openstack/nova
Code Issues Proposed changes

Introduce a VFS implementation backed by the libguestfs APIs

Browse Source 
This implements the VFS APIs using the libguestfs Python APIs.
This removes the need to map the virtual disk image into the
host filesystem, and thus avoids potential symlink attacks
from the guest filesystem. It also performs better than the
libguestfs FUSE module

blueprint: virt-disk-api-refactoring
Change-Id: I3202ec9479f22aa1ae461cab24968e54be1642c1
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2012-11-13 11:03:26 +00:00
parent d23f6dc1c6
commit 74e38f1bae
3 changed files with 494 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
nova/tests/fakeguestfs.py Normal file
View File

@ -0,0 +1,140 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
#
# Copyright 2012 Red Hat, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
class GuestFS(object):
def __init__(self):
self.drives = []
self.running = False
self.closed = False
self.mounts = []
self.files = {}
self.auginit = False
def launch(self):
self.running = True
def shutdown(self):
self.running = False
self.mounts = []
self.drives = []
def close(self):
self.closed = True
def add_drive_opts(self, file, *args, **kwargs):
self.drives.append((file, kwargs['format']))
def inspect_os(self):
return ["/dev/guestvgf/lv_root"]
def inspect_get_mountpoints(self, dev):
return [["/", "/dev/mapper/guestvgf-lv_root"],
["/boot", "/dev/vda1"]]
def mount_options(self, options, device, mntpoint):
self.mounts.append((options, device, mntpoint))
def mkdir_p(self, path):
if not path in self.files:
self.files[path] = {
"isdir": True,
"gid": 100,
"uid": 100,
"mode": 0700
}
def read_file(self, path):
if not path in self.files:
self.files[path] = {
"isdir": False,
"content": "Hello World",
"gid": 100,
"uid": 100,
"mode": 0700
}
return self.files[path]["content"]
def write(self, path, content):
if not path in self.files:
self.files[path] = {
"isdir": False,
"content": "Hello World",
"gid": 100,
"uid": 100,
"mode": 0700
}
self.files[path]["content"] = content
def write_append(self, path, content):
if not path in self.files:
self.files[path] = {
"isdir": False,
"content": "Hello World",
"gid": 100,
"uid": 100,
"mode": 0700
}
self.files[path]["content"] = self.files[path]["content"] + content
def stat(self, path):
if not path in self.files:
raise Exception("No such file: " + path)
return self.files[path]["mode"]
def chown(self, uid, gid, path):
if not path in self.files:
raise Exception("No such file: " + path)
if uid != -1:
self.files[path]["uid"] = uid
if gid != -1:
self.files[path]["gid"] = gid
def chmod(self, mode, path):
if not path in self.files:
raise Exception("No such file: " + path)
self.files[path]["mode"] = mode
def aug_init(self, root, flags):
self.auginit = True
def aug_close(self):
self.auginit = False
def aug_get(self, cfgpath):
if not self.auginit:
raise Exception("Augeus not initialized")
if cfgpath == "/files/etc/passwd/root/uid":
return 0
elif cfgpath == "/files/etc/passwd/fred/uid":
return 105
elif cfgpath == "/files/etc/passwd/joe/uid":
return 110
elif cfgpath == "/files/etc/group/root/gid":
return 0
elif cfgpath == "/files/etc/group/users/gid":
return 500
elif cfgpath == "/files/etc/group/admins/gid":
return 600
raise Exception("Unknown path %s", cfgpath)

176
nova/tests/test_virt_disk_vfs_guestfs.py Normal file
View File

@ -0,0 +1,176 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
#
# Copyright (C) 2012 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sys
from nova import test
from nova.tests import fakeguestfs
from nova.virt.disk.vfs import guestfs as vfsimpl
class VirtDiskVFSGuestFSTest(test.TestCase):
def setUp(self):
super(VirtDiskVFSGuestFSTest, self).setUp()
sys.modules['guestfs'] = fakeguestfs
vfsimpl.guestfs = fakeguestfs
def test_appliance_setup_inspect(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2",
imgfmt="qcow2",
partition=-1)
vfs.setup()
self.assertEqual(vfs.handle.running, True)
self.assertEqual(len(vfs.handle.mounts), 2)
self.assertEqual(vfs.handle.mounts[0][1],
"/dev/mapper/guestvgf-lv_root")
self.assertEqual(vfs.handle.mounts[1][1], "/dev/vda1")
self.assertEqual(vfs.handle.mounts[0][2], "/")
self.assertEqual(vfs.handle.mounts[1][2], "/boot")
handle = vfs.handle
vfs.teardown()
self.assertEqual(vfs.handle, None)
self.assertEqual(handle.running, False)
self.assertEqual(handle.closed, True)
self.assertEqual(len(handle.mounts), 0)
def test_appliance_setup_static_nopart(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2",
imgfmt="qcow2",
partition=None)
vfs.setup()
self.assertEqual(vfs.handle.running, True)
self.assertEqual(len(vfs.handle.mounts), 1)
self.assertEqual(vfs.handle.mounts[0][1], "/dev/sda")
self.assertEqual(vfs.handle.mounts[0][2], "/")
handle = vfs.handle
vfs.teardown()
self.assertEqual(vfs.handle, None)
self.assertEqual(handle.running, False)
self.assertEqual(handle.closed, True)
self.assertEqual(len(handle.mounts), 0)
def test_appliance_setup_static_part(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2",
imgfmt="qcow2",
partition=2)
vfs.setup()
self.assertEqual(vfs.handle.running, True)
self.assertEqual(len(vfs.handle.mounts), 1)
self.assertEqual(vfs.handle.mounts[0][1], "/dev/sda2")
self.assertEqual(vfs.handle.mounts[0][2], "/")
handle = vfs.handle
vfs.teardown()
self.assertEqual(vfs.handle, None)
self.assertEqual(handle.running, False)
self.assertEqual(handle.closed, True)
self.assertEqual(len(handle.mounts), 0)
def test_makepath(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.make_path("/some/dir")
vfs.make_path("/other/dir")
self.assertTrue("/some/dir" in vfs.handle.files)
self.assertTrue("/other/dir" in vfs.handle.files)
self.assertTrue(vfs.handle.files["/some/dir"]["isdir"])
self.assertTrue(vfs.handle.files["/other/dir"]["isdir"])
vfs.teardown()
def test_append_file(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.append_file("/some/file", " Goodbye")
self.assertTrue("/some/file" in vfs.handle.files)
self.assertEqual(vfs.handle.files["/some/file"]["content"],
"Hello World Goodbye")
vfs.teardown()
def test_replace_file(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.replace_file("/some/file", "Goodbye")
self.assertTrue("/some/file" in vfs.handle.files)
self.assertEqual(vfs.handle.files["/some/file"]["content"],
"Goodbye")
vfs.teardown()
def test_read_file(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
self.assertEqual(vfs.read_file("/some/file"), "Hello World")
vfs.teardown()
def test_has_file(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.read_file("/some/file")
self.assertTrue(vfs.has_file("/some/file"))
self.assertFalse(vfs.has_file("/other/file"))
vfs.teardown()
def test_set_permissions(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.read_file("/some/file")
self.assertEquals(vfs.handle.files["/some/file"]["mode"], 0700)
vfs.set_permissions("/some/file", 0777)
self.assertEquals(vfs.handle.files["/some/file"]["mode"], 0777)
vfs.teardown()
def test_set_ownership(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.read_file("/some/file")
self.assertEquals(vfs.handle.files["/some/file"]["uid"], 100)
self.assertEquals(vfs.handle.files["/some/file"]["gid"], 100)
vfs.set_ownership("/some/file", "fred", None)
self.assertEquals(vfs.handle.files["/some/file"]["uid"], 105)
self.assertEquals(vfs.handle.files["/some/file"]["gid"], 100)
vfs.set_ownership("/some/file", None, "users")
self.assertEquals(vfs.handle.files["/some/file"]["uid"], 105)
self.assertEquals(vfs.handle.files["/some/file"]["gid"], 500)
vfs.set_ownership("/some/file", "joe", "admins")
self.assertEquals(vfs.handle.files["/some/file"]["uid"], 110)
self.assertEquals(vfs.handle.files["/some/file"]["gid"], 600)
vfs.teardown()

178
nova/virt/disk/vfs/guestfs.py Normal file
View File

@ -0,0 +1,178 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2012 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import guestfs
from nova import exception
from nova.openstack.common import log as logging
from nova.virt.disk.vfs import api as vfs
LOG = logging.getLogger(__name__)
guestfs = None
class VFSGuestFS(vfs.VFS):
"""
This class implements a VFS module that uses the libguestfs APIs
to access the disk image. The disk image is never mapped into
the host filesystem, thus avoiding any potential for symlink
attacks from the guest filesystem.
"""
def __init__(self, imgfile, imgfmt='raw', partition=None):
super(VFSGuestFS, self).__init__(imgfile, imgfmt, partition)
global guestfs
if guestfs is None:
guestfs = __import__('guestfs')
self.handle = None
def setup_os(self):
if self.partition == -1:
self.setup_os_inspect()
else:
self.setup_os_static()
def setup_os_static(self):
LOG.debug(_("Mount guest OS image %(imgfile)s partition %(part)s"),
{'imgfile': self.imgfile, 'part': str(self.partition)})
if self.partition:
self.handle.mount_options("", "/dev/sda%d" % self.partition, "/")
else:
self.handle.mount_options("", "/dev/sda", "/")
def setup_os_inspect(self):
LOG.debug(_("Inspecting guest OS image %s"), self.imgfile)
roots = self.handle.inspect_os()
if len(roots) == 0:
raise exception.NovaException(_("No operating system found in %s"),
self.imgfile)
if len(roots) != 1:
LOG.debug(_("Multi-boot OS %(roots)s") % {'roots': str(roots)})
raise exception.NovaException(
_("Multi-boot operating system found in %s"),
self.imgfile)
self.setup_os_root(roots[0])
def setup_os_root(self, root):
LOG.debug(_("Inspecting guest OS root filesystem %s"), root)
mounts = self.handle.inspect_get_mountpoints(root)
if len(mounts) == 0:
raise exception.NovaException(
_("No mount points found in %(root)s of %(imgfile)s") %
{'root': root, 'imgfile': self.imgfile})
mounts.sort(key=lambda mount: mount[1])
for mount in mounts:
LOG.debug(_("Mounting %(dev)s at %(dir)s") %
{'dev': mount[1], 'dir': mount[0]})
self.handle.mount_options("", mount[1], mount[0])
def setup(self):
try:
LOG.debug(_("Setting up appliance for %(imgfile)s %(imgfmt)s") %
{'imgfile': self.imgfile, 'imgfmt': self.imgfmt})
self.handle = guestfs.GuestFS()
self.handle.add_drive_opts(self.imgfile, format=self.imgfmt)
self.handle.launch()
self.setup_os()
self.handle.aug_init("/", 0)
except Exception, e:
self.handle = None
raise
def teardown(self):
LOG.debug(_("Tearing down appliance"))
try:
self.handle.aug_close()
except Exception, e:
LOG.debug(_("Failed to close augeas %s"), str(e))
try:
self.handle.shutdown()
except Exception, e:
LOG.debug(_("Failed to shutdown appliance %s"), str(e))
try:
self.handle.close()
except Exception, e:
LOG.debug(_("Failed to close guest handle %s"), str(e))
self.handle = None
@staticmethod
def _canonicalize_path(path):
if path[0] != '/':
return '/' + path
return path
def make_path(self, path):
LOG.debug(_("Make directory path=%(path)s") % locals())
path = self._canonicalize_path(path)
self.handle.mkdir_p(path)
def append_file(self, path, content):
LOG.debug(_("Append file path=%(path)s") % locals())
path = self._canonicalize_path(path)
self.handle.write_append(path, content)
def replace_file(self, path, content):
LOG.debug(_("Replace file path=%(path)s") % locals())
path = self._canonicalize_path(path)
self.handle.write(path, content)
def read_file(self, path):
LOG.debug(_("Read file path=%(path)s") % locals())
path = self._canonicalize_path(path)
return self.handle.read_file(path)
def has_file(self, path):
LOG.debug(_("Has file path=%(path)s") % locals())
path = self._canonicalize_path(path)
try:
self.handle.stat(path)
return True
except Exception, e:
return False
def set_permissions(self, path, mode):
LOG.debug(_("Set permissions path=%(path)s mode=%(mode)s") % locals())
path = self._canonicalize_path(path)
self.handle.chmod(mode, path)
def set_ownership(self, path, user, group):
LOG.debug(_("Set ownership path=%(path)s "
"user=%(user)s group=%(group)s") % locals())
path = self._canonicalize_path(path)
uid = -1
gid = -1
if user is not None:
uid = int(self.handle.aug_get(
"/files/etc/passwd/" + user + "/uid"))
if group is not None:
gid = int(self.handle.aug_get(
"/files/etc/group/" + group + "/gid"))
LOG.debug(_("chown uid=%(uid)d gid=%(gid)s") % locals())
self.handle.chown(uid, gid, path)