- 03 10月, 2012 2 次提交
-
-
由 Marcelo Cerri 提交于
This patch adds a brief description about labels for each security driver.
-
由 Marcelo Cerri 提交于
The DAC driver is missing parsing of group and user names for DAC labels and currently just parses uid and gid. This patch extends it to support names, so the following security label definition is now valid: <seclabel type='static' model='dac' relabel='yes'> <label>qemu:qemu</label> <imagelabel>qemu:qemu</imagelabel> </seclabel> When it tries to parse an owner or a group, it first tries to resolve it as a name, if it fails or it's an invalid user/group name then it tries to parse it as an UID or GID. A leading '+' can also be used for both owner and group to force it to be parsed as IDs, so the following example is also valid: <seclabel type='static' model='dac' relabel='yes'> <label>+101:+101</label> <imagelabel>+101:+101</imagelabel> </seclabel> This ensures that UID 101 and GUI 101 will be used instead of an user or group named "101".
-
- 02 10月, 2012 8 次提交
-
-
由 Eric Blake 提交于
Commit c579d6b3 added a sledgehammer to silence spurious warnings from gcc 4.2, but in the process, it also silenced useful warnings from gcc 4.3 through 4.5. As a result, a bug slipped in to commit 0caccb58. Tested with FreeBSD (gcc 4.2.1), RHEL 6.3 (gcc 4.4), and F17 (gcc 4.7.2), where the former didn't trip on spurious warnings, and where the latter two detected a revert of 2b804cfa. * m4/virt-compile-warnings.m4 (-Wno-format): Probe for the actual spurious message, to once again allow gcc 4.4 to use -Wformat.
-
由 Eric Blake 提交于
Introduced in commit 0caccb58. CC libvirt_driver_qemu_impl_la-qemu_capabilities.lo ../../src/qemu/qemu_capabilities.c: In function 'qemuCapsInitQMP': ../../src/qemu/qemu_capabilities.c:2327:13: error: format '%d' expects argument of type 'int', but argument 8 has type 'const char *' [-Werror=format] * src/qemu/qemu_capabilities.c (qemuCapsInitQMP): Use correct format.
-
由 Jiri Denemark 提交于
Since libvirt switched to QMP capabilities probing recently, it starts QEMU process used for this probing with -daemonize, which means virCommandAbort can no longer reach these processes. As a result of that, restarting libvirtd will leave several new QEMU processes behind. Let's use QEMU's -pidfile and use it to kill the process when QMP caps probing is done.
-
由 Peter Krempa 提交于
When doing snapshots, the filesystem freeze function used the agent entering function that expects the qemud_driver unlocked. This might cause a deadlock of the qemu driver if the agent does not respond. The only call path of this function has the qemud_driver locked, so this patch changes the entering functions to those expecting the driver locked.
-
由 Michal Privoznik 提交于
There was an inverted return value in lxcCgroupControllerActive(). The function assumes cgroups are active and do couple of checks to prove that. If any of them fails, false is returned. Therefore, at the end, after all checks are done we must return true, not false.
-
由 Eric Blake 提交于
Commit f6430390 broke builds on RHEL 5, where glibc (2.5) is too old to support mkostemp (2.7) or htole64 (2.9). While gnulib has mkostemp, it still lacks htole64; and it's not worth dragging in replacements on systems where journald is unlikely to exist in the first place, so we just use an extra configure-time check as our witness of whether to attempt compiling the code. * src/util/logging.c (virLogParseOutputs): Don't attempt to compile journald on older glibc. * configure.ac (AC_CHECK_DECLS): Check for htole64.
-
由 Eric Blake 提交于
Commit f1a43a8e missed one side of an #if/#else. * src/util/processinfo.c (virProcessInfoGetAffinity): Use correct bitmap operation.
-
由 Dave Allan 提交于
Clarify that domains with numeric names can only be identified by their domain id.
-
- 01 10月, 2012 1 次提交
-
-
由 Eric Blake 提交于
Several people have reported that if the .gnulib submodule is dirty, then 'make' will go into an infinite loop attempting to rerun bootstrap, because that never cleans up the dirty submodule. By default, we should halt and make the user investigate, but if the user doesn't know why or care that the submodule is dirty, I also added the ability to 'make CLEAN_SUBMODULE=1' to get things going again. Also, while testing this, I noticed that when a submodule update was needed, 'make' would first run autoreconf, then bootstrap (which reruns autoreconf); adding a strategic dependency allows for less work. * .gnulib: Update to latest, for maint.mk improvements. * cfg.mk (_autogen): Also hook maint.mk, to run before autoreconf. * autogen.sh (bootstrap): Refuse to run if gnulib is dirty, unless user requests discarding gnulib changes.
-
- 30 9月, 2012 2 次提交
-
-
由 Matthias Bolte 提交于
Use MATCH for all flags checks. hypervMsvmComputerSystemToDomain expects the domain pointer to the initialized to NULL. All items in doms up to the count-th one are valid, no need to double check before freeing them.
-
由 Matthias Bolte 提交于
Avoid requesting information such as identity or power state when it is not necessary. Lookup virtual machine list with the required fields (configStatus, name, and config.uuid) to make esxVI_GetVirtualMachineIdentity work. No need to call esxVI_GetNumberOfSnapshotTrees. rootSnapshotTreeList can be tested for emptiness by checking it for NULL. esxVI_LookupRootSnapshotTreeList already does the error reporting, don't overwrite it. Check if autostart is enabled at all before looking up the individual autostart setting of a virtual machine. Reorder VIR_EXPAND_N(doms, ndoms, 1) to avoid leaking the result of the call to virGetDomain if VIR_EXPAND_N fails. Replace VIR_EXPAND_N by VIR_RESIZE_N to avoid quadratic scaling, as in the Hyper-V version of the function. If virGetDomain fails it already reports an error, don't overwrite it with an OOM error. All items in doms up to the count-th one are valid, no need to double check before freeing them. Finally, don't leak autoStartDefaults and powerInfoList.
-
- 29 9月, 2012 1 次提交
-
-
由 Daniel J Walsh 提交于
Currently if you build on a machine that does not support SELinux we end up with the default mount point being /selinux, since this is moved to /sys/fs/selinux, we should start defaulting there. I believe this is causing a bug in libvirt-lxc when /selinux does not exists, even though /sys/fs/selinux exists.
-
- 28 9月, 2012 20 次提交
-
-
由 Daniel P. Berrange 提交于
Start a QEMU process using $QEMU -S -no-user-config -nodefaults \ -nographic -M none -qmp unix:/some/path,server,nowait and talk QMP over stdio to discover what capabilities the binary supports. This works for QEMU 1.2.0 or later and for older QEMU automatically fallback to the old approach of parsing -help and related command line args. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Some architectures provide the query-cpu-definitions command, but are set to always return a "GenericError" from it :-( Catch this & treat it as if there was an empty list of CPUs returned Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
After calling qemuMonitorClose(), it is still possible for the QEMU monitor I/O event callback to get invoked. This will trigger an error message because mon->fd has been set to -1 at this point. Silently ignore the case where mon->fd is -1, likewise for mon->watch being zero. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The qemuMonitorOpen method only needs a virDomainObjPtr in order to access the QEMU pid. This is not critical when detecting the QEMU capabilties, so can easily be skipped Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The help output for QEMU 1.2.0 changed 'pci-assign' to 'kvm-pci-assign'. Since the new capabilities code does exact device name matching instead of substring matching, this caused the capabilities to go missing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Chuck Short 提交于
Minimal CPU "parser" for armhf to avoid compile time warning. Signed-off-by: NChuck Short <chuck.short@canonical.com>
-
由 Daniel P. Berrange 提交于
Probe to see if the systemd journal is accessible, and if so enable logging to the journal by default, rather than stderr (current default under systemd). Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add support for logging to the systemd journal, using its simple client library. The benefit over syslog is that it accepts structured log data, so the journald can store individual items like code file/line/func separately from the string message. Tools which require structured log data can then query the journal to extract exactly what they desire without resorting to string parsing While systemd provides a simple client library for logging, it is more convenient for libvirt to directly write its own client code. This lets us build up the iovec's on the stack, avoiding the need to alloc memory when writing log messages. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the qemuCapsParseDeviceStr method has a bunch of open coded string searches/comparisons to detect devices and their properties. Soon this data will be obtained from QMP queries instead of -device help output. Maintaining the list of device and properties in two places is undesirable. Thus the existing qemuCapsParseDeviceStr() method needs to be refactored to separate the device types and properties from the actual search code. Thus the -device help output is now parsed to construct a list of device names, and device properties. These are then checked against a set of datatables to set the capability flags Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virInitialize function initializes logging from the env, so there is no need for another call to virLogSetFromEnv Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The 'const char *category' parameter only has a few possible values now that the filename has been separated. Turn this parameter into an enum instead. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the logging APIs have a 'const char *category' parameter which indicates where the log message comes from. This is typically a combination of the __FILE__ string and other prefix. Split the __FILE__ off into a dedicated parameter so it can passed to the log outputs Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
General whitespace cleanup in the logging files - Move '{' to a new line after funtion declaration - Put each parameter on a new line to avoid long lines - Put return type on new line - Leave 2 blank lines between functions Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The log destinations are an enum, but most of the code was just using a plain 'int' for function params / variables. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The __LINE__ macro value is specified to fit in the size_t type, so use that instead of 'long long' in the logging code Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The log priority levels are an enum, but most of the code was just using a plain 'int' for function params / variables. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Guannan Ren 提交于
The result is indeterminate for NULL argument to python functions as follows. It's better to return negative value in these situations. PyObject_IsTrue will segfault if the argument is NULL PyFloat_AsDouble(NULL) is -1.000000 PyLong_AsUnsignedLongLong(NULL) is 0.000000
-
由 Benjamin Cama 提交于
I hit this problem recently when trying to create a bridge with an IPv6 address on a 3.2 kernel: dnsmasq (and, further, radvd) would not bind to the given address, waiting 20s and then giving up with -EADDRNOTAVAIL (resp. exiting immediately with "error parsing or activating the config file", without libvirt noticing it, BTW). This can be reproduced with (I think) any kernel >= 2.6.39 and the following XML (to be used with "virsh net-create"): <network> <name>test-bridge</name> <bridge name='testbr0' /> <ip family='ipv6' address='fd00::1' prefix='64'> </ip> </network> (it happens even when you have an IPv4, too) The problem is that since commit [1] (which, ironically, was made to “help IPv6 autoconfiguration”) the linux bridge code makes bridges behave like “real” devices regarding carrier detection. This makes the bridges created by libvirt, which are started without any up devices, stay with the NO-CARRIER flag set, and thus prevents DAD (Duplicate address detection) from happening, thus letting the IPv6 address flagged as “tentative”. Such addresses cannot be bound to (see RFC 2462), so dnsmasq fails binding to it (for radvd, it detects that "interface XXX is not RUNNING", thus that "interface XXX does not exist, ignoring the interface" (sic)). It seems that this behavior was enhanced somehow with commit [2] by avoiding setting NO-CARRIER on empty bridges, but I couldn't reproduce this behavior on my kernel. Anyway, with the “dummy tap to set MAC address” trick, this wouldn't work. To fix this, the idea is to get the bridge's attached device to be up so that DAD can happen (deactivating DAD altogether is not a good idea, I think). Currently, libvirt creates a dummy TAP device to set the MAC address of the bridge, keeping it down. But even if we set this device up, it is not RUNNING as soon as the tap file descriptor attached to it is closed, thus still preventing DAD. So, we must modify the API a bit, so that we can get the fd, keep the tap device persistent, run the daemons, and close it after DAD has taken place. After that, the bridge will be flagged NO-CARRIER again, but the daemons will be running, even if not happy about the device's state (but we don't really care about the bridge's daemons doing anything when no up interface is connected to it). Other solutions that I envisioned were: * Keeping the *-nic interface up: this would waste an fd for each bridge during all its life. May be acceptable, I don't really know. * Stop using the dummy tap trick, and set the MAC address directly on the bridge: it is possible since quite some time it seems, even if then there is the problem of the bridge not being RUNNING when empty, contrary to what [2] says, so this will need fixing (and this fix only happened in 3.1, so it wouldn't work for 2.6.39) * Using the --interface option of dnsmasq, but I saw somewhere that it's not used by libvirt for backward compatibility. I am not sure this would solve this problem, though, as I don't know how dnsmasq binds itself to it with this option. This is why this patch does what's described earlier. This patch also makes radvd start even if the interface is “missing” (i.e. it is not RUNNING), as it daemonizes before binding to it, and thus sometimes does it after the interface has been brought down by us (by closing the tap fd), and then originally stops. This also makes it stop yelling about it in the logs when the interface is down at a later time. [1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=1faa4356a3bd89ea11fb92752d897cff3a20ec0e [2] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=b64b73d7d0c480f75684519c6134e79d50c1b341
-
由 Daniel P. Berrange 提交于
If QEMU reports CommandNotFound for the 'query-events' command, we must treat that as success, returning a zero-length array of events Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Jim Fehlig 提交于
In Xen 4.2, xs.h is deprecated in favor of xenstore.h. xs.h now contains #warning xs.h is deprecated use xenstore.h instead #include <xenstore.h> which fails compilation when warnings are treated as errors. Introduce a configure-time check for xenstore.h and if found, use it instead of xs.h.
-
- 27 9月, 2012 6 次提交
-
-
由 Miloslav Trmač 提交于
In addition to the preformatted text line, pass the raw message as well, to allow the output functions to use a different output format. Signed-off-by: NMiloslav Trmač <mitr@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Miloslav Trmač 提交于
Allow for the code converting from libvirt log levels to syslog log levels to be reused. Signed-off-by: NMiloslav Trmač <mitr@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The qemuMonitorSetCapabilities() API is used to initialize the QMP protocol capabilities. It has since been abused to initialize some libvirt internal capabilities based on command/event existance too. Move the latter code out into qemuCapsProbeQMP() in the QEMU capabilities source file instead Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The qemu monitor does not require qemu_conf.h, and the qemu capabilities code actually wants bitmap.h Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add a new qemuMonitorGetTargetArch() method to support invocation of the 'query-target' JSON monitor command. No HMP equivalent is required, since this will only be present for QEMU >= 1.2 Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add a new qemuMonitorGetObjectProps() method to support invocation of the 'device-list-properties' JSON monitor command. No HMP equivalent is required, since this will only be present for QEMU >= 1.2 Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-