- 22 5月, 2012 3 次提交
-
-
由 Wido den Hollander 提交于
This patch adds support for a new storage backend with RBD support. RBD is the RADOS Block Device and is part of the Ceph distributed storage system. It comes in two flavours: Qemu-RBD and Kernel RBD, this storage backend only supports Qemu-RBD, thus limiting the use of this storage driver to Qemu only. To function this backend relies on librbd and librados being present on the local system. The backend also supports Cephx authentication for safe authentication with the Ceph cluster. For storing credentials it uses the built-in secret mechanism of libvirt. Signed-off-by: NWido den Hollander <wido@widodh.nl>
-
由 Eric Blake 提交于
The previous commit (2cb0899e) left a dead variable behind. * src/libxl/libxl_driver.c (libxlClose): Drop dead variable.
-
由 Daniel P. Berrange 提交于
When the last reference to a virConnectPtr is released by libvirtd, it was possible for a deadlock to occur in the virDomainEventState functions. The virDomainEventStatePtr holds a reference on virConnectPtr for each registered callback. When removing a callback, the virUnrefConnect function is run. If this causes the last reference on the virConnectPtr to be released, then virReleaseConnect can be run, which in turns calls qemudClose. This function has a call to virDomainEventStateDeregisterConn which is intended to remove all callbacks associated with the virConnectPtr instance. This will try to grab a lock on virDomainEventState but this lock is already held. Deadlock ensues Thread 1 (Thread 0x7fcbb526a840 (LWP 23185)): Since each callback associated with a virConnectPtr holds a reference on virConnectPtr, it is impossible for the qemudClose method to be invoked while any callbacks are still registered. Thus the call to virDomainEventStateDeregisterConn must in fact be a no-op. Thus it is possible to just remove all trace of virDomainEventStateDeregisterConn and avoid the deadlock. * src/conf/domain_event.c, src/conf/domain_event.h, src/libvirt_private.syms: Delete virDomainEventStateDeregisterConn * src/libxl/libxl_driver.c, src/lxc/lxc_driver.c, src/qemu/qemu_driver.c, src/uml/uml_driver.c: Remove calls to virDomainEventStateDeregisterConn
-
- 21 5月, 2012 2 次提交
-
-
由 Jim Fehlig 提交于
Commit 2223ea98 removed the only use of 'server' param in remoteDispatchAuthPolkit(). Mark the parameter with ATTRIBUTE_UNUSED to fix the build when configuring with polkit0.
-
由 Stefan Berger 提交于
This patch adds support for the recent ipset iptables extension to libvirt's nwfilter subsystem. Ipset allows to maintain 'sets' of IP addresses, ports and other packet parameters and allows for faster lookup (in the order of O(1) vs. O(n)) and rule evaluation to achieve higher throughput than what can be achieved with individual iptables rules. On the command line iptables supports ipset using iptables ... -m set --match-set <ipset name> <flags> -j ... where 'ipset name' is the name of a previously created ipset and flags is a comma-separated list of up to 6 flags. Flags use 'src' and 'dst' for selecting IP addresses, ports etc. from the source or destination part of a packet. So a concrete example may look like this: iptables -A INPUT -m set --match-set test src,src -j ACCEPT Since ipset management is quite complex, the idea was to leave ipset management outside of libvirt but still allow users to reference an ipset. The user would have to make sure the ipset is available once the VM is started so that the iptables rule(s) referencing the ipset can be created. Using XML to describe an ipset in an nwfilter rule would then look as follows: <rule action='accept' direction='in'> <all ipset='test' ipsetflags='src,src'/> </rule> The two parameters on the command line are also the two distinct XML attributes 'ipset' and 'ipsetflags'. FYI: Here is the man page for ipset: https://ipset.netfilter.org/ipset.man.html Regards, Stefan
-
- 18 5月, 2012 7 次提交
-
-
由 Eric Blake 提交于
We were being lazy - virnetlink.c was getting uint32_t as a side-effect from glibc 2.14's <unistd.h>, but older glibc 2.11 does not provide uint32_t from <unistd.h>. In fact, POSIX states that <unistd.h> need only provide intptr_t, not all of <stdint.h>, so the bug really is ours. Reported by Jonathan Alescio. * src/util/virnetlink.h: Include <stdint.h>.
-
由 Hu Tao 提交于
This involves setting the cpuacct cgroup to a per-vcpu granularity, as well as summing the each vcpu accounting into a common array. Now that we are reading more than one cgroup file, we double-check that cpus weren't hot-plugged between reads to invalidate our summing. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Hu Tao 提交于
Currently virDomainGetCPUStats gets total cpu usage, which consists of: 1. vcpu usage: the physical cpu time consumed by virtual cpu(s) of domain 2. hypervisor: `total cpu usage' - `vcpu usage' The param 'vcpu_time' is for getting vcpu usages.
-
由 Marc-André Lureau 提交于
Test new codec type element.
-
由 Marc-André Lureau 提交于
With ICH6 audio device, allow to specify codecs. By default, for compatibility reasons, if no codec is specified, "hda-duplex" will be used.
-
由 Marc-André Lureau 提交于
Allow specifying sound device codecs. See formatdomain.html for more details.
-
由 Marc-André Lureau 提交于
-
- 17 5月, 2012 3 次提交
-
-
由 Michal Privoznik 提交于
If qemuPrepareHostdevUSBDevices fail it will roll back devices added to the driver list of used devices. However, if it may fail because the device is being used already. But then again - with roll back. Therefore don't try to remove a usb device manually if the function fail. Although, we want to remove the device if any operation performed afterwards fail.
-
由 Eric Blake 提交于
Make it obvious why we need Osier's patch in commit 10d9038b to fix NUMA parsing of an AMD machine with two cores sharing a socket id. * tests/nodeinfotest.c (linuxTestCompareFiles): Enhance the test. * tests/nodeinfodata/linux-nodeinfo-sysfs-test-*-output.txt: Update.
-
由 Daniel P. Berrange 提交于
Allow the logging APIs to be called with a va_list for format args, instead of requiring var-args usage. * src/util/logging.h, src/util/logging.c: Add virLogVMessage
-
- 16 5月, 2012 21 次提交
-
-
由 Eric Blake 提交于
The use of readlink() in lxc_container.c is intentional; we don't want an absolute pathname there. * src/util/cgroup.h (VIR_CGROUP_SYSFS_MOUNT): Indent properly. * cfg.mk (exclude_file_name_regexp--sc_prohibit_readlink): Add exemption.
-
由 Michal Privoznik 提交于
One of our latest USB device handling patches 05abd150 introduced a regression. That is, we first create a temporary list of all USB devices that are to be used by domain just starting up. Then we iterate over and check if a device from the list is in the global list of currently assigned devices (activeUsbHostdevs). If not, we add it there and continue with next iteration then. But if a device from temporary list is either taken already or adding to the activeUsbHostdevs fails, we remove all devices in temp list from the activeUsbHostdevs list. Therefore, if a device is already taken we remove it from activeUsbHostdevs even if we should not. Thus, next time we allow the device to be assigned to another domain.
-
由 Daniel P. Berrange 提交于
Most versions of libselinux do not contain the function selinux_lxc_contexts_path() that the security driver recently started using for LXC. We must add a conditional check for it in configure and then disable the LXC security driver for builds where libselinux lacks this function. * configure.ac: Check for selinux_lxc_contexts_path * src/security/security_selinux.c: Disable LXC security if selinux_lxc_contexts_path() is missing
-
由 Daniel P. Berrange 提交于
Due to a bug in editing /etc/sysconfig/libvirtd, VDSM was causing libvirt processes to run with the following command line args /usr/sbin/libvirtd --listen '#' 'by vdsm' While it correctly rejects any invalid option flags, libvirtd was not rejecting any non-option command line arguments * daemon/libvirtd.c: Reject non-option argv
-
由 Daniel P. Berrange 提交于
Normal practice is for cgroups controllers to be mounted at /sys/fs/cgroup. When setting up a container, /sys is mounted with a new sysfs instance, thus we must re-mount all the cgroups controllers. The complexity is that we must mount them in the same layout as the host OS. ie if 'cpu' and 'cpuacct' were mounted at the same location in the host we must preserve this in the container. Also if any controllers are co-located we must setup symlinks from the individual controller name to the co-located mount-point Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Both /proc and /sys may have sub-mounts in them from the host OS. We must explicitly unmount them all before mounting the new instance over that location. If we don't then /proc/mounts will show the sub-mounts as existing, even though nothing will be able to access them, due to the over-mount. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
If the LXC config has a filesystem <filesystem> <source dir='/'/> <target dir='/'/> </filesystem> then there is no need to go down the pivot root codepath. We can simply use the existing root as needed. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently to make sysfs readonly, we remount the existing instance and then bind it readonly. Unfortunately this means sysfs is still showing device objects wrt the host OS namespace. We need it to reflect the container namespace, so we must mount a completely new instance of it. Do the same for selinuxfs since there is no benefit to bind mounting & this lets us simplify the code. * src/lxc/lxc_container.c: Mount fresh sysfs instance Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
Instead of hardcoding use of SELinux contexts in the LXC driver, switch over to using the official security driver API. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
Some security drivers require special options to be passed to the mount system call. Add a security driver API for handling this data. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
The SELinux policy for LXC uses a different configuration file than the traditional svirt one. Thus we need to load /etc/selinux/targeted/contexts/lxc_contexts which contains something like this: process = "system_u:system_r:svirt_lxc_net_t:s0" file = "system_u:object_r:svirt_lxc_file_t:s0" content = "system_u:object_r:virt_var_lib_t:s0" cleverly designed to be parsable by virConfPtr Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
Currently the SELinux driver stores its state in a set of global variables. This switches it to use a private data struct instead. This will enable different instances to have their own data. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
The AppArmour driver does not currently have support for LXC so ensure that when probing, it claims to be disabled Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
To allow the security drivers to apply different configuration information per hypervisor, pass the virtualization driver name into the security manager constructor. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
There is no 'udev.target' unit in systemd (only 'udev.service') yet libvirtd's unit file had a dep on one. There's no compelling reason for a dep on udev, so remove it altogether. Reported-by: NAvi Kivity <avi@redhat.com>
-
由 Jiri Denemark 提交于
Thanks to this new option we are now able to use modern CPU models (such as Westmere) defined in external configuration file. The qemu-1.1{,-device} data files for qemuhelptest are filled in with qemu-1.1-rc2 output for now. I will update those files with real qemu-1.1 output once it is released.
-
由 Daniel P. Berrange 提交于
The uhci1, uhci2, uhci3 companion controllers for ehci1 must have a master start port set. Since this value is predictable we should set it automatically if the app does not supply it
-
由 Daniel P. Berrange 提交于
Currently each USB2 companion controller gets put on a separate PCI slot. Not only is this wasteful of PCI slots, but it is not in compliance with the spec for USB2 controllers. The master echi1 and all companion controllers should be in the same slot, with echi1 in function 7, and uhci1-3 in functions 0-2 respectively. * src/qemu/qemu_command.c: Special case handling of USB2 controllers to apply correct pci slot assignment * tests/qemuxml2argvdata/qemuxml2argv-usb-ich9-ehci-addr.args, tests/qemuxml2argvdata/qemuxml2argv-usb-ich9-ehci-addr.xml: Expand test to cover automatic slot assignment
-
由 Daniel P. Berrange 提交于
The virDomainDeviceInfoIsSet API was only checking if an address or alias was set in the struct. Thus if only a rom bar setting / filename, boot index, or USB master value was set, they could be accidentally dropped when formatting XML
-
由 Daniel P. Berrange 提交于
Callers of virGetUser{Config,Runtime,Cache}Directory all append further path component. We should not be adding a trailing slash in the return path otherwise we get paths containing '//' Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Sometimes it is useful to see the callpath for log messages. This change enhances the log filter syntax so that stack traces can be show by setting '1:+NAME' instead of '1:NAME'. This results in output like: 2012-05-09 14:18:45.136+0000: 13314: debug : virInitialize:414 : register drivers /home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virInitialize+0xd6)[0x7f89188ebe86] /home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x431921] /lib64/libc.so.6(__libc_start_main+0xf5)[0x3a21e21735] /home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x40a279] 2012-05-09 14:18:45.136+0000: 13314: debug : virRegisterDriver:775 : driver=0x7f8918d02760 name=Test /home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virRegisterDriver+0x6b)[0x7f89188ec717] /home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(+0x11b3ad)[0x7f891891e3ad] /home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virInitialize+0xf3)[0x7f89188ebea3] /home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x431921] /lib64/libc.so.6(__libc_start_main+0xf5)[0x3a21e21735] /home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x40a279] * docs/logging.html.in: Document new syntax * configure.ac: Check for execinfo.h * src/util/logging.c, src/util/logging.h: Add support for stack traces * tests/testutils.c: Adapt to API change Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 15 5月, 2012 4 次提交
-
-
由 Daniel P. Berrange 提交于
The current unprivileged user libvirtd sockets are in the abstract namespace. This has a number of problems - You can't connect to them remotely using the nc/ssh tunnel - This is not portable for OS-X, BSD & probably others - Parent directory permissions don't apply
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
According to Fedora guidelines, because we bundle gnulib we need to add a virtual Provides: bundled(gnulib). https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle
-
由 Guido Günther 提交于
to save some syscalls (as suggested by Eric Blake)
-