- 18 12月, 2012 33 次提交
-
-
由 Jiri Denemark 提交于
-
由 Daniel Veillard 提交于
And Guannan Ren who was missing from the list
-
由 Laine Stump 提交于
This is yet another refinement to the fix for CVE-2012-3411: https://bugzilla.redhat.com/show_bug.cgi?id=833033 It turns out that it would be very intrusive to correctly backport the entire --bind-dynamic option to older dnsmasq versions (e.g. dnsmasq-2.48 that is used on RHEL6.x and CentOS 6.x), but very simple to patch those versions to just use SO_BINDTODEVICE on all their listening sockets (SO_BINDTODEVICE also has the desired effect of permitting only traffic that was received on the interface(s) where dnsmasq was set to listen.) This patch modifies the dnsmasq capabilities detection to detect the string: --bind-interfaces with SO_BINDTODEVICE in the output of "dnsmasq --version", and in that case realize that using the old --bind-interfaces option is just as safe as --bind-dynamic (and therefore *not* forbid creation of networks that use public IP address ranges). If -bind-dynamic is available, it is still preferred over --bind-interfaces. Note that this patch does no harm in upstream, or in any distro's downstream if it happens to end up there, but builds for distros that have a new enough dnsmasq to support --bind-dynamic do *NOT* need to specifically backport this patch; it's only required for distro releases that have dnsmasq too old to have --bind-dynamic (and those distros will need to add the SO_BINDTODEVICE patch to dnsmasq, *including the extra string in the --version output*, as well.
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
Using s/#authorslist#/$$out/ makes perl eat @domain part of all email addresses from $out since it tries to interpret them as array variables. I'm not sure if we can escape those in s/// but I know we can use print: s/#authorslist#// and print '$$out' to tell perl not to even look inside $out. This patch also fixes gen-AUTHORS so that it works in VPATH.
-
由 Laine Stump 提交于
Somehow I managed to push the changes to this file with improper indentation. This patch just re-indents, reformats the comment lines, and re-groups a couple of multi-line strings so that they fit within 80 columns. The resulting binary should be identical.
-
由 Cole Robinson 提交于
-
由 Cole Robinson 提交于
-
由 Cole Robinson 提交于
There's been a few bugs about an expected error from polkit: https://bugzilla.redhat.com/show_bug.cgi?id=873799 https://bugzilla.redhat.com/show_bug.cgi?id=872166 The error is: Authorization requires authentication but no agent is available. The error means that polkit needs a password, but there is no polkit agent registered in your session. Polkit agents are the bit of UI that pop up and actually ask for your password. Preface the error with the string 'polkit:' so folks can hopefully make more sense of it.
-
由 Daniel P. Berrange 提交于
Wire up the attach/detach device drivers in LXC to support the hotplug/unplug of host misc devices. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Wire up the attach/detach device drivers in LXC to support the hotplug/unplug of host storage devices. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Wire up the attach/detach device drivers in LXC to support the hotplug/unplug of USB host devices. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Wire up the attach/detach device drivers in LXC to support the hotplug/unplug of NICs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Wire up the attach/detach device drivers in LXC to support the hotplug/unplug of disks. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Wire up the attach/detach/update device APIs to support changing of hostdevs in the persistent config file Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Wire up the attach/detach/update device APIs to support changing of disks in the persistent config file Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Wire up the attach/detach/update device APIs to support changing of network interfaces in the persistent config file Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This wires up the LXC driver to support the domain device attach/ detach/update APIs, following the same code design as used in the QEMU driver. No actual changes are possible with this commit, it is only providing the framework Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This extends support for host device passthrough with LXC to cover misc devices. In this case all we need todo is a mknod in the container's /dev and whitelist the device in cgroups Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This extends support for host device passthrough with LXC to cover storage devices. In this case all we need todo is a mknod in the container's /dev and whitelist the device in cgroups Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This adds support for host device passthrough with the LXC driver. Since there is only a single kernel image, it doesn't make sense to pass through PCI devices, but USB devices are fine. For the latter we merely need to make the /dev/bus/usb/NNN/MMM character device exist in the container's /dev Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently LXC guests can be given arbitrary pre-mounted filesystems, however, for some usecases it is more appropriate to provide block devices which the container can mount itself. This first impl only allows for <disk type='block'>, in other words exposing a host disk device to a container. Since LXC does not have device namespace virtualization, we are cheating a little bit. If the XML specifies /dev/sdc4 to be given to the container as /dev/sda1, when we do the mknod /dev/sda1 in the container's /dev, we actually use the major:minor number of /dev/sdc4, not /dev/sda1. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The SELinux security driver needs to learn to label storage/misc hostdev devices for LXC Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Prepare to support different types of hostdevs by refactoring the current SELinux security driver code Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
When LXC labels USB devices during hotplug, it is running in host context, so it needs to pass in a vroot path to the container root. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virSecurityManager{Set,Restore}AllLabel methods are invoked at domain startup/shutdown to relabel resources associated with a domain. This works fine with QEMU, but with LXC they are in fact both currently no-ops since LXC does not support disks, hostdevs, or kernel/initrd files. Worse, when LXC gains support for disks/hostdevs, they will do the wrong thing, since they run in host context, not container context. Thus this patch turns then into a formal no-op when used with LXC. The LXC controller will call out to specific security manager labelling APIs as required during startup. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The code for creating veth/macvlan devices is part of the LXC process startup code. Refactor this a little and export the methods to the rest of the LXC driver. This allows them to be reused for NIC hotplug code Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The <hostdev> device type has long had a redundant "mode" attribute, which has always been "subsys". This finally introduces a new mode "capabilities", which will be used by the LXC driver for device assignment. Since container based virtualization uses a single kernel, the idea of assigning physical PCI devices doesn't make sense. It is still reasonable to assign USB devices, but for assigning arbitrary nodes in /dev, the new 'capabilities' mode is to be used. The first capability support is 'storage', which is for assignment of block devices. Functionally this is really pretty similar to the <disk> support. The only difference is the device node name is identical in both host and container namespaces. <hostdev mode='capabilities' type='storage'> <source> <block>/dev/sdf1</block> </source> </hostdev> The second capability support is 'misc', which is for assignment of character devices. There is no existing parallel to this. Again the device node is the same inside & outside the container. <hostdev mode='capabilities' type='misc'> <source> <char>/dev/input/event3</char> </source> </hostdev> The reason for keeping the char & storage devices separate in the domain XML, is to mirror the split in the node device XML. NB the node device XML does not yet report character devices, but that's another new patch to come Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Viktor Mihajlovski 提交于
Test cases for virSysinfoRead. Initially, there are tests for x86 (DMI based) and s390 (/proc/... based). In lack of PPC data, I have stubbed out the test for it, but it can be added with a minimal effort. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-
由 Viktor Mihajlovski 提交于
There was a double free issue caused by virSysinfoRead on s390, as the same manufacturer string instance was assigned to more than one processor record. Cleaned up other potential memory issues and restructured the sysinfo parsing code by moving repeating patterns into a helper function. The restructuring made it necessary to conditionally disable -Wlogical-op for some older GCC versions, using pragma GCC diagnostic. This is a GCC specific pragma, which is acceptable, since we're using it to work around a GCC specific bug. Finally, added a function virSysinfoSetup to configure the sysinfo data source files/script during run time, to facilitate writing test programs. This function is not published in sysinfo.h and only there for testing. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-
由 Viktor Mihajlovski 提交于
Some older versions of GCC report a false positive on code like char * haystack, needle; strchr(haystack, needle); Added an extra check in configure.ac which will #define BROKEN_GCC_WLOGICALOP 1 in this case, allowing to special handle "offending" code. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-
由 Peter Krempa 提交于
-
由 Peter Krempa 提交于
This patch simplifies the code that parses the fallback and vendor_id attributes from the domain xml cpu definition. Changes done: - free temp variables in the cleanup section instead of local use - remove checking for presence of the attribute to directly getting the value (saving call to virXPathBoolean) - replace loop used to check for ',' in the vendor_id string with strchr
-
- 17 12月, 2012 7 次提交
-
-
由 Peter Krempa 提交于
The field was not freed from the cpu definition.
-
由 Ken ICHIKAWA 提交于
This patch fixes a problem that vendor_id attribute can not be defined when fallback attribute is not defined. If I define domain xml like below: <domain> <cpu> <model vendor_id='aaaabbbbcccc'>core2duo</model> </cpu> </domain> In dumpxml, vendor_id is not reflected: <domain> <cpu mode='custom' match='exact'> <model fallback='allow'>core2duo</model> </cpu> </domain> The expected output is: <domain> <cpu mode='custom' match='exact'> <model fallback='allow' vendor_id='aaaabbbbcccc'>core2duo</model> </cpu> </domain> If the fallback attribute and vendor_id attribute is defined at the same time, it's reflected as expected. Signed-off-by: NKen ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
-
由 Daniel P. Berrange 提交于
The current SELinux policy only works for KVM guests, since TCG requires the 'execmem' privilege. There is a 'virt_use_execmem' boolean to turn this on globally, but that is unpleasant for users. This changes libvirt to automatically use a new 'svirt_tcg_t' context for TCG based guests. This obsoletes the previous boolean tunable and makes things 'just work(tm)' Since we can't assume we run with new enough policy, I also make us log a warning message (once only) if we find the policy lacks support. In this case we fallback to the normal label and expect users to set the boolean tunable Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Peter Krempa 提交于
-
由 Guannan Ren 提交于
The testcase is for testing non-fixed PCI address for primary video device and using video args to -deivce qemu option.
-
由 Guannan Ren 提交于
'-device VGA' maps to '-vga std' '-device cirrus-vga' maps to '-vga cirrus' '-device qxl-vga' maps to '-vga qxl' (there is also '-device qxl' for secondary devices) '-device vmware-svga' maps to '-vga vmware' For qemu(>=1.2), we can use -device to replace -vga for video device. For the primary video device, the patch tries to use 0x2 slot for matching old qemu. If the 0x2 slot is allocated already, the addr property could help for using any available slot. For qemu(< 1.2), we keep using -vga for primary device.
-
由 Guannan Ren 提交于
If there are multiple video devices primary = 'yes' marks this video device as the primary one. The rest are secondary video devices. No more than one could be mark as primary. If none of them has primary attribute, the first one will be the primary by default like what it was. The reason of this changing is that for qemu, only one primary video device is permitted which can be of any type. For secondary video devices, only qxl is allowd. Primary attribute removes the restriction that the first have to be the primary one. We always put the primary video device into the first position of video device structure array after parsing.
-