1. 19 2月, 2014 1 次提交
    • R
      bhyve: add a basic driver · 0eb4a5f4
      Roman Bogorodskiy 提交于
      At this point it has a limited functionality and is highly
      experimental. Supported domain operations are:
      
        * define
        * start
        * destroy
        * dumpxml
        * dominfo
      
      It's only possible to have only one disk device and only one
      network, which should be of type bridge.
      0eb4a5f4
  2. 13 2月, 2014 1 次提交
    • C
      LXC driver: started implementing connectDomainXMLFromNative · 7195c807
      Cédric Bosdonnat 提交于
      This function aims at converting LXC configuration into a libvirt
      domain XML description to help users migrate from LXC to libvirt.
      
      Here is an example of how the lxc configuration works:
      virsh -c lxc:/// domxml-from-native lxc-tools /var/lib/lxc/migrate_test/config
      
      It is possible that some parts couldn't be properly mapped into a
      domain XML fragment, so users should carefully review the result
      before creating the domain.
      
      fstab files in lxc.mount lines will need to be merged into the
      configuration file as lxc.mount.entry.
      
      As we can't know the amount of memory of the host, we have to set a
      default value for max_balloon that users will probably want to adjust.
      7195c807
  3. 08 1月, 2014 1 次提交
    • E
      maint: improve VIR_ERR_INVALID_DOMAIN usage · 6e130ddc
      Eric Blake 提交于
      In datatype.c, virGetDomainSnapshot could result in the message:
      
      error: invalid domain pointer in bad domain
      
      Furthermore, while there are a few functions in libvirt.c that
      only care about a virDomainPtr without regards to the connection
      (such as virDomainGetName), most functions also require a valid
      connection.  Yet several functions were blindly dereferencing
      the conn member without checking it for validity first (such as
      virDomainOpenConsole).  Rather than try and correct all usage
      of VIR_IS_DOMAIN vs. VIR_IS_CONNECTED_DOMAIN, it is easier to
      just blindly require that a valid domain object always has a
      valid connection object (which should be true anyways, since
      every domain object holds a reference to its connection, so the
      connection will not be closed until all domain objects have
      also been closed to release their reference).
      
      After this patch, all places that validate a domain consistently
      report:
      
      error: invalid domain pointer in someFunc
      
      * src/datatypes.h (virCheckDomainReturn, virCheckDomainGoto): New
      macros.
      * src/datatypes.c (virGetDomainSnapshot): Use new macro.
      (virLibConnError): Delete unused macro.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      6e130ddc
  4. 10 12月, 2013 1 次提交
  5. 26 11月, 2013 1 次提交
    • E
      storage: initial support for linking with libgfapi · 318ea3cb
      Eric Blake 提交于
      We support gluster volumes in domain XML, so we also ought to
      support them as a storage pool.  Besides, a future patch will
      want to take advantage of libgfapi to handle the case of a
      gluster device holding qcow2 rather than raw storage, and for
      that to work, we need a storage backend that can read gluster
      storage volume contents.  This sets up the framework.
      
      Note that the new pool is named 'gluster' to match a
      <disk type='network'><source protocol='gluster'> image source
      already supported in a <domain>; it does NOT match the
      <pool type='netfs'><source><target type='glusterfs'>,
      since that uses a FUSE mount to a local file name rather than
      a network name.
      
      This and subsequent patches have been tested against glusterfs
      3.4.1 (available on Fedora 19); there are likely bugs in older
      versions that may prevent decent use of gfapi, so this patch
      enforces the minimum version tested.  A future patch may lower
      the minimum.  On the other hand, I hit at least two bugs in
      3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
      raising the minimum: glfs_readdir is nicer to use than
      glfs_readdir_r [1], and glfs_fini should only return failure on
      an actual failure [2].
      
      [1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
      [2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html
      
      * configure.ac (WITH_STORAGE_GLUSTER): New conditional.
      * m4/virt-gluster.m4: new file.
      * libvirt.spec.in (BuildRequires): Support gluster in spec file.
      * src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
      type.
      * src/conf/storage_conf.c (poolTypeInfo): Treat similar to
      sheepdog and rbd.
      (virStoragePoolDefFormat): Don't output target for gluster.
      * src/storage/storage_backend_gluster.h: New file.
      * src/storage/storage_backend_gluster.c: Likewise.
      * po/POTFILES.in: Add new file.
      * src/storage/storage_backend.c (backends): Register new type.
      * src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
      * src/storage/storage_backend.h (_virStorageBackend): Documet
      assumption.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      318ea3cb
  6. 03 10月, 2013 1 次提交
  7. 04 9月, 2013 1 次提交
    • J
      libxl: Introduce libxl_domain.[ch] · 12315cd7
      Jim Fehlig 提交于
      Create libxl_domain.[ch] and move all functions operating on
      libxlDomainObjPrivate to these files.  This will be useful for
      future patches that e.g. add job support for libxlDomainObjPrivate.
      12315cd7
  8. 03 9月, 2013 1 次提交
  9. 22 8月, 2013 1 次提交
  10. 08 8月, 2013 1 次提交
  11. 02 8月, 2013 1 次提交
    • R
      bridge driver: extract platform specifics · 4ac708f2
      Roman Bogorodskiy 提交于
      * Move platform specific things (e.g. firewalling and route
        collision checks) into bridge_driver_platform
      * Create two platform specific implementations:
          - bridge_driver_linux: Linux implementation using iptables,
            it's actually the code moved from bridge_driver.c
          - bridge_driver_nop: dumb implementation that does nothing
      Signed-off-by: NEric Blake <eblake@redhat.com>
      4ac708f2
  12. 18 7月, 2013 2 次提交
  13. 10 7月, 2013 1 次提交
  14. 24 6月, 2013 2 次提交
    • D
      Add a policy kit access control driver · b904bba7
      Daniel P. Berrange 提交于
      Add an access control driver that uses the pkcheck command
      to check authorization requests. This is fairly inefficient,
      particularly for cases where an API returns a list of objects
      and needs to check permission for each object.
      
      It would be desirable to use the polkit API but this links
      to glib with abort-on-OOM behaviour, so can't be used. The
      other alternative is to speak to dbus directly
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      b904bba7
    • D
      Define basic internal API for access control · a93cd08f
      Daniel P. Berrange 提交于
      This patch introduces the virAccessManagerPtr class as the
      interface between virtualization drivers and the access
      control drivers. The viraccessperm.h file defines the
      various permissions that will be used for each type of object
      libvirt manages
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      a93cd08f
  15. 13 5月, 2013 1 次提交
  16. 13 4月, 2013 1 次提交
  17. 21 3月, 2013 1 次提交
    • P
      virsh: Introduce macros to reject mutually exclusive arguments · 7e437ee7
      Peter Krempa 提交于
      This patch adds three macros to the virsh source tree that help to
      easily check for mutually exclusive parameters.
      
      VSH_EXCLUSIVE_OPTIONS_EXPR has four arguments, two expressions to check
      and two names of the parameters to print in the message.
      
      VSH_EXCLUSIVE_OPTIONS is more specific and check the command structure
      for the parameters using vshCommandOptBool.
      
      VSH_EXCLUSIVE_OPTIONS_VAR is meant to check boolean variables with the
      same name as the parameters.
      7e437ee7
  18. 20 3月, 2013 1 次提交
  19. 19 3月, 2013 1 次提交
  20. 13 3月, 2013 1 次提交
    • D
      Apply security label when entering LXC namespaces · e4e69e89
      Daniel P. Berrange 提交于
      Add a new virDomainLxcEnterSecurityLabel() function as a
      counterpart to virDomainLxcEnterNamespaces(), which can
      change the current calling process to have a new security
      context. This call runs client side, not in libvirtd
      so we can't use the security driver infrastructure.
      
      When entering a namespace, the process spawned from virsh
      will default to running with the security label of virsh.
      The actual desired behaviour is to run with the security
      label of the container most of the time. So this changes
      virsh lxc-enter-namespace command to invoke the
      virDomainLxcEnterSecurityLabel method.
      
      The current behaviour is:
      
      LABEL                             PID TTY          TIME CMD
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 29 ? 00:00:00 dhclient
      staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 47 ? 00:00:00 ps
      
      Note the ps command is running as unconfined_t,  After this patch,
      
      The new behaviour is this:
      
      virsh -c lxc:/// lxc-enter-namespace dan -- /bin/ps -eZ
      LABEL                             PID TTY          TIME CMD
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 38 ? 00:00:00 ps
      
      The '--noseclabel' flag can be used to skip security labelling.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e4e69e89
  21. 16 1月, 2013 3 次提交
  22. 05 1月, 2013 1 次提交
  23. 21 12月, 2012 14 次提交