In a few places, the return value could get passed to VIR_ALLOC_N without
being checked, resulting in a request to allocate a lot of memory if the
return value was negative.

The error messages did not correspond to the attributes they printed.

Missing break in the switch.

The size of the controllers array is VIR_CGROUP_CONTROLLER_LAST, however
we only call it with values less than VIR_CGROUP_CONTROLLER_LAST.

This can't lead to a crash since virNWFilterSnoopReqNew is only called
with a static array as the argument, but if we check for NULL we should
do it right.

Error messages produced while dispatching guest agent commands didn't
have an apparent reference to the fact that they are dealing with guest
agent commands. This patch fixes up some of the messages to contain that
reference.

Just a little rewrite of the cmdDomDisplay function to make it
consistent and hopefully more readable.  This also fixes a problem
with password not being displayed for vnc even with the
"--include-password" option.

It's exposed under domfstrim command. Although the API
doesn't support specifying mount point yet, expose it
anyway.

using qemu guest agent. As said in previous patch,
@mountPoint must be NULL and @flags zero because
qemu guest agent doesn't support these arguments
yet. If qemu learns them, we can start supporting
them as well.

A new rule to fixup_name() in gendispatch.pl needs to be added,
otherwise we are left with remoteDomainFstrim which is not wanted.

This will call FITRIM within guest. The API has 4 arguments,
however, only 2 will be used for now (@dom and @minumum).
The rest two are there if in future qemu guest agent learns them.

With QMP capability probing, the version was not set.
virsh version returns:
...
Cannot extract running QEMU hypervisor version

This is fixed by computing caps->version from QMP major,
minor, micro values.
Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

QMP Capability probing will fail if QEMU cannot bind to the
QMP monitor socket in the qemu_driver->libDir directory.
That's because the child process is stripped of all
capabilities and this directory is chown'ed to the configured
QEMU user/group (normally qemu:qemu) by the QEMU driver.

To prevent this from happening, the driver startup will now pass
the QEMU uid and gid down to the capability probing code.
All capability probing invocations of QEMU will be run with
the configured QEMU uid instead of libvirtd's.

Furter, the pid file handling is moved to libvirt, as QEMU
cannot write to the qemu_driver->runDir (root:root). This also
means that the libvirt daemonizing must be used.
Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

If qemuMonitorOpenUnix is called without a related pid, i.e. for
QMP probing, a connect failure can happen as the result of a race.
Without a pid there is no retry and thus we give up too early.
This changes the code to retry if no pid is supplied.
Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

we already have virtualize meminfo for container through fuse filesystem,
add function lxcContainerMountProcFuse to mount this meminfo file to
the container's /proc/meminfo.

So we can isolate container's /proc/meminfo from host now.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

with this patch,container's meminfo will be shown based on
containers' mem cgroup.

Right now,it's impossible to virtualize all values in meminfo,
I collect some values such as MemTotal,MemFree,Cached,Active,
Inactive,Active(anon),Inactive(anon),Active(file),Inactive(anon),
Active(file),Inactive(file),Unevictable,SwapTotal,SwapFree.

if I miss something, please let me know.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

because libvirt_lxc's cgroup mountpoint is what it shown
in /proc/self/cgroup.

we can get container's cgroup through virCgroupNew("/", &group),
add interface virCgroupGetAppRoot to help container to
get it's cgroup.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

virCgroupGetMemSwapUsage is used to get container's swap usage,
with this interface,we can get swap usage in fuse filesystem.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

this patch addes fuse support for libvirt lxc.
we can use fuse filesystem to generate sysinfo dynamically,
So we can isolate /proc/meminfo,cpuinfo and so on through
fuse filesystem.

we mount fuse filesystem for every container.
the mount name is libvirt,mount point is
localstatedir/run/libvirt/lxc/containername.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

Add a configure option --with-fuse to prepare introduction
of fuse support for libvirt lxc.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

This bug leads to getting incorrect vcpupin information via
qemudDomainGetVcpuPinInfo() API when the number of maximum
cpu on a host falls into a range such as 31 < ncpus < 64.

gcc warning:
left shift count >= width of type

The following bug is such the case
https://bugzilla.redhat.com/show_bug.cgi?id=876415

In qemuDomainSaveMemory, wrapperFd might be NULL and should be checked before
calling virFileWrapperFdCatchError. Same in doCoreDump.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=880919

Sort the symbols listed in libvirt_daemon.syms
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This splits out some common code from virDBusGetSystemBus and
uses it to implement a new virDBusGetSessionBus helper.

Change some legacy function names to use 'qemu' as their
prefix instead of 'qemud' which was a hang over from when
the QEMU driver ran inside a separate daemon
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

When starting an LXC guest with a virNetwork based NIC device,
if the network was not active, the virNetworkPtr device would
be leaked
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

In virNetDevVethDelete the virRun method will properly report
errors, but when checking the exit status for non-zero exit
code no error is reported
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

When starting a container, newDef is initialized to a
copy of 'def', but when startup fails newDef is never
removed. This cause later attempts to use 'virDomainDefine'
to lose the new data being defined.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

A mistaken initialization of 'ret' caused failure to create
macvtap devices to be ignored. The libvirt_lxc process
would later fail to start due to missing devices

Also make sure code checks '< 0' and not '!= 0' since only
-1 is considered an error condition
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

If the <interface> device did not contain any <target>
element, LXC would crash on a NULL pointer if starting
the container failed
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

When failing to create a macvlan interface, make sure the
error message contains the name of the host interface
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The LXC driver relies on use of cgroups to kill off LXC processes
in shutdown. If cgroups aren't available, we're unable to kill
off processes, so we must treat lack of cgroups as a fatal startup
error.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The code setting up LXC cgroups used an 'rc' variable both
for capturing the return value of methods it calls, and
its own return status. The result was that several failures
in setting up cgroups would actually result in success being
returned.

Use a separate 'ret' for tracking return value as per normal
code design in other parts of libvirt
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The initpid will be required long term to enable LXC to
implement various hotplug operations. Thus it needs to be
persisted in the domain status XML. LXC has not used the
domain status XML before, so this introduces use of the
helpers.

Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Currently the lxcContainerSetupMounts method uses the
virSecurityManagerPtr instance to obtain the mount options
string and then only passes the string down into methods
it calls. As functionality in LXC grows though, those
methods need to have direct access to the virSecurityManagerPtr
instance. So push the code down a level.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The impls of virSecurityManagerGetMountOptions had no way to
return errors, since the code was treating 'NULL' as a success
value. This is somewhat pointless, since the calling code did
not want NULL in the first place and has to translate it into
the empty string "". So change the code so that the impls can
return "" directly, allowing use of NULL for error reporting
once again
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=876828

Commit 38c4a9cc introduced a regression in hot unplugging of disks
from qemu, where cgroup device ACLs were no longer being revoked
(thankfully not a security hole: cgroup ACLs only prevent open()
of the disk; so reverting the ACL prevents future abuse but doesn't
stop abuse from an fd that was already opened before the ACL change).

The actual regression is due to a latent bug.  The hot unplug code
was computing the set of files needing cgroup ACL revocation based
on the XML passed in by the user, rather than based on the domain's
details on which disk was being deleted.  As long as the revoke
path was always recomputing the backing chain, this didn't really
matter; but now that we want to compute the chain exactly once and
remember that computation, we need to hang on to the backing chain
until after the revoke has happened.

* src/qemu/qemu_hotplug.c (qemuDomainDetachPciDiskDevice):
Transfer backing chain before deletion.