1. 21 1月, 2010 1 次提交
    • D
      Introduce a new DAC security driver for QEMU · 15f5eaa0
      Daniel P. Berrange 提交于
      This new security driver is responsible for managing UID/GID changes
      to the QEMU process, and any files/disks/devices assigned to it.
      
      * qemu/qemu_conf.h: Add flag for disabling automatic file permission
        changes
      * qemu/qemu_security_dac.h, qemu/qemu_security_dac.c: New DAC driver
        for QEMU guests
      * Makefile.am: Add new files
      15f5eaa0
  2. 14 1月, 2010 2 次提交
  3. 18 12月, 2009 2 次提交
    • J
      Adds CPU selection infrastructure · 7286882c
      Jiri Denemark 提交于
      Each driver supporting CPU selection must fill in host CPU capabilities.
      When filling them, drivers for hypervisors running on the same node as
      libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
      such as VMware, need to implement their own way of getting such data.
      Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
      
      When implementing virConnectCompareCPU(), a hypervisor driver can just
      call cpuCompareXML() function with host CPU capabilities.
      
      For each guest for which a driver supports selecting CPU models, it must
      set the appropriate feature in guest's capabilities:
      
          virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
      
      Actions needed when a domain is being created depend on whether the
      hypervisor understands raw CPU data (currently CPUID for i686, x86_64
      architectures) or symbolic names has to be used.
      
      Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
      
      - convert guest CPU configuration from domain's XML into a set of raw
        data structures each representing one of the feature policies:
      
          cpuEncode(conn, architecture, guest_cpu_config,
                    &forced_data, &required_data, &optional_data,
                    &disabled_data, &forbidden_data)
      
      - create a mask or whatever the hypervisor expects to see and pass it
        to the hypervisor
      
      Typical use by hypervisors with symbolic model names (such as QEMU):
      
      - get raw CPU data for a computed guest CPU:
      
          cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
      
      - decode raw data into virCPUDefPtr with a possible restriction on
        allowed model names:
      
          cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
      
      - pass guest->model and guest->features to the hypervisor
      
      * src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
        src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
        src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
      * configure.in: check for CPUID instruction
      * src/Makefile.am: glue the new files in
      * src/libvirt_private.syms: add new private symbols
      * po/POTFILES.in: add new cpu files containing translatable strings
      7286882c
    • D
      Fixes syntax-check with previous commit · c7c42a85
      Daniel Veillard 提交于
      * po/POTFILES.in: adds src/conf/cpu_conf.c in teh set of files with
        translatable content
      * src/conf/cpu_conf.c: remove an unused include
      c7c42a85
  4. 11 12月, 2009 1 次提交
  5. 08 12月, 2009 1 次提交
    • D
      Support for JSON mode monitor · 3a4f172f
      Daniel P. Berrange 提交于
      Initial support for the new QEMU monitor protocol  using JSON
      as the data encoding format instead of plain text
      
      * po/POTFILES.in: Add src/qemu/qemu_monitor_json.c
      * src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Hack to turn on QMP
        mode. Replace with a version number check on >= 0.12 later
      * src/qemu/qemu_monitor.c: Delegate to json monitor if enabled
      * src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
        impl of QMP protocol
      * src/Makefile.am: Add src/qemu/qemu_monitor_json.{c,h}
      3a4f172f
  6. 07 12月, 2009 1 次提交
    • D
      Introduce a simple API for handling JSON data · 9428f2ce
      Daniel P. Berrange 提交于
      This introduces simple API for handling JSON data. There is
      an internal data structure 'virJSONValuePtr' which stores a
      arbitrary nested JSON value (number, string, array, object,
      nul, etc).  There are APIs for constructing/querying objects
      and APIs for parsing/formatting string formatted JSON data.
      
      This uses the YAJL library for parsing/formatting from
      
       http://lloyd.github.com/yajl/
      
      * src/util/json.h, src/util/json.c: Data structures and APIs
        for representing JSON data, and parsing/formatting it
      * configure.in: Add check for yajl library
      * libvirt.spec.in: Add build requires for yajl
      * src/Makefile.am: Add json.c/h
      * src/libvirt_private.syms: Export JSON symbols to drivers
      9428f2ce
  7. 23 11月, 2009 1 次提交
    • D
      Pull schedular affinity code out into a separate module · 37f415da
      Daniel P. Berrange 提交于
      * src/Makefile.am: Add processinfo.h/processinfo.c
      * src/util/processinfo.c, src/util/processinfo.h: Module providing
        APIs for getting/setting process CPU affinity
      * src/qemu/qemu_driver.c: Switch over to new APIs for schedular
        affinity
      * src/libvirt_private.syms: Export virProcessInfoSetAffinity
        and virProcessInfoGetAffinity to internal drivers
      37f415da
  8. 13 11月, 2009 1 次提交
    • D
      Implement a node device backend using libudev · 3ad6dcf3
      David Allan 提交于
      * configure.in: add new --with-udev, disabled by default, and requiring
        libudev > 145
      * src/node_device/node_device_udev.c src/node_device/node_device_udev.h:
        the new node device backend
      * src/node_device/node_device_linux_sysfs.c: moved node_device_hal_linux.c
        to a better file name
      * src/conf/node_device_conf.c src/conf/node_device_conf.h: add a couple
        of fields in node device definitions, and an API to look them up,
        remove a couple of unused fields from previous patch.
      * src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
        plug the new driver
      * po/POTFILES.in src/Makefile.am src/libvirt_private.syms: add the new
        files and symbols
      * src/util/util.h src/util/util.c: add a new convenience macro
        virBuildPath and virBuildPathInternal() function
      3ad6dcf3
  9. 10 11月, 2009 1 次提交
    • D
      Move code for low level QEMU monitor interaction into separate file · ff261941
      Daniel P. Berrange 提交于
      The qemu_driver.c code should not contain any code that interacts
      with the QEMU monitor at a low level. A previous commit moved all
      the command invocations out. This change moves out the code which
      actually opens the monitor device.
      
      * src/qemu/qemu_driver.c: Remove qemudOpenMonitor & methods called
        from it.
      * src/Makefile.am: Add qemu_monitor.{c,h}
      * src/qemu/qemu_monitor.h: Add qemuMonitorOpen()
      * src/qemu/qemu_monitor.c: All code for opening the monitor
      ff261941
  10. 04 11月, 2009 1 次提交
    • G
      add MAC address based port filtering to qemu · 0aa72ac6
      Gerhard Stenzel 提交于
      * src/qemu/qemu.conf src/qemu/qemu_conf.c src/qemu/qemu_conf.h: there is
        a new config type option for mac filtering
      * src/qemu/qemu_bridge_filter.[ch]: new module for the ebtable entry points
      * src/qemu/qemu_driver.c: plug the MAC filtering at the right places
        in the domain life cycle
      * src/Makefile.am po/POTFILES.in: add the new module
      0aa72ac6
  11. 08 10月, 2009 1 次提交
    • J
      sVirt AppArmor security driver · bbaecd6a
      Jamie Strandboge 提交于
      * configure.in: look for AppArmor and devel
      * src/security/security_apparmor.[ch] src/security/security_driver.c
        src/Makefile.am: add and plug the new driver
      * src/security/virt-aa-helper.c: new binary which is used exclusively by
        the AppArmor security driver to manipulate AppArmor.
      * po/POTFILES.in: registers the new files
      * tests/Makefile.am tests/secaatest.c tests/virt-aa-helper-test:
        tests for virt-aa-helper and the security driver, secaatest.c is
        identical to seclabeltest.c except it initializes the 'apparmor'
        driver instead of 'selinux'
      bbaecd6a
  12. 30 9月, 2009 1 次提交
  13. 29 9月, 2009 2 次提交
    • D
      Handle incoming data streams in libvirtd · d790a66d
      Daniel P. Berrange 提交于
      * daemon/stream.c: Handle incoming stream data packets, queuing until
        stream becomes writable. Handle stream completion handshake
      * po/POTFILES.in: Add daemon/stream.c
      d790a66d
    • D
      Pull QEMU monitor interaction out to separate file · a541c762
      Daniel P. Berrange 提交于
      Pull out all the QEMU monitor interaction code to a separate
      file. This will make life easier when we need to drop in a
      new implementation for the forthcoming QMP machine friendly
      monitor support.
      
      Next step is to add formal APIs for each monitor command,
      and remove direct commands for sending/receiving generic
      data.
      
      * src/Makefile.am: Add qemu_monitor.c to build
      * src/qemu/qemu_driver.c: Remove code for monitor interaction
      * src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: New
        file for monitor interaction
      * po/POTFILES.in: Add src/qemu/qemu_monitor_text.c
      a541c762
  14. 21 9月, 2009 1 次提交
  15. 11 9月, 2009 2 次提交
    • M
      Local file implementation of secret driver API · 03d33860
      Miloslav Trmač 提交于
      This implementation stores the secrets in an unencrypted text file,
      for simplicity in implementation and debugging.
      
      (Symmetric encryption, e.g. using gpgme, will not be difficult to add.
      Because the TLS private key used by libvirtd is stored unencrypted,
      encrypting the secrets file does not currently provide much additional
      security.)
      
      * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
        error number.
      * po/POTFILES.in, src/Makefile.am: Add secret_driver.
      * bootstrap: Use gnulib's base64 module.
      * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
        Add local secret driver.
      * qemud/qemud.c (qemudInitialize): Use the local secret driver.
      03d33860
    • M
      Add an internal <secret> XML handling API · b9a8bef4
      Miloslav Trmač 提交于
      Add a <secret> XML handling API, separate from the local driver, to
      avoid manually generating XML in other parts of libvirt.
      
      * src/secret_conf.c, src/secret_conf.h: New files.
      * po/POTFILES.in, src/Makefile.am: Add secret_conf.
      b9a8bef4
  16. 08 9月, 2009 1 次提交
    • D
      Multipath storage support module · ee8a06f8
      Dave Allan 提交于
      * configure.in src/Makefile.am src/storage_backend.[ch]
        src/storage_conf.[ch] src/storage_backend_mpath.[ch] po/POTFILES.in:
        add a new module for storage multipath, it requires device-mapper
      ee8a06f8
  17. 02 9月, 2009 1 次提交
    • M
      Add volume encryption information handling. · 05b9b8fd
      Miloslav Trmač 提交于
      Define an <encryption> tag specifying volume encryption format and
      format-depenedent parameters (e.g. passphrase, cipher name, key
      length, key).
      
      Currently the only defined parameter is a reference to a "secret"
      (passphrase/key) managed using the virSecret* API.
      
      Only the qcow/qcow2 encryption format, and a "default" format used to
      let libvirt choose the format during volume creation, is currently
      supported.
      
      This patch does not add any users; the <encryption> tag is added in
      the following patches to both volumes (to support encrypted volume
      creation) and domains.
      
      * docs/*.html: Re-generate
      * docs/formatstorageencryption.html.in, docs/sitemap.html.in:
        Add page describing storage encryption data format
      * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
        Add RNG schema for storage encryption format
      * po/POTFILES.in: Add src/storage_encryption_conf.c
      * src/libvirt_private.syms: Export virStorageEncryption* functions
      * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
        helper APIs for dealing with storage encryption format
      * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
        RNG schema
      05b9b8fd
  18. 06 8月, 2009 1 次提交
    • A
      Tighten libvirt's parsing of logging env · 22a1ec68
      Amy Griffis 提交于
      * src/libvirt.c src/logging.c: Don't convert high priority levels to the
        debug level. Don't parse LIBVIRT_LOG_FILTERS and LIBVIRT_LOG_OUTPUTS
        when they're set to the empty string. Warn when the user specifies an
        invalid value (empty string remains a noop).
      * po/POTFILES.in: src/logging.c now include translatable strings
      22a1ec68
  19. 27 7月, 2009 1 次提交
  20. 21 7月, 2009 1 次提交
    • D
      Activate the interface drivers, and cleanups · 909d647a
      Daniel Veillard 提交于
      * src/libvirt.c: activate the interface drivers
      * po/POTFILES.in: add the netcf driver as a source of localization strings
      * src/interface_driver.c: NETCF_ENOMEM -> VIR_ERR_NO_MEMORY mapping was
        breaking syntax checking
      909d647a
  21. 16 7月, 2009 2 次提交
    • D
      Split generic RPC message dispatch code out from remote protocol API handlers · a147ef38
      Daniel P. Berrange 提交于
      * po/POTFILES.in: Add qemud/dispatch.c
      * qemud/dispatch.c, qemud/dispatch.h: Generic code handling dispatch of
        RPC messages.
      * qemud/Makefile.am: Add dispatch.c to build
      * qemud/qemud.c: Include dispatch.h
      * qemud/qemud.h: Remove remoteDispatchClientRequest, remoteRelayDomainEvent
        now in dispatch.h
      * qemud/remote.c: Remove remoteDispatchClientRequest, remoteRelayDomainEvent
        now in dispatch.c, and dispatch_args, dispatch_ret, dispatch_fn & dispatch_data
        now in remote.h
      * qemud/remote.h: Add typedefs for dispatch_args, dispatch_ret,
        dispatch_fn, dispath_data. Add remoteGetDispatchData() API
      a147ef38
    • D
      add support for netcf XML import and export · 2f5fb5e0
      Daniel Veillard 提交于
      * src/interface_conf.c src/interface_conf.h: the import and export
        routines and the internal APIs
      * src/Makefile.am: hook the new file in the makefiles
      * src/libvirt_private.syms: export a few private symbols internally
      * po/POTFILES.in: the new file contains translatable strings
      2f5fb5e0
  22. 08 7月, 2009 1 次提交
    • J
      make .gnulib a submodule · 7bb22f58
      Jim Meyering 提交于
      This makes it so we record (via a git submodule)
      a snapshot of whatever version of gnulib we're using,
      and none of gnulib sources are in the libvirt repository.
      The result is that we have as much reproducibility as when
      we version-controlled imported copies of the gnulib sources,
      but without the hassle of the manual process we used when
      syncing with upstream.
      
      Note that when you clone libvirt, you get only the libvirt
      repository, but when you first run ./bootstrap, it clones
      gnulib (at the SHA1 recorded via the submodule), creating
      the .gnulib/ hierarchy.  Then, the bootstrap script runs
      gnulib-tool to populate gnulib/ with the files that make
      up the selected modules.
      
      Put the following in your ~/.gitconfig file.
      [alias]
        syncsub = submodule foreach git pull origin master
      
      The update procedure is simple:
        git syncsub
        ...build & test...
        git commit -m 'gnulib: sync submodule to latest' .gnulib
      
      * .gitmodules: New file.
      * .gnulib: Initialize.
      * bootstrap: Set up to use the new submodule.
      Stop using --no-vc-files.
      Don't remove .gitignore files.
      Don't use or create .cvsignore.
      Diagnose an invalid --gnulib-srcdir=DIR argument.
      * build-aux/vc-list-files: Delete file, now pulled from gnulib.
      * build-aux/useless-if-before-free: Likewise.
      * po/POTFILES.in: Remove gnulib/lib/gai_strerror.c, since
      it no longer contains translatable strings.
      * gnulib/*: Remove gnulib/ hierarchy.
      7bb22f58
  23. 02 6月, 2009 1 次提交
    • D
      NPIV implementation for node device create and destroy · 81d0ffbc
      Daniel Veillard 提交于
      * src/Makefile.am src/node_device.[ch] src/node_device_conf.[ch]
        src/node_device_hal.[ch] src/node_device_hal_linux.c
        src/qemu_driver.c src/remote_internal.c src/storage_backend.c
        src/virsh.c src/xen_unified.c tests/nodedevxml2xmltest.c
        po/POTFILES.in: implementation for node device create and destroy
        in NPIV support, patch by David Allan
      Daniel
      81d0ffbc
  24. 28 5月, 2009 1 次提交
  25. 13 5月, 2009 1 次提交
  26. 22 4月, 2009 1 次提交
  27. 02 4月, 2009 1 次提交
  28. 03 3月, 2009 3 次提交
  29. 29 1月, 2009 1 次提交
    • J
      error-reporting calls using VIR_ERR_NO_MEMORY: use virReportOOMError instead · bc18a91f
      Jim Meyering 提交于
      * src/uml_conf.c (VIR_FROM_THIS): Define to VIR_FROM_UML.
      * src/xs_internal.c (VIR_FROM_THIS): Define to VIR_FROM_XEN.
      * src/xml.c (VIR_FROM_THIS): Define to VIR_FROM_XML.
      * src/stats_linux.c (VIR_FROM_THIS): Define to VIR_FROM_STATS_LINUX.
      * src/datatypes.c (VIR_FROM_THIS): Define to VIR_FROM_NONE.
      * src/lxc_conf.c (VIR_FROM_THIS): Define to VIR_FROM_LXC.
      * src/libvirt.c (VIR_FROM_THIS): Define to VIR_FROM_NONE.
      * src/node_device_conf.c (VIR_FROM_THIS): Define to VIR_FROM_NODEDEV.
      * src/openvz_conf.c (VIR_FROM_THIS): Define to VIR_FROM_OPENVZ.
      * src/openvz_driver.c (VIR_FROM_THIS): Define to VIR_FROM_OPENVZ.
      * src/conf.c (VIR_FROM_THIS): Define to VIR_FROM_CONF.
      Note: this loses config_filename:config_lineno diagnostics,
      but that's ok.
      * src/node_device.c (VIR_FROM_THIS): Define to VIR_FROM_NODEDEV.
      * src/sexpr.c (VIR_FROM_THIS): Define to VIR_FROM_SEXPR.
      * po/POTFILES.in: remove src/sexpr.c and src/lxc_conf.c
      bc18a91f
  30. 28 1月, 2009 1 次提交
  31. 27 1月, 2009 1 次提交
  32. 21 1月, 2009 1 次提交
  33. 16 1月, 2009 1 次提交