- 29 1月, 2019 3 次提交
-
-
由 Daniel P. Berrangé 提交于
The previous commit created new chains to hold the firewall rules. This commit changes the code that creates rules to place them in the new private chains instead of the builtin top level chains. With two networks running, the rules in the filter table now look like -N LIBVIRT_FWI -N LIBVIRT_FWO -N LIBVIRT_FWX -N LIBVIRT_INP -N LIBVIRT_OUT -A INPUT -j LIBVIRT_INP -A FORWARD -j LIBVIRT_FWX -A FORWARD -j LIBVIRT_FWI -A FORWARD -j LIBVIRT_FWO -A OUTPUT -j LIBVIRT_OUT -A LIBVIRT_FWI -d 192.168.0.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWI -d 192.168.1.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A LIBVIRT_FWI -o virbr1 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWO -s 192.168.0.0/24 -i virbr0 -j ACCEPT -A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWO -s 192.168.1.0/24 -i virbr1 -j ACCEPT -A LIBVIRT_FWO -i virbr1 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT -A LIBVIRT_FWX -i virbr1 -o virbr1 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 67 -j ACCEPT -A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT -A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT -A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 68 -j ACCEPT While in the nat table: -N LIBVIRT_PRT -A POSTROUTING -j LIBVIRT_PRT -A LIBVIRT_PRT -s 192.168.0.0/24 -d 224.0.0.0/24 -j RETURN -A LIBVIRT_PRT -s 192.168.0.0/24 -d 255.255.255.255/32 -j RETURN -A LIBVIRT_PRT -s 192.168.0.0/24 ! -d 192.168.0.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.0.0/24 ! -d 192.168.0.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.0.0/24 ! -d 192.168.0.0/24 -j MASQUERADE -A LIBVIRT_PRT -s 192.168.1.0/24 -d 224.0.0.0/24 -j RETURN -A LIBVIRT_PRT -s 192.168.1.0/24 -d 255.255.255.255/32 -j RETURN -A LIBVIRT_PRT -s 192.168.1.0/24 ! -d 192.168.1.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.1.0/24 ! -d 192.168.1.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE And finally the mangle table: -N LIBVIRT_PRT -A POSTROUTING -j LIBVIRT_PRT -A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -A LIBVIRT_PRT -o virbr1 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Historically firewall rules for virtual networks were added straight into the base chains. This works but has a number of bugs and design limitations: - It is inflexible for admins wanting to add extra rules ahead of libvirt's rules, via hook scripts. - It is not clear to the admin that the rules were created by libvirt - Each rule must be deleted by libvirt individually since they are all directly in the builtin chains - The ordering of rules in the forward chain is incorrect when multiple networks are created, allowing traffic to mistakenly flow between networks in one direction. To address all of these problems, libvirt needs to move to creating rules in its own private chains. In the top level builtin chains, libvirt will add links to its own private top level chains. Addressing the traffic ordering bug requires some extra steps. With everything going into the FORWARD chain there was interleaving of rules for outbound traffic and inbound traffic for each network: -A FORWARD -d 192.168.3.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.3.0/24 -i virbr1 -j ACCEPT -A FORWARD -i virbr1 -o virbr1 -j ACCEPT -A FORWARD -o virbr1 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr1 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -d 192.168.2.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.2.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable The rule allowing outbound traffic from virbr1 would mistakenly allow packets from virbr1 to virbr0, before the rule denying input to virbr0 gets a chance to run. What we really need todo is group the forwarding rules into three distinct sets: * Cross rules - LIBVIRT_FWX -A FORWARD -i virbr1 -o virbr1 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT * Incoming rules - LIBVIRT_FWI -A FORWARD -d 192.168.3.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o virbr1 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -d 192.168.2.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable * Outgoing rules - LIBVIRT_FWO -A FORWARD -s 192.168.3.0/24 -i virbr1 -j ACCEPT -A FORWARD -i virbr1 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -s 192.168.2.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable There is thus no risk of outgoing rules for one network mistakenly allowing incoming traffic for another network, as all incoming rules are evalated first. With this in mind, we'll thus need three distinct chains linked from the FORWARD chain, so we end up with: INPUT --> LIBVIRT_INP (filter) OUTPUT --> LIBVIRT_OUT (filter) FORWARD +-> LIBVIRT_FWX (filter) +-> LIBVIRT_FWO \-> LIBVIRT_FWI POSTROUTING --> LIBVIRT_PRT (nat & mangle) Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Some of the query callbacks want to know the firewall layer that was being used for triggering the query to avoid duplicating that data. Reviewed-by: NLaine Stump <laine@laine.org> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 28 1月, 2019 2 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1665553 Ceph can be mounted just like any other filesystem and in fact is a shared and cluster filesystem. The filesystem magic constant was taken from kernel sources as it is not in magic.h yet. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Michal Privoznik 提交于
We have this very handy macro called VIR_STEAL_PTR() which steals one pointer into the other and sets the other to NULL. The following coccinelle patch was used to create this commit: @ rule1 @ identifier a, b; @@ - b = a; ... - a = NULL; + VIR_STEAL_PTR(b, a); Some places were clean up afterwards to make syntax-check happy (e.g. some curly braces were removed where the body become a one liner). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
- 25 1月, 2019 3 次提交
-
-
由 Eric Blake 提交于
Upcoming patches need an array of strings for use in QMP block-dirty-bitmap-merge. A convenience wrapper cuts down on the verbosity of creating the array, similar to the existing virJSONValueObjectAppendString(). Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Eric Blake 提交于
A function that returns -1 for multiple possible failures, but only raises a libvirt error for some of those failures, can be hard to use correctly. Yet both of our JSON object/array appenders fall in that pattern. True, the silent errors represent coding bugs that none of the callers should ever trigger, while the noisy errors represent memory failures that can happen anywhere, so we happened to never end up failing without an error. But it is better to either use the _QUIET memory allocation variants, and make callers decide to report failure; or make all failure paths noisy. This patch takes the latter approach. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
Similar to what commit 86dba8f3 did for virPortAllocatorRelease, ignore port 0 in virPortAllocatorSetUsed. For all the reasonable use cases the callers already check that the port is non-zero, however if the port from the XML overflows unsigned short and turns into 0, it can be set as used by virPortAllocatorSetUsed but not released by virPortAllocatorRelease. Also skip port '0' in virPortAllocatorSetUsed to make this behavior symmetric. The serenity was disturbed by commit 5dbda5e9 which started using virPortAllocatorRelease instead of virPortAllocatorSetUsed (false). https://bugzilla.redhat.com/show_bug.cgi?id=1591645Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
- 24 1月, 2019 2 次提交
-
-
由 Michal Privoznik 提交于
This partially reverts 00dc991c. 2,030 (1,456 direct, 574 indirect) bytes in 14 blocks are definitely lost in loss record 77 of 80 at 0x4C30E96: calloc (vg_replace_malloc.c:711) by 0x50F83AA: virAlloc (viralloc.c:143) by 0x5178DFA: virPCIDeviceNew (virpci.c:1753) by 0x51753E9: virPCIDeviceIterDevices (virpci.c:468) by 0x5175EB5: virPCIDeviceGetParent (virpci.c:759) by 0x517AB55: virPCIDeviceIsBehindSwitchLackingACS (virpci.c:2476) by 0x517AC24: virPCIDeviceIsAssignable (virpci.c:2494) by 0x10BF27: testVirPCIDeviceIsAssignable (virpcitest.c:229) by 0x10D14C: virTestRun (testutils.c:174) by 0x10C535: mymain (virpcitest.c:422) by 0x10F1B6: virTestMain (testutils.c:1112) by 0x10CF93: main (virpcitest.c:455) Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Michal Privoznik 提交于
This is a return argument that is to be compared against NULL on successful return. However, it is not initialized and therefore relies on callers setting it to NULL prior calling the function. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
- 23 1月, 2019 3 次提交
-
-
由 Radoslaw Biernacki 提交于
The @linkdev is In/Out function parameter as second order reference pointer so requires first order dereference for checking NULL which can be the result of virPCIGetNetName(). Fixes: d6ee56d7 (util: change virPCIGetNetName() to not return error if device has no net name) Signed-off-by: NRadoslaw Biernacki <radoslaw.biernacki@linaro.org> Signed-off-by: Ndann frazier <dann.frazier@canonical.com>
-
由 Radoslaw Biernacki 提交于
Removing redundant sections of the code Signed-off-by: NRadoslaw Biernacki <radoslaw.biernacki@linaro.org> Signed-off-by: Ndann frazier <dann.frazier@canonical.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Radoslaw Biernacki 提交于
libvirt wrongly assumes that VF netdev has to have the netdev assigned to PF. There is no such requirement in SRIOV standard. This patch change the virNetDevSwitchdevFeature() function to deal with SRIOV devices which does not have netdev on PF. Also corrects one comment about PF netdev assumption. One example of such devices is ThunderX VNIC. By applying this change, VF device is used for virNetlinkCommand() as it is the only netdev assigned to VNIC. Signed-off-by: NRadoslaw Biernacki <radoslaw.biernacki@linaro.org> Signed-off-by: Ndann frazier <dann.frazier@canonical.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 15 1月, 2019 1 次提交
-
-
由 Ján Tomko 提交于
Commit 7282f455 got rid of the VIR_WARNINGS_NO_CAST_ALIGN macro when refactoring the code and broke the build with clang. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 14 1月, 2019 1 次提交
-
-
由 Laine Stump 提交于
I had intended to make these changes to commit d40b820c before pushing, but forgot about it during the day between the initial review and ACK. Neither change is significant - just returning immediately when virNetDevGetName() fails (instead of logging a debug message first) and eliminating a comment that adds to confusion rather than eliminating it. Still, the changes should be made to be more consistent with nearly identical code just a few lines up (added in commit 7282f455) Signed-off-by: NLaine Stump <laine@laine.org> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 12 1月, 2019 1 次提交
-
-
由 Laine Stump 提交于
When checking the setting of accept_ra, we have assumed that all routes have a single nexthop, so the interface of the route would be in the RTA_OIF attribute of the netlink RTM_NEWROUTE message. But multipath routes don't have an RTA_OIF; instead, they have an RTA_MULTIPATH attribute, which is an array of rtnexthop, with each rtnexthop having an interface. This patch adds a loop to look at the setting of accept_ra of the interface for every rtnexthop in the array. Signed-off-by: NLaine Stump <laine@laine.org> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
- 11 1月, 2019 3 次提交
-
-
由 Laine Stump 提交于
This is about the same number of code lines, but is simpler, and more consistent with what will be added to check another attribute in a coming patch. As a side effect, it Resolves: https://bugzilla.redhat.com/1583131Signed-off-by: NLaine Stump <laine@laine.org> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Laine Stump 提交于
This same operation needs to be done in multiple places, so move the inline code into a separate function. Signed-off-by: NLaine Stump <laine@laine.org> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Laine Stump 提交于
This is problematic if a callback function wants to send the nlmsghdr to a library function that has no "const" in its prototype (e.g. nlmsg_find_attr()) Signed-off-by: NLaine Stump <laine@laine.org> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
- 08 1月, 2019 1 次提交
-
-
由 Erik Skultety 提交于
Essentially, bring back the old behaviour as of commit eba36a38 which was later changed by commit ae06048b. Even though all the stderr messages will eventually end up in the journal, we're not making use of the fields journald provides. https://bugzilla.redhat.com/show_bug.cgi?id=1592644Signed-off-by: NErik Skultety <eskultet@redhat.com> Acked-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 03 1月, 2019 1 次提交
-
-
由 Michal Privoznik 提交于
In 60046283 we've tried to remove Author(s): lines from comments at the beginning of our source files. Well, in some files while we removed the "Author" line we did not remove the actual list of authors. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
- 19 12月, 2018 2 次提交
-
-
由 Michal Privoznik 提交于
This test checks if security label remembering works correctly. It uses qemuSecurity* APIs to do that. And some mocking (even though it's not real mocking as we are used to from other tests like virpcitest). So far, only DAC driver is tested. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 18 12月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
The arguments to the N_() macro must only ever be a literal string. It is not possible to use macro arguments, or use macro string concatenation in this context. The N_() macro is a no-op whose only purpose is to act as a marker for xgettext when it extracts translatable strings from the source code. Anything other than a literal string will be silently ignored by xgettext. Unfortunately this means that the clever MSG, MSG2 & MSG_EXISTS macros used for building up error message strings have prevented any of the error messages getting marked for translation. We must sadly, revert to a more explicit listing of strings for now. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 17 12月, 2018 2 次提交
-
-
由 Daniel P. Berrangé 提交于
The QEMU command line arguments are very long and currently all written on a single line to /var/log/libvirt/qemu/$GUEST.log. This introduces logic to add line breaks after every env variable and "-" optional argument, and every positional argument. This will create a clearer log file, which will in turn present better in bug reports when people cut + paste from the log into a bug comment. An example log file entry now looks like this: 2018-12-14 12:57:03.677+0000: starting up libvirt version: 5.0.0, qemu version: 3.0.0qemu-3.0.0-1.fc29, kernel: 4.19.5-300.fc29.x86_64, hostname: localhost.localdomain LC_ALL=C \ PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin \ HOME=/home/berrange \ USER=berrange \ LOGNAME=berrange \ QEMU_AUDIO_DRV=none \ /usr/bin/qemu-system-ppc64 \ -name guest=guest,debug-threads=on \ -S \ -object secret,id=masterKey0,format=raw,file=/home/berrange/.config/libvirt/qemu/lib/domain-33-guest/master-key.aes \ -machine pseries-2.10,accel=tcg,usb=off,dump-guest-core=off \ -m 1024 \ -realtime mlock=off \ -smp 1,sockets=1,cores=1,threads=1 \ -uuid c8a74977-ab18-41d0-ae3b-4041c7fffbcd \ -display none \ -no-user-config \ -nodefaults \ -chardev socket,id=charmonitor,fd=23,server,nowait \ -mon chardev=charmonitor,id=monitor,mode=control \ -rtc base=utc \ -no-shutdown \ -boot strict=on \ -device qemu-xhci,id=usb,bus=pci.0,addr=0x1 \ -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ -msg timestamp=on 2018-12-14 12:57:03.730+0000: shutting down, reason=failed Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The virCommand APIs do not expect to be given a NULL value for an arg name or value. Such a mistake can lead to execution of the wrong command, as the NULL may prematurely terminate the list of args. Detect this and report suitable error messages. This identified a flaw in the storage test which was passing a NULL instead of the volume path. This flaw was then validated by an incorrect set of qemu-img args as expected data. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 14 12月, 2018 12 次提交
-
-
由 Peter Krempa 提交于
Simplify adding of new errors by just adding them to the array of messages rather than having to add conversion code. Additionally most of the messages add the format string part as a suffix so we can avoid some of the duplication by using a macro which adds the suffix to the original string. This way most messages fit into the 80 column limit and only 3 exceed 100 colums. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Erik Skultety <eskultet@redhat.com>
-
由 Peter Krempa 提交于
Clarify how @info is used and what the returned values look like. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Peter Krempa 提交于
Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Peter Krempa 提交于
Simplify wording of the error string for VIR_ERR_OPEN_FAILED and VIR_ERR_CALL_FAILED. The error codes itself are currently unused so it will not impact any client. This will simplify upcomming patch which refactors how we convert these. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Peter Krempa 提交于
Few error codes were missing the version of the message with additional info. In case of the modified messages it's not very likely they'll ever report any additional data, but for the sake of consistency we should provide them. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Peter Krempa 提交于
Additional information for an error message is either in form of a string or empty. Fix two offenders. One used %d as the format modifier and the second one always expected a string. Thankfully, neither of the offenders are currently in effect. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Peter Krempa 提交于
We do have one for the error domain but not for the error number itself. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Daniel P. Berrangé 提交于
Require that all headers are guarded by a symbol named LIBVIRT_$FILENAME where $FILENAME is the uppercased filename, with all characters outside a-z changed into '_'. Note we do not use a leading __ because that is technically a namespace reserved for the toolchain. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
This introduces a syntax-check script that validates header files use a common layout: /* ...copyright header... */ <one blank line> #ifndef SYMBOL # define SYMBOL ....content.... #endif /* SYMBOL */ For any file ending priv.h, before the #ifndef, we will require a guard to prevent bogus imports: #ifndef SYMBOL_ALLOW # error .... #endif /* SYMBOL_ALLOW */ <one blank line> The many mistakes this script identifies are then fixed. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Pavel Hrdina 提交于
When libvirt is reconnecting to running domain that uses cgroup v2 the QEMU process reports cgroup for the emulator directory because the main thread is in that cgroup. We need to remove the "/emulator" part in order to match with the root cgroup directory name for that domain. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
The rewrite to support cgroup v2 missed this function. In cgroup v2 we have different files to track tasks. We would fail to remove cgroup on non-systemd OSes if there is any extra process assigned to guest cgroup because we would not kill any process form the guest cgroup. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Daniel P. Berrangé 提交于
In many files there are header comments that contain an Author: statement, supposedly reflecting who originally wrote the code. In a large collaborative project like libvirt, any non-trivial file will have been modified by a large number of different contributors. IOW, the Author: comments are quickly out of date, omitting people who have made significant contribitions. In some places Author: lines have been added despite the person merely being responsible for creating the file by moving existing code out of another file. IOW, the Author: lines give an incorrect record of authorship. With this all in mind, the comments are useless as a means to identify who to talk to about code in a particular file. Contributors will always be better off using 'git log' and 'git blame' if they need to find the author of a particular bit of code. This commit thus deletes all Author: comments from the source and adds a rule to prevent them reappearing. The Copyright headers are similarly misleading and inaccurate, however, we cannot delete these as they have legal meaning, despite being largely inaccurate. In addition only the copyright holder is permitted to change their respective copyright statement. Reviewed-by: NErik Skultety <eskultet@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 07 12月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Most of the iptables APIs share code for the add/delete paths, but a couple were separated. Merge the remaining APIs to facilitate future changes. Reviewed-by: NLaine Stump <laine@laine.org> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 06 12月, 2018 1 次提交
-
-
由 Peter Krempa 提交于
The function clears and frees the passed buffers on success, but not in one case of failure. Modify the control flow that the args are always consumed, record it in the docs and remove few pointless cleanup paths in callers. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-