- 24 6月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
Extend the 'gendispatch.pl' script to be able to generate three new types of file. - 'aclheader' - defines signatures of helper APIs for doing authorization checks. There is one helper API for each API requiring an auth check. Any @acl annotations result in a method being generated with a suffix of 'EnsureACL'. If the ACL check requires examination of flags, an extra 'flags' param will be present. Some examples extern int virConnectBaselineCPUEnsureACL(void); extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain); extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags); Any @aclfilter annotations resuilt in a method being generated with a suffix of 'CheckACL'. extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain); These are used for filtering individual objects from APIs which return a list of objects - 'aclbody' - defines the actual implementation of the methods described above. This calls into the access manager APIs. A complex example: /* Returns: -1 on error (denied==error), 0 on allowed */ int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn, virDomainDefPtr domain, unsigned int flags) { virAccessManagerPtr mgr; int rv; if (!(mgr = virAccessManagerGetDefault())) return -1; if ((rv = virAccessManagerCheckDomain(mgr, conn->driver->name, domain, VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) { virObjectUnref(mgr); if (rv == 0) virReportError(VIR_ERR_ACCESS_DENIED, NULL); return -1; } if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) && (rv = virAccessManagerCheckDomain(mgr, conn->driver->name, domain, VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) { virObjectUnref(mgr); if (rv == 0) virReportError(VIR_ERR_ACCESS_DENIED, NULL); return -1; } if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) && (rv = virAccessManagerCheckDomain(mgr, conn->driver->name, domain, VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) { virObjectUnref(mgr); if (rv == 0) virReportError(VIR_ERR_ACCESS_DENIED, NULL); return -1; } virObjectUnref(mgr); return 0; } - 'aclsyms' - generates a linker script to export the APIs to drivers. Some examples virConnectBaselineCPUEnsureACL; virConnectCompareCPUEnsureACL; Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add an access control driver that uses the pkcheck command to check authorization requests. This is fairly inefficient, particularly for cases where an API returns a list of objects and needs to check permission for each object. It would be desirable to use the polkit API but this links to glib with abort-on-OOM behaviour, so can't be used. The other alternative is to speak to dbus directly Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This patch introduces the virAccessManagerPtr class as the interface between virtualization drivers and the access control drivers. The viraccessperm.h file defines the various permissions that will be used for each type of object libvirt manages Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 07 6月, 2013 1 次提交
-
-
由 ryan woodsmall 提交于
A few things have changed in the VirtualBox API - some small (capitalizations of things in function names like Ip to IP and Dhcp to DHCP) and some much larger (FindMedium is superceded by OpenMedium). The biggest change for the sake of this patch is the signature of CreateMachine is quite a bit different. Using the Oracle source as a guide, to spin up a VM with a given UUID, it looks like a text flag has to be passed in a new argument to CreateMachine. This flag is built in the VirtualBox 4.2 specific ifdefs and is kind of ugly but works. Additionally, there is now (unused) VM groups support in CreateMachine and the previous 'osTypeId' arg is currently set to nsnull as in the Oracle code. The FindMedium to OpenMedium changes were more straightforward and are pretty clear. The rest of the vbox template changes are basically spelling/capitalization changes from the looks of things. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 31 5月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Commit d671121d was incomplete; I hit another compile fail on cygwin not finding the correct rpc/rpc.h. * src/Makefile.am (virtlockd_CFLAGS): Add XDR_CFLAGS. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 30 5月, 2013 1 次提交
-
-
由 Eric Blake 提交于
On cygwin, the build failed with: In file included from ./rpc/virnetmessage.h:24:0, from ./rpc/virnetclient.h:29, from locking/lock_driver_lockd.c:31: ./rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory * src/Makefile.am (lockd_la_CFLAGS): Add XDR_CFLAGS. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 21 5月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Several files called out COPYING or COPYING.LIB instead of using the normal boilerplate. It's especially important that we don't call out COPYING from an LGPL file, since COPYING is traditionally used for the GPL. A few files were lacking copyright altogether. * src/rpc/gendispatch.pl: Add missing copyright. * Makefile.nonreentrant: Likewise. * src/check-symfile.pl: Likewise. * src/check-symsorting.pl: Likewise. * src/driver.h: Likewise. * src/internal.h: Likewise. * tools/libvirt-guests.sh.in: Likewise. * tools/virt-pki-validate.in: Mention copyright in comment, not just code. * tools/virt-sanlock-cleanup.in: Likewise. * src/rpc/genprotocol.pl: Spell out license terms. * src/xen/xend_internal.h: Likewise. * src/xen/xend_internal.c: Likewise. * Makefile.am: Likewise. * daemon/Makefile.am: Likewise. * docs/Makefile.am: Likewise. * docs/schemas/Makefile.am: Likewise. * examples/apparmor/Makefile.am: Likewise. * examples/domain-events/events-c/Makefile.am: Likewise. * examples/dominfo/Makefile.am: Likewise. * examples/domsuspend/Makefile.am: Likewise. * examples/hellolibvirt/Makefile.am: Likewise. * examples/openauth/Makefile.am: Likewise. * examples/python/Makefile.am: Likewise. * examples/systemtap/Makefile.am: Likewise. * examples/xml/nwfilter/Makefile.am: Likewise. * gnulib/lib/Makefile.am: Likewise. * gnulib/tests/Makefile.am: Likewise. * include/Makefile.am: Likewise. * include/libvirt/Makefile.am: Likewise. * python/Makefile.am: Likewise. * python/tests/Makefile.am: Likewise. * src/Makefile.am: Likewise. * tests/Makefile.am: Likewise. * tools/Makefile.am: Likewise. * configure.ac: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 16 5月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Change the build process & driver initialization so that the VirtualBox driver is built into libvirtd, instead of libvirt.so This change avoids the VirtualBox GPLv2-only license causing compatibility problems with libvirt.so which is under the GPLv2-or-later license. NB this change prevents use of the VirtualBox driver on the Windows platform, until such time as libvirtd can be made to work there. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Jiri Denemark 提交于
DRIVER_SOURCE_FILES mixes files with absolute path (inherited from REMOTE_DRIVER_GENERATED) with file paths that are relative to srcdir but check-driverimpls.pl needs full paths.
-
- 14 5月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Automake already passes all CFLAGS to the linker too, so it is not necessary to set WARN_LDFLAGS in addition to the WARN_CFLAGS variable. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Clang does not like the -export-dynamic flag. The compiler does not need it in the first place, so we can avoid the problem by only setting it for the linker Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 13 5月, 2013 1 次提交
-
-
由 Han Cheng 提交于
This patch adds util functions for scsi hostdev. Signed-off-by: NHan Cheng <hanc.fnst@cn.fujitsu.com> Signed-off-by: NOsier Yang <jyang@redhat.com>
-
- 10 5月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Update the DRIVER_SOURCE_FILES variable to reference the other various XXX_SOURCES variables, instead of duplicating the filename lists. This results in a bunch of extra files being processed, but the test scripts can easily skip those Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 07 5月, 2013 1 次提交
-
-
由 Eric Blake 提交于
On a mingw build, 'make distcheck' fails with: GEN libvirt_qemu.def make[3]: *** No rule to make target `../../src/libvirt_lxc.syms', needed by `libvirt_lxc.def'. Stop. I traced it to a missing entry in EXTRA_DIST. But rather than keep the entire list in sync, it is easier to list the three syms files that drive .so files directly, and then reuse existing makefile variables for the remaining files (that is, I validated that all remaining files are added to SYM_FILES, possibly via USED_SYM_FILES, according to makefile conditionals). Problem introduced in commit 3d1596b0 (v1.0.2). * src/Makefile.am (EXTRA_DIST): Ensure all syms files are shipped. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 02 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
It's not desired to force users imagine path for a socket they are not even supposed to connect to. On the other hand, we already have a release where the qemu agent socket path is exposed to XML, so we cannot silently drop it from there. The new path is generated in form: $LOCALSTATEDIR/lib/libvirt/qemu/channel/target/$domain.$name for qemu system mode, and $XDG_CONFIG_HOME/qemu/lib/channel/target/$domain.$name for qemu session mode.
-
- 24 4月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
Ensure that all drivers implementing public APIs use a naming convention for their implementation that matches the public API name. eg for the public API virDomainCreate make sure QEMU uses qemuDomainCreate and not qemuDomainStart Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure that the virDrvXXX method names exactly match the public APIs virYYY method names. ie XXX == YYY. Add a test case to prevent any regressions. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
There are many declared options in gendispatch.pl that were no longer used. Those which were used were obscure '-b', '-k' and '-d'. Switch to use --mode={debug|client|server}. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 16 4月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The definition of structs for cgroups are kept in vircgroup.c since they are intended to be private from users of the API. To enable effective testing, however, they need to be accessible. To address the latter issue, without compronmising the former, this introduces a new vircgrouppriv.h file to hold the struct definitions. To prevent other files including this private header, it requires that __VIR_CGROUP_ALLOW_INCLUDE_PRIV_H__ be defined before inclusion Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 13 4月, 2013 1 次提交
-
-
由 Stefan Berger 提交于
Implement helper function to create the TPM's sysfs cancel file. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NCorey Bryant <coreyb@linux.vnet.ibm.com> Tested-by: NCorey Bryant <coreyb@linux.vnet.ibm.com>
-
- 06 4月, 2013 1 次提交
-
-
由 Eric Blake 提交于
By default, libtool builds two .o files for every .lo rule: src/foo.o - static builds src/.libs/foo.o - shared library builds But since commit ad42b34b disabled static builds, src/foo.o is no longer built by default. On a fresh checkout, this means our protocol check rules using pdwtags were testing a missing file, and thanks to a lousy behavior of pdwtags happily giving no output and 0 exit status (http://bugzilla.redhat.com/949034), we were merely claiming that "dwarves is too old" and skipping the test. However, if you swap between branches and do incremental builds, such as building v0.10.2-maint and then switching back to master, you end up with src/foo.o being leftover from its 0.10.2 state, and then 'make check' fails because the .o file does not match the protocol-structs file due to API additions in the meantime. A simpler fix would be to always look in .libs for the .o to be parsed; but since it is possible to pass ./configure options to tell libtool to do a static-only build with no shared .o, I went with the approach of finding the newest of the two files, whenever both exist. * src/Makefile.am (PDWTAGS): Ensure we test just-built file.
-
- 03 4月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
By passing the flags -z relro -z now to the linker, we can force it to resolve all library symbols at startup, instead of on-demand. This allows it to then make the global offset table (GOT) read-only, which makes some security attacks harder. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
PIE (position independent executable) adds security to executables by composing them entirely of position-independent code (PIC. The .so libraries already build with -fPIC. This adds -fPIE which is the equivalent to -fPIC, but for executables. This for allows Exec Shield to use address space layout randomization to prevent attackers from knowing where existing executable code is during a security attack using exploits that rely on knowing the offset of the executable code in the binary, such as return-to-libc attacks. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The recent commit moved some of the use of libnuma out of the driver code, and into src/util/. It did not, however, update libvirt_util.la to link against libnuma. This caused linkage failure with virt-aa-helper, since nothing else caused libnuma to be pulled onto the linker command line. The fix removes all reference to NUMACTL_LIBS/CFLAGS from the various modules in src/Makefile.am and just adds them to the libvirt_util.la module, which everything else depends on. Technically a build-breaker fix, but wanted to wait for feedback on this Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 20 3月, 2013 2 次提交
-
-
由 Gao feng 提交于
qemuGetNumadAdvice will be used by LXC driver, rename it to virNumaGetAutoPlacementAdvice and move it to virnuma.c Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Doug Goldstein 提交于
When building with --without-libvirtd and udev support is detected we will fail to build with the following error: node_device/node_device_udev.c:1608:37: error: unknown type name 'virStateInhibitCallback'
-
- 19 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 3月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
The src/lxc/lxc_*_dispatch.h files only had deps on the RPC generator script & the XDR definition file. So when the Makefile.am args passed to the generator were change, the disaptch code was not re-generated. This caused a build failure CC libvirt_lxc-lxc_controller.o lxc/lxc_controller.c: In function 'virLXCControllerSetupServer': lxc/lxc_controller.c:718:47: error: 'virLXCMonitorProcs' undeclared (first use in this function) lxc/lxc_controller.c:718:47: note: each undeclared identifier is reported only once for each function it appears in lxc/lxc_controller.c:719:47: error: 'virLXCMonitorNProcs' undeclared (first use in this function) make[3]: *** [libvirt_lxc-lxc_controller.o] Error 1 For added fun, the generated files were not listed in CLEANFILES, so only a 'git clean -f' would fix the build Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The naming used in the RPC protocols for the LXC monitor and lock daemon confused the script used to generate systemtap helper functions. Rename the LXC monitor protocol symbols to reduce confusion. Adapt the gensystemtap.pl script to cope with the LXC monitor / lock daemon naming conversions. This has no functional impact on RPC wire protocol, since names are only used in the C layer Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 13 3月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
A number of symbols are only present when GNUTLS is enabled. Thus we must use a separate libvirt_gnutls.syms file for them instead of libvirt_private.syms Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Peter Krempa 提交于
The virCaps structure gathered a ton of irrelevant data over time that. The original reason is that it was propagated to the XML parser functions. This patch aims to create a new data structure virDomainXMLConf that will contain immutable data that are used by the XML parser. This will allow two things we need: 1) Get rid of the stuff from virCaps 2) Allow us to add callbacks to check and add driver specific stuff after domain XML is parsed. This first attempt removes pointers to private data allocation functions to this new structure and update all callers and function that require them.
-
- 23 2月, 2013 1 次提交
-
-
由 Eric Blake 提交于
On FreeBSD, I got a 'make check' failure: GEN check-symsorting Symbol block at ./libvirt_atomic.syms:4: viratomic.h not found * src/Makefile.am (SYM_FILES): New define. (check-symsorting): Check on all symfiles, even when not used. * src/libvirt_atomic.syms: Fix offender.
-
- 20 2月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Automating a sorting check is the only way to ensure we don't regress. Suggested by Dan Berrange. * src/check-symsorting.pl (check_sorting): Add a parameter, validate that groups are in order, and that files exist. * src/Makefile.am (check-symsorting): Adjust caller. * src/libvirt_private.syms: Fix typo. * src/libvirt_linux.syms: Fix file name. * src/libvirt_vmx.syms: Likewise. * src/libvirt_xenxs.syms: Likewise. * src/libvirt_sasl.syms: Likewise. * src/libvirt_libssh2.syms: Likewise. * src/libvirt_esx.syms: Mention file name. * src/libvirt_openvz.syms: Likewise.
-
- 16 2月, 2013 1 次提交
-
-
由 Eric Blake 提交于
More mingw build failures: CCLD libvirt-lxc.la /usr/lib64/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld: cannot find libvirt_lxc.def: No such file or directory CC virportallocatortest-virportallocatortest.o ../../tests/virportallocatortest.c: In function 'main': ../../tests/virportallocatortest.c:195:1: error: implicit declaration of function 'setenv' [-Werror=implicit-function-declaration] * src/Makefile.am (GENERATED_SYM_FILES): Also generate libvirt_lxc.def. * bootstrap.conf (gnulib_modules): Import setenv.
-
- 14 2月, 2013 2 次提交
-
-
由 Laine Stump 提交于
virCommand gets two new APIs: virCommandSetSELinuxLabel() and virCommandSetAppArmorProfile(), which both save a copy of a null-terminated string in the virCommand. During virCommandRun, if the string is non-NULL and we've been compiled with AppArmor and/or SELinux security driver support, the appropriate security library function is called for the child process, using the string that was previously set. In the case of SELinux, setexeccon_raw() is called, and for AppArmor, aa_change_profile() is called. This functionality has been added so that users of virCommand can use the upcoming virSecurityManagerSetChildProcessLabel() prior to running a child process, rather than needing to setup a hook function to be called (and in turn call virSecurityManagerSetProcessLabel()) *during* the setup of the child process.
-
由 Laine Stump 提交于
This makes it simpler to include the necessary system security driver libraries for a particular system. For this patch, several existing conditional sections from the Makfile were replaced; I'll later be adding SECDRIVER_LIBS to libvirt_util_la_LIBADD, because vircommand.c will be calling a function from $securitylib.
-
- 13 2月, 2013 1 次提交
-
-
由 Eric Blake 提交于
We have several cases where we need to read endian-dependent data regardless of host endianness; rather than open-coding these call sites, it will be nicer to funnel things through a macro. The virendian.h file can be expanded to add writer functions, and/or 16-bit access patterns, if needed. Also, if we need to turn things into a function to avoid multiple evaluations of buf, that can be done later. But for now, a macro worked. * src/util/virendian.h: New file. * src/Makefile.am (UTIL_SOURCES): Ship it. * tests/virendiantest.c: New test. * tests/Makefile.am (test_programs, virendiantest_SOURCES): Run the test. * .gitignore: Ignore built file.
-
- 05 2月, 2013 1 次提交
-
-
由 Jiri Denemark 提交于
libvirt.c calls curl_global_init() if WITH_CURL is defined and thus it should be linked with libcurl. This fixes link failure in case neither xenapi nor esx driver is enabled (they are the only users of libcurl).
-
- 16 1月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Introduce a virPortAllocator for managing TCP port allocations. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add the infrastructure for the libvirt-lxc.la library to the remote protocol client and daemon Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-