This patch updates libvirt's API to allow applications to inspect the
full list of security labels of a domain.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

This patch updates the key "security_driver" in QEMU config to suport
both a sigle default driver or a list of default drivers. This ensures
that it will remain compatible with older versions of the config file.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

These changes make the security drivers able to find and handle the
correct security label information when more than one label is
available. They also update the DAC driver to be used as an usual
security driver.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

This patch updates the domain and capability XML parser and formatter to
support more than one "seclabel" element for each domain and device. The
RNG schema and the tests related to this are also updated by this patch.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

This patch updates the structures that store information about each
domain and each hypervisor to support multiple security labels and
drivers. It also updates all the remaining code to use the new fields.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

This is a fix for the object label generation. It uses a new flag for
virSecuritySELinuxGenNewContext that specifies whether the context is
for an object. If so the context role remains unchanged.
Without this fix it is not possible to start domains with image file or
block device backed storage when selinux is enabled.
Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

The previous commit now trips up 'make syntax-check' due to a useless
use of <signal.h>.

* tools/virsh.c (includes): Drop useless includes.

Nothing in the testsuite or examples directory should be translated,
as it is not part of the normally installed binary.  We already
meet this rule, but enforcing it will make it easier to remember.

Suggested by Daniel P. Berrange.

* cfg.mk (sc_prohibit_useless_translation): Enhance rule.

On Win32 SA_SIGINFO is not defined, so virsh.c stub'd it out
to 0, but recent changes moved the usage out of virsh.c and
into virsh-domain.c

Convert the exported items in virsh.h to use a common 'vsh' prefix.

* tools/virsh.h (VIRSH_MAX_XML_FILE): Rename...
(VSH_MAX_XML_FILE): ...and parenthesize.
(DIFF_MSEC, CTRL_CLOSE_BRACKET): Delete.
(vshUsage, vshInit, vshDeinit, vshParseArgv): Remove prototype.
(editWriteToTempFile, editFile, editReadBackFile, prettyCapacity)
(virshReportError): Rename...
(vshEditWriteToTempFile, vshEditFile, vshEditReadBackFile)
(vshPrettyCapacity, vshReportError): ...into vsh namespace.
(jobWatchTimeoutFunc): Move to virsh-domain.c.
* tools/virsh.c (vshCommandRun): Inline former DIFF_MSEC.
(main): Inline former CTRL_CLOSE_BRACKET.
(vshUsage, vshInit, vshDeinit, vshParseArgv): Make static.
(prettyCapacity, virshReportError, editWriteToTempFile, editFile):
Fix naming, and adjust usage.
(vshAskReedit, vshCommandRun, vshEventLoop, vshInit): Adjust
usage.
* tools/virsh-domain.c (cmdAttachDevice, cmdCPUCompare)
(cmdCPUBaseline, cmdCreate, cmdDefine, cmdDetachDevice)
(cmdUpdateDevice, cmdDesc, cmdUndefine, cmdStart, cmdVcpucount)
(cmdAttachDevice, cmdDomjobinfo): Likewise.
* tools/virsh-edit.c (do): Likewise.
* tools/virsh-interface.c (cmdInterfaceDefine): Likewise.
* tools/virsh-network.c (cmdNetworkCreate, cmdNetworkDefine):
Likewise.
* tools/virsh-nodedev.c (cmdNodeDeviceCreate): Likewise.
* tools/virsh-nwfilter.c (cmdNWFilterDefine): Likewise.
* tools/virsh-pool.c (cmdPoolCreate, cmdPoolDefine)
(cmdPoolDiscoverSources, cmdPoolList): Likewise.
* tools/virsh-secret.c (cmdSecretDefine): Likewise.
* tools/virsh-snapshot.c (cmdSnapshotCreate, vshSnapshotCreate)
(vshLookupSnapshot, cmdSnapshotEdit, cmdSnapshotCurrent)
(vshGetSnapshotParent): Likewise.
* tools/virsh-volume.c (cmdVolCreate, cmdVolCreateFrom)
(cmdVolInfo, cmdVolList): Likewise.

In order to support systemd socket based activation, it needs to
be possible to create virNetSocketPtr and virNetServerServicePtr
instance from a pre-opened file descriptor

In preparation for adding further constructors, refactor
the virNetServerClientNew method to move most of the code
into a common virNetServerClientNewInternal helper API.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Currently the virNetServerDispatchNewClient both creates the
virNetServerClientPtr instance and registers it with the
virNetServerPtr internal state. Split the client registration
code out into a separate virNetServerAddClient method to
allow future reuse from other contexts
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The main impl of vshAskReedit is non-static, so the Win32
stub must be the same

* cfg.mk: Whitelist virsh.h instead of virsh.c for strcasecmp check
* tools/virsh-domain.h, tools/virsh.h: Fix #define indentation

C99 says that __foo naming is reserved for the compiler.  Besides,
we had several different styles in use; this consolidates things
to set up the typedefs up front then declare the types with
consistent naming.

* tools/virsh.h: Use consistent struct naming.
* tools/virsh.c (_vshCommandParser): Likewise.

The virsh-domain.c file was pretty self-contained; the only
entry point was the table of command definitions.  The bulk
of this patch is making more functions in virsh.c reusable.
A later patch will clean up poor naming choices.

* tools/Makefile.am (virsh_SOURCES): Build virsh-domain.c.
* tools/virsh-domain.h: New file.
* tools/virsh.h (virshReportError, vshResetLibvirtError)
(vshAskReedit, vshStreamSink): Declare.
* tools/virsh.c: Switch from using .c to .h.
(virshReportError, vshResetLibvirtError, vshAskReedit)
(vshStreamSink, prettyCapacity): Export.
(vshCatchInt): Move...
* tools/virsh-domain.c: ...into sole user.  Use header.

Having one .c file include another does not give any compilation
benefits; move towards modular .o files by first splitting out
reused declarations into a new virsh.h.  This patch doesn't try
very hard to see which functions are used or not, to make it
easier to review the file split.  Future patches can further trim
the header to be smaller.

* tools/Makefile.am (virsh_SOURCES): List new file, and prepare
for others.
* tools/virsh.c: Split declarations...
* tools/virsh.h: ...into new file, and make several functions
non-static.
* tools/virsh-domain-monitor.c (vshGetDomainDescription): Make
non-static.

It's easier to order things in topological order than it is to
forward declare in one file for use only by one other file.

* tools/virsh.c (vshWatchJob, parseRateStr)
(vshDomainStateToString, vshDomainStateReasonToString)
(vshDomainControlStateToString, vshDomainVcpuStateToString): Drop
useless prototypes.
* tools/virsh-domain.c (vshWatchJob): Move earlier.

For network devices allocated from a network with <forward
mode='hostdev'>, there is a need to add the newly minted hostdev to
the hostdevs array.

In this case we also need to call qemuPrepareHostDevices just for this
one device, as the standard call to initialize all the hostdevs that
were defined directly in the domain's configuration has already been
made by the time we allocate a device from a libvirt network, and thus
have something that needs initializing.
Signed-off-by: NShradha Shah <sshah@solarflare.com>

This patch updates the network driver to properly utilize the new
attributes/elements that are now in virNetworkDef
Signed-off-by: NShradha Shah <sshah@solarflare.com>
Signed-off-by: NLaine Stump <laine@laine.org>

This function is needed by the network driver in a later commit.
It is useful in functions like networkNotifyActualDevice and
networkReleaseActualDevice

The network pool should be able to keep track of both network device
names and PCI addresses, and return the appropriate one in the
actualDevice when networkAllocateActualDevice is called.
Signed-off-by: NShradha Shah <sshah@solarflare.com>

This patch introduces the new forward mode='hostdev' along with
attribute managed. Includes updates to the network RNG and new xml
parser/formatter code.
Signed-off-by: NShradha Shah <sshah@solarflare.com>

Existing code that creates a list of forwardIfs from a single PF
was moved to the new utility function networkCreateInterfacePool.
No functional change.
Signed-off-by: NShradha Shah <sshah@solarflare.com>

Move the functions the parse/format, and validate PCI addresses to
their own file so they can be conveniently used in other places
besides device_conf.c

Refactoring existing code without causing any functional changes to
prepare for new code.

This patch makes the code reusable.
Signed-off-by: NShradha Shah <sshah@solarflare.com>

Also make sure documentation in libvirtd.conf matches the one from
logging.html.

Change device type of a virtio channel from/to spicevmc is not a user
visible change. However, spicevmc channels use different default target
name than other virtio channels. To maintain ABI stability during this
change target name must be explicitly specified (and equal) in both
configurations.

Add the ability to support VLAN tags for Open vSwitch virtual port
types. To accomplish this, modify virNetDevOpenvswitchAddPort and
virNetDevTapCreateInBridgePort to take a virNetDevVlanPtr
argument. When adding the port to the OVS bridge, setup either a
single VLAN or a trunk port based on the configuration from the
virNetDevVlanPtr.
Signed-off-by: NKyle Mestery <kmestery@cisco.com>

Substitute 2 spaces with 4 spaces instead.

Setting hard_limit larger than previous swap_hard_limit must fail,
it's not that good if one wants to change the swap_hard_limit
and hard_limit together. E.g.

% virsh memtune rhel6
hard_limit     : 1000000
soft_limit     : 1000000
swap_hard_limit: 1000000

% virsh memtune rhel6 --hard-limit 1000020 --soft-limit 1000020 \
--swap-hard-limit 1000020 --live

This patch reorder the limits setting to set the swap_hard_limit
first, hard_limit then, and soft_limit last if it's greater than
current swap_hard_limit. And soft_limit first, hard_limit then,
swap_hard_limit last, if not.

'make distcheck' was failing because a syntax check file,
.sc-start-sc_vulnerable_makefile_CVE-2012-3386, got left
behind.  I traced it to the 'distdir' rule depending on a
shortcut syntax-check name rather than the full rule name
normally used during 'local-check' from maint.mk.

* cfg.mk (distdir): Depend on full rule, not shorthand name.

'make distcheck' fails because the generated ESX and HyperV files
are (intentionally) marked read-only, but since the stamp file was
missing, make assumes they need to be rebuilt.  Shipping the stamp
file solves the problem.

* src/Makefile.am (EXTRA_DIST): Ship stamp files.

The underlying function to set the vlan tag of an SR-IOV network
device was already in place (although an extra patch to save/restore
the original vlan tag was needed), and recent patches added the
ability to configure a vlan tag. This patch just ties those two
together.

An SR-IOV device doesn't support vlan trunking, so if anyone tries to
configure more than a single tag, or set the trunk flag, and error is
logged.

When a network device that is a VF of an SR-IOV card was assigned to a
guest using <interface type='hostdev'>, only the MAC address was being
saved/restored, but the VLAN tag was left untouched. Up to now we
haven't actually used vlan tags on SR-IOV devices, so the guest would
have used whatever was set, and left it the same at the end.

The patch following this one will hook up the <vlan> element from the
interface config, so save/restore of the device state needs to also
include the vlan tag.

MAC address is being saved as a simple ASCII string in a file named
for the device under /var/run.  The VLAN tag is now just added at the
end of that file, after a newline. It might be nicer if the file was
XML (in case it ever gets more complicated) but at the moment there's
nothing else on the horizon, and this makes backward compatibility
easier.

The parameter value for cpuset could be in special format like
"0-10,^7", which is not recognized by cgroup. This patch is to
ensure the cpuset is formatted as expected before passing it to
cgroup. As a side effect, after the patch, it parses the cpuset
early before cgroup setting, to avoid the rollback if cpuset
parsing fails afterwards.

The '#endif' for a WIN32 conditional was placed one function
too high, leaving the impl of the console command enabled
and referencing functions that were disabled

Previous commit:

  commit 9093ab77
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed Jul 18 17:03:17 2012 +0100

    Add lots of internal symbols to libvirt_private.syms

mistakenly put some conditional SASL symbols in libvirt_private.syms
instead of libvirt_sasl.syms

A previous patch (c606671a) pulled in a newer version of
stat-time.h from gnulib, which causes some warnings in older gcc:

  CC     libvirt_driver_storage_la-storage_backend.lo
cc1: warnings being treated as errors
In file included from ../../src/storage/storage_backend.c:59:
../../gnulib/lib/stat-time.h:55: error: no previous prototype for 'get_stat_atime_ns' [-Wmissing-prototypes]

Upstream gnulib argues that these warnings are stupid (and I agree;
see <http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54113>), and has
used a modern gcc feature (#pragma GCC diagnostic push) to avoid the
warning.  But we still aim to compile on RHEL 6.3, with gcc 4.4.6
(not to mention even older platforms like RHEL 5), and therefore
the warning trips up our default of development with -Werror.

It took me a while to figure out how to make our set of warnings
smaller on older gcc without losing the benefit of the warnings
when using newer gcc (such as the one on Fedora 17), but this
should do the trick.

* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Avoid
warnings that gnulib can't silence on older gcc.

The network driver now looks for the vlan element in network and
portgroup objects, and logs an error at network define time if a vlan
is requested for a network type that doesn't support it. (Currently
vlan configuration is only supported for openvswitch networks, and
networks used to do hostdev assignment of SR-IOV VFs.)

At runtime, the three potential sources of vlan information are
examined in this order: interface, chosen portgroup, network, and the
first that is non-empty is used.  Another check for valid network type
is made at this time, since the interface may have requested a vlan (a
legal thing to have in the interface config, since it's not known
until runtime if the chosen network will actually support it).

Since we must also check for domains requesting vlans for unsupported
connection types even if they are type='network', and since
networkAllocateActualDevice() is being called in exactly the correct
places, and has all of the necessary information to check, I slightly
modified the logic of that function so that interfaces that aren't
type='network' don't just return immediately. Instead, they also
perform all the same validation for supported features. Because of
this, it's not necessary to make this identical check in the other
three places that would normally require it: 1) qemu domain startup,
2) qemu device hotplug, 3) lxc domain startup.

This can be seen as a first step in consolidating network-related
functionality into the network driver, rather than having copies of
the same code spread around in multiple places; this will make it
easier to split the network parts off into a separate daemon, as we've
discussed recently.