1. 14 12月, 2018 1 次提交
    • D
      Remove all Author(s): lines from source file headers · 60046283
      Daniel P. Berrangé 提交于
      In many files there are header comments that contain an Author:
      statement, supposedly reflecting who originally wrote the code.
      In a large collaborative project like libvirt, any non-trivial
      file will have been modified by a large number of different
      contributors. IOW, the Author: comments are quickly out of date,
      omitting people who have made significant contribitions.
      
      In some places Author: lines have been added despite the person
      merely being responsible for creating the file by moving existing
      code out of another file. IOW, the Author: lines give an incorrect
      record of authorship.
      
      With this all in mind, the comments are useless as a means to identify
      who to talk to about code in a particular file. Contributors will always
      be better off using 'git log' and 'git blame' if they need to  find the
      author of a particular bit of code.
      
      This commit thus deletes all Author: comments from the source and adds
      a rule to prevent them reappearing.
      
      The Copyright headers are similarly misleading and inaccurate, however,
      we cannot delete these as they have legal meaning, despite being largely
      inaccurate. In addition only the copyright holder is permitted to change
      their respective copyright statement.
      Reviewed-by: NErik Skultety <eskultet@redhat.com>
      Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
      60046283
  2. 16 11月, 2018 2 次提交
  3. 08 10月, 2018 1 次提交
  4. 18 9月, 2018 1 次提交
  5. 08 6月, 2018 1 次提交
  6. 06 6月, 2018 1 次提交
  7. 05 6月, 2018 1 次提交
  8. 11 5月, 2018 1 次提交
  9. 22 2月, 2018 2 次提交
  10. 19 2月, 2018 1 次提交
  11. 12 2月, 2018 1 次提交
  12. 02 2月, 2018 1 次提交
  13. 08 11月, 2017 1 次提交
  14. 07 11月, 2017 1 次提交
  15. 28 9月, 2017 1 次提交
    • A
      conf: Introduce TLS options for VxHS block device clients · bd6fdcd8
      Ashish Mittal 提交于
      Add a new TLS X.509 certificate type - "vxhs". This will handle the
      creation of a TLS certificate capability for properly configured
      VxHS network block device clients.
      
      The following describes the behavior of TLS for VxHS block device:
      
        (1) Two new options have been added in /etc/libvirt/qemu.conf
            to control TLS behavior with VxHS block devices
            "vxhs_tls" and "vxhs_tls_x509_cert_dir".
        (2) Setting "vxhs_tls=1" in /etc/libvirt/qemu.conf will enable
            TLS for VxHS block devices.
        (3) "vxhs_tls_x509_cert_dir" can be set to the full path where the
            TLS CA certificate and the client certificate and keys are saved.
            If this value is missing, the "default_tls_x509_cert_dir" will be
            used instead. If the environment is not configured properly the
            authentication to the VxHS server will fail.
      Signed-off-by: NAshish Mittal <Ashish.Mittal@veritas.com>
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      bd6fdcd8
  16. 03 8月, 2017 1 次提交
  17. 26 7月, 2017 1 次提交
    • P
      qemu: switch QEMU capabilities to use virFileCache · d03de54e
      Pavel Hrdina 提交于
      The switch contains considerable amount of changes:
      
        virQEMUCapsRememberCached() is removed because this is now handled
        by virFileCacheSave().
      
        virQEMUCapsInitCached() is removed because this is now handled by
        virFileCacheLoad().
      
        virQEMUCapsNewForBinary() is split into two functions,
        virQEMUCapsNewData() which creates new data if there is nothing
        cached and virQEMUCapsLoadFile() which loads the cached data.
        This is now handled by virFileCacheNewData().
      
        virQEMUCapsCacheValidate() is removed because this is now handled by
        virFileCacheValidate().
      
        virQEMUCapsCacheFree() is removed because it's no longer required.
      
        Add virCapsPtr into virQEMUCapsCachePriv because for each call of
        virFileCacheLookup*() we need to use current virCapsPtr.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      Reviewed-by: NJiri Denemark <jdenemar@redhat.com>
      d03de54e
  18. 25 3月, 2017 1 次提交
    • J
      conf: Introduce migrate_tls_x509_cert_dir · 1415121a
      John Ferlan 提交于
      Add a new TLS X.509 certificate type - "migrate". This will handle the
      creation of a TLS certificate capability (and possibly repository) to
      be used for migrations. Similar to chardev's, credentials will be handled
      via a libvirt secrets; however, unlike chardev's enablement and usage
      will be via a CLI flag instead of a conf flag and a domain XML attribute.
      
      The migrations using the *x509_verify flag require the client-cert.pem
      and client-key.pem files to be present in the TLS directory - so let's
      also be sure to note that in the qemu.conf file.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      1415121a
  19. 15 2月, 2017 1 次提交
    • M
      qemu_conf: Check for namespaces availability more wisely · b57bd206
      Michal Privoznik 提交于
      The bare fact that mnt namespace is available is not enough for
      us to allow/enable qemu namespaces feature. There are other
      requirements: we must copy all the ACL & SELinux labels otherwise
      we might grant access that is administratively forbidden or vice
      versa.
      At the same time, the check for namespace prerequisites is moved
      from domain startup time to qemu.conf parser as it doesn't make
      much sense to allow users to start misconfigured libvirt just to
      find out they can't start a single domain.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      b57bd206
  20. 09 2月, 2017 1 次提交
  21. 15 12月, 2016 1 次提交
  22. 08 12月, 2016 1 次提交
    • M
      qemu: Create hugepage path on per domain basis · f55afd83
      Michal Privoznik 提交于
      If you've ever tried running a huge page backed guest under
      different user than in qemu.conf, you probably failed. Problem is
      even though we have corresponding APIs in the security drivers,
      there's no implementation and thus we don't relabel the huge page
      path. But even if we did, so far all of the domains share the
      same path:
      
         /hugepageMount/libvirt/qemu
      
      Our only option there would be to set 0777 mode on the qemu dir
      which is totally unsafe. Therefore, we can create dir on
      per-domain basis, i.e.:
      
         /hugepageMount/libvirt/qemu/domainName
      
      and chown domainName dir to the user that domain is configured to
      run under.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      f55afd83
  23. 09 11月, 2016 1 次提交
  24. 20 10月, 2016 1 次提交
    • J
      conf: Introduce {default|chardev}_tls_x509_secret_uuid · 3b668bb5
      John Ferlan 提交于
      Add a new qemu.conf variables to store the UUID for the secret that could
      be used to present credentials to access the TLS chardev.  Since this will
      be a server level and it's possible to use some sort of default, introduce
      both the default and chardev logic at the same time making the setting of
      the chardev check for it's own value, then if not present checking whether
      the default value had been set.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      3b668bb5
  25. 19 9月, 2016 1 次提交
  26. 09 9月, 2016 2 次提交
    • J
      conf: Introduce chartcp_tls_x509_cert_dir · 3f60a9c3
      John Ferlan 提交于
      Add a new TLS X.509 certificate type - "chardev". This will handle the
      creation of a TLS certificate capability (and possibly repository) for
      properly configured character device TCP backends.
      
      Unlike the vnc and spice there is no "listen" or "passwd" associated. The
      credentials eventually will be handled via a libvirt secret provided to
      a specific backend.
      
      Make use of the default verify option as well.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      3f60a9c3
    • J
      conf: Add new default TLS X.509 certificate default directory · c12cb5ed
      John Ferlan 提交于
      Rather than specify perhaps multiple TLS X.509 certificate directories,
      let's create a "default" directory which can then be used if the service
      (e.g. for now vnc and spice) does not supply a default directory.
      
      Since the default for vnc and spice may have existed before without being
      supplied, the default check will first check if the service specific path
      exists and if so, set the cfg entry to that; otherwise, the default will
      be set to the (now) new defaultTLSx509certdir.
      
      Additionally add a "default_tls_x509_verify" entry which can also be used
      to force the peer verification option (for vnc it's a x509verify option).
      Add/alter the macro for the option being found in the config file to accept
      the default value.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      c12cb5ed
  27. 06 9月, 2016 2 次提交
    • D
      qemu: allow turning off QEMU guest RAM dump globally · 90e178f8
      Daniel P. Berrange 提交于
      We already have the ability to turn off dumping of guest
      RAM via the domain XML. This is not particularly useful
      though, as it is under control of the management application.
      What is needed is a way for the sysadmin to turn off guest
      RAM defaults globally, regardless of whether the mgmt app
      provides its own way to set this in the domain XML.
      
      So this adds a 'dump_guest_core' option in /etc/libvirt/qemu.conf
      which defaults to false. ie guest RAM will never be included in
      the QEMU core dumps by default. This default is different from
      historical practice, but is considered to be more suitable as
      a default because
      
       a) guest RAM can be huge and so inflicts a DOS on the host
          I/O subsystem when dumping core for QEMU crashes
      
       b) guest RAM can contain alot of sensitive data belonging
          to the VM owner. This should not generally be copied
          around inside QEMU core dumps submitted to vendors for
          debugging
      
       c) guest RAM contents are rarely useful in diagnosing
          QEMU crashes
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      90e178f8
    • D
      qemu: add a max_core setting to qemu.conf for core dump size · fa1ce979
      Daniel P. Berrange 提交于
      Currently the QEMU processes inherit their core dump rlimit
      from libvirtd, which is really suboptimal. This change allows
      their limit to be directly controlled from qemu.conf instead.
      fa1ce979
  28. 12 7月, 2016 1 次提交
  29. 14 6月, 2016 1 次提交
    • J
      driver config: Introduce virFirmware object · fda5a98e
      Jim Fehlig 提交于
      The virQEMUDriverConfig object contains lists of
      loader:nvram pairs to advertise firmwares supported by
      by the driver, and qemu_conf.c contains code to populate
      the lists, all of which is useful for other drivers too.
      
      To avoid code duplication, introduce a virFirmware object
      to encapsulate firmware details and switch the qemu driver
      to use it.
      Signed-off-by: NJim Fehlig <jfehlig@suse.com>
      fda5a98e
  30. 09 6月, 2016 1 次提交
  31. 25 5月, 2016 1 次提交
  32. 25 12月, 2015 1 次提交
  33. 26 11月, 2015 1 次提交
    • D
      qemu: add support for sending QEMU stdout/stderr to virtlogd · 0d968ad7
      Daniel P. Berrange 提交于
      Currently the QEMU stdout/stderr streams are written directly to
      a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those
      can be rotated by logrotate (using copytruncate option) this is
      not very efficient. It also leaves open a window of opportunity
      for a compromised/broken QEMU to DOS the host filesystem by
      writing lots of text to stdout/stderr.
      
      This makes it possible to connect the stdout/stderr file handles
      to a pipe that is provided by virtlogd. The virtlogd daemon will
      read from this pipe and write data to the log file, performing
      file rotation whenever a pre-determined size limit is reached.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      0d968ad7
  34. 29 7月, 2015 1 次提交
    • E
      qemu: Adjust VM id allocation · b2960501
      Erik Skultety 提交于
      Our atomic increment (virAtomicIntInc) uses (if available) gcc
      __sync_add_and_fetch builtin. In qemu driver though, we'd profit more
      from __sync_fetch_and_add builtin. To keep it simplistic, this patch
      adjusts qemu driver initialization rather than adding a new atomic
      increment macro.
      b2960501
  35. 10 7月, 2015 1 次提交
  36. 18 6月, 2015 1 次提交
    • P
      qemu: 'privileged' flag is not really configuration · 0b416434
      Peter Krempa 提交于
      The privileged flag will not change while the configuration might
      change. Make the 'privileged' flag member of the driver again and mark
      it immutable. Should that ever change add an accessor that will group
      reads of the state.
      0b416434