Hi Dmitri, On Fri, Sep 11, 2015 at 03:40:00PM +0100, Dimitri John Ledkov wrote: > If one typically only boots full disk-images, one wouldn't necessaraly > want to statically link glibc, for the guest-init feature of the > kvmtool. As statically linked glibc triggers haevy security > maintainance. > > Signed-off-by: Dimitri John Ledkov <[email protected]> > --- > Changes since v1: > - rename CONFIG_HAS_LIBC to CONFIG_GUEST_INIT for clarity > - use more ifdefs, instead of runtime check of _binary_guest_init_size==0
The idea looks good, but I think we can tidy some of this up at the same time by moving all the guest_init code in builtin_setup.c. How about the patch below? Will --->8 >From cdce942c1a3a04635065a7972ca4e21386664756 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov <[email protected]> Date: Fri, 11 Sep 2015 15:40:00 +0100 Subject: [PATCH] Make static libc and guest-init functionality optional. If one typically only boots full disk-images, one wouldn't necessaraly want to statically link glibc, for the guest-init feature of the kvmtool. As statically linked glibc triggers haevy security maintainance. Signed-off-by: Dimitri John Ledkov <[email protected]> [will: moved all the guest_init handling into builtin_setup.c] Signed-off-by: Will Deacon <[email protected]> --- Makefile | 12 +++++++----- builtin-run.c | 29 +---------------------------- builtin-setup.c | 19 ++++++++++++++----- include/kvm/builtin-setup.h | 1 + 4 files changed, 23 insertions(+), 38 deletions(-) diff --git a/Makefile b/Makefile index 7b17d529d13b..f1701aa7b8ec 100644 --- a/Makefile +++ b/Makefile @@ -34,8 +34,6 @@ bindir_SQ = $(subst ','\'',$(bindir)) PROGRAM := lkvm PROGRAM_ALIAS := vm -GUEST_INIT := guest/init - OBJS += builtin-balloon.o OBJS += builtin-debug.o OBJS += builtin-help.o @@ -279,8 +277,13 @@ ifeq ($(LTO),1) endif endif -ifneq ($(call try-build,$(SOURCE_STATIC),,-static),y) - $(error No static libc found. Please install glibc-static package.) +ifeq ($(call try-build,$(SOURCE_STATIC),,-static),y) + CFLAGS += -DCONFIG_GUEST_INIT + GUEST_INIT := guest/init + GUEST_OBJS = guest/guest_init.o +else + $(warning No static libc found. Skipping guest init) + NOTFOUND += static-libc endif ifeq (y,$(ARCH_WANT_LIBFDT)) @@ -356,7 +359,6 @@ c_flags = -Wp,-MD,$(depfile) $(CFLAGS) # $(OTHEROBJS) are things that do not get substituted like this. # STATIC_OBJS = $(patsubst %.o,%.static.o,$(OBJS) $(OBJS_STATOPT)) -GUEST_OBJS = guest/guest_init.o $(PROGRAM)-static: $(STATIC_OBJS) $(OTHEROBJS) $(GUEST_INIT) $(E) " LINK " $@ diff --git a/builtin-run.c b/builtin-run.c index 1ee75ad3f010..e0c87329e52b 100644 --- a/builtin-run.c +++ b/builtin-run.c @@ -59,9 +59,6 @@ static int kvm_run_wrapper; bool do_debug_print = false; -extern char _binary_guest_init_start; -extern char _binary_guest_init_size; - static const char * const run_usage[] = { "lkvm run [<options>] [<kernel image>]", NULL @@ -345,30 +342,6 @@ void kvm_run_help(void) usage_with_options(run_usage, options); } -static int kvm_setup_guest_init(struct kvm *kvm) -{ - const char *rootfs = kvm->cfg.custom_rootfs_name; - char tmp[PATH_MAX]; - size_t size; - int fd, ret; - char *data; - - /* Setup /virt/init */ - size = (size_t)&_binary_guest_init_size; - data = (char *)&_binary_guest_init_start; - snprintf(tmp, PATH_MAX, "%s%s/virt/init", kvm__get_dir(), rootfs); - remove(tmp); - fd = open(tmp, O_CREAT | O_WRONLY, 0755); - if (fd < 0) - die("Fail to setup %s", tmp); - ret = xwrite(fd, data, size); - if (ret < 0) - die("Fail to setup %s", tmp); - close(fd); - - return 0; -} - static int kvm_run_set_sandbox(struct kvm *kvm) { const char *guestfs_name = kvm->cfg.custom_rootfs_name; @@ -631,7 +604,7 @@ static struct kvm *kvm_cmd_run_init(int argc, const char **argv) if (!kvm->cfg.no_dhcp) strcat(real_cmdline, " ip=dhcp"); - if (kvm_setup_guest_init(kvm)) + if (kvm_setup_guest_init(kvm->cfg.custom_rootfs_name)) die("Failed to setup init for guest."); } } else if (!strstr(real_cmdline, "root=")) { diff --git a/builtin-setup.c b/builtin-setup.c index 8b45c5645ad4..40fef15dbbe4 100644 --- a/builtin-setup.c +++ b/builtin-setup.c @@ -16,9 +16,6 @@ #include <sys/mman.h> #include <fcntl.h> -extern char _binary_guest_init_start; -extern char _binary_guest_init_size; - static const char *instance_name; static const char * const setup_usage[] = { @@ -124,7 +121,11 @@ static const char *guestfs_symlinks[] = { "/etc/ld.so.conf", }; -static int copy_init(const char *guestfs_name) +#ifdef CONFIG_GUEST_INIT +extern char _binary_guest_init_start; +extern char _binary_guest_init_size; + +int kvm_setup_guest_init(const char *guestfs_name) { char path[PATH_MAX]; size_t size; @@ -144,7 +145,15 @@ static int copy_init(const char *guestfs_name) close(fd); return 0; + +} +#else +int kvm_setup_guest_init(const char *guestfs_name) +{ + die("Guest init image not compiled in"); + return 0; } +#endif static int copy_passwd(const char *guestfs_name) { @@ -222,7 +231,7 @@ static int do_setup(const char *guestfs_name) make_guestfs_symlink(guestfs_name, guestfs_symlinks[i]); } - ret = copy_init(guestfs_name); + ret = kvm_setup_guest_init(guestfs_name); if (ret < 0) return ret; diff --git a/include/kvm/builtin-setup.h b/include/kvm/builtin-setup.h index 4a8d7ee39425..239bbbdce09e 100644 --- a/include/kvm/builtin-setup.h +++ b/include/kvm/builtin-setup.h @@ -7,5 +7,6 @@ int kvm_cmd_setup(int argc, const char **argv, const char *prefix); void kvm_setup_help(void) NORETURN; int kvm_setup_create_new(const char *guestfs_name); void kvm_setup_resolv(const char *guestfs_name); +int kvm_setup_guest_init(const char *guestfs_name); #endif -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
