In order to reuse the newly-created host-side disk struct in
the virstoragefile backing chain code, I first have to move
it to util/.  This starts the process, by first moving the
security label structures.

* src/conf/domain_conf.h (virDomainDefGenSecurityLabelDef)
(virDomainDiskDefGenSecurityLabelDef, virSecurityLabelDefFree)
(virSecurityDeviceLabelDefFree, virSecurityLabelDef)
(virSecurityDeviceLabelDef): Move...
* src/util/virseclabel.h: ...to new file.
(virSecurityLabelDefNew, virSecurityDeviceLabelDefNew): Rename the
GenSecurity functions.
* src/qemu/qemu_process.c (qemuProcessAttach): Adjust callers.
* src/security/security_manager.c (virSecurityManagerGenLabel):
Likewise.
* src/security/security_selinux.c
(virSecuritySELinuxSetSecurityFileLabel): Likewise.
* src/util/virseclabel.c: New file.
* src/conf/domain_conf.c: Move security code, and fix fallout.
* src/Makefile.am (UTIL_SOURCES): Build new file.
* src/libvirt_private.syms (domain_conf.h): Move symbols...
(virseclabel.h): ...to new section.
Signed-off-by: NEric Blake <eblake@redhat.com>

Use the previously implemented function to lookup glusterfs source pools
for the netfs pool to lookup native gluster pools too.

https://bugzilla.redhat.com/show_bug.cgi?id=1072714

Use the "gluster" command line tool to retrieve information about remote
volumes on a gluster server to allow storage pool source lookup.

Unfortunately gluster doesn't provide a management library so that we
could use that directly, instead the RPC calls are hardcoded in the
command line tool.

Extract the NFS related stuff into a separate function and tidy up the
rest of the code so we can reuse it to add gluster backend detection.

Additionally avoid reporting of errors from "showmount" and return an
empty source list instead. This will help when adding other detection
backends.

Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

According to our documentation the "key" value has the following
meaning: "Providing an identifier for the volume which identifies a
single volume." The currently used keys for gluster volumes consist of
the gluster volume name and file path. This can't be considered unique
as a different storage server can serve a volume with the same name.

Unfortunately I wasn't able to figure out a way to retrieve the gluster
volume UUID which would avoid the possibility of having two distinct
keys identifying a single volume.

Use the full URI as the key for the volume to avoid the more critical
ambiguity problem and document the possible change to UUID.

Remove the original VolOpen implementation, which is now only used in
one spot.

And drop the original UpdateVolInfo. Makes it a bit easier to follow
the function usage.

And change the int parameter to an explicit bool.

On failures, virBhyveProcessStart() does not cleanup network
interfaces that could be created by virBhyveProcessBuildBhyveCmd(),
which results in a leaked tap device.

To fix that, extract network cleanup code to bhyveNetCleanup()
and use it in cleanup stage of virBhyveProcessStart().

Signed-off-by: NHongwei Bi <hwbi2008@gmail.com>

When virStorageFileGetMetadata is called with NULL path argument, the
invalid pointer boils down through the recursive worker and is caught by
virHashAddEntry which is thankfully resistant to NULL arguments. As it
doesn't make sense to pursue backing chains of NULL volumes, exit
earlier.

This was noticed in the virt-aahelper-test with a slightly modified
codebase.

The libgfapi function glfs_fini doesn't tolerate NULL pointers. Add a
check on the error paths as it's possible to crash libvirtd if the
gluster volume can't be initialized.

The <source> elements need to be indented from <sources> elements.

This follows the same pattern when v8 and v9 were added. I've tested
this with my ESX 5.5 and seems to work fine.

virNodeDeviceListCaps will always return empty for a pci nodedevice,
actually it should return 'pci'.

It is because the loop variable ncaps isn't increased.

Introduced by commit be2636fd.

https://bugzilla.redhat.com/show_bug.cgi?id=1081932Signed-off-by: NJincheng Miao <jmiao@redhat.com>
Signed-off-by: NJán Tomko <jtomko@redhat.com>

Without this, session libvirt won't start if it fails to create
the directory.

The object itself is freed by virObjectUnref.

See lp#1276719 for the bug description. As virt-aa-helper doesn't know
the VFIO groups to use for the guest, allow access to all
/dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need
for vfio
Signed-off-by: NEric Blake <eblake@redhat.com>

While running qemucaps2xmltest, it was found that valgrind pointed out
the following memory leaks:

==29896== 0 bytes in 1 blocks are definitely lost in loss record 1 of 65
==29896==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
==29896==    by 0x4C6B45E: virAllocN (viralloc.c:191)
==29896==    by 0x4232A9: virQEMUCapsGetMachineTypesCaps (qemu_capabilities.c:1999)
==29896==    by 0x4234E7: virQEMUCapsInitGuestFromBinary (qemu_capabilities.c:789)
==29896==    by 0x41F10B: testQemuCapsXML (qemucaps2xmltest.c:118)
==29896==    by 0x41FFD1: virtTestRun (testutils.c:201)
==29896==    by 0x41EE7A: mymain (qemucaps2xmltest.c:203)
==29896==    by 0x42074D: virtTestMain (testutils.c:789)
==29896==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
==29896==
==29896== 0 bytes in 1 blocks are definitely lost in loss record 2 of 65
==29896==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
==29896==    by 0x4C6B45E: virAllocN (viralloc.c:191)
==29896==    by 0x4232A9: virQEMUCapsGetMachineTypesCaps (qemu_capabilities.c:1999)
==29896==    by 0x4234E7: virQEMUCapsInitGuestFromBinary (qemu_capabilities.c:789)
==29896==    by 0x41F10B: testQemuCapsXML (qemucaps2xmltest.c:118)
==29896==    by 0x41FFD1: virtTestRun (testutils.c:201)
==29896==    by 0x41EEA3: mymain (qemucaps2xmltest.c:204)
==29896==    by 0x42074D: virtTestMain (testutils.c:789)
==29896==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
Signed-off-by: NEric Blake <eblake@redhat.com>

s/forcably/forcibly
Signed-off-by: NHongwei Bi <hwbi2008@gmail.com>
Signed-off-by: NEric Blake <eblake@redhat.com>

Implement domain lookup by its ID.

To ease mocking for bhyve unit tests move virBhyveTapGetRealDeviceName()
out of bhyve_command.c to virnetdevtap and rename it to
virNetDevTapGetRealDeviceName().

A patch submitted by Steven Malin last week pointed out a problem with
libvirt's DNS SRV record configuration:

  https://www.redhat.com/archives/libvir-list/2014-March/msg00536.html

When searching for that message later, I found another series that had
been posted by Guannan Ren back in 2012 that somehow slipped between
the cracks:

  https://www.redhat.com/archives/libvir-list/2012-July/msg00236.html

That patch was very much out of date, but also pointed out some real
problems.

This patch fixes all the noted problems by refactoring
virNetworkDNSSrvDefParseXML() and networkDnsmasqConfContents(), then
verifies those fixes by added several new records to the test case.

Problems fixed:

* both service and protocol now have an underscore ("_") prepended on
  the commandline, as required by RFC2782.

  <srv service='sip' protocol='udp' domain='example.com'
       target='tests.example.com' port='5060' priority='10'
       weight='150'/>

  before: srv-host=sip.udp.example.com,tests.example.com,5060,10,150
  after:  srv-host=_sip._udp.example.com,tests.example.com,5060,10,150

* if "domain" wasn't specified in the <srv> element, the extra
  trailing "." will no longer be added to the dnsmasq commandline.

  <srv service='sip' protocol='udp' target='tests.example.com'
       port='5060' priority='10' weight='150'/>

  before: srv-host=sip.udp.,tests.example.com,5060,10,150
  after:  srv-host=_sip._udp,tests.example.com,5060,10,150

* when optional attributes aren't specified, the separating comma is
  also now not placed on the dnsmasq commandline. If optional
  attributes in the middle of the line are not specified, they are
  replaced with a default value in the commandline (1 for port, 0 for
  priority and weight).

  <srv service='sip' protocol='udp' target='tests.example.com'
       port='5060'/>

  before: srv-host=sip.udp.,tests.example.com,5060,,
  after:  srv-host=_sip._udp,tests.example.com,5060

  (actually the would have generated an error, because "optional"
  attributes weren't really optional.)

* The allowed characters for both service and protocol are now limited
  to alphanumerics, plus a few special characters that are found in
  existing names in /etc/services and /etc/protocols. (One exception
  is that both of these files contain names with an embedded ".", but
  "."  can't be used in these fields of an SRV record because it is
  used as a field separator and there is no method to escape a "."
  into a field.) (Previously only the strings "tcp" and "udp" were
  allowed for protocol, but this restriction has been removed, since
  RFC2782 specifically says that it isn't limited to those, and that
  anyway it is case insensitive.)

* the "domain" attribute is no longer required in order to recognize
  the port, priority, and weight attributes during parsing. Only
  "target" is required for this.

* if "target" isn't specified, port, priority, and weight are not
  allowed (since they are meaningless - an empty target means "this
  service is *not available* for this domain").

* port, priority, and weight are now truly optional, as the comments
  originally suggested, but which was not actually true.

Instead of adding one to the iterator on every use.

If there are more than two regexes, but only one of them matches,
the matched groups would be leaked.

Do not check for border iterator values inside the loop,
move the code before/after the loop instead.

It is used to break out of the loop early if one regex does not match.
Use the 'break' statement instead.

In all other drivers we are doing so. Moreover, we don't want to parse
runtime information in attach (even if the attach is meant as live)
because we are generating the runtime info ourselves. We can't trust
users they supply sane values anyway.

==1140== 9 bytes in 1 blocks are definitely lost in loss record 72 of 1,151
==1140==    at 0x4A06C2B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1140==    by 0x623C758: xmlStrndup (in /usr/lib64/libxml2.so.2.9.1)
==1140==    by 0x50FD763: virXMLPropString (virxml.c:483)
==1140==    by 0x510F8B7: virDomainDeviceInfoParseXML (domain_conf.c:3685)
==1140==    by 0x511ACFD: virDomainChrDefParseXML (domain_conf.c:7535)
==1140==    by 0x5121D13: virDomainDeviceDefParse (domain_conf.c:9918)
==1140==    by 0x13AE6313: qemuDomainAttachDeviceFlags (qemu_driver.c:6926)
==1140==    by 0x13AE65FA: qemuDomainAttachDevice (qemu_driver.c:7005)
==1140==    by 0x51C77DA: virDomainAttachDevice (libvirt.c:10231)
==1140==    by 0x127FDD: remoteDispatchDomainAttachDevice (remote_dispatch.h:2404)
==1140==    by 0x127EC5: remoteDispatchDomainAttachDeviceHelper (remote_dispatch.h:2382)
==1140==    by 0x5241F81: virNetServerProgramDispatchCall (virnetserverprogram.c:437)

When doing live attach, we are passing the inactive definition anyway
since we are passing the result of virDomainDeviceDefCopy() which does
inactive copy by default.

Moreover, we are doing the same mistake in qemuhotplugtest.

Just a side note - it makes perfect sense to parse the runtime info
like alias in qemuDomainDetachDevice and qemuDomainUpdateDeviceFlags()
as in some cases the only difference to distinguish two devices can be
just their alias.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

This patch decouples the binary and the capabilities detection
from the guest initialization.

The purpose is to make testing easier.

This patch adds an element to QEMU's capability XML, to
show if the underlying QEMU binary supports the live disk
snapshotting or not.
This allows any client to know ahead of time if the feature
is available.

Without this information available, the only way to check
for the snapshot support is to request one and check for
errors.
Signed-off-by: NFrancesco Romani <fromani@redhat.com>

Currently, the Linux kernel treats values of '0' and '1' as
the minimum of 2. Values larger than the maximum are changed
to the maximum.

Re-reading the shares value after setting it reflects this in
the live domain XML.

Currently, <cputune><shares>0</shares></cputune> is treated
as if it were not specified.

Treat is as a valid value if it was explicitly specified
and write it to the cgroups.

On error the lofd would have been leaked.

Recent changes to the module seemed to have caused Coverity to find a new
issue regarding the failure to check the return from a sendmsg. The code
doesn't seem to care about the return status, so just added an ignore_value
to keep Coverity quiet.

qemuDomainSetSchedulerParametersFlags() calls virQEMUDriverGetConfig() twice
and makes the reference counter leak. This removes redundant call.

Problem introduced in commit 45ad1adbSigned-off-by: NEric Blake <eblake@redhat.com>

We use virBhyveTapGetRealDeviceName() to map network interface name
to a real device path, trying to open possible devices and getting
names by ioctl.

Make it skip devices that fail to open with EBUSY because they're
most likely already used by other VMs.

Commit d9f19c30 moved a lot of the
configuration setup into libxlDriverConfigNew().
However that tries to create the libxl/libxl-driver.log before the
libxl directory gets created in libxlStateInitialize().

This causes the daemon to fail on systems that have not had the directory
created before.

Move the code to create the libxl directory into libxlDriverConfigNew().
Signed-off-by: NStefan Bader <stefan.bader@canonical.com>