Signed-off-by: NTomas Meszaros <exo@tty.sk>

We will try to set the node to cpuset.mems without check if
it is available, since we already have helper to check this.
Call virNumaNodesetIsAvailable to check if node is available,
then try to change it in the cgroup.
Signed-off-by: NLuyao Huang <lhuang@redhat.com>

Remove unused variable, tag unused parameter and adjust return type.

introduced by 3f48345f

CC     security/libvirt_security_manager_la-security_selinux.lo
security/security_selinux.c: In function 'virSecuritySELinuxDomainSetDirLabel':
security/security_selinux.c:2520:5: error: return makes pointer from integer without a cast [-Werror]
security/security_selinux.c:2514:9: error: unused variable 'ret' [-Werror=unused-variable]
security/security_selinux.c:2509:59: error: unused parameter 'mgr' [-Werror=unused-parameter]

While a zero allocation in safezero should be fine it isn't when we use
posix_fallocate which returns EINVAL on a zero allocation.

While we could skip the zero allocation in safezero_posix_fallocate it's
an optimization to do it for all allocations.

This fixes vm installation via virtinst for me which otherwise aborts
like:

   Starting install...
   Retrieving file linux...               | 5.9 MB     00:01 ...
   Retrieving file initrd.gz...           |  29 MB     00:07 ...
   ERROR    Couldn't create storage volume 'virtinst-linux.sBgds4': 'cannot fill file '/var/lib/libvirt/boot/virtinst-linux.sBgds4': Invalid argument'

The error was introduced by e30297b0 as spotted by Chunyan Liu

We forbid access to /usr/share/, but (at least on Debian-based systems)
the Open Virtual Machine Firmware files needed for booting UEFI virtual
machines in QEMU live in /usr/share/ovmf/. Therefore, we need to add
that directory to the list of read only paths.

A similar patch was suggested by Jamie Strandboge <jamie@canonical.com>
on https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1483071.

First check overrides, then read only files then restricted access
itself.

This allows us to mark files for read only access whose parents were
already restricted for read write.

Based on a proposal by Martin Kletzander

The output of that function was not tested until now.  In order to keep
the paths in /tmp, the test driver config is "fixed" as well.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

We are automatically generating some socket paths for domains, but all
those paths end up in a directory that's the same for multiple domains.
The problem is that multiple domains can each run with different
seclabels (users, selinux contexts, etc.).  The idea here is to create a
per-domain directory labelled in a way that each domain can access its
own unix sockets.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

That function can be used for setting security labels on arbitrary
directories.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

SELinux security driver already does that, but DAC driver somehow missed
the memo.  Let's fix it so it works the same way.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

In virSecuritySELinuxSetSecurityChardevLabel() we are labelling unix
socket path, but accessing another structure of the union.  This does
not pose a problem currently as both paths are at the same offset, but
this should be fixed for the future.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Now that we have virNetDaemon object holding all the data and being
capable of referencing multiple servers, having a duplicate reference to
a single server stored in virLockDaemon isn't necessary anymore. This
patch removes the above described element.

JSON data that are used to initialize tests in virnetdaemontest should
be in a consistent format, i.e. not using tabs for indentation, those
should be replaced by spaces.

While the check is appropriate for eg. the x86 and generic drivers,
there are some valid ppc64 guest configurations where the CPU
model is supposed to be NULL.

Moving this check from the generic code to the drivers makes it
possible to accomodate both use cases.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927

Not all combinations of host CPU models and compatibility modes
are valid, so we need to make sure we don't try to do something
that QEMU will reject.

Moreover, we need to apply a different logic to guests using
host-model and host-passthrough modes when testing them for host
compatibility.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927

If a guest CPU is defined using

  <cpu mode='host-model'/>

the <model> sub-element will contain the compatibility mode to use.
That means we can't just copy the host CPU model on cpuUpdate(),
otherwise we'll overwrite that information and migration of such
guests will fail.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927

Commit a2c5d16a switched to generating
libvirt_admin.syms, but forgot to add the generated file into
.gitignore, hence causing tree pollution post-build.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Since iothreadid = 0 is invalid, we need to check for it when attempting
to add a disk; otherwise, someone would think/believe their attempt to
add an IOThread to the disk would succeed. Luckily other code ignored
things when ->iothread == 0...

We're using the %.html.tmp for all html files now so drop the unused one
and rather make sure the needed directory exists.

This fixes build failures as described in

    https://www.redhat.com/archives/libvir-list/2015-August/msg00603.html

Since we're linking this into libvirtd we need some symbols to be public
but not part of the public API so mark them as
LIBVIRT_ADMIN_PRIVATE_<VERSION> as we do with libvirt.

Making all other symbols local makes sure we don't accidentally leak
unwanted ones.

This makes it consistent with the other FLAGS in this file and reduced
clutter in the diff when adding new entries.

Commit 89c509a0 added getters for cgroup block device I/O throttling,
however stub versions of these functions have not matching function
prototypes that result in compilation fail on platforms not supporting
cgroup.

Fix build by correcting prototypes of the stubbed functions.

Pushing under build-breaker rule.

Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com>
Signed-off-by: NJán Tomko <jtomko@redhat.com>

Fix inconsistency between function description and actual
parameter name.
Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com>

Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

The problem here is that there are some values that kernel accepts, but
does not set them, for example 18446744073709551615 which acts the same
way as zero.  Let's do the same thing we do with other tuning options
and re-read them right after they are set in order to keep our internal
structures up-to-date.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165580Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

The problem here is that there are some values that kernel accepts, but
does not set them, for example 18446744073709551615 which acts the same
way as zero.  Let's do the same thing we do with other tuning options
and re-read them right after they are set in order to keep our internal
structures up-to-date.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Since now they were not needed, but I sense they will be in a short
while.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

This function translates device paths to "major:minor " string, and all
virCgroupSetBlkioDevice* functions are modified to use it.  It's a
cleanup with no functional change.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

That function takes string list and returns first string in that list
that starts with the @prefix parameter with that prefix being skipped as
the caller knows what it starts with (also for easier manipulation in
future).
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Well, yet again one case of 'goto cleanup' while 'goto endjob'
was needed. Sorry.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1251886

Since iothread_id == 0 is an invalid value for QEMU let's point
that out specifically.  For the IOThreadDel code, the failure would
have ended up being a failure to find the IOThread ID; however, for
the IOThreadAdd code - an IOThread 0 was added and that isn't good.

It seems during many reviews/edits to the code the check for
iothread_id = 0 being invalid was lost - it could have originally
been in the API code, but requested to be moved - I cannot remember.

The comment for the function indicated that iothread_id had to be
a positive non-zero value; however, that wasn't checked - that is
a value of 0 is/was allowed by the API and was left up to the
hypervisor to reject the value.

More than likely this nuance was missed during the many "adjustments"
to the API in the review phase.

Allow 0 as an iothread_id and force the hypervisor to handle.
The qemuDomainPinIOThread API will look up the iothread_id of
0 and not find it and message that anyway.

Just like in commit 704cf06a, if virCgroup*() fails, the error is
already reported. There's no need to overwrite the error with a
generic one and possibly hiding the true root cause of the error.
Signed-off-by: NLuyao Huang <lhuang@redhat.com>