- 21 8月, 2012 1 次提交
-
-
由 Marcelo Cerri 提交于
This patch updates the structures that store information about each domain and each hypervisor to support multiple security labels and drivers. It also updates all the remaining code to use the new fields. Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
-
- 17 8月, 2012 1 次提交
-
-
由 Kyle Mestery 提交于
Add the ability to support VLAN tags for Open vSwitch virtual port types. To accomplish this, modify virNetDevOpenvswitchAddPort and virNetDevTapCreateInBridgePort to take a virNetDevVlanPtr argument. When adding the port to the OVS bridge, setup either a single VLAN or a trunk port based on the configuration from the virNetDevVlanPtr. Signed-off-by: NKyle Mestery <kmestery@cisco.com>
-
- 15 8月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Currently there is a hook function that is invoked when a new client connection comes in, which allows an app to setup private data. This setup will make it difficult to serialize client state during process re-exec(). Change to a model where the app registers a callback when creating the virNetServerPtr instance, which is used to allocate the client private data immediately during virNetClientPtr construction. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the virNetClientPtr constructor will always register the async IO event handler and the keepalive objects. In the case of the lock manager, there will be no event loop available nor keepalive support required. Split this setup out of the constructor and into separate methods. The remote driver will enable async IO and keepalives, while the LXC driver will only enable async IO Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 8月, 2012 1 次提交
-
-
由 Osier Yang 提交于
As the consensus in: https://www.redhat.com/archives/libvir-list/2012-July/msg01692.html, this patch is to destroy conf/virdomainlist.[ch], folding the helpers into conf/domain_conf.[ch]. * src/Makefile.am: - Various indention fixes incidentally - Add macro DATATYPES_SOURCES (datatypes.[ch]) - Link datatypes.[ch] for libvirt_lxc * src/conf/domain_conf.c: - Move all the stuffs from virdomainlist.c into it - Use virUnrefDomain and virUnrefDomainSnapshot instead of virDomainFree and virDomainSnapshotFree, which are defined in libvirt.c, and we don't want to link to it. - Remove "if" before "free" the object, as virObjectUnref is in the list "useless_free_options". * src/conf/domain_conf.h: - Move all the stuffs from virdomainlist.h into it - s/LIST_FILTER/LIST_DOMAINS_FILTER/ * src/libxl/libxl_driver.c: - s/LIST_FILTER/LIST_DOMAINS_FILTER/ - no (include "virdomainlist.h") * src/libxl/libxl_driver.c: Likewise * src/lxc/lxc_driver.c: Likewise * src/openvz/openvz_driver.c: Likewise * src/parallels/parallels_driver.c: Likewise * src/qemu/qemu_driver.c: Likewise * src/test/test_driver.c: Likewise * src/uml/uml_driver.c: Likewise * src/vbox/vbox_tmpl.c: Likewise * src/vmware/vmware_driver.c: Likewise * tools/virsh-domain-monitor.c: Likewise * tools/virsh.c: Likewise
-
- 10 8月, 2012 1 次提交
-
-
由 Laine Stump 提交于
The meat of this patch is just moving the calls to virNWFilterRegisterCallbackDriver from each hypervisor's "register" function into its "initialize" function. The rest is just code movement to allow that, and a new virNWFilterUnRegisterCallbackDriver function to undo what the register function does. The long explanation: There is an array in nwfilter called callbackDrvArray that has pointers to a table of functions for each hypervisor driver that are called by nwfilter. One of those function pointers is to a function that will lock the hypervisor driver. Entries are added to the table by calling each driver's "register" function, which happens quite early in libvirtd's startup. Sometime later, each driver's "initialize" function is called. This function allocates a driver object and stores a pointer to it in a static variable that was previously initialized to NULL. (and here's the important part...) If the "initialize" function fails, the driver object is freed, and that pointer set back to NULL (but the entry in nwfilter's callbackDrvArray is still there). When the "lock the driver" function mentioned above is called, it assumes that the driver was successfully loaded, so it blindly tries to call virMutexLock on "driver->lock". BUT, if the initialize never happened, or if it failed, "driver" is NULL. And it just happens that "lock" is always the first field in driver so it is also NULL. Boom. To fix this, the call to virNWFilterRegisterCallbackDriver for each driver shouldn't be called until the end of its (*already guaranteed successful*) "initialize" function, not during its "register" function (which is currently the case). This implies that there should also be a virNWFilterUnregisterCallbackDriver() function that is called in a driver's "shutdown" function (although in practice, that function is currently never called).
-
- 07 8月, 2012 3 次提交
-
-
由 Daniel P. Berrange 提交于
Make all the virNetClient* objects use virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Make all the virNetServer* objects use the virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Switch virDomainObjPtr to use the virObject APIs for reference counting. The main change is that virObjectUnref does not return the reference count, merely a bool indicating whether the object still has any refs left. Checking the return value is also not mandatory. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 06 8月, 2012 1 次提交
-
-
由 Eric Blake 提交于
All callers used the same initialization seed (well, the new viratomictest forgot to look at getpid()); so we might as well make this value automatic. And while it may feel like we are giving up functionality, I documented how to get it back in the unlikely case that you actually need to debug with a fixed pseudo-random sequence. I left that crippled by default, so that a stray environment variable doesn't cause a lack of randomness to become a security issue. * src/util/virrandom.c (virRandomInitialize): Rename... (virRandomOnceInit): ...and make static, with one-shot call. Document how to do fixed-seed debugging. * src/util/virrandom.h (virRandomInitialize): Drop prototype. * src/libvirt_private.syms (virrandom.h): Don't export it. * src/libvirt.c (virInitialize): Adjust caller. * src/lxc/lxc_controller.c (main): Likewise. * src/security/virt-aa-helper.c (main): Likewise. * src/util/iohelper.c (main): Likewise. * tests/seclabeltest.c (main): Likewise. * tests/testutils.c (virtTestMain): Likewise. * tests/viratomictest.c (mymain): Likewise.
-
- 31 7月, 2012 1 次提交
-
-
由 Eric Blake 提交于
Otherwise, a build may fail with: lxc/lxc_conatiner.c: In function 'lxcContainerDropCapabilities': lxc/lxc_container.c:1662:46: error: unused parameter 'keepReboot' [-Werror=unused-parameter] * src/lxc/lxc_container.c (lxcContainerDropCapabilities): Mark parameter unused.
-
- 30 7月, 2012 10 次提交
-
-
由 Daniel P. Berrange 提交于
If an LXC container is using a virtual network and that network is not active, currently the user gets a rather unhelpful error message about tap device setup failure. Add an explicit check for whether the network is active, in exactly the same way as the QEMU driver
-
由 Daniel P. Berrange 提交于
The reboot() syscall is allowed by new kernels for LXC containers. The LXC controller can detect whether a reboot was requested (instead of a normal shutdown) by looking at the "init" process exit status. If a reboot was triggered, the exit status will record SIGHUP as the kill reason. The LXC controller has cleared all its capabilities, and the veth network devices will no longer exist at this time. Thus it cannot restart the container init process itself. Instead it emits an event which is picked up by the LXC driver in libvirtd. This will then re-create the container, using the same configuration as it was previously running with (ie it will not activate 'newDef'). Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Check whether the reboot() system call is virtualized, and if it is, then allow the container to keep CAP_SYS_REBOOT. Based on an original patch by Serge Hallyn Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This defines a new RPC protocol to be used between the LXC controller and the libvirtd LXC driver. There is only a single RPC message defined thus far, an asynchronous "EXIT" event that is emitted just before the LXC controller process exits. This provides the LXC driver with details about how the container shutdown - normally, or abnormally (crashed), thus allowing the driver to emit better libvirt events. Emitting the event in the LXC controller requires a few little tricks with the RPC service. Simply calling the virNetServiceClientSendMessage does not work, since this merely queues the message for asynchronous processing. In addition the main event loop is no longer running at the point the event is emitted, so no I/O is processed. Thus after invoking virNetServiceClientSendMessage it is necessary to mark the client as being in "delayed close" mode. Then the event loop is run again, until the client completes its close - this happens only after the queued message has been fully transmitted. The final complexity is that it is not safe to run virNetServerQuit() from the client close callback, since that is invoked from a context where the server is locked. Thus a zero-second timer is used to trigger shutdown of the event loop, causing the controller to finally exit. * src/Makefile.am: Add rules for generating RPC protocol files and dispatch methods * src/lxc/lxc_controller.c: Emit an RPC event immediately before exiting * src/lxc/lxc_domain.h: Record the shutdown reason given by the controller * src/lxc/lxc_monitor.c, src/lxc/lxc_monitor.h: Register RPC program and event handler. Add callback to let driver receive EXIT event. * src/lxc/lxc_process.c: Use monitor exit event to decide what kind of domain event to emit * src/lxc/lxc_protocol.x: Define wire protocol for LXC controller monitor. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the code that handles the LXC monitor out of the lxc_process.c file and into lxc_monitor.{c,h} Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Update the LXC driver to use the virNetClient APIs for connecting to the libvirt_lxc monitor, instead of the low-level socket APIs. This is a step towards running a full RPC protocol with libvirt_lxc Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Update all LXC code to use virReportError instead of the custom lxcError macro Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Rename the lxc_driver_t struct typedef to virLXCDriver to more closely follow normal libvirt naming conventions Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
For consistency all the APIs in the lxc_domain.c file should have a virLXCDomain prefix in their name Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
For consistency all the APIs in the lxc_process.c file should have a virLXCProcess prefix in their name Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 27 7月, 2012 1 次提交
-
-
由 Eric Blake 提交于
Any time we have a string with no % passed through gettext, a translator can inject a % to cause a stack overread. When there is nothing to format, it's easier to ask for a string that cannot be used as a formatter, by using a trivial "%s" format instead. In the past, we have used --disable-nls to catch some of the offenders, but that doesn't get run very often, and many more uses have crept in. Syntax check to the rescue! The syntax check can catch uses such as virReportError(code, _("split " "string")); by using a sed script to fold context lines into one pattern space before checking for a string without %. This patch is just mechanical insertion of %s; there are probably several messages touched by this patch where we would be better off giving the user more information than a fixed string. * cfg.mk (sc_prohibit_diagnostic_without_format): New rule. * src/datatypes.c (virUnrefConnect, virGetDomain) (virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface) (virUnrefInterface, virGetStoragePool, virUnrefStoragePool) (virGetStorageVol, virUnrefStorageVol, virGetNodeDevice) (virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter) (virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper. * src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters) (lxcDomainGetBlkioParameters): Likewise. * src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML) (virDomainDiskDefParseXML, virDomainGraphicsDefParseXML): Likewise. * src/conf/network_conf.c (virNetworkDNSHostsDefParseXML) (virNetworkDefParseXML): Likewise. * src/conf/nwfilter_conf.c (virNWFilterIsValidChainName): Likewise. * src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple) (virNWFilterVarAccessParse): Likewise. * src/libvirt.c (virDomainSave, virDomainSaveFlags) (virDomainRestore, virDomainRestoreFlags) (virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML) (virDomainCoreDump, virDomainGetXMLDesc) (virDomainMigrateVersion1, virDomainMigrateVersion2) (virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2) (virStreamSendAll, virStreamRecvAll) (virDomainSnapshotGetXMLDesc): Likewise. * src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel) (virNWFilterDHCPSnoopReq): Likewise. * src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise. * src/openvz/openvz_util.c (openvzKBPerPages): Likewise. * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise. * src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr) (qemuBuildCommandLine): Likewise. * src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise. * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise. * src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity): Likewise. * src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX) (virNetSocketSendFD, virNetSocketRecvFD): Likewise. * src/storage/storage_backend_disk.c (virStorageBackendDiskBuildPool): Likewise. * src/storage/storage_backend_fs.c (virStorageBackendFileSystemProbe) (virStorageBackendFileSystemBuild): Likewise. * src/storage/storage_backend_rbd.c (virStorageBackendRBDOpenRADOSConn): Likewise. * src/storage/storage_driver.c (storageVolumeResize): Likewise. * src/test/test_driver.c (testInterfaceChangeBegin) (testInterfaceChangeCommit, testInterfaceChangeRollback): Likewise. * src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise. * src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr): Likewise. * src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk) (xenFormatXM): Likewise.
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 20 7月, 2012 1 次提交
-
-
由 Gao feng 提交于
The 'lxc_driver' global variable is now used from several of the LXC sources files. Thus it needs to be non-static to avoid runtime linkage errors Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
- 19 7月, 2012 6 次提交
-
-
由 Daniel P. Berrange 提交于
Move all the code that manages stop/start of LXC processes into separate lxc_process.{c,h} file to make the lxc_driver.c file smaller Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the cgroup setup code out of the lxc_controller.c file and into lxc_cgroup.{c,h}. This reduces the size of the lxc_controller.c file and paves the way to invoke cgroup setup from lxc_driver.c instead of lxc_controller.c in the future Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the LXC driver code related to the virDomainObjPtr private data into separate lxc_domain.{c,h} files to reduce the size of lxc_driver.c Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
When sending SIGHUP to libvirtd, it will trigger the virStateDriver reload operation. This is intended to reload the configuration files for guests. For unknown historical reasons this is also triggering autostart of all guests. Autostart is generally expected to be something that happens on OS startup. Starting VMs on SIGHUP will violate that expectation and potentially cause dangerous scenarios if the admin has explicitly shutdown a misbehaving VM that has been marked as autostart Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Dan Walsh 提交于
This patch passes down the sec_mount_options to the lxcContainerMountCGroups function and then mounts the tmpfs with the correct label.
-
由 Daniel J Walsh 提交于
Basically within a Secure Linux Container (virt-sandbox) we want all content that the process within the container can write to be labeled the same. We are labeling the physical disk correctly but when we create "RAM" based file systems libvirt is not labeling them, and they are defaulting to tmpfs_t, which will will not allow the processes to write. This patch labels the RAM based file systems correctly.
-
- 17 7月, 2012 1 次提交
-
-
由 Stefan Berger 提交于
Introduce new members in the virMacAddr 'class' - virMacAddrSet: set virMacAddr from a virMacAddr - virMacAddrSetRaw: setting virMacAddr from raw 6 byte MAC address buffer - virMacAddrGetRaw: writing virMacAddr into raw 6 byte MAC address buffer - virMacAddrCmp: comparing two virMacAddr - virMacAddrCmpRaw: comparing a virMacAddr with a raw 6 byte MAC address buffer then replace raw MAC addresses by replacing - 'unsigned char *' with virMacAddrPtr - 'unsigned char ... [VIR_MAC_BUFLEN]' with virMacAddr and introduce usage of above functions where necessary.
-
- 11 7月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Since we are not yet using the virNetServerPtr object for running the event loop, we can't use virNetServerQuit(). Instead set the global 'quit' flag in libvirt_lxc
-
由 Eric Blake 提交于
The only useful translation of "%s" as a format string is "%s" (I suppose you could claim "%1$s" is also valid, but why bother). So it is not worth translating; fixing this exposes some instances where we were failing to translate real error messages. This makes the fix of commit 097da1ab more generic, as well as ensuring no future regressions. * cfg.mk (sc_prohibit_useless_translation): New rule. * src/lxc/lxc_driver.c (lxcSetVcpuBWLive): Fix offender. * src/openvz/openvz_conf.c (openvzReadFSConf): Likewise. * src/qemu/qemu_cgroup.c (qemuSetupCgroupForVcpu): Likewise. * src/qemu/qemu_driver.c (qemuSetVcpusBWLive): Likewise. * src/xenapi/xenapi_utils.c (xenapiSessionErrorHandle): Likewise.
-
- 06 7月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Previous commits added code to unmount the existing /proc, /sys and /dev hierarchies on the root filesystem of the container. This should only have been done if the container's root filesystem was the same as the host's root. ie if the root source is '/'. As it is, this causes LXC containersr to fail to start if their root source is not '/' Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 05 7月, 2012 6 次提交
-
-
由 Daniel P. Berrange 提交于
In preparation for introducing a full RPC protocol for libvirt_lxc, switch over to using the virNetServer APIs for the monitor connection Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
While it is not currently used elsewhere in libvirt, the code for finding a free loop device & associating a file with it is not LXC specific. Move it into the viffile.{c,h} file where potentially shared code is more commonly kept. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the cgroup object into virLXCControllerPtr and rename all the setup methods to include 'Cgroup' in their name if appropriate Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the monitor FDs into the virLXCControllerPtr object removing the need for the 'struct lxcMonitor' object Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virLXCControllerRun method is getting a little too large, and about 50% of its code is related to setting up a /dev/pts mount. Move the latter out into a dedicated method Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the security manager object into the virLXCControllerPtr object. Also simplify the code creating it in the first place Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-