_require_confined:
qemu_conf.security_require_confined = security_require_confined
if (security_driver or security_default_confined
or security_require_confined):
logging.debug("the qemu.conf content is: %s" % qemu_conf)
libvirtd.restart()
# Set the context of the VM.
vmxml.set_seclabel(sec_dict_list)
vmxml.sync()
logging.debug("the domain xml is: %s" % vmxml.xmltreefile)
# restart libvirtd
libvirtd.restart()
# Start VM to check the VM is able to access the image or not.
try:
vm.start()
# Start VM successfully.
# VM with seclabel can access the image with the context.
if status_error:
raise error.TestFail("Test succeeded in negative case.")
# Check the label of VM and image when VM is running.
vm_context = utils_selinux.get_context_of_process(vm.get_pid())
if (sec_type == "static") and (not vm_context == sec_label):
raise error.TestFail("Label of VM is not expected after "
"starting.\n"
"Detail: vm_context=%s, sec_label=%s" %
(vm_context, sec_label))
disk_context = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (sec_relabel == "no") and (not disk_context == img_label):
raise error.TestFail("Label of disk is not expected after VM "
"starting.\n"
"Detail: disk_context=%s, img_label=%s." %
(disk_context, img_label))
if sec_relabel == "yes" and not no_sec_model:
vmxml = VMXML.new_from_dumpxml(vm_name)
imagelabel = vmxml.get_seclabel()[0]['imagelabel']
# the disk context is 'system_u:object_r:svirt_image_t:s0',
# when VM started, the MLS/MCS Range will be added automatically.
# imagelabel turns to be 'system_u:object_r:svirt_image_t:s0:cxx,cxxx'
# but we shouldn't check the MCS range.
if not _check_label_equal(disk_context, imagelabel):
raise error.TestFail("Label of disk is not relabeled by "
"VM\nDetal: disk_context="
"%s, imagelabel=%s" %
(disk_context, imagelabel))
# Check the label of disk after VM being destroyed.
if poweroff_with_destroy:
vm.destroy(gracefully=False)
else:
vm.wait_for_login()
vm.shutdown()
img_label_after = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (not img_label_after == img_label):
# Bug 547546 - RFE: the security drivers must remember original
# permissions/labels and restore them after
# https://bugzilla.redhat.com/show_bug.cgi?id=547546
err_msg = "Label of disk is not restored in VM shuting down.\n"
err_msg += "Detail: img_label_after=%s, " % img_label_after
err_msg += "img_label_before=%s.\n" % img_label
err_msg += "More info in https://bugzilla.redhat.com/show_bug"
err_msg += ".cgi?id=547546"
raise error.TestFail(err_msg)
except virt_vm.VMStartError, e:
# Starting VM failed.
# VM with seclabel can not access the image with the context.
if not status_error:
raise error.TestFail("Test failed in positive case."
"error: %s" % e)
finally:
# clean up
for path, label in backup_labels_of_disks.items():
# Using semanage set context persistently
dir_path = "%s(/.*)?" % os.path.dirname(path)
(img_label_type, img_label_range) = _resolve_label(label)
utils_selinux.set_defcon(context_type=img_label_type,
pathregex=dir_path,
context_range=img_label_range)
utils_selinux.verify_defcon(pathname=path,
readonly=False,
forcedesc=True)
for path, label in backup_ownership_of_disks.items():
label_list = label.split(":")
os.chown(path, int(label_list[0]), int(label_list[1]))
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
if (security_driver or security_default_confined
or security_require_confined):
qemu_conf.restore()
libvirtd.restart()
def run(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Label the VM and disk with proper label.
(3).Start VM and check the context.
(4).Destroy VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_undefine_define_host_selinux",
"enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_undefine_define_vm_sec_type", "dynamic")
sec_model = params.get("svirt_undefine_define_vm_sec_model", "selinux")
sec_label = params.get("svirt_undefine_define_vm_sec_label", None)
sec_relabel = params.get("svirt_undefine_define_vm_sec_relabel", "yes")
sec_dict = {
'type': sec_type,
'model': sec_model,
'label': sec_label,
'relabel': sec_relabel
}
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get varialbles about image.
img_label = params.get('svirt_undefine_define_disk_label')
# Label the disks of VM with img_label.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
for disk in disks.values():
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
utils_selinux.set_context_of_file(filename=disk_path,
context=img_label)
# Set selinux of host.
backup_sestatus = utils_selinux.get_status()
utils_selinux.set_status(host_sestatus)
# Set the context of the VM.
vmxml.set_seclabel([sec_dict])
vmxml.sync()
try:
xml_file = (os.path.join(data_dir.get_tmp_dir(), "vmxml"))
if vm.is_alive():
vm.destroy()
virsh.dumpxml(vm.name, to_file=xml_file)
cmd_result = virsh.undefine(vm.name)
if cmd_result.exit_status:
raise error.TestFail("Failed to undefine vm."
"Detail: %s" % cmd_result)
cmd_result = virsh.define(xml_file)
if cmd_result.exit_status:
raise error.TestFail("Failed to define vm."
"Detail: %s" % cmd_result)
finally:
# clean up
for path, label in backup_labels_of_disks.items():
utils_selinux.set_context_of_file(filename=path, context=label)
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
def run(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Label the VM and disk with proper label.
(3).Start VM and check the context.
(4).Destroy VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_start_destroy_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_start_destroy_vm_sec_type", "dynamic")
sec_model = params.get("svirt_start_destroy_vm_sec_model", "selinux")
sec_label = params.get("svirt_start_destroy_vm_sec_label", None)
sec_relabel = params.get("svirt_start_destroy_vm_sec_relabel", "yes")
sec_dict = {
'type': sec_type,
'model': sec_model,
'label': sec_label,
'relabel': sec_relabel
}
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get varialbles about image.
img_label = params.get('svirt_start_destroy_disk_label')
# Label the disks of VM with img_label.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
for disk in disks.values():
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
utils_selinux.set_context_of_file(filename=disk_path,
context=img_label)
# Set selinux of host.
backup_sestatus = utils_selinux.get_status()
utils_selinux.set_status(host_sestatus)
# Set the context of the VM.
vmxml.set_seclabel(sec_dict)
vmxml.sync()
try:
# Start VM to check the VM is able to access the image or not.
try:
vm.start()
# Start VM successfully.
# VM with seclabel can access the image with the context.
if status_error:
raise error.TestFail("Test successed in negative case.")
# Check the label of VM and image when VM is running.
vm_context = utils_selinux.get_context_of_process(vm.get_pid())
if (sec_type == "static") and (not vm_context == sec_label):
raise error.TestFail(
"Label of VM is not expected after starting.\n"
"Detail: vm_context=%s, sec_label=%s" %
(vm_context, sec_label))
disk_context = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (sec_relabel == "no") and (not disk_context == img_label):
raise error.TestFail("Label of disk is not expected after VM "
"starting.\n"
"Detail: disk_context=%s, img_label=%s." %
(disk_context, img_label))
if sec_relabel == "yes":
vmxml = VMXML.new_from_dumpxml(vm_name)
imagelabel = vmxml.get_seclabel()['imagelabel']
if not disk_context == imagelabel:
raise error.TestFail(
"Label of disk is not relabeled by VM\n"
"Detal: disk_context=%s, imagelabel=%s" %
(disk_context, imagelabel))
# Check the label of disk after VM being destroyed.
vm.destroy()
img_label_after = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (not img_label_after == img_label):
raise error.TestFail(
"Bug: Label of disk is not restored in VM "
"shuting down.\n"
"Detail: img_label_after=%s, "
"img_label_before=%s.\n" % (img_label_after, img_label))
except virt_vm.VMStartError, e:
# Starting VM failed.
# VM with seclabel can not access the image with the context.
if not status_error:
raise error.TestFail("Test failed in positive case."
"error: %s" % e)
finally:
# clean up
for path, label in backup_labels_of_disks.items():
utils_selinux.set_context_of_file(filename=path, context=label)
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
def run(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Label the VM and disk with proper label.
(3).Save VM and check the context.
(4).Restore VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_save_restore_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_save_restore_vm_sec_type", "dynamic")
sec_model = params.get("svirt_save_restore_vm_sec_model", "selinux")
sec_label = params.get("svirt_save_restore_vm_sec_label", None)
sec_relabel = params.get("svirt_save_restore_vm_sec_relabel", "yes")
sec_dict = {'type': sec_type, 'model': sec_model, 'label': sec_label,
'relabel': sec_relabel}
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get varialbles about image.
img_label = params.get('svirt_save_restore_disk_label')
# Label the disks of VM with img_label.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
for disk in list(disks.values()):
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
utils_selinux.set_context_of_file(filename=disk_path,
context=img_label)
# Set selinux of host.
backup_sestatus = utils_selinux.get_status()
utils_selinux.set_status(host_sestatus)
# Set the context of the VM.
vmxml.set_seclabel([sec_dict])
vmxml.sync()
# Init a path to save VM.
save_path = os.path.join(data_dir.get_tmp_dir(), "svirt_save")
try:
# Start VM to check the VM is able to access the image or not.
try:
vm.start()
vm.save_to_file(path=save_path)
vm.restore_from_file(path=save_path)
# Save and restore VM successfully.
if status_error:
test.fail("Test succeeded in negative case.")
except virt_vm.VMError as e:
if not status_error:
error_msg = "Test failed in positive case.\n error: %s\n" % e
if str(e).count("getfd"):
error_msg += ("More info pleass refer to"
" https://bugzilla.redhat.com/show_bug.cgi?id=976632")
test.fail(error_msg)
finally:
# clean up
for path, label in list(backup_labels_of_disks.items()):
utils_selinux.set_context_of_file(filename=path, context=label)
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
def run(test, params, env):
"""
Test disk attachement of multiple disks.
1.Prepare test environment, destroy VMs.
2.Perform 'qemu-img create' operation.
3.Edit disks xml and start the domains.
4.Perform test operation.
5.Recover test environment.
6.Confirm the test result.
"""
def set_vm_controller_xml(vmxml):
"""
Set VM scsi controller xml.
:param vmxml. Domain xml object.
"""
# Add disk scsi controller
scsi_controller = Controller("controller")
scsi_controller.type = "scsi"
scsi_controller.index = "0"
scsi_controller.model = "virtio-scsi"
vmxml.add_device(scsi_controller)
# Redefine domain
vmxml.sync()
def get_vm_disk_xml(dev_type, dev_name, **options):
"""
Create a disk xml object and return it.
:param dev_type. Disk type.
:param dev_name. Disk device name.
:param options. Disk options.
:return: Disk xml object.
"""
# Create disk xml
disk_xml = Disk(type_name=dev_type)
disk_xml.device = options["disk_device"]
if "sgio" in options and options["sgio"] != "":
disk_xml.sgio = options["sgio"]
disk_xml.device = "lun"
disk_xml.rawio = "no"
if dev_type == "block":
disk_attr = "dev"
else:
disk_attr = "file"
disk_xml.target = {'dev': options["target"],
'bus': options["bus"]}
disk_xml.source = disk_xml.new_disk_source(
**{'attrs': {disk_attr: dev_name}})
# Add driver options from parameters.
driver_dict = {"name": "qemu"}
if "driver" in options:
for driver_option in options["driver"].split(','):
if driver_option != "":
d = driver_option.split('=')
logging.debug("disk driver option: %s=%s", d[0], d[1])
driver_dict.update({d[0].strip(): d[1].strip()})
disk_xml.driver = driver_dict
if "share" in options:
if options["share"] == "shareable":
disk_xml.share = True
if "readonly" in options:
if options["readonly"] == "readonly":
disk_xml.readonly = True
logging.debug("The disk xml is: %s" % disk_xml.xmltreefile)
return disk_xml
vm_names = params.get("vms").split()
if len(vm_names) < 2:
test.cancel("No multi vms provided.")
# Disk specific attributes.
vms_sgio = params.get("virt_disk_vms_sgio", "").split()
vms_share = params.get("virt_disk_vms_share", "").split()
vms_readonly = params.get("virt_disk_vms_readonly", "").split()
disk_bus = params.get("virt_disk_bus", "virtio")
disk_target = params.get("virt_disk_target", "vdb")
disk_type = params.get("virt_disk_type", "file")
disk_device = params.get("virt_disk_device", "disk")
disk_format = params.get("virt_disk_format", "")
scsi_options = params.get("scsi_options", "")
disk_driver_options = params.get("disk_driver_options", "")
hotplug = "yes" == params.get("virt_disk_vms_hotplug", "no")
status_error = params.get("status_error").split()
test_error_policy = "yes" == params.get("virt_disk_test_error_policy",
"no")
test_shareable = "yes" == params.get("virt_disk_test_shareable", "no")
test_readonly = "yes" == params.get("virt_disk_test_readonly", "no")
disk_source_path = test.tmpdir
disk_path = ""
tmp_filename = "cdrom_te.tmp"
tmp_readonly_file = ""
# Backup vm xml files.
vms_backup = []
# We just use 2 VMs for testing.
for i in list(range(2)):
vmxml_backup = vm_xml.VMXML.new_from_inactive_dumpxml(vm_names[i])
vms_backup.append(vmxml_backup)
# Initialize VM list
vms_list = []
try:
# Create disk images if needed.
disks = []
if disk_format == "scsi":
disk_source = libvirt.create_scsi_disk(scsi_options)
if not disk_source:
test.cancel("Get scsi disk failed.")
disks.append({"format": "scsi", "source": disk_source})
elif disk_format == "iscsi":
# Create iscsi device if neened.
image_size = params.get("image_size", "100M")
disk_source = libvirt.setup_or_cleanup_iscsi(
is_setup=True, is_login=True, image_size=image_size)
logging.debug("iscsi dev name: %s", disk_source)
# Format the disk and make the file system.
libvirt.mk_label(disk_source)
libvirt.mk_part(disk_source, size="10M")
libvirt.mkfs("%s1" % disk_source, "ext3")
disk_source += "1"
disks.append({"format": disk_format,
"source": disk_source})
elif disk_format in ["raw", "qcow2"]:
disk_path = "%s/test.%s" % (disk_source_path, disk_format)
disk_source = libvirt.create_local_disk("file", disk_path, "1",
disk_format=disk_format)
libvirt.mkfs(disk_source, "ext3")
disks.append({"format": disk_format,
"source": disk_source})
if disk_device == "cdrom":
tmp_readonly_file = "/root/%s" % tmp_filename
with open(tmp_readonly_file, 'w') as f:
f.write("teststring\n")
disk_path = "%s/test.iso" % disk_source_path
disk_source = libvirt.create_local_disk("iso", disk_path, "1")
disks.append({"source": disk_source})
# Compose the new domain xml
for i in list(range(2)):
vm = env.get_vm(vm_names[i])
# Destroy domain first.
if vm.is_alive():
vm.destroy(gracefully=False)
# Configure vm disk options and define vm
vmxml = vm_xml.VMXML.new_from_dumpxml(vm_names[i])
if disk_bus == "scsi":
set_vm_controller_xml(vmxml)
disk_sgio = ""
if len(vms_sgio) > i:
disk_sgio = vms_sgio[i]
shareable = ""
# Since lock feature is introduced in libvirt 3.9.0 afterwards, disk shareable attribute
# need be set if both of VMs need be started successfully in case they share the same disk
if test_error_policy and libvirt_version.version_compare(3, 9, 0):
vms_share = ["shareable", "shareable"]
if len(vms_share) > i:
shareable = vms_share[i]
readonly = ""
if len(vms_readonly) > i:
readonly = vms_readonly[i]
disk_xml = get_vm_disk_xml(disk_type, disk_source,
sgio=disk_sgio, share=shareable,
target=disk_target, bus=disk_bus,
driver=disk_driver_options,
disk_device=disk_device,
readonly=readonly)
if not hotplug:
# If we are not testing hotplug,
# add disks to domain xml and sync.
vmxml.add_device(disk_xml)
vmxml.sync()
vms_list.append({"name": vm_names[i], "vm": vm,
"status": "yes" == status_error[i],
"disk": disk_xml})
logging.debug("vms_list %s" % vms_list)
for i in list(range(len(vms_list))):
try:
# Try to start the domain.
vms_list[i]['vm'].start()
# Check if VM is started as expected.
if not vms_list[i]['status']:
test.fail('VM started unexpectedly.')
session = vms_list[i]['vm'].wait_for_login()
# if we are testing hotplug, it need to start domain and
# then run virsh attach-device command.
if hotplug:
vms_list[i]['disk'].xmltreefile.write()
result = virsh.attach_device(vms_list[i]['name'],
vms_list[i]['disk'].xml).exit_status
os.remove(vms_list[i]['disk'].xml)
# Check if the return code of attach-device
# command is as expected.
if 0 != result and vms_list[i]['status']:
test.fail('Failed to hotplug disk device')
elif 0 == result and not vms_list[i]['status']:
test.fail('Hotplug disk device unexpectedly.')
# Check disk error_policy option in VMs.
if test_error_policy:
error_policy = vms_list[i]['disk'].driver["error_policy"]
if i == 0:
# If we testing enospace error policy, only 1 vm used
if error_policy == "enospace":
cmd = ("mount /dev/%s /mnt && dd if=/dev/zero of=/mnt/test"
" bs=1M count=2000 2>&1 | grep 'No space left'"
% disk_target)
s, o = session.cmd_status_output(cmd)
logging.debug("error_policy in vm0 exit %s; output: %s", s, o)
if 0 != s:
test.fail("Test error_policy %s: cann't see"
" error messages")
session.close()
break
if session.cmd_status("fdisk -l /dev/%s && mount /dev/%s /mnt; ls /mnt"
% (disk_target, disk_target)):
session.close()
test.fail("Test error_policy: "
"failed to mount disk")
if i == 1:
try:
session0 = vms_list[0]['vm'].wait_for_login(timeout=10)
cmd = ("fdisk -l /dev/%s && mkfs.ext3 -F /dev/%s "
% (disk_target, disk_target))
s, o = session.cmd_status_output(cmd)
logging.debug("error_policy in vm1 exit %s; output: %s", s, o)
session.close()
cmd = ("dd if=/dev/zero of=/mnt/test bs=1M count=100 && dd if="
"/mnt/test of=/dev/null bs=1M;dmesg | grep 'I/O error'")
s, o = session0.cmd_status_output(cmd)
logging.debug("session in vm0 exit %s; output: %s", s, o)
if error_policy == "report":
if s:
test.fail("Test error_policy %s: cann't report"
" error" % error_policy)
elif error_policy == "ignore":
if 0 == s:
test.fail("Test error_policy %s: error cann't"
" be ignored" % error_policy)
session0.close()
except (remote.LoginError, virt_vm.VMError, aexpect.ShellError) as e:
if error_policy == "stop":
if not vms_list[0]['vm'].is_paused():
test.fail("Test error_policy %s: cann't stop"
" VM" % error_policy)
else:
logging.error(str(e))
test.fail("Test error_policy %s: login failed"
% error_policy)
if test_shareable:
# Check shared file selinux label with type and MCS as
# svirt_image_t:s0
if disk_path:
se_label = utils_selinux.get_context_of_file(disk_path)
logging.debug("Context of shared img '%s' is '%s'" %
(disk_path, se_label))
if "svirt_image_t:s0" not in se_label:
test.fail("Context of shared img is not"
" expected.")
if i == 1:
try:
test_str = "teststring"
# Try to write on vm0.
session0 = vms_list[0]['vm'].wait_for_login(timeout=10)
cmd = ("fdisk -l /dev/%s && mount /dev/%s /mnt && echo '%s' "
"> /mnt/test && umount /mnt"
% (disk_target, disk_target, test_str))
s, o = session0.cmd_status_output(cmd)
logging.debug("session in vm0 exit %s; output: %s", s, o)
if s:
test.fail("Test disk shareable on VM0 failed")
session0.close()
# Try to read on vm1.
cmd = ("fdisk -l /dev/%s && mount /dev/%s /mnt && grep %s"
" /mnt/test && umount /mnt"
% (disk_target, disk_target, test_str))
s, o = session.cmd_status_output(cmd)
logging.debug("session in vm1 exit %s; output: %s", s, o)
if s:
test.fail("Test disk shareable on VM1 failed")
except (remote.LoginError, virt_vm.VMError, aexpect.ShellError) as e:
logging.error(str(e))
test.fail("Test disk shareable: login failed")
if test_readonly:
# Check shared file selinux label with type and MCS as
# virt_content_t:s0
if disk_path:
se_label = utils_selinux.get_context_of_file(disk_path)
logging.debug("Context of shared iso '%s' is '%s'" %
(disk_path, se_label))
if "virt_content_t:s0" not in se_label:
test.fail("Context of shared iso is not"
" expected.")
if i == 1:
try:
test_str = "teststring"
# Try to read on vm0.
session0 = vms_list[0]['vm'].wait_for_login(timeout=10)
cmd = "mount -o ro /dev/cdrom /mnt && grep "
cmd += "%s /mnt/%s" % (test_str, tmp_filename)
s, o = session0.cmd_status_output(cmd)
logging.debug("session in vm0 exit %s; output: %s", s, o)
session0.close()
if s:
test.fail("Test file not found in VM0 cdrom")
# Try to read on vm1.
s, o = session.cmd_status_output(cmd)
logging.debug("session in vm1 exit %s; output: %s", s, o)
if s:
test.fail("Test file not found in VM1 cdrom")
except (remote.LoginError, virt_vm.VMError, aexpect.ShellError) as e:
logging.error(str(e))
test.fail("Test disk shareable: login failed")
session.close()
except virt_vm.VMStartError as start_error:
if vms_list[i]['status']:
test.fail("VM failed to start."
"Error: %s" % str(start_error))
finally:
# Stop VMs.
for i in list(range(len(vms_list))):
if vms_list[i]['vm'].is_alive():
vms_list[i]['vm'].destroy(gracefully=False)
# Recover VMs.
for vmxml_backup in vms_backup:
vmxml_backup.sync()
# Remove disks.
for img in disks:
if 'format' in img:
if img["format"] == "scsi":
libvirt.delete_scsi_disk()
elif img["format"] == "iscsi":
libvirt.setup_or_cleanup_iscsi(is_setup=False)
elif "source" in img:
os.remove(img["source"])
if tmp_readonly_file:
if os.path.exists(tmp_readonly_file):
os.remove(tmp_readonly_file)
def run_svirt_start_destroy(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Label the VM and disk with proper label.
(3).Start VM and check the context.
(4).Destroy VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_start_destroy_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_start_destroy_vm_sec_type", "dynamic")
sec_model = params.get("svirt_start_destroy_vm_sec_model", "selinux")
sec_label = params.get("svirt_start_destroy_vm_sec_label", None)
sec_relabel = params.get("svirt_start_destroy_vm_sec_relabel", "yes")
sec_dict = {'type': sec_type, 'model': sec_model, 'label': sec_label,
'relabel': sec_relabel}
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get varialbles about image.
img_label = params.get('svirt_start_destroy_disk_label')
# Label the disks of VM with img_label.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
for disk in disks.values():
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
utils_selinux.set_context_of_file(filename=disk_path,
context=img_label)
# Set selinux of host.
backup_sestatus = utils_selinux.get_status()
utils_selinux.set_status(host_sestatus)
# Set the context of the VM.
vmxml.set_seclabel(sec_dict)
vmxml.sync()
try:
# Start VM to check the VM is able to access the image or not.
try:
vm.start()
# Start VM successfully.
# VM with seclabel can access the image with the context.
if status_error:
raise error.TestFail("Test successed in negative case.")
# Check the label of VM and image when VM is running.
vm_context = utils_selinux.get_context_of_process(vm.get_pid())
if (sec_type == "static") and (not vm_context == sec_label):
raise error.TestFail("Label of VM is not expected after starting.\n"
"Detail: vm_context=%s, sec_label=%s"
% (vm_context, sec_label))
disk_context = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (sec_relabel == "no") and (not disk_context == img_label):
raise error.TestFail("Label of disk is not expected after VM "
"starting.\n"
"Detail: disk_context=%s, img_label=%s."
% (disk_context, img_label))
if sec_relabel == "yes":
vmxml = VMXML.new_from_dumpxml(vm_name)
imagelabel = vmxml.get_seclabel()['imagelabel']
if not disk_context == imagelabel:
raise error.TestFail("Label of disk is not relabeled by VM\n"
"Detal: disk_context=%s, imagelabel=%s"
% (disk_context, imagelabel))
# Check the label of disk after VM being destroyed.
vm.destroy()
img_label_after = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (not img_label_after == img_label):
raise error.TestFail("Bug: Label of disk is not restored in VM "
"shuting down.\n"
"Detail: img_label_after=%s, "
"img_label_before=%s.\n"
% (img_label_after, img_label))
except virt_vm.VMStartError, e:
# Starting VM failed.
# VM with seclabel can not access the image with the context.
if not status_error:
raise error.TestFail("Test failed in positive case."
"error: %s" % e)
finally:
# clean up
for path, label in backup_labels_of_disks.items():
utils_selinux.set_context_of_file(filename=path, context=label)
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
def run(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Label the VM and disk with proper label.
(3).Start VM and check the context.
(4).Destroy VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get(
"svirt_undefine_define_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_undefine_define_vm_sec_type", "dynamic")
sec_model = params.get("svirt_undefine_define_vm_sec_model", "selinux")
sec_label = params.get("svirt_undefine_define_vm_sec_label", None)
sec_relabel = params.get("svirt_undefine_define_vm_sec_relabel", "yes")
sec_dict = {'type': sec_type, 'model': sec_model, 'label': sec_label,
'relabel': sec_relabel}
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get varialbles about image.
img_label = params.get('svirt_undefine_define_disk_label')
# Label the disks of VM with img_label.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
for disk in disks.values():
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
utils_selinux.set_context_of_file(filename=disk_path,
context=img_label)
# Set selinux of host.
backup_sestatus = utils_selinux.get_status()
utils_selinux.set_status(host_sestatus)
# Set the context of the VM.
vmxml.set_seclabel([sec_dict])
vmxml.sync()
try:
xml_file = (os.path.join(data_dir.get_tmp_dir(), "vmxml"))
if vm.is_alive():
vm.destroy()
virsh.dumpxml(vm.name, to_file=xml_file)
cmd_result = virsh.undefine(vm.name)
if cmd_result.exit_status:
raise error.TestFail("Failed to undefine vm."
"Detail: %s" % cmd_result)
cmd_result = virsh.define(xml_file)
if cmd_result.exit_status:
raise error.TestFail("Failed to define vm."
"Detail: %s" % cmd_result)
finally:
# clean up
for path, label in backup_labels_of_disks.items():
utils_selinux.set_context_of_file(filename=path, context=label)
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
def run(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Config qemu conf if need
(3).Label the VM and disk with proper label.
(4).Start VM and check the context.
(5).Destroy VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_start_destroy_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_start_destroy_vm_sec_type", "dynamic")
sec_model = params.get("svirt_start_destroy_vm_sec_model", "selinux")
sec_label = params.get("svirt_start_destroy_vm_sec_label", None)
security_driver = params.get("security_driver", None)
security_default_confined = params.get("security_default_confined", None)
security_require_confined = params.get("security_require_confined", None)
no_sec_model = 'yes' == params.get("no_sec_model", 'no')
sec_relabel = params.get("svirt_start_destroy_vm_sec_relabel", "yes")
sec_dict = {'type': sec_type, 'relabel': sec_relabel}
sec_dict_list = []
if not no_sec_model:
if "," in sec_model:
sec_models = sec_model.split(",")
for model in sec_models:
sec_dict['model'] = model
if sec_type != "none":
sec_dict['label'] = sec_label
sec_dict_copy = sec_dict.copy()
sec_dict_list.append(sec_dict_copy)
else:
sec_dict['model'] = sec_model
if sec_type != "none":
sec_dict['label'] = sec_label
sec_dict_list.append(sec_dict)
else:
sec_dict_list.append(sec_dict)
logging.debug("sec_dict_list is: %s" % sec_dict_list)
poweroff_with_destroy = ("destroy" == params.get(
"svirt_start_destroy_vm_poweroff", "destroy"))
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get varialbles about image.
img_label = params.get('svirt_start_destroy_disk_label')
# Backup disk Labels.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
backup_ownership_of_disks = {}
for disk in disks.values():
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
f = os.open(disk_path, 0)
stat_re = os.fstat(f)
backup_ownership_of_disks[disk_path] = "%s:%s" % (stat_re.st_uid,
stat_re.st_gid)
# Backup selinux of host.
backup_sestatus = utils_selinux.get_status()
qemu_conf = utils_config.LibvirtQemuConfig()
libvirtd = utils_libvirtd.Libvirtd()
try:
# Set disk label
for disk in disks.values():
disk_path = disk['source']
utils_selinux.set_context_of_file(filename=disk_path,
context=img_label)
os.chown(disk_path, 107, 107)
# Set selinux of host.
utils_selinux.set_status(host_sestatus)
# Set qemu conf
if security_driver:
qemu_conf.set_string('security_driver', security_driver)
if security_default_confined:
qemu_conf.security_default_confined = security_default_confined
if security_require_confined:
qemu_conf.security_require_confined = security_require_confined
if (security_driver or security_default_confined or
security_require_confined):
logging.debug("the qemu.conf content is: %s" % qemu_conf)
libvirtd.restart()
# Set the context of the VM.
vmxml.set_seclabel(sec_dict_list)
vmxml.sync()
logging.debug("the domain xml is: %s" % vmxml.xmltreefile)
# Start VM to check the VM is able to access the image or not.
try:
vm.start()
# Start VM successfully.
# VM with seclabel can access the image with the context.
if status_error:
raise error.TestFail("Test succeeded in negative case.")
# Check the label of VM and image when VM is running.
vm_context = utils_selinux.get_context_of_process(vm.get_pid())
if (sec_type == "static") and (not vm_context == sec_label):
raise error.TestFail("Label of VM is not expected after "
"starting.\n"
"Detail: vm_context=%s, sec_label=%s"
% (vm_context, sec_label))
disk_context = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (sec_relabel == "no") and (not disk_context == img_label):
raise error.TestFail("Label of disk is not expected after VM "
"starting.\n"
"Detail: disk_context=%s, img_label=%s."
% (disk_context, img_label))
if sec_relabel == "yes" and not no_sec_model:
vmxml = VMXML.new_from_dumpxml(vm_name)
imagelabel = vmxml.get_seclabel()[0]['imagelabel']
if not disk_context == imagelabel:
raise error.TestFail("Label of disk is not relabeled by "
"VM\nDetal: disk_context="
"%s, imagelabel=%s"
% (disk_context, imagelabel))
# Check the label of disk after VM being destroyed.
if poweroff_with_destroy:
vm.destroy(gracefully=False)
else:
vm.wait_for_login()
vm.shutdown()
img_label_after = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (not img_label_after == img_label):
# Bug 547546 - RFE: the security drivers must remember original
# permissions/labels and restore them after
# https://bugzilla.redhat.com/show_bug.cgi?id=547546
err_msg = "Label of disk is not restored in VM shuting down.\n"
err_msg += "Detail: img_label_after=%s, " % img_label_after
err_msg += "img_label_before=%s.\n" % img_label
err_msg += "More info in https://bugzilla.redhat.com/show_bug"
err_msg += ".cgi?id=547546"
raise error.TestFail(err_msg)
except virt_vm.VMStartError, e:
# Starting VM failed.
# VM with seclabel can not access the image with the context.
if not status_error:
raise error.TestFail("Test failed in positive case."
"error: %s" % e)
finally:
# clean up
for path, label in backup_labels_of_disks.items():
utils_selinux.set_context_of_file(filename=path, context=label)
for path, label in backup_ownership_of_disks.items():
label_list = label.split(":")
os.chown(path, int(label_list[0]), int(label_list[1]))
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
if (security_driver or security_default_confined or
security_require_confined):
qemu_conf.restore()
libvirtd.restart()
def run(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Config qemu conf if need
(3).Label the VM and disk with proper label.
(4).Start VM and check the context.
(5).Destroy VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_start_destroy_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_start_destroy_vm_sec_type", "dynamic")
sec_model = params.get("svirt_start_destroy_vm_sec_model", "selinux")
sec_label = params.get("svirt_start_destroy_vm_sec_label", None)
sec_baselabel = params.get("svirt_start_destroy_vm_sec_baselabel", None)
security_driver = params.get("security_driver", None)
security_default_confined = params.get("security_default_confined", None)
security_require_confined = params.get("security_require_confined", None)
no_sec_model = 'yes' == params.get("no_sec_model", 'no')
xattr_check = 'yes' == params.get("xattr_check", 'no')
sec_relabel = params.get("svirt_start_destroy_vm_sec_relabel", "yes")
sec_dict = {'type': sec_type, 'relabel': sec_relabel}
sec_dict_list = []
def _set_sec_model(model):
"""
Set sec_dict_list base on given sec model type
"""
sec_dict_copy = sec_dict.copy()
sec_dict_copy['model'] = model
if sec_type != "none":
if sec_type == "dynamic" and sec_baselabel:
sec_dict_copy['baselabel'] = sec_baselabel
else:
sec_dict_copy['label'] = sec_label
sec_dict_list.append(sec_dict_copy)
if not no_sec_model:
if "," in sec_model:
sec_models = sec_model.split(",")
for model in sec_models:
_set_sec_model(model)
else:
_set_sec_model(sec_model)
else:
sec_dict_list.append(sec_dict)
logging.debug("sec_dict_list is: %s" % sec_dict_list)
poweroff_with_destroy = ("destroy" == params.get(
"svirt_start_destroy_vm_poweroff", "destroy"))
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get variables about image.
img_label = params.get('svirt_start_destroy_disk_label')
# Backup disk Labels.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
backup_ownership_of_disks = {}
for disk in list(disks.values()):
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
stat_re = os.stat(disk_path)
backup_ownership_of_disks[disk_path] = "%s:%s" % (stat_re.st_uid,
stat_re.st_gid)
# Backup selinux of host.
backup_sestatus = utils_selinux.get_status()
qemu_conf = utils_config.LibvirtQemuConfig()
libvirtd = utils_libvirtd.Libvirtd()
def _resolve_label(label_string):
labels = label_string.split(":")
label_type = labels[2]
if len(labels) == 4:
label_range = labels[3]
elif len(labels) > 4:
label_range = "%s:%s" % (labels[3], labels[4])
else:
label_range = None
return (label_type, label_range)
def _check_label_equal(label1, label2):
label1s = label1.split(":")
label2s = label2.split(":")
for i in range(len(label1s)):
if label1s[i] != label2s[i]:
return False
return True
try:
# Set disk label
(img_label_type, img_label_range) = _resolve_label(img_label)
for disk in list(disks.values()):
disk_path = disk['source']
dir_path = "%s(/.*)?" % os.path.dirname(disk_path)
try:
utils_selinux.del_defcon(img_label_type, pathregex=dir_path)
except Exception as err:
logging.debug("Delete label failed: %s", err)
# Using semanage set context persistently
utils_selinux.set_defcon(context_type=img_label_type,
pathregex=dir_path,
context_range=img_label_range)
utils_selinux.verify_defcon(pathname=disk_path,
readonly=False,
forcedesc=True)
if sec_relabel == "no" and sec_type == 'none':
os.chown(disk_path, 107, 107)
# Set selinux of host.
utils_selinux.set_status(host_sestatus)
# Set qemu conf
if security_driver:
qemu_conf.set_string('security_driver', security_driver)
if security_default_confined:
qemu_conf.security_default_confined = security_default_confined
if security_require_confined:
qemu_conf.security_require_confined = security_require_confined
if (security_driver or security_default_confined
or security_require_confined):
logging.debug("the qemu.conf content is: %s" % qemu_conf)
libvirtd.restart()
# Set the context of the VM.
vmxml.set_seclabel(sec_dict_list)
vmxml.sync()
logging.debug("the domain xml is: %s" % vmxml.xmltreefile)
# restart libvirtd
libvirtd.restart()
# Start VM to check the VM is able to access the image or not.
try:
# Need another guest to test the xattr added by libvirt
if xattr_check:
blklist = virsh.domblklist(vm_name, debug=True)
target_disk = re.findall(r"[v,s]d[a-z]",
blklist.stdout.strip())[0]
guest_name = "%s_%s" % (vm_name, '1')
cmd = "virt-clone --original %s --name %s " % (vm_name,
guest_name)
cmd += "--auto-clone --skip-copy=%s" % target_disk
process.run(cmd, shell=True, verbose=True)
vm.start()
# Start VM successfully.
# VM with seclabel can access the image with the context.
if status_error:
test.fail("Test succeeded in negative case.")
# Start another vm with the same disk image.
# The xattr will not be changed.
if xattr_check:
virsh.start(guest_name, ignore_status=True, debug=True)
# Check the label of VM and image when VM is running.
vm_context = utils_selinux.get_context_of_process(vm.get_pid())
if (sec_type == "static") and (not vm_context == sec_label):
test.fail("Label of VM is not expected after "
"starting.\n"
"Detail: vm_context=%s, sec_label=%s" %
(vm_context, sec_label))
disk_context = utils_selinux.get_context_of_file(
filename=list(disks.values())[0]['source'])
if (sec_relabel == "no") and (not disk_context == img_label):
test.fail("Label of disk is not expected after VM "
"starting.\n"
"Detail: disk_context=%s, img_label=%s." %
(disk_context, img_label))
if sec_relabel == "yes" and not no_sec_model:
vmxml = VMXML.new_from_dumpxml(vm_name)
imagelabel = vmxml.get_seclabel()[0]['imagelabel']
# the disk context is 'system_u:object_r:svirt_image_t:s0',
# when VM started, the MLS/MCS Range will be added automatically.
# imagelabel turns to be 'system_u:object_r:svirt_image_t:s0:cxx,cxxx'
# but we shouldn't check the MCS range.
if not _check_label_equal(disk_context, imagelabel):
test.fail("Label of disk is not relabeled by "
"VM\nDetal: disk_context="
"%s, imagelabel=%s" % (disk_context, imagelabel))
expected_results = "trusted.libvirt.security.ref_dac=\"1\"\n"
expected_results += "trusted.libvirt.security.ref_selinux=\"1\""
cmd = "getfattr -m trusted.libvirt.security -d %s " % list(
disks.values())[0]['source']
utils_test.libvirt.check_cmd_output(cmd,
content=expected_results)
# Check the label of disk after VM being destroyed.
if poweroff_with_destroy:
vm.destroy(gracefully=False)
else:
vm.wait_for_login()
vm.shutdown()
filename = list(disks.values())[0]['source']
img_label_after = utils_selinux.get_context_of_file(filename)
stat_re = os.stat(filename)
ownership_of_disk = "%s:%s" % (stat_re.st_uid, stat_re.st_gid)
logging.debug("The ownership of disk after guest starting is:\n")
logging.debug(ownership_of_disk)
logging.debug("The ownership of disk before guest starting is:\n")
logging.debug(backup_ownership_of_disks[filename])
if not (sec_relabel == "no" and sec_type == 'none'):
if not libvirt_version.version_compare(5, 6, 0):
if img_label_after != img_label:
# Bug 547546 - RFE: the security drivers must remember original
# permissions/labels and restore them after
# https://bugzilla.redhat.com/show_bug.cgi?id=547546
err_msg = "Label of disk is not restored in VM shutting down.\n"
err_msg += "Detail: img_label_after=%s, " % img_label_after
err_msg += "img_label_before=%s.\n" % img_label
err_msg += "More info in https://bugzilla.redhat.com/show_bug"
err_msg += ".cgi?id=547546"
test.fail(err_msg)
elif (img_label_after != img_label or ownership_of_disk !=
backup_ownership_of_disks[filename]):
err_msg = "Label of disk is not restored in VM shutting down.\n"
err_msg += "Detail: img_label_after=%s, %s " % (
img_label_after, ownership_of_disk)
err_msg += "img_label_before=%s, %s\n" % (
img_label, backup_ownership_of_disks[filename])
test.fail(err_msg)
# The xattr should be cleaned after guest shutoff.
cmd = "getfattr -m trusted.libvirt.security -d %s " % list(
disks.values())[0]['source']
utils_test.libvirt.check_cmd_output(cmd, content="")
except virt_vm.VMStartError as e:
# Starting VM failed.
# VM with seclabel can not access the image with the context.
if not status_error:
test.fail("Test failed in positive case." "error: %s" % e)
finally:
# clean up
for path, label in list(backup_labels_of_disks.items()):
# Using semanage set context persistently
dir_path = "%s(/.*)?" % os.path.dirname(path)
(img_label_type, img_label_range) = _resolve_label(label)
try:
utils_selinux.del_defcon(img_label_type, pathregex=dir_path)
except Exception as err:
logging.debug("Delete label failed: %s", err)
utils_selinux.set_defcon(context_type=img_label_type,
pathregex=dir_path,
context_range=img_label_range)
utils_selinux.verify_defcon(pathname=path,
readonly=False,
forcedesc=True)
for path, label in list(backup_ownership_of_disks.items()):
label_list = label.split(":")
os.chown(path, int(label_list[0]), int(label_list[1]))
backup_xml.sync()
if xattr_check:
virsh.undefine(guest_name, ignore_status=True)
utils_selinux.set_status(backup_sestatus)
if (security_driver or security_default_confined
or security_require_confined):
qemu_conf.restore()
libvirtd.restart()
def run(test, params, env):
"""
Test svirt in adding disk to VM.
(1).Init variables for test.
(2).Config qemu conf if need
(3).Label the VM and disk with proper label.
(4).Start VM and check the context.
(5).Destroy VM and check the context.
"""
# Get general variables.
status_error = ('yes' == params.get("status_error", 'no'))
host_sestatus = params.get("svirt_start_destroy_host_selinux", "enforcing")
# Get variables about seclabel for VM.
sec_type = params.get("svirt_start_destroy_vm_sec_type", "dynamic")
sec_model = params.get("svirt_start_destroy_vm_sec_model", "selinux")
sec_label = params.get("svirt_start_destroy_vm_sec_label", None)
security_driver = params.get("security_driver", None)
security_default_confined = params.get("security_default_confined", None)
security_require_confined = params.get("security_require_confined", None)
no_sec_model = 'yes' == params.get("no_sec_model", 'no')
sec_relabel = params.get("svirt_start_destroy_vm_sec_relabel", "yes")
sec_dict = {'type': sec_type, 'relabel': sec_relabel}
sec_dict_list = []
if not no_sec_model:
if "," in sec_model:
sec_models = sec_model.split(",")
for model in sec_models:
sec_dict['model'] = model
if sec_type != "none":
sec_dict['label'] = sec_label
sec_dict_copy = sec_dict.copy()
sec_dict_list.append(sec_dict_copy)
else:
sec_dict['model'] = sec_model
if sec_type != "none":
sec_dict['label'] = sec_label
sec_dict_list.append(sec_dict)
else:
sec_dict_list.append(sec_dict)
logging.debug("sec_dict_list is: %s" % sec_dict_list)
poweroff_with_destroy = ("destroy" == params.get(
"svirt_start_destroy_vm_poweroff", "destroy"))
# Get variables about VM and get a VM object and VMXML instance.
vm_name = params.get("main_vm")
vm = env.get_vm(vm_name)
vmxml = VMXML.new_from_inactive_dumpxml(vm_name)
backup_xml = vmxml.copy()
# Get varialbles about image.
img_label = params.get('svirt_start_destroy_disk_label')
# Backup disk Labels.
disks = vm.get_disk_devices()
backup_labels_of_disks = {}
backup_ownership_of_disks = {}
for disk in disks.values():
disk_path = disk['source']
backup_labels_of_disks[disk_path] = utils_selinux.get_context_of_file(
filename=disk_path)
f = os.open(disk_path, 0)
stat_re = os.fstat(f)
backup_ownership_of_disks[disk_path] = "%s:%s" % (stat_re.st_uid,
stat_re.st_gid)
# Backup selinux of host.
backup_sestatus = utils_selinux.get_status()
qemu_conf = utils_config.LibvirtQemuConfig()
libvirtd = utils_libvirtd.Libvirtd()
try:
# Set disk label
for disk in disks.values():
disk_path = disk['source']
utils_selinux.set_context_of_file(filename=disk_path,
context=img_label)
os.chown(disk_path, 107, 107)
# Set selinux of host.
utils_selinux.set_status(host_sestatus)
# Set qemu conf
if security_driver:
qemu_conf.set_string('security_driver', security_driver)
if security_default_confined:
qemu_conf.security_default_confined = security_default_confined
if security_require_confined:
qemu_conf.security_require_confined = security_require_confined
if (security_driver or security_default_confined
or security_require_confined):
logging.debug("the qemu.conf content is: %s" % qemu_conf)
libvirtd.restart()
# Set the context of the VM.
vmxml.set_seclabel(sec_dict_list)
vmxml.sync()
logging.debug("the domain xml is: %s" % vmxml.xmltreefile)
# Start VM to check the VM is able to access the image or not.
try:
vm.start()
# Start VM successfully.
# VM with seclabel can access the image with the context.
if status_error:
raise error.TestFail("Test succeeded in negative case.")
# Check the label of VM and image when VM is running.
vm_context = utils_selinux.get_context_of_process(vm.get_pid())
if (sec_type == "static") and (not vm_context == sec_label):
raise error.TestFail("Label of VM is not expected after "
"starting.\n"
"Detail: vm_context=%s, sec_label=%s" %
(vm_context, sec_label))
disk_context = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (sec_relabel == "no") and (not disk_context == img_label):
raise error.TestFail("Label of disk is not expected after VM "
"starting.\n"
"Detail: disk_context=%s, img_label=%s." %
(disk_context, img_label))
if sec_relabel == "yes" and not no_sec_model:
vmxml = VMXML.new_from_dumpxml(vm_name)
imagelabel = vmxml.get_seclabel()[0]['imagelabel']
if not disk_context == imagelabel:
raise error.TestFail("Label of disk is not relabeled by "
"VM\nDetal: disk_context="
"%s, imagelabel=%s" %
(disk_context, imagelabel))
# Check the label of disk after VM being destroyed.
if poweroff_with_destroy:
vm.destroy(gracefully=False)
else:
vm.wait_for_login()
vm.shutdown()
img_label_after = utils_selinux.get_context_of_file(
filename=disks.values()[0]['source'])
if (not img_label_after == img_label):
# Bug 547546 - RFE: the security drivers must remember original
# permissions/labels and restore them after
# https://bugzilla.redhat.com/show_bug.cgi?id=547546
err_msg = "Label of disk is not restored in VM shuting down.\n"
err_msg += "Detail: img_label_after=%s, " % img_label_after
err_msg += "img_label_before=%s.\n" % img_label
err_msg += "More info in https://bugzilla.redhat.com/show_bug"
err_msg += ".cgi?id=547546"
raise error.TestFail(err_msg)
except virt_vm.VMStartError, e:
# Starting VM failed.
# VM with seclabel can not access the image with the context.
if not status_error:
raise error.TestFail("Test failed in positive case."
"error: %s" % e)
finally:
# clean up
for path, label in backup_labels_of_disks.items():
utils_selinux.set_context_of_file(filename=path, context=label)
for path, label in backup_ownership_of_disks.items():
label_list = label.split(":")
os.chown(path, int(label_list[0]), int(label_list[1]))
backup_xml.sync()
utils_selinux.set_status(backup_sestatus)
if (security_driver or security_default_confined
or security_require_confined):
qemu_conf.restore()
libvirtd.restart()
def run(test, params, env):
"""
Test disk attachement of multiple disks.
1.Prepare test environment, destroy VMs.
2.Perform 'qemu-img create' operation.
3.Edit disks xml and start the domains.
4.Perform test operation.
5.Recover test environment.
6.Confirm the test result.
"""
def set_vm_controller_xml(vmxml):
"""
Set VM scsi controller xml.
:param vmxml. Domain xml object.
"""
# Add disk scsi controller
scsi_controller = Controller("controller")
scsi_controller.type = "scsi"
scsi_controller.index = "0"
scsi_controller.model = "virtio-scsi"
vmxml.add_device(scsi_controller)
# Redefine domain
vmxml.sync()
def get_vm_disk_xml(dev_type, dev_name, **options):
"""
Create a disk xml object and return it.
:param dev_type. Disk type.
:param dev_name. Disk device name.
:param options. Disk options.
:return: Disk xml object.
"""
# Create disk xml
disk_xml = Disk(type_name=dev_type)
disk_xml.device = options["disk_device"]
if options.has_key("sgio") and options["sgio"] != "":
disk_xml.sgio = options["sgio"]
disk_xml.device = "lun"
disk_xml.rawio = "no"
if dev_type == "block":
disk_attr = "dev"
else:
disk_attr = "file"
disk_xml.target = {'dev': options["target"],
'bus': options["bus"]}
disk_xml.source = disk_xml.new_disk_source(
**{'attrs': {disk_attr: dev_name}})
# Add driver options from parameters.
driver_dict = {"name": "qemu"}
if options.has_key("driver"):
for driver_option in options["driver"].split(','):
if driver_option != "":
d = driver_option.split('=')
logging.debug("disk driver option: %s=%s", d[0], d[1])
driver_dict.update({d[0].strip(): d[1].strip()})
disk_xml.driver = driver_dict
if options.has_key("share"):
if options["share"] == "shareable":
disk_xml.share = True
if options.has_key("readonly"):
if options["readonly"] == "readonly":
disk_xml.readonly = True
logging.debug("The disk xml is: %s" % disk_xml.xmltreefile)
return disk_xml
vm_names = params.get("vms").split()
if len(vm_names) < 2:
raise error.TestNAError("No multi vms provided.")
# Disk specific attributes.
vms_sgio = params.get("virt_disk_vms_sgio", "").split()
vms_share = params.get("virt_disk_vms_share", "").split()
vms_readonly = params.get("virt_disk_vms_readonly", "").split()
disk_bus = params.get("virt_disk_bus", "virtio")
disk_target = params.get("virt_disk_target", "vdb")
disk_type = params.get("virt_disk_type", "file")
disk_device = params.get("virt_disk_device", "disk")
disk_format = params.get("virt_disk_format", "")
scsi_options = params.get("scsi_options", "")
disk_driver_options = params.get("disk_driver_options", "")
hotplug = "yes" == params.get("virt_disk_vms_hotplug", "no")
status_error = params.get("status_error").split()
test_error_policy = "yes" == params.get("virt_disk_test_error_policy",
"no")
test_shareable = "yes" == params.get("virt_disk_test_shareable", "no")
test_readonly = "yes" == params.get("virt_disk_test_readonly", "no")
disk_source_path = test.tmpdir
disk_path = ""
tmp_filename = "cdrom_te.tmp"
tmp_readonly_file = ""
# Backup vm xml files.
vms_backup = []
# We just use 2 VMs for testing.
for i in range(2):
vmxml_backup = vm_xml.VMXML.new_from_inactive_dumpxml(vm_names[i])
vms_backup.append(vmxml_backup)
# Initialize VM list
vms_list = []
try:
# Create disk images if needed.
disks = []
if disk_format == "scsi":
disk_source = libvirt.create_scsi_disk(scsi_options)
if not disk_source:
raise error.TestNAError("Get scsi disk failed.")
disks.append({"format": "scsi", "source": disk_source})
elif disk_format == "iscsi":
# Create iscsi device if neened.
image_size = params.get("image_size", "100M")
disk_source = libvirt.setup_or_cleanup_iscsi(
is_setup=True, is_login=True, image_size=image_size)
logging.debug("iscsi dev name: %s", disk_source)
# Format the disk and make the file system.
libvirt.mk_label(disk_source)
libvirt.mk_part(disk_source, size="10M")
libvirt.mkfs("%s1" % disk_source, "ext3")
disk_source += "1"
disks.append({"format": disk_format,
"source": disk_source})
elif disk_format in ["raw", "qcow2"]:
disk_path = "%s/test.%s" % (disk_source_path, disk_format)
disk_source = libvirt.create_local_disk("file", disk_path, "1",
disk_format=disk_format)
libvirt.mkfs(disk_source, "ext3")
disks.append({"format": disk_format,
"source": disk_source})
if disk_device == "cdrom":
tmp_readonly_file = "/root/%s" % tmp_filename
with open(tmp_readonly_file, 'w') as f:
f.write("teststring\n")
disk_path = "%s/test.iso" % disk_source_path
disk_source = libvirt.create_local_disk("iso", disk_path, "1")
disks.append({"source": disk_source})
# Compose the new domain xml
for i in range(2):
vm = env.get_vm(vm_names[i])
# Destroy domain first.
if vm.is_alive():
vm.destroy(gracefully=False)
# Configure vm disk options and define vm
vmxml = vm_xml.VMXML.new_from_dumpxml(vm_names[i])
if disk_bus == "scsi":
set_vm_controller_xml(vmxml)
disk_sgio = ""
if len(vms_sgio) > i:
disk_sgio = vms_sgio[i]
shareable = ""
if len(vms_share) > i:
shareable = vms_share[i]
readonly = ""
if len(vms_readonly) > i:
readonly = vms_readonly[i]
disk_xml = get_vm_disk_xml(disk_type, disk_source,
sgio=disk_sgio, share=shareable,
target=disk_target, bus=disk_bus,
driver=disk_driver_options,
disk_device=disk_device,
readonly=readonly)
if not hotplug:
# If we are not testing hotplug,
# add disks to domain xml and sync.
vmxml.add_device(disk_xml)
vmxml.sync()
vms_list.append({"name": vm_names[i], "vm": vm,
"status": "yes" == status_error[i],
"disk": disk_xml})
logging.debug("vms_list %s" % vms_list)
for i in range(len(vms_list)):
try:
# Try to start the domain.
vms_list[i]['vm'].start()
# Check if VM is started as expected.
if not vms_list[i]['status']:
raise error.TestFail('VM started unexpectedly.')
session = vms_list[i]['vm'].wait_for_login()
# if we are testing hotplug, it need to start domain and
# then run virsh attach-device command.
if hotplug:
vms_list[i]['disk'].xmltreefile.write()
result = virsh.attach_device(vms_list[i]['name'],
vms_list[i]['disk'].xml).exit_status
os.remove(vms_list[i]['disk'].xml)
# Check if the return code of attach-device
# command is as expected.
if 0 != result and vms_list[i]['status']:
raise error.TestFail('Failed to hotplug disk device')
elif 0 == result and not vms_list[i]['status']:
raise error.TestFail('Hotplug disk device unexpectedly.')
# Check disk error_policy option in VMs.
if test_error_policy:
error_policy = vms_list[i]['disk'].driver["error_policy"]
if i == 0:
# If we testing enospace error policy, only 1 vm used
if error_policy == "enospace":
cmd = ("mount /dev/%s /mnt && dd if=/dev/zero of=/mnt/test"
" bs=1M count=2000 2>&1 | grep 'No space left'"
% disk_target)
s, o = session.cmd_status_output(cmd)
logging.debug("error_policy in vm0 exit %s; output: %s", s, o)
if 0 != s:
raise error.TestFail("Test error_policy %s: cann't see"
" error messages")
session.close()
break
if session.cmd_status("fdisk -l /dev/%s && mount /dev/%s /mnt; ls /mnt"
% (disk_target, disk_target)):
session.close()
raise error.TestFail("Test error_policy: "
"failed to mount disk")
if i == 1:
try:
session0 = vms_list[0]['vm'].wait_for_login(timeout=10)
cmd = ("fdisk -l /dev/%s && mkfs.ext3 -F /dev/%s "
% (disk_target, disk_target))
s, o = session.cmd_status_output(cmd)
logging.debug("error_policy in vm1 exit %s; output: %s", s, o)
session.close()
cmd = ("dd if=/dev/zero of=/mnt/test bs=1M count=100 && dd if="
"/mnt/test of=/dev/null bs=1M;dmesg | grep 'I/O error'")
s, o = session0.cmd_status_output(cmd)
logging.debug("session in vm0 exit %s; output: %s", s, o)
if error_policy == "report":
if s:
raise error.TestFail("Test error_policy %s: cann't report"
" error" % error_policy)
elif error_policy == "ignore":
if 0 == s:
raise error.TestFail("Test error_policy %s: error cann't"
" be ignored" % error_policy)
session0.close()
except (remote.LoginError, virt_vm.VMError, aexpect.ShellError), e:
if error_policy == "stop":
if not vms_list[0]['vm'].is_paused():
raise error.TestFail("Test error_policy %s: cann't stop"
" VM" % error_policy)
else:
logging.error(str(e))
raise error.TestFail("Test error_policy %s: login failed"
% error_policy)
if test_shareable:
# Check shared file selinux label with type and MCS as
# svirt_image_t:s0
if disk_path:
se_label = utils_selinux.get_context_of_file(disk_path)
logging.debug("Context of shared img '%s' is '%s'" %
(disk_path, se_label))
if "svirt_image_t:s0" not in se_label:
raise error.TestFail("Context of shared img is not"
" expected.")
if i == 1:
try:
test_str = "teststring"
# Try to write on vm0.
session0 = vms_list[0]['vm'].wait_for_login(timeout=10)
cmd = ("fdisk -l /dev/%s && mount /dev/%s /mnt && echo '%s' "
"> /mnt/test && umount /mnt"
% (disk_target, disk_target, test_str))
s, o = session0.cmd_status_output(cmd)
logging.debug("session in vm0 exit %s; output: %s", s, o)
if s:
raise error.TestFail("Test disk shareable on VM0 failed")
session0.close()
# Try to read on vm1.
cmd = ("fdisk -l /dev/%s && mount /dev/%s /mnt && grep %s"
" /mnt/test && umount /mnt"
% (disk_target, disk_target, test_str))
s, o = session.cmd_status_output(cmd)
logging.debug("session in vm1 exit %s; output: %s", s, o)
if s:
raise error.TestFail("Test disk shareable on VM1 failed")
except (remote.LoginError, virt_vm.VMError, aexpect.ShellError), e:
logging.error(str(e))
raise error.TestFail("Test disk shareable: login failed")
if test_readonly:
# Check shared file selinux label with type and MCS as
# virt_content_t:s0
if disk_path:
se_label = utils_selinux.get_context_of_file(disk_path)
logging.debug("Context of shared iso '%s' is '%s'" %
(disk_path, se_label))
if "virt_content_t:s0" not in se_label:
raise error.TestFail("Context of shared iso is not"
" expected.")
if i == 1:
try:
test_str = "teststring"
# Try to read on vm0.
session0 = vms_list[0]['vm'].wait_for_login(timeout=10)
cmd = "mount -o ro /dev/cdrom /mnt && grep "
cmd += "%s /mnt/%s" % (test_str, tmp_filename)
s, o = session0.cmd_status_output(cmd)
logging.debug("session in vm0 exit %s; output: %s", s, o)
session0.close()
if s:
raise error.TestFail("Test file not found in VM0 cdrom")
# Try to read on vm1.
s, o = session.cmd_status_output(cmd)
logging.debug("session in vm1 exit %s; output: %s", s, o)
if s:
raise error.TestFail("Test file not found in VM1 cdrom")
except (remote.LoginError, virt_vm.VMError, aexpect.ShellError), e:
logging.error(str(e))
raise error.TestFail("Test disk shareable: login failed")
session.close()
