Apparmor must not prevent access to required helper programs. The following
helpers should be allowed to run in unconfined execution mode:

 - libvirt_parthelper
 - libvirt_iohelper

The network and nwfilter tests contained in the libvirt-TCK testkit can fail
unless access to raw network packets is granted. Without this access, the
following apparmor error can be seen while running the tests:

  apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/libvirtd"
  pid=94731 comm="libvirtd" family="packet" sock_type="raw" protocol=768

In order for apparmor to work properly in Xen environments, the following
access rights need to be allowed:

 - Allow CAP_SYS_PACCT, which is required when resetting some multi-port
   Broadcom cards by writting to the PCI config space

 - Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without
   this setting, an error 'Resource temporarily unavailable' can be seen
   while attempting to mmap memory. At the same time, the following
   apparmor message is seen:

   apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd"
   pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14
   capname="ipc_lock"

 - Allow access to distribution specific directories:
     /usr/{lib,lib64}/xen/bin

Previously the function returned either -1 in case of an error or 0 on
success. However, we should also distinguish between a case we
successfully added a controller and a case there wasn't a need to add any
controller

As it turned out, fix of dead code 419a22 changed the affected condition
from "never true" to "always true", so better fix would be to change the
return code of virDomainMaybeAddController from 0 to 1 if
a new bridge has been added, thus distinguishing case when we didn't need to
add any controller and case we successfully added one.

The return code is changed in the next commit

My commit af1c98e4 broke the build on RHEL-6:
vircgrouptest.c: In function 'testCgroupGetPercpuStats':
vircgrouptest.c:566: error: nested extern declaration of
'_gl_verify_function2' [-Wnested-externs]

The only thing that needs checking is that the array size
is at least EXPECTED_NCPUS, to prevent access beyond the array.

We can ensure the minimum size also by specifying the array
size upfront.

Clang found possible dereference of NULL pointer which is right.
Function 'esxVI_LookupTaskInfoByTask' should find a task info. The issue
is that we could return 0 and leave 'taksInfo' pointer NULL because if
there is no match we simply end the search loop end set 'result' to 0.
Every caller count on the fact that if the return value is 0 than it's
safe to dereference 'taskInfo'. We should return 0 only in case we found
something and the '*taskInfo' is not NULL.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Clang found that we are passing variable with wrong enum type to
'xenapiCrashExitEnum2virDomainLifecycle' function. This is probably
copy-paste typo as the correct variable exists in the code, but it isn't
used.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>

Per-cpu stats are only shown for present CPUs in the cgroups,
but we were only parsing the largest CPU number from
/sys/devices/system/cpu/present and looking for stats even for
non-present CPUs.
This resulted in:
internal error: cpuacct parse error

The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it. Found via code inspection while fixing
permissions for save images.

The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it.

https://bugzilla.redhat.com/show_bug.cgi?id=1164627

When using 'virsh attach-device' to hotplug an unsupported console type
into a qemu guest the attachment would succeed as the command line
formatter didn't report error in such case.
Signed-off-by: NLuyao Huang <lhuang@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1130390

The listen address is not mandatory for <interface type='server'>
but when it's not specified, we've been formatting it as:
-netdev socket,listen=(null):5558,id=hostnet0
which failed with:
Device 'socket' could not be initialized

Omit the address completely and only format the port in the listen
attribute.

Also fix the schema to allow specifying a model.

When libvirt is configured --without-xen, building the xlconfigtest
fails with

  CCLD   xlconfigtest
  /usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu/crt1.o
  In function `_start': (.text+0x20): undefined reference to `main'
  collect2: error: ld returned 1 exit status

Introduced in commit 4ed5fb91 by too much copy and paste from
xmconfigtest.

Commit 318df5a0 changed the prototype of virCgroupNewMachine
without adjusting the stub function for platforms without
cgroups.

This adds a new "localOnly" attribute on the domain element of the
network xml.  With this set to "yes", DNS requests under that domain
will only be resolved by libvirt's dnsmasq, never forwarded upstream.

This was how it worked before commit f69a6b98, and I found that
functionality useful.  For example, I have my host's NetworkManager
dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can
easily resolve guest names from outside.  But if libvirt's dnsmasq
doesn't know a name and forwards it to the host, I'd get an endless
forwarding loop.  Now I can set localOnly="yes" to prevent the loop.
Signed-off-by: NJosh Stone <jistone@redhat.com>

Do not run ZFS tests when ZFS is unsupported in the environment.

The recent patch b4af4022 adds tests
to storagepoolxml2xmltest for the optional ZFS feature. When ZFS is
not included in the configuration these tests should not / cannot be
run. Modify the test source file to check for use of the feature and
compile in the tests accordingly.
Signed-off-by: NGary R Hook <gary.hook@nimboxx.com>

Since the day we removed python bindings from the core repository, the
documentation was missing that information.
Reported-by: NLingyu Zhu <lynuszhu@gmail.com>
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Using the same driver multiple times is pointless and
it can result in confusing errors:

$ virsh start test
error: Failed to start domain test
error: internal error: security label already defined for VM

https://bugzilla.redhat.com/show_bug.cgi?id=1153891

Depending on the context, either error out if the domain
has disappeared in the meantime, or just ignore the value
to allow marking the function as ATTRIBUTE_RETURN_CHECK.

https://bugzilla.redhat.com/show_bug.cgi?id=1161024

If the domain crashed while we were in monitor,
we cannot rely on the REALLOC done on live definition,
since vm->def now points to the persistent definition.
Skip adding the attached devices to domain definition
if the domain crashed.

In AttachChrDevice, the chardev was already added to the
live definition and freed by qemuProcessStop in the case
of a crash. Skip the device removal in that case.

Also skip audit if the domain crashed in the meantime.

https://bugzilla.redhat.com/show_bug.cgi?id=1161024

In the device type-specific functions, exit early
if the domain has disappeared, because the cleanup
should have been done by qemuProcessStop.

Check the return value in processDeviceDeletedEvent
and qemuProcessUpdateDevices.

Skip audit and removing the device from live def because
it has already been cleaned up.

Commit adff345e added support for features to MODE_HOSTPASSTHROUGH
as well. Since we support all modes now, the condition can be
eliminated.

This was broken in a dowstream build due to a missing backport:
https://bugzilla.redhat.com/show_bug.cgi?id=1182448

The path to the pty of a Xen PV console is set only in
virDomainOpenConsole. But this is done too late. A call to
virDomainGetXMLDesc done before OpenConsole will not have the path to
the pty, but a call after OpenConsole will.

e.g. of the current issue.
Starting a domain with '<console type="pty"/>'
Then:
virDomainGetXMLDesc():
  <devices>
    <console type='pty'>
      <target type='xen' port='0'/>
    </console>
  </devices>
virDomainOpenConsole()
virDomainGetXMLDesc():
  <devices>
    <console type='pty' tty='/dev/pts/30'>
      <source path='/dev/pts/30'/>
      <target type='xen' port='0'/>
    </console>
  </devices>

The patch intend to have the TTY path on the first call of GetXMLDesc.
This is done by setting up the path at domain start up instead of in
OpenConsole.

https://bugzilla.redhat.com/show_bug.cgi?id=1170743Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>

Many GCC versions don't understand -Wno-suggest-attribute=format
so the pragma must only be used when supported

It's possible to create a container with existing
disk image as root filesystem. You need to remove
existing disks from PCS VM config and then add a new
one, pointing to your image. And then call PrlVm_RegEx
with PRNVM_PRESERVE_DISK flag.

With this patch you can create such container with
something like this for new domain XML config:

    <filesystem type='file' accessmode='passthrough'>
      <driver type='ploop' format='ploop'/>
      <source file='/path-to-image'/>
      <target dir='/'/>
    </filesystem>
Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Handle information about filesystems in domain config
and add corresponding devices to container via
parallels sdk.
Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>

PCS removes disk image from filesystem, if you remove it
from config. There is a special flag PVCF_DETACH_HDD_BUNDLE
which allow to remove disk only from VM/CT config.

If you call virDomainDefine and remove some disk from
config it should be preserved, so call PrlVm_CommitEx
always with flag PVCF_DETACH_HDD_BUNDLE.
Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>

Obtain information about container's filesystems and
store it in virDomainDef structure.
Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

Ploop is a pseudo device which makeit possible to access
to an image in a file as a block device. Like loop devices,
but with additional features, like snapshots, write tracker
and without double-caching.

It used in PCS for containers and in OpenVZ. You can manage
ploop devices and images with ploop utility
(http://git.openvz.org/?p=ploop).
Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>

This is used as a boolean parameter for the '-cpu' option.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178853Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Just a new feature that can be turned on/off.

https://bugzilla.redhat.com/show_bug.cgi?id=1178853Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Commit id 'ca481a6f' added virNetworkRouteDefFree which may be called
in an error path from lxcAddNetworkRouteDefinition with 'route = NULL'.
So just add the (!def) at the top to resolve.

The 'virsh edit' command gets XML validation enabled by default,
with a --skip-validate option to disable it. The 'virsh define'
and 'virsh create' commands get a --validate option to enable
it, to avoid regressions for existing scripts.

The quality of error reporting from libxml2 varies depending
on the type of XML error made. Sometimes it is quite clear
and useful, other times it is obscure & inaccurate. At least
the user will see an error now, rather than having their
XML modification silently disappear.

We tested for positive return value from virDomainMaybeAddController,
but it returns 0 or -1 only resulting in a dead code.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

In case we find out, there are more PCI devices to be connected
than there are available slots on the default PCI bus, we automatically add a
new bus and a related PCI bridge controller as well. As there are no free slots
left on the default PCI bus, PCI bridge controller gets a free slot on a
newly created PCI bus which causes qemu to refuse to start the guest.
This fix introduces a new function qemuDomainPCIBusFullyReserved which
is checked right before we possibly try to reserve a slot for PCI bridge
controller.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132900

Commit id 'aa2cc721' added calls to virSocketAddrFormat but did not
check for a NULL (error) return which could lead to bad output
in the XML file.  Need to check for NULL return and cause failure.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>