The virDomainLxcOpenNamespace method needs to open every file
in /proc/$INITPID/ns and return the open file descriptor to the
client application.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Mark virDomainLxcEnterNamespace as skipped in python binding
and remove reference to lxcDomainOpenNamespace which doesn't
arrive until a later patch

This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.

The actual APIs are

  int virDomainLxcOpenNamespace(virDomainPtr domain,
                                int **fdlist,
                                unsigned int flags);

  int virDomainLxcEnterNamespace(virDomainPtr domain,
                                 unsigned int nfdlist,
                                 int *fdlist,
                                 unsigned int *noldfdlist,
                                 int **oldfdlist,
                                 unsigned int flags);

which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.

NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Wire up the attach/detach device drivers in LXC to support the
hotplug/unplug of host misc devices.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Wire up the attach/detach device drivers in LXC to support the
hotplug/unplug of host storage devices.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Wire up the attach/detach device drivers in LXC to support the
hotplug/unplug of USB host devices.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Wire up the attach/detach device drivers in LXC to support the
hotplug/unplug of NICs.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Wire up the attach/detach device drivers in LXC to support the
hotplug/unplug of disks.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Wire up the attach/detach/update device APIs to support changing
of hostdevs in the persistent config file
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Wire up the attach/detach/update device APIs to support changing
of disks in the persistent config file
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Wire up the attach/detach/update device APIs to support changing
of network interfaces in the persistent config file
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This wires up the LXC driver to support the domain device attach/
detach/update APIs, following the same code design as used in
the QEMU driver. No actual changes are possible with this commit,
it is only providing the framework
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Currently to deal with auto-shutdown libvirtd must periodically
poll all stateful drivers. Thus sucks because it requires
acquiring both the driver lock and locks on every single virtual
machine. Instead pass in a "inhibit" callback to virStateInitialize
which drivers can invoke whenever they want to inhibit shutdown
due to existance of active VMs.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Add support for doing controlled shutdown / reboot in the LXC
driver. The default behaviour is to try talking to /dev/initctl
inside the container's virtual root (/proc/$INITPID/root). This
works with sysvinit or systemd. If that file does not exist
then send SIGTERM (for shutdown) or SIGHUP (for reboot). These
signals are not any kind of particular standard for shutdown
or reboot, just something apps can choose to handle. The new
virDomainSendProcessSignal allows for sending custom signals.

We might allow the choice of SIGTERM/HUP to be configured for
LXC containers via the XML in the future.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The virStateInitialize method and several cgroups methods were
using an 'int privileged' parameter or similar for dual-state
values. These are better represented with the bool type.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Implement the new API for sending signals to processes in a guest
for the LXC driver. Only support sending signals to the init
process for now, because

 - The kernel does not appear to expose the mapping between
   container PID numbers and host PID numbers anywhere in the
   host OS namespace
 - There is no race-free way to validate whether a host PID
   corresponds to a process in a container.

* src/lxc/lxc_driver.c: Allow sending processes signals
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The libvirt coding standard is to use 'function(...args...)'
instead of 'function (...args...)'. A non-trivial number of
places did not follow this rule and are fixed in this patch.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Driver support added for:
- test: pretending 8 host CPUS, 3 being online
- qemu, lxc, openvz, uml: using nodeGetCPUMap
Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

There was an inverted return value in lxcCgroupControllerActive().
The function assumes cgroups are active and do couple of checks
to prove that. If any of them fails, false is returned. Therefore,
at the end, after all checks are done we must return true, not false.

https://www.gnu.org/licenses/gpl-howto.html recommends that
the 'If not, see <url>.' phrase be a separate sentence.

* tests/securityselinuxhelper.c: Remove doubled line.
* tests/securityselinuxtest.c: Likewise.
* globally: s/;  If/.  If/

Including QEMU, LXC, UML, XEN drivers.

This patch updates the structures that store information about each
domain and each hypervisor to support multiple security labels and
drivers. It also updates all the remaining code to use the new fields.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

As the consensus in:
https://www.redhat.com/archives/libvir-list/2012-July/msg01692.html,
this patch is to destroy conf/virdomainlist.[ch], folding the
helpers into conf/domain_conf.[ch].

* src/Makefile.am:
  - Various indention fixes incidentally
  - Add macro DATATYPES_SOURCES (datatypes.[ch])
  - Link datatypes.[ch] for libvirt_lxc

* src/conf/domain_conf.c:
  - Move all the stuffs from virdomainlist.c into it
  - Use virUnrefDomain and virUnrefDomainSnapshot instead of
    virDomainFree and virDomainSnapshotFree, which are defined
    in libvirt.c, and we don't want to link to it.
  - Remove "if" before "free" the object, as virObjectUnref
    is in the list "useless_free_options".

* src/conf/domain_conf.h:
  - Move all the stuffs from virdomainlist.h into it
  - s/LIST_FILTER/LIST_DOMAINS_FILTER/

* src/libxl/libxl_driver.c:
  - s/LIST_FILTER/LIST_DOMAINS_FILTER/
  - no (include "virdomainlist.h")

* src/libxl/libxl_driver.c: Likewise

* src/lxc/lxc_driver.c: Likewise

* src/openvz/openvz_driver.c: Likewise

* src/parallels/parallels_driver.c: Likewise

* src/qemu/qemu_driver.c: Likewise

* src/test/test_driver.c: Likewise

* src/uml/uml_driver.c: Likewise

* src/vbox/vbox_tmpl.c: Likewise

* src/vmware/vmware_driver.c: Likewise

* tools/virsh-domain-monitor.c: Likewise

* tools/virsh.c: Likewise

The meat of this patch is just moving the calls to
virNWFilterRegisterCallbackDriver from each hypervisor's "register"
function into its "initialize" function. The rest is just code
movement to allow that, and a new virNWFilterUnRegisterCallbackDriver
function to undo what the register function does.

The long explanation:

There is an array in nwfilter called callbackDrvArray that has
pointers to a table of functions for each hypervisor driver that are
called by nwfilter. One of those function pointers is to a function
that will lock the hypervisor driver. Entries are added to the table
by calling each driver's "register" function, which happens quite
early in libvirtd's startup.

Sometime later, each driver's "initialize" function is called. This
function allocates a driver object and stores a pointer to it in a
static variable that was previously initialized to NULL. (and here's
the important part...) If the "initialize" function fails, the driver
object is freed, and that pointer set back to NULL (but the entry in
nwfilter's callbackDrvArray is still there).

When the "lock the driver" function mentioned above is called, it
assumes that the driver was successfully loaded, so it blindly tries
to call virMutexLock on "driver->lock".

BUT, if the initialize never happened, or if it failed, "driver" is
NULL. And it just happens that "lock" is always the first field in
driver so it is also NULL.

Boom.

To fix this, the call to virNWFilterRegisterCallbackDriver for each
driver shouldn't be called until the end of its (*already guaranteed
successful*) "initialize" function, not during its "register" function
(which is currently the case). This implies that there should also be
a virNWFilterUnregisterCallbackDriver() function that is called in a
driver's "shutdown" function (although in practice, that function is
currently never called).

Update the LXC driver to use the virNetClient APIs for
connecting to the libvirt_lxc monitor, instead of the
low-level socket APIs. This is a step towards running
a full RPC protocol with libvirt_lxc
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Update all LXC code to use virReportError instead of the custom
lxcError macro
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Rename the lxc_driver_t struct typedef to virLXCDriver to more
closely follow normal libvirt naming conventions
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

For consistency all the APIs in the lxc_domain.c file should
have a virLXCDomain prefix in their name
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

For consistency all the APIs in the lxc_process.c file should
have a virLXCProcess prefix in their name
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Any time we have a string with no % passed through gettext, a
translator can inject a % to cause a stack overread.  When there
is nothing to format, it's easier to ask for a string that cannot
be used as a formatter, by using a trivial "%s" format instead.

In the past, we have used --disable-nls to catch some of the
offenders, but that doesn't get run very often, and many more
uses have crept in.  Syntax check to the rescue!

The syntax check can catch uses such as
virReportError(code,
               _("split "
                 "string"));
by using a sed script to fold context lines into one pattern
space before checking for a string without %.

This patch is just mechanical insertion of %s; there are probably
several messages touched by this patch where we would be better
off giving the user more information than a fixed string.

* cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
* src/datatypes.c (virUnrefConnect, virGetDomain)
(virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
(virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
(virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
(virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
(virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
* src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
(lxcDomainGetBlkioParameters): Likewise.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
(virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
Likewise.
* src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
(virNetworkDefParseXML): Likewise.
* src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
Likewise.
* src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
(virNWFilterVarAccessParse): Likewise.
* src/libvirt.c (virDomainSave, virDomainSaveFlags)
(virDomainRestore, virDomainRestoreFlags)
(virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
(virDomainCoreDump, virDomainGetXMLDesc)
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
(virStreamSendAll, virStreamRecvAll)
(virDomainSnapshotGetXMLDesc): Likewise.
* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
(virNWFilterDHCPSnoopReq): Likewise.
* src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
* src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
(qemuBuildCommandLine): Likewise.
* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
* src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
Likewise.
* src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
(virNetSocketSendFD, virNetSocketRecvFD): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskBuildPool): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemProbe)
(virStorageBackendFileSystemBuild): Likewise.
* src/storage/storage_backend_rbd.c
(virStorageBackendRBDOpenRADOSConn): Likewise.
* src/storage/storage_driver.c (storageVolumeResize): Likewise.
* src/test/test_driver.c (testInterfaceChangeBegin)
(testInterfaceChangeCommit, testInterfaceChangeRollback):
Likewise.
* src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
Likewise.
* src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
(xenFormatXM): Likewise.

Per the FSF address could be changed from time to time, and GNU
recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)

  You should have received a copy of the GNU General Public License
  along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

This patch removes the explicit FSF address, and uses above instead
(of course, with inserting 'Lesser' before 'General').

Except a bunch of files for security driver, all others are changed
automatically, the copyright for securify files are not complete,
that's why to do it manually:

  src/security/security_selinux.h
  src/security/security_driver.h
  src/security/security_selinux.c
  src/security/security_apparmor.h
  src/security/security_apparmor.c
  src/security/security_driver.c

The 'lxc_driver' global variable is now used from several of
the LXC sources files. Thus it needs to be non-static to
avoid runtime linkage errors
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>