- 02 4月, 2014 1 次提交
-
-
由 Eric Blake 提交于
The code in virstoragefile.c is getting more complex as I consolidate backing chain handling code. But for the setuid virt-login-shell, we don't need to crawl backing chains. It's easier to audit things for setuid security if there are fewer files involved, so this patch moves the one function that virFileOpen() was actually relying on to also live in virfile.c. * src/util/virstoragefile.c (virStorageFileIsSharedFS) (virStorageFileIsSharedFSType): Move... * src/util/virfile.c (virFileIsSharedFS, virFileIsSharedFSType): ...to here, and rename. (virFileOpenAs): Update caller. * src/security/security_selinux.c (virSecuritySELinuxSetFileconHelper) (virSecuritySELinuxSetSecurityAllLabel) (virSecuritySELinuxRestoreSecurityImageLabelInt): Likewise. * src/security/security_dac.c (virSecurityDACRestoreSecurityImageLabelInt): Likewise. * src/qemu/qemu_driver.c (qemuOpenFileAs): Likewise. * src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise. * src/util/virstoragefile.h: Adjust declarations. * src/util/virfile.h: Likewise. * src/libvirt_private.syms (virfile.h, virstoragefile.h): Move symbols as appropriate. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 25 3月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
-
- 18 3月, 2014 2 次提交
-
-
由 Daniel P. Berrange 提交于
Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Nehal J Wani 提交于
Our current pidfile acquire APis (virPidFileAcquire) simply return -1 upon failure to acquire a lock. This patch adds a parameter 'bool waitForLock' which instructs the APIs if we want to make it block and wait for the lock or not.
-
- 04 3月, 2014 2 次提交
-
-
由 Eric Blake 提交于
The old semantics of virFork() violates the priciple of good usability: it requires the caller to check the pid argument after use, *even when virFork returned -1*, in order to properly abort a child process that failed setup done immediately after fork() - that is, the caller must call _exit() in the child. While uses in virfile.c did this correctly, uses in 'virsh lxc-enter-namespace' and 'virt-login-shell' would happily return from the calling function in both the child and the parent, leading to very confusing results. [Thankfully, I found the problem by inspection, and can't actually trigger the double return on error without an LD_PRELOAD library.] It is much better if the semantics of virFork are impossible to abuse. Looking at virFork(), the parent could only ever return -1 with a non-negative pid if it misused pthread_sigmask, but this never happens. Up until this patch series, the child could return -1 with non-negative pid if it fails to set up signals correctly, but we recently fixed that to make the child call _exit() at that point instead of forcing the caller to do it. Thus, the return value and contents of the pid argument are now redundant (a -1 return now happens only for failure to fork, a child 0 return only happens for a successful 0 pid, and a parent 0 return only happens for a successful non-zero pid), so we might as well return the pid directly rather than an integer of whether it succeeded or failed; this is also good from the interface design perspective as users are already familiar with fork() semantics. One last change in this patch: before returning the pid directly, I found cases where using virProcessWait unconditionally on a cleanup path of a virFork's -1 pid return would be nicer if there were a way to avoid it overwriting an earlier message. While such paths are a bit harder to come by with my change to a direct pid return, I decided to keep the virProcessWait change in this patch. * src/util/vircommand.h (virFork): Change signature. * src/util/vircommand.c (virFork): Guarantee that child will only return on success, to simplify callers. Return pid rather than status, now that the situations are always the same. (virExec): Adjust caller, also avoid open-coding process death. * src/util/virprocess.c (virProcessWait): Tweak semantics when pid is -1. (virProcessRunInMountNamespace): Adjust caller. * src/util/virfile.c (virFileAccessibleAs, virFileOpenForked) (virDirCreate): Likewise. * tools/virt-login-shell.c (main): Likewise. * tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise. * tests/commandtest.c (test23): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Right now, a caller waiting for a child process either requires the child to have status 0, or must use WIFEXITED() and friends itself. But in many cases, we want the middle ground of treating fatal signals as an error, and directly accessing the normal exit value without having to use WEXITSTATUS(), in order to easily detect an expected non-zero exit status. This adds the middle ground to the low-level virProcessWait; the next patch will add it to virCommand. * src/util/virprocess.h (virProcessWait): Alter signature. * src/util/virprocess.c (virProcessWait): Add parameter. (virProcessRunInMountNamespace): Adjust caller. * src/util/vircommand.c (virCommandWait): Likewise. * src/util/virfile.c (virFileAccessibleAs): Likewise. * src/lxc/lxc_container.c (lxcContainerHasReboot) (lxcContainerAvailable): Likewise. * daemon/libvirtd.c (daemonForkIntoBackground): Likewise. * tools/virt-login-shell.c (main): Likewise. * tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise. * tests/testutils.c (virtTestCaptureProgramOutput): Likewise. * tests/commandtest.c (test23): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 18 2月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add a helper function which takes a file path and ensures that all directory components leading up to the file exist. IOW, it strips the filename part of the path and passes the result to virFileMakePath. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 28 11月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
The code for extracting sub-mounts would just do a STRPREFIX check on the mount. This was flawed because if there were the following mounts /etc/aliases /etc/aliases.db and '/etc/aliases' was asked for, it would return both even though the latter isn't a sub-mount. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the code for lxcContainerGetSubtree into the virfile module creating 2 new functions int virFileGetMountSubtree(const char *mtabpath, const char *prefix, char ***mountsret, size_t *nmountsret); int virFileGetMountReverseSubtree(const char *mtabpath, const char *prefix, char ***mountsret, size_t *nmountsret); Add a new virfiletest.c test case to validate the new code. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 07 11月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Our backing file chain code was not very robust to an ill-timed EINTR, which could lead to a short read causing us to randomly treat metadata differently than usual. But the existing virFileReadLimFD forces an error if we don't read the entire file, even though we only care about the header of the file. So add a new virFile function that does what we want. * src/util/virfile.h (virFileReadHeaderFD): New prototype. * src/util/virfile.c (virFileReadHeaderFD): New function. * src/libvirt_private.syms (virfile.h): Export it. * src/util/virstoragefile.c (virStorageFileGetMetadataInternal) (virStorageFileProbeFormatFromFD): Use it. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 05 11月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add a function for efficiently checking if a path is a filesystem mount point. NB will not work for bind mounts, only true filesystem mounts. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 10月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Most of the usage of getuid()/getgid() is in cases where we are considering what privileges we have. As such the code should be using the effective IDs, not real IDs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Unconditional use of getenv is not secure in setuid env. While not all libvirt code runs in a setuid env (since much of it only exists inside libvirtd) this is not always clear to developers. So make all the code paranoid, even if it only ever runs inside libvirtd. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 16 10月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 04 10月, 2013 2 次提交
-
-
由 Oskari Saarenmaa 提交于
My previous commit 7dc1d4ab was supposed to change safezero to allocate 1 megabyte at maximum, but had the logic reversed and will allocate 1 megabyte at minimum (and a lot more at maximum.) Signed-off-by: NOskari Saarenmaa <os@ohmu.fi>
-
由 Oskari Saarenmaa 提交于
mmap can fail on 32-bit systems if we're trying to zero out a lot of data. Fall back to using block-by-block writing in that case. While we could map smaller blocks it's unlikely that this code is used a lot and its easier to just fall back to one of the existing methods. Also modified the block-by-block zeroing to not allocate a megabyte of zeroes if we're writing less than that. Signed-off-by: NOskari Saarenmaa <os@ohmu.fi>
-
- 30 9月, 2013 1 次提交
-
-
由 Oskari Saarenmaa 提交于
mmap's offset must be aligned to page size or mapping will fail. mmap-based safezero is only used if posix_fallocate isn't available. Signed-off-by: NOskari Saarenmaa <os@ohmu.fi>
-
- 16 9月, 2013 2 次提交
-
-
由 Peter Krempa 提交于
Semantics of the libvirt helper are more clear. This change also allows to clean up some pieces of code.
-
由 Peter Krempa 提交于
Explicitly state that some parts of the code may require virFileExists to set or preserve a correct errno so that future modifications don't break.
-
- 05 9月, 2013 1 次提交
-
-
由 Ian Main 提交于
This patch changes virFileLoopDeviceOpen() to use the new loop-control device to allocate a new loop device. If this behavior is unsupported we fall back to the previous method of searching /dev for a free device. With this patch you can start as many image based LXC domains as you like (well almost). Fixes bug https://bugzilla.redhat.com/show_bug.cgi?id=995543
-
- 04 9月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
The @qemunbd variable can be used uninitialized.
-
- 10 8月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Recentish (2011) kernels introduced a new device called /dev/loop-control, which causes libvirt's detection of loop devices to get confused since it only checks for a prefix of 'loop'. Also check that the next character is a digit Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 12 7月, 2013 1 次提交
-
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=964358 POSIX states that multi-threaded apps should not use functions that are not async-signal-safe between fork and exec, yet we were using getpwuid_r and initgroups. Although rare, it is possible to hit deadlock in the child, when it tries to grab a mutex that was already held by another thread in the parent. I actually hit this deadlock when testing multiple domains being started in parallel with a command hook, with the following backtrace in the child: Thread 1 (Thread 0x7fd56bbf2700 (LWP 3212)): #0 __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136 #1 0x00007fd5761e7388 in _L_lock_854 () from /lib64/libpthread.so.0 #2 0x00007fd5761e7257 in __pthread_mutex_lock (mutex=0x7fd56be00360) at pthread_mutex_lock.c:61 #3 0x00007fd56bbf9fc5 in _nss_files_getpwuid_r (uid=0, result=0x7fd56bbf0c70, buffer=0x7fd55c2a65f0 "", buflen=1024, errnop=0x7fd56bbf25b8) at nss_files/files-pwd.c:40 #4 0x00007fd575aeff1d in __getpwuid_r (uid=0, resbuf=0x7fd56bbf0c70, buffer=0x7fd55c2a65f0 "", buflen=1024, result=0x7fd56bbf0cb0) at ../nss/getXXbyYY_r.c:253 #5 0x00007fd578aebafc in virSetUIDGID (uid=0, gid=0) at util/virutil.c:1031 #6 0x00007fd578aebf43 in virSetUIDGIDWithCaps (uid=0, gid=0, capBits=0, clearExistingCaps=true) at util/virutil.c:1388 #7 0x00007fd578a9a20b in virExec (cmd=0x7fd55c231f10) at util/vircommand.c:654 #8 0x00007fd578a9dfa2 in virCommandRunAsync (cmd=0x7fd55c231f10, pid=0x0) at util/vircommand.c:2247 #9 0x00007fd578a9d74e in virCommandRun (cmd=0x7fd55c231f10, exitstatus=0x0) at util/vircommand.c:2100 #10 0x00007fd56326fde5 in qemuProcessStart (conn=0x7fd53c000df0, driver=0x7fd55c0dc4f0, vm=0x7fd54800b100, migrateFrom=0x0, stdin_fd=-1, stdin_path=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=1) at qemu/qemu_process.c:3694 ... The solution is to split the work of getpwuid_r/initgroups into the unsafe portions (getgrouplist, called pre-fork) and safe portions (setgroups, called post-fork). * src/util/virutil.h (virSetUIDGID, virSetUIDGIDWithCaps): Adjust signature. * src/util/virutil.c (virSetUIDGID): Add parameters. (virSetUIDGIDWithCaps): Adjust clients. * src/util/vircommand.c (virExec): Likewise. * src/util/virfile.c (virFileAccessibleAs, virFileOpenForked) (virDirCreate): Likewise. * src/security/security_dac.c (virSecurityDACSetProcessLabel): Likewise. * src/lxc/lxc_container.c (lxcContainerSetID): Likewise. * configure.ac (AC_CHECK_FUNCS_ONCE): Check for setgroups, not initgroups. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 10 7月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 01 6月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
We can't use GNULIB's fprintf-posix due to licensing incompatibilities. We do already have a portable formatting via virAsprintf() which we got from GNULIB though. We can use to create a virFilePrintf() function. But really gnulib could just provide a 'fprintf' module, that depended on just its 'asprintf' module. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 24 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 18 5月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virfile.c file uses c_isalpha on Win32 platforms, so must include c-ctype.h Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 13 5月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Add a virFileNBDDeviceAssociate method, which given a filename will setup a NBD device, using qemu-nbd as the server. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
To correctly handle errors from readdir() you must set 'errno' to zero before invoking it & check its value afterwards to distinguish error from EOF. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 11 5月, 2013 2 次提交
-
-
由 Eric Blake 提交于
Commit bfe7721d introduced a regression, but only on platforms like FreeBSD that lack posix_fallocate and where mmap serves as a nice fallback for safezero. util/virfile.c: In function 'safezero': util/virfile.c:837: error: 'PROT_READ' undeclared (first use in this function) * src/util/virutil.c (includes): Move use of <sys/mman.h>... * src/util/virfile.c (includes): ...to the file that uses mmap. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Laine Stump 提交于
These all existed before virfile.c was created, and for some reason weren't moved. This is mostly straightfoward, although the syntax rule prohibiting write() had to be changed to have an exception for virfile.c instead of virutil.c. This movement pointed out that there is a function called virBuildPath(), and another almost identical function called virFileBuildPath(). They really should be a single function, which I'll take care of as soon as I figure out what the arglist should look like.
-
- 02 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both.
-
- 16 4月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Introduce a method virFileDeleteTree for recursively deleting an entire directory tree Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 08 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The loop.h on RHEL4 is broken and cannot be imported. We already detect this in configure as a side-effect of looking for whether LO_FLAGS_AUTOCLEAR is available. We protected the impl with HAVE_DECL_LO_FLAGS_AUTOCLEAR, but not the header import Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 08 2月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
We are requesting for stderr catching for all cases in virFileWrapperFdNew(). There is no need to have a separate function just to report an error, esp. when we can do it in virFileWrapperFdClose().
-
- 05 2月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
Commit 34e8f63a introduced support for catching errors from libvirt iohelper. However, at those times there wasn't such fancy API as virCommandDoAsyncIO(), so everything has to be implemented on our own. But since we do have the API now, we can use it and drop our implementation then.
-
- 23 1月, 2013 1 次提交
-
-
由 John Ferlan 提交于
It was possible to call VIR_FREE in cleanup prior to initialization.
-
- 21 12月, 2012 3 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-