1. 15 11月, 2019 2 次提交
    • P
      vircgroup: introduce virCgroupV2DevicesAttachProg · 48423a0b
      Pavel Hrdina 提交于
      This function loads the BPF prog with prepared map into kernel and
      attaches it into guest cgroup.  It can be also used to replace existing
      program in the cgroup if we need to resize BPF map to store more rules
      for devices. The old program will be closed and removed from kernel.
      
      There are two possible ways how to create BPF program:
      
          - One way is to write simple C-like code which can by compiled into
            BPF object file which can be loaded into kernel using elfutils.
      
          - The second way is to define macros which look like assembler
            instructions and can be used directly to create BPF program that
            can be directly loaded into kernel.
      
      Since the program is not too complex we can use the second option.
      
      If there is no program, all devices are allowed, if there is some
      program it is executed and based on the exit status the access is
      denied for 0 and allowed for 1.
      
      Our program will follow these rules:
      
          - first it will try to look for the specific key using major and
            minor to see if there is any rule for that specific device
      
          - if there is no specific rule it will try to look for any rule that
            matches only major of the device
      
          - if there is no match with major it will try the same but with
            minor of the device
      
          - as the last attempt it will try to look for rule for all devices
            and if there is no match it will return 0 to deny that access
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      Reviewed-by: NJán Tomko <jtomko@redhat.com>
      48423a0b
    • P
      vircgroup: introduce virCgroupV2DevicesAvailable · 30b6ddc4
      Pavel Hrdina 提交于
      There is no exact way how to figure out whether BPF devices support is
      compiled into kernel.  One way is to check kernel configure options but
      this is not reliable as it may not be available.  Let's try to do
      syscall to which will list BPF cgroup device programs.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      Reviewed-by: NJán Tomko <jtomko@redhat.com>
      30b6ddc4
  2. 13 6月, 2019 1 次提交
  3. 14 12月, 2018 2 次提交
    • D
      Enforce a standard header file guard symbol name · 568a4172
      Daniel P. Berrangé 提交于
      Require that all headers are guarded by a symbol named
      
        LIBVIRT_$FILENAME
      
      where $FILENAME is the uppercased filename, with all characters
      outside a-z changed into '_'.
      
      Note we do not use a leading __ because that is technically a
      namespace reserved for the toolchain.
      Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
      568a4172
    • D
      Remove all Author(s): lines from source file headers · 60046283
      Daniel P. Berrangé 提交于
      In many files there are header comments that contain an Author:
      statement, supposedly reflecting who originally wrote the code.
      In a large collaborative project like libvirt, any non-trivial
      file will have been modified by a large number of different
      contributors. IOW, the Author: comments are quickly out of date,
      omitting people who have made significant contribitions.
      
      In some places Author: lines have been added despite the person
      merely being responsible for creating the file by moving existing
      code out of another file. IOW, the Author: lines give an incorrect
      record of authorship.
      
      With this all in mind, the comments are useless as a means to identify
      who to talk to about code in a particular file. Contributors will always
      be better off using 'git log' and 'git blame' if they need to  find the
      author of a particular bit of code.
      
      This commit thus deletes all Author: comments from the source and adds
      a rule to prevent them reappearing.
      
      The Copyright headers are similarly misleading and inaccurate, however,
      we cannot delete these as they have legal meaning, despite being largely
      inaccurate. In addition only the copyright holder is permitted to change
      their respective copyright statement.
      Reviewed-by: NErik Skultety <eskultet@redhat.com>
      Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
      60046283
  4. 21 9月, 2012 1 次提交
  5. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  6. 25 6月, 2012 1 次提交
  7. 10 3月, 2010 1 次提交
  8. 18 12月, 2009 1 次提交
    • J
      Adds CPU selection infrastructure · 7286882c
      Jiri Denemark 提交于
      Each driver supporting CPU selection must fill in host CPU capabilities.
      When filling them, drivers for hypervisors running on the same node as
      libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
      such as VMware, need to implement their own way of getting such data.
      Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
      
      When implementing virConnectCompareCPU(), a hypervisor driver can just
      call cpuCompareXML() function with host CPU capabilities.
      
      For each guest for which a driver supports selecting CPU models, it must
      set the appropriate feature in guest's capabilities:
      
          virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
      
      Actions needed when a domain is being created depend on whether the
      hypervisor understands raw CPU data (currently CPUID for i686, x86_64
      architectures) or symbolic names has to be used.
      
      Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
      
      - convert guest CPU configuration from domain's XML into a set of raw
        data structures each representing one of the feature policies:
      
          cpuEncode(conn, architecture, guest_cpu_config,
                    &forced_data, &required_data, &optional_data,
                    &disabled_data, &forbidden_data)
      
      - create a mask or whatever the hypervisor expects to see and pass it
        to the hypervisor
      
      Typical use by hypervisors with symbolic model names (such as QEMU):
      
      - get raw CPU data for a computed guest CPU:
      
          cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
      
      - decode raw data into virCPUDefPtr with a possible restriction on
        allowed model names:
      
          cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
      
      - pass guest->model and guest->features to the hypervisor
      
      * src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
        src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
        src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
      * configure.in: check for CPUID instruction
      * src/Makefile.am: glue the new files in
      * src/libvirt_private.syms: add new private symbols
      * po/POTFILES.in: add new cpu files containing translatable strings
      7286882c
  9. 21 9月, 2009 1 次提交
    • D
      Move all shared utility files to src/util/ · 1355e055
      Daniel P. Berrange 提交于
      * src/bridge.c, src/bridge.h, src/buf.c, src/buf.h, src/cgroup.c,
        src/cgroup.h, src/conf.c, src/conf.h, src/event.c, src/event.h,
        src/hash.c, src/hash.h, src/hostusb.c, src/hostusb.h,
        src/iptables.c, src/iptables.h, src/logging.c, src/logging.h,
        src/memory.c, src/memory.h, src/pci.c, src/pci.h, src/qparams.c,
        src/qparams.h, src/stats_linux.c, src/stats_linux.h,
        src/threads-pthread.c, src/threads-pthread.h, src/threads-win32.c,
        src/threads-win32.h, src/threads.c, src/threads.h, src/util.c,
        src/util.h, src/uuid.c, src/uuid.h, src/virterror.c,
        src/virterror_internal.h, src/xml.c, src/xml.h: Move all files
        into src/util/
      * daemon/Makefile.am: Add -Isrc/util/ to build flags
      * src/Makefile.am: Add -Isrc/util/ to build flags and update for
        moved files
      * src/libvirt_private.syms: Export cgroup APIs since they're now
        in util rather than linking directly to drivers
      * src/xen/xs_internal.c: Disable bogus virEventRemoveHandle call
        when built under PROXY
      * proxy/Makefile.am: Update for changed file locations. Remove
        bogus build of event.c
      * tools/Makefile.am, tests/Makefile.am: Add -Isrc/util/ to build flags
      1355e055
  10. 16 1月, 2009 1 次提交
  11. 20 11月, 2008 1 次提交
  12. 10 10月, 2008 1 次提交
  13. 21 8月, 2008 1 次提交
  14. 08 2月, 2008 1 次提交
    • M
      Fix gcc-4.3.0 "inlining failed" warning. · 3da5504e
      Mark McLoughlin 提交于
      * src/internal.h: move xstrol() variants from here ...
      
      * src/util.[ch]: ... to here and rename to virStrToLong()
      
      * src/libvirt_sym.version: export __virStrToLong_i() for
      virsh and qemud.
      
      * src/nodeinfo.c, src/stats_linux.c, src/virsh.c,
        src/xend_internal.c, qemud/qemud.c: replace xstrtol()
      calls with virStrToLong()
      
      * src/nodeinfo.h: don't include internal.h, which was only
      needed for xstrtol(), but instead include libvirt.h which
      is suffificient for the declarations in the header.
      3da5504e
  15. 26 7月, 2007 1 次提交
  16. 29 6月, 2007 1 次提交
  17. 27 6月, 2007 10 次提交
  18. 16 3月, 2007 1 次提交
  19. 23 2月, 2007 2 次提交
  20. 15 2月, 2007 1 次提交
    • M
      Tue Feb 14 16:17:51 IST 2007 Mark McLoughlin <markmc@redhat.com> · 8356c43e
      Mark McLoughlin 提交于
              * include/libvirt/libvirt.h.in, src/libvirt.c: add
              virNetworkGetBridgeName() to allow finding out what
              bridge to connect to in order to join a network.
      
              * src/driver.h: add networkGetBridgeName() to vtable.
      
              * qemud/protocol.h: add the request and reply to
              the qemud protocol.
      
              * qemud/dispatch.c, qemud/driver.[ch]: handle them
              here.
      
              * src/qemu_internal.c: implement GetBridgeName()
              in the qemu driver.
      
              * src/libvirt_sym.version: add new symbol.
      8356c43e
  21. 14 2月, 2007 2 次提交