- 21 8月, 2013 8 次提交
-
-
由 John Ferlan 提交于
Update formatsecret docs to describe the various options and provide examples in order to set up secrets for each type of secret.
-
由 John Ferlan 提交于
Add more iSCSI examples including having a secret attached. There are 4 new examples; one for each way to have an iSCSI - a network disk using virtio, a passthrough network lun using scsi, a volume disk using "mode='host'", and a volume disk using "mode='direct'"
-
由 John Ferlan 提交于
Each of the modules handled reporting error messages from the secret fetching slightly differently with respect to the error. Provide a similar message for each error case and provide as much data as possible.
-
由 Osier Yang 提交于
Following XML would fail : <disk type='network' device='lun'> <driver name='qemu' type='raw'/> <source protocol='iscsi' name='iqn.2013-07.com.example:iscsi/1'> <host name='example.com' port='3260'/> </source> <target dev='sda' bus='scsi'/> </disk> With the message: error: Failed to start domain iscsilun error: Unable to get device ID 'iqn.2013-07.com.example:iscsi/1': No such fi Cause was commit id '1f49b05a' which added 'virDomainDiskSourceIsBlockType'
-
由 John Ferlan 提交于
When using virsh secret-list - if the secret types are cephx or iscsi, then allow fetch/print of the usage information. Prior to the change the following would print: UUID Usage ----------------------------------------------------------- 1b40a534-8301-45d5-b1aa-11894ebb1735 Unused a5ba3efe-6adf-4a6a-b243-f010a043e314 Unused Afterwards: UUID Usage ----------------------------------------------------------- 1b40a534-8301-45d5-b1aa-11894ebb1735 ceph ceph_example a5ba3efe-6adf-4a6a-b243-f010a043e314 iscsi libvirtiscsi
-
由 John Ferlan 提交于
If we reached cleanup: prior to allocating cpus, it was possible that 'nr_nodes' had a value, but cpus was NULL leading to a possible NULL deref. Add a 'cpus' as an end condition to for loop
-
由 Eric Blake 提交于
Daniel Berrange (correctly) pointed out that we should do a better job of testing selinux labeling fallbacks on NFS disks that lack labeling support. * tests/securityselinuxhelper.c (includes): Makefile already guaranteed xattr support. Add additional headers. (init_syms): New function, borrowing from vircgroupmock.c. (setfilecon_raw, getfilecon_raw): Fake NFS failure. (statfs): Fake an NFS mount point. (security_getenforce, security_get_boolean_active): Don't let host environment affect test. * tests/securityselinuxlabeldata/nfs.data: New file. * tests/securityselinuxlabeldata/nfs.xml: New file. * tests/securityselinuxlabeltest.c (testSELinuxCreateDisks) (testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount. (testSELinuxCheckLabels): Test handling of SELinux NFS denial. Fix memory leak. (testSELinuxLabeling): Avoid infinite loop on dirty tree. (mymain): Add new test.
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=924153 Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with an attribute relabel='no' in order to try and minimize the impact of shutdown delays when an NFS server disappears. The idea was that if a disk is on NFS and can't be labeled in the first place, there is no need to attempt the (no-op) relabel on domain shutdown. Unfortunately, the way this was implemented was by modifying the domain XML so that the optimization would survive libvirtd restart, but in a way that is indistinguishable from an explicit user setting. Furthermore, once the setting is turned on, libvirt avoids attempts at labeling, even for operations like snapshot or blockcopy where the chain is being extended or pivoted onto non-NFS, where SELinux labeling is once again possible. As a result, it was impossible to do a blockcopy to pivot from an NFS image file onto a local file. The solution is to separate the semantics of a chain that must not be labeled (which the user can set even on persistent domains) vs. the optimization of not attempting a relabel on cleanup (a live-only annotation), and using only the user's explicit notation rather than the optimization as the decision on whether to skip a label attempt in the first place. When upgrading an older libvirtd to a newer, an NFS volume will still attempt the relabel; but as the avoidance of a relabel was only an optimization, this shouldn't cause any problems. In the ideal future, libvirt will eventually have XML describing EVERY file in the backing chain, with each file having a separate <seclabel> element. At that point, libvirt will be able to track more closely which files need a relabel attempt at shutdown. But until we reach that point, the single <seclabel> for the entire <disk> chain is treated as a hint - when a chain has only one file, then we know it is accurate; but if the chain has more than one file, we have to attempt relabel in spite of the attribute, in case part of the chain is local and SELinux mattered for that portion of the chain. * src/conf/domain_conf.h (_virSecurityDeviceLabelDef): Add new member. * src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML): Parse it, for live images only. (virSecurityDeviceLabelDefFormat): Output it. (virDomainDiskDefParseXML, virDomainChrSourceDefParseXML) (virDomainDiskSourceDefFormat, virDomainChrDefFormat) (virDomainDiskDefFormat): Pass flags on through. * src/security/security_selinux.c (virSecuritySELinuxRestoreSecurityImageLabelInt): Honor labelskip when possible. (virSecuritySELinuxSetSecurityFileLabel): Set labelskip, not norelabel, if labeling fails. (virSecuritySELinuxSetFileconHelper): Fix indentation. * docs/formatdomain.html.in (seclabel): Document new xml. * docs/schemas/domaincommon.rng (devSeclabel): Allow it in RNG. * tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.xml: * tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.args: * tests/qemuxml2xmloutdata/qemuxml2xmlout-seclabel-*-labelskip.xml: New test files. * tests/qemuxml2argvtest.c (mymain): Run the new tests. * tests/qemuxml2xmltest.c (mymain): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 20 8月, 2013 10 次提交
-
-
由 Peter Krempa 提交于
Use the new semantics of vshStringToArray to avoid leaking the array of volumes to be deleted. The array would be leaked in case the first volume was found in the domain definition. Also refactor the code a bit to sanitize naming of variables hoding arrays and dimensions of the arrays. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050
-
由 Peter Krempa 提交于
Explicitly let the user know about the unknown pool type.
-
由 Peter Krempa 提交于
At a slightly larger memory expense allow stealing of items from the string array returned from vshStringToArray and turn the result into a string list compatible with virStringSplit. This will allow to use the common dealloc function. This patch also fixes a few forgotten checks of return from vshStringToArray and one memory leak.
-
由 Michal Privoznik 提交于
If there's no hard_limit set and domain uses VFIO we still must lock the guest memory (prerequisite from qemu). Hence, we should compute the amount to be locked from max_balloon.
-
由 Michal Privoznik 提交于
Since 16bcb3 we have a regression. The hard_limit is set unconditionally. By default the limit is zero. Hence, if user hasn't configured any, we set the zero in cgroup subsystem making the kernel kill the corresponding qemu process immediately. The proper fix is to set hard_limit iff user has configured any.
-
由 Michal Privoznik 提交于
-
由 Eric Blake 提交于
Another program gains --help/--version :) * tools/virt-pki-validate.in: Add option parsing. Update documentation to match. * tools/Makefile.am (virt-pki-validate): Substitute version. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
We were failing to autoprobe which schema to use for several top-level XML elements. * tools/virt-xml-validate.in (TYPE): Recognize <domainsnapshot>, <filter>, and <secret>. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
All good tools should have --help and --version output :) Furthermore, we want to ensure a failed exit if xmllint fails, or even for 'virt-xml-validate > /dev/full'. * tools/virt-xml-validate.in: Add option parsing. Output errors to stderr. Update documentation to match. * tools/Makefile.am (virt-xml-validate): Substitute version. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Jim Fehlig 提交于
From: Dario Faggioli <dario.faggioli@citrix.com> Starting from Xen 4.2, libxl has all the bits and pieces in place for retrieving an adequate amount of information about the host NUMA topology. It is therefore possible, after a bit of shuffling, to arrange those information in the way libvirt wants to present them to the outside world. Therefore, with this patch, the <topology> section of the host capabilities is properly populated, when running on Xen, so that we can figure out whether or not we're running on a NUMA host, and what its characteristics are. [raistlin@Zhaman ~]$ sudo virsh --connect xen:/// capabilities <capabilities> <host> <cpu> .... <topology> <cells num='2'> <cell id='0'> <memory unit='KiB'>6291456</memory> <cpus num='8'> <cpu id='0' socket_id='1' core_id='0' siblings='0-1'/> <cpu id='1' socket_id='1' core_id='0' siblings='0-1'/> <cpu id='2' socket_id='1' core_id='1' siblings='2-3'/> <cpu id='3' socket_id='1' core_id='1' siblings='2-3'/> <cpu id='4' socket_id='1' core_id='9' siblings='4-5'/> <cpu id='5' socket_id='1' core_id='9' siblings='4-5'/> <cpu id='6' socket_id='1' core_id='10' siblings='6-7'/> <cpu id='7' socket_id='1' core_id='10' siblings='6-7'/> </cpus> </cell> <cell id='1'> <memory unit='KiB'>6881280</memory> <cpus num='8'> <cpu id='8' socket_id='0' core_id='0' siblings='8-9'/> <cpu id='9' socket_id='0' core_id='0' siblings='8-9'/> <cpu id='10' socket_id='0' core_id='1' siblings='10-11'/> <cpu id='11' socket_id='0' core_id='1' siblings='10-11'/> <cpu id='12' socket_id='0' core_id='9' siblings='12-13'/> <cpu id='13' socket_id='0' core_id='9' siblings='12-13'/> <cpu id='14' socket_id='0' core_id='10' siblings='14-15'/> <cpu id='15' socket_id='0' core_id='10' siblings='14-15'/> </cpus> </cell> </cells> </topology> </host> ....
-
- 19 8月, 2013 8 次提交
-
-
由 Peter Krempa 提交于
When the daemon is compiled with firewalld support but the DBus message bus isn't started in the system, the initialization of the nwfilter driver fails even if there are fallback options.
-
由 Peter Krempa 提交于
On hosts that don't have the DBus service running or installed the new systemd cgroups code failed with hard error instead of falling back to "manual" cgroup creation. Use the new helper to check for the system bus and use the fallback code in case it isn't available.
-
由 Peter Krempa 提交于
Some systems may not use DBus in their system. Add a method to check if the system bus is available that doesn't print error messages so that code can later check for this condition and use an alternative approach.
-
由 Peter Krempa 提交于
Coverity reported a memleak in the test added in 7efd5fd1. In case the code will be broken and the code will actually parse a faulty bitmap the resulting pointer would be leaked. Free it although that shouldn't ever happen.
-
由 David Weber 提交于
Each new VM requires a new connection from libvirtd to virtlockd. The default max clients limit in virtlockd of 20 is thus woefully insufficient. virtlockd sockets are only accessible to matching users, so there is no security need for such a tight limit. Make it configurable and default to 1024. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Michal Privoznik 提交于
In one of my previous patches I am removing the hard_limit heuristic to guess the correct value if none set. However, it turned out, this limit is hard to guess even for users. We should advise them to not set the limit as their domains may be OOM killed. Sigh.
-
由 Michal Privoznik 提交于
This function is to guess the correct limit for maximal memory usage by qemu for given domain. This can never be guessed correctly, not to mention all the pains and sleepless nights this code has caused. Once somebody discovers algorithm to solve the Halting Problem, we can compute the limit algorithmically. But till then, this code should never see the light of the release again.
-
由 Osier Yang 提交于
One has to refresh the pool to get the correct pool info after adding/removing/resizing a volume, this updates the pool metadata (allocation, available) after those operation are done.
-
- 18 8月, 2013 1 次提交
-
-
由 Cole Robinson 提交于
-
- 17 8月, 2013 7 次提交
-
-
由 Cole Robinson 提交于
Similar to how other objects arrange their parse APIs. This will be used by the test driver.
-
由 Cole Robinson 提交于
Right now things are split a bit between parsing from a relative file path or parsing from inline XML. Unify it. This will simplify upcoming bits.
-
由 Cole Robinson 提交于
Passing virConnectPtr is redundant, just pass testConnPtr and simplify certain callers.
-
由 Cole Robinson 提交于
The function that parses custom driver XML was getting pretty unruly, split the object parsing into their own functions. Rename some variables to be consistent across each function. This should be functionally identical.
-
由 Don Dugger 提交于
Currently the virConnectBaselineCPU API does not expose the CPU features that are part of the CPU's model. This patch adds a new flag, VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, that causes the API to explicitly list all features that are part of that model. Signed-off-by: NDon Dugger <donald.d.dugger@intel.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Rather than inlining gl_WARN_ADD loads of time, we can shave about 17k size off of the configure script by delaying it to a cleanup shell loop. * m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Track a list of things to check, rather than inlining multiple checks. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Jim Fehlig 提交于
Cleanup the libxl capabilities code to be a bit more extensible, splitting out the creation of host and guest capabilities. This should make it easier to implement additional capabilities in the future, such as NUMA topology reporting.
-
- 16 8月, 2013 6 次提交
-
-
由 Daniel P. Berrange 提交于
Feedback from the polkit developers indicates that the "_detail_XXXX" attributes are a private implementation detail. Our examples should be recommending use of the "action.lookup('XXX')" method instead. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Peter Krempa 提交于
Previous patch fixed an issue where, when parsing a bitmap from the string, the bounds of the bitmap weren't checked. That flaw resulted into crashes. This test tests that case to avoid it in the future.
-
由 Peter Krempa 提交于
-
由 Peter Krempa 提交于
The virBitmapParse function was calling virBitmapIsSet() function that requires the caller to check the bounds of the bitmap without checking them. This resulted into crashes when parsing a bitmap string that was exceeding the bounds used as argument. This patch refactors the function to use virBitmapSetBit without checking if the bit is set (this function does the checks internally) and then counts the bits in the bitmap afterwards (instead of keeping track while parsing the string). This patch also changes the "parse_error" label to a more common "error". The refactor should also get rid of the need to call sa_assert on the returned variable as the callpath should allow coverity to infer the possible return values. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997367 Thanks to Alex Jia for tracking down the issue. This issue is introduced by commit 0fc89098.
-
由 Peter Krempa 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=997765 ==1349431== 8 bytes in 1 blocks are definitely lost in loss record 11 of 760 ==1349431== at 0x4C2A554: calloc (vg_replace_malloc.c:593) ==1349431== by 0x4E9AA3E: virAllocN (in /usr/lib64/libvirt.so.0.1001.1) ==1349431== by 0x4EF28C4: virXPathNodeSet (in /usr/lib64/libvirt.so.0.1001.1) ==1349431== by 0x130B83: cmdCPUBaseline (in /usr/bin/virsh) ==1349431== by 0x12C608: vshCommandRun (in /usr/bin/virsh) ==1349431== by 0x12889A: main (in /usr/bin/virsh)
-
由 Eric Blake 提交于
Gnulib recently patched gcc warning detection so that it does not treat things like -Wno-unused-command-line-argument as supported in gcc (treating it as supported merely resulted in extra verbosity when an actual compile error occurred). It has also improved bootstrap to work with less hassle on OpenBSD. * .gnulib: Update to latest, in part for bootstrap and warnings improvements. * bootstrap: Resync from gnulib. Signed-off-by: NEric Blake <eblake@redhat.com>
-