- 10 10月, 2017 3 次提交
-
-
由 Marc Hartmayer 提交于
This commit fixes the deadlock introduced by commit 0980764d. The call getgrouplist() of the glibc library isn't safe to be called in between fork and exec (see commit 75c12564). Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> Fixes: 0980764d ("util: share code between virExec and virCommandExec") Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com> Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
-
由 Marc Hartmayer 提交于
These functions are used by an upcoming commit. Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
-
由 Kothapally Madhu Pavan 提交于
Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
-
- 07 10月, 2017 3 次提交
-
-
由 Jim Fehlig 提交于
Commit b482925c added ptrace rule for the apparmor profiles, but one was missed in the libvirtd profile for dnsmasq. It was overlooked since the test machine did not have an active libvirt network requiring dnsmasq that was also set to autostart. With one active and set to autostart, the following denial is observed in audit.log when restarting libvirtd type=AVC msg=audit(1507320136.306:298): apparmor="DENIED" \ operation="ptrace" profile="/usr/sbin/libvirtd" pid=5472 \ comm="libvirtd" requested_mask="trace" denied_mask="trace" \ peer="/usr/sbin/dnsmasq" With an active network, I suspect a libvirtd restart causes access to /proc/<dnsmasq-pid>/*, hence the resulting denial. As a nasty side affect of the denial, libvirtd thinks it needs to spawn a dnsmasq process even though one is already running for the network. E.g. after two libvirtd restarts dnsmasq 1683 0.0 0.0 51188 2612 ? S 12:03 0:00 \ /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \ --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper root 1684 0.0 0.0 51160 576 ? S 12:03 0:00 \ /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \ --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper dnsmasq 4706 0.0 0.0 51188 2572 ? S 13:54 0:00 \ /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \ --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper root 4707 0.0 0.0 51160 572 ? S 13:54 0:00 \ /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \ --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper dnsmasq 4791 0.0 0.0 51188 2580 ? S 13:56 0:00 \ /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \ --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper root 4792 0.0 0.0 51160 572 ? S 13:56 0:00 \ /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \ --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper A simple fix is to add a ptrace rule for dnsmasq. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-By: NGuido Günther <agx@sigxcpu.org>
-
由 Wim ten Have 提交于
Rename virDomainNumaDefCPUFormat to virDomainNumaDefCPUFormatXML, matching its peer virDomainNumaDefCPUParseXML and the general vir*{Format,Parse}XML conventions. Signed-off-by: NWim ten Have <wim.ten.have@oracle.com> Reviewed-by: NJim Fehlig <jfehlig@suse.com>
-
由 Wim ten Have 提交于
Generating libvirt packages per make rpm, "with-libxl=1" and "with-xen=1", adds strict runtime dependencies per libxenlight for xen-libs package from core libvirt-libs package. This is not necessary and unfortunate since those dependencies set demand to "xen-libs" package even when there's no need for libvirt xen or libxl driver components. This patch is to have two separate xenconfig lib tool libraries: one for core libvirt (without XL), and a another that contains xl for libxl driver (libvirt_driver_libxl_impl.la) which when loading the driver, loads the remaining symbols (xen{Format,Parse}XL. For the user/sysadmin, this means the xen dependencies are moved into libxl driver, instead of core libvirt. Signed-off-by: NJoao Martins <joao.m.martins@oracle.com> Signed-off-by: NWim ten Have <wim.ten.have@oracle.com> Reviewed-by: NJim Fehlig <jfehlig@suse.com>
-
- 06 10月, 2017 21 次提交
-
-
由 John Ferlan 提交于
In preparation for privatizing the object, use the accessor.
-
由 John Ferlan 提交于
In preparation for privatizing the object, use the accessor.
-
由 John Ferlan 提交于
In preparation for privatizing the object, use the accessor.
-
由 John Ferlan 提交于
In preparation for privatizing the object, use the accessor.
-
由 John Ferlan 提交于
In preparation for privatizing the object, use the accessor.
-
由 John Ferlan 提交于
In preparation for privatizing the object, use the accessor. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
In preparation for privatizing the object, use the accessor. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Rather than accessing privconn->pools.objs[i] in the for loop, let's use an @obj variable to make it easier to read the code.
-
由 John Ferlan 提交于
Make it more obvious as we're about to need to change how obj->def gets referenced. Perform a couple of minor cleanups along the way too.
-
由 John Ferlan 提交于
In preparation for privatizing the object, use the accessor to fetch the obj->def instead of the direct reference. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
-
由 John Ferlan 提交于
Modify virStoragePoolObjGetAutostartLink and virStoragePoolObjGetConfigFile to return "const char *" since that's how both are used and to ensure no one tries to VIR_FREE the result.
-
由 Christian Ehrhardt 提交于
To avoid any issues later on if paths ever change (unlikely but possible) and to match the style of other generated rules the paths of the static rules have to be quoted as well. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Christian Ehrhardt 提交于
libvirt allows spaces in vm names, there were issues in the past but it seems not removed so the assumption has to be that spaces are continuing to be allowed. Therefore virt-aa-helper should not reject spaces in vm names anymore if it is going to be refused causing issues then the parser or xml schema should do so. Apparmor rules are in quotes, so a space in a path based on the name works. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Christian Ehrhardt 提交于
libusb as used by qemu needs to read data from /run/udev/data/ about usb devices. That is read once on the first initialization of libusb_init by qemu. Therefore generating just the device we need would not be sufficient as another hotplug later can need another device which would fail as the data is no more re-read at this point. But we can restrict the paths very much to just the major number of potential usb devices which will make it match approximately the detail that e.g. an lsusb -v would reveal - that is much safer than the "/run/udev/data/* r" blanket many users are using now as a workaround. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Christian Ehrhardt 提交于
If users only specified vendor&product (the common case) then parsing the xml via virDomainHostdevSubsysUSBDefParseXML would only set these. Bus and Device would much later be added when the devices are prepared to be added. Due to that a hot-add of a usb hostdev works as the device is prepared and virt-aa-helper processes the new internal xml. But on an initial guest start at the time virt-aa-helper renders the apparmor rules the bus/device id's are not set yet: p ctl->def->hostdevs[0]->source.subsys.u.usb $12 = {autoAddress = false, bus = 0, device = 0, vendor = 1921, product = 21888} That causes rules to be wrong: "/dev/bus/usb/000/000" rw, The fix calls virHostdevFindUSBDevice after reading the XML from virt-aa-helper to only add apparmor rules for devices that could be found and now are fully known to be able to write the rule correctly. It uncondtionally sets virHostdevFindUSBDevice mandatory attribute as adding an apparmor rule for a device not found makes no sense no matter what startup policy it has set. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Peter Krempa 提交于
Skip purging the backing chain and redetecting it when it was not going to change during the time we were not present. The decision is based on the new flag which records whether there were blockjobs running to the status XML.
-
由 Peter Krempa 提交于
Add a helper variable so that we don't have to access the disk via 3 indirections.
-
由 Peter Krempa 提交于
Note when no blockjobs are running in the status XML so that we know that the backing chain will not change until we reconnect.
-
由 Peter Krempa 提交于
virTristateBoolFromBool and virTristateSwitchFromBool convert a boolean to the correct enum value.
-
由 Michal Privoznik 提交于
In 361c8dc1 and 662140fa I've implemented hot-(un)plug of watchdog devices. Document this change. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 05 10月, 2017 13 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1447169Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1447169 Since domain can have at most one watchdog it simplifies things a bit. However, since we must be able to set the watchdog action as well, new monitor command needs to be used. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
Currently we don't do it. Therefore we accept senseless combinations of models and buses they are attached to. Moreover, diag288 watchdog is exclusive to s390(x). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1475250 It's possible to define and start a pool with a '.' in the name; however, when trying to add a volume to a domain using the storage pool source with a '.' in the storage pool name, the domain RNG validation fails because RNG uses 'genericName' which does not allow a '.' in the name. Domain XML def parsing has a virXMLValidateAgainstSchema which generates the error. The Storage Pool XML def parsing has no call to virXMLValidateAgainstSchema. The only Storage Pool name validation occurs in virStoragePoolDefParseXML to ensure the name doesn't have a '/' in it and in storagePoolDefineXML to call virXMLCheckIllegalChars using the same parameter "\n" as qemuDomainDefineXMLFlags would check after the RNG check could be succesful. In order to resolve this, create a poolName definition in storagecommon.rng that will mimic the domain name regex that disallows a newline character, but add the "/" in the exclude list. Then modify the pool and volume source name definitions to key off that poolName.
-
由 Peter Krempa 提交于
Unindent the static XML block and move around the autoindent calls so that further additions don't have to add more of them. Also rename the string holding the static XML section.
-
由 Peter Krempa 提交于
Few jobs (which don't) use the 'mirror' element did not save the status XML. It will be helpful to do so once we start tracking jobs fully.
-
由 Peter Krempa 提交于
For VMs with persistent config the config may change upon successful completion of a job. Save it always if a persistent VM finishes a blockjob. This will simplify further additions.
-
由 Peter Krempa 提交于
The status XML would be saved only for the copy job (in case of success) or on failure even for other jobs. As the status contains the backing chain data, which change after success we should always save it on block job completion.
-
由 Michal Privoznik 提交于
In cea3715b and d86fd240 I've fixed domifstat and QoS that was reversed for some types of interfaces. Document this in the news file. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Peter Krempa 提交于
Checking of disk presence accesses storage on the host so it should be done from the host setup function. Move the code to new function called qemuProcessPrepareHostStorage and remove qemuDomainCheckDiskPresence.
-
由 Peter Krempa 提交于
-
由 Peter Krempa 提交于
Introduce a new function to prepare domain disks which will also do the volume source to actual disk source translation. The 'pretend' condition is not transferred to the new location since it does not help in writing tests and also no tests abuse it.
-