- 15 11月, 2019 2 次提交
-
-
由 Pavel Hrdina 提交于
This function loads the BPF prog with prepared map into kernel and attaches it into guest cgroup. It can be also used to replace existing program in the cgroup if we need to resize BPF map to store more rules for devices. The old program will be closed and removed from kernel. There are two possible ways how to create BPF program: - One way is to write simple C-like code which can by compiled into BPF object file which can be loaded into kernel using elfutils. - The second way is to define macros which look like assembler instructions and can be used directly to create BPF program that can be directly loaded into kernel. Since the program is not too complex we can use the second option. If there is no program, all devices are allowed, if there is some program it is executed and based on the exit status the access is denied for 0 and allowed for 1. Our program will follow these rules: - first it will try to look for the specific key using major and minor to see if there is any rule for that specific device - if there is no specific rule it will try to look for any rule that matches only major of the device - if there is no match with major it will try the same but with minor of the device - as the last attempt it will try to look for rule for all devices and if there is no match it will return 0 to deny that access Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Pavel Hrdina 提交于
There is no exact way how to figure out whether BPF devices support is compiled into kernel. One way is to check kernel configure options but this is not reliable as it may not be available. Let's try to do syscall to which will list BPF cgroup device programs. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 13 6月, 2019 1 次提交
-
-
由 Jonathon Jongsma 提交于
Signed-off-by: NJonathon Jongsma <jjongsma@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 14 12月, 2018 2 次提交
-
-
由 Daniel P. Berrangé 提交于
Require that all headers are guarded by a symbol named LIBVIRT_$FILENAME where $FILENAME is the uppercased filename, with all characters outside a-z changed into '_'. Note we do not use a leading __ because that is technically a namespace reserved for the toolchain. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
In many files there are header comments that contain an Author: statement, supposedly reflecting who originally wrote the code. In a large collaborative project like libvirt, any non-trivial file will have been modified by a large number of different contributors. IOW, the Author: comments are quickly out of date, omitting people who have made significant contribitions. In some places Author: lines have been added despite the person merely being responsible for creating the file by moving existing code out of another file. IOW, the Author: lines give an incorrect record of authorship. With this all in mind, the comments are useless as a means to identify who to talk to about code in a particular file. Contributors will always be better off using 'git log' and 'git blame' if they need to find the author of a particular bit of code. This commit thus deletes all Author: comments from the source and adds a rule to prevent them reappearing. The Copyright headers are similarly misleading and inaccurate, however, we cannot delete these as they have legal meaning, despite being largely inaccurate. In addition only the copyright holder is permitted to change their respective copyright statement. Reviewed-by: NErik Skultety <eskultet@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 25 6月, 2012 1 次提交
-
-
由 Thang Pham 提交于
Adding CPU encoder/decoder for s390 to avoid runtime error messages. Signed-off-by: NThang Pham <thang.pham@us.ibm.com> Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-
- 10 3月, 2010 1 次提交
-
-
由 Eric Blake 提交于
* global: patch created by running: for f in $(git ls-files '*.[ch]') ; do cppi $f > $f.t && mv $f.t $f done
-
- 18 12月, 2009 1 次提交
-
-
由 Jiri Denemark 提交于
Each driver supporting CPU selection must fill in host CPU capabilities. When filling them, drivers for hypervisors running on the same node as libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers, such as VMware, need to implement their own way of getting such data. Raw data can be decoded into virCPUDefPtr using cpuDecode() function. When implementing virConnectCompareCPU(), a hypervisor driver can just call cpuCompareXML() function with host CPU capabilities. For each guest for which a driver supports selecting CPU models, it must set the appropriate feature in guest's capabilities: virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0) Actions needed when a domain is being created depend on whether the hypervisor understands raw CPU data (currently CPUID for i686, x86_64 architectures) or symbolic names has to be used. Typical use by hypervisors which prefer CPUID (such as VMware and Xen): - convert guest CPU configuration from domain's XML into a set of raw data structures each representing one of the feature policies: cpuEncode(conn, architecture, guest_cpu_config, &forced_data, &required_data, &optional_data, &disabled_data, &forbidden_data) - create a mask or whatever the hypervisor expects to see and pass it to the hypervisor Typical use by hypervisors with symbolic model names (such as QEMU): - get raw CPU data for a computed guest CPU: cpuGuestData(conn, host_cpu, guest_cpu_config, &data) - decode raw data into virCPUDefPtr with a possible restriction on allowed model names: cpuDecode(conn, guest, data, n_allowed_models, allowed_models) - pass guest->model and guest->features to the hypervisor * src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h * configure.in: check for CPUID instruction * src/Makefile.am: glue the new files in * src/libvirt_private.syms: add new private symbols * po/POTFILES.in: add new cpu files containing translatable strings
-
- 21 9月, 2009 1 次提交
-
-
由 Daniel P. Berrange 提交于
* src/bridge.c, src/bridge.h, src/buf.c, src/buf.h, src/cgroup.c, src/cgroup.h, src/conf.c, src/conf.h, src/event.c, src/event.h, src/hash.c, src/hash.h, src/hostusb.c, src/hostusb.h, src/iptables.c, src/iptables.h, src/logging.c, src/logging.h, src/memory.c, src/memory.h, src/pci.c, src/pci.h, src/qparams.c, src/qparams.h, src/stats_linux.c, src/stats_linux.h, src/threads-pthread.c, src/threads-pthread.h, src/threads-win32.c, src/threads-win32.h, src/threads.c, src/threads.h, src/util.c, src/util.h, src/uuid.c, src/uuid.h, src/virterror.c, src/virterror_internal.h, src/xml.c, src/xml.h: Move all files into src/util/ * daemon/Makefile.am: Add -Isrc/util/ to build flags * src/Makefile.am: Add -Isrc/util/ to build flags and update for moved files * src/libvirt_private.syms: Export cgroup APIs since they're now in util rather than linking directly to drivers * src/xen/xs_internal.c: Disable bogus virEventRemoveHandle call when built under PROXY * proxy/Makefile.am: Update for changed file locations. Remove bogus build of event.c * tools/Makefile.am, tests/Makefile.am: Add -Isrc/util/ to build flags
-
- 16 1月, 2009 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 20 11月, 2008 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 10 10月, 2008 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 21 8月, 2008 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 08 2月, 2008 1 次提交
-
-
由 Mark McLoughlin 提交于
* src/internal.h: move xstrol() variants from here ... * src/util.[ch]: ... to here and rename to virStrToLong() * src/libvirt_sym.version: export __virStrToLong_i() for virsh and qemud. * src/nodeinfo.c, src/stats_linux.c, src/virsh.c, src/xend_internal.c, qemud/qemud.c: replace xstrtol() calls with virStrToLong() * src/nodeinfo.h: don't include internal.h, which was only needed for xstrtol(), but instead include libvirt.h which is suffificient for the declarations in the header.
-
- 26 7月, 2007 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 29 6月, 2007 1 次提交
-
-
由 Daniel Veillard 提交于
stylesheet * docs/*: regenerated * src/bridge.c src/bridge.h src/buf.c src/iptables.c src/libvirt.c src/qemu_driver.c src/qemu_driver.h src/uuid.c src/uuid.h: cleanup, addd comments, made functions static and fixe a few bugs Daniel
-
- 27 6月, 2007 10 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 16 3月, 2007 1 次提交
-
-
由 Daniel Veillard 提交于
src/sexpr.h src/test.c src/xm_internal.c src/xml.c src/xml.h: applied patch from Richard Jones adding check to printf-like functions and fixing the problems raised Daniel
-
- 23 2月, 2007 2 次提交
-
-
由 Mark McLoughlin 提交于
* qemud/protocol.h: add the (domain/network)(Get/Set)Autostart requests and replies to the protocol. * src/qemu_internal.c: hookup the qemu driver autostart methods * qemud/dispatch.c, qemud/driver.[ch], internal.h: add the daemon side, but just set an in-memory autostart flag for now.
-
由 Mark McLoughlin 提交于
* qemud/driver.[ch], qemud/dispatch.c: fix the fact that qemudDispatchDomainStart() doesn't report an error if the uuid lookup fails and also move the uuid lookup into the driver so that it matches the way we do Destroy().
-
- 15 2月, 2007 1 次提交
-
-
由 Mark McLoughlin 提交于
* include/libvirt/libvirt.h.in, src/libvirt.c: add virNetworkGetBridgeName() to allow finding out what bridge to connect to in order to join a network. * src/driver.h: add networkGetBridgeName() to vtable. * qemud/protocol.h: add the request and reply to the qemud protocol. * qemud/dispatch.c, qemud/driver.[ch]: handle them here. * src/qemu_internal.c: implement GetBridgeName() in the qemu driver. * src/libvirt_sym.version: add new symbol.
-
- 14 2月, 2007 2 次提交
-
-
由 Mark McLoughlin 提交于
* qemud/protocol.h: add the protocol for virtual networks * qemud/dispatch.c: implement the protocol * qemud/driver.[ch]: add stubs for the driver * qemud/internal.h: add struct qemud_network * src/qemu_internal.c: add a virtual networks driver
-
由 Daniel P. Berrange 提交于
-