1. 03 10月, 2012 2 次提交
    • M
      doc: update description about security labels on formatdomain.html · 0d0a7cdc
      Marcelo Cerri 提交于
      This patch adds a brief description about labels for each security
      driver.
      0d0a7cdc
    • M
      security: also parse user/group names instead of just IDs for DAC labels · 60469dd1
      Marcelo Cerri 提交于
      The DAC driver is missing parsing of group and user names for DAC labels
      and currently just parses uid and gid. This patch extends it to support
      names, so the following security label definition is now valid:
      
        <seclabel type='static' model='dac' relabel='yes'>
            <label>qemu:qemu</label>
            <imagelabel>qemu:qemu</imagelabel>
        </seclabel>
      
      When it tries to parse an owner or a group, it first tries to resolve it as
      a name, if it fails or it's an invalid user/group name then it tries to
      parse it as an UID or GID. A leading '+' can also be used for both owner and
      group to force it to be parsed as IDs, so the following example is also
      valid:
      
        <seclabel type='static' model='dac' relabel='yes'>
            <label>+101:+101</label>
            <imagelabel>+101:+101</imagelabel>
        </seclabel>
      
      This ensures that UID 101 and GUI 101 will be used instead of an user or
      group named "101".
      60469dd1
  2. 02 10月, 2012 8 次提交
    • E
      build: avoid -Wno-format on new-enough gcc · 814a8dea
      Eric Blake 提交于
      Commit c579d6b3 added a sledgehammer to silence spurious warnings from
      gcc 4.2, but in the process, it also silenced useful warnings from
      gcc 4.3 through 4.5.  As a result, a bug slipped in to commit 0caccb58.
      
      Tested with FreeBSD (gcc 4.2.1), RHEL 6.3 (gcc 4.4), and F17 (gcc 4.7.2),
      where the former didn't trip on spurious warnings, and where the latter
      two detected a revert of 2b804cfa.
      
      * m4/virt-compile-warnings.m4 (-Wno-format): Probe for the actual
      spurious message, to once again allow gcc 4.4 to use -Wformat.
      814a8dea
    • E
      build: fix typo in debug message · 2b804cfa
      Eric Blake 提交于
      Introduced in commit 0caccb58.
      
        CC     libvirt_driver_qemu_impl_la-qemu_capabilities.lo
      ../../src/qemu/qemu_capabilities.c: In function 'qemuCapsInitQMP':
      ../../src/qemu/qemu_capabilities.c:2327:13: error: format '%d' expects argument of type 'int', but argument 8 has type 'const char *' [-Werror=format]
      
      * src/qemu/qemu_capabilities.c (qemuCapsInitQMP): Use correct format.
      2b804cfa
    • J
      qemu: Kill processes used for QMP caps probing · 0caccb58
      Jiri Denemark 提交于
      Since libvirt switched to QMP capabilities probing recently, it starts
      QEMU process used for this probing with -daemonize, which means
      virCommandAbort can no longer reach these processes. As a result of
      that, restarting libvirtd will leave several new QEMU processes behind.
      Let's use QEMU's -pidfile and use it to kill the process when QMP caps
      probing is done.
      0caccb58
    • P
      qemu: Use proper agent entering function when freezing filesystems · e0316b5e
      Peter Krempa 提交于
      When doing snapshots, the filesystem freeze function used the agent
      entering function that expects the qemud_driver unlocked. This might
      cause a deadlock of the qemu driver if the agent does not respond.
      
      The only call path of this function has the qemud_driver locked, so this
      patch changes the entering functions to those expecting the driver
      locked.
      e0316b5e
    • M
      lxc: Correctly report active cgroups · 0dddd680
      Michal Privoznik 提交于
      There was an inverted return value in lxcCgroupControllerActive().
      The function assumes cgroups are active and do couple of checks
      to prove that. If any of them fails, false is returned. Therefore,
      at the end, after all checks are done we must return true, not false.
      0dddd680
    • E
      build: avoid journald on rhel 5 · cd1e8d1c
      Eric Blake 提交于
      Commit f6430390 broke builds on RHEL 5, where glibc (2.5) is too
      old to support mkostemp (2.7) or htole64 (2.9).  While gnulib
      has mkostemp, it still lacks htole64; and it's not worth dragging
      in replacements on systems where journald is unlikely to exist
      in the first place, so we just use an extra configure-time check
      as our witness of whether to attempt compiling the code.
      
      * src/util/logging.c (virLogParseOutputs): Don't attempt to
      compile journald on older glibc.
      * configure.ac (AC_CHECK_DECLS): Check for htole64.
      cd1e8d1c
    • E
      build: fix bitmap conversion when !CPU_ALLOC · 9038ac65
      Eric Blake 提交于
      Commit f1a43a8e missed one side of an #if/#else.
      
      * src/util/processinfo.c (virProcessInfoGetAffinity): Use correct
      bitmap operation.
      9038ac65
    • D
      Add note about numeric domain names to manpage · 13c69cd0
      Dave Allan 提交于
      Clarify that domains with numeric names can only be identified by
      their domain id.
      13c69cd0
  3. 01 10月, 2012 1 次提交
    • E
      build: avoid infinite autogen loop · c5f16220
      Eric Blake 提交于
      Several people have reported that if the .gnulib submodule is dirty,
      then 'make' will go into an infinite loop attempting to rerun bootstrap,
      because that never cleans up the dirty submodule.  By default, we
      should halt and make the user investigate, but if the user doesn't
      know why or care that the submodule is dirty, I also added the ability
      to 'make CLEAN_SUBMODULE=1' to get things going again.
      
      Also, while testing this, I noticed that when a submodule update was
      needed, 'make' would first run autoreconf, then bootstrap (which
      reruns autoreconf); adding a strategic dependency allows for less work.
      
      * .gnulib: Update to latest, for maint.mk improvements.
      * cfg.mk (_autogen): Also hook maint.mk, to run before autoreconf.
      * autogen.sh (bootstrap): Refuse to run if gnulib is dirty, unless
      user requests discarding gnulib changes.
      c5f16220
  4. 30 9月, 2012 2 次提交
    • M
      hyperv: Fix and improve hypervListAllDomains · 9e9ea3ea
      Matthias Bolte 提交于
      Use MATCH for all flags checks.
      
      hypervMsvmComputerSystemToDomain expects the domain pointer to the
      initialized to NULL.
      
      All items in doms up to the count-th one are valid, no need to double
      check before freeing them.
      9e9ea3ea
    • M
      esx: Fix and improve esxListAllDomains function · 5fc663d8
      Matthias Bolte 提交于
      Avoid requesting information such as identity or power state when it
      is not necessary.
      
      Lookup virtual machine list with the required fields (configStatus,
      name, and config.uuid) to make esxVI_GetVirtualMachineIdentity work.
      
      No need to call esxVI_GetNumberOfSnapshotTrees. rootSnapshotTreeList
      can be tested for emptiness by checking it for NULL.
      
      esxVI_LookupRootSnapshotTreeList already does the error reporting,
      don't overwrite it.
      
      Check if autostart is enabled at all before looking up the individual
      autostart setting of a virtual machine.
      
      Reorder VIR_EXPAND_N(doms, ndoms, 1) to avoid leaking the result of
      the call to virGetDomain if VIR_EXPAND_N fails.
      
      Replace VIR_EXPAND_N by VIR_RESIZE_N to avoid quadratic scaling, as in
      the Hyper-V version of the function.
      
      If virGetDomain fails it already reports an error, don't overwrite it
      with an OOM error.
      
      All items in doms up to the count-th one are valid, no need to double
      check before freeing them.
      
      Finally, don't leak autoStartDefaults and powerInfoList.
      5fc663d8
  5. 29 9月, 2012 1 次提交
    • D
      build: default selinuxfs mount point to /sys/fs/selinux · aa696e18
      Daniel J Walsh 提交于
      Currently if you build on a machine that does not support SELinux we end up
      with the default mount point being /selinux, since this is moved to
      /sys/fs/selinux, we should start defaulting there.
      
      I believe this is causing a bug in libvirt-lxc when /selinux does not exists,
      even though /sys/fs/selinux exists.
      aa696e18
  6. 28 9月, 2012 20 次提交
    • D
      Add support for detecting capablities using QMP commands · 43e23c73
      Daniel P. Berrange 提交于
      Start a QEMU process using
      
         $QEMU -S -no-user-config -nodefaults \
               -nographic -M none -qmp unix:/some/path,server,nowait
      
      and talk QMP over stdio to discover what capabilities the
      binary supports. This works for QEMU 1.2.0 or later and
      for older QEMU automatically fallback to the old approach
      of parsing -help and related command line args.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      43e23c73
    • D
      Ignore error from query-cpu-definitions · 295bda40
      Daniel P. Berrange 提交于
      Some architectures provide the query-cpu-definitions command,
      but are set to always return a "GenericError" from it :-(
      Catch this & treat it as if there was an empty list of CPUs
      returned
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      295bda40
    • D
      Avoid bogus I/O event errors when closing the QEMU monitor · 89563efc
      Daniel P. Berrange 提交于
      After calling qemuMonitorClose(), it is still possible for
      the QEMU monitor I/O event callback to get invoked. This
      will trigger an error message because mon->fd has been set
      to -1 at this point. Silently ignore the case where mon->fd
      is -1, likewise for mon->watch being zero.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      89563efc
    • D
      Remove need to pass in a virDomainObjPtr instance to qemuMonitorOpen · 8e122c2c
      Daniel P. Berrange 提交于
      The qemuMonitorOpen method only needs a virDomainObjPtr in order
      to access the QEMU pid. This is not critical when detecting the
      QEMU capabilties, so can easily be skipped
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      8e122c2c
    • D
      Fix QEMU test with 1.2.0 help output · 72574808
      Daniel P. Berrange 提交于
      The help output for QEMU 1.2.0 changed 'pci-assign' to 'kvm-pci-assign'.
      Since the new capabilities code does exact device name matching
      instead of substring matching, this caused the capabilities to go
      missing.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      72574808
    • C
      ARMHF: implement /proc/cpuinfo parsing · 2d0a777b
      Chuck Short 提交于
      Minimal CPU "parser" for armhf to avoid compile time warning.
      Signed-off-by: NChuck Short <chuck.short@canonical.com>
      2d0a777b
    • D
      Automatically enable systemd journal logging · 7022b091
      Daniel P. Berrange 提交于
      Probe to see if the systemd journal is accessible, and if
      so enable logging to the journal by default, rather than
      stderr (current default under systemd).
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      7022b091
    • D
      Add systemd journal support · f6430390
      Daniel P. Berrange 提交于
      Add support for logging to the systemd journal, using its
      simple client library. The benefit over syslog is that it
      accepts structured log data, so the journald can store
      individual items like code file/line/func separately from
      the string message. Tools which require structured log
      data can then query the journal to extract exactly what
      they desire without resorting to string parsing
      
      While systemd provides a simple client library for logging,
      it is more convenient for libvirt to directly write its
      own client code. This lets us build up the iovec's on
      the stack, avoiding the need to alloc memory when writing
      log messages.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f6430390
    • D
      Refactor qemuCapsParseDeviceStr to work from data tables · b073fe40
      Daniel P. Berrange 提交于
      Currently the qemuCapsParseDeviceStr method has a bunch of open
      coded string searches/comparisons to detect devices and their
      properties. Soon this data will be obtained from QMP queries
      instead of -device help output. Maintaining the list of device
      and properties in two places is undesirable. Thus the existing
      qemuCapsParseDeviceStr() method needs to be refactored to
      separate the device types and properties from the actual
      search code.
      
      Thus the -device help output is now parsed to construct a
      list of device names, and device properties. These are then
      checked against a set of datatables to set the capability
      flags
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      b073fe40
    • D
      Don't initialize logging twice in libvirtd · 90af1bab
      Daniel P. Berrange 提交于
      The virInitialize function initializes logging from the env,
      so there is no need for another call to virLogSetFromEnv
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      90af1bab
    • D
      Change logging category parameter into an enum · e8fd8757
      Daniel P. Berrange 提交于
      The 'const char *category' parameter only has a few possible
      values now that the filename has been separated. Turn this
      parameter into an enum instead.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e8fd8757
    • D
      Include filename explicitly in logging APIs · 0225c566
      Daniel P. Berrange 提交于
      Currently the logging APIs have a 'const char *category' parameter
      which indicates where the log message comes from. This is typically
      a combination of the __FILE__ string and other prefix. Split the
      __FILE__ off into a dedicated parameter so it can passed to the
      log outputs
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      0225c566
    • D
      Whitespace cleanup in logging files · 96a1be95
      Daniel P. Berrange 提交于
      General whitespace cleanup in the logging files
      
       - Move '{' to a new line after funtion declaration
       - Put each parameter on a new line to avoid long lines
       - Put return type on new line
       - Leave 2 blank lines between functions
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      96a1be95
    • D
      s/int/virLogDestination/ in logging code · 4764a6c5
      Daniel P. Berrange 提交于
      The log destinations are an enum, but most of the code was
      just using a plain 'int' for function params / variables.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4764a6c5
    • D
      s/long long/size_t/ for file line numbers in logging code · 2dd77cd1
      Daniel P. Berrange 提交于
      The __LINE__ macro value is specified to fit in the size_t
      type, so use that instead of 'long long' in the logging code
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      2dd77cd1
    • D
      s/int/virLogPriority/ in logging code · de29867e
      Daniel P. Berrange 提交于
      The log priority levels are an enum, but most of the code was
      just using a plain 'int' for function params / variables.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      de29867e
    • G
      python: return error if PyObject obj is NULL for unwrapper helper functions · 4c6be02a
      Guannan Ren 提交于
      The result is indeterminate for NULL argument to python
      functions as follows. It's better to return negative value in
      these situations.
      
      PyObject_IsTrue will segfault if the argument is NULL
      PyFloat_AsDouble(NULL) is -1.000000
      PyLong_AsUnsignedLongLong(NULL) is 0.000000
      4c6be02a
    • B
      network: fix dnsmasq/radvd binding to IPv6 on recent kernels · db488c79
      Benjamin Cama 提交于
      I hit this problem recently when trying to create a bridge with an IPv6
      address on a 3.2 kernel: dnsmasq (and, further, radvd) would not bind to
      the given address, waiting 20s and then giving up with -EADDRNOTAVAIL
      (resp. exiting immediately with "error parsing or activating the config
      file", without libvirt noticing it, BTW). This can be reproduced with (I
      think) any kernel >= 2.6.39 and the following XML (to be used with
      "virsh net-create"):
      
              <network>
                <name>test-bridge</name>
                <bridge name='testbr0' />
                <ip family='ipv6' address='fd00::1' prefix='64'>
                </ip>
              </network>
      
      (it happens even when you have an IPv4, too)
      
      The problem is that since commit [1] (which, ironically, was made to
      “help IPv6 autoconfiguration”) the linux bridge code makes bridges
      behave like “real” devices regarding carrier detection. This makes the
      bridges created by libvirt, which are started without any up devices,
      stay with the NO-CARRIER flag set, and thus prevents DAD (Duplicate
      address detection) from happening, thus letting the IPv6 address flagged
      as “tentative”. Such addresses cannot be bound to (see RFC 2462), so
      dnsmasq fails binding to it (for radvd, it detects that "interface XXX
      is not RUNNING", thus that "interface XXX does not exist, ignoring the
      interface" (sic)). It seems that this behavior was enhanced somehow with
      commit [2] by avoiding setting NO-CARRIER on empty bridges, but I
      couldn't reproduce this behavior on my kernel. Anyway, with the “dummy
      tap to set MAC address” trick, this wouldn't work.
      
      To fix this, the idea is to get the bridge's attached device to be up so
      that DAD can happen (deactivating DAD altogether is not a good idea, I
      think). Currently, libvirt creates a dummy TAP device to set the MAC
      address of the bridge, keeping it down. But even if we set this device
      up, it is not RUNNING as soon as the tap file descriptor attached to it
      is closed, thus still preventing DAD. So, we must modify the API a bit,
      so that we can get the fd, keep the tap device persistent, run the
      daemons, and close it after DAD has taken place. After that, the bridge
      will be flagged NO-CARRIER again, but the daemons will be running, even
      if not happy about the device's state (but we don't really care about
      the bridge's daemons doing anything when no up interface is connected to
      it).
      
      Other solutions that I envisioned were:
            * Keeping the *-nic interface up: this would waste an fd for each
              bridge during all its life. May be acceptable, I don't really
              know.
            * Stop using the dummy tap trick, and set the MAC address directly
              on the bridge: it is possible since quite some time it seems,
              even if then there is the problem of the bridge not being
              RUNNING when empty, contrary to what [2] says, so this will need
              fixing (and this fix only happened in 3.1, so it wouldn't work
              for 2.6.39)
            * Using the --interface option of dnsmasq, but I saw somewhere
              that it's not used by libvirt for backward compatibility. I am
              not sure this would solve this problem, though, as I don't know
              how dnsmasq binds itself to it with this option.
      
      This is why this patch does what's described earlier.
      
      This patch also makes radvd start even if the interface is
      “missing” (i.e. it is not RUNNING), as it daemonizes before binding to
      it, and thus sometimes does it after the interface has been brought down
      by us (by closing the tap fd), and then originally stops. This also
      makes it stop yelling about it in the logs when the interface is down at
      a later time.
      
      [1]
      http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=1faa4356a3bd89ea11fb92752d897cff3a20ec0e
      [2]
      http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=b64b73d7d0c480f75684519c6134e79d50c1b341
      db488c79
    • D
      Fix regression starting QEMU instances without query-events · 7ccc4d52
      Daniel P. Berrange 提交于
      If QEMU reports CommandNotFound for the 'query-events' command,
      we must treat that as success, returning a zero-length array
      of events
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      7ccc4d52
    • J
      Fix compilation of legacy xen driver with Xen 4.2 · 416eca18
      Jim Fehlig 提交于
      In Xen 4.2, xs.h is deprecated in favor of xenstore.h.  xs.h now
      contains
      
      #warning xs.h is deprecated use xenstore.h instead
      #include <xenstore.h>
      
      which fails compilation when warnings are treated as errors.
      
      Introduce a configure-time check for xenstore.h and if found,
      use it instead of xs.h.
      416eca18
  7. 27 9月, 2012 6 次提交