/** * virRandomInt: * @max: upper limit * * Generate an evenly distributed random integer between [0, @max) * * Return: a random number between [0,@max) */ uint32_t virRandomInt(uint32_t max) { if ((max & (max - 1)) == 0) return virRandomBits(ffs(max) - 1); double val = virRandom(); return val * max; }
static int virStorageBackendCreateIfaceIQN(const char *initiatoriqn, char **ifacename) { int ret = -1, exitstatus = -1; char temp_ifacename[32]; const char *const cmdargv1[] = { ISCSIADM, "--mode", "iface", "--interface", temp_ifacename, "--op", "new", NULL }; const char *const cmdargv2[] = { ISCSIADM, "--mode", "iface", "--interface", temp_ifacename, "--op", "update", "--name", "iface.initiatorname", "--value", initiatoriqn, NULL }; if (virRandomInitialize(time(NULL) ^ getpid()) == -1) { virStorageReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to initialize random generator " "when creating iscsi interface")); goto out; } snprintf(temp_ifacename, sizeof(temp_ifacename), "libvirt-iface-%08x", virRandom(1024 * 1024 * 1024)); VIR_DEBUG("Attempting to create interface '%s' with IQN '%s'", &temp_ifacename[0], initiatoriqn); /* Note that we ignore the exitstatus. Older versions of iscsiadm * tools returned an exit status of > 0, even if they succeeded. * We will just rely on whether the interface got created * properly. */ if (virRun(cmdargv1, &exitstatus) < 0) { virStorageReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to run command '%s' to create new iscsi interface"), cmdargv1[0]); goto out; } /* Note that we ignore the exitstatus. Older versions of iscsiadm tools * returned an exit status of > 0, even if they succeeded. We will just * rely on whether iface file got updated properly. */ if (virRun(cmdargv2, &exitstatus) < 0) { virStorageReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to run command '%s' to update iscsi interface with IQN '%s'"), cmdargv2[0], initiatoriqn); goto out; } /* Check again to make sure the interface was created. */ if (virStorageBackendIQNFound(initiatoriqn, ifacename) != IQN_FOUND) { VIR_DEBUG("Failed to find interface '%s' with IQN '%s' " "after attempting to create it", &temp_ifacename[0], initiatoriqn); goto out; } else { VIR_DEBUG("Interface '%s' with IQN '%s' was created successfully", *ifacename, initiatoriqn); } ret = 0; out: if (ret != 0) VIR_FREE(*ifacename); return ret; }
static int SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virDomainObjPtr vm) { int rc = -1; char *mcs = NULL; char *scontext = NULL; int c1 = 0; int c2 = 0; context_t ctx = NULL; if ((vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) && !vm->def->seclabel.baselabel && vm->def->seclabel.model) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("security model already defined for VM")); return rc; } if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && vm->def->seclabel.label) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("security label already defined for VM")); return rc; } if (vm->def->seclabel.imagelabel) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("security image label already defined for VM")); return rc; } if (vm->def->seclabel.model && STRNEQ(vm->def->seclabel.model, SECURITY_SELINUX_NAME)) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("security label model %s is not supported with selinux"), vm->def->seclabel.model); return rc; } if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) { if (!(ctx = context_new(vm->def->seclabel.label)) ) { virReportSystemError(errno, _("unable to allocate socket security context '%s'"), vm->def->seclabel.label); return rc; } const char *range = context_range_get(ctx); if (!range || !(mcs = strdup(range))) { virReportOOMError(); goto cleanup; } } else { do { c1 = virRandom(1024); c2 = virRandom(1024); if ( c1 == c2 ) { if (virAsprintf(&mcs, "s0:c%d", c1) < 0) { virReportOOMError(); goto cleanup; } } else { if (c1 > c2) { c1 ^= c2; c2 ^= c1; c1 ^= c2; } if (virAsprintf(&mcs, "s0:c%d,c%d", c1, c2) < 0) { virReportOOMError(); goto cleanup; } } } while (mcsAdd(mcs) == -1); vm->def->seclabel.label = SELinuxGenNewContext(vm->def->seclabel.baselabel ? vm->def->seclabel.baselabel : default_domain_context, mcs); if (! vm->def->seclabel.label) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("cannot generate selinux context for %s"), mcs); goto cleanup; } } vm->def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs); if (!vm->def->seclabel.imagelabel) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("cannot generate selinux context for %s"), mcs); goto cleanup; } if (!vm->def->seclabel.model && !(vm->def->seclabel.model = strdup(SECURITY_SELINUX_NAME))) { virReportOOMError(); goto cleanup; } rc = 0; cleanup: if (rc != 0) { if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) VIR_FREE(vm->def->seclabel.label); VIR_FREE(vm->def->seclabel.imagelabel); if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && !vm->def->seclabel.baselabel) VIR_FREE(vm->def->seclabel.model); } if (ctx) context_free(ctx); VIR_FREE(scontext); VIR_FREE(mcs); VIR_DEBUG("model=%s label=%s imagelabel=%s baselabel=%s", NULLSTR(vm->def->seclabel.model), NULLSTR(vm->def->seclabel.label), NULLSTR(vm->def->seclabel.imagelabel), NULLSTR(vm->def->seclabel.baselabel)); return rc; }