- 03 7月, 2013 21 次提交
-
-
由 Daniel P. Berrange 提交于
Ensure that all APIs which list interface objects filter them against the access control system. This makes the APIs for listing names and counting devices slightly less efficient, since we can't use the direct netcf APIs for these tasks. Instead we have to ask netcf for the full list of objects & iterate over the list filtering them out. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure that all APIs which list nwfilter objects filter them against the access control system. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure that all APIs which list secret objects filter them against the access control system. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure that all APIs which list storage objects filter them against the access control system. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure that all APIs which list node device objects filter them against the access control system. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure that all APIs which list network objects filter them against the access control system. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Change the ACL filter functions to use a 'bool' return type instead of a tri-state 'int' return type. The callers of these functions don't want to distinguish 'auth failed' from other errors. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure that all APIs which list domain objects filter them against the access control system. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Guido Günther 提交于
as indicated by the filename.
-
由 Martin Kletzander 提交于
Since commit 23e8b5d8, the code is refactored in a way that supports domains with multiple graphics elements and commit 37b41520 allows starting such domains. However none of those commits take migration into account. Even though qemu doesn't support relocation for anything else than SPICE and for no more than one graphics, there is no reason to hardcode one graphics into this part of the code as well.
-
由 Martin Kletzander 提交于
Commit 23e8b5d8 forgot to check the return value for all calls to qemuDomainChangeGraphicsPasswords().
-
由 Gao feng 提交于
libivrt lxc can only set generic weight for container, This patch allows user to setup per device blkio weigh for container. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
We forgot to free the stack when Kernel doesn't support user namespace. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Michal Privoznik 提交于
When removing a TAP device, the associated bandwidth settings are removed. Currently, the /sbin/tc is used for that. It is spawned several times. Moreover, we use the same @cmd variable to construct the command and its arguments. That means we need to virCommandFree(cmd); prior to each virCommandNew(TC); which wasn't done.
-
由 Michal Privoznik 提交于
The @newpath variable is allocated in virCgroupSetPartitionSuffix(). But it's newer freed.
-
由 Chen Fan 提交于
Add doDumpCoreToAutoPath to implement 'coredump-destroy' and 'coredump-restart' events of the 'on_crash' in the XML when domain crashed.
-
由 Chen Fan 提交于
Add monitor callback API domainGuestPanic, that implements 'destroy', 'restart' and 'preserve' events of the 'on_crash' in the XML when domain crashed.
-
由 Chen Fan 提交于
Later code will need this outside of qemu_process.c
-
由 Chen Fan 提交于
Split the code to make the driver workpool more generalized
-
由 Chen Fan 提交于
This patch introduces domain crashed types and crashed reasons which will be used while guest panicked.
-
由 Eric Blake 提交于
On a mingw VPATH build (such as done by ./autobuild.sh), the tarball created by 'make dist' was including generated files. The VPATH rules were then seeing that the tarball files were up-to-date, and not regenerating files locally, leading to this failure: GEN libvirt.syms cat: libvirt_access.syms: No such file or directory cat: libvirt_access_qemu.syms: No such file or directory cat: libvirt_access_lxc.syms: No such file or directory make: *** [libvirt.syms] Error 1 We already have a category for generated sym files, which are intentionally not part of the tarball; stick the access sym files in that category. The rearrange the declarations a bit to make it harder to repeat the problem, dropping things that are now redundant (for example, BUILT_FILES already includes GENERATED_SYM_FILES, so it does not also need to call out ACCESS_DRIVER_SYM_FILES). * src/Makefile.am (USED_SYM_FILES): Don't include generated files. (GENERATED_SYM_FILES): Access syms files are generated. (libvirt.syms): Include access syms files here. (ACCESS_DRIVER_SYMFILES): Rename... (ACCESS_DRIVER_SYM_FILES): ...for consistency. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 02 7月, 2013 19 次提交
-
-
由 Daniel P. Berrange 提交于
Add some debug logging of LXC wait/continue messages and uid/gid map update code.
-
由 Daniel P. Berrange 提交于
User namespaces will deny the ability to mount the SELinux filesystem. This is harmless for libvirt's LXC needs, so the error can be ignored. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Eric Blake 提交于
On Fedora 18, when cross-compiling to mingw with the mingw*-dbus packages installed, compilation fails with: CC libvirt_net_rpc_server_la-virnetserver.lo In file included from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-connection.h:32:0, from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-bus.h:30, from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus.h:31, from ../../src/util/virdbus.h:26, from ../../src/rpc/virnetserver.c:39: /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-message.h:74:58: error: expected ';', ',' or ')' before 'struct' I have reported this as a bug against two packages: - mingw-headers, for polluting the namespace https://bugzilla.redhat.com/show_bug.cgi?id=980270 - dbus, for not dealing with the pollution https://bugzilla.redhat.com/show_bug.cgi?id=980278 At least dbus has agreed that a future version of dbus headers will do s/interface/iface/, regardless of what happens in mingw. But it is also easy to workaround in libvirt in the meantime, without having to wait for either mingw or dbus to upgrade. * src/util/virdbus.h (includes): Undo mingw's pollution so that dbus doesn't fail. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Michal Privoznik 提交于
After abf75aea the compiler screams: qemu/qemu_driver.c: In function 'qemuNodeDeviceDetachFlags': qemu/qemu_driver.c:10693:9: error: 'domain' may be used uninitialized in this function [-Werror=maybe-uninitialized] pci = virPCIDeviceNew(domain, bus, slot, function); ^ qemu/qemu_driver.c:10693:9: error: 'bus' may be used uninitialized in this function [-Werror=maybe-uninitialized] qemu/qemu_driver.c:10693:9: error: 'slot' may be used uninitialized in this function [-Werror=maybe-uninitialized] qemu/qemu_driver.c:10693:9: error: 'function' may be used uninitialized in this function [-Werror=maybe-uninitialized] Since the other functions qemuNodeDeviceReAttach and qemuNodeDeviceReset looks exactly the same, I've initialized the variables there as well. However, I am still wondering why those functions don't matter to gcc while the first one does.
-
由 Gao feng 提交于
The owner of the /proc/meminfo in container should be the root user of container. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
These files are created for container, the owner should be the root user of container. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
Since these devices are created for the container. the owner should be the root user of the container. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
container will create /dev/pts directory in /dev. the owner of /dev should be the root user of container. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
Since these tty devices will be used by container, the owner of them should be the root user of container. This patch also adds a new function virLXCControllerChown, we can use this general function to change the owner of files. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
user namespace doesn't allow to create devices in uninit userns. We should create devices on host side. We first mount tmpfs on dev directroy under state dir of container. then create devices under this dev dir. Finally in container, mount the dev directroy created on host to the /dev/ directroy of container. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
This patch introduces new helper function virLXCControllerSetupUserns, in this function, we set the files uid_map and gid_map of the init task of container. lxcContainerSetID is used for creating cred for tasks running in container. Since after setuid/setgid, we may be a new user. This patch calls lxcContainerSetUserns at first to make sure the new created files belong to right user. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
Make sure the mapping line contains the root user of container is the first element of idmap array. So we can get the real user id on host for the container easily. This patch also check the map information, User must map the root user of container to any user of host. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
User namespace will be enabled only when the idmap exist in configuration. If you want disable user namespace,just remove these elements from XML. If kernel doesn't support user namespace and idmap exist in configuration file, libvirt lxc will start failed and return "Kernel doesn't support user namespace" message. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
This patch introduces new element <idmap> for user namespace. for example <idmap> <uid start='0' target='1000' count='10'/> <gid start='0' target='1000' count='10'/> </idmap> this new element is used for setting proc files /proc/<pid>/{uid_map,gid_map}. This patch also supports multiple uid/gid elements setting in XML configuration. We don't support the semi configuation, user has to configure uid and gid both. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Peter Krempa 提交于
Mention the domain name that is being saved and remove the unneeded variable that only stores a constant.
-
由 Peter Krempa 提交于
Not every timer model is supported with each hypervisor. Explicitly mention the driver supporting each timer model.
-
由 Ján Tomko 提交于
If qemuMonitorBlockJob returned 0, qemuDomainBlockPivot might return 0 even if an error occured. https://bugzilla.redhat.com/show_bug.cgi?id=977678
-
由 Dario Faggioli 提交于
By providing the implementation of nodeGetCellsFreeMemory for the driver. This is all just a matter of properly formatting, in a way that libvirt like, what Xen provides via libxl_get_numainfo(). [raistlin@Zhaman ~]$ sudo virsh --connect xen:/// freecell --all 0: 25004 KiB 1: 105848 KiB -------------------- Total: 130852 KiB Signed-off-by: NDario Faggioli <dario.faggioli@citrix.com>
-
由 Eric Blake 提交于
On mingw, configure sets the name of the lxc symfile to libvirt_lxc.defs rather than libvirt_lxc.syms. But tarballs must be arch-independent, regardless of the configure options used for the tree where we ran 'make dist'. This led to the following failure in autobuild.sh: CCLD libvirt-lxc.la CCLD libvirt-qemu.la /usr/lib64/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld: cannot find libvirt_lxc.def: No such file or directory collect2: error: ld returned 1 exit status make[3]: *** [libvirt-lxc.la] Error 1 make[3]: *** Waiting for unfinished jobs.... We were already doing the right thing with libvirt_qemu.syms. * src/Makefile.am (EXTRA_DIST): Don't ship a built file which depends on configure for its final name. Signed-off-by: NEric Blake <eblake@redhat.com>
-