Provide a simple C example demonstrating the use of both query APIs as
well as setter APIs.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Finally, now that all APIs have been introduced, wire them up to virt-admin
and introduce daemon-log-outputs and daemon-log-filters commands.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Enable libvirt users to modify logging filters of a daemon from outside.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Enable libvirt users to modify daemon's logging output settings from outside.
If either an empty string or NULL is passed, a default logging output will be
used the same way as it would be in case writing an empty string to the
libvirtd.conf
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Enable libvirt users to query logging filter settings.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Enable libvirt users to query logging output settings.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Now that virLog{Get,Set}DefaultOutput routines are introduced we can wire them
up to the daemon's logging initialization code. Also, change the order of
operations a bit so that we still strictly honor our precedence of settings:
cmdline > env > config now that outputs and filters are not appended anymore.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

Along with an empty string, it should also be possible for users to pass
NULL to the public APIs which in turn would trigger a routine(future
work) responsible for defining an appropriate default logging output
given the current circumstances.
Signed-off-by: NErik Skultety <eskultet@redhat.com>

These helpers will manage the log destination defaults (fetch/set). The reason
for this is to stay consistent with the current daemon's behaviour with respect
to /etc/libvirt/<daemon>.conf file, since both assignment of an empty string
or not setting the log output variable at all trigger the daemon's decision on
the default log destination which depends on whether the daemon runs daemonized
or not.
This patch also changes the logic of the selection of the default
logging output compared to how it is done now. The main difference though is
that we should only really care if we're running daemonized or not, disregarding
the fact of (not) having a TTY completely (introduced by commit eba36a38) as
that should be of the libvirtd's parent concern (what FD it will pass to it).

 Before:
 if (godaemon || !hasTTY):
     if (journald):
         use journald

 if (godaemon):
     if (privileged):
         use SYSCONFIG/libvirtd.log
     else:
         use XDG_CONFIG_HOME/libvirtd.log
 else:
     use stderr

 After:
 if (godaemon):
     if (journald):
         use journald

     else:
         if (privileged):
             use SYSCONFIG/libvirtd.log
         else:
             use XDG_CONFIG_HOME/libvirtd.log
 else:
     use stderr
Signed-off-by: NErik Skultety <eskultet@redhat.com>

External disk-only snapshots with recent enough qemu don't require
libvirt to pause the VM. The logic determining when to resume cpus was
slightly flawed and attempted to resume them even if they were not
paused by the snapshot code. This normally was not a problem, but with
locking enabled the code would attempt to acquire the lock twice.

The fallout of this bug would be a error from the API, but the actual
snapshot being created. The bug was introduced with when adding support
for external snapshots with memory (checkpoints) in commit f569b87f.

Resolves problems described by:
https://bugzilla.redhat.com/show_bug.cgi?id=1403691

After qemu delivers the resume event it's already running and thus it's
too late to enter lockspaces since it may already have modified the
disk. The code only creates false log entries in the case when locking
is enabled. The lockspace needs to be acquired prior to starting cpus.

https://bugzilla.redhat.com/show_bug.cgi?id=1404952Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Given how intrusive previous patches are, it might happen that
there's a bug or imperfection. Lets give users a way out: if they
set 'namespaces' to an empty array in qemu.conf the feature is
suppressed.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When attaching a device to a domain that's using separate mount
namespace we must maintain /dev entries in order for qemu process
to see them.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When attaching a device to a domain that's using separate mount
namespace we must maintain /dev entries in order for qemu process
to see them.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When attaching a device to a domain that's using separate mount
namespace we must maintain /dev entries in order for qemu process
to see them.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When attaching a device to a domain that's using separate mount
namespace we must maintain /dev entries in order for qemu process
to see them.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Instead of trying to fix our security drivers, we can use a
simple trick to relabel paths in both namespace and the host.
I mean, if we enter the namespace some paths are still shared
with the host so any change done to them is visible from the host
too.
Therefore, we can just enter the namespace and call
SetAllLabel()/RestoreAllLabel() from there. Yes, it has slight
overhead because we have to fork in order to enter the namespace.
But on the other hand, no complexity is added to our code.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

When starting a domain and separate mount namespace is used, we
have to create all the /dev entries that are configured for the
domain.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Prime time. When it comes to spawning qemu process and
relabelling all the devices it's going to touch, there's inherent
race with other applications in the system (e.g. udev). Instead
of trying convincing udev to not touch libvirt managed devices,
we can create a separate mount namespace for the qemu, and mount
our own /dev there. Of course this puts more work onto us as we
have to maintain /dev files on each domain start and device
hot(un-)plug. On the other hand, this enhances security also.

From technical POV, on domain startup process the parent
(libvirtd) creates:

  /var/lib/libvirt/qemu/$domain.dev
  /var/lib/libvirt/qemu/$domain.devpts

The child (which is going to be qemu eventually) calls unshare()
to create new mount namespace. From now on anything that child
does is invisible to the parent. Child then mounts tmpfs on
$domain.dev (so that it still sees original /dev from the host)
and creates some devices (as explained in one of the previous
patches). The devices have to be created exactly as they are in
the host (including perms, seclabels, ACLs, ...). After that it
moves $domain.dev mount to /dev.

What's the $domain.devpts mount there for then you ask? QEMU can
create PTYs for some chardevs. And historically we exposed the
host ends in our domain XML allowing users to connect to them.
Therefore we must preserve devpts mount to be shared with the
host's one.

To make this patch as small as possible, creating of devices
configured for domain in question is implemented in next patches.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

This is a list of devices that qemu needs for its run (apart from
what's configured for domain). The devices on the list are
enabled in the CGroups by default so they will be good candidates
for initial /dev for new qemu.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

We will need this function in near future so that we know what
/dev device corresponds to the SCSI device.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

We will need this function in near future so that we know what
/dev device corresponds to the SCSI device.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

We will need this function in near future so that we know what
/dev device corresponds to the USB device.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and
virFileCopyACLs. These functions are going to be required when we
are creating /dev for qemu. We have copy anything that's in
host's /dev exactly as is. Including ACLs.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

This part of code that LXC currently uses will be reused so move
to a generic function.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

This part of code that LXC currently uses will be reused so move
to a generic function.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

libvirt libxl picks its own default with respect to the default NIC
to use. libxlMakeNic is the one responsible for this and on boot it
picks LIBXL_NIC_TYPE_VIF_IOEMU for HVM domains such that it accomodates
both PV and emulated one. The good behaving guest at boot will then
select the pv and unplug the emulated device.

Now, on HVM when attaching an interface it will pick the same default
that is LIBXL_NIC_TYPE_VIF_IOEMU which as a result will fail the attach
(see xen commit 32e9d0f ("libxl: nic type defaults to vif in hotplug for
hvm guest"). Xen doesn't yet support the hotplug of emulated devices,
but we don't want to rule out that case either, which might get support
in the future. Hence we simply reverse the defaults when we are
attaching the interface which allows libvirt to prefer the PV nic first
without adding "model='netfront'" following the same pattern as above
commit. Also to avoid ruling out the emulated one we set to
LIBXL_NIC_TYPE_IOEMU when setting a model type that is not 'netfront'.
Signed-off-by: NJoao Martins <joao.m.martins@oracle.com>
Signed-off-by: NJim Fehlig <jfehlig@suse.com>

If libxl has QED disk format support, then pass the feature
over to the user.

Without a default: case in the switches in xenParseXLDisk(), build
would fail with every new disk backend or image format added in libxl,
as this is the case in this error:

http://logs.test-lab.xenproject.org/osstest/logs/103325/build-amd64-libvirt/5.ts-libvirt-build.log

The virDomainSendProcessSignal method says the flags values
come from virDomainProcessSignalFlag, but this enum has
never existed. No flags are needed for this method.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Almost none of our virJSONValue*Get* functions accept const virJSONValue
pointers and it wouldn't even make sense since we sometimes modify what
we get. And because there is no reason for preventing callers of
virJSONValueObjectForeachKeyValue from modifying the values they get in
each iteration we can just stop doing it.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

Using a variable named 'stat' clashes with the system function
'stat()' causing compiler warnings on some platforms

cc1: warnings being treated as errors
../../src/qemu/qemu_monitor_text.c: In function 'parseMemoryStat':
../../src/qemu/qemu_monitor_text.c:604: error: declaration of 'stat' shadows a global declaration [-Wshadow]
/usr/include/sys/stat.h:455: error: shadowed declaration is here [-Wshadow]
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This revealed bugs in RNG schema for /network/dns/srv.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>