Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: NEric Blake <eblake@redhat.com>

The new function virConnectGetCPUModelNames allows to retrieve the list
of CPU models known by the hypervisor for a specific architecture.
Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: NEric Blake <eblake@redhat.com>

Nehal J. Wani reported on IRC a rather interesting build failure:

In file included from util/virnetdevbridge.c:53:0:
/usr/include/linux/in6.h:30:8: error: redefinition of 'struct in6_addr'
 struct in6_addr {
        ^

I traced it to the fact that he ran 'git pull; make check' across
commit e62e0094.  What happened is that the configure changes
result in a new variable that was set to be defined on his system,
but config.h was not regenerated to contain the value of that
variable.  Running 'make' instead of 'make check' cleaned up the
problem.  A bit more investigation, and I see that in Makefile.am,
automake sticks rules that rebuild config.h as part of 'make all',
and that we also had a dependency 'check-local: all'; BUT the
rule for check-local is run only at the point when the top-level
directory is visited.  Automake documents that SUBDIRS should
contain an explicit '.' at the point the top-level should be
visited (defaulting to last, if it doesn't appear).  Sure enough,
with this patch, 'make check' now does the top-level 'all' rules,
which regenerates 'config.h' BEFORE compiling any code that might
depend on changed content of that file.

* Makefile.am (SUBDIRS): Put '.' first, not last.
Signed-off-by: NEric Blake <eblake@redhat.com>

The fix for CVE-2013-4311 had a pre-requisite enhancement
to the identity code

  commit db7a5688
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Thu Aug 22 16:00:01 2013 +0100

    Also store user & group ID values in virIdentity

This had a typo which caused the group ID to overwrite the
user ID string. This meant any checks using this would have
the wrong ID value. This only affected the ACL code, not the
initial polkit auth. It also leaked memory.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The xml files are generated in build directory and thus docs/newapi.xsl
was not able to find them in a VPATH build.
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

If a dir does not exist, raise an immediate error in logs
rather than letting virFileResolveAllLinks fail, since this
gives better error reporting to the user.
Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>

When FUSE is enabled, the LXC container is setup with
a custom /proc/meminfo file. This file uses "KB" as a
suffix, rather than "kB" which is the kernel's style.
Fix this inconsistency to avoid confusing apps.
Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>

The ABI compatibility check for domain features didn't check the
expanded HyperV and APIC EOI values, thus possibly allowing change in
guest ABI.

Add the check and use typecasted switch statement to warn developers
when adding a new HyperV feature.

The virDomainGetVcpuPinInfo python wrapper had a potential use of
uninitialized values
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Since the wait is done during migration (still inside
QEMU_ASYNC_JOB_MIGRATION_OUT), the code should enter the monitor as such
in order to prohibit all other jobs from interfering in the meantime.
This patch fixes bug #1009886 in which qemuDomainGetBlockInfo was
waiting on the monitor condition and after GetSpiceMigrationStatus
mangled its internal data, the daemon crashed.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009886

This splits up the version parsing code into a callable API like QEMU
help/version string parsing so that we can test it as we need to add
additional patterns for newer versions/products.

Rather than looking up the path to vmrun each time we call it, look it
up once and save it. This sets up the ability for us to detect where the
path is on Mac OS X and not have to look it up each time we execute it.

The VMware driver supports multiple backends for the VMware Player and
VMware Workstation, convert this logic into enum and use VIR_ENUM_IMPL()
to provide conversions to and from strings.

In case of an error, qemuMonitorTestNewSimple returns NULL.
Error out instead of dereferencing it.

Found by Coverity, reported by John Ferlan.

Coverity complains that the test suite did not check the
return value of dbus_message_iter_append_basic() as we did
in most other places.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1008903

The Q35 machinetype has an implicit SATA controller at 00:1F.2 which
isn't given the "expected" id of ahci0 by qemu when it's created. The
original suggested solution to this problem was to not specify any
controller for the disks that use the default controller and just
specify "unit=n" instead; qemu should then use the first IDE or SATA
controller for the disk.

Unfortunately, this "solution" is ignorant of the fact that in the
case of SATA disks, the "unit" attribute in the disk XML is actually
*not* being used for the unit, but is instead used to specify the
"bus" number; each SATA controller has 6 buses, and each bus only
allows a single unit. This makes it nonsensical to specify unit='n'
where n is anything other than 0. It also means that the only way to
connect more than a single device to the implicit SATA controller is
to explicitly give the bus names, which happen to be "ide.$n", where
$n can be replaced by the disk's "unit" number.

After commit 8aecd351 it'll detect
that a required option is not defined and it will assert and exit with:

virsh.c:1364: vshCommandOpt: Assertion `valid->name' failed.

Problem has been latent since commit ed23b106.
Signed-off-by: NEric Blake <eblake@redhat.com>

This macro is there to test the simplest monitor functions we have,
those in the form of: int ( *func) (qemuMonitorPtr). So far, we have
seven such functions.

Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

A previous patch used existing #define for the various files in /etc/pki
instead of hardcoding them in the help output. However I missed that
remote_driver.h contains #define for more paths that are present
in the daemon help output.
This commit uses the existing constants for the path to the
configuration file and to the libvirt sockets.

It's not used anywhere, but should be pointing to
$sysconfdir/libvirt/libvirtd.conf, not $sysconfdir/libvirtd.conf

In commit 6d41cb87, the interface for virEventAddHandleFunc was changed.
This patch updates the documentation for virEventAddHandle to reflect
the new significance of the return value. Also, both functions now
mention -1 for failure.

The 'stats' variable was not initialized to NULL, so if some
early validation of the RPC call fails, it is possible to jump
to the 'cleanup' label and VIR_FREE an uninitialized pointer.
This is a security flaw, since the API can be called from a
readonly connection which can trigger the validation checks.

This was introduced in release v0.9.1 onwards by

  commit 158ba873
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed Apr 13 16:21:35 2011 +0100

    Merge all returns paths from dispatcher into single path
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Add a missing '/' to close the "source" element.
Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com>

With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.

To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.

This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'
Signed-off-by: NColin Walters <walters@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The polkit access driver will want to use the process start
time field. This was already set for network identities, but
not for the system identity.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Future improvements to the polkit code will require access to
the numeric user ID, not merely user name.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

There are constants for these paths in remote_driver.h so we can
use these rather than duplicating them in the help output.
Signed-off-by: NChristophe Fergeau <cfergeau@redhat.com>
Signed-off-by: NEric Blake <eblake@redhat.com>

The help message indicates that the CA certificate is
$sysconfdir/pki/CA/caert.pem while the actual path is
$sysconfdir/pki/CA/cacert.pem
Signed-off-by: NChristophe Fergeau <cfergeau@redhat.com>
Signed-off-by: NEric Blake <eblake@redhat.com>

virDomainSetBlockIoTuneEnsureACL was incorrectly called after we already
started a job. As a result of this, the job was not cleaned up when an
access driver had forbidden the action.

completer and completer_flags added to the _vshCmdOptDef
structure so it will be possible for completion generators to
conveniently call option completer functions with desired flags.
Signed-off-by: NEric Blake <eblake@redhat.com>

Useful to set custom forwarders instead of using the contents of
/etc/resolv.conf. It helps me to setup dnsmasq as local nameserver to
resolve VM domain names from domain 0, when domain option is used.
Signed-off-by: NDiego Woitasen <diego.woitasen@vhgroup.net>
Signed-off-by: NEric Blake <eblake@redhat.com>

A user was having an issue with this specific VMWare Fusion config and
he gave me permission to add it as part of our test suite to further
expand our VMX test coverage. Unfortunately our VMX parser and
generator does not support many features contained within and just
silently ignores fields it does not understand so they had to
be removed out in the xml2vmx test. The original unmodified version
exists in the vmx2xml test.

VMWare Fusion 5 can set the CD-ROM's device name to be 'auto detect' when
using the physical drive via 'cdrom-raw' device type. VMWare will then
connect to first available host CD-ROM to the virtual machine upon start
up according to VMWare documentation. If no device is available, it
appears that the device will remain disconnected.

To better model this a CD-ROM that is marked as "auto detect" when in
the off state would be modeled as the following with this patch:
  <disk type='block' device='lun'>
    <source startupPolicy='optional'/>
    <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </disk>

Once the domain transitions to the powered on state, libvirt can
populate the remaining source data with what is connected, if anything.
However future power cycles, the domain may not always start with that
device attached.

Currently the XML parser already allows the following syntax:
  <disk type='block' device='cdrom'>
    <source startupPolicy='optional'/>
    <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </disk>

But it if the dev value is NULL then it would not have the leading
"<source ", resulting in invalid XML.

A cross build to mingw fails with:

  CC       virsystemdtest-virsystemdtest.o
../../tests/virsystemdtest.c: In function 'testCreateNoSystemd':
../../tests/virsystemdtest.c:97:9: error: implicit declaration of function 'unsetenv' [-Werror=implicit-function-declaration]
         unsetenv("FAIL_NO_SERVICE");
         ^
../../tests/virsystemdtest.c:97:9: error: nested extern declaration of 'unsetenv' [-Werror=nested-externs]

We could cop out and pull in the gnulib unsetenv module.  But when
you stop and think about it, this test requires LD_PRELOAD to work,
and systemd is a Linux-only concept anyways, both of which mean
the test could never work on mingw in the first place.  Simpler is
to just fix the test to behave like our other LD_PRELOAD tests.

* tests/virsystemdtest.c: Provide non-Linux implementation.
Signed-off-by: NEric Blake <eblake@redhat.com>

Commit f92c7e31 fixed a regression for native builds, but introduced
a regression for cross-compilation builds; in particular,
./autobuild.sh on a Fedora system with mingw cross-compiler fails
with:

checking for qemu-kvm... /usr/bin/qemu-kvm
checking for yajl_parse_complete in -lyajl... no
checking for yajl_tree_parse in -lyajl... no
configure: error: You must install the libyajl library & headers to compile libvirt

Since we default $with_qemu to 'yes' rather than 'check', and then
flip that default based on platform-specific checks, those platform
specifics need to come prior to any library checks that depend on
the value of $with_qemu.

* configure.ac: Ensure system defaults are sane before checking
for things that make decisions based on system default.
Signed-off-by: NEric Blake <eblake@redhat.com>

* .gitignore: Ignore metadatatest.
Signed-off-by: NEric Blake <eblake@redhat.com>

Use the helper added in previous patch to quiesce errors from this test
that was spamming logs on normal test runs.