1. 21 8月, 2012 25 次提交
    • P
      libssh2_transport: add main libssh2 transport implementation · 1193fc5f
      Peter Krempa 提交于
      This patch adds helper functions that enable us to use libssh2 in
      conjunction with libvirt's virNetSockets for ssh transport instead of
      spawning "ssh" client process.
      
      This implemetation supports tunneled plaintext, keyboard-interactive,
      private key, ssh agent based and null authentication. Libvirt's Auth
      callback is used for interaction with the user. (Keyboard interactive
      authentication, adding of host keys, private key passphrases). This
      enables seamless integration into the application using libvirt. No
      helpers as "ssh-askpass" are needed.
      
      Reading and writing of OpenSSH style "known_hosts" files is supported.
      
      Communication is done using SSH exec channel, where the user may specify
      arbitrary command to be executed on the remote side and reads and writes
      to/from stdin/out are sent through the ssh channel. Usage of stderr is
      not (yet) supported.
      1193fc5f
    • D
      Add test case for SELinux label generation · 9136032a
      Daniel P. Berrange 提交于
      This test case validates the correct generation of SELinux labels
      for VMs, wrt the current process label. Since we can't actually
      change the label of the test program process, we create a shared
      library libsecurityselinuxhelper.so which overrides the getcon()
      and setcon() libselinux.so functions. When started the test case
      will check to see if LD_PRELOAD is set, and if not, it will
      re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      9136032a
    • D
      Honour current sensitivity and category ranges in SELinux label generation · 4e365df4
      Daniel P. Berrange 提交于
      Currently the dynamic label generation code will create labels
      with a sensitivity of s0, and a category pair in the range
      0-1023. This is fine when running a standard MCS policy because
      libvirtd will run with a label
      
        system_u:system_r:virtd_t:s0-s0:c0.c1023
      
      With custom policies though, it is possible for libvirtd to have
      a different sensitivity, or category range. For example
      
        system_u:system_r:virtd_t:s2-s3:c512.c1023
      
      In this case we must assign the VM a sensitivity matching the
      current lower sensitivity value, and categories in the range
      512-1023
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4e365df4
    • D
      Fix regression generating image context · 2d9df4fc
      Daniel P. Berrange 提交于
      The code to refactor sec label handling accidentally changed the
      SELinux driver to use the 'domain_context' when generating the
      image label instead of the 'file_context'
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      2d9df4fc
    • M
      qemu: modify 3 error messages · 0c0a8c9f
      Martin Kletzander 提交于
      After the cleanup of remote display port allocation, I noticed some
      messages that didn't make a lot of sense the way they were written. So
      I rephrased them.
      0c0a8c9f
    • M
      qemu: configurable remote display port boundaries · 29226bee
      Martin Kletzander 提交于
      The defines QEMU_REMOTE_PORT_MIN and QEMU_REMOTE_PORT_MAX were used to
      find free port when starting domains. As this was hard-coded to the
      same ports as default VNC servers, there were races with these other
      programs. This patch includes the possibility to change the default
      starting port as well as the maximum port (mostly for completeness) in
      qemu config file.
      
      Support for two new config options in qemu.conf is added:
       - remote_port_min (defaults to QEMU_REMOTE_PORT_MIN and
         must be >= than this value)
       - remote_port_max (defaults to QEMU_REMOTE_PORT_MAX and
         must be <= than this value)
      29226bee
    • M
      qemu: Unify port-wise SPICE and VNC behavior · a14b4aea
      Martin Kletzander 提交于
      Port allocations for SPICE and VNC behave almost the same (with
      default ports), but there is some mess in the code. This patch clears
      these inconsistencies and makes sure the same behavior will be used
      when ports for remote displays are changed.
      
      Changes:
       - hard-coded number 5900 removed (handled elsewhere like with VNC)
       - reservedVNCPorts renamed to reservedRemotePorts (it's not just for
         VNC anymore)
       - QEMU_VNC_PORT_{MIN,MAX} renamed to QEMU_REMOTE_PORT_{MIN,MAX}
       - port allocation unified for VNC and SPICE
      a14b4aea
    • E
      build: fix build with autoconf 2.59 · ba9c38b4
      Eric Blake 提交于
      Commit 350583c8 broke development on a RHEL 5 box, where the
      ancient Autoconf 2.59 lacks AS_VERSION_STRING.  Rather than
      backport the complex awk script that newer autoconf uses for
      true strverscmp comparisons from the shell, it was easier to
      just open-code a shell case statement.
      
      * configure.ac (qemu_version): Open-code a replacement for
      AS_VERSION_CHECK.
      ba9c38b4
    • E
      virsh: split out virsh-volume.c · f95f1ba4
      Eric Blake 提交于
      Last of the file splits.
      
      * tools/virsh-volume.h: New file.
      * tools/Makefile.am (virsh_SOURCES): Build it.
      * tools/virsh.c: Use new header.
      * tools/virsh-volume.c: Likewise.
      (vshCommandOptVolBy): Fix flag usage.
      f95f1ba4
    • E
      virsh: split out virsh-snapshot.c · c0dbd5f3
      Eric Blake 提交于
      Almost done with the splits.
      
      * tools/virsh-snapshot.h: New file.
      * tools/Makefile.am (virsh_SOURCES): Build it.
      * tools/virsh.c: Use new header.
      * tools/virsh-snapshot.c: Likewise.
      c0dbd5f3
    • E
      virsh: split out virsh-secret.c · 9cbb0eda
      Eric Blake 提交于
      One of the simpler splits.
      
      * tools/virsh-secret.h: New file.
      * tools/Makefile.am (virsh_SOURCES): Build it.
      * tools/virsh.c: Use new header.
      * tools/virsh-secret.c: Likewise.
      9cbb0eda
    • E
      virsh: split out virsh-pool.c · ef8d3583
      Eric Blake 提交于
      More in a series of file splits.
      
      * tools/virsh-pool.h: New file.
      * tools/Makefile.am (virsh_SOURCES): Build it.
      * tools/virsh.c: Use new header.
      * tools/virsh-pool.c: Likewise.
      (virCommandOptPoolBy): Fix flag usage.
      ef8d3583
    • E
      virsh: split out virsh-nwfilter.c · 69af4f7c
      Eric Blake 提交于
      Yet another split file.
      
      * tools/virsh-nwfilter.h: New file.
      * tools/Makefile.am (virsh_SOURCES): Build it.
      * tools/virsh.c: Use new header.
      * tools/virsh-nwfilter.c: Likewise.
      69af4f7c
    • E
      virsh: split out virsh-nodedev.c · ea3cf921
      Eric Blake 提交于
      Another worthwhile split, needed one more public function.
      
      * tools/virsh-nodedev.h: New file.
      * tools/Makefile.am (virsh_SOURCES): Build it.
      * tools/virsh-nodedev.c: Use new header.
      * tools/virsh.c: Likewise.
      (vshTreePrint): Export.
      * tools/virsh.h (vshTreePrint): Declare.
      ea3cf921
    • E
      virsh: split out virsh-network.c · dcff981a
      Eric Blake 提交于
      Another relatively easy file split.
      
      * tools/virsh-network.h: New file.
      * tools/Makefile.am (virsh_SOURCES): Build it.
      * tools/virsh.c: Use new header.
      * tools/virsh-network.c: Likewise.
      (vshCommandOptNetworkBy): Update signature.
      dcff981a
    • E
      virsh: split out virsh-interface.c · 7aeb16a8
      Eric Blake 提交于
      Another relatively easy split, since helper functions were fixed
      in the previous patch.
      
      * tools/virsh-interface.h: New file.
      * tools/Makefile.am (virsh_SOURCES): Build it.
      * tools/virsh.c: Use new header.
      * tools/virsh-interface.c: Likewise.
      (vshCommandOptInterfaceBy): Check flags.
      7aeb16a8
    • E
      virsh: declare more common functions · 4c10b3c7
      Eric Blake 提交于
      In preparation for splitting virsh-interface.c, I found these
      functions need to be declared in virsh.h, as well as one that
      belongs more properly in virsh-domain.h.  Also, since we
      use the VSH_BY* flags in more than one function, I improved
      how they are used.
      
      * tools/virsh.h (vshNameSorter, vshCmdHasOption): Declare.
      (VSH_BYID): Turn into enum.
      (vshCommandOptDomainBy): Move...
      * tools/virsh-domain.h): ...here.
      * tools/virsh.c: (vshNameSorter): Export.
      (cmd_has_option): Rename...
      (vshCmdHasOption): ...and export.
      (vshCommandOptDomainBy): Move...
      * tools/virsh-domain.c (vshCommandOptDomainBy): ...here, adjust
      signature, and check flags.
      * tools/virsh-network.c (vshCommandOptNetworkBy): Update callers.
      * tools/virsh-nwfilter.c (vshCommandOptNWFilterBy): Likewise.
      * tools/virsh-secret.c (vshCommandOptSecret): Likewise.
      * tools/virsh-domain-monitor.c (includes): Likewise.
      * tools/virsh-host.c (includes): Likewise.
      4c10b3c7
    • E
      virsh: split out virsh-host.c · ae8e89fb
      Eric Blake 提交于
      The splits are getting easier, with fewer cleanups needed in virsh.h.
      
      * tools/virsh-host.h: New file.
      * tools/Makefile.am (virsh_SOURCES): Build it.
      * tools/virsh-host.c: Use new header.
      * tools/virsh.c: Likewise.
      ae8e89fb
    • E
      virsh: split out virsh-domain-monitor.c · 99ae57f8
      Eric Blake 提交于
      Another file worth compiling on its own instead of by .c inclusion.
      
      * tools/virsh-domain-monitor.h: New file.
      * tools/Makefile.am (virsh_SOURCES): Build it.
      * tools/virsh.h (vshGetDomainDescription): Move to correct
      header.
      * tools/virsh-domain-monitor.c: Use new header.
      * tools/virsh.c: Likewise.
      * tools/virsh-domain.c: Likewise.
      99ae57f8
    • M
      Update the remote API · 2f8a09fb
      Marcelo Cerri 提交于
      This patch updates libvirt's API to allow applications to inspect the
      full list of security labels of a domain.
      Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
      2f8a09fb
    • M
      Support for multiple default security drivers in QEMU config · 6d6bff3a
      Marcelo Cerri 提交于
      This patch updates the key "security_driver" in QEMU config to suport
      both a sigle default driver or a list of default drivers. This ensures
      that it will remain compatible with older versions of the config file.
      Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
      6d6bff3a
    • M
      Update security layer to handle many security labels · a994ef2d
      Marcelo Cerri 提交于
      These changes make the security drivers able to find and handle the
      correct security label information when more than one label is
      available. They also update the DAC driver to be used as an usual
      security driver.
      Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
      a994ef2d
    • M
      Multiple security drivers in XML data · e9377dda
      Marcelo Cerri 提交于
      This patch updates the domain and capability XML parser and formatter to
      support more than one "seclabel" element for each domain and device. The
      RNG schema and the tests related to this are also updated by this patch.
      Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
      e9377dda
    • M
      Internal refactory of data structures · 6c3cf57d
      Marcelo Cerri 提交于
      This patch updates the structures that store information about each
      domain and each hypervisor to support multiple security labels and
      drivers. It also updates all the remaining code to use the new fields.
      Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
      6c3cf57d
    • V
      selinux: Fix incorrect object label generation. · b6ad2c23
      Viktor Mihajlovski 提交于
      This is a fix for the object label generation. It uses a new flag for
      virSecuritySELinuxGenNewContext that specifies whether the context is
      for an object. If so the context role remains unchanged.
      Without this fix it is not possible to start domains with image file or
      block device backed storage when selinux is enabled.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      b6ad2c23
  2. 20 8月, 2012 9 次提交
    • E
      virsh: drop unused headers · 521b7ab7
      Eric Blake 提交于
      The previous commit now trips up 'make syntax-check' due to a useless
      use of <signal.h>.
      
      * tools/virsh.c (includes): Drop useless includes.
      521b7ab7
    • E
      maint: prohibit translations in testsuite · cc2150d2
      Eric Blake 提交于
      Nothing in the testsuite or examples directory should be translated,
      as it is not part of the normally installed binary.  We already
      meet this rule, but enforcing it will make it easier to remember.
      
      Suggested by Daniel P. Berrange.
      
      * cfg.mk (sc_prohibit_useless_translation): Enhance rule.
      cc2150d2
    • D
      Fix build of virsh on Win32 by moving SA_SIGINFO stub · 6a481798
      Daniel P. Berrange 提交于
      On Win32 SA_SIGINFO is not defined, so virsh.c stub'd it out
      to 0, but recent changes moved the usage out of virsh.c and
      into virsh-domain.c
      6a481798
    • E
      virsh: use common namespacing · e68ee5e7
      Eric Blake 提交于
      Convert the exported items in virsh.h to use a common 'vsh' prefix.
      
      * tools/virsh.h (VIRSH_MAX_XML_FILE): Rename...
      (VSH_MAX_XML_FILE): ...and parenthesize.
      (DIFF_MSEC, CTRL_CLOSE_BRACKET): Delete.
      (vshUsage, vshInit, vshDeinit, vshParseArgv): Remove prototype.
      (editWriteToTempFile, editFile, editReadBackFile, prettyCapacity)
      (virshReportError): Rename...
      (vshEditWriteToTempFile, vshEditFile, vshEditReadBackFile)
      (vshPrettyCapacity, vshReportError): ...into vsh namespace.
      (jobWatchTimeoutFunc): Move to virsh-domain.c.
      * tools/virsh.c (vshCommandRun): Inline former DIFF_MSEC.
      (main): Inline former CTRL_CLOSE_BRACKET.
      (vshUsage, vshInit, vshDeinit, vshParseArgv): Make static.
      (prettyCapacity, virshReportError, editWriteToTempFile, editFile):
      Fix naming, and adjust usage.
      (vshAskReedit, vshCommandRun, vshEventLoop, vshInit): Adjust
      usage.
      * tools/virsh-domain.c (cmdAttachDevice, cmdCPUCompare)
      (cmdCPUBaseline, cmdCreate, cmdDefine, cmdDetachDevice)
      (cmdUpdateDevice, cmdDesc, cmdUndefine, cmdStart, cmdVcpucount)
      (cmdAttachDevice, cmdDomjobinfo): Likewise.
      * tools/virsh-edit.c (do): Likewise.
      * tools/virsh-interface.c (cmdInterfaceDefine): Likewise.
      * tools/virsh-network.c (cmdNetworkCreate, cmdNetworkDefine):
      Likewise.
      * tools/virsh-nodedev.c (cmdNodeDeviceCreate): Likewise.
      * tools/virsh-nwfilter.c (cmdNWFilterDefine): Likewise.
      * tools/virsh-pool.c (cmdPoolCreate, cmdPoolDefine)
      (cmdPoolDiscoverSources, cmdPoolList): Likewise.
      * tools/virsh-secret.c (cmdSecretDefine): Likewise.
      * tools/virsh-snapshot.c (cmdSnapshotCreate, vshSnapshotCreate)
      (vshLookupSnapshot, cmdSnapshotEdit, cmdSnapshotCurrent)
      (vshGetSnapshotParent): Likewise.
      * tools/virsh-volume.c (cmdVolCreate, cmdVolCreateFrom)
      (cmdVolInfo, cmdVolList): Likewise.
      e68ee5e7
    • D
      Add support for creating sockets & RPC servers from a pre-opened fd · 5435f17e
      Daniel P. Berrange 提交于
      In order to support systemd socket based activation, it needs to
      be possible to create virNetSocketPtr and virNetServerServicePtr
      instance from a pre-opened file descriptor
      5435f17e
    • D
      Refactor impl of the virNetServerClientNew method · 4eb6cae8
      Daniel P. Berrange 提交于
      In preparation for adding further constructors, refactor
      the virNetServerClientNew method to move most of the code
      into a common virNetServerClientNewInternal helper API.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4eb6cae8
    • D
      Refactor the way new clients are registered with the server · 42c60a78
      Daniel P. Berrange 提交于
      Currently the virNetServerDispatchNewClient both creates the
      virNetServerClientPtr instance and registers it with the
      virNetServerPtr internal state. Split the client registration
      code out into a separate virNetServerAddClient method to
      allow future reuse from other contexts
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      42c60a78
    • D
      Make Win32 stub of vshAskReedit non-static · ee7b4e55
      Daniel P. Berrange 提交于
      The main impl of vshAskReedit is non-static, so the Win32
      stub must be the same
      ee7b4e55
    • D
      Fix syntax-check failures wrt virsh · 2a336379
      Daniel P. Berrange 提交于
      * cfg.mk: Whitelist virsh.h instead of virsh.c for strcasecmp check
      * tools/virsh-domain.h, tools/virsh.h: Fix #define indentation
      2a336379
  3. 18 8月, 2012 6 次提交
    • E
      virsh: kill some double underscores · 6d96fab9
      Eric Blake 提交于
      C99 says that __foo naming is reserved for the compiler.  Besides,
      we had several different styles in use; this consolidates things
      to set up the typedefs up front then declare the types with
      consistent naming.
      
      * tools/virsh.h: Use consistent struct naming.
      * tools/virsh.c (_vshCommandParser): Likewise.
      6d96fab9
    • E
      virsh: split out virsh-domain.c · f4a7b87d
      Eric Blake 提交于
      The virsh-domain.c file was pretty self-contained; the only
      entry point was the table of command definitions.  The bulk
      of this patch is making more functions in virsh.c reusable.
      A later patch will clean up poor naming choices.
      
      * tools/Makefile.am (virsh_SOURCES): Build virsh-domain.c.
      * tools/virsh-domain.h: New file.
      * tools/virsh.h (virshReportError, vshResetLibvirtError)
      (vshAskReedit, vshStreamSink): Declare.
      * tools/virsh.c: Switch from using .c to .h.
      (virshReportError, vshResetLibvirtError, vshAskReedit)
      (vshStreamSink, prettyCapacity): Export.
      (vshCatchInt): Move...
      * tools/virsh-domain.c: ...into sole user.  Use header.
      f4a7b87d
    • E
      virsh: split out virsh.h · c2e494cc
      Eric Blake 提交于
      Having one .c file include another does not give any compilation
      benefits; move towards modular .o files by first splitting out
      reused declarations into a new virsh.h.  This patch doesn't try
      very hard to see which functions are used or not, to make it
      easier to review the file split.  Future patches can further trim
      the header to be smaller.
      
      * tools/Makefile.am (virsh_SOURCES): List new file, and prepare
      for others.
      * tools/virsh.c: Split declarations...
      * tools/virsh.h: ...into new file, and make several functions
      non-static.
      * tools/virsh-domain-monitor.c (vshGetDomainDescription): Make
      non-static.
      c2e494cc
    • E
      virsh: move vshWatchJob earlier · 8e8809e1
      Eric Blake 提交于
      It's easier to order things in topological order than it is to
      forward declare in one file for use only by one other file.
      
      * tools/virsh.c (vshWatchJob, parseRateStr)
      (vshDomainStateToString, vshDomainStateReasonToString)
      (vshDomainControlStateToString, vshDomainVcpuStateToString): Drop
      useless prototypes.
      * tools/virsh-domain.c (vshWatchJob): Move earlier.
      8e8809e1
    • S
      qemu: support netdevs from <forward mode='hostdev'> networks · 1610b71a
      Shradha Shah 提交于
      For network devices allocated from a network with <forward
      mode='hostdev'>, there is a need to add the newly minted hostdev to
      the hostdevs array.
      
      In this case we also need to call qemuPrepareHostDevices just for this
      one device, as the standard call to initialize all the hostdevs that
      were defined directly in the domain's configuration has already been
      made by the time we allocate a device from a libvirt network, and thus
      have something that needs initializing.
      Signed-off-by: NShradha Shah <sshah@solarflare.com>
      1610b71a
    • S
      network: support <forward mode='hostdev'> in network driver · a818f8cf
      Shradha Shah 提交于
      This patch updates the network driver to properly utilize the new
      attributes/elements that are now in virNetworkDef
      Signed-off-by: NShradha Shah <sshah@solarflare.com>
      Signed-off-by: NLaine Stump <laine@laine.org>
      a818f8cf