- 28 4月, 2015 2 次提交
-
-
由 Dario Faggioli 提交于
libxl interface for vcpu pinning is changing in Xen 4.5. Basically, libxl_set_vcpuaffinity() now wants one more parameter. That is representative of 'VCPU soft affinity', which libvirt does not use. To mark such change, the macro LIBXL_HAVE_VCPUINFO_SOFT_AFFINITY is defined. Use it as a gate and, if present, re-#define the calls from the old to the new interface, to avoid breaking the build. Signed-off-by: NDario Faggioli <dario.faggioli@citrix.com> Cc: Jim Fehlig <jfehlig@suse.com> Cc: Ian Campbell <Ian.Campbell@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> (cherry picked from commit bfc72e99)
-
由 Cole Robinson 提交于
- Remove all qemu emulators - Restart libvirtd - Install qemu emulators - Call 'virsh version' -> errors The only thing that will force the qemu driver to refresh it's cached capablities info is an explict API call to GetCapabilities. However in the case when the initial caps lookup at driver connect didn't find a single qemu emulator to poll, the driver is effectively useless and really can't do anything until it's populated some qemu capabilities info. With the above steps, the user would have to either know about the magic refresh capabilities call, or restart libvirtd to pick up the changes. Instead, this patch changes things so that every time a part of th driver requests access to capabilities info, check to see if we've previously seen any emulators. If not, force a refresh. In the case of 'still no emulators found', this is still very quick, so I can't think of a downside. https://bugzilla.redhat.com/show_bug.cgi?id=1000116 (cherry picked from commit 95546c43)
-
- 26 4月, 2015 1 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=996543 When starting up a domain, the SELinux labeling is done depending on current configuration. If the labeling fails we check for possible causes, as not all labeling failures are fatal. For example, if the labeled file is on NFS which lacks SELinux support, the file can still be readable to qemu process. These cases are distinguished by the errno code: NFS without SELinux support returns EOPNOTSUPP. However, we were missing one scenario. In case there's a read-only disk on a read-only NFS (and possibly any FS) and the labeling is just optional (not explicitly requested in the XML) there's no need to make the labeling error fatal. In other words, read-only file on read-only NFS can fail to be labeled, but be readable at the same time. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit d1fdecb6)
-
- 26 2月, 2015 2 次提交
-
-
由 Luyao Huang 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1196503 We already check whether the host id is valid or not, add a jump to forbid invalid host id. Signed-off-by: NLuyao Huang <lhuang@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com> (cherry picked from commit 719cd218)
- 08 2月, 2015 1 次提交
-
-
由 Cole Robinson 提交于
-
- 23 1月, 2015 2 次提交
-
-
由 Peter Krempa 提交于
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the appropriate permission for it. Found via code inspection while fixing permissions for save images. (cherry picked from commit b347c0c2)
-
由 Peter Krempa 提交于
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the appropriate permission for it. (cherry picked from commit 03c3c0c8)
-
- 24 12月, 2014 1 次提交
-
-
由 Peter Krempa 提交于
Avoid leaving the domain locked on a failed ACL check in qemuDomainMigratePerform() and qemuDomainMigrateFinish2(). Introduced in commit abf75aea (Add ACL checks into the QEMU driver). (cherry picked from commit 2bdcd29c)
-
- 16 11月, 2014 3 次提交
-
-
由 Cole Robinson 提交于
-
由 Cole Robinson 提交于
The e5120a6e backport used an undefined make variable. Not sure why I didn't hit it at first...
-
由 Cole Robinson 提交于
-
- 08 11月, 2014 1 次提交
-
-
由 Eric Blake 提交于
Commit 28f8dfdc (v1.0.0) introduced a security hole: in at least the qemu implementation of virDomainGetXMLDesc, the use of the flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE prior to calling qemuDomainFormatXML. However, the use of VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write clients only. This patch treats the migratable flag as requiring the same permissions, rather than analyzing what might break if migratable xml no longer includes secret information. Fortunately, the information leak is low-risk: all that is gated by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password; but VNC passwords are already weak (FIPS forbids their use, and on a non-FIPS machine, anyone stupid enough to trust a max-8-byte password sent in plaintext over the network deserves what they get). SPICE offers better security than VNC, and all other secrets are properly protected by use of virSecret associations rather than direct output in domain XML. * src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC): Tighten rules on use of migratable flag. * src/libvirt-domain.c (virDomainGetXMLDesc): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit b1674ad5) Conflicts: src/libvirt-domain.c - file split from older src/libvirt.c; context with older virLibConnError Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 30 10月, 2014 3 次提交
-
-
由 Lubomir Rintel 提交于
The manufacurer and product from USB device itself are usually not particularly useful -- they tend to be missing, or ugly (all-uppercase, padded with spaces, etc.). Prefer what's in the usb id database and fall back to descriptors only if the device is too new to be in database. https://bugzilla.redhat.com/show_bug.cgi?id=1138887 (cherry picked from commit 3ef77a54)
-
由 Martin Kletzander 提交于
gnutls-3.3.0 and newer leaves 2 FDs open in order to be backwards compatible when it comes to chrooted binaries [1]. Linking commandhelper with gnutls then leaves these two FDs open and commandtest fails thanks to that. This patch does not link commandhelper with libvirt.la, but rather only the utilities making the test pass. Based on suggestion from Daniel [2]. [1] http://lists.gnutls.org/pipermail/gnutls-help/2014-April/003429.html [2] https://www.redhat.com/archives/libvir-list/2014-April/msg01119.htmlSigned-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 4cbc15d0)
-
由 Cédric Bosdonnat 提交于
D-bus introduced some changes in its locking code. Overriding the init function skips the new locking init and thus crashes later in libvirt test. Removing the function makes the test pass again. (cherry picked from commit 5e397d9c)
-
- 02 10月, 2014 1 次提交
-
-
由 Pavel Hrdina 提交于
If you use public api virConnectListAllDomains() with second parameter set to NULL to get only the number of domains you will lock out all other operations with domains. Introduced by commit 2c680804. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> (cherry picked from commit fc22b2e7)
-
- 18 9月, 2014 1 次提交
-
-
由 Peter Krempa 提交于
Live definition was used to look up the disk index while persistent one was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the correct def and report a nice error. Unfortunately it's accessible via read-only connection, though it can only crash libvirtd in the cases where the guest is hot-plugging disks without reflecting those changes to the persistent definition. So avoiding hotplug, or doing hotplug where persistent is always modified alongside live definition, will avoid the out-of-bounds access. Introduced in: eca96694a (v0.9.8) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724Reported-by: NLuyao Huang <lhuang@redhat.com> Signed-off-by: NPeter Krempa <pkrempa@redhat.com> (cherry picked from commit 3e745e8f)
-
- 09 9月, 2014 10 次提交
-
-
由 Cole Robinson 提交于
-
由 Bamvor Jian Zhang 提交于
in recently xen commit: 7051d5c8, there is a api changes in libxl_domain_create_restore. Author: Andrew Cooper <andrew.cooper3@citrix.com> Date: Thu Oct 10 12:23:10 2013 +0100 tools/migrate: Fix regression when migrating from older version of Xen use the macro LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS in libxl.h in order to make libvirt could compile with old and new xen. the params checkpointed_stream is useful if libvirt libxl driver support migration. for new, set it as zero. Signed-off-by: NBamvor Jian Zhang <bjzhang@suse.com> (cherry picked from commit a52fa556)
-
由 Eric Blake 提交于
Use correct variable name. * m4/virt-selinux.m4: Fix one last variable name. (cherry picked from commit 5fa10f32)
-
由 Jim Fehlig 提交于
Commit 292d3f2d fixed the build with libselinux 2.3, but missed some suggestions by eblake https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html This patch changes the macro introduced in 292d3f2d to either be empty in the case of newer libselinux, or contain 'const' in the case of older libselinux. The macro is then used directly in tests/securityselinuxhelper.c. (cherry picked from commit b109c097)
-
由 Cédric Bosdonnat 提交于
Several function signatures changed in libselinux 2.3, now taking a 'const char *' instead of 'security_context_t'. The latter is defined in selinux/selinux.h as typedef char *security_context_t; Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 292d3f2d)
-
由 Cole Robinson 提交于
(cherry picked from commit 3e8699d3)
-
由 Cole Robinson 提交于
Currently VolOpen notifies the user of a potentially non-fatal failure by returning -2 and logging a VIR_WARN or VIR_INFO. Unfortunately most callers treat -2 as fatal but don't actually report any message with the error APIs. Rename the VOL_OPEN_ERROR flag to VOL_OPEN_NOERROR. If NOERROR is specified, we preserve the current behavior of returning -2 (there's only one caller that wants this). However in the default case, only return -1, and actually use the error APIs. Fix up a couple callers as a result. (cherry picked from commit 138e65c3) Conflicts: src/storage/storage_backend.c src/storage/storage_backend_fs.c
-
由 Cole Robinson 提交于
Remove the original VolOpen implementation, which is now only used in one spot. (cherry picked from commit fa5b5549)
-
由 Cole Robinson 提交于
(cherry picked from commit 847a9eb1) Conflicts: src/storage/storage_backend.h src/storage/storage_backend_mpath.c src/storage/storage_backend_scsi.c
-
由 Cole Robinson 提交于
And drop the original UpdateVolInfo. Makes it a bit easier to follow the function usage. And change the int parameter to an explicit bool. (cherry picked from commit 16d75d19) Conflicts: src/storage/storage_backend.h
-
- 08 9月, 2014 3 次提交
-
-
由 Gao feng 提交于
After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942 vfs: Lock in place mounts from more privileged users, unprivileged user has no rights to move the mounts that inherited from parent mountns. we use this feature to move the /stateDir/domain-name.{dev, devpts} to the /dev/ and /dev/pts directroy of container. this commit breaks libvirt lxc. this patch changes the behavior to bind these mounts when user namespace is enabled and move these mounts when user namespace is disabled. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> (cherry picked from commit 46f2d16f)
-
由 Daniel P. Berrange 提交于
Recent discussions around naming of 'pci' vs 'pci.0' for PPC made me go back and look at the PPC emulator in every historical version of QEMU since 1.0. The results were worse than I imagined. This patch adds the logic required to make libvirt work with PPC correctly with naming variations across all versions & machine types. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 27b2b987)
-
由 Stefan Bader 提交于
As soon as any guest mounts xenfs to /proc/xen, there is a capabilities file in that directory. However it returns nothing when reading from it. Change the test to actually check the contents of the file. BugLink: http://bugs.launchpad.net/bugs/1248025Signed-off-by: NStefan Bader <stefan.bader@canonical.com> (cherry picked from commit 8c869ad9)
-
- 02 9月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1135388 (cherry picked from commit 628c2255)
-
- 27 8月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt.pc file we install is ending up polluted with a load of compiler flags that should be private to the libvirt build. eg Libs: -L${libdir} -lvirt -ldl -O2 -g -pipe -Wall \ -Wp,-D_FORTIFY_SOURCE=2 -fexceptions \ -fstack-protector-strong --param=ssp-buffer-size=4 \ -grecord-gcc-switches -m64 -mtune=generic this is caused by including @libs@ in the Libs: line of the pkgconfig.pc.in file. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 1167751f)
-
- 03 7月, 2014 2 次提交
-
-
由 Peter Krempa 提交于
We have the following matrix of possible arguments handled by the logic statement touched by this patch: | flags & _REUSE_EXT | !(flags & _REUSE_EXT) -------+--------------------+---------------------- format| (1) | (2) -------+--------------------+---------------------- !format| (3) | (4) -------+--------------------+---------------------- In cases 1 and 2 the user provided a format, in cases 3 and 4 not. The user requests to use a pre-existing image in 1 and 3 and libvirt will create a new image in 2 and 4. The difference between cases 3 and 4 is that for 3 the format is probed from the user-provided image, whereas in 4 we just use the existing disk format. The current code would treat cases 1,3 and 4 correctly but in case 2 the format provided by the user would be ignored. The particular piece of code was broken in commit 35c7701c but since it was introduced a few commits before that it was never released as working. (cherry picked from commit 42619ed0) Signed-off-by: NEric Blake <eblake@redhat.com> Conflicts: src/qemu/qemu_driver.c - no refactoring of commits 7b7bf001, 4f202266
-
由 Eric Blake 提交于
Newer git doesn't like the maint.mk rule 'public-submodule-commit' run during 'make check', as inherited from our checkout of gnulib. I tracked down that libvirt commit 8531301d picked up a gnulib fix that makes git happy. Rather than try and do a full .gnulib submodule update to gnulib.git d18d1b802 (as used in that libvirt commit), it was easier to just backport the fixed maint.mk from gnulib on top of our existing submodule level. I did it as follows, where these steps will have to be repeated when cherry-picking this commit to any other maintenance branch: mkdir -p gnulib/local/top cd .gnulib git checkout d18d1b802 top/maint.mk git diff HEAD > ../gnulib/local/top/maint.mk.diff git reset --hard cd .. git add gnulib/local/top Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 27 6月, 2014 2 次提交
-
-
由 Eric Blake 提交于
We publish libvirt-api.xml for others to use, and in fact, the libvirt-python bindings use it to generate python constants that correspond to our enum values. However, we had an off-by-one bug that any enum that relied on C's rules for implicit initialization of the first enum member to 0 got listed in the xml as having a value of 1 (and all later members of the enum were equally botched). The fix is simple - since we add one to the previous value when encountering an enum without an initializer, the previous value must start at -1 so that the first enum member is assigned 0. The python generator code has had the off-by-one ever since DV first wrote it years ago, but most of our public enums were immune because they had an explicit = 0 initializer. The only affected enums are: - virDomainEventGraphicsAddressType (such as VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4), since commit 987e31ed (libvirt v0.8.0) - virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW), since commit 9fbaff00 (libvirt v1.2.3) - virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4), since commit 03e0e79e (not yet released) Thanks to Nehal J Wani for reporting the problem on IRC, and for helping me zero in on the culprit function. * docs/apibuild.py (CParser.parseEnumBlock): Fix implicit enum values. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 9b291bbe)
-
由 Peter Krempa 提交于
When creating a new disk mirror the new struct is stored in a separate variable until everything went well. The removed hunk would actually remove existing mirror information for example when the api would be run if a mirror still exists. (cherry picked from commit 02b364e1) This fixes a regression introduced in commit ff5f30b6. Signed-off-by: NEric Blake <eblake@redhat.com> Conflicts: src/qemu/qemu_driver.c - no refactoring of commits 7b7bf001, 4f202266
-
- 06 5月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
If the XML_PARSE_NOENT flag is passed to libxml2, then any entities in the input document will be fully expanded. This allows the user to read arbitrary files on the host machine by creating an entity pointing to a local file. Removing the XML_PARSE_NOENT flag means that any entities are left unchanged by the parser, or expanded to "" by the XPath APIs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit d6b27d3e)
-
- 05 5月, 2014 1 次提交
-
-
由 Jim Fehlig 提交于
libxl uses the libxl_vnc_info and libxl_sdl_info fields from the hvm union in libxl_domain_build_info struct when generating QEMU args for VNC or SDL. These fields were left unset by the libxl driver, causing libxl to ignore any user settings. E.g. with <graphics type='vnc' port='5950'/> port would be ignored and QEMU would instead be invoked with -vnc 127.0.0.1:0,to=99 Unlike the libxl_domain_config struct, the libxl_domain_build_info contains only a single libxl_vnc_info and libxl_sdl_info, so populate these fields from the first vfb in libxl_domain_config->vfbs. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Signed-off-by: NDavid Kiarie <davidkiarie4@gmail.com> (cherry picked from commit b55cc5f4)
-
- 04 5月, 2014 1 次提交
-
-
由 Cole Robinson 提交于
-