You need to sign in or sign up before continuing.
- 14 2月, 2015 1 次提交
-
-
由 Luyao Huang 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1176503 Move the two console checks - one for zero nconsoles present and the other for an invalid console type to earlier in the processing rather than getting after performing some setup that has to be undone for what amounts to an invalid configuration. This resolves the above bug since it's not not possible to have changed the security labels when we cause the configuration check failure.
-
- 13 2月, 2015 1 次提交
-
-
由 Erik Skultety 提交于
We do have a check for valid per-domain security model, however we still do permit an invalid security model for a domain's device (those which are specified with <source> element). This patch introduces a new function virSecurityManagerCheckAllLabel which compares user specified security model against currently registered security drivers. That being said, it also permits 'none' being specified as a device security model. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 09 2月, 2015 1 次提交
-
-
由 Cédric Bosdonnat 提交于
commit a58e1cb4 didn't fix the bug if the security_default_confined is not set to 1. We now clean up even if there is no seclabel defined or the default one.
-
- 04 2月, 2015 1 次提交
-
-
由 Luyao Huang 提交于
Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
- 27 1月, 2015 4 次提交
-
-
由 Daniel P. Berrange 提交于
Currently when launching the LXC controller we first write out the plain, inactive XML configuration, then launch the controller, then replace the file with the live status XML configuration. By good fortune this hasn't caused any problems other than some misleading error messages during failure scenarios. This simplifies the code so it only writes out the XML once and always writes the live status XML. To do this we need to handshake with the child process, to make execution pause just before exec() so we can write the XML status with the child PID present.
-
由 Daniel P. Berrange 提交于
Currently the lxc controller process itself is responsible for daemonizing itself into the background and writing out its pid file. The lxc driver would fork the controller and then attempt to connect to the lxc monitor. This connection would only succeed after the controller has backgrounded itself, setup cgroups and written its pid file, so startup was race free. The problem is that we need to delay create of the cgroups to much later, such that we can tell systemd the container init pid when we create the cgroups. If we delay cgroup creation though the current synchronization won't work. A second problem is that the controller needs the XML config of the guest. Currently we write out the plain virDomainDefPtr XML before starting the controller, and then later replace it with the full virDomainObjPtr status XML. This is kind of gross and also means that the controller doesn't get a record of the live XML config right away. This means it doesn't have a record of the veth device names either and so can't give that info to systemd when creating the cgroups. To address this we change the startup sequencing. The goal is that we want to get the PID as soon as possible, before the LXC controller even starts. So we stop letting the LXC controller daemonize itself, and instead use virCommand's built-in capabilities. This daemonizes and writes the PID before LXC controller is exec'd. So the driver can read the PID as soon as virCommandRun returns. It is no longer safe to connect to the monitor or detect the cgroups though. Fortunately the LXC controller already has a second point of synchronization. Immediately before its event loop starts running, it performs a handshake with the driver. So we move the opening of the monitor connection and cgroup detection after this synchronization point.
-
由 Daniel P. Berrange 提交于
Build the pidfile string once when starting a guest and then use the same string thereafter. This will benefit following patches which need the pidfile string in more situations. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The nwfilter driver can rely on its global state instead of the connect private data.
-
- 14 1月, 2015 1 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1165993 So, there are still plenty of vNIC types that we don't know how to set bandwidth on. Let's warn explicitly in case user has requested it instead of pretending everything was set. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 13 1月, 2015 1 次提交
-
-
由 Guido Günther 提交于
so it applies to interfaces of type 'direct' too. Reported and patch provided by Bastian Blank at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769600
-
- 06 1月, 2015 1 次提交
-
-
由 Cédric Bosdonnat 提交于
The typical case for the problem is starting a domain needing a network that isn't started. Even after starting the network, we get an unknown error when starting the container. This is due to dynamic security label not being removed.
-
- 11 12月, 2014 1 次提交
-
-
由 Matthew Rosato 提交于
Currently, MAC registration occurs during device creation, which is early enough that, during live migration, you end up with duplicate MAC addresses on still-running source and target devices, even though the target device isn't actually being used yet. This patch proposes to defer MAC registration until right before the guest can actually use the device -- In other words, right before starting guest CPUs. Signed-off-by: NMatthew Rosato <mjrosato@linux.vnet.ibm.com> Signed-off-by: NLaine Stump <laine@laine.org>
-
- 09 12月, 2014 1 次提交
-
-
由 Laine Stump 提交于
lxcProcessSetupInterfaces() used to have a special case for actualType='network' (a network with forward mode of route, nat, or isolated) to call the libvirt public API to retrieve the bridge being used by a network. That is no longer necessary - since all network types that use a bridge and tap device now get the bridge name stored in the ActualNetDef, we can just always use virDomainNetGetActualBridgeName() instead.
-
- 03 12月, 2014 1 次提交
-
-
由 John Ferlan 提交于
Since virNetworkFree will call virObjectUnref anyway, let's just use that directly so as to avoid the possibility that we inadvertently clear out a pending error message when using the public API.
-
- 19 11月, 2014 1 次提交
-
-
由 Anirban Chakraborty 提交于
Ethernet interfaces in libvirt currently do not support bandwidth setting. For example, following xml file for an interface will not apply these settings to corresponding qdiscs. <interface type="ethernet"> <mac address="02:36:1d:18:2a:e4"/> <model type="virtio"/> <script path=""/> <target dev="tap361d182a-e4"/> <bandwidth> <inbound average="984" peak="1024" burst="64"/> <outbound average="2000" peak="2048" burst="128"/> </bandwidth> </interface> Signed-off-by: NAnirban Chakraborty <abchak@juniper.net> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 15 11月, 2014 1 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 04 11月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
A domain without a console quietly dies soon after start, because we try to set /dev/null as a controlling TTY 2014-10-30 15:10:59.705+0000: 1: error : lxcContainerSetupFDs:283 : ioctl(TIOCSCTTY) failed: Inappropriate ioctl for device Report an error early instead of trying to start it. https://bugzilla.redhat.com/show_bug.cgi?id=1155410
-
- 02 9月, 2014 1 次提交
-
-
由 Matthew Rosato 提交于
Currently, there is one flag passed in during macvtap creation (withTap) -- Let's convert this field to an unsigned int flag field for future expansion. Signed-off-by: NMatthew Rosato <mjrosato@linux.vnet.ibm.com> Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 04 8月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
Otherwise this beautiful error would be overwritten when the function is called with a really high rate number: 2014-07-28 12:51:47.920+0000: 2304: error : virCommandWait:2399 : internal error: Child process (/sbin/tc class add dev vnet0 parent 1: classid 1:1 htb rate 4294968kbps) unexpected exit status 1: Illegal "rate" Usage: ... qdisc add ... htb [default N] [r2q N] default minor id of class to which unclassified packets are sent {0} r2q DRR quantums are computed as rate in Bps/r2q {10} debug string of 16 numbers each 0-3 {0} ... class add ... htb rate R1 [burst B1] [mpu B] [overhead O] [prio P] [slot S] [pslot PS] [ceil R2] [cburst B2] [mtu MTU] [quantum Q] rate rate allocated to this class (class can still borrow) burst max bytes burst which can be accumulated during idle period {computed} mpu minimum packet size used in rate computations overhead per-packet size overhead used in rate computations linklay adapting to a linklayer e.g. atm ceil definite upper class rate (no borrows) {rate} cburst burst but for ceil {computed} mtu max packet size we create rate map for {1600} prio priority of leaf; lowe https://bugzilla.redhat.com/show_bug.cgi?id=1043735
-
- 18 7月, 2014 1 次提交
-
-
由 Cédric Bosdonnat 提交于
LXC network devices can now be assigned a custom NIC device name on the container side. For example, this is configured with: <interface type='network'> <source network='default'/> <guest dev="eth1"/> </interface> In this example the network card will appear as eth1 in the guest.
-
- 17 7月, 2014 1 次提交
-
-
由 Michele Paolino 提交于
This patch adds support for the QEMU vhost-user feature to libvirt. vhost-user enables the communication between a QEMU virtual machine and other userspace process using the Virtio transport protocol. It uses a char dev (e.g. Unix socket) for the control plane, while the data plane based on shared memory. The XML looks like: <interface type='vhostuser'> <mac address='52:54:00:3b:83:1a'/> <source type='unix' path='/tmp/vhost.sock' mode='server'/> <model type='virtio'/> </interface> Signed-off-by: NMichele Paolino <m.paolino@virtualopensystems.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 27 4月, 2014 1 次提交
-
-
由 Laine Stump 提交于
The check for a network being active during interface attach was being done individually in several places (by both the lxc driver and the qemu driver), but those places were too specific, leading to it *not* being checked when allocating a connection/device from a macvtap or hostdev network. This patch puts a single check in networkAllocateActualDevice(), which is always called before the any network interface is attached to any type of domain. It also removes all the other now-redundant checks from the lxc and qemu drivers. NB: the following patches are prerequisites for this patch, in the case that it is backported to any branch: 440beeb7 network: fix virNetworkObjAssignDef and persistence 8aaa5b68 network: create statedir during driver initialization b9e95491 network: change location of network state xml files 411c5486 network: set macvtap/hostdev networks active if their state file exists This fixes: https://bugzilla.redhat.com/show_bug.cgi?id=880483
-
- 08 4月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
Since it is an abbreviation, USB should always be fully capitalized or full lower case, never Usb. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 25 3月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
-
- 18 3月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 04 3月, 2014 1 次提交
-
-
由 Eric Blake 提交于
Auditing all callers of virCommandRun and virCommandWait that passed a non-NULL pointer for exit status turned up some interesting observations. Many callers were merely passing a pointer to avoid the overall command dying, but without caring what the exit status was - but these callers would be better off treating a child death by signal as an abnormal exit. Other callers were actually acting on the status, but not all of them remembered to filter by WIFEXITED and convert with WEXITSTATUS; depending on the platform, this can result in a status being reported as 256 times too big. And among those that correctly parse the output, it gets rather verbose. Finally, there were the callers that explicitly checked that the status was 0, and gave their own message, but with fewer details than what virCommand gives for free. So the best idea is to move the complexity out of callers and into virCommand - by default, we return the actual exit status already cleaned through WEXITSTATUS and treat signals as a failed command; but the few callers that care can ask for raw status and act on it themselves. * src/util/vircommand.h (virCommandRawStatus): New prototype. * src/libvirt_private.syms (util/command.h): Export it. * docs/internals/command.html.in: Document it. * src/util/vircommand.c (virCommandRawStatus): New function. (virCommandWait): Adjust semantics. * tests/commandtest.c (test1): Test it. * daemon/remote.c (remoteDispatchAuthPolkit): Adjust callers. * src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck): Likewise. * src/fdstream.c (virFDStreamCloseInt): Likewise. * src/lxc/lxc_process.c (virLXCProcessStart): Likewise. * src/qemu/qemu_command.c (qemuCreateInBridgePortWithHelper): Likewise. * src/xen/xen_driver.c (xenUnifiedXendProbe): Simplify. * tests/reconnect.c (mymain): Likewise. * tests/statstest.c (mymain): Likewise. * src/bhyve/bhyve_process.c (virBhyveProcessStart) (virBhyveProcessStop): Don't overwrite virCommand error. * src/libvirt.c (virConnectAuthGainPolkit): Likewise. * src/openvz/openvz_driver.c (openvzDomainGetBarrierLimit) (openvzDomainSetBarrierLimit): Likewise. * src/util/virebtables.c (virEbTablesOnceInit): Likewise. * src/util/viriptables.c (virIpTablesOnceInit): Likewise. * src/util/virnetdevveth.c (virNetDevVethCreate): Fix debug message. * src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Add comment. * src/storage/storage_backend_iscsi.c (virStorageBackendISCSINodeUpdate): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 20 2月, 2014 2 次提交
-
-
由 Daniel P. Berrange 提交于
The virDomainGetRootFilesystem method can be generalized to allow any filesystem path to be obtained. While doing this, start a new test case for purpose of testing various helper methods in the domain_conf.{c,h} files, such as this one. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Richard Weinberger 提交于
Destroying a suspended domain needs special action. We cannot simply terminate all process because they are frozen. Do deal with that we send them SIGKILL and thaw them. Upon wakeup the process sees the pending signal and dies immediately. Signed-off-by: NRichard Weinberger <richard@nod.at>
-
- 18 2月, 2014 1 次提交
-
-
由 Michal Privoznik 提交于
There might be some use cases, where user wants to prepare the host or its environment prior to starting a network and do some cleanup after the network has been shut down. Consider all the functionality that libvirt doesn't currently have as an example what a hook script can possibly do. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 17 1月, 2014 1 次提交
-
-
由 Eric Blake 提交于
The public virConnectRef and virConnectClose API are just thin wrappers around virObjectRef/virObjectRef, with added object validation and an error reset. Within our backend drivers, use of the object validation is just an inefficiency since we always pass valid objects. More important to think about is what happens with the error reset; our uses of virConnectRef happened to be safe (since we hadn't encountered any earlier errors), but in several cases the use of virConnectClose could lose a real error. Ideally, we should also avoid calling virConnectOpen() from within backend drivers - but that is a known situation that needs much more design work. * src/qemu/qemu_process.c (qemuProcessReconnectHelper) (qemuProcessReconnect): Avoid nested public API call. * src/qemu/qemu_driver.c (qemuAutostartDomains) (qemuStateInitialize, qemuStateStop): Likewise. * src/qemu/qemu_migration.c (doPeer2PeerMigrate): Likewise. * src/storage/storage_driver.c (storageDriverAutostart): Likewise. * src/uml/uml_driver.c (umlAutostartConfigs): Likewise. * src/lxc/lxc_process.c (virLXCProcessAutostartAll): Likewise. (virLXCProcessReboot): Likewise, and avoid leaking conn on error. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 13 12月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
We missed a return when virProcessKillPainfully failed to kill lxc process Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 10 12月, 2013 3 次提交
-
-
由 Cédric Bosdonnat 提交于
The virDomainEvent class is kept as it indicates what meta informations are valid for the children classes. This may be useful in the future.
-
由 Cédric Bosdonnat 提交于
This aims at providing some consistency with other domain events
-
由 Cédric Bosdonnat 提交于
Leave virDomainEventRegister and its Deregister brother as these are legacy functions only for domain lifecycle events.
-
- 21 10月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
When running setuid, we must be careful about what env vars we allow commands to inherit from us. Replace the virCommandAddEnvPass function with two new ones which do filtering virCommandAddEnvPassAllowSUID virCommandAddEnvPassBlockSUID And make virCommandAddEnvPassCommon use the appropriate ones Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 15 10月, 2013 1 次提交
-
-
由 Eric Blake 提交于
'const fooPtr' is the same as 'foo * const' (the pointer won't change, but it's contents can). But in general, if an interface is trying to be const-correct, it should be using 'const foo *' (the pointer is to data that can't be changed). Fix up all remaining offenders. * src/lxc/lxc_process.c (virLXCProcessSetupInterfaceBridged): Drop needless const. * src/uml/uml_driver.c (umlMonitorCommand): Use intended type. (umlMonitorAddress): Fix fallout. * src/xen/xm_internal.c (xenXMDomainSearchForUUID): Use intended type. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 14 10月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
Make the virLXCProcessReadLogOutputData method ignore the log lines about the container startup argv, ignore the generic error message from libvirt_lxc when lxcContainerMain fails and skip over blank lines. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC code would read the log file if an LXC guest failed to startup. There were a number of failure cases where the guest will not start and libvirtd never gets as far as looking at the log file. Fix this by replacing some earlier generic errors with messages from the log. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Chen Hanxiao 提交于
Fix the improper comment for the "release" hook. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 03 10月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
If veth device allocation has a fatal error, the veths array may contain NULL device names. Avoid calling the virNetDevVethDelete function on such names. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-