[libvirt] [PATCH v2 00/19] Avoid races with udev

Daniel P. Berrange berrange at redhat.com
Fri Nov 4 10:31:42 UTC 2016


On Fri, Nov 04, 2016 at 08:48:06AM +0100, Michal Privoznik wrote:
> On 03.11.2016 13:33, Daniel P. Berrange wrote:
> > On Thu, Nov 03, 2016 at 08:18:50PM +0800, Michal Privoznik wrote:
> >> This is v2 of:
> >>
> >> https://www.redhat.com/archives/libvir-list/2016-October/msg01151.html
> >>
> >> diff to v1:
> >> - Added udev rule (patch 18/19)
> >> - Wire the beast into spec file
> >> - Introduced a configure argument that suppress installation of this feature
> >>
> >> One of the problems here is that this requires patched udev:
> >>
> >> https://github.com/systemd/systemd/commit/4f985bd80278972912b80df1390f84d7a89f8d51
> >>
> >> This is going to be part of systemd-232 release. Therefore, in my code I've put
> >> checks for 232 version.
> > 
> > As discussed on the previous posting, this series is still race prone as
> > this doesn't stop udev changing the labels on devices managed by libvirt.
> > It merely causes udev to change them, and then change them back again.
> 
> True. But I guess the problem there is udev guys don't want others to
> store anything in their DB. So while this is not entirely race free it
> makes situation better, doesn't it. But I guess the best would be to ask
> them directly so everybody can see what's going on. I've sent the e-mail
> here:
> 
> https://lists.freedesktop.org/archives/systemd-devel/2016-November/037714.html
> 
> > 
> > IMHO if we're going to require an unreleased udev, then we should work to
> > get an enhancement to udev so that we can avoid this relabelling entirely
> > and thus fully fix the race problem.
> 
> Again, question is whether udev guys are willing to make their SW to
> waive its 'privileged' position of managing all the devices. If they are
> not, we can't avoid the race but we can at least minimize the window
> where the race is possible.

FWIW, a (probably insane) alternative idea is to take udev out of the
picture entirely by setting up a libvirt private /var/run/libvirt/dev
directory and running mknod in the and pointing QEMU to the path
/var/run/libvirt/dev/sda instead of /dev/sda.

In fact a more serious approach is that we could actually start to make
use of container namespaces to confine QEMU. ie start a new mount namespace
for each QEMU process with a new /dev tmpfs mounted on that. We just mknod
the few dev nodes that QEMU needs access to. This gives us security benefits
as well as taking udev out of the picture.

> BTW: as of yesterday late night "unreleased systemd" statement is no
> longer true. Lennart made a release, so udev behaviour this patch set
> relies on is now officially supported.

Right, but no distro is going to have that version for a long while
yet, so if we did have to wait for another udev release later, we not
any worse off.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|




More information about the libvir-list mailing list