1. 27 2月, 2014 1 次提交
    • E
      build: ignore cygwin toolchain droppings · 028dd2b8
      Eric Blake 提交于
      The cygwin compiler automatically creates a '*.exe.manifest'
      companion file for any .exe file that contains a substring
      that would otherwise cause newer Windows to pester users about
      needing admin rights (such as "update", "instal", "setup"...).
      This means that compilation on cygwin left behind
      tests/networkxml2xmlupdatetest.exe.manifest.
      
      * .gitignore: Ignore manifest files.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      028dd2b8
  2. 20 2月, 2014 1 次提交
  3. 13 2月, 2014 1 次提交
    • C
      LXC driver: started implementing connectDomainXMLFromNative · 7195c807
      Cédric Bosdonnat 提交于
      This function aims at converting LXC configuration into a libvirt
      domain XML description to help users migrate from LXC to libvirt.
      
      Here is an example of how the lxc configuration works:
      virsh -c lxc:/// domxml-from-native lxc-tools /var/lib/lxc/migrate_test/config
      
      It is possible that some parts couldn't be properly mapped into a
      domain XML fragment, so users should carefully review the result
      before creating the domain.
      
      fstab files in lxc.mount lines will need to be merged into the
      configuration file as lxc.mount.entry.
      
      As we can't know the amount of memory of the host, we have to set a
      default value for max_balloon that users will probably want to adjust.
      7195c807
  4. 11 2月, 2014 1 次提交
  5. 04 2月, 2014 1 次提交
  6. 30 1月, 2014 1 次提交
  7. 21 1月, 2014 1 次提交
    • Y
      Introduce Libvirt Wireshark dissector · 4f32c5f7
      Yuto KAWAMURA(kawamuray) 提交于
      Introduce Wireshark dissector plugin which adds support to Wireshark
      for dissecting libvirt RPC protocol.
      Added following files to build Wireshark dissector from libvirt source
      tree.
      * tools/wireshark/*: Source tree of Wireshark dissector plugin.
      
      Added followings to configure.ac or Makefile.am.
      configure.ac
      * --with-wireshark-dissector: Enable support for building Wireshark
        dissector.
      * --with-ws-plugindir: Specify wireshark plugin directory that dissector
        will installed.
      * Added tools/wireshark/{Makefile,src/Makefile} to  AC_CONFIG_FILES.
      Makefile.am
      * Added tools/wireshark/ to SUBDIR.
      4f32c5f7
  8. 15 1月, 2014 1 次提交
  9. 25 12月, 2013 1 次提交
  10. 14 12月, 2013 1 次提交
  11. 10 12月, 2013 1 次提交
  12. 05 12月, 2013 1 次提交
    • P
      examples: Remove broken bad example · 5eb4b042
      Peter Krempa 提交于
      The domsuspend example code is a really old and bad exmample of (how not
      to use) the libvirt API. Remove it as it's apparent that nobody tried to
      use it. It was broken and nobody complained.
      5eb4b042
  13. 28 11月, 2013 1 次提交
  14. 26 11月, 2013 1 次提交
  15. 04 11月, 2013 1 次提交
  16. 23 10月, 2013 1 次提交
  17. 14 10月, 2013 1 次提交
    • D
      Fix flaw in detecting log format · 5787f0b9
      Daniel P. Berrange 提交于
      The log message regex has been
      
      [0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug|info|warning|error :
      
      The precedence of '|' is high though, so this is equivalent to matching
      
         [0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug
      
      Or
      
         info
      
      Or
      
         warning
      
      Or
      
         error :
      
      Which is clearly not what it should have done. This caused the code to
      skip over things which are not log messages. The solution is to simply
      add brackets.
      
      A test case is also added to validate correctness.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      5787f0b9
  18. 01 10月, 2013 1 次提交
    • M
      tests: Introduce qemucapabilitiestest · 63857eb4
      Michal Privoznik 提交于
      This test is there to ensure that our capabilities detection code isn't
      broken somehow.
      
      How to gather test data:
      
      Firstly, the data is split into two separate files. The former (with
      suffix .replies) contains all the qemu replies. This is very fragile as
      introducing a new device can mean yet another monitor command and hence
      edit of this file in the future. But there's no better way of doing
      this. To get this data simply turn on debug logs and copy all the
      QEMU_MONITOR_IO_PROCESS lines. But be careful to not copy incomplete
      ones (yeah, we report some incomplete lines too). Long story short, at
      the libvirtd startup, a dummy qemu is spawn to get all the capabilities.
      
      The latter (with suffix .caps) contains capabilities XML. Just start a
      domain and copy the corresponding part from its state XML file.
      Including <qemuCaps> tag.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      63857eb4
  19. 20 9月, 2013 1 次提交
  20. 18 9月, 2013 1 次提交
  21. 10 9月, 2013 1 次提交
    • E
      build: use automake subdir-objects · 7f626e47
      Eric Blake 提交于
      Automake 2.0 will enable subdir-objects by default; in preparation
      for that change, automake 1.14 outputs LOADS of warnings:
      
      daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
      daemon/Makefile.am:38: but option 'subdir-objects' is disabled
      automake-1.14: warning: possible forward-incompatibility.
      automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
      automake-1.14: automake option hasn't been enabled.  For now, the corresponding output
      automake-1.14: object file(s) will be placed in the top-level directory.  However,
      automake-1.14: this behaviour will change in future Automake versions: they will
      automake-1.14: unconditionally cause object files to be placed in the same subdirectory
      automake-1.14: of the corresponding sources.
      automake-1.14: You are advised to start using 'subdir-objects' option throughout your
      automake-1.14: project, to avoid future incompatibilities.
      daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
      daemon/Makefile.am:38: but option 'subdir-objects' is disabled
      ...
      
      As automake 1.9 also supported this option, and the previous patches
      fixed up the code base to work with it, it is safe to now turn it on
      unconditionally.
      
      * configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
      * .gitignore: Ignore .dirstamp directories.
      * src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
      new subdir-object location of .lo files.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      7f626e47
  22. 10 8月, 2013 1 次提交
    • D
      Add documentation for access control system · da13f2c7
      Daniel P. Berrange 提交于
      This adds two new pages to the website, acl.html describing
      the general access control framework and permissions models,
      and aclpolkit.html describing the use of polkit as an
      access control driver.
      
      page.xsl is modified to support a new syntax
      
        <div id="include" filename="somefile.htmlinc"/>
      
      which will cause the XSL transform to replace that <div>
      with the contents of 'somefile.htmlinc'. We use this in
      the acl.html.in file, to pull the table of permissions
      for each libvirt object. This table is autogenerated
      from the enums in src/access/viraccessperms.h by the
      genaclperms.pl script.
      
      newapi.xsl is modified so that the list of permissions
      checks shown against each API will link to the description
      of the permissions in acl.html
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      da13f2c7
  23. 09 8月, 2013 2 次提交
  24. 08 8月, 2013 2 次提交
    • D
      Introduce a virt-login-shell binary · 54d69f54
      Dan Walsh 提交于
      Add a virt-login-shell binary that can be set as a user's
      shell, such that when they login, it causes them to enter
      the LXC container with a name matching their user name.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      54d69f54
    • D
      Add info about access control checks into API reference · 664ab280
      Daniel P. Berrange 提交于
      So that app developers / admins know what access control checks
      are performed for each API, this patch extends the API docs
      generator to include details of the ACLs for each.
      
      The gendispatch.pl script is extended so that it generates
      a simple XML describing ACL rules, eg.
      
        <aclinfo>
          ...
          <api name='virConnectNumOfDomains'>
            <check object='connect' perm='search_domains'/>
            <filter object='domain' perm='getattr'/>
          </api>
          <api name='virDomainAttachDeviceFlags'>
            <check object='domain' perm='write'/>
            <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/>
            <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/>
          </api>
          ...
        </aclinfo>
      
      The newapi.xsl template loads the XML files containing the ACL
      rules and generates a short block of HTML for each API describing
      the parameter checks and return value filters (if any).
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      664ab280
  25. 31 7月, 2013 1 次提交
  26. 22 7月, 2013 2 次提交
    • D
      Add API for calling systemd-machined's DBus API · dff93f8c
      Daniel P. Berrange 提交于
      To register virtual machines and containers with systemd-machined,
      and thus have cgroups auto-created, we need to talk over DBus.
      This is somewhat tedious code, so introduce a dedicated function
      to isolate the DBus call in one place.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      dff93f8c
    • D
      Introduce virDBusCallMethod & virDBusMessageRead methods · 834c9c94
      Daniel P. Berrange 提交于
      Doing DBus method calls using libdbus.so is tedious in the
      extreme. systemd developers came up with a nice high level
      API for DBus method calls (sd_bus_call_method). While
      systemd doesn't use libdbus.so, their API design can easily
      be ported to libdbus.so.
      
      This patch thus introduces methods virDBusCallMethod &
      virDBusMessageRead, which are based on the code used for
      sd_bus_call_method and sd_bus_message_read. This code in
      systemd is under the LGPLv2+, so we're license compatible.
      
      This code is probably pretty unintelligible unless you are
      familiar with the DBus type system. So I added some API
      docs trying to explain how to use them, as well as test
      cases to validate that I didn't screw up the adaptation
      from the original systemd code.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      834c9c94
  27. 25 6月, 2013 1 次提交
  28. 24 6月, 2013 2 次提交
    • D
      Auto-generate helpers for checking access control rules · 68602622
      Daniel P. Berrange 提交于
      Extend the 'gendispatch.pl' script to be able to generate
      three new types of file.
      
      - 'aclheader' - defines signatures of helper APIs for
        doing authorization checks. There is one helper API
        for each API requiring an auth check. Any @acl
        annotations result in a method being generated with
        a suffix of 'EnsureACL'. If the ACL check requires
        examination of flags, an extra 'flags' param will be
        present. Some examples
      
        extern int virConnectBaselineCPUEnsureACL(void);
        extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
        extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
      
        Any @aclfilter annotations resuilt in a method being
        generated with a suffix of 'CheckACL'.
      
        extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
      
        These are used for filtering individual objects from APIs
        which return a list of objects
      
      - 'aclbody' - defines the actual implementation of the
        methods described above. This calls into the access
        manager APIs. A complex example:
      
          /* Returns: -1 on error (denied==error), 0 on allowed */
          int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
                                                  virDomainDefPtr domain,
                                                  unsigned int flags)
          {
              virAccessManagerPtr mgr;
              int rv;
      
              if (!(mgr = virAccessManagerGetDefault()))
                  return -1;
      
              if ((rv = virAccessManagerCheckDomain(mgr,
                                                    conn->driver->name,
                                                    domain,
                                                    VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
                  virObjectUnref(mgr);
                  if (rv == 0)
                      virReportError(VIR_ERR_ACCESS_DENIED, NULL);
                  return -1;
              }
              if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
                  (rv = virAccessManagerCheckDomain(mgr,
                                                    conn->driver->name,
                                                    domain,
                                                    VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
                  virObjectUnref(mgr);
                  if (rv == 0)
                      virReportError(VIR_ERR_ACCESS_DENIED, NULL);
                  return -1;
              }
              if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
                  (rv = virAccessManagerCheckDomain(mgr,
                                                    conn->driver->name,
                                                    domain,
                                                    VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
                  virObjectUnref(mgr);
                  if (rv == 0)
                      virReportError(VIR_ERR_ACCESS_DENIED, NULL);
                  return -1;
              }
              virObjectUnref(mgr);
              return 0;
          }
      
      - 'aclsyms' - generates a linker script to export the
         APIs to drivers. Some examples
      
        virConnectBaselineCPUEnsureACL;
        virConnectCompareCPUEnsureACL;
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      68602622
    • D
      Add a policy kit access control driver · b904bba7
      Daniel P. Berrange 提交于
      Add an access control driver that uses the pkcheck command
      to check authorization requests. This is fairly inefficient,
      particularly for cases where an API returns a list of objects
      and needs to check permission for each object.
      
      It would be desirable to use the polkit API but this links
      to glib with abort-on-OOM behaviour, so can't be used. The
      other alternative is to speak to dbus directly
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      b904bba7
  29. 21 5月, 2013 1 次提交
    • E
      maint: follow recommended practice for using LGPL · de483052
      Eric Blake 提交于
      https://www.gnu.org/licenses/gpl-howto.html states:
      
      You should also include a copy of the license itself somewhere in the
      distribution of your program. All programs, whether they are released
      under the GPL or LGPL, should include the text version of the GPL. In
      GNU programs the license is usually in a file called COPYING.
      
      If you are releasing your program under the LGPL, you should also
      include the text version of the LGPL, usually in a file called
      COPYING.LESSER. Please note that, since the LGPL is a set of
      additional permissions on top of the GPL, it's important to include
      both licenses so users have all the materials they need to understand
      their rights.
      
      * configure.ac (COPYING): No more games with non-git file.
      * COPYING: New file, copied from gnulib.
      * COPYING.LIB: Rename...
      * COPYING.LESSER: ...to this.
      * .gitignore: Track licenses in git.
      * cfg.mk (exclude_file_name_regexp--sc_copyright_address): Tweak
      rule.
      * libvirt.spec.in (daemon, client, python): Reflect rename.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      de483052
  30. 13 5月, 2013 1 次提交
  31. 11 5月, 2013 1 次提交
  32. 16 4月, 2013 1 次提交
    • D
      Add a test suite for cgroups functionality · d1452470
      Daniel P. Berrange 提交于
      Some aspects of the cgroups setup / detection code are quite subtle
      and easy to break. It would greatly benefit from unit testing, but
      this is difficult because the test suite won't have privileges to
      play around with cgroups. The solution is to use monkey patching
      via LD_PRELOAD to override the fopen, open, mkdir, access functions
      to redirect access of cgroups files to some magic stubs in the
      test suite.
      
      Using this we provide custom content for the /proc/cgroup and
      /proc/self/mounts files which report a fixed cgroup setup. We
      then override open/mkdir/access so that access to the cgroups
      filesystem gets redirected into files in a temporary directory
      tree in the test suite build dir.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      d1452470
  33. 08 4月, 2013 1 次提交
  34. 20 3月, 2013 1 次提交
  35. 19 3月, 2013 1 次提交
  36. 18 2月, 2013 1 次提交