- 16 11月, 2014 11 次提交
-
-
由 Julio Faracco 提交于
In a clean build system (Ubuntu 14.04), the viridentitytest failed to compile. Even if all the SELINUX libraries and depedencies are installed. See the error message below: [...] CC viridentitytest.o CCLD viridentitytest /usr/bin/ld: viridentitytest.o: undefined reference to symbol 'security_disable' //lib/x86_64-linux-gnu/libselinux.so.1: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status make: *** [viridentitytest] Error 1 Simply adding the variable SELINUX_LIBS in viridentitytest rules of Makefile.am to include SELINUX libraries into viridentitytest solved that compilation issue. Signed-off-by: NJulio Faracco <jcfaracco@gmail.com> Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit f2a2d0e9)
-
由 Peter Krempa 提交于
Also consider whitespace only strings returned from the hook as empty result. (cherry picked from commit 19b1ee42)
-
由 Peter Krempa 提交于
The documentation for the restore hook states that returning an empty XML is equivalent with copying the input. There was a bug in the code checking the returned string by checking the string instead of the contents. Use the new helper to check if the string is empty. (cherry picked from commit e3867799)
-
由 Peter Krempa 提交于
The helper checks whether a string contains only whitespace or is NULL. This will be helpful to skip cases where a user string is optional, but may be provided empty with the same meaning. (cherry picked from commit 0eeafeed)
-
由 Peter Krempa 提交于
Few places still used hardcoded limit for maximum XML size for commands that accept XML files. The hardcoded limits ranged from 8k to 1M. Use VSH_MAX_XML_FILE to express this limit in a unified way. This will bump the limit for the commands that used hardcoded string lengths to 10M. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1152427 (cherry picked from commit 4d1852c4)
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1141732 Introduced by commit id '8f76ad99' the logic to detach a scsi_host device (SCSI or iSCSI) fails when attempting to remove the 'drive' because as I found in my investigation - the DelDevice takes care of that for us. The investigation turned up commits to adjust the logic for the qemuMonitorDelDevice and qemuMonitorDriveDel processing for interfaces (commit id '81f76598'), disk bus=VIRTIO,SCSI,USB (commit id '0635785b'), and chr devices (commit id '55b21f9b'), but nothing with the host devices. This commit uses the model for the previous set of changes and applies it to the hostdev path. The call to qemuDomainDetachHostSCSIDevice will return to qemuDomainDetachThisHostDevice handling either the audit of the failure or the wait for the removal and then call into qemuDomainRemoveHostDevice for the event, removal from the domain hostdev list, and audit of the removal similar to other paths. NOTE: For now the 'conn' param to +qemuDomainDetachHostSCSIDevice is left as ATTRIBUTE_UNUSED. Removing requires a cascade of other changes to be left for a future patch. (cherry picked from commit d2774e54)
-
由 Martin Kletzander 提交于
Commit 4882618e added the code that requests driver cfg, but forgot to unref it. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 9661ac2f)
-
由 Guido Günther 提交于
If we don't properly clean up all processes in the machine-<vmname>.scope systemd won't remove the cgroup and subsequent vm starts fail with 'CreateMachine: File exists' Additional processes can e.g. be added via echo $PID > /sys/fs/cgroup/systemd/machine.slice/machine-${VMNAME}.scope/tasks but there are other cases like http://bugs.debian.org/761521 Invoke TerminateMachine to be on the safe side since systemd tracks the cgroup anyway. This is a noop if all processes have terminated already. (cherry picked from commit 4882618e)
-
由 Martin Kletzander 提交于
Since commit 8eb55d782a2b9afacc7938694891cc6fad7b42a5 libxml2 removes two slashes from the URI when there is no server part. This is fixed with beb7281055dbf0ed4d041022a67c6c5cfd126f25, but only if the calling application calls xmlSaveUri() on URI that xmlURIParse() parsed. And that is not the case in virURIFormat(). virURIFormat() accepts virURIPtr that can be created without parsing it and we do that when we format network storage paths for gluster for example. Even though virStorageSourceParseBackingURI() uses virURIParse(), it throws that data structure right away. Since we want to format URIs as URIs and not absolute URIs or opaque URIs (see RFC 3986), we can specify that with a special hack thanks to commit beb7281055dbf0ed4d041022a67c6c5cfd126f25, by setting port to -1. This fixes qemuxml2argvtest test where the disk-drive-network-gluster case was failing. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 8f17d0ea)
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1147057 The code for relabelling the TAP FD is there due to a race. When libvirt creates a /dev/tapN device it's labeled as 'system_u:object_r:device_t:s0' by default. Later, when udev/systemd reacts to this device, it's relabelled to the expected label 'system_u:object_r:tun_tap_device_t:s0'. Hence, we have a code that relabels the device, to cut the race down. For more info see ae368ebf. But the problem is, the relabel function is called on all TUN/TAP devices. Yes, on /dev/net/tun too. This is however a special kind of device - other processes uses it too. We shouldn't touch it's label then. Ideally, there would an API in SELinux that would label just the passed FD and not the underlying path. That way, we wouldn't need to care as we would be not labeling /dev/net/tun but the FD passed to the domain. Unfortunately, there's no such API so we have to workaround until then. Tested-by: NRichard W.M. Jones <rjones@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit ebc05263)
-
- 13 11月, 2014 1 次提交
-
-
由 Laine Stump 提交于
virNetDevLinkDump() gets a message from netlink into "resp", then calls nlmsg_parse() to fill the table "tb" with pointers into resp. It then returns tb to its caller, but not before freeing the buffer at resp. That means that all the callers of virNetDevLinkDump() are examining memory that has already been freed. This can be verified by filling the buffer at resp with garbage prior to freeing it (or, I suppose, just running libvirtd under valgrind) then performing some operation that calls virNetDevLinkDump(). The upstream commit log incorrectly states that the code has been like this ever since virNetDevLinkDump() was written. In reality, the problem was introduced with commit e95de74d, first in libvirt-1.0.5, which was attempting to eliminate a typecast that caused compiler warnings. It has only been pure luck (or maybe a lack of heavy load, and/or maybe an allocation algorithm in malloc() that delays re-use of just-freed memory) that has kept this from causing errors, for example when configuring a PCI passthrough or macvtap passthrough network interface. The solution taken in this patch is the simplest - just return resp to the caller along with tb, then have the caller free it after they are finished using the data (pointers) in tb. I alternately could have made a cleaner interface by creating a new struct that put tb and resp together along with a vir*Free() function for it, but this function is only used in a couple places, and I'm not sure there will be additional new uses of virNetDevLinkDump(), so the value of adding a new type, extra APIs, etc. is dubious. (cherry picked from commit f9f9699f)
-
- 07 11月, 2014 1 次提交
-
-
由 Eric Blake 提交于
Commit 28f8dfdc (v1.0.0) introduced a security hole: in at least the qemu implementation of virDomainGetXMLDesc, the use of the flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE prior to calling qemuDomainFormatXML. However, the use of VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write clients only. This patch treats the migratable flag as requiring the same permissions, rather than analyzing what might break if migratable xml no longer includes secret information. Fortunately, the information leak is low-risk: all that is gated by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password; but VNC passwords are already weak (FIPS forbids their use, and on a non-FIPS machine, anyone stupid enough to trust a max-8-byte password sent in plaintext over the network deserves what they get). SPICE offers better security than VNC, and all other secrets are properly protected by use of virSecret associations rather than direct output in domain XML. * src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC): Tighten rules on use of migratable flag. * src/libvirt-domain.c (virDomainGetXMLDesc): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit b1674ad5) Conflicts: src/libvirt-domain.c - file split from older src/libvirt.c Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 30 10月, 2014 3 次提交
-
-
由 Lubomir Rintel 提交于
virt-manager on Fedora sets up i686 hosts with "/usr/bin/qemu-kvm" emulator, which in turn unconditionally execs qemu-system-x86_64 querying capabilities then fails: Error launching details: invalid argument: architecture from emulator 'x86_64' doesn't match given architecture 'i686' Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/engine.py", line 748, in _show_vm_helper details = self._get_details_dialog(uri, vm.get_connkey()) File "/usr/share/virt-manager/virtManager/engine.py", line 726, in _get_details_dialog obj = vmmDetails(conn.get_vm(connkey)) File "/usr/share/virt-manager/virtManager/details.py", line 399, in __init__ self.init_details() File "/usr/share/virt-manager/virtManager/details.py", line 784, in init_details domcaps = self.vm.get_domain_capabilities() File "/usr/share/virt-manager/virtManager/domain.py", line 518, in get_domain_capabilities self.get_xmlobj().os.machine, self.get_xmlobj().type) File "/usr/lib/python2.7/site-packages/libvirt.py", line 3492, in getDomainCapabilities if ret is None: raise libvirtError ('virConnectGetDomainCapabilities() failed', conn=self) libvirtError: invalid argument: architecture from emulator 'x86_64' doesn't match given architecture 'i686' Journal: Oct 16 21:08:26 goatlord.localdomain libvirtd[1530]: invalid argument: architecture from emulator 'x86_64' doesn't match given architecture 'i686' (cherry picked from commit afe8f420)
-
由 Cole Robinson 提交于
Right now when building the qemu command line, we try to do various unconditional validations of the guest CPU against the host CPU. However this checks are overly applied. The only time we should use the checks are: - The user requests host-model/host-passthrough, or - When KVM is requsted. CPU features requested in TCG mode are always emulated by qemu and are independent of the host CPU, so no host CPU checks should be performed. Right now if trying to specify a CPU for arm on an x86 host, it attempts to do non-sensical validation and falls over. Switch all the test cases that were intending to test CPU validation to use KVM, so they continue to test the intended code. Amend some aarch64 XML tests with a CPU model, to ensure things work correctly. (cherry picked from commit cf7fce8f2fd1c930f357fd4ff93ac35f38eb30c6)
-
由 Cole Robinson 提交于
Move the CPU mode/model handling to its own function. This is just code movement and re-indentation. (cherry picked from commit e1d872dc77c80d43036f928f83f560f2e9286148)
-
- 01 10月, 2014 2 次提交
-
-
由 Daniel Veillard 提交于
* docs/news.html.in libvirt.spec.in: update for release * po/*.po*: updated localizations and regenerated
-
由 Pavel Hrdina 提交于
If you use public api virConnectListAllDomains() with second parameter set to NULL to get only the number of domains you will lock out all other operations with domains. Introduced by commit 2c680804. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 30 9月, 2014 5 次提交
-
-
由 Chris St. Pierre 提交于
This removes the artificial and unnecessary restriction that virDomainSetMaxDowntime() only be called while a migration is in progress. https://bugzilla.redhat.com/show_bug.cgi?id=1146618Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Peter Krempa 提交于
FreeBSD's compiler complains that we shadow the symbol. Sigh. s/devname/dev_name/
-
由 Peter Krempa 提交于
The current block stats code matched up the disk name with the actual stats by the order in the data returned from qemu. This unfortunately isn't right as qemu may return the disks in any order. Fix this by returning a hash of stats and index them by the disk alias.
-
由 Ján Tomko 提交于
Commit de0aeafe filtered them out from the host-model features, to allow host-model to be migratable by default. Even though they are not passed to QEMU for host-passthrough, (and not enabled by default) filter them out too so the user does not think the domain has them. https://bugzilla.redhat.com/show_bug.cgi?id=1147584
-
由 Ján Tomko 提交于
Commit fba6bc47 introduced the non-migratable invtsc feature, breaking save/migration with host-model and host-passthrough. On hosts with this feature present it was automatically included in the CPU definition, regardless of QEMU support. Commit de0aeafe stopped including it by default for host-model, but failed to fix host-passthrough. This commit ignores checking of CPU features with host-passthrough, since we don't pass them to QEMU (only -cpu host is passed), allowing domains using host-passthrough that were saved with the broken version of libvirtd to be restored. https://bugzilla.redhat.com/show_bug.cgi?id=1147584
-
- 29 9月, 2014 3 次提交
-
-
由 Ján Tomko 提交于
Introduced by commit 0dce260c. qemuDomainEventQueue was called with qemuDomainObjPrivatePtr instead of virQEMUDriverPtr. https://bugzilla.redhat.com/show_bug.cgi?id=1147494
-
由 Erik Skultety 提交于
According to our documentation logical pool supports formats 'auto' and 'lvm2'. However, in storage_conf.c we previously defined storage pool formats: unknown, lvm2. Due to backward compatibility reasons we must continue refer to pool format type 'unknown' instead of 'auto'. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1123767
-
由 Tomoki Sekiyama 提交于
Fix info in the command definition of allocpages, which is currently pointing info for 'capabilities'. Signed-off-by: NTomoki Sekiyama <tomoki.sekiyama@hds.com>
-
- 27 9月, 2014 1 次提交
-
-
由 Guido Günther 提交于
Prompted by http://bugs.debian.org/761131
-
- 26 9月, 2014 10 次提交
-
-
由 Jincheng Miao 提交于
When detected invalid 'memAccess', virCPUDefParseXML should report error. Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1146334Signed-off-by: NJincheng Miao <jmiao@redhat.com>
-
由 Ján Tomko 提交于
When virConnectDomainQemuMonitorEventRegister is called with the VIR_CONNECT_DOMAIN_QEMU_MONITOR_EVENT_REGISTER_REGEX flag, ignore the flag instead of crashing. https://bugzilla.redhat.com/show_bug.cgi?id=1144920
-
由 Daniel P. Berrange 提交于
Fix the typo in VIR_DOMAIN_TUNABLE_CPU_EMULATORIN Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
For the new VIR_DOMAIN_EVENT_ID_TUNABLE event we have a bunch of constants added VIR_DOMAIN_EVENT_CPUTUNE_<blah> VIR_DOMAIN_EVENT_BLKDEVIOTUNE_<blah> This naming convention is bad for two reasons - There is no common prefix unique for the events to both relate them, and distinguish them from other event constants - The values associated with the constants were chosen to match the names used with virConnectGetAllDomainStats so having EVENT in the constant name is not applicable in that respect This patch proposes renaming the constants to VIR_DOMAIN_TUNABLE_CPU_<blah> VIR_DOMAIN_TUNABLE_BLKDEV_<blah> ie, given them a common VIR_DOMAIN_TUNABLE prefix. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=993411 On some systems (using libtirpc instead of glibc's implementation), xdr_uint64_t exists rather under different name: xdr_u_int64_t. This makes compilation fail then: libvirt_lxc-lxc_monitor_protocol.o: In function `xdr_virLXCMonitorInitEventMsg': /usr/local/src/libvirt/libvirt-1.1.1/src/./lxc/lxc_monitor_protocol.c:31: undefined reference to `xdr_uint64_t' Therefore we rather mirror the d707c866 commit and redefine xdr_uint64_t if needed. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
On a domain startup, the variable store path is generated if needed. The path is intended to be generated only once. However, the updated domain definition is not saved into config dir rather than state XML only. So later, whenever the domain is destroyed and the daemon is restarted, the generated path is forgotten and the file may be left behind on virDomainUndefine() call. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
There's no one to free() it anyway. Instead, we can just pass the provided array pointer directly. ==20039== 48 bytes in 4 blocks are definitely lost in loss record 658 of 787 ==20039== at 0x4C2A700: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==20039== by 0x4EA661F: virAllocN (viralloc.c:191) ==20039== by 0x50386EF: remoteNodeGetFreePages (remote_driver.c:7625) ==20039== by 0x5003504: virNodeGetFreePages (libvirt.c:21379) ==20039== by 0x154625: cmdFreepages (virsh-host.c:374) ==20039== by 0x12F718: vshCommandRun (virsh.c:1935) ==20039== by 0x1339FB: main (virsh.c:3747) Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Tomoki Sekiyama 提交于
Fix comments about the version in which '.nodeAllocPages' are added. Signed-off-by: NTomoki Sekiyama <tomoki.sekiyama@hds.com>
-
由 Peter Krempa 提交于
Since 363e9a68 we track backing chain metadata when creating snapshots the right way even for the inactive configuration. As we did not yet update other code paths that modify the backing chain (blockpull) the newDef backing chain gets out of sync. After stopping of a VM the new definition gets copied to the next start one. The new VM then has incorrect backing chain info. This patch switches the backing chain detector to always purge the existing backing chain and forces re-detection to avoid this issue until we'll have full backing chain tracking support. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1144922
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 25 9月, 2014 3 次提交
-
-
由 Michal Privoznik 提交于
Due to a missing check the API can be successfully called even if the connection is ReadOnly. Fortunately, the API hasn't been released yet, so there's no need for a CVE. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Dmitry Guryanov 提交于
Add files parallels_sdk.c and parallels_sdk.h for code which works with SDK, so libvirt's code will not mix with dealing with parallels SDK. To use Parallels SDK you must first call PrlApi_InitEx function, and then you will be able to connect to a server with PrlSrv_LoginLocalEx function. When you've done you must call PrlApi_Deinit. So let's call PrlApi_InitEx on first .connectOpen, count number of connections and deinitialize, when this counter becomes zero. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Dmitry Guryanov 提交于
Executing prlctl command is not an optimal way to interact with Parallels Cloud Server (PCS), it's better to use parallels SDK, which is a remote API to paralles dispatcher service. We prepared opensource version of this SDK and published it on github, it's distributed under LGPL license. Here is a git repo: https://github.com/Parallels/parallels-sdk. To build with parallels SDK user should get compiler and linker options from pkg-config 'parallels-sdk' file. So fix checks in configure script and build with parallels SDK, if that pkg-config file exists and add gcc options to makefile. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-