1. 27 11月, 2013 3 次提交
    • J
      look for numad in /usr/sbin · 56022a29
      Jim Fehlig 提交于
      When looking for numad with AC_PATH_PROG, include /usr/sbin in
      the search path.
      56022a29
    • E
      storage: don't read storage volumes in nonblock mode · 655ea8dc
      Eric Blake 提交于
      Commit 348b4e25 introduced a potential problem (thankfully not
      in any release): we are attempting to use virFileReadHeaderFD()
      on a file that was opened with O_NONBLOCK.  While this
      shouldn't be a problem in practice (because O_NONBLOCK
      typically doesn't affect regular or block files, and fifos and
      sockets cannot be storage volumes), it's better to play it safe
      to avoid races from opening an unexpected file type while also
      avoiding problems with having to handle EAGAIN while read()ing.
      
      Based on a report by Dan Berrange.
      
      * src/storage/storage_backend.c
      (virStorageBackendVolOpenCheckMode): Fix up fd after avoiding race.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      655ea8dc
    • G
      LXC: add securetty related note in Device nodes · 6616582c
      Gao feng 提交于
      Tell user how to resolve the problem that fail to log in
      the container.
      Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
      6616582c
  2. 26 11月, 2013 20 次提交
    • G
      LXC: don't unmount mounts for shared root · f575fda7
      Gao feng 提交于
      Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
      vfs: Lock in place mounts from more privileged users,
      
      unprivileged user has no rights to umount the mounts that
      inherited from parent mountns.
      
      right now, I have no good idea to fix this problem, we need
      to do more research. this patch just skip unmounting these
      mounts for shared root.
      
      BTW, I think when libvirt lxc enables user namespace, the
      configuation that shares root with host is very rara.
      Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
      f575fda7
    • G
      LXC: fix the problem that libvirt lxc fail to start on latest kernel · 46f2d16f
      Gao feng 提交于
      After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
      vfs: Lock in place mounts from more privileged users,
      
      unprivileged user has no rights to move the mounts that
      inherited from parent mountns. we use this feature to move
      the /stateDir/domain-name.{dev, devpts} to the /dev/ and
      /dev/pts directroy of container. this commit breaks libvirt lxc.
      
      this patch changes the behavior to bind these mounts when
      user namespace is enabled and move these mounts when user
      namespace is disabled.
      Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
      46f2d16f
    • C
      sasl: Replace 'restep' label with 'continue' · 78e90968
      Christophe Fergeau 提交于
      Since the label is at the beginning of the loop, this has the same effect.
      78e90968
    • C
      sasl: Fix authentication when using PLAIN mechanism · 0955025b
      Christophe Fergeau 提交于
      With some authentication mechanism (PLAIN for example), sasl_client_start()
      can return SASL_OK, which translates to virNetSASLSessionClientStart()
      returning VIR_NET_SASL_COMPLETE.
      cyrus-sasl documentation is a bit vague as to what to do in such situation,
      but upstream clarified this a bit in
      http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=10104
      
      When we got VIR_NET_SASL_COMPLETE after virNetSASLSessionClientStart() and
      if the remote also tells us that authentication is complete, then we should
      end the authentication procedure rather than forcing a call to
      virNetSASLSessionClientStep(). Without this patch, when trying to use SASL
      PLAIN, I get:
      error :authentication failed : Failed to step SASL negotiation: -1
      (SASL(-1): generic failure: Unable to find a callback: 32775)
      
      This patch is based on a spice-gtk patch by Dietmar Maurer.
      0955025b
    • C
      Fix invalid read in virNetSASLSessionClientStep debug log · 986900a5
      Christophe Fergeau 提交于
      virNetSASLSessionClientStep logs the data that is going to be passed to
      sasl_client_step as input data. However, it tries to log it as a string,
      while there is no guarantee that this data is going to be nul-terminated.
      This leads to this valgrind log:
      
      ==20938== Invalid read of size 1
      ==20938==    at 0x8BDB08F: vfprintf (vfprintf.c:1635)
      ==20938==    by 0x8C06DF2: vasprintf (vasprintf.c:62)
      ==20938==    by 0x4CCEDF9: virVasprintfInternal (virstring.c:337)
      ==20938==    by 0x4CA9516: virLogVMessage (virlog.c:842)
      ==20938==    by 0x4CA939A: virLogMessage (virlog.c:778)
      ==20938==    by 0x4E21E0D: virNetSASLSessionClientStep (virnetsaslcontext.c:458)
      ==20938==    by 0x4DE47B8: remoteAuthSASL (remote_driver.c:4136)
      ==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
      ==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
      ==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
      ==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
      ==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
      ==20938==    by 0x12762B: vshReconnect (virsh.c:337)
      ==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
      ==20938==    by 0x12E9A5: main (virsh.c:3338)
      ==20938==  Address 0xe329ccd is 0 bytes after a block of size 141 alloc'd
      ==20938==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==20938==    by 0x8CB91B4: xdr_array (xdr_array.c:94)
      ==20938==    by 0x4E039C2: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
      ==20938==    by 0x4E1F8AA: virNetMessageDecodePayload (virnetmessage.c:405)
      ==20938==    by 0x4E119F5: virNetClientProgramCall (virnetclientprogram.c:377)
      ==20938==    by 0x4DF8141: callFull (remote_driver.c:5794)
      ==20938==    by 0x4DF821A: call (remote_driver.c:5816)
      ==20938==    by 0x4DE46CF: remoteAuthSASL (remote_driver.c:4112)
      ==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
      ==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
      ==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
      ==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
      ==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
      ==20938==    by 0x12762B: vshReconnect (virsh.c:337)
      ==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
      ==20938==    by 0x12E9A5: main (virsh.c:3338)
      986900a5
    • C
      Tie SASL callbacks lifecycle to virNetSessionSASLContext · 13fdc6d6
      Christophe Fergeau 提交于
      The array of sasl_callback_t callbacks which is passed to sasl_client_new()
      must be kept alive as long as the created sasl_conn_t object is alive as
      cyrus-sasl uses this structure internally for things like logging, so
      the memory used for callbacks must only be freed after sasl_dispose() has
      been called.
      
      During testing of successful SASL logins with
      virsh -c qemu+tls:///system list --all
      I've been getting invalid read reports from valgrind
      
      ==9237== Invalid read of size 8
      ==9237==    at 0x6E93B6F: _sasl_getcallback (common.c:1745)
      ==9237==    by 0x6E95430: _sasl_log (common.c:1850)
      ==9237==    by 0x16593D87: digestmd5_client_mech_dispose (digestmd5.c:4580)
      ==9237==    by 0x6E91653: client_dispose (client.c:332)
      ==9237==    by 0x6E9476A: sasl_dispose (common.c:851)
      ==9237==    by 0x4E225A1: virNetSASLSessionDispose (virnetsaslcontext.c:678)
      ==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
      ==9237==    by 0x4E254D1: virNetSocketDispose (virnetsocket.c:1042)
      ==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
      ==9237==    by 0x4E2701C: virNetSocketEventFree (virnetsocket.c:1794)
      ==9237==    by 0x4C965D3: virEventPollCleanupHandles (vireventpoll.c:583)
      ==9237==    by 0x4C96987: virEventPollRunOnce (vireventpoll.c:652)
      ==9237==    by 0x4C94730: virEventRunDefaultImpl (virevent.c:274)
      ==9237==    by 0x12C7BA: vshEventLoop (virsh.c:2407)
      ==9237==    by 0x4CD3D04: virThreadHelper (virthreadpthread.c:161)
      ==9237==    by 0x7DAEF32: start_thread (pthread_create.c:309)
      ==9237==    by 0x8C86EAC: clone (clone.S:111)
      ==9237==  Address 0xe2d61b0 is 0 bytes inside a block of size 168 free'd
      ==9237==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==9237==    by 0x4C73827: virFree (viralloc.c:580)
      ==9237==    by 0x4DE4BC7: remoteAuthSASL (remote_driver.c:4219)
      ==9237==    by 0x4DE33D0: remoteAuthenticate (remote_driver.c:3639)
      ==9237==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
      ==9237==    by 0x4DDC8DC: remoteConnectOpen (remote_driver.c:1031)
      ==9237==    by 0x4D8595F: do_open (libvirt.c:1239)
      ==9237==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
      ==9237==    by 0x12762B: vshReconnect (virsh.c:337)
      ==9237==    by 0x12C9B0: vshInit (virsh.c:2470)
      ==9237==    by 0x12E9A5: main (virsh.c:3338)
      
      This commit changes virNetSASLSessionNewClient() to take ownership of the SASL
      callbacks. Then we can free them in virNetSASLSessionDispose() after the corresponding
      sasl_conn_t has been freed.
      13fdc6d6
    • C
      remote: Don't leak priv->tls object on connection failure · c7cdc9b0
      Christophe Fergeau 提交于
      When testing SASL authentication over TLS with
      virsh -c qemu+tls:///system list --all
      I got this valgrind trace after entering wrong credentials:
      
      ==30540== 26,903 (88 direct, 26,815 indirect) bytes in 1 blocks are definitely lost in loss record 289 of 293
      ==30540==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==30540==    by 0x4C7379A: virAllocVar (viralloc.c:558)
      ==30540==    by 0x4CBC178: virObjectNew (virobject.c:190)
      ==30540==    by 0x4CBC329: virObjectLockableNew (virobject.c:216)
      ==30540==    by 0x4E2D003: virNetTLSContextNew (virnettlscontext.c:719)
      ==30540==    by 0x4E2DC3F: virNetTLSContextNewPath (virnettlscontext.c:930)
      ==30540==    by 0x4E2DD5B: virNetTLSContextNewClientPath (virnettlscontext.c:957)
      ==30540==    by 0x4DDB618: doRemoteOpen (remote_driver.c:627)
      ==30540==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1031)
      ==30540==    by 0x4D8595F: do_open (libvirt.c:1239)
      ==30540==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
      ==30540==    by 0x12762B: vshReconnect (virsh.c:337)
      ==30540==    by 0x12C9B0: vshInit (virsh.c:2470)
      ==30540==    by 0x12E9A5: main (virsh.c:3338)
      c7cdc9b0
    • Y
      Fix three minor typos · 73a03e30
      Yuri Chornoivan 提交于
      73a03e30
    • E
      storage: fix typo in previous patch · 053f45f8
      Eric Blake 提交于
      You'd think I'd learn to actually COMMIT my working tree
      between testing that a last-minute fix compiles and pushing.
      
      * src/storage/storage_backend_gluster.c
      (virStorageBackendGlusterRefreshVol): Typo fix.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      053f45f8
    • E
      storage: probe qcow2 volumes in gluster pool · 14daa812
      Eric Blake 提交于
      Putting together pieces from previous patches, it is now possible
      for 'virsh vol-dumpxml --pool gluster volname' to report metadata
      about a qcow2 file stored on gluster.  The backing file is still
      treated as raw; to fix that, more patches are needed to make the
      storage backing chain analysis recursive rather than halting at
      a network protocol name, but that work will not need any further
      calls into libgfapi so much as just reusing this code, and that
      should be the only code outside of the storage driver that needs
      any help from libgfapi.  Any additional use of libgfapi within
      libvirt should only be needed for implementing storage pool APIs
      such as volume creation or resizing, where backing chain analysis
      should be unaffected.
      
      * src/storage/storage_backend_gluster.c
      (virStorageBackendGlusterReadHeader): New helper function.
      (virStorageBackendGlusterRefreshVol): Probe non-raw files.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      14daa812
    • E
      storage: improve handling of symlinks in gluster · 79eb21f9
      Eric Blake 提交于
      With this patch, dangling and looping symlinks are silently
      ignored, while links to files and directories are treated the
      same as the underlying file or directory.  This is the same
      behavior as both 'directory' and 'netfs' pools.
      
      * src/storage/storage_backend_gluster.c
      (virStorageBackendGlusterRefreshVol): Treat symlinks similar to
      directory and netfs pools.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      79eb21f9
    • E
      storage: improve allocation stats reported on gluster files · 13e738cc
      Eric Blake 提交于
      We already had code for handling allocation different than
      capacity for sparse files; we just had to wire it up to be
      used when inspecting gluster images.
      
      * src/storage/storage_backend.c
      (virStorageBackendUpdateVolTargetInfoFD): Handle no fd.
      * src/storage/storage_backend_gluster.c
      (virStorageBackendGlusterRefreshVol): Handle sparse files.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      13e738cc
    • E
      storage: improve directory support in gluster pool · 1458b2e9
      Eric Blake 提交于
      Take advantage of the previous patch's addition of 'netdir' as
      a distinct volume type, to expose rather than silently skip
      directories embedded in a gluster pool.  Also serves as an XML
      validation for the previous patch.
      
      * src/storage/storage_backend_gluster.c
      (virStorageBackendGlusterRefreshVol): Don't skip directories.
      * tests/storagevolxml2xmltest.c (mymain): Add test.
      * tests/storagevolxml2xmlin/vol-gluster-dir.xml: New file.
      * tests/storagevolxml2xmlout/vol-gluster-dir.xml: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      1458b2e9
    • E
      storage: add network-dir as new storage volume type · ecd881b7
      Eric Blake 提交于
      In the 'directory' and 'netfs' storage pools, a user can see
      both 'file' and 'dir' storage volume types, to know when they
      can descend into a subdirectory.  But in a network-based storage
      pool, such as the upcoming 'gluster' pool, we use 'network'
      instead of 'file', and did not have any counterpart for a
      directory until this patch.  Adding a new volume type
      'network-dir' is better than reusing 'dir', because it makes
      it clear that the only way to access 'network' volumes within
      that container is through the network mounting (leaving 'dir'
      for something accessible in the local file system).
      
      * include/libvirt/libvirt.h.in (virStorageVolType): Expand enum.
      * docs/formatstorage.html.in: Document it.
      * docs/schemasa/storagevol.rng (vol): Allow new value.
      * src/conf/storage_conf.c (virStorageVol): Use new value.
      * src/qemu/qemu_command.c (qemuBuildVolumeString): Fix client.
      * src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Likewise.
      * tools/virsh-volume.c (vshVolumeTypeToString): Likewise.
      * src/storage/storage_backend_fs.c
      (virStorageBackendFileSystemVolDelete): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ecd881b7
    • E
      storage: implement rudimentary glusterfs pool refresh · efee1af5
      Eric Blake 提交于
      Actually put gfapi to use, by allowing the creation of a gluster
      pool.  Right now, all volumes are treated as raw and directories
      are skipped; further patches will allow peering into files to
      allow for qcow2 files and backing chains, and reporting proper
      volume allocation.  This implementation was tested against Fedora
      19's glusterfs 3.4.1; it might be made simpler by requiring a
      higher minimum, and/or require more hacks to work with a lower
      minimum.
      
      * src/storage/storage_backend_gluster.c
      (virStorageBackendGlusterRefreshPool): Initial implementation.
      (virStorageBackendGlusterOpen, virStorageBackendGlusterClose)
      (virStorageBackendGlusterRefreshVol): New helper functions.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      efee1af5
    • E
      storage: document gluster pool · ed5fa7f3
      Eric Blake 提交于
      Add support for a new <pool type='gluster'>, similar to
      RBD and Sheepdog.  Terminology wise, a gluster volume
      forms a libvirt storage pool, within the gluster volume,
      individual files are treated as libvirt storage volumes.
      
      * docs/schemas/storagepool.rng (poolgluster): New pool type.
      * docs/formatstorage.html.in: Document gluster.
      * docs/storage.html.in: Likewise, and contrast it with netfs.
      * tests/storagepoolxml2xmlin/pool-gluster.xml: New test.
      * tests/storagepoolxml2xmlout/pool-gluster.xml: Likewise.
      * tests/storagepoolxml2xmltest.c (mymain): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ed5fa7f3
    • E
      storage: initial support for linking with libgfapi · 318ea3cb
      Eric Blake 提交于
      We support gluster volumes in domain XML, so we also ought to
      support them as a storage pool.  Besides, a future patch will
      want to take advantage of libgfapi to handle the case of a
      gluster device holding qcow2 rather than raw storage, and for
      that to work, we need a storage backend that can read gluster
      storage volume contents.  This sets up the framework.
      
      Note that the new pool is named 'gluster' to match a
      <disk type='network'><source protocol='gluster'> image source
      already supported in a <domain>; it does NOT match the
      <pool type='netfs'><source><target type='glusterfs'>,
      since that uses a FUSE mount to a local file name rather than
      a network name.
      
      This and subsequent patches have been tested against glusterfs
      3.4.1 (available on Fedora 19); there are likely bugs in older
      versions that may prevent decent use of gfapi, so this patch
      enforces the minimum version tested.  A future patch may lower
      the minimum.  On the other hand, I hit at least two bugs in
      3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
      raising the minimum: glfs_readdir is nicer to use than
      glfs_readdir_r [1], and glfs_fini should only return failure on
      an actual failure [2].
      
      [1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
      [2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html
      
      * configure.ac (WITH_STORAGE_GLUSTER): New conditional.
      * m4/virt-gluster.m4: new file.
      * libvirt.spec.in (BuildRequires): Support gluster in spec file.
      * src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
      type.
      * src/conf/storage_conf.c (poolTypeInfo): Treat similar to
      sheepdog and rbd.
      (virStoragePoolDefFormat): Don't output target for gluster.
      * src/storage/storage_backend_gluster.h: New file.
      * src/storage/storage_backend_gluster.c: Likewise.
      * po/POTFILES.in: Add new file.
      * src/storage/storage_backend.c (backends): Register new type.
      * src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
      * src/storage/storage_backend.h (_virStorageBackend): Documet
      assumption.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      318ea3cb
    • E
      storage: expose volume meta-type in XML · 1b5c8d4c
      Eric Blake 提交于
      I got annoyed at having to use both 'virsh vol-list $pool --details'
      AND 'virsh vol-dumpxml $vol $pool' to learn if I had populated
      the volume correctly.  Since two-thirds of the data present in
      virStorageVolGetInfo() already appears in virStorageVolGetXMLDesc(),
      this just adds the remaining piece of information, as:
      
      <volume type='...'>
        ...
      </volume>
      
      * docs/formatstorage.html.in: Document new <volume type=...>.
      * docs/schemas/storagevol.rng (vol): Add it to RelaxNG.
      * src/conf/storage_conf.h (virStorageVolTypeToString): Declare.
      * src/conf/storage_conf.c (virStorageVolTargetDefFormat): Output
      the metatype.
      (virStorageVolDefParseXML): Parse it, for unit tests.
      * tests/storagevolxml2xmlout/vol-*.xml: Update tests to match.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      1b5c8d4c
    • D
      Remove obsolete 'tests' makefile target · 4d52b465
      Daniel P. Berrange 提交于
      The 'docs/examples' code was long ago removed and now the
      python code was gone too, the custom 'tests' makefile target
      serves no purpose
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4d52b465
    • D
      Remove python binding · a7a1244a
      Daniel P. Berrange 提交于
      The python binding now lives in
      
        http://libvirt.org/git/?p=libvirt-python.git
      
      that repo also provides an RPM which is upgrade compatible
      with the old libvirt-python sub-RPM.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      a7a1244a
  3. 25 11月, 2013 9 次提交
  4. 24 11月, 2013 1 次提交
  5. 22 11月, 2013 7 次提交
    • D
      Mostly revert "python: remove virConnectGetCPUModelNames from globals" · bae383f2
      Daniel P. Berrange 提交于
      This reverts commit 6b90d742.
      
      The original problem was that libvirt_virConnectGetCPUModelNames
      was listed twice in the exports table, once automatically from
      the generator and once from the manual override. We merely needed
      to list it in the skip_impl list, and not delete the manually
      written code entirely.
      bae383f2
    • J
      Don't start a nested job in qemuMigrationPrepareAny · 98464021
      Ján Tomko 提交于
      This nested job is canceled by the first ExitMonitor call (even though
      it was not created by the corresponding EnterMonitor call), and
      again in qemuMigrationPrepareAny if qemuProcessStart failed.
      This can lead to a crash if the vm object was disposed of before calling
      qemuDomainRemoveInactive:
      0  ..62bc in virClassIsDerivedFrom (klass=0xdeadbeef,
         parent=0x7ffce4cdd270) at util/virobject.c:166
      1 ..6666 in virObjectIsClass at util/virobject.c:362
      2 ..66b4 in virObjectLock at util/virobject.c:314
      3 ..477e in virDomainObjListRemove at conf/domain_conf.c:2359
      4 ..7a64 in qemuDomainRemoveInactive at qemu/qemu_domain.c:2087
      5 ..956c in qemuMigrationPrepareAny at qemu/qemu_migration.c:2469
      
      This was added by commit e4e28220, exposed by 5a4c2374 and c7ac2519.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1018267
      98464021
    • C
      spec: Don't save/restore running VMs on libvirt-client update · d65e0e14
      Cole Robinson 提交于
      Restarting an active libvirt-guests.service is the equivalent of
      doing:
      
      /usr/libexec/libvirt-guests.sh stop
      /usr/libexec/libvirt-guests.sh start
      
      Which in a default configuration will managedsave every running VM,
      and then restore them. Certainly not something we should do every
      time the libvirt-client RPM is updated.
      
      Just drop the try-restart attempt, I don't know what purpose it
      serves anyways.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=962225
      d65e0e14
    • J
      spec: Restrict virt-login-shell usage · 0ee23643
      Jiri Denemark 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1033614
      
      As virt-login-shell is an SUID binary, we should restrict its usage to
      just the users chosen by an administrator to use virt-login-shell as
      their login shell. This can easily be done by making the binary
      executable only by users from a new virtlogin group.
      0ee23643
    • M
      virDomainReboot: Document that migration might be unsafe · cc38d68d
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=744967
      
      If a domain is rebooting and a migrate API is called meanwhile we would
      have to transfer the fakeReboot attribute to the destination in order to
      prevent domain doing plain shutdown over there. We shouldn't try to do
      anything clever about it other than documenting this as a known
      limitation.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      cc38d68d
    • M
      build: Don't fail on '&lt;' or '&gt;' with old xmllint · d96b08bb
      Martin Kletzander 提交于
      Older xmllint version don't allow such characters in datatype anyURI.
      In order not to change too much, I'm suggesting making a choice of
      anyURI or 'absPathName' which should be fine (checked with upstream
      and that old xmllint, both work fine).
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      d96b08bb
    • E
      storage: use valid XML for awkward volume names · 6cc4d6a3
      Eric Blake 提交于
      $ touch /var/lib/libvirt/images/'a<b>c'
      $ virsh pool-refresh default
      $ virsh vol-dumpxml 'a<b>c' default | head -n2
      <volume>
        <name>a<b>c</name>
      
      Oops.  That's not valid XML.  And when we fix the XML
      generation, it fails RelaxNG validation.
      
      I'm also tired of seeing <key>(null)</key> in the example
      output for volume xml; while we used NULLSTR() to avoid
      a NULL deref rather than relying on glibc's printf
      extension behavior, it's even better if we avoid the issue
      in the first place.  But this requires being careful that
      we don't invalidate any storage backends that were relying
      on key being unassigned during virStoragVolCreateXML[From].
      
      I would have split this into two patches (one for escaping,
      one for avoiding <key>(null)</key>), but since they both
      end up touching a lot of the same test files, I ended up
      merging it into one.
      
      Note that this patch allows pretty much any volume name
      that can appear in a directory (excluding . and .. because
      those are special), but does nothing to change the current
      (unenforced) RelaxNG claim that pool names will consist
      only of letters, numbers, _, -, and +.  Tightening the C
      code to match RelaxNG patterns and/or relaxing the grammar
      to match the C code for pool names is a task for another
      day (but remember, we DID recently tighten C code for
      domain names to exclude a leading '.').
      
      * src/conf/storage_conf.c (virStoragePoolSourceFormat)
      (virStoragePoolDefFormat, virStorageVolTargetDefFormat)
      (virStorageVolDefFormat): Escape user-controlled strings.
      (virStorageVolDefParseXML): Parse key, for use in unit tests.
      * src/storage/storage_driver.c (storageVolCreateXML)
      (storageVolCreateXMLFrom): Ensure parsed key doesn't confuse
      volume creation.
      * docs/schemas/basictypes.rng (volName): Relax definition.
      * tests/storagepoolxml2xmltest.c (mymain): Test it.
      * tests/storagevolxml2xmltest.c (mymain): Likewise.
      * tests/storagepoolxml2xmlin/pool-dir-naming.xml: New file.
      * tests/storagepoolxml2xmlout/pool-dir-naming.xml: Likewise.
      * tests/storagevolxml2xmlin/vol-file-naming.xml: Likewise.
      * tests/storagevolxml2xmlout/vol-file-naming.xml: Likewise.
      * tests/storagevolxml2xmlout/vol-*.xml: Fix fallout.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      6cc4d6a3