1. 24 4月, 2013 1 次提交
  2. 17 4月, 2013 1 次提交
    • O
      cleanup: Remove the duplicate header · bc95be5d
      Osier Yang 提交于
      Detected by a simple Shell script:
      
      for i in $(git ls-files -- '*.[ch]'); do
          awk 'BEGIN {
              fail=0
          }
          /# *include.*\.h/{
              match($0, /["<][^">]*[">]/)
              arr[substr($0, RSTART+1, RLENGTH-2)]++
          }
          END {
              for (key in arr) {
                  if (arr[key] > 1) {
                      fail=1
                      printf("%d %s\n", arr[key], key)
                  }
              }
              if (fail == 1)
                  exit 1
          }' $i
      
          if test $? != 0; then
              echo "Duplicate header(s) in $i"
          fi
      done;
      
      A later patch will add the syntax-check to avoid duplicate
      headers.
      bc95be5d
  3. 13 4月, 2013 1 次提交
  4. 05 4月, 2013 4 次提交
    • P
      virCaps: get rid of defaultConsoleTargetType callback · 482e5f15
      Peter Krempa 提交于
      This patch refactors various places to allow removing of the
      defaultConsoleTargetType callback from the virCaps structure.
      
      A new console character device target type is introduced -
      VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_NONE - to mark that no type was
      specified in the XML. This type is at the end converted to the standard
      VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL. Other types that are
      different from this default have to be processed separately in the
      device post parse callback.
      482e5f15
    • P
      conf callback: Rearrange function parameters · ad0d10b2
      Peter Krempa 提交于
      Move the xmlopt and caps arguments to the end of the argument list.
      ad0d10b2
    • P
      conf: Add post XML parse callbacks and prepare for cleaning of virCaps · 43b99fc4
      Peter Krempa 提交于
      This patch adds instrumentation that will allow hypervisor drivers to
      fill and validate domain and device definitions after parsed by the XML
      parser.
      
      With this patch, after the XML is parsed, a callback to the driver is
      issued requesting to fill and validate driver specific details of the
      configuration. This allows to use sensible defaults and checks on a per
      driver basis at the time the XML is parsed.
      
      Two callback pointers are stored in the new virDomainXMLConf object:
      * virDomainDeviceDefPostParseCallback (devicesPostParseCallback)
        - called for a single device parsed and for every single device in a
          domain config. A virDomainDeviceDefPtr is passed along with the
          domain definition and virCaps.
      
      * virDomainDefPostParseCallback, (domainPostParseCallback)
        - A callback that is meant to process the domain config after it's
        parsed.  A virDomainDefPtr is passed along with virCaps.
      
      Both types of callbacks support arbitrary opaque data passed for the
      callback functions.
      
      Errors may be reported in those callbacks resulting in a XML parsing
      failure.
      43b99fc4
    • P
      maint: Rename xmlconf to xmlopt and virDomainXMLConfig to virDomainXMLOption · e84b1931
      Peter Krempa 提交于
      This patch is the result of running:
      
      for i in $(git ls-files | grep -v html | grep -v \.po$ ); do
        sed -i -e "s/virDomainXMLConf/virDomainXMLOption/g" -e "s/xmlconf/xmlopt/g" $i
      done
      
      and a few manual tweaks.
      e84b1931
  5. 04 4月, 2013 1 次提交
    • G
      security_manager: fix comparison · ea151935
      Guido Günther 提交于
      otherwise we crash later on if we don't find a match like:
      
       #0  0xb72c2b4f in virSecurityManagerGenLabel (mgr=0xb8e42d20, vm=0xb8ef40c0) at security/security_manager.c:424
       #1  0xb18811f3 in qemuProcessStart (conn=conn@entry=0xb8eed880, driver=driver@entry=0xb8e3b1e0, vm=vm@entry=0xb8ef58f0,
           migrateFrom=migrateFrom@entry=0xb18f6088 "stdio", stdin_fd=18,
           stdin_path=stdin_path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", snapshot=snapshot@entry=0x0,
           vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_RESTORE, flags=flags@entry=2) at qemu/qemu_process.c:3364
       #2  0xb18d6cb2 in qemuDomainSaveImageStartVM (conn=conn@entry=0xb8eed880, driver=driver@entry=0xb8e3b1e0, vm=0xb8ef58f0, fd=fd@entry=0xb6bf3f98,
           header=header@entry=0xb6bf3fa0, path=path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img",
           start_paused=start_paused@entry=false) at qemu/qemu_driver.c:4843
       #3  0xb18d7eeb in qemuDomainRestoreFlags (conn=conn@entry=0xb8eed880,
           path=path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", dxml=dxml@entry=0x0, flags=flags@entry=0)
           at qemu/qemu_driver.c:4962
       #4  0xb18d8123 in qemuDomainRestore (conn=0xb8eed880, path=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img")
           at qemu/qemu_driver.c:4987
       #5  0xb718d186 in virDomainRestore (conn=0xb8eed880, from=0xb8ea87d8 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img") at libvirt.c:2768
       #6  0xb7736363 in remoteDispatchDomainRestore (args=<optimized out>, rerr=0xb6bf41f0, client=0xb8eedaf0, server=<optimized out>, msg=<optimized out>)
           at remote_dispatch.h:4679
       #7  remoteDispatchDomainRestoreHelper (server=0xb8e1a3e0, client=0xb8eedaf0, msg=0xb8ee72c8, rerr=0xb6bf41f0, args=0xb8ea8968, ret=0xb8ef5330)
           at remote_dispatch.h:4661
       #8  0xb720db01 in virNetServerProgramDispatchCall (msg=0xb8ee72c8, client=0xb8eedaf0, server=0xb8e1a3e0, prog=0xb8e216b0)
           at rpc/virnetserverprogram.c:439
       #9  virNetServerProgramDispatch (prog=0xb8e216b0, server=server@entry=0xb8e1a3e0, client=0xb8eedaf0, msg=0xb8ee72c8) at rpc/virnetserverprogram.c:305
       #10 0xb7206e97 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0xb8e1a3e0) at rpc/virnetserver.c:162
       #11 virNetServerHandleJob (jobOpaque=0xb8ea7720, opaque=0xb8e1a3e0) at rpc/virnetserver.c:183
       #12 0xb70f9f78 in virThreadPoolWorker (opaque=opaque@entry=0xb8e1a540) at util/virthreadpool.c:144
       #13 0xb70f94a5 in virThreadHelper (data=0xb8e0e558) at util/virthreadpthread.c:161
       #14 0xb705d954 in start_thread (arg=0xb6bf4b70) at pthread_create.c:304
       #15 0xb6fd595e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
      
      This unbreaks libvirt-tck's domain/100-transient-save-restore.t with
      qemu:///session and selinux compiled in but disabled.
      
      Introduced by 8d68cbea
      ea151935
  6. 03 4月, 2013 1 次提交
    • M
      sec_manager: Refuse to start domain with unsupported seclabel · 8d68cbea
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=947387
      
      If a user configures a domain to use a seclabel of a specific type,
      but the appropriate driver is not accessible, we should refuse to
      start the domain. For instance, if user requires selinux, but it is
      either non present in the system, or is just disabled, we should not
      start the domain. Moreover, since we are touching only those labels we
      have a security driver for, the other labels may confuse libvirt when
      reconnecting to a domain on libvirtd restart. In our selinux example,
      when starting up a domain, missing security label is okay, as we
      auto-generate one. But later, when libvirt is re-connecting to a live
      qemu instance, we parse a state XML, where security label is required
      and it is an error if missing:
      
        error : virSecurityLabelDefParseXML:3228 : XML error: security label
        is missing
      
      This results in a qemu process left behind without any libvirt control.
      8d68cbea
  7. 28 3月, 2013 3 次提交
  8. 20 3月, 2013 1 次提交
  9. 14 3月, 2013 3 次提交
    • D
      Fix parsing of SELinux ranges without a category · 1732c1c6
      Daniel P. Berrange 提交于
      Normally libvirtd should run with a SELinux label
      
        system_u:system_r:virtd_t:s0-s0:c0.c1023
      
      If a user manually runs libvirtd though, it is sometimes
      possible to get into a situation where it is running
      
        system_u:system_r:init_t:s0
      
      The SELinux security driver isn't expecting this and can't
      parse the security label since it lacks the ':c0.c1023' part
      causing it to complain
      
        internal error Cannot parse sensitivity level in s0
      
      This updates the parser to cope with this, so if no category
      is present, libvirtd will hardcode the equivalent of c0.c1023.
      
      Now this won't work if SELinux is in Enforcing mode, but that's
      not an issue, because the user can only get into this problem
      if in Permissive mode. This means they can now start VMs in
      Permissive mode without hitting that parsing error
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      1732c1c6
    • D
      Separate MCS range parsing from MCS range checking · 4a92fe44
      Daniel P. Berrange 提交于
      Pull the code which parses the current process MCS range
      out of virSecuritySELinuxMCSFind and into a new method
      virSecuritySELinuxMCSGetProcessRange.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4a92fe44
    • D
      Fix memory leak on OOM in virSecuritySELinuxMCSFind · f2d8190c
      Daniel P. Berrange 提交于
      The body of the loop in virSecuritySELinuxMCSFind would
      directly 'return NULL' on OOM, instead of jumping to the
      cleanup label. This caused a leak of several local vars.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f2d8190c
  10. 13 3月, 2013 1 次提交
    • P
      virCaps: conf: start splitting out irrelevat data · 27cf98e2
      Peter Krempa 提交于
      The virCaps structure gathered a ton of irrelevant data over time that.
      The original reason is that it was propagated to the XML parser
      functions.
      
      This patch aims to create a new data structure virDomainXMLConf that
      will contain immutable data that are used by the XML parser. This will
      allow two things we need:
      
      1) Get rid of the stuff from virCaps
      
      2) Allow us to add callbacks to check and add driver specific stuff
      after domain XML is parsed.
      
      This first attempt removes pointers to private data allocation functions
      to this new structure and update all callers and function that require
      them.
      27cf98e2
  11. 08 3月, 2013 1 次提交
    • G
      apparmor: use AppArmorSetFDLabel for both imageFD and tapFD · ce4557c3
      Guannan Ren 提交于
      Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
      be used as a common function for *ALL* fd relabelling in Linux.
      
      In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
      Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
      The last line is for the tapfd relabelling.
      
       # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
        "/var/log/libvirt/**/rhel6qcow2.log" w,
        "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
        "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
        "/run/libvirt/**/rhel6qcow2.pid" rwk,
        "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
        "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
        "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
        "/dev/tap45" rw,
      ce4557c3
  12. 01 3月, 2013 1 次提交
    • J
      Fix starting qemu instances when apparmor driver is enabled · 438a3850
      Jim Fehlig 提交于
      With the apparmor security driver enabled, qemu instances fail
      to start
      
      # grep ^security_driver /etc/libvirt/qemu.conf
      security_driver = "apparmor"
      # virsh start test-kvm
      error: Failed to start domain test-kvm
      error: internal error security label already defined for VM
      
      The model field of virSecurityLabelDef object is always populated
      by virDomainDefGetSecurityLabelDef(), so remove the check for a
      NULL model when verifying if a label is already defined for the
      instance.
      
      Checking for a NULL model and populating it later in
      AppArmorGenSecurityLabel() has been left in the code to be
      consistent with virSecuritySELinuxGenSecurityLabel().
      438a3850
  13. 16 2月, 2013 1 次提交
    • J
      security: Remove unnecessary checks for mgr == NULL · 676688b6
      John Ferlan 提交于
      Coverity found the DACGenLabel was checking for mgr == NULL after a
      possible dereference; however, in order to get into the function the
      virSecurityManagerGenLabel would have already dereferenced sec_managers[i]
      so the check was unnecessary. Same check is made in SELinuxGenSecurityLabel.
      676688b6
  14. 14 2月, 2013 1 次提交
    • L
      security: add new virSecurityManagerSetChildProcessLabel API · 7bf1aa0b
      Laine Stump 提交于
      The existing virSecurityManagerSetProcessLabel() API is designed so
      that it must be called after forking the child process, but before
      exec'ing the child. Due to the way the virCommand API works, that
      means it needs to be put in a "hook" function that virCommand is told
      to call out to at that time.
      
      Setting the child process label is a basic enough need when executing
      any process that virCommand should have a method of doing that. But
      virCommand must be told what label to set, and only the security
      driver knows the answer to that question.
      
      The new virSecurityManagerSet*Child*ProcessLabel() API is the way to
      transfer the knowledge about what label to set from the security
      driver to the virCommand object. It is given a virCommandPtr, and each
      security driver calls the appropriate virCommand* API to tell
      virCommand what to do between fork and exec.
      
      1) in the case of the DAC security driver, it calls
      virCommandSetUID/GID() to set a uid and gid that must be set for the
      child process.
      
      2) for the SELinux security driver, it calls
      virCommandSetSELinuxLabel() to save a copy of the char* that will be
      sent to setexeccon_raw() *after forking the child process*.
      
      3) for the AppArmor security drivers, it calls
      virCommandSetAppArmorProfile() to save a copy of the char* that will
      be sent to aa_change_profile() *after forking the child process*.
      
      With this new API in place, we will be able to remove
      virSecurityManagerSetProcessLabel() from any virCommand pre-exec
      hooks.
      
      (Unfortunately, the LXC driver uses clone() rather than virCommand, so
      it can't take advantage of this new security driver API, meaning that
      we need to keep around the older virSecurityManagerSetProcessLabel(),
      at least for now.)
      7bf1aa0b
  15. 12 2月, 2013 3 次提交
    • D
      Fix potential deadlock across fork() in QEMU driver · 61b52d2e
      Daniel P. Berrange 提交于
      The hook scripts used by virCommand must be careful wrt
      accessing any mutexes that may have been held by other
      threads in the parent process. With the recent refactoring
      there are 2 potential flaws lurking, which will become real
      deadlock bugs once the global QEMU driver lock is removed.
      
      Remove use of the QEMU driver lock from the hook function
      by passing in the 'virQEMUDriverConfigPtr' instance directly.
      
      Add functions to the virSecurityManager to be invoked before
      and after fork, to ensure the mutex is held by the current
      thread. This allows it to be safely used in the hook script
      in the child process.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      61b52d2e
    • E
      build: fix compilation of selinux on RHEL 5 · 736a87b9
      Eric Blake 提交于
      On RHEL 5, I got:
      
      security/security_selinux.c: In function 'getContext':
      security/security_selinux.c:971: warning: unused parameter 'mgr' [-Wunused-parameter]
      
      * src/security/security_selinux.c (getContext): Mark potentially
      unused parameter.
      736a87b9
    • D
      Remove re-entrant API call in SELinux/AppArmor security managers · 0ab49601
      Daniel P. Berrange 提交于
      The security manager drivers are not allowed to call back
      out to top level security manager APIs, since that results
      in recursive mutex acquisition and thus deadlock. Remove
      calls to virSecurityManagerGetModel from SELinux / AppArmor
      drivers
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      0ab49601
  16. 11 2月, 2013 2 次提交
  17. 08 2月, 2013 1 次提交
  18. 06 2月, 2013 2 次提交
  19. 24 1月, 2013 4 次提交
  20. 23 1月, 2013 1 次提交
  21. 22 1月, 2013 2 次提交
  22. 21 12月, 2012 4 次提交