- 13 11月, 2009 17 次提交
-
-
由 Jamie Strandboge 提交于
* src/security/security_apparmor.c: a few code cleanups following a review on the list
-
由 Jamie Strandboge 提交于
Fixes https://launchpad.net/bugs/453335 * src/security/virt-aa-helper.c: suppress confusing and misleading apparmor denied message when kvm/qemu tries to open a libvirt specified readonly file (such as a cdrom) with write permissions. libvirt uses the readonly attribute for the security driver only, and has no way of telling kvm/qemu that the device should be opened readonly
-
由 Jamie Strandboge 提交于
Fixes https://launchpad.net/bugs/460271 * src/security/virt-aa-helper.c: require absolute path for dynamic added files. This is required by AppArmor and conveniently prevents adding tcp consoles to the profile
-
由 Jamie Strandboge 提交于
* examples/apparmor/libvirt-qemu: adds pulseaudio, alsa and preliminary save/restore to the example apparmor abstraction * examples/apparmor/usr.sbin.libvirtd: allows libvirtd access to inet dgram, inet6 dgram, inet6 stream and /usr/lib/libvirt/*
-
由 Daniel P. Berrange 提交于
The 'virsh console' command did not check if the domain was already running before attempting to fetch the XML and extract the console PTY path. This caused a slightly unhelpful / misleading error message for the user. The explicit check ensures the user gets an explicit 'domain is not running' message. * tools/virsh.c: Validate that state != VIR_DOMAIN_SHUTOFF in virsh console command
-
由 Daniel P. Berrange 提交于
The wrong variable was being passed in with the LXC event callback resulting in a later deadlock or crash * src/lxc/lxc_driver.c: Pass 'vm' instead of 'driver' to event callback
-
由 Daniel P. Berrange 提交于
In the scenario where the cgroups were mounted but the particular group did not exist, and the caller had not requested auto-creation, the code would fail to return an error condition. This caused the lxc_controller to think the cgroup existed, and it then later failed when attempting to use it * src/util/cgroup.c: Raise an error if the cgroup path does not exist
-
由 Daniel P. Berrange 提交于
There is a race condition in HAL driver startup where the callback can get triggered before we have finished startup. This then causes a deadlock in the driver. * src/node_device/node_device_hal.c: RElease driver lock before registering DBus callbacks
-
由 Daniel P. Berrange 提交于
If the virDomainDefPtr object has an 'id' of -1, then forcably set the VIR_DOMAIN_XML_INACTIVE flag to ensure generated XML does not include any cruft from the previously running guest such as console PTY path, or VNC port. * src/conf/domain_conf.c: Set VIR_DOMAIN_XML_INACTIVE if def->id is -1. Replace checks for def->id == -1 with check against flags & VIR_DOMAIN_XML_INACTIVE.
-
由 Daniel P. Berrange 提交于
The capng_lock() call sets the SECURE_NO_SETUID_FIXUP and SECURE_NOROOT bits on the process. This prevents the kernel granting capabilities to processes with an effective UID of 0, or with setuid programs. This is not actually what we want in the container init process. It should be allowed to run setuid processes & keep capabilities when root. All that is required is masking a handful of dangerous capabilities from the bounding set. * src/lxc/lxc_container.c: Remove bogus capng_lock() call.
-
由 Daniel P. Berrange 提交于
The libvirtd initscript could get confused between the system and session instances of the daemon. To avoid this it is neccessary to check the pidfile explicitly. * daemon/libvirtd.init.in: Always check the pidfile of the system daemon to avoid confusion with the session daemons
-
由 Jamie Strandboge 提交于
* src/security/virt-aa-helper.c: get_definition() now calls the new caps_mockup() function which will parse the XML for os.type, os.type.arch and then sets the wordsize. These attributes are needed only to get a valid virCapsPtr for virDomainDefParseString(). The -H and -b options are now removed from virt-aa-helper (they weren't used yet anyway). * tests/virt-aa-helper-test: extend and fixes tests, chmod'ed 755
-
由 David Allan 提交于
uses libpciaccess to provide human readable names for PCI vendor and device IDs * configure.in: add a requirement for libpciaccess >= 0.10.0 * src/Makefile.am: add the associated compilation flags and link * src/node_device/node_device_udev.c: lookup the libpciaccess for vendor name and product name based on their ids
-
由 David Allan 提交于
* configure.in src/Makefile.am: remove the configuration check and build instructions * src/node_device/node_device_devkit.c: removed the module * src/node_device/node_device_driver.c src/node_device/node_device_driver.h: removed references to the old backend
-
由 David Allan 提交于
* src/conf/node_device_conf.h src/conf/node_device_conf.c: add specific support for SCSI target in node device capabilities * src/node_device/node_device_udev.c: add some extra detection code when handling udev output
-
由 David Allan 提交于
* configure.in: add new --with-udev, disabled by default, and requiring libudev > 145 * src/node_device/node_device_udev.c src/node_device/node_device_udev.h: the new node device backend * src/node_device/node_device_linux_sysfs.c: moved node_device_hal_linux.c to a better file name * src/conf/node_device_conf.c src/conf/node_device_conf.h: add a couple of fields in node device definitions, and an API to look them up, remove a couple of unused fields from previous patch. * src/node_device/node_device_driver.c src/node_device/node_device_driver.h: plug the new driver * po/POTFILES.in src/Makefile.am src/libvirt_private.syms: add the new files and symbols * src/util/util.h src/util/util.c: add a new convenience macro virBuildPath and virBuildPathInternal() function
-
由 David Allan 提交于
* src/conf/node_device_conf.h src/conf/node_device_conf.c: add the new fields in the structure as well as parsing and serialization
-
- 12 11月, 2009 9 次提交
-
-
由 Cole Robinson 提交于
There is currently no way to determine the libvirt version of a remote libvirtd we are connected to. This is a useful piece of data to enable feature detection.
-
由 Maximilian Wilhelm 提交于
* src/xen/xen_driver.c: Add support for VIR_MIGRATE_PERSIST_DEST flag * src/xen/xend_internal.c: Add support for VIR_MIGRATE_UNDEFINE_SOURCE flag * include/libvirt/virterror.h, src/util/virterror.c: Add new errorcode VIR_ERR_MIGRATE_PERSIST_FAILED
-
由 pritesh 提交于
* src/conf/domain_conf.h src/conf/domain_conf.c: add the new entry in the enum and lists of virDomainDiskBus * src/qemu/qemu_conf.c: same for virDomainDiskQEMUBus
-
由 Ryota Ozaki 提交于
* src/lxc/lxc_driver.c: add lxcDomainInterfaceStats implementing virDomainInterfaceStats()
-
由 Daniel P. Berrange 提交于
The xenstore database sometimes has stale domain IDs which are not present in the hypervisor anymore. Filter these out to avoid causing confusion * src/xen/xs_internal.c: Filter domain IDs against HV's list * src/xen/xen_hypervisor.h, src/xen/xen_hypervisor.c: Add new xenHypervisorHasDomain() method for checking ID validity
-
由 Jonas Eriksson 提交于
The xenUnifiedNumOfDomains and xenUnifiedListDomains methods work together as a pair, so it is critical they both apply the same logic. With the current mis-matched logic it is possible to sometimes get into a state when you miss certain active guests. * src/xen/xen_driver.c: Change xenUnifiedNumOfDomains ordering to match xenUnifiedListDomains.
-
由 Daniel P. Berrange 提交于
Sometimes getaddrinfo returns IPv4 addresses before IPv6 addresses. IPv6 sockets default to attempting to bind to IPv4 addresses too. So if the IPv4 address is activated first, then binding to IPv6 will unneccessarily fail. * daemon/libvirtd.c: Bind to IPv6 and IPv4 addresses separately
-
由 Daniel P. Berrange 提交于
The numactl package is not applicable for s390[x] arches, so do not enable it as a build dep. * libvirt.spec.in: Exclude numactl on s390[x]
-
由 Ryota Ozaki 提交于
* src/qemu/qemu_monitor.c: add error check for qemuMonitorOpenXXX returned file descriptor
-
- 11 11月, 2009 10 次提交
-
-
由 Daniel P. Berrange 提交于
When running qemu:///system instance, libvirtd runs as root, but QEMU may optionally be configured to run non-root. When then saving a guest to a state file, the file is initially created as root, and thus QEMU cannot write to it. It is also missing labelling required to allow access via SELinux. * src/qemu/qemu_driver.c: Set ownership on save image before running migrate command in virDomainSave impl. Call out to security driver to set save image labelling * src/security/security_driver.h: Add driver APIs for setting and restoring saved state file labelling * src/security/security_selinux.c: Implement saved state file labelling for SELinux
-
由 Gerhard Stenzel 提交于
* src/qemu/qemu.conf: disables the mac_filter config switch by default to match existing convention, also document the option
-
由 Ryota Ozaki 提交于
* src/qemu/qemu_conf.c: don't initialize ebtables if disabled
-
由 Eduardo Otubo 提交于
* src/phyp/phyp_driver.c: a 10s timeout on socket availability was way too long, reduced to 1ms
-
由 Ryota Ozaki 提交于
* src/qemu/qemu_monitor.c src/qemu/qemu_monitor_text.c: cast size_t to int when passing to '%d'
-
由 Eduardo Otubo 提交于
Finish changes intended to be part of commit 6c708023
-
由 Daniel P. Berrange 提交于
This implements the virConnectIsSecure, virConnectIsEncrypted, virDomainIsPersistent, virDomainIsActive, virNetworkIsActive, virNetworkIsPersistent, virStoragePoolIsActive, virStoragePoolIsPersistent, virInterfaceIsActive APIs in (nearly) all drivers. Exceptions are: phyp: missing domainIsActive/Persistent esx: missing domainIsPersistent opennebula: missing domainIsActive/Persistent * src/remote/remote_protocol.x: Define remote wire ABI for newly added APIs. * daemon/remote_dispatch*.h: Re-generated from remote_protocol.x * src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/network/bridge_driver.c, src/opennebula/one_driver.c, src/openvz/openvz_conf.c, src/openvz/openvz_driver.c, src/phyp/phyp_driver.c, src/remote/remote_driver.c, src/storage/storage_driver.c, src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c, src/xen/xen_driver.c, src/xen/xen_driver.h, src/xen/xen_inotify.c, src/xen/xen_inotify.h: Implement all the new APIs where possible
-
由 Daniel P. Berrange 提交于
Introduce a number of new APIs to expose some boolean properties of objects, which cannot otherwise reliably determined, nor are aspects of the XML configuration. * virDomainIsActive: Checking virDomainGetID is not reliable since it is not possible to distinguish between error condition and inactive domain for ID of -1. * virDomainIsPersistent: Check whether a persistent config exists for the domain * virNetworkIsActive: Check whether the network is active * virNetworkIsPersistent: Check whether a persistent config exists for the network * virStoragePoolIsActive: Check whether the storage pool is active * virStoragePoolIsPersistent: Check whether a persistent config exists for the storage pool * virInterfaceIsActive: Check whether the host interface is active * virConnectIsSecure: whether the communication channel to the hypervisor is secure * virConnectIsEncrypted: whether any network based commnunication channels are encrypted NB, a channel can be secure, even if not encrypted, eg if it does not involve the network, like a UNIX socket, or pipe. * include/libvirt/libvirt.h.in: Define public API * src/driver.h: Define internal driver API * src/libvirt.c: Implement public API entry point * src/libvirt_public.syms: Export API symbols * src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/interface/netcf_driver.c, src/network/bridge_driver.c, src/opennebula/one_driver.c, src/openvz/openvz_driver.c, src/phyp/phyp_driver.c, src/qemu/qemu_driver.c, src/remote/remote_driver.c, src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Stub out driver tables
-
由 Daniel Veillard 提交于
* daemon/libvirtd.c tools/virsh.c: Steve Grubb <sgrubb@redhat.com> found a few more issues
-
由 Daniel Veillard 提交于
* src/libvirt.c src/lxc/lxc_conf.c src/lxc/lxc_container.c src/lxc/lxc_controller.c src/node_device/node_device_hal.c src/openvz/openvz_conf.c src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.c src/remote/remote_driver.c src/storage/storage_backend_disk.c src/storage/storage_driver.c src/util/logging.c src/xen/sexpr.c src/xen/xend_internal.c src/xen/xm_internal.c: Steve Grubb <sgrubb@redhat.com> sent a code review and those are the fixes correcting the problems
-
- 10 11月, 2009 4 次提交
-
-
由 Daniel P. Berrange 提交于
Some monitor commands may take a very long time to complete. It is not desirable to block other incoming API calls forever. With this change, if an existing API call is holding the job lock, additional API calls will not wait forever. They will time out after a short period of time, allowing application to retry later. * include/libvirt/virterror.h, src/util/virterror.c: Add new VIR_ERR_OPERATION_TIMEOUT error code * src/qemu/qemu_driver.c: Change to a timed condition variable wait for acquiring the monitor job lock
-
由 Daniel P. Berrange 提交于
QEMU monitor commands may sleep for a prolonged period of time. If the virDomainObjPtr or qemu driver lock is held this will needlessly block execution of many other API calls. it also prevents asynchronous monitor events from being dispatched while a monitor command is executing, because deadlock will ensure. To resolve this, it is neccessary to release all locks while executing a monitor command. This change introduces a flag indicating that a monitor job is active, and a condition variable to synchronize access to this flag. This ensures that only a single thread can be making a state change or executing a monitor command at a time, while still allowing other API calls to be completed without blocking * src/qemu/qemu_driver.c: Release driver and domain lock when running monitor commands. Re-add locking to disk passphrase callback * src/qemu/THREADS.txt: Document threading rules
-
由 Daniel P. Berrange 提交于
Change the QEMU monitor file handle watch to poll for both read & write events, as well as EOF. All I/O to/from the QEMU monitor FD is now done in the event callback thread. When the QEMU driver needs to send a command, it puts the data to be sent into a qemuMonitorMessagePtr object instance, queues it for dispatch, and then goes to sleep on a condition variable. The event thread sends all the data, and then waits for the reply to arrive, putting the response / error data back into the qemuMonitorMessagePtr and notifying the condition variable. There is a temporary hack in the disk passphrase callback to avoid acquiring the domain lock. This avoids a deadlock in the command processing, since the domain lock is still held when running monitor commands. The next commit will remove the locking when running commands & thus allow re-introduction of locking the disk passphrase callback * src/qemu/qemu_driver.c: Temporarily don't acquire lock in disk passphrase callback. To be reverted in next commit * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Remove raw I/O functions, and a generic qemuMonitorSend() for invoking a command * src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Remove all low level I/O, and use the new qemuMonitorSend() API. Provide a qemuMonitorTextIOProcess() method for detecting command/reply/prompt boundaries in the monitor data stream
-
由 Eduardo Otubo 提交于
Use ssh keyfiles from the current user's home directory instead of trying to use keyfiles from a hardcoded /home/user directory. Fallback to username/password authentication if keyfiles are not available or keyfile authentication failed.
-