- 25 11月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
Don't do duplicate work when getting pagesize. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 21 11月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Most of our code base uses space after comma but not before; fix the remaining uses before adding a syntax check. * src/lxc/lxc_container.c: Consistently use commas. * src/openvz/openvz_driver.c: Likewise. * src/openvz/openvz_util.c: Likewise. * src/remote/remote_driver.c: Likewise. * src/test/test_driver.c: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 19 11月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Without a 'return 0' in the stub lxcStartFuse() method, the compiler warns: lxc/lxc_fuse.c:374: error: control reaches end of non-void function [-Wreturn-type] Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 18 11月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The glibc setxid is supposed to be async signal safe, but libc developers confirm that it is not. This causes a problem when libvirt_lxc starts the FUSE thread and then runs clone() to start the container. If the clone() was done before the FUSE thread has completely started up, then the container will hang in setxid after clone(). The fix is to avoid creating any threads until after the container has been clone()'d. By avoiding any threads in the parent, the child is no longer required to run in an async signal safe context, and we thus avoid the glibc bug. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 12 11月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
If the host side of an LXC container console disconnected and the guest side continued to write data, until the PTY buffer filled up, the LXC controller would busy wait. It would repeatedly see POLLHUP from poll() and not disable the watch. This was due to some bogus logic detecting blocking conditions. Upon seeing a POLLHUP we must disable all reading & writing from the PTY, and setup the epoll to wake us up again when the connection comes back. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 08 11月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
Currently we were storing domain feature flags in a bit field as the they were either enabled or disabled. New features such as paravirtual spinlocks however can be tri-state as the default option may depend on hypervisor version. To allow storing tri-state feature state in the same place instead of having to declare dedicated variables for each feature this patch refactors the bit field to an array.
-
- 05 11月, 2013 5 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the LXC container tries to skip selinux/securityfs mounts if the directory does not exist in the filesystem, or if SELinux is disabled. The former check is flawed because the /sys/fs/selinux or /sys/kernel/securityfs directories may exist in sysfs even if the mount type is disabled. Instead of just doing an access() check, use an virFileIsMounted() to see if the FS is actually present in the host OS. This also avoids the need to check is_selinux_enabled(). Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Some mounts must be skipped if running inside a user namespace, since the kernel forbids their use. Instead of strcmp'ing the filesystem type in the body of the loop, set an explicit flag in the lxcBasicMounts table. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the lxcBasicMounts array has separate entries for most mounts, to reflect that we must do a separate mount operation to make mounts read-only. Remove the duplicate entries and instead set the MS_RDONLY flag against the main entry. Then change lxcContainerMountBasicFS to look for the MS_RDONLY flag, mask it out & do a separate bind mount. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The 'srcpath' variable is initialized from 'mnt->src' and never changed thereafter. Some places continue to use 'mnt->src' and others use 'srcpath'. Remove the pointless 'srcpath' variable and use 'mnt->src' everywhere. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virLXCBasicMountInfo struct contains a 'char *opts' field passed onto the mount() syscall. Every entry in the list sets this to NULL though, so it can be removed to simplify life. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 29 10月, 2013 2 次提交
-
-
由 Gao feng 提交于
Introduced by commit 0f31f7b7. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Giuseppe Scrivano 提交于
Expand the "secmodel" XML fragment of "host" with a sequence of baselabel's which describe the default security context used by libvirt with a specific security model and virtualization type: <secmodel> <model>selinux</model> <doi>0</doi> <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel> <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel> </secmodel> <secmodel> <model>dac</model> <doi>0</doi> <baselabel type='kvm'>107:107</baselabel> <baselabel type='qemu'>107:107</baselabel> </secmodel> "baselabel" is driver-specific information, e.g. in the DAC security model, it indicates USER_ID:GROUP_ID. Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 28 10月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
The lxcContainerSetID() method prints a misleading log message about setting the uid/gid when no ID map is present in the XML config. Skip the debug message in this case. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 21 10月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
Most of the usage of getuid()/getgid() is in cases where we are considering what privileges we have. As such the code should be using the effective IDs, not real IDs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Unconditional use of getenv is not secure in setuid env. While not all libvirt code runs in a setuid env (since much of it only exists inside libvirtd) this is not always clear to developers. So make all the code paranoid, even if it only ever runs inside libvirtd. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
When running setuid, we must be careful about what env vars we allow commands to inherit from us. Replace the virCommandAddEnvPass function with two new ones which do filtering virCommandAddEnvPassAllowSUID virCommandAddEnvPassBlockSUID And make virCommandAddEnvPassCommon use the appropriate ones Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 16 10月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
A typo in the setup of NBD backed filesystems meant the /dev/nbdN device would not be added to the cgroups device ACL. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
To facilitate debugging, add some more logging to LXC cgroup devices ACL setup. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 15 10月, 2013 3 次提交
-
-
由 Hongwei Bi 提交于
-
由 Eric Blake 提交于
'const fooPtr' is the same as 'foo * const' (the pointer won't change, but it's contents can). But in general, if an interface is trying to be const-correct, it should be using 'const foo *' (the pointer is to data that can't be changed). Fix up all remaining offenders. * src/lxc/lxc_process.c (virLXCProcessSetupInterfaceBridged): Drop needless const. * src/uml/uml_driver.c (umlMonitorCommand): Use intended type. (umlMonitorAddress): Fix fallout. * src/xen/xm_internal.c (xenXMDomainSearchForUUID): Use intended type. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
'const fooPtr' is the same as 'foo * const' (the pointer won't change, but it's contents can). But in general, if an interface is trying to be const-correct, it should be using 'const foo *' (the pointer is to data that can't be changed). Fix up offenders in src/conf/domain_conf, and their fallout. Several things to note: virObjectLock() requires a non-const argument; if this were C++, we could treat the locking field as 'mutable' and allow locking an otherwise 'const' object, but that is a more invasive change, so I instead dropped attempts to be const-correct on domain lookup. virXMLPropString and friends require a non-const xmlNodePtr - this is because libxml2 is not a const-correct library. We could make the src/util/virxml wrappers cast away const, but I figured it was easier to not try to mark xmlNodePtr as const. Finally, virDomainDeviceDefCopy was a rather hard conversion - it calls virDomainDeviceDefPostParse, which in turn in the xen driver was actually modifying the domain outside of the current device being visited. We should not be adding a device on the first per-device callback, but waiting until after all per-device callbacks are complete. * src/conf/domain_conf.h (virDomainObjListFindByID) (virDomainObjListFindByUUID, virDomainObjListFindByName) (virDomainObjAssignDef, virDomainObjListAdd): Drop attempt at const. (virDomainDeviceDefCopy): Use intended type. (virDomainDeviceDefParse, virDomainDeviceDefPostParseCallback) (virDomainVideoDefaultType, virDomainVideoDefaultRAM) (virDomainChrGetDomainPtrs): Make const-correct. * src/conf/domain_conf.c (virDomainObjListFindByID) (virDomainObjListFindByUUID, virDomainObjListFindByName) (virDomainDeviceDefCopy, virDomainObjListAdd) (virDomainObjAssignDef, virDomainHostdevSubsysUsbDefParseXML) (virDomainHostdevSubsysPciOrigStatesDefParseXML) (virDomainHostdevSubsysPciDefParseXML) (virDomainHostdevSubsysScsiDefParseXML) (virDomainControllerModelTypeFromString) (virDomainTPMDefParseXML, virDomainTimerDefParseXML) (virDomainSoundCodecDefParseXML, virDomainSoundDefParseXML) (virDomainWatchdogDefParseXML, virDomainRNGDefParseXML) (virDomainMemballoonDefParseXML, virDomainNVRAMDefParseXML) (virSysinfoParseXML, virDomainVideoAccelDefParseXML) (virDomainVideoDefParseXML, virDomainHostdevDefParseXML) (virDomainRedirdevDefParseXML) (virDomainRedirFilterUsbDevDefParseXML) (virDomainRedirFilterDefParseXML, virDomainIdMapEntrySort) (virDomainIdmapDefParseXML, virDomainVcpuPinDefParseXML) (virDiskNameToBusDeviceIndex, virDomainDeviceDefCopy) (virDomainVideoDefaultType, virDomainHostdevAssignAddress) (virDomainDeviceDefPostParseInternal, virDomainDeviceDefPostParse) (virDomainChrGetDomainPtrs, virDomainControllerSCSINextUnit) (virDomainSCSIDriveAddressIsUsed) (virDomainDriveAddressIsUsedByDisk) (virDomainDriveAddressIsUsedByHostdev): Fix fallout. * src/openvz/openvz_driver.c (openvzDomainDeviceDefPostParse): Likewise. * src/libxl/libxl_domain.c (libxlDomainDeviceDefPostParse): Likewise. * src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse) (qemuDomainDefaultNetModel): Likewise. * src/lxc/lxc_domain.c (virLXCDomainDeviceDefPostParse): Likewise. * src/uml/uml_driver.c (umlDomainDeviceDefPostParse): Likewise. * src/xen/xen_driver.c (xenDomainDeviceDefPostParse): Split... (xenDomainDefPostParse): ...since per-device callback is not the time to be adding a device. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 14 10月, 2013 8 次提交
-
-
由 Daniel P. Berrange 提交于
Make the virLXCProcessReadLogOutputData method ignore the log lines about the container startup argv, ignore the generic error message from libvirt_lxc when lxcContainerMain fails and skip over blank lines. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The lxcContainerResolveSymlinks method merely logged some errors as debug messages, rather than reporting them as proper errors. This meant startup failures were not diagnosed at all. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure the lxcContainerMain method reports any errors that occur during setup to stderr, where libvirtd will pick them up. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
In Fedora 20, libvirt_lxc crashes immediately at startup with a trace #0 0x00007f0cddb653ec in free () from /lib64/libc.so.6 #1 0x00007f0ce0e16f4a in virFree (ptrptr=ptrptr@entry=0x7f0ce1830058) at util/viralloc.c:580 #2 0x00007f0ce0e2764b in virResetError (err=0x7f0ce1830030) at util/virerror.c:354 #3 0x00007f0ce0e27a5a in virResetLastError () at util/virerror.c:387 #4 0x00007f0ce0e28858 in virEventRegisterDefaultImpl () at util/virevent.c:233 #5 0x00007f0ce0db47c6 in main (argc=11, argv=0x7fff4596c328) at lxc/lxc_controller.c:2352 Normally virInitialize calls virErrorInitialize and virThreadInitialize, but we don't link to libvirt.so in libvirt_lxc, and nor did we ever call the error or thread initializers. I have absolutely no idea how this has ever worked, let alone what caused it to stop working in Fedora 20. In addition not all code paths from virLogSetFromEnv will ensure virLogInitialize is called correctly, which is another possible crash scenario. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC code would read the log file if an LXC guest failed to startup. There were a number of failure cases where the guest will not start and libvirtd never gets as far as looking at the log file. Fix this by replacing some earlier generic errors with messages from the log. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC controller main() method initialized 'rc' to 1 rather than '-1'. In the cleanup path it will print any error to stderr, if-and-only-if rc < 0. Hence the incorrect initialization caused errors to be lost. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC controller uses dbus to talk to systemd to create cgroups. This means that each LXC controller instance has a dbus connection. The DBus daemon is limited to 256 connections by default and we want to be able to run many 1000 of containers. While the dbus limit could be raised in the config files, it is simpler to make libvirt LXC controller close its dbus connection once everything is configured. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Chen Hanxiao 提交于
Fix the improper comment for the "release" hook. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 09 10月, 2013 1 次提交
-
-
由 Ján Tomko 提交于
Since 76b644c3 when the support for RAM filesystems was introduced, libvirt accepted the following XML: <source usage='1024' unit='KiB'/> This was parsed correctly and internally stored in bytes, but it was formatted as (with an extra 's'): <source usage='1024' units='KiB'/> When read again, this was treated as if the units were missing, meaning libvirt was unable to parse its own XML correctly. The usage attribute was documented as being in KiB, but it was not scaled if the unit was missing. Transient domains still worked, because this was balanced by an extra 'k' in the mount options. This patch: Changes the parser to use 'units' instead of 'unit', as the latter was never documented (fixing persistent domains) and some programs (libvirt-glib, libvirt-sandbox) already parse the 'units' attribute. Removes the extra 'k' from the tmpfs mount options, which is needed because now we parse our own XML correctly. Changes the default input unit to KiB to match documentation, fixing: https://bugzilla.redhat.com/show_bug.cgi?id=1015689
-
- 07 10月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virConnectPtr is passed around loads of nwfilter code in order to provide it as a parameter to the callback registered by the virt drivers. None of the virt drivers use this param though, so it serves no purpose. Avoiding the need to pass a virConnectPtr means that the nwfilterStateReload method no longer needs to open a bogus QEMU driver connection. This addresses a race condition that can lead to a crash on startup. The nwfilter driver starts before the QEMU driver and registers some callbacks with DBus to detect firewalld reload. If the firewalld reload happens while the QEMU driver is still starting up though, the nwfilterStateReload method will open a connection to the partially initialized QEMU driver and cause a crash. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 03 10月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
If veth device allocation has a fatal error, the veths array may contain NULL device names. Avoid calling the virNetDevVethDelete function on such names. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
During container cleanup there is a race where the kernel may have destroyed the veth device before we try to set it offline. This causes log error messages. Given that we're about to delete the device entirely, setting it offline is pointless. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 01 10月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
We forgot to do cleanup when lxcContainerMountFSTmpfs failed to bind fs as read-only. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 30 9月, 2013 1 次提交
-
-
由 Cédric Bosdonnat 提交于
The problem is described by [0] but its effect on libvirt is that starting a container with a full distro running systemd after having stopped it simply fails. The container cleanup now calls the machined Terminate function to make sure that everything is in order for the next run. [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370
-
- 27 9月, 2013 2 次提交
-
-
由 Chen Hanxiao 提交于
s/becuase/because/ Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
由 Eric Blake 提交于
* src/lxc/lxc_controller.c (virLXCControllerSetupDisk): Fix typo. * src/lxc/lxc_driver.c (lxcDomainAttachDeviceDiskLive): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 26 9月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
Free dst before lxcDomainAttachDeviceDiskLive returns Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-