- 02 1月, 2019 8 次提交
-
-
由 Luyao Zhong 提交于
This capability tracks if memory-backend-file has the pmem attribute or not. Signed-off-by: NLuyao Zhong <luyao.zhong@intel.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Luyao Zhong 提交于
This capability tracks if memory-backend-file has the align attribute or not. Signed-off-by: NLuyao Zhong <luyao.zhong@intel.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Luyao Zhong 提交于
The 'readonly' option allows users to mark vNVDIMM read-only: <devices> ... <memory model='nvdimm' access='shared'> <source> <path>/dev/dax0.0</path> </source> <target> <size unit='MiB'>4094</size> <node>0</node> <label> <size unit='MiB'>2</size> </label> <readonly/> </target> </memory> ... </devices> Signed-off-by: NLuyao Zhong <luyao.zhong@intel.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Luyao Zhong 提交于
The 'pmem' option allows users to specify whether the backend storage of memory-backend-file is a real persistent memory: <devices> ... <memory model='nvdimm' access='shared'> <source> <path>/dev/dax0.0</path> <pmem/> </source> <target> <size unit='MiB'>4094</size> <node>0</node> <label> <size unit='MiB'>2</size> </label> </target> </memory> ... </devices> Signed-off-by: NLuyao Zhong <luyao.zhong@intel.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Luyao Zhong 提交于
NVDIMM emulation will mmap the backend file, it uses host pagesize as the alignment of mapping address before, but some backends may require alignments different from the pagesize. So the 'alignsize' option is introduced to allow specification of the proper alignment: <devices> ... <memory model='nvdimm' access='shared'> <source> <path>/dev/dax0.0</path> <alignsize unit='MiB'>2</alignsize> </source> <target> <size unit='MiB'>4094</size> <node>0</node> <label> <size unit='MiB'>2</size> </label> </target> </memory> ... </devices> Signed-off-by: NLuyao Zhong <luyao.zhong@intel.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Erik Skultety 提交于
Before launching a SEV guest we take the base64-encoded guest owner's data specified in launchSecurity and create files with the same content under /var/lib/libvirt/qemu/<domain>. The reason for this is that we need to pass these files on to QEMU which then uses them to communicate with the SEV firmware, except when it doesn't have permissions to open those files since we don't relabel them. https://bugzilla.redhat.com/show_bug.cgi?id=1658112Signed-off-by: NErik Skultety <eskultet@redhat.com> Acked-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Erik Skultety 提交于
Since SEV operates on a per domain basis, it's very likely that all SEV launch-related data will be created under /var/lib/libvirt/qemu/<domain_name>. Therefore, when calling into qemuProcessSEVCreateFile we can assume @libDir as the directory prefix rather than passing it explicitly. Signed-off-by: NErik Skultety <eskultet@redhat.com> Acked-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Includes: maint: Run 'make update-copyright' Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 21 12月, 2018 5 次提交
-
-
由 John Ferlan 提交于
The @con type security_context_t is actually a "char *", so the correct check should be to dereference one more level; otherwise, we could return/use the NULL pointer later in a subsequent virSecuritySELinuxSetFileconImpl call (using @fcon). Suggested-by: NMichal Prívozník <mprivozn@redhat.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 John Ferlan 提交于
If virSecuritySELinuxRestoreFileLabel returns 0 or -1 too soon, then the @newpath will be leaked. Suggested-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Nikolay Shirokovskiy 提交于
Because missing optional storage source is not error. The patch address only local files. Fixing other cases is a bit ugly. Below is example of error notice in log now: error: virStorageFileReportBrokenChain:427 : Cannot access storage file '/path/to/missing/optional/disk': No such file or directory Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Every time we call all domain stats for inactive domain with unavailable storage source we get error message in logs [1]. It's a bit noisy. While it's arguable whether we need such message or not for mandatory disks we would like not to see messages for optional disks. Let's filter at least for cases of local files. Fixing other cases would require passing flag down the stack to .backendInit of storage which is ugly. Stats for active domain are fine because we either drop disks with unavailable sources or clean source which is handled by virStorageSourceIsEmpty in qemuDomainGetStatsOneBlockFallback. We have these logs for successful stats since 25aa7035 (version 1.2.15) which in turn fixes 596a1371 (version 1.2.12 )which added substantial stats for offline disks. [1] error message example: qemuOpenFileAs:3324 : Failed to open file '/path/to/optional/disk': No such file or directory Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
- 19 12月, 2018 20 次提交
-
-
由 Marc Hartmayer 提交于
Introduce caching whether /dev/kvm is usable as the QEMU user:QEMU group. This reduces the overhead of the QEMU capabilities cache lookup. Before this patch there were many fork() calls used for checking whether /dev/kvm is accessible. Now we store the result whether /dev/kvm is accessible or not and we only need to re-run the virFileAccessibleAs check if the ctime of /dev/kvm has changed. Suggested-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NMarc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
Our code is not bug free. The refcounting I introduced will almost certainly not work in some use cases. Provide a script that will remove all the XATTRs set by libvirt so that it can start cleanly. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
This test checks if security label remembering works correctly. It uses qemuSecurity* APIs to do that. And some mocking (even though it's not real mocking as we are used to from other tests like virpcitest). So far, only DAC driver is tested. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
We are setting label on kernel, initrd, dtb and slic_table files. But we never restored it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
It helps whe trying to match calls with virSecuritySELinuxSetAllLabel if the order in which devices are set/restored is the same in both functions. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
When iterating over list of paths/disk sources to relabel it may happen that the process fails at some point. In that case, for the sake of keeping seclabel refcount (stored in XATTRs) in sync with reality we have to perform rollback. However, if that fails too the only thing we can do is warn user. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
It's important to keep XATTRs untouched (well, in the same state they were in when entering the function). Otherwise our refcounting would be messed up. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
Similarly to what I did in DAC driver, this also requires the same SELinux label to be used for shared paths. If a path is already in use by a domain (or domains) then and the domain we are starting now wants to access the path it has to have the same SELinux label. This might look too restrictive as the new label can still guarantee access to already running domains but in reality it is very unlikely and usually an admin mistake. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
It is going to be important to know if the current transaction we are running is a restore operation or set label operation so that we know whether to call virSecurityGetRememberedLabel() or virSecuritySetRememberedLabel(). That is, whether we are in a restore and therefore have to fetch the remembered label, or we are in set operation and therefore have to store the original label. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
Now that we have seclabel remembering we can safely restore labels for shared and RO disks. In fact we need to do that to keep seclabel refcount stored in XATTRs in sync with reality. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
This also requires the same DAC label to be used for shared paths. If a path is already in use by a domain (or domains) then and the domain we are starting now wants to access the path it has to have the same DAC label. This might look too restrictive as the new label can still guarantee access to already running domains but in reality it is very unlikely and usually an admin mistake. This requirement also simplifies seclabel remembering, because we can store only one seclabel and have a refcounter for how many times the path is in use. If we were to allow different labels and store them in some sort of array the algorithm to match labels to domains would be needlessly complicated. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
Because the implementation that will be used for label remembering/recall is not atomic we have to give callers a chance to enable or disable it. That is, enable it if and only if metadata locking is enabled. Otherwise the feature MUST be turned off. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
We are setting label on kernel, initrd, dtb and slic_table files. But we never restored it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
It helps whe trying to match calls with virSecurityDACSetAllLabel if the order in which devices are set/restored is the same in both functions. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
When iterating over list of paths/disk sources to relabel it may happen that the process fails at some point. In that case, for the sake of keeping seclabel refcount (stored in XATTRs) in sync with reality we have to perform rollback. However, if that fails too the only thing we can do is warn user. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
It's important to keep XATTRs untouched (well, in the same state they were in when entering the function). Otherwise our refcounting would be messed up. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
This file implements wrappers over XATTR getter/setter. It ensures the proper XATTR namespace is used. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Luyao Huang 提交于
Commit 3072ded3 changed the waya to format the vcpu pinning info and forget to get cpumap for each vcpu during the loop, that cause vcpupin command will display vcpu 0 info for other vcpus. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
- 18 12月, 2018 7 次提交
-
-
由 John Ferlan 提交于
For consistency, handle the @data "char **" (or remote_string) assignments and processing similarly between various APIs Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Using a combination of VIR_ALLOC and VIR_STRDUP into a local variable and then jumping to error on the VIR_STRDUP before assiging it into the @data would cause a memory leak. Let's just avoid that by assiging directly into @data. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Add guards to avoid calling strchr when @err_noinfo == NULL or calling virErrorTestMsgFormatInfoOne when @err_info == NULL as both would fail with a NULL deref. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Daniel P. Berrangé 提交于
The virtualization driver has two connections to the virtlogd daemon, one pipe fd for writing to the log file, and one socket fd for making RPC calls. The typical sequence is to write some data to the pipe fd and then make an RPC call to determine the current log file offset. Unfortunately these two operations are not guaranteed to be handling in order by virtlogd. The event loop for virtlogd may identify an incoming event on both the pipe fd and socket fd in the same iteration of the event loop. It is then entirely possible that it will process the socket fd RPC call before reading the pending log data from the pipe fd. As a result the virtualization driver will get an outdated log file offset reported back. This can be seen with the QEMU driver where, when a guest fails to start, it will randomly include too much data in the error message it has fetched from the log file. The solution is to ensure we have drained all pending data from the pipe fd before reporting the log file offset. The pipe fd is always in blocking mode, so cares needs to be taken to avoid blocking. When draining this is taken care of by using poll(). The extra complication is that they might already be an event loop dispatch pending on the pipe fd. If we have just drained the pipe this pending event will be invalid so must be discarded. See also https://bugzilla.redhat.com/show_bug.cgi?id=1356108Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
If an editor has an XML file open, it may create a temporary . file. The existance of this file will cause the virschematest to fail, so just skip these editor temp files. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Jim Fehlig 提交于
/domain/memtune/hard_limit provides a way to cap the memory a VM process can use, including the amount of memory the process can lock. When memory locking of a VM is requested, <hard_limit> can be used to prevent the potential host DoS issue mentioned in /domain/memoryBacking/locked description. This patch improves the <hard_limit> text by clarifying it can be used to prevent "host crashing" when VM memory is locked. Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Daniel P. Berrangé 提交于
The arguments to the N_() macro must only ever be a literal string. It is not possible to use macro arguments, or use macro string concatenation in this context. The N_() macro is a no-op whose only purpose is to act as a marker for xgettext when it extracts translatable strings from the source code. Anything other than a literal string will be silently ignored by xgettext. Unfortunately this means that the clever MSG, MSG2 & MSG_EXISTS macros used for building up error message strings have prevented any of the error messages getting marked for translation. We must sadly, revert to a more explicit listing of strings for now. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-