- 21 6月, 2019 5 次提交
-
-
由 Daniel P. Berrangé 提交于
Libvirtd has long had integration with avahi for advertising libvirtd using mDNS when TCP/TLS listening is enabled. For a long time the virt-manager application had support for auto-detecting libvirtds on the local network using mDNS, but this was removed last year commit fc8f8d5d7e3ba80a0771df19cf20e84a05ed2422 Author: Cole Robinson <crobinso@redhat.com> Date: Sat Oct 6 20:55:31 2018 -0400 connect: Drop avahi support Libvirtd can advertise itself over avahi. The feature is disabled by default though and in practice I hear of no one actually using it and frankly I don't think it's all that useful The 'Open Connection' wizard has a disproportionate amount of code devoted to this feature, but I don't think it's useful or worth maintaining, so let's drop it I've never heard of any other applications having support for using mDNS to detect libvirtd instances. Though it is theoretically possible something exists out there, it is clearly going to be a niche use case in the virt ecosystem as a whole. By removing avahi integration we can cut down the dependency chain for the basic libvirtd install and reduce our code maint burden. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The unprivileged libvirtd daemon switched to use the XDG dir layout in the 0.9.13 release, and included code for moving config files from the old location. The chances of someone upgrading libvirt from <= 0.9.12 directly to libvirt >= 5.5.0 is close enough to zero that we can reasonably drop the back compat code. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Pavel Hrdina 提交于
In libssh 0.9.0 functions ssh_is_server_known and ssh_write_knownhost are marked as deprecated. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1722735Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Peter Krempa 提交于
Jano probably based his branch on top of mine and didn't notice when I moved the section up slightly and thus git applied it again. Keep only the instance followin the new features section. This reverts commit 9c68bb4a. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Jonathon Jongsma 提交于
Signed-off-by: NJonathon Jongsma <jjongsma@redhat.com>
-
- 20 6月, 2019 35 次提交
-
-
由 Ilias Stamatis 提交于
testDomainInterfaceAddresses always returns the same hard-coded addresses. Change the behavior such as if there is a DHCP range defined, addresses are returned from that pool. The specific address returned depends on both the domain id and the specific guest interface in an attempt to return unique addresses *most of the time*. Additionally, properly handle IPv6 networks which were previously ignored completely. Signed-off-by: NIlias Stamatis <stamatis.iliass@gmail.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Peter Krempa 提交于
When connecting to virtlogd fails e.g. due to wrong libvirtd selinux process label we'd report an utterly useless error message: $ virsh start upstream error: Failed to start domain upstream error: Cannot recv data: Connection reset by peer Use virLastErrorPrefixMessage in the correct place to give a better sense of what's going on: $ virsh start upstream error: Failed to start domain upstream error: can't connect to virtlogd: Cannot recv data: Connection reset by peer Signed-off-by: NPeter Krempa <pkrempa@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Peter Krempa 提交于
In some cases we report a low level error message which does not have enough information to see what the problem is. To allow improving on this add an API which will prefix the error message with another error message string which can be used to describe where the error comes from. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Peter Krempa 提交于
Now that we added the seclabels to the schema we can test that they are parsed and formatted correctly. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Peter Krempa 提交于
Allow using seclabels the same way as disk images allow it. Currently the snapshot code copies the seclabels from the original image if no seclabel is provided. Also there's no code change required as the snapshot XML parser actually uses parts of the disk parser thus seclabels are already parsed and formatted and even applied thus this is just a formalization of our support for this. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Peter Krempa 提交于
Change the example and add a recommendation to use disk target rather than path. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
They were pointing to the blogs instead, now they point the articles. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Peter Krempa 提交于
When testing stuff you might want to print the XML. Interlocking it with no metadata adds exactly 0 value to the user. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Commit f34397e5 introduced a crash-inducing problem when collecting disk snapshot data, where the array would be filled starting from the second element. The code then dereferenced the first one. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
It's not used any more. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The "cpu-add" command is supported in all supported qemu versions and cpu unplug did not work at all until the new cpu unplug approach (using device_add/del) was implemented. Remove the support for falling back to the text monitor. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Ilias Stamatis 提交于
The docstring of virNetworkGetDHCPLeases is not correctly formatted and as a result the example code snippet appears as normal text under the "Returns:" section. This patch fixes the problem. Signed-off-by: NIlias Stamatis <stamatis.iliass@gmail.com>
-
由 Ilias Stamatis 提交于
Signed-off-by: NIlias Stamatis <stamatis.iliass@gmail.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Martin Kletzander 提交于
It will not be executed when the page is loaded locally. It needs planet.virt-tools.org to supply the right headers (which it does now). Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Martin Kletzander 提交于
Don't use the global namespace, unify quotes and semicolons at the end of lines and "use strict". Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Jiri Denemark 提交于
With QEMU versions which lack "unavailable-features" we use CPUID based detection of features which were enabled or disabled once QEMU starts. Thus using MSR features with host-model would result in all of them being marked as disabled in the active domain definition even though QEMU did not actually disable them. Let's make sure we add MSR features to host-model only when "unavailable-features" property is supported by QEMU. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
Without "unavailable-features" CPU property we cannot properly detect whether a specific MSR feature we asked for (either explicitly or implicitly via a CPU model) was disabled by QEMU for some reason. Because this could break migration, snapshots, and save/restore operaions, it's better to just forbid any use of MSR features with QEMU which lacks "unavailable-features" CPU property. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
This is used by the host capabilities code to construct host CPU definition. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
This functions may be used as a virCPUDefFeatureFilter callbacks for virCPUDefCheckFeatures, virCPUDefFilerFeatures, and similar functions to select (virCPUx86FeatureFilterSelectMSR) or drop (virCPUx86FeatureFilterDropMSR) features reported via MSR. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
Until now, this was a macro usable for direct initialization when a variable is defined. Turning the macro into a function makes it more general. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
This API can be used to check whether a CPU definition contains features matching a given filter. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
These APIs can be used to execute arbitrary emulators. Forbid them on read-only connections. Fixes: CVE-2019-10168 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
The virDomainManagedSaveDefineXML can be used to alter the domain's config used for managedsave or even execute arbitrary emulator binaries. Forbid it on read-only connections. Fixes: CVE-2019-10166 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
Use 'rc' to temporarily store the subfunction return values, instead of ret. Signed-off-by: NJán Tomko <jtomko@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Ján Tomko 提交于
Signed-off-by: NJán Tomko <jtomko@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Ján Tomko 提交于
Now that it is no longer used, remove it. Signed-off-by: NJán Tomko <jtomko@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Ján Tomko 提交于
Remove all the mon->json checks in qemuMonitor functions. Signed-off-by: NJán Tomko <jtomko@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Ján Tomko 提交于
In preparation to removing the json field from qemuMonitor, stop checking for it in QEMU_CHECK_MONITOR. Signed-off-by: NJán Tomko <jtomko@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Ján Tomko 提交于
Always assume JSON monitor was requested, since all the callers pass true anyway. Signed-off-by: NJán Tomko <jtomko@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Ján Tomko 提交于
If we have a monitor, it is a JSON monitor. Signed-off-by: NJán Tomko <jtomko@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Ján Tomko 提交于
Now that we no longer support the HMP monitor, remove some dead code. Signed-off-by: NJán Tomko <jtomko@redhat.com> Acked-by: NPeter Krempa <pkrempa@redhat.com>
-