- 16 5月, 2012 19 次提交
-
-
由 Daniel P. Berrange 提交于
Most versions of libselinux do not contain the function selinux_lxc_contexts_path() that the security driver recently started using for LXC. We must add a conditional check for it in configure and then disable the LXC security driver for builds where libselinux lacks this function. * configure.ac: Check for selinux_lxc_contexts_path * src/security/security_selinux.c: Disable LXC security if selinux_lxc_contexts_path() is missing
-
由 Daniel P. Berrange 提交于
Due to a bug in editing /etc/sysconfig/libvirtd, VDSM was causing libvirt processes to run with the following command line args /usr/sbin/libvirtd --listen '#' 'by vdsm' While it correctly rejects any invalid option flags, libvirtd was not rejecting any non-option command line arguments * daemon/libvirtd.c: Reject non-option argv
-
由 Daniel P. Berrange 提交于
Normal practice is for cgroups controllers to be mounted at /sys/fs/cgroup. When setting up a container, /sys is mounted with a new sysfs instance, thus we must re-mount all the cgroups controllers. The complexity is that we must mount them in the same layout as the host OS. ie if 'cpu' and 'cpuacct' were mounted at the same location in the host we must preserve this in the container. Also if any controllers are co-located we must setup symlinks from the individual controller name to the co-located mount-point Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Both /proc and /sys may have sub-mounts in them from the host OS. We must explicitly unmount them all before mounting the new instance over that location. If we don't then /proc/mounts will show the sub-mounts as existing, even though nothing will be able to access them, due to the over-mount. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
If the LXC config has a filesystem <filesystem> <source dir='/'/> <target dir='/'/> </filesystem> then there is no need to go down the pivot root codepath. We can simply use the existing root as needed. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently to make sysfs readonly, we remount the existing instance and then bind it readonly. Unfortunately this means sysfs is still showing device objects wrt the host OS namespace. We need it to reflect the container namespace, so we must mount a completely new instance of it. Do the same for selinuxfs since there is no benefit to bind mounting & this lets us simplify the code. * src/lxc/lxc_container.c: Mount fresh sysfs instance Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
Instead of hardcoding use of SELinux contexts in the LXC driver, switch over to using the official security driver API. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
Some security drivers require special options to be passed to the mount system call. Add a security driver API for handling this data. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
The SELinux policy for LXC uses a different configuration file than the traditional svirt one. Thus we need to load /etc/selinux/targeted/contexts/lxc_contexts which contains something like this: process = "system_u:system_r:svirt_lxc_net_t:s0" file = "system_u:object_r:svirt_lxc_file_t:s0" content = "system_u:object_r:virt_var_lib_t:s0" cleverly designed to be parsable by virConfPtr Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
Currently the SELinux driver stores its state in a set of global variables. This switches it to use a private data struct instead. This will enable different instances to have their own data. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
The AppArmour driver does not currently have support for LXC so ensure that when probing, it claims to be disabled Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
To allow the security drivers to apply different configuration information per hypervisor, pass the virtualization driver name into the security manager constructor. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
There is no 'udev.target' unit in systemd (only 'udev.service') yet libvirtd's unit file had a dep on one. There's no compelling reason for a dep on udev, so remove it altogether. Reported-by: NAvi Kivity <avi@redhat.com>
-
由 Jiri Denemark 提交于
Thanks to this new option we are now able to use modern CPU models (such as Westmere) defined in external configuration file. The qemu-1.1{,-device} data files for qemuhelptest are filled in with qemu-1.1-rc2 output for now. I will update those files with real qemu-1.1 output once it is released.
-
由 Daniel P. Berrange 提交于
The uhci1, uhci2, uhci3 companion controllers for ehci1 must have a master start port set. Since this value is predictable we should set it automatically if the app does not supply it
-
由 Daniel P. Berrange 提交于
Currently each USB2 companion controller gets put on a separate PCI slot. Not only is this wasteful of PCI slots, but it is not in compliance with the spec for USB2 controllers. The master echi1 and all companion controllers should be in the same slot, with echi1 in function 7, and uhci1-3 in functions 0-2 respectively. * src/qemu/qemu_command.c: Special case handling of USB2 controllers to apply correct pci slot assignment * tests/qemuxml2argvdata/qemuxml2argv-usb-ich9-ehci-addr.args, tests/qemuxml2argvdata/qemuxml2argv-usb-ich9-ehci-addr.xml: Expand test to cover automatic slot assignment
-
由 Daniel P. Berrange 提交于
The virDomainDeviceInfoIsSet API was only checking if an address or alias was set in the struct. Thus if only a rom bar setting / filename, boot index, or USB master value was set, they could be accidentally dropped when formatting XML
-
由 Daniel P. Berrange 提交于
Callers of virGetUser{Config,Runtime,Cache}Directory all append further path component. We should not be adding a trailing slash in the return path otherwise we get paths containing '//' Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Sometimes it is useful to see the callpath for log messages. This change enhances the log filter syntax so that stack traces can be show by setting '1:+NAME' instead of '1:NAME'. This results in output like: 2012-05-09 14:18:45.136+0000: 13314: debug : virInitialize:414 : register drivers /home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virInitialize+0xd6)[0x7f89188ebe86] /home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x431921] /lib64/libc.so.6(__libc_start_main+0xf5)[0x3a21e21735] /home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x40a279] 2012-05-09 14:18:45.136+0000: 13314: debug : virRegisterDriver:775 : driver=0x7f8918d02760 name=Test /home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virRegisterDriver+0x6b)[0x7f89188ec717] /home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(+0x11b3ad)[0x7f891891e3ad] /home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virInitialize+0xf3)[0x7f89188ebea3] /home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x431921] /lib64/libc.so.6(__libc_start_main+0xf5)[0x3a21e21735] /home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x40a279] * docs/logging.html.in: Document new syntax * configure.ac: Check for execinfo.h * src/util/logging.c, src/util/logging.h: Add support for stack traces * tests/testutils.c: Adapt to API change Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 15 5月, 2012 13 次提交
-
-
由 Daniel P. Berrange 提交于
The current unprivileged user libvirtd sockets are in the abstract namespace. This has a number of problems - You can't connect to them remotely using the nc/ssh tunnel - This is not portable for OS-X, BSD & probably others - Parent directory permissions don't apply
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
According to Fedora guidelines, because we bundle gnulib we need to add a virtual Provides: bundled(gnulib). https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle
-
由 Guido Günther 提交于
to save some syscalls (as suggested by Eric Blake)
-
由 Osier Yang 提交于
$LISTFILE is created even no domain is running, and the empty $LISTFILE could cause improper service status. stopped ,with saved guests Which is not right, as there is no domain was saved.
-
由 Osier Yang 提交于
"Instead of developing one CPU with 12 cores, the Magny Cours is actually two 6 core “Bulldozer” CPUs combined in to one package" I.e, each package has two NUMA nodes, and the two numa nodes share the same core ID set (0-6), which means parsing the cores number from sysfs doesn't work in this case. And the wrong CPU number could cause three problems for libvirt: 1) performance lost A domain without "cpuset" or "placement='auto'" (to drive numad) specified will be only pinned to part of the CPUs. 2) domain can be started If a domain uses numad, and the advisory nodeset returned from numad contains node which exceeds the range of wrong total CPU number. The domain will fail to start, as the bitmask passed to sched_setaffinity could be fully filled with zero. 3) wrong CPU number affects lots of stuffs. E.g. for command "virsh vcpuinfo", "virsh vcpupin", it will always output with the truncated CPU list. For more details: https://www.redhat.com/archives/libvir-list/2012-May/msg00607.html This patch is to fix the problem by parsing /proc/cpuinfo to get the value of field "cpu cores", and use it as nodeinfo->cores if it's greater than the cores number from sysfs.
-
由 Osier Yang 提交于
Like for 'static' placement, when the memory policy mode is 'strict', set the memory policy by writing the advisory nodeset returned from numad to cgroup file cpuset.mems,
-
由 Osier Yang 提交于
On some of the NUMA platforms, the CPU index in each NUMA node grows non-consecutive. While on other platforms, it can be inconsecutive, E.g. % numactl --hardware available: 4 nodes (0-3) node 0 cpus: 0 4 8 12 16 20 24 28 node 0 size: 131058 MB node 0 free: 86531 MB node 1 cpus: 1 5 9 13 17 21 25 29 node 1 size: 131072 MB node 1 free: 127070 MB node 2 cpus: 2 6 10 14 18 22 26 30 node 2 size: 131072 MB node 2 free: 127758 MB node 3 cpus: 3 7 11 15 19 23 27 31 node 3 size: 131072 MB node 3 free: 127226 MB node distances: node 0 1 2 3 0: 10 20 20 20 1: 20 10 20 20 2: 20 20 10 20 3: 20 20 20 10 This patch is to fix the problem by using the CPU index in caps->host.numaCell[i]->cpus[i] to set the bitmask instead of assuming the CPU index of the NUMA nodes are always sequential.
-
由 Li Zhang 提交于
For pseries guest, the default controller model is ibmvscsi controller, this controller only can work on spapr-vio address. This patch is to assign spapr-vio address type to ibmvscsi controller and correct vscsi test case. Signed-off-by: NLi Zhang <zhlcindy@linux.vnet.ibm.com>
-
由 David Weber 提交于
Add ignore param for readonly and shared disk in sanlock
-
由 Eric Blake 提交于
Test 2 data grabbed from a 2-core 1-node laptop. Test 3 data grabbed from a 48-cpu AMD Magny Cours box. * tests/nodeinfodata/linux-nodeinfo-sysfs-test-2*: New test data. * tests/nodeinfodata/linux-nodeinfo-sysfs-test-3*: Likewise. * tests/nodeinfotest.c (mymain): Run them. * cfg.mk (exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF): Exempt new test files.
-
由 Eric Blake 提交于
We had previously weakened our nodeinfotest in order to ignore parsed node values, because the parse function was mistakenly relying on host files. A better fix is to avoid using the numactl library, but to instead parse the same files that numactl would read, all while allowing the files to be relative to our choice of directory. * src/nodeinfo.c (CPU_SYS_PATH, NODE_SYS_PATH): Replace with... (SYSFS_SYSTEM_PATH): ...parent directory. (linuxNodeInfoCPUPopulate): Check NUMA nodes from requested directory (by inlining numactl code). (nodeGetCPUmap, nodeGetMemoryStats): Adjust macro use. * tests/nodeinfotest.c (linuxTestCompareFiles, linuxTestNodeInfo): Update test to match.
-
由 Eric Blake 提交于
We were wasting time to malloc a copy of a constant string, then copy it into static storage, for every call to nodeGetInfo. At least we were lucky that it was a constant source, and thus not subject to even worse issues with one thread clobbering the static storage while another was using it. This gets rid of the waste, by passing the string through the stack instead, as well as renaming internal functions to better match our conventions. * src/nodeinfo.c (sysfs_path): Delete. (get_cpu_value, count_thread_siblings, parse_socket): Add parameter, and rename... (virNodeGetCpuValue, virNodeCountThreadSiblings) (virNodeParseSocket): ... into a common namespace. (cpu_online, parse_core): Inline into callers. (linuxNodeInfoCPUPopulate): Update caller. (nodeGetInfo): Drop a useless malloc.
-
- 14 5月, 2012 4 次提交
-
-
由 Eric Blake 提交于
Commit cdce2f42 tried to silence a compiler warning on 32-bit builds, but the gcc shipped with RHEL 5 is old enough that the type conversion via multiplication by 1 was insufficient for the task. * src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Previous attempt didn't get past all gcc versions.
-
由 Eric Blake 提交于
Use the address specified in the actual commit, to placate 'make syntax-check'.
-
由 William Jon McCann 提交于
As defined in: http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html This offers a number of advantages: * Allows sharing a home directory between different machines, or sessions (eg. using NFS) * Cleanly separates cache, runtime (eg. sockets), or app data from user settings * Supports performing smart or selective migration of settings between different OS versions * Supports reseting settings without breaking things * Makes it possible to clear cache data to make room when the disk is filling up * Allows us to write a robust and efficient backup solution * Allows an admin flexibility to change where data and settings are stored * Dramatically reduces the complexity and incoherence of the system for administrators
-
由 Daniel Veillard 提交于
* configure.ac docs/news.html.in libvirt.spec.in: updates for the release * po/*.po: pushed new sources and synchronized new languages translations
-
- 13 5月, 2012 1 次提交
-
-
由 Matthias Bolte 提交于
Appending an item to a list transfers ownership of that item to the list owner. But an error can occur in between item allocation and appending it to the list. In this case the item has to be freed explicitly. This was not done in some special cases resulting in possible memory leaks. Reported by Coverity.
-
- 11 5月, 2012 3 次提交
-
-
由 Peter Krempa 提交于
This patch lifts the limit of calling thread detection code only on KVM guests. With upstream qemu the thread mappings are reported also on non-KVM machines. QEMU adopted the thread_id information from the kvm branch. To remain compatible with older upstream versions of qemu the check is attempted but the failure to detect threads (or even run the monitor command - on older versions without SMP support) is treated non-fatal and the code reports one vCPU with pid of the hypervisor (in same fashion this was done on non-KVM guests).
-
由 Peter Krempa 提交于
After a cpu hotplug the qemu driver did not refresh information about virtual processors used by qemu and their corresponding threads. This patch forces a re-detection as is done on start of QEMU. This ensures that correct information is reported by the virDomainGetVcpus API and "virsh vcpuinfo". A failure to obtain the thread<->vcpu mapping is treated non-fatal and the mapping is not updated in a case of failure as not all versions of QEMU report this in the info cpus command.
-
由 Peter Krempa 提交于
This patch changes a switch statement into ifs when handling live vs. configuration modifications getting rid of redundant code in case when both live and persistent configuration gets changed.
-