- 11 1月, 2011 4 次提交
-
-
由 Eric Blake 提交于
* src/util/network.c (virSocketAddrMask): Zero out port, so that iptables can initialize just the netmask then call virSocketFormatAddr without an uninitialized read in getnameinfo.
-
由 Cole Robinson 提交于
After the remote driver runs an event callback, it unconditionally disables the loop timer, thinking it just flushed every queued event. This doesn't work correctly though if an event is queued while a callback is running. The events actually aren't being lost, it's just that the event loop didn't think there was anything that needed to be dispatched. So all those 'lost events' should actually get re-triggered if you manually kick the loop by generating a new event (like creating a new guest). The solution is to disable the dispatch timer _before_ we invoke any event callbacks. Events queued while a callback is running will properly reenable the timer. More info at https://bugzilla.redhat.com/show_bug.cgi?id=624252
-
由 Daniel P. Berrange 提交于
The current security driver usage requires horrible code like if (driver->securityDriver && driver->securityDriver->domainSetSecurityHostdevLabel && driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver, vm, hostdev) < 0) This pair of checks for NULL clutters up the code, making the driver calls 2 lines longer than they really need to be. The goal of the patchset is to change the calling convention to simply if (virSecurityManagerSetHostdevLabel(driver->securityDriver, vm, hostdev) < 0) The first check for 'driver->securityDriver' being NULL is removed by introducing a 'no op' security driver that will always be present if no real driver is enabled. This guarentees driver->securityDriver != NULL. The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel' being non-NULL is hidden in a new abstraction called virSecurityManager. This separates the driver callbacks, from main internal API. The addition of a virSecurityManager object, that is separate from the virSecurityDriver struct also allows for security drivers to carry state / configuration information directly. Thus the DAC/Stack drivers from src/qemu which used to pull config from 'struct qemud_driver' can now be moved into the 'src/security' directory and store their config directly. * src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to use new virSecurityManager APIs * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_dac.h src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h: Move into src/security directory * src/security/security_stack.c, src/security/security_stack.h, src/security/security_dac.c, src/security/security_dac.h: Generic versions of previous QEMU specific drivers * src/security/security_apparmor.c, src/security/security_apparmor.h, src/security/security_driver.c, src/security/security_driver.h, src/security/security_selinux.c, src/security/security_selinux.h: Update to take virSecurityManagerPtr object as the first param in all callbacks * src/security/security_nop.c, src/security/security_nop.h: Stub implementation of all security driver APIs. * src/security/security_manager.h, src/security/security_manager.c: New internal API for invoking security drivers * src/libvirt.c: Add missing debug for security APIs
-
由 Osier Yang 提交于
If invalid type is specified, e.g. <serial type='foo'> <target port='0'/> </serial> We replace 'foo' with "null" type implicitly, without reporting an error message to tell the user, and "start" or "edit" the domain will be success. It's not good to guess what the user wants, This patch is to fix the problem. * src/conf/domain_conf.c
-
- 08 1月, 2011 1 次提交
-
-
由 Matthias Bolte 提交于
This simplifies the callers of esxVI_LookupObjectContentByType.
-
- 07 1月, 2011 4 次提交
-
-
由 Matthias Bolte 提交于
-
由 Matthias Bolte 提交于
Update test suite accordingly.
-
由 Matthias Bolte 提交于
VirtualBox uses megabyte, libvirt uses kilobyte.
-
由 Osier Yang 提交于
Add VM name/UUID in log for domain related APIs. Format: "dom=%p, (VM: name=%s, uuid=%s), param0=%s, param1=%s *src/libvirt.c (introduce two macros: VIR_DOMAIN_DEBUG, and VIR_DOMAIN_DEBUG0)
-
- 06 1月, 2011 5 次提交
-
-
由 Kay Schubert 提交于
I added a host definition to a network definition: <network> <name>Lokal</name> <uuid>2074f379-b82c-423f-9ada-305d8088daaa</uuid> <bridge name='virbr1' stp='on' delay='0' /> <ip address='192.168.180.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.180.128' end='192.168.180.254' /> <host mac='23:74:00:03:42:02' name='somevm' ip='192.168.180.10' /> </dhcp> </ip> </network> But due to the wrong if-statement the argument --dhcp-hostsfile doesn't get added to the dnsmasq command. The patch below fixes it for me.
-
由 Jiri Denemark 提交于
The warning is bogus since strtok_r doesn't use the value when it's first called and initializes it for the following calls.
-
由 Laine Stump 提交于
When dynamic_ownership=0, saved images must be owned by the same uid as is used to run the qemu process, otherwise restore won't work. To accomplish this, qemuSecurityDACRestoreSavedStateLabel() needs to simply return when it's called. This fix is in response to: https://bugzilla.redhat.com/show_bug.cgi?id=661720
-
由 Laine Stump 提交于
Although the upper-layer code protected against it, it was possible to call iptablesForwardMasquerade() with an IPv6 address and have it attempt to add a rule to the MASQUERADE chain of ip6tables (which doesn't exist). This patch changes that function to check the protocol of the given address, generate an error log if it's not IPv4 (AF_INET), and finally hardcodes all the family parameters sent down to lower-level functions.
-
由 Laine Stump 提交于
This is partially in response to https://bugzilla.redhat.com/show_bug.cgi?id=653300 The crash in that report was coincidentally fixed when we switched from using inet_pton() to using virSocketParseAddr(), but the absence of an ip address in a dhcp static host definition was still silently ignored (and that entry discarded from the saved XML). This patch turns that into a logged failure; likewise if the entry has neither a mac address nor a name attribute (the entry is useless without at least one of those, plus an ip address). Since the network name is now pulled into this function in order for those error logs to be more informative, the other error messages in the function have also been changed to take advantage.
-
- 05 1月, 2011 1 次提交
-
-
由 Stefan Berger 提交于
While doing some testing with Qemu and creating huge logfiles I encountered the case where the VM could not start anymore due to the lseek() to the end of the Qemu VM's log file failing. The patch below fixes the problem by replacing the previously used 'int' with 'off_t'. To reproduce this error, you could do the following: dd if=/dev/zero of=/var/log/libvirt/qemu/<name of VM>.log bs=1024 count=$((1024*2048)) and you should get an error like this: error: Failed to start domain <name of VM> error: Unable to seek to -2147482651 in /var/log/libvirt/qemu/<name of VM>.log: Success
-
- 04 1月, 2011 3 次提交
-
-
由 Eric Blake 提交于
Detected on cygwin: util/util.c: In function 'virSetUIDGID': util/util.c:2824: warning: format '%d' expects type 'int', but argument 7 has type 'gid_t' [-Wformat] (and three other lines) * src/util/util.c (virSetUIDGID): Cast, as is done elsewhere in this file, to avoid printf type mismatch warnings.
-
由 Hu Tao 提交于
Don't require non-null jobdata to virThreadPoolSendJob().
-
由 Chris Wright 提交于
The udev driver does not update a PCI device with its SR-IOV capabilities, when applicable, the way the hal driver does. As a result, dumping the device's XML will not include the relevant physical or virtual function information. With this patch, the XML is correct: # virsh nodedev-dumpxml pci_0000_09_00_0 <device> <name>pci_0000_09_00_0</name> <parent>pci_0000_00_1c_0</parent> <driver> <name>vxge</name> </driver> <capability type='pci'> <domain>0</domain> <bus>9</bus> <slot>0</slot> <function>0</function> <product id='0x5833'>X3100 Series 10 Gigabit Ethernet PCIe</product> <vendor id='0x17d5'>Neterion Inc.</vendor> <capability type='virt_functions'> <address domain='0x0000' bus='0x0a' slot='0x00' function='0x1'/> <address domain='0x0000' bus='0x0a' slot='0x00' function='0x2'/> <address domain='0x0000' bus='0x0a' slot='0x00' function='0x3'/> </capability> </capability> </device> # virsh nodedev-dumpxml pci_0000_0a_00_1 <device> <name>pci_0000_0a_00_1</name> <parent>pci_0000_00_1c_0</parent> <driver> <name>vxge</name> </driver> <capability type='pci'> <domain>0</domain> <bus>10</bus> <slot>0</slot> <function>1</function> <product id='0x5833'>X3100 Series 10 Gigabit Ethernet PCIe</product> <vendor id='0x17d5'>Neterion Inc.</vendor> <capability type='phys_function'> <address domain='0x0000' bus='0x09' slot='0x00' function='0x0'/> </capability> </capability> </device> Cc: Dave Allan <dallan@redhat.com> Signed-off-by: NChris Wright <chrisw@redhat.com>
-
- 01 1月, 2011 4 次提交
-
-
由 Eric Blake 提交于
As pointed out in https://bugzilla.redhat.com/show_bug.cgi?id=659855#c9, commit c3568ec2 introduced a regression where we no longer close any fd's beyond FD_SETSIZE. * src/util/util.c (__virExec): Continue to close fd's beyond keepfd range. Reported by Stefan Praszalowicz.
-
由 Laine Stump 提交于
The original version of these functions would modify the address sent in, meaning that the caller would usually need to copy the address first. This change makes the original a const, and puts the resulting masked address into a new arg (which could point to the same virSocketAddr as the original, if the caller really wants to modify it). This also makes the API consistent with virSocketAddrBroadcast[ByPrefix].
-
由 Laine Stump 提交于
Previously we used ioctl() to set the IP address and netmask of the bridges used for virtual networks, and apparently the SIOCSIFNETMASK ioctl implicitly set the broadcast address for the interface. The new method of using the "ip" command requires broadcast address to be explicitly specified though.
-
由 Laine Stump 提交于
These functions work only for IPv4, becasue IPv6 doesn't have the same concept of "broadcast address" as IPv4. They merely OR the inverse of the netmask with the given host address, thus turning on all the host bits.
-
- 30 12月, 2010 1 次提交
-
-
由 Matthias Bolte 提交于
Also include some whitespace changes. No functional change included.
-
- 28 12月, 2010 3 次提交
-
-
由 Matthias Bolte 提交于
Add vboxArrayGetWithUintArg to handle new signature variations. Also refactor vboxArrayGet* implementation to use a common helper function. Deal with the incompatible changes in the VirtualBox 4.0 API. This includes major changes in virtual machine and storage medium lookup, in RDP server property handling, in session/lock handling and other minor areas. VirtualBox 4.0 also dropped the old event API and replaced it with a completely new one. This is not fixed yet and will be addressed in another patch. Therefore, currently the domain events are supported for VirtualBox 3.x only. Based on initial work from Jean-Baptiste Rouault.
-
由 Matthias Bolte 提交于
VIR_ERR_INVALID_DOMAIN is meant for invalid domain pointers. VIR_ERR_NO_DOMAIN is meant for non-existing domains.
-
由 Matthias Bolte 提交于
On Windows IID's are represented as GUID by value, instead of nsID by reference on non-Windows platforms. Patch the vbox_CAPI_v2_2.h header to deal with this difference. Rewrite vboxIID abstraction that deals with the different IID representations. Add support for the GUID representation. Also unify the four context dependent free functions for vboxIIDs vboxIIDUnalloc, vboxIIDFree, vboxIIDUtf8Free, vboxIIDUtf16Free into vboxIIDUnalloc that is now safe to be called (even multiple times) on a vboxIID independent of the source and context of the vboxIID. The new vboxIID is designed to be used as a stack allocated variable. It has a value member that represents the actual IID value.
-
- 24 12月, 2010 14 次提交
-
-
由 Eric Blake 提交于
* src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_MIGRATE_QEMU_FD): New enum value. * src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Populate flags according to qemu version. * tests/qemuhelptest.c (mymain): Adjust test.
-
由 Jiri Denemark 提交于
-
由 Laine Stump 提交于
This patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=664406 If qemu is run as a different uid, it has been unable to access mode 0660 files that are owned by a different user, but with a group that the qemu is a member of (aside from the one group listed in the passwd file), because initgroups() is not being called prior to the exec. initgroups will change the group membership of the process (and its children) to match the new uid. To make this happen, the setregid()/setreuid() code in qemuSecurityDACSetProcessLabel has been replaced with a call to virSetUIDGID(), which does both of those, plus calls initgroups. Similar, but not identical, code in qemudOpenAsUID() has been replaced with virSetUIDGID(). This not only consolidates the functionality to a single location, but also potentially fixes some as-yet unreported bugs.
-
由 Laine Stump 提交于
virSetUIDGID() sets both the real and effective group and user of the process, and additionally calls initgroups() to assure that the process joins all the auxiliary groups that the given uid is a member of.
-
由 Laine Stump 提交于
There are cases when we want log an error message, and possibly free some memory as part of the cleanup, while still preserving errno for a caller, but the functions that log errors, and virFree (VIR_FREE) make system calls that will clear errno. This patch preserves errno during those most basic functions (corresponding to virReportSystemError(), virReportOOMError(), networkReportError(), etc, as well as virStrError()). It does *not preserve errno across calls to higher level items such as virDispatchError(), as it's assumed the caller is all finished with any need for errno by the time it dispatches the error.
-
由 Laine Stump 提交于
Running an instance of the router advertisement daemon (radvd) allows guests using the virtual network to automatically acquire an IPv6 address and default route. Note that acquiring an address only works for networks with a prefix length of exactly 64 - radvd is still run in other circumstances, and still advertises routes, but autoconf will not work because it requires exactly 64 bits of address info from the network prefix. This patch avoids a race condition with the pidfile by manually daemonizing radvd rather than allowing it to daemonize itself, then creating our own pidfile (in addition to radvd's own file, which is unnecessary, but there is no way to tell radvd to not create it). This is accomplished by exec'ing it with "--debug 1" in the commandline, and using virCommand's features to fork, create a pidfile, and detach from the newly forked process.
-
由 Laine Stump 提交于
At this point everything is already in place to make IPv6 happen, we just need to add a few rules, remove some checks for IPv4-only, and document the changes to the XML on the website.
-
由 Laine Stump 提交于
All of the iptables functions eventually call down to a single bottom-level function, and fortunately, ip6tables syntax (for all the args that we use) is identical to iptables format (except the addresses), so all we need to do is: 1) Get an address family down to the lowest level function in each case, either implied through an address, or explicitly when no address is in the parameter list, and 2) At the lowest level, just decide whether to call "iptables" or "ip6tables" based on the family. The location of the ip6tables binary is determined at build time by autoconf. If a particular target system happens to not have ip6tables installed, any attempts to run it will generate an error, but that won't happen unless someone tries to define an IPv6 address for a network. This is identical behavior to IPv4 addresses and iptables.
-
由 Laine Stump 提交于
This patch reorganizes the code in bridge_driver.c to account for the concept of a single network with multiple IP addresses, without adding in the extra variable of IPv6. A small bit of code has been temporarily added that checks all given addresses to verify they are IPv4 - this will be removed when full IPv6 support is turned on.
-
由 Laine Stump 提交于
This commit adds support for IPv6 parsing and formatting to the virtual network XML parser, including moving around data definitions to allow for multiple <ip> elements on a single network, but only changes the consumers of this API to accommodate for the changes in API/structure, not to add any actual IPv6 functionality. That will come in a later patch - this patch attempts to maintain the same final functionality in both drivers that use the network XML parser - vbox and "bridge" (the Linux bridge-based driver used by the qemu hypervisor driver). * src/libvirt_private.syms: Add new private API functions. * src/conf/network_conf.[ch]: Change C data structure and parsing/formatting. * src/network/bridge_driver.c: Update to use new parser/formatter. * src/vbox/vbox_tmpl.c: update to use new parser/formatter * docs/schemas/network.rng: changes to the schema - * there can now be more than one <ip> element. * ip address is now an ip-addr (ipv4 or ipv6) rather than ipv4-addr * new optional "prefix" attribute that can be used in place of "netmask" * new optional "family" attribute - "ipv4" or "ipv6" (will default to ipv4) * define data types for the above * tests/networkxml2xml(in|out)/nat-network.xml: add multiple <ip> elements (including IPv6) to a single network definition to verify they are being correctly parsed and formatted.
-
由 Laine Stump 提交于
brSetInetAddress can only set a single IP address on the bridge, and uses a method (ioctl(SIOCSETIFADDR)) that only works for IPv4. Replace it and brSetInetNetmask with a single function that uses the external "ip addr add" command to add an address/prefix to the interface - this supports IPv6, and allows adding multiple addresses to the interface. Although it isn't currently used in the code, we also add a brDelInetAddress for completeness' sake. Also, while we're modifying bridge.c, we change brSetForwardDelay and brSetEnableSTP to use the new virCommand API rather than the deprecated virRun, and also log an error message in bridge_driver.c if either of those fail (previously the failure would be completely silent).
-
由 Laine Stump 提交于
When a netmask isn't specified for an IPv4 address, one can be implied based on what network class range the address is in. The virNetworkDefPrefix function does this for us, so netmask isn't required.
-
由 Laine Stump 提交于
IPv6 will use prefix exclusively, and IPv4 will also optionally be able to use it, and the iptables functions really need a prefix anyway, so use the new virNetworkDefPrefix() function to send prefixes into iptables functions instead of netmasks. Also, in a couple places where a netmask is actually needed, use the new private API function for it rather than getting it directly. This will allow for cases where no netmask or prefix is specified (it returns the default for the current class of network.)
-
由 Laine Stump 提交于
Some functions in this file were returning 1 on success and 0 on failure, and others were returning 0 on success and -1 on failure. Switch them all to return the libvirt-preferred 0/-1.
-