mirror of https://gitee.com/openkylin/libvirt.git
247 lines
7.9 KiB
Python
247 lines
7.9 KiB
Python
#!/usr/bin/env python3
|
|
# libvirt 'run' programs locally script
|
|
# Copyright (C) 2012-2021 Red Hat, Inc.
|
|
#
|
|
# This library is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; either
|
|
# version 2.1 of the License, or (at your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library; If not, see
|
|
# <http://www.gnu.org/licenses/>.
|
|
|
|
# ----------------------------------------------------------------------
|
|
#
|
|
# With this script you can run libvirt programs without needing to
|
|
# install them first. You just have to do for example:
|
|
#
|
|
# ./run virsh [args ...]
|
|
#
|
|
# Note that this runs the locally compiled copy of virsh which
|
|
# is usually want you want.
|
|
#
|
|
# You can also run the C programs under valgrind like this:
|
|
#
|
|
# ./run valgrind [valgrind opts...] ./program
|
|
#
|
|
# or under gdb:
|
|
#
|
|
# ./run gdb --args ./program
|
|
#
|
|
# This also works with sudo (eg. if you need root access for libvirt):
|
|
#
|
|
# sudo ./run virsh list --all
|
|
#
|
|
# ----------------------------------------------------------------------
|
|
|
|
import argparse
|
|
import os
|
|
import os.path
|
|
import random
|
|
import shutil
|
|
import signal
|
|
import subprocess
|
|
import sys
|
|
|
|
|
|
# Function to intelligently prepend a path to an environment variable.
|
|
# See https://stackoverflow.com/a/9631350
|
|
def prepend(env, varname, extradir):
|
|
if varname in os.environ:
|
|
env[varname] = extradir + ":" + env[varname]
|
|
else:
|
|
env[varname] = extradir
|
|
|
|
|
|
here = "@abs_builddir@"
|
|
|
|
parser = argparse.ArgumentParser(add_help=False, allow_abbrev=False)
|
|
parser.add_argument('--selinux',
|
|
action='store_true',
|
|
help='Run in the appropriate selinux context')
|
|
|
|
opts, args = parser.parse_known_args()
|
|
|
|
if len(args) < 1:
|
|
print("syntax: %s [--selinux] BINARY [ARGS...]" % sys.argv[0], file=sys.stderr)
|
|
sys.exit(1)
|
|
|
|
prog = args[0]
|
|
env = os.environ
|
|
|
|
prepend(env, "LD_LIBRARY_PATH", os.path.join(here, "src"))
|
|
prepend(env, "PKG_CONFIG_PATH", os.path.join(here, "src"))
|
|
prepend(env, "PATH", os.path.join(here, "tools"))
|
|
prepend(env, "PATH", os.path.join(here, "src"))
|
|
|
|
# Ensure that any 3rd party apps using libvirt.so from the build tree get
|
|
# files resolved to the build/source tree too. Typically useful for language
|
|
# bindings running tests against non-installed libvirt.
|
|
env["LIBVIRT_DIR_OVERRIDE"] = "1"
|
|
|
|
# This is a cheap way to find some use-after-free and uninitialized
|
|
# read problems when using glibc.
|
|
env["MALLOC_PERTURB_"] = "%d" % random.randint(1, 255)
|
|
|
|
env["abs_builddir"] = "@abs_builddir@"
|
|
env["abs_top_builddir"] = "@abs_top_builddir@"
|
|
|
|
modular_daemons = [
|
|
"virtinterfaced",
|
|
"virtlxcd",
|
|
"virtnetworkd",
|
|
"virtnodedevd",
|
|
"virtnwfilterd",
|
|
"virtproxyd",
|
|
"virtqemud",
|
|
"virtsecretd",
|
|
"virtstoraged",
|
|
"virtvboxd",
|
|
"virtvzd",
|
|
"virtxend",
|
|
]
|
|
|
|
|
|
def is_modular_daemon(name):
|
|
return name in modular_daemons
|
|
|
|
|
|
def is_monolithic_daemon(name):
|
|
return name == "libvirtd"
|
|
|
|
|
|
def is_systemd_host():
|
|
if os.getuid() != 0:
|
|
return False
|
|
return os.path.exists("/run/systemd/system")
|
|
|
|
|
|
def daemon_units(name):
|
|
return [name + suffix for suffix in [
|
|
".service", ".socket", "-ro.socket", "-admin.socket"]]
|
|
|
|
|
|
def is_unit_active(name):
|
|
ret = subprocess.call(["systemctl", "is-active", "-q", name])
|
|
return ret == 0
|
|
|
|
|
|
def change_unit(name, action):
|
|
ret = subprocess.call(["systemctl", action, "-q", name])
|
|
return ret == 0
|
|
|
|
|
|
def chcon(path, user, role, type):
|
|
print("Setting file context of {} to u={}, r={}, t={}...".format(progpath,
|
|
user,
|
|
role,
|
|
type))
|
|
ret = subprocess.call(["chcon", "-u", user, "-r", role, "-t", type, path])
|
|
return ret == 0
|
|
|
|
|
|
def restorecon(path):
|
|
print("Restoring selinux context for {}...".format(path))
|
|
ret = subprocess.call(["restorecon", path])
|
|
return ret == 0
|
|
|
|
|
|
try_stop_units = []
|
|
if is_systemd_host():
|
|
maybe_stopped_units = []
|
|
for arg in args:
|
|
name = os.path.basename(arg)
|
|
if is_modular_daemon(name):
|
|
# Only need to stop libvirtd or this specific modular unit
|
|
maybe_stopped_units += daemon_units("libvirtd")
|
|
maybe_stopped_units += daemon_units(name)
|
|
elif is_monolithic_daemon(name):
|
|
# Need to stop libvirtd and/or all modular units
|
|
maybe_stopped_units += daemon_units("libvirtd")
|
|
for entry in modular_daemons:
|
|
maybe_stopped_units += daemon_units(entry)
|
|
|
|
for unit in maybe_stopped_units:
|
|
if is_unit_active(unit):
|
|
try_stop_units.append(unit)
|
|
|
|
if len(try_stop_units) == 0 and not opts.selinux:
|
|
# Run the program directly, replacing ourselves
|
|
os.execvpe(prog, args, env)
|
|
else:
|
|
stopped_units = []
|
|
|
|
def sighandler(signum, frame):
|
|
raise OSError("Signal %d received, terminating" % signum)
|
|
|
|
signal.signal(signal.SIGHUP, sighandler)
|
|
signal.signal(signal.SIGTERM, sighandler)
|
|
signal.signal(signal.SIGQUIT, sighandler)
|
|
|
|
try:
|
|
dorestorecon = False
|
|
progpath = shutil.which(prog)
|
|
if len(try_stop_units):
|
|
print("Temporarily stopping systemd units...")
|
|
|
|
for unit in try_stop_units:
|
|
print(" > %s" % unit)
|
|
if not change_unit(unit, "stop"):
|
|
raise Exception("Unable to stop '%s'" % unit)
|
|
|
|
stopped_units.append(unit)
|
|
|
|
if opts.selinux:
|
|
# if using a wrapper command like 'gdb', setting the selinux
|
|
# context won't work because the wrapper command will not be a
|
|
# valid entrypoint for the virtd_t context
|
|
if os.path.basename(prog) not in ["libvirtd", *modular_daemons]:
|
|
raise Exception("'{}' is not recognized as a valid daemon. "
|
|
"Selinux process context can only be set when "
|
|
"executing a daemon directly without wrapper "
|
|
"commands".format(prog))
|
|
|
|
if not progpath:
|
|
raise Exception("Can't find executable {} for selinux labeling"
|
|
.format(prog))
|
|
|
|
if not progpath.startswith(os.path.abspath(here)):
|
|
raise Exception("Refusing to change selinux context of file "
|
|
"'{}' outside build directory"
|
|
.format(progpath))
|
|
|
|
# selinux won't allow us to transition to the virtd_t context from
|
|
# e.g. the user_home_t context (the likely label of the local
|
|
# executable file)
|
|
if not chcon(progpath, "system_u", "object_r", "virtd_exec_t"):
|
|
raise Exception("Failed to change selinux context of binary")
|
|
dorestorecon = True
|
|
|
|
args = ['runcon',
|
|
'-u', 'system_u',
|
|
'-r', 'system_r',
|
|
'-t', 'virtd_t', *args]
|
|
|
|
print("Running '%s'..." % str(" ".join(args)))
|
|
ret = subprocess.call(args, env=env)
|
|
except KeyboardInterrupt:
|
|
pass
|
|
except Exception as e:
|
|
print("%s" % e, file=sys.stderr)
|
|
finally:
|
|
if len(stopped_units):
|
|
print("Re-starting original systemd units...")
|
|
stopped_units.reverse()
|
|
for unit in stopped_units:
|
|
print(" > %s" % unit)
|
|
if not change_unit(unit, "start"):
|
|
print(" ! unable to restart %s" % unit, file=sys.stderr)
|
|
if dorestorecon:
|
|
restorecon(progpath)
|