- 30 11月, 2012 2 次提交
-
-
由 Laine Stump 提交于
This new function returns true if the given address is in the range of any "private" or "local" networks as defined in RFC1918 (IPv4) or RFC3484/RFC4193 (IPv6), otherwise they return false. These ranges are: 192.168.0.0/16 172.16.0.0/16 10.0.0.0/24 FC00::/7 FEC0::/10
-
由 Laine Stump 提交于
In order to optionally take advantage of new features in dnsmasq when the host's version of dnsmasq supports them, but still be able to run on hosts that don't support the new features, we need to be able to detect the version of dnsmasq running on the host, and possibly determine from the help output what options are in this dnsmasq. This patch implements a greatly simplified version of the capabilities code we already have for qemu. A dnsmasqCaps device can be created and populated either from running a program on disk, reading a file with the concatenated output of "dnsmasq --version; dnsmasq --help", or examining a buffer in memory that contains the concatenated output of those two commands. Simple functions to retrieve capabilities flags, the version number, and the path of the binary are also included. bridge_driver.c creates a single dnsmasqCaps object at driver startup, and disposes of it at driver shutdown. Any time it must be used, the dnsmasqCapsRefresh method is called - it checks the mtime of the binary, and re-runs the checks if the binary has changed. networkxml2argvtest.c creates 2 "artificial" dnsmasqCaps objects at startup - one "restricted" (doesn't support --bind-dynamic) and one "full" (does support --bind-dynamic). Some of the test cases use one and some the other, to make sure both code pathes are tested.
-
- 17 11月, 2012 1 次提交
-
-
由 Dan Horák 提交于
QEMU in Fedora >= 18 is configured with ppc64 and s390x as architectures where KVM is enabled. https://bugzilla.redhat.com/show_bug.cgi?id=872545 (cherry picked from commit 041b1ff2)
-
- 13 11月, 2012 1 次提交
-
-
由 Jiri Denemark 提交于
When libvirt cannot find a suitable CPU model for host CPU (easily reproducible by running libvirt in a guest), it would not provide CPU topology in capabilities XML either. Even though CPU topology is known and can be queried by virNodeGetInfo. With this patch, CPU topology will always be provided in capabilities XML regardless on the presence of CPU model. (cherry picked from commit f1c70100) Conflicts: src/qemu/qemu_capabilities.c src/qemu/qemu_command.c The new code uses capabilities caching.
-
- 06 11月, 2012 1 次提交
-
-
由 Eric Blake 提交于
In Fedora 16, we quit enabling cgconfig because systemd set up default cgroups that were good enough for our use. But in F17, when we switched to systemd, we reverted and started up cgconfig again. See also the tail of this thread: https://www.redhat.com/archives/libvir-list/2012-October/msg01657.html * libvirt.spec.in (with_systemd): Rely on systemd for cgroups. (cherry picked from commit b61eadf3)
-
- 02 11月, 2012 2 次提交
-
-
由 Stefan Hajnoczi 提交于
The string comparison logic was inverted and matched the first drive that does *not* have the name we search for. Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> (cherry picked from commit 23d47b33)
-
由 Stefan Hajnoczi 提交于
The QEMU -drive id= begins with libvirt's QEMU host drive prefix ("drive-"), which is stripped off in several places two convert between host ("-drive") and guest ("-device") device names. In the case of BlkIoTune it is unnecessary to strip the QEMU host drive prefix because we operate on "info block"/"query-block" output that uses host drive names. Stripping the prefix incorrectly caused string comparisons to fail since we were comparing the guest device name against the host device name. Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> (cherry picked from commit 04ee70bf)
-
- 28 10月, 2012 29 次提交
-
-
由 Cole Robinson 提交于
-
由 Cole Robinson 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=636832 (cherry picked from commit 9a297578)
-
由 Laine Stump 提交于
Found this when building on RHEL5: parallels/parallels_storage.c: In function 'parallelsStorageOpen': parallels/parallels_storage.c:180: error: 'for' loop initial declaration used outside C99 mode (and similar error in parallels_driver.c). This was in spite of configuring with "-Wno-error". (cherry picked from commit 73ebd86d)
-
由 Philipp Hahn 提交于
Replace '%' by '&' for correct escaping of '>' in Domain specification. Signed-off-by: NPhilipp Hahn <hahn@univention.de> (cherry picked from commit 7083cdc7)
-
由 Laine Stump 提交于
This was found during testing of the fix for: https://bugzilla.redhat.com/show_bug.cgi?id=868483 networkValidate was supposed to check for the existence of multiple portgroups and report an error if this was encountered. It did, but there were two problems: 1) even though it logged an error, it still returned success, allowing the operation to continue. 2) It could exit the portgroup checking loop early (or possibly not even do it once) if a vlan tag was supplied in the base network config or one of the portgroups. This patch fixes networkValidate to return failure in addition to logging the error, and also changes it to not exit the portgroup checking loop early. The logic was a bit off in the checking for vlan anyway, and it's intertwined with fixing the early loop exit, so I fixed that as well. Now it correctly checks for combinations where a <virtualport> is specified in the base network def and <vlan> is given in a portgroup, as well as the opposite (<vlan> in base network def and <virtualport> in portgroup), and ignores the case of a disallowed vlan when using *no* portgroup if there is a default portgroup (since in that case there is no way to not use any portgroup). (cherry picked from commit d8aae15a)
-
由 Matthias Bolte 提交于
Also remove warnings for upcoming versions. There hadn't been any compatibility problems with new ESX version over the whole lifetime of the ESX driver, so I don't expect any in the future. Update documentation to mention vSphere 5.x support. (cherry picked from commit 1e7cd395)
-
由 Jim Fehlig 提交于
In commit 371ddc98, I mistakenly added the check for sysctl version 9 after setting the hypercall version to 1, which will fail with error : xenHypervisorDoV1Op:967 : Unable to issue hypervisor ioctl 3166208: Function not implemented This check should be included along with the others that use hypercall version 2. (cherry picked from commit 9785f2b6)
-
由 Cole Robinson 提交于
When restoring selinux labels after a VM is stopped, any non-standard path that doesn't have a default selinux label causes the process to stop and exit early. This isn't really an error condition IMO. Of course the selinux API could be erroring for some other reason but hopefully that's rare enough to not need explicit handling. Common example here is storing disk images in a non-standard location like under /mnt. (cherry picked from commit 767be8be)
-
由 Cole Robinson 提交于
(cherry picked from commit 2e99fa03)
-
由 Cole Robinson 提交于
virStorageVolLookupByPath is an API call that virt-manager uses quite a bit when dealing with storage. This call use BackendStablePath which has several usleep() heuristics that can be tripped up and hang virt-manager for a while. Current example: an empty mpath pool pointing to /dev/mapper makes _any_ calls to virStorageVolLookupByPath take 5 seconds. The sleep heuristics are actually only needed in certain cases when we are waiting for new storage to appear, so let's skip the timeout steps when calling from LookupByPath. (cherry picked from commit 77eff5ee)
-
由 Osier Yang 提交于
It might need some time till the LUN's stable path shows up on initiator host, and although the time window is not foreseeable, as a better than nothing fix, this patch adds timeout for the stable path discovery process. (cherry picked from commit de7f0774)
-
由 Cole Robinson 提交于
If building on a 64bit host, rename the affected tapsets to <name>-64.stp. This is similar to what the python package does in fedora. https://bugzilla.redhat.com/show_bug.cgi?id=831425 (cherry picked from commit 18d0632d)
-
由 Cole Robinson 提交于
We were just installing them in the top level html directory, which broke navigation and overwrote other pages. https://bugzilla.redhat.com/show_bug.cgi?id=837825 (cherry picked from commit 7146d416)
-
由 Osier Yang 提交于
'snaps' is used after free()'ed. (cherry picked from commit e0ad4669)
-
由 Cole Robinson 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=860004 (cherry picked from commit 2143ced7)
-
由 Cole Robinson 提交于
On F17 at least, every time libvirtd starts we get this in syslog: libvirtd: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory This comes from cyrus-sasl, and happens regardless of whether the gssapi plugin is requested, which is what actually uses /etc/libvirt/krb5.tab. While cyrus-sasl shouldn't complain, we can easily make it shut up by commenting out the keytab value by default. Also update the keytab comment to the more modern one from qemu's sasl config file. (cherry picked from commit fe772f24)
-
由 Laine Stump 提交于
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868483 virNetworkUpdate, virNetworkDefine, and virNetworkCreate all three allow network definitions to contain multiple <portgroup> elements with default='yes'. Only a single default portgroup should be allowed for each network. This patch updates networkValidate() (called by both virNetworkCreate() and virNetworkDefine()) and virNetworkDefUpdatePortGroup (called by virNetworkUpdate() to not allow multiple default portgroups. (cherry picked from commit 6f8a8b30)
-
由 Laine Stump 提交于
This fixes the problem reported in: https://bugzilla.redhat.com/show_bug.cgi?id=868389 Previously, the dnsmasq hosts file (used for static dhcp entries, and addnhosts file (used for additional dns host entries) were only created/referenced on the dnsmasq commandline if there was something to put in them at the time the network was started. Once we can update a network definition while it's active (which is now possible with virNetworkUpdate), this is no longer a valid strategy - if there were 0 dhcp static hosts (resulting in no reference to the hosts file on the commandline), then one was later added, the commandline wouldn't have linked dnsmasq up to the file, so even though we create it, dnsmasq doesn't pay any attention. The solution is to just always create these files and reference them on the dnsmasq commandline (almost always, anyway). That way dnsmasq can notice when a new entry is added at runtime (a SIGHUP is sent to dnsmasq by virNetworkUdpate whenever a host entry is added or removed) The exception to this is that the dhcp static hosts file isn't created if there are no lease ranges *and* no static hosts. This is because in this case dnsmasq won't be setup to listen for dhcp requests anyway - in that case, if the count of dhcp hosts goes from 0 to 1, dnsmasq will need to be restarted anyway (to get it listening on the dhcp port). Likewise, if the dhcp hosts count goes from 1 to 0 (and there are no dhcp ranges) we need to restart dnsmasq so that it will stop listening on port 67. These special situations are handled in the bridge driver's networkUpdate() by checking for ((bool) nranges||nhosts) both before and after the update, and triggering a dnsmasq restart if the before and after don't match. (cherry picked from commit 1cb1f9da)
-
由 Laine Stump 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=866364 pointed out a crash due to virNetworkObjAssignDef free'ing network->newDef without NULLing it afterward. A fix for this is in upstream commit b7e92024. While the NULLing of newDef was a legitimate fix, newDef should have already been empty (NULL) anyway (as indicated in the comment that was deleted by that commit). The reason that newDef had a non-NULL value (i.e. the root cause) was that networkStartNetwork() had failed after populating network->newDef, but then neglected to free/NULL newDef in the cleanup. (A bit of background here: network->newDef should contain the persistent config of a network when a network is active (and of course only when it is persisten), and NULL at all other times. There is also a network->def which should contain the persistent definition of the network when it is inactive, and the current live state at all other times. The idea is that you can make changes to network->newDef which will take effect the next time the network is restarted, but won't mess with the current state of the network (virDomainObj has a similar pair of virDomainDefs that behave in the same fashion). Personally I think there should be a network->live and network->config, and the location of the persistent config should *always* be in network->config, but that's for a later cleanup). Since I love things to be symmetric, I created a new function called virNetworkObjUnsetDefTransient(), which reverses the effects of virNetworkObjSetDefTransient(). I don't really like the name of the new function, but then I also didn't really like the name of the old one either (it's just named that way to match a similar function in the domain conf code). (cherry picked from commit 78fab277)
-
由 Cole Robinson 提交于
AUTHORS.in tracks the maintainers, as well as some folks who were previously in AUTHORS but don't have a git commit with proper attribution. Generated output is sorted alphabetically and lacks pretty spacing, so tweak AUTHORS.in to follow the same format. Additionally, drop the syntax-check rule that previously validated AUTHORS against git log. (cherry picked from commit 7b21981c) Conflicts: .mailmap AUTHORS
-
由 Eric Blake 提交于
Several people have reported that if the .gnulib submodule is dirty, then 'make' will go into an infinite loop attempting to rerun bootstrap, because that never cleans up the dirty submodule. By default, we should halt and make the user investigate, but if the user doesn't know why or care that the submodule is dirty, I also added the ability to 'make CLEAN_SUBMODULE=1' to get things going again. Also, while testing this, I noticed that when a submodule update was needed, 'make' would first run autoreconf, then bootstrap (which reruns autoreconf); adding a strategic dependency allows for less work. * .gnulib: Update to latest, for maint.mk improvements. * cfg.mk (_autogen): Also hook maint.mk, to run before autoreconf. * autogen.sh (bootstrap): Refuse to run if gnulib is dirty, unless user requests discarding gnulib changes. (cherry picked from commit c5f16220)
-
由 Guannan Ren 提交于
Relabeling tapfd right after the tap device is created. qemuPhysIfaceConnect is common function called both for static netdevs and for hotplug netdevs. (cherry picked from commit 4492ef7f)
-
由 Michal Privoznik 提交于
which frees all allocated memory but doesn't set the passed pointer to NULL. Therefore, we must do it ourselves. This is causing actual libvirtd crash: Basically, when doing 'virsh net-edit' the newDef should be dropped. And the memory is freed, indeed. However, the pointer is not set to NULL but kept instead. And the next duo of calls 'virsh net-start' and 'virsh net-destroy' starts the disaster. The latter one does the same as 'virsh destroy'; it sees that newDef is nonNULL so it replaces def with newDef (which has been freed already as said a few lines above). Therefore any subsequent call accessing def will hit the ground. (cherry picked from commit b7e92024)
-
由 Guannan Ren 提交于
(cherry picked from commit d37a3a1d)
-
由 Guannan Ren 提交于
It should relabel tapfd of virtual network of type VIR_DOMAIN_NET_TYPE_DIRECT rather than VIR_DOMAIN_NET_TYPE_NETWORK and VIR_DOMAIN_NET_TYPE_BRIDGE (commit ae368ebf introduced this bug) Caution: The context of the two hunks is identical other than indentation. Please be extremely cautious of where the patch gets applied. (cherry picked from commit 89b63f0a)
-
由 Martin Kletzander 提交于
In commit 9674f2c6, I forgot to change selabel_lookup with the other functions, so this one-liner does exactly that. (cherry picked from commit 6676c1fc)
-
由 Guannan Ren 提交于
BZ:https://bugzilla.redhat.com/show_bug.cgi?id=851981 When using macvtap, a character device gets first created by kernel with name /dev/tapN, its selinux context is: system_u:object_r:device_t:s0 Shortly, when udev gets notification when new file is created in /dev, it will then jump in and relabel this file back to the expected default context: system_u:object_r:tun_tap_device_t:s0 There is a time gap happened. Sometimes, it will have migration failed, AVC error message: type=AVC msg=audit(1349858424.233:42507): avc: denied { read write } for pid=19926 comm="qemu-kvm" path="/dev/tap33" dev=devtmpfs ino=131524 scontext=unconfined_u:system_r:svirt_t:s0:c598,c908 tcontext=system_u:object_r:device_t:s0 tclass=chr_file This patch will label the tapfd device before qemu process starts: system_u:object_r:tun_tap_device_t:MCS(MCS from seclabel->label) (cherry picked from commit ae368ebf)
-
由 Martin Kletzander 提交于
We are currently able to work only with non-translated SELinux contexts, but we are using functions that work with translated contexts throughout the code. This patch swaps all SELinux context translation relative calls with their raw sisters to avoid parsing problems. The problems can be experienced with mcstrans for example. The difference is that if you have translations enabled (yum install mcstrans; service mcstrans start), fgetfilecon_raw() will get you something like 'system_u:object_r:virt_image_t:s0', whereas fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow' that we cannot parse. I was trying to confirm that the _raw variants were here since the dawn of time, but the only thing I see now is that it was imported together in the upstream repo [1] from svn, so before 2008. Thanks Laurent Bigonville for finding this out. [1] http://oss.tresys.com/git/selinux.git (cherry picked from commit 9674f2c6)
-
- 24 10月, 2012 1 次提交
-
-
由 Benjamin Cama 提交于
I hit this problem recently when trying to create a bridge with an IPv6 address on a 3.2 kernel: dnsmasq (and, further, radvd) would not bind to the given address, waiting 20s and then giving up with -EADDRNOTAVAIL (resp. exiting immediately with "error parsing or activating the config file", without libvirt noticing it, BTW). This can be reproduced with (I think) any kernel >= 2.6.39 and the following XML (to be used with "virsh net-create"): <network> <name>test-bridge</name> <bridge name='testbr0' /> <ip family='ipv6' address='fd00::1' prefix='64'> </ip> </network> (it happens even when you have an IPv4, too) The problem is that since commit [1] (which, ironically, was made to “help IPv6 autoconfiguration”) the linux bridge code makes bridges behave like “real” devices regarding carrier detection. This makes the bridges created by libvirt, which are started without any up devices, stay with the NO-CARRIER flag set, and thus prevents DAD (Duplicate address detection) from happening, thus letting the IPv6 address flagged as “tentative”. Such addresses cannot be bound to (see RFC 2462), so dnsmasq fails binding to it (for radvd, it detects that "interface XXX is not RUNNING", thus that "interface XXX does not exist, ignoring the interface" (sic)). It seems that this behavior was enhanced somehow with commit [2] by avoiding setting NO-CARRIER on empty bridges, but I couldn't reproduce this behavior on my kernel. Anyway, with the “dummy tap to set MAC address” trick, this wouldn't work. To fix this, the idea is to get the bridge's attached device to be up so that DAD can happen (deactivating DAD altogether is not a good idea, I think). Currently, libvirt creates a dummy TAP device to set the MAC address of the bridge, keeping it down. But even if we set this device up, it is not RUNNING as soon as the tap file descriptor attached to it is closed, thus still preventing DAD. So, we must modify the API a bit, so that we can get the fd, keep the tap device persistent, run the daemons, and close it after DAD has taken place. After that, the bridge will be flagged NO-CARRIER again, but the daemons will be running, even if not happy about the device's state (but we don't really care about the bridge's daemons doing anything when no up interface is connected to it). Other solutions that I envisioned were: * Keeping the *-nic interface up: this would waste an fd for each bridge during all its life. May be acceptable, I don't really know. * Stop using the dummy tap trick, and set the MAC address directly on the bridge: it is possible since quite some time it seems, even if then there is the problem of the bridge not being RUNNING when empty, contrary to what [2] says, so this will need fixing (and this fix only happened in 3.1, so it wouldn't work for 2.6.39) * Using the --interface option of dnsmasq, but I saw somewhere that it's not used by libvirt for backward compatibility. I am not sure this would solve this problem, though, as I don't know how dnsmasq binds itself to it with this option. This is why this patch does what's described earlier. This patch also makes radvd start even if the interface is “missing” (i.e. it is not RUNNING), as it daemonizes before binding to it, and thus sometimes does it after the interface has been brought down by us (by closing the tap fd), and then originally stops. This also makes it stop yelling about it in the logs when the interface is down at a later time. [1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=1faa4356a3bd89ea11fb92752d897cff3a20ec0e [2] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=b64b73d7d0c480f75684519c6134e79d50c1b341 (cherry picked from commit db488c79)
-
- 19 10月, 2012 3 次提交
-
-
由 Jiri Denemark 提交于
When p2p migration fails early because qemuMigrationIsAllowed or qemuMigrationIsSafe say migration should be cancelled, we fail to clear the migration-out async job. As a result of that, further APIs called for the same domain may fail with Timed out during operation: cannot acquire state change lock. Reported by Guido Winkelmann. (cherry picked from commit 837993d8)
-
由 Cole Robinson 提交于
On F17 at least, this command fails: $ sudo /usr/sbin/lvcreate --name sparsetest -L 0K --virtualsize 16384K vgvirt Unable to create new logical volume with no extents Which is unfortunate since allocation=0 is what virt-manager tries to use by default. Rather than telling the user 'don't do that', let's just give them the smallest allocation possible if alloc=0 is requested. https://bugzilla.redhat.com/show_bug.cgi?id=866481 (cherry picked from commit 9f0e9cba)
-
由 Cole Robinson 提交于
Before: $ sudo virsh vol-create-as --pool vgvirt sparsetest --capacity 16M --allocation 0 error: Failed to create vol sparsetest error: internal error Child process (/usr/sbin/lvchange -aln vgvirt/sparsetest) unexpected exit status 5: One or more specified logical volume(s) not found. After: $ sudo virsh vol-create-as --pool vgvirt sparsetest --capacity 16M --allocation 0 error: Failed to create vol sparsetest error: internal error Child process (/usr/sbin/lvcreate --name sparsetest -L 0K --virtualsize 16384K vgvirt) unexpected exit status 5: Unable to create new logical volume with no extents (cherry picked from commit 01df6f2b)
-