1#!/usr/bin/env python3 2# group: migration 3# 4# Copyright (C) 2021 Red Hat, Inc. 5# 6# This program is free software; you can redistribute it and/or modify 7# it under the terms of the GNU General Public License as published by 8# the Free Software Foundation; either version 2 of the License, or 9# (at your option) any later version. 10# 11# This program is distributed in the hope that it will be useful, 12# but WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14# GNU General Public License for more details. 15# 16# You should have received a copy of the GNU General Public License 17# along with this program. If not, see <http://www.gnu.org/licenses/>. 18# 19 20import os 21from subprocess import CalledProcessError 22 23import iotests 24from iotests import imgfmt, qemu_img_create, qemu_io 25 26 27test_img = os.path.join(iotests.test_dir, 'test.img') 28mig_sock = os.path.join(iotests.sock_dir, 'mig.sock') 29 30 31class TestMigrationPermissions(iotests.QMPTestCase): 32 def setUp(self): 33 qemu_img_create('-f', imgfmt, test_img, '1M') 34 35 # Set up two VMs (source and destination) accessing the same raw 36 # image file with a virtio-blk device; prepare the destination for 37 # migration with .add_incoming() and enable migration events 38 vms = [None, None] 39 for i in range(2): 40 vms[i] = iotests.VM(path_suffix=f'{i}') 41 vms[i].add_blockdev(f'file,node-name=prot,filename={test_img}') 42 vms[i].add_blockdev(f'{imgfmt},node-name=fmt,file=prot') 43 vms[i].add_device('virtio-blk,drive=fmt') 44 45 if i == 1: 46 vms[i].add_incoming(f'unix:{mig_sock}') 47 48 vms[i].launch() 49 50 result = vms[i].qmp('migrate-set-capabilities', 51 capabilities=[ 52 {'capability': 'events', 'state': True} 53 ]) 54 self.assert_qmp(result, 'return', {}) 55 56 self.vm_s = vms[0] 57 self.vm_d = vms[1] 58 59 def tearDown(self): 60 self.vm_s.shutdown() 61 self.vm_d.shutdown() 62 try: 63 os.remove(mig_sock) 64 except FileNotFoundError: 65 pass 66 os.remove(test_img) 67 68 # Migrate an image in use by a virtio-blk device to another VM and 69 # verify that the WRITE permission is unshared both before and after 70 # migration 71 def test_post_migration_permissions(self): 72 # Try to access the image R/W, which should fail because virtio-blk 73 # has not been configured with share-rw=on 74 emsg = ('ERROR (pre-migration): qemu-io should not be able to ' 75 'access this image, but it reported no error') 76 with self.assertRaises(CalledProcessError, msg=emsg) as ctx: 77 qemu_io('-f', imgfmt, '-c', 'quit', test_img) 78 if 'Is another process using the image' not in ctx.exception.stdout: 79 raise ctx.exception 80 81 # Now migrate the VM 82 self.vm_s.qmp('migrate', uri=f'unix:{mig_sock}') 83 assert self.vm_s.wait_migration(None) 84 assert self.vm_d.wait_migration(None) 85 86 # Try the same qemu-io access again, verifying that the WRITE 87 # permission remains unshared 88 emsg = ('ERROR (post-migration): qemu-io should not be able to ' 89 'access this image, but it reported no error') 90 with self.assertRaises(CalledProcessError, msg=emsg) as ctx: 91 qemu_io('-f', imgfmt, '-c', 'quit', test_img) 92 if 'Is another process using the image' not in ctx.exception.stdout: 93 raise ctx.exception 94 95 96if __name__ == '__main__': 97 # Only works with raw images because we are testing the 98 # BlockBackend permissions; image format drivers may additionally 99 # unshare permissions and thus tamper with the result 100 iotests.main(supported_fmts=['raw'], 101 supported_protocols=['file']) 102