1. 13 11月, 2009 17 次提交
    • J
      AppArmor code cleanups · 3cbc0501
      Jamie Strandboge 提交于
      * src/security/security_apparmor.c: a few code cleanups following a
        review on the list
      3cbc0501
    • J
      AppArmor handling of accesses to readonly files · d0d4b8ad
      Jamie Strandboge 提交于
      Fixes https://launchpad.net/bugs/453335
      
      * src/security/virt-aa-helper.c: suppress confusing and misleading
        apparmor denied message when kvm/qemu tries to open a libvirt specified
        readonly file (such as a cdrom) with write permissions. libvirt uses
        the readonly attribute for the security driver only, and has no way
        of telling kvm/qemu that the device should be opened readonly
      d0d4b8ad
    • J
      AppArmor require absolute paths · dae7054b
      Jamie Strandboge 提交于
      Fixes https://launchpad.net/bugs/460271
      
      * src/security/virt-aa-helper.c: require absolute path for dynamic added
        files. This is required by AppArmor and conveniently prevents adding
        tcp consoles to the profile
      dae7054b
    • J
      AppArmor updates of examples · a8a560dd
      Jamie Strandboge 提交于
      * examples/apparmor/libvirt-qemu: adds pulseaudio, alsa and preliminary
        save/restore to the example apparmor abstraction
      * examples/apparmor/usr.sbin.libvirtd: allows libvirtd access to inet
        dgram, inet6 dgram, inet6 stream and /usr/lib/libvirt/*
      a8a560dd
    • D
      Check that domain is running when starting console · c7a8e1bf
      Daniel P. Berrange 提交于
      The 'virsh console' command did not check if the domain was
      already running before attempting to fetch the XML and extract
      the console PTY path. This caused a slightly unhelpful / misleading
      error message for the user. The explicit check ensures the user
      gets an explicit 'domain is not running' message.
      
      * tools/virsh.c: Validate that state != VIR_DOMAIN_SHUTOFF in
        virsh console command
      c7a8e1bf
    • D
      Fix incorrect variable passed to LXC event callback · 007f016b
      Daniel P. Berrange 提交于
      The wrong variable was being passed in with the LXC event callback
      resulting in a later deadlock or crash
      
      * src/lxc/lxc_driver.c: Pass 'vm' instead of 'driver' to event
        callback
      007f016b
    • D
      Fix check for existance of cgroups at creation · d11d93f4
      Daniel P. Berrange 提交于
      In the scenario where the cgroups were mounted but the
      particular group did not exist, and the caller had not
      requested auto-creation, the code would fail to return
      an error condition. This caused the lxc_controller to
      think the cgroup existed, and it then later failed when
      attempting to use it
      
      * src/util/cgroup.c: Raise an error if the cgroup path does not
        exist
      d11d93f4
    • D
      Fix race condition in HAL driver startup · fd2090cd
      Daniel P. Berrange 提交于
      There is a race condition in HAL driver startup where the callback
      can get triggered before we have finished startup. This then causes
      a deadlock in the driver.
      
      * src/node_device/node_device_hal.c: RElease driver lock before
        registering DBus callbacks
      fd2090cd
    • D
      Fix formatting of XML for an inactive guest · f24e67d2
      Daniel P. Berrange 提交于
      If the virDomainDefPtr object has an 'id' of -1, then forcably
      set the VIR_DOMAIN_XML_INACTIVE flag to ensure generated XML
      does not include any cruft from the previously running guest
      such as console PTY path, or VNC port.
      
      * src/conf/domain_conf.c: Set VIR_DOMAIN_XML_INACTIVE if
        def->id is -1. Replace checks for def->id == -1 with
        check against flags & VIR_DOMAIN_XML_INACTIVE.
      f24e67d2
    • D
      Remove capng_lock() call when spawning LXC container init process · e6cbadd5
      Daniel P. Berrange 提交于
      The capng_lock() call sets the SECURE_NO_SETUID_FIXUP and SECURE_NOROOT
      bits on the process. This prevents the kernel granting capabilities to
      processes with an effective UID of 0, or with setuid programs. This is
      not actually what we want in the container init process. It should be
      allowed to run setuid processes & keep capabilities when root. All that
      is required is masking a handful of dangerous capabilities from the
      bounding set.
      
      * src/lxc/lxc_container.c: Remove bogus capng_lock() call.
      e6cbadd5
    • D
      Fix initscript to check daemon pidfile · ce62916b
      Daniel P. Berrange 提交于
      The libvirtd initscript could get confused between the system and
      session instances of the daemon. To avoid this it is neccessary
      to check the pidfile explicitly.
      
      * daemon/libvirtd.init.in: Always check the pidfile of the system
        daemon to avoid confusion with the session daemons
      ce62916b
    • J
      Fix virt-aa-helper when host and os.type arch differ · 308b8533
      Jamie Strandboge 提交于
      * src/security/virt-aa-helper.c: get_definition() now calls the new
        caps_mockup() function which will parse the XML for os.type,
        os.type.arch and then sets the wordsize.  These attributes are needed
        only to get a valid virCapsPtr for virDomainDefParseString(). The -H
        and -b options are now removed from virt-aa-helper (they weren't used
        yet anyway).
      * tests/virt-aa-helper-test: extend and fixes tests, chmod'ed 755
      308b8533
    • D
      Add translation of PCI vendor and product IDs · 70236638
      David Allan 提交于
      uses libpciaccess to provide human readable names for PCI vendor and
      device IDs
      * configure.in: add a requirement for libpciaccess >= 0.10.0
      * src/Makefile.am: add the associated compilation flags and link
      * src/node_device/node_device_udev.c: lookup the libpciaccess for
        vendor name and product name based on their ids
      70236638
    • D
      Remove DevKit node device backend · e99fb5ed
      David Allan 提交于
      * configure.in src/Makefile.am: remove the configuration check and
        build instructions
      * src/node_device/node_device_devkit.c: removed the module
      * src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
        removed references to the old backend
      e99fb5ed
    • D
      Add scsi_target device type · db19834a
      David Allan 提交于
      * src/conf/node_device_conf.h src/conf/node_device_conf.c: add specific
        support for SCSI target in node device capabilities
      * src/node_device/node_device_udev.c: add some extra detection code
        when handling udev output
      db19834a
    • D
      Implement a node device backend using libudev · 3ad6dcf3
      David Allan 提交于
      * configure.in: add new --with-udev, disabled by default, and requiring
        libudev > 145
      * src/node_device/node_device_udev.c src/node_device/node_device_udev.h:
        the new node device backend
      * src/node_device/node_device_linux_sysfs.c: moved node_device_hal_linux.c
        to a better file name
      * src/conf/node_device_conf.c src/conf/node_device_conf.h: add a couple
        of fields in node device definitions, and an API to look them up,
        remove a couple of unused fields from previous patch.
      * src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
        plug the new driver
      * po/POTFILES.in src/Makefile.am src/libvirt_private.syms: add the new
        files and symbols
      * src/util/util.h src/util/util.c: add a new convenience macro
        virBuildPath and virBuildPathInternal() function
      3ad6dcf3
    • D
      Add several fields to node device capabilities · fe2af45b
      David Allan 提交于
      * src/conf/node_device_conf.h src/conf/node_device_conf.c: add the new
        fields in the structure as well as parsing and serialization
      fe2af45b
  2. 12 11月, 2009 9 次提交
    • C
      Add virConnectGetLibvirtVersion API · ce4c0bf5
      Cole Robinson 提交于
      There is currently no way to determine the libvirt version of a remote
      libvirtd we are connected to. This is a useful piece of data to enable
      feature detection.
      ce4c0bf5
    • M
      Implement finer grained migration control for Xen · 632be336
      Maximilian Wilhelm 提交于
      * src/xen/xen_driver.c: Add support for VIR_MIGRATE_PERSIST_DEST flag
      * src/xen/xend_internal.c: Add support for VIR_MIGRATE_UNDEFINE_SOURCE flag
      * include/libvirt/virterror.h, src/util/virterror.c: Add new errorcode
        VIR_ERR_MIGRATE_PERSIST_FAILED
      632be336
    • P
      Support for SATA Disks in virDomainDiskBus · 2e236074
      pritesh 提交于
      * src/conf/domain_conf.h src/conf/domain_conf.c: add the new entry in
        the enum and lists of virDomainDiskBus
      * src/qemu/qemu_conf.c: same for virDomainDiskQEMUBus
      2e236074
    • R
      LXC implement missing DomainInterfaceStats API · e51cf5c1
      Ryota Ozaki 提交于
      * src/lxc/lxc_driver.c: add lxcDomainInterfaceStats implementing
        virDomainInterfaceStats()
      e51cf5c1
    • D
      Filter out stale domains from xenstore listing · 7c34bb26
      Daniel P. Berrange 提交于
      The xenstore database sometimes has stale domain IDs which are not
      present in the hypervisor anymore. Filter these out to avoid causing
      confusion
      
      * src/xen/xs_internal.c: Filter domain IDs against HV's list
      * src/xen/xen_hypervisor.h, src/xen/xen_hypervisor.c: Add new
        xenHypervisorHasDomain() method for checking ID validity
      7c34bb26
    • J
      Fix logic in xenUnifiedNumOfDomains to match xenUnifiedListDomains · 2659b3f5
      Jonas Eriksson 提交于
      The xenUnifiedNumOfDomains and xenUnifiedListDomains methods work
      together as a pair, so it is critical they both apply the same
      logic. With the current mis-matched logic it is possible to sometimes
      get into a state when you miss certain active guests.
      
      * src/xen/xen_driver.c: Change xenUnifiedNumOfDomains ordering to
        match xenUnifiedListDomains.
      2659b3f5
    • D
      Disable IPv6 socket auto-binding to IPv4 socket · 730fd3b0
      Daniel P. Berrange 提交于
      Sometimes getaddrinfo returns IPv4 addresses before IPv6 addresses.
      IPv6 sockets default to attempting to bind to IPv4 addresses too.
      So if the IPv4 address is activated first, then binding to IPv6
      will unneccessarily fail.
      
      * daemon/libvirtd.c: Bind to IPv6 and IPv4 addresses separately
      730fd3b0
    • D
      Exclude numactl on s390[x] · 3c3dffc2
      Daniel P. Berrange 提交于
      The numactl package is not applicable for s390[x] arches, so do
      not enable it as a build dep.
      
      * libvirt.spec.in: Exclude numactl on s390[x]
      3c3dffc2
    • R
      Fix error handling in qemuMonitorOpen · 45e0483d
      Ryota Ozaki 提交于
      * src/qemu/qemu_monitor.c: add error check for qemuMonitorOpenXXX
        returned file descriptor
      45e0483d
  3. 11 11月, 2009 10 次提交
    • D
      Fix save and restore with non-privileged guests and SELinux · bc0010b3
      Daniel P. Berrange 提交于
      When running qemu:///system instance, libvirtd runs as root,
      but QEMU may optionally be configured to run non-root. When
      then saving a guest to a state file, the file is initially
      created as root, and thus QEMU cannot write to it. It is also
      missing labelling required to allow access via SELinux.
      
      * src/qemu/qemu_driver.c: Set ownership on save image before
        running migrate command in virDomainSave impl. Call out to
        security driver to set save image labelling
      * src/security/security_driver.h: Add driver APIs for setting
        and restoring saved state file labelling
      * src/security/security_selinux.c: Implement saved state file
        labelling for SELinux
      bc0010b3
    • G
      disable mac_filter config switch by default · fedad93d
      Gerhard Stenzel 提交于
      * src/qemu/qemu.conf:  disables the mac_filter config switch by default
        to match existing convention, also document the option
      fedad93d
    • R
      Prevent initializing ebtables if disabled in qemu.conf · 6008cfc7
      Ryota Ozaki 提交于
      * src/qemu/qemu_conf.c: don't initialize ebtables if
        disabled
      6008cfc7
    • E
      phyp: too much timeout when polling socket · 49169367
      Eduardo Otubo 提交于
      * src/phyp/phyp_driver.c: a 10s timeout on socket availability was way
        too long, reduced to 1ms
      49169367
    • R
      Fix warning on make due to missing cast (int) · 75825e45
      Ryota Ozaki 提交于
      * src/qemu/qemu_monitor.c src/qemu/qemu_monitor_text.c: cast size_t to
        int when passing to '%d'
      75825e45
    • E
      phyp: Reorder keyboard_interactive label in openSSHSession() · a32c43d6
      Eduardo Otubo 提交于
      Finish changes intended to be part of commit
      6c708023
      a32c43d6
    • D
      Implmentation of new APIs to checking state/persistence of objects · cabc2cc9
      Daniel P. Berrange 提交于
      This implements the virConnectIsSecure, virConnectIsEncrypted,
      virDomainIsPersistent, virDomainIsActive, virNetworkIsActive,
      virNetworkIsPersistent, virStoragePoolIsActive,
      virStoragePoolIsPersistent, virInterfaceIsActive APIs in
      (nearly) all drivers. Exceptions are:
      
       phyp: missing domainIsActive/Persistent
       esx: missing domainIsPersistent
       opennebula: missing domainIsActive/Persistent
      
      * src/remote/remote_protocol.x: Define remote wire ABI for newly
        added APIs.
      * daemon/remote_dispatch*.h: Re-generated from remote_protocol.x
      * src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/network/bridge_driver.c,
        src/opennebula/one_driver.c, src/openvz/openvz_conf.c,
        src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
        src/remote/remote_driver.c, src/storage/storage_driver.c,
        src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
        src/xen/xen_driver.c, src/xen/xen_driver.h, src/xen/xen_inotify.c,
        src/xen/xen_inotify.h: Implement all the new APIs where possible
      cabc2cc9
    • D
      New APIs for checking some object properties · c04498b3
      Daniel P. Berrange 提交于
      Introduce a number of new APIs to  expose some boolean properties
      of objects, which cannot otherwise reliably determined, nor are
      aspects of the XML configuration.
      
       * virDomainIsActive: Checking virDomainGetID is not reliable
         since it is not possible to distinguish between error condition
         and inactive domain for ID of -1.
       * virDomainIsPersistent: Check whether a persistent config exists
         for the domain
      
       * virNetworkIsActive: Check whether the network is active
       * virNetworkIsPersistent: Check whether a persistent config exists
         for the network
      
       * virStoragePoolIsActive: Check whether the storage pool is active
       * virStoragePoolIsPersistent: Check whether a persistent config exists
         for the storage pool
      
       * virInterfaceIsActive: Check whether the host interface is active
      
       * virConnectIsSecure: whether the communication channel to the
         hypervisor is secure
       * virConnectIsEncrypted: whether any network based commnunication
         channels are encrypted
      
      NB, a channel can be secure, even if not encrypted, eg if it does
      not involve the network, like a UNIX socket, or pipe.
      
       * include/libvirt/libvirt.h.in: Define public API
       * src/driver.h: Define internal driver API
       * src/libvirt.c: Implement public API entry point
       * src/libvirt_public.syms: Export API symbols
       * src/esx/esx_driver.c, src/lxc/lxc_driver.c,
         src/interface/netcf_driver.c, src/network/bridge_driver.c,
         src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
         src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
         src/remote/remote_driver.c, src/test/test_driver.c,
         src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
         src/xen/xen_driver.c: Stub out driver tables
      c04498b3
    • D
      Various fixes following a code review part 2 · 117aa0d8
      Daniel Veillard 提交于
      * daemon/libvirtd.c tools/virsh.c: Steve Grubb <sgrubb@redhat.com> found
        a few more issues
      117aa0d8
    • D
      Various fixes following a code review · 52147a04
      Daniel Veillard 提交于
      * src/libvirt.c src/lxc/lxc_conf.c src/lxc/lxc_container.c
        src/lxc/lxc_controller.c src/node_device/node_device_hal.c
        src/openvz/openvz_conf.c src/qemu/qemu_driver.c
        src/qemu/qemu_monitor_text.c src/remote/remote_driver.c
        src/storage/storage_backend_disk.c src/storage/storage_driver.c
        src/util/logging.c src/xen/sexpr.c src/xen/xend_internal.c
        src/xen/xm_internal.c: Steve Grubb <sgrubb@redhat.com> sent a code
        review and those are the fixes correcting the problems
      52147a04
  4. 10 11月, 2009 4 次提交
    • D
      Allow timeouts waiting for QEMU job lock · 9b6efcfe
      Daniel P. Berrange 提交于
      Some monitor commands may take a very long time to complete. It is
      not desirable to block other incoming API calls forever. With this
      change, if an existing API call is holding the job lock, additional
      API calls will not wait forever. They will time out after a short
      period of time, allowing application to retry later.
      
      * include/libvirt/virterror.h, src/util/virterror.c: Add new
        VIR_ERR_OPERATION_TIMEOUT error code
      * src/qemu/qemu_driver.c: Change to a timed condition variable
        wait for acquiring the monitor job lock
      9b6efcfe
    • D
      Release driver and domain lock when running monitor commands · f9c56cce
      Daniel P. Berrange 提交于
      QEMU monitor commands may sleep for a prolonged period of time.
      If the virDomainObjPtr or qemu driver lock is held this will
      needlessly block execution of many other API calls. it also
      prevents asynchronous monitor events from being dispatched
      while a monitor command is executing, because deadlock will
      ensure.
      
      To resolve this, it is neccessary to release all locks while
      executing a monitor command. This change introduces a flag
      indicating that a monitor job is active, and a condition
      variable to synchronize access to this flag. This ensures that
      only a single thread can be making a state change or executing
      a monitor command at a time, while still allowing other API
      calls to be completed without blocking
      
      * src/qemu/qemu_driver.c: Release driver and domain lock when
        running monitor commands. Re-add locking to disk passphrase
        callback
      * src/qemu/THREADS.txt: Document threading rules
      f9c56cce
    • D
      Fully asynchronous monitor I/O processing · 1dc10a7b
      Daniel P. Berrange 提交于
      Change the QEMU monitor file handle watch to poll for both
      read & write events, as well as EOF. All I/O to/from the
      QEMU monitor FD is now done in the event callback thread.
      
      When the QEMU driver needs to send a command, it puts the
      data to be sent into a qemuMonitorMessagePtr object instance,
      queues it for dispatch, and then goes to sleep on a condition
      variable. The event thread sends all the data, and then waits
      for the reply to arrive, putting the response / error data
      back into the qemuMonitorMessagePtr and notifying the condition
      variable.
      
      There is a temporary hack in the disk passphrase callback to
      avoid acquiring the domain lock.  This avoids a deadlock in
      the command processing, since the domain lock is still held
      when running monitor commands. The next commit will remove
      the locking when running commands & thus allow re-introduction
      of locking the disk passphrase callback
      
      * src/qemu/qemu_driver.c: Temporarily don't acquire lock in
        disk passphrase callback. To be reverted in next commit
      * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Remove
        raw I/O functions, and a generic qemuMonitorSend() for
        invoking a command
      * src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
        Remove all low level I/O, and use the new qemuMonitorSend()
        API. Provide a qemuMonitorTextIOProcess() method for detecting
        command/reply/prompt boundaries in the monitor data stream
      1dc10a7b
    • E
      phyp: ssh authentication with public key fixed · 6c708023
      Eduardo Otubo 提交于
      Use ssh keyfiles from the current user's home directory instead of trying
      to use keyfiles from a hardcoded /home/user directory. Fallback to
      username/password authentication if keyfiles are not available or keyfile
      authentication failed.
      6c708023