1. 24 7月, 2013 1 次提交
    • R
      Fix link_addr detection · 7e120829
      Roman Bogorodskiy 提交于
      link_addr detection in configure always reports that
      link_addr is missing because it uses link_addr(NULL, NULL) in
      AC_LINK_IFELSE check with limited set of headers that doesn't
      define NULL.
      
      Fix by replacing 'NULL' with just '0'.
      7e120829
  2. 19 7月, 2013 1 次提交
  3. 18 7月, 2013 1 次提交
  4. 12 7月, 2013 1 次提交
    • E
      util: make virSetUIDGID async-signal-safe · ee777e99
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=964358
      
      POSIX states that multi-threaded apps should not use functions
      that are not async-signal-safe between fork and exec, yet we
      were using getpwuid_r and initgroups.  Although rare, it is
      possible to hit deadlock in the child, when it tries to grab
      a mutex that was already held by another thread in the parent.
      I actually hit this deadlock when testing multiple domains
      being started in parallel with a command hook, with the following
      backtrace in the child:
      
       Thread 1 (Thread 0x7fd56bbf2700 (LWP 3212)):
       #0  __lll_lock_wait ()
           at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
       #1  0x00007fd5761e7388 in _L_lock_854 () from /lib64/libpthread.so.0
       #2  0x00007fd5761e7257 in __pthread_mutex_lock (mutex=0x7fd56be00360)
           at pthread_mutex_lock.c:61
       #3  0x00007fd56bbf9fc5 in _nss_files_getpwuid_r (uid=0, result=0x7fd56bbf0c70,
           buffer=0x7fd55c2a65f0 "", buflen=1024, errnop=0x7fd56bbf25b8)
           at nss_files/files-pwd.c:40
       #4  0x00007fd575aeff1d in __getpwuid_r (uid=0, resbuf=0x7fd56bbf0c70,
           buffer=0x7fd55c2a65f0 "", buflen=1024, result=0x7fd56bbf0cb0)
           at ../nss/getXXbyYY_r.c:253
       #5  0x00007fd578aebafc in virSetUIDGID (uid=0, gid=0) at util/virutil.c:1031
       #6  0x00007fd578aebf43 in virSetUIDGIDWithCaps (uid=0, gid=0, capBits=0,
           clearExistingCaps=true) at util/virutil.c:1388
       #7  0x00007fd578a9a20b in virExec (cmd=0x7fd55c231f10) at util/vircommand.c:654
       #8  0x00007fd578a9dfa2 in virCommandRunAsync (cmd=0x7fd55c231f10, pid=0x0)
           at util/vircommand.c:2247
       #9  0x00007fd578a9d74e in virCommandRun (cmd=0x7fd55c231f10, exitstatus=0x0)
           at util/vircommand.c:2100
       #10 0x00007fd56326fde5 in qemuProcessStart (conn=0x7fd53c000df0,
           driver=0x7fd55c0dc4f0, vm=0x7fd54800b100, migrateFrom=0x0, stdin_fd=-1,
           stdin_path=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
           flags=1) at qemu/qemu_process.c:3694
       ...
      
      The solution is to split the work of getpwuid_r/initgroups into the
      unsafe portions (getgrouplist, called pre-fork) and safe portions
      (setgroups, called post-fork).
      
      * src/util/virutil.h (virSetUIDGID, virSetUIDGIDWithCaps): Adjust
      signature.
      * src/util/virutil.c (virSetUIDGID): Add parameters.
      (virSetUIDGIDWithCaps): Adjust clients.
      * src/util/vircommand.c (virExec): Likewise.
      * src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
      (virDirCreate): Likewise.
      * src/security/security_dac.c (virSecurityDACSetProcessLabel):
      Likewise.
      * src/lxc/lxc_container.c (lxcContainerSetID): Likewise.
      * configure.ac (AC_CHECK_FUNCS_ONCE): Check for setgroups, not
      initgroups.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ee777e99
  5. 10 7月, 2013 1 次提交
  6. 01 7月, 2013 1 次提交
    • D
      Release of libvirt-1.1.0 · 034d3229
      Daniel Veillard 提交于
      * configure.ac docs/news.html.in libvirt.spec.in: updated for the release
      * po/*.po*: updated localizations and regenerated
      034d3229
  7. 21 6月, 2013 1 次提交
  8. 12 6月, 2013 1 次提交
  9. 03 6月, 2013 1 次提交
    • D
      Release of libvirt 1.0.6 · 4497ef50
      Daniel Veillard 提交于
      * configure.ac docs/news.html.in libvirt.spec.in: update for the release
      * po/*.po*: pull localization updates and regenerate the po
      4497ef50
  10. 29 5月, 2013 1 次提交
    • E
      build: fix build with newer gnutls · 7d21d6b6
      Eric Blake 提交于
      Building with gnutls 3.2.0 (such as shipped with current cygwin) fails
      with:
      
      rpc/virnettlscontext.c: In function 'virNetTLSSessionGetKeySize':
      rpc/virnettlscontext.c:1358:5: error: implicit declaration of function 'gnutls_cipher_get_key_size' [-Wimplicit-function-declaration]
      
      Yeah, it's stupid that gnutls broke API by moving their declaration
      into a new header without including that header from the old one,
      but it's easy enough to work around, all without breaking on gnutls
      1.4.1 (hello RHEL 5) that lacked the new header.
      
      * configure.ac (gnutls): Check for <gnutls/crypto.h>.
      * src/rpc/virnettlscontext.c (includes): Include additional header.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      7d21d6b6
  11. 21 5月, 2013 2 次提交
    • E
      maint: follow recommended practice for using LGPL · de483052
      Eric Blake 提交于
      https://www.gnu.org/licenses/gpl-howto.html states:
      
      You should also include a copy of the license itself somewhere in the
      distribution of your program. All programs, whether they are released
      under the GPL or LGPL, should include the text version of the GPL. In
      GNU programs the license is usually in a file called COPYING.
      
      If you are releasing your program under the LGPL, you should also
      include the text version of the LGPL, usually in a file called
      COPYING.LESSER. Please note that, since the LGPL is a set of
      additional permissions on top of the GPL, it's important to include
      both licenses so users have all the materials they need to understand
      their rights.
      
      * configure.ac (COPYING): No more games with non-git file.
      * COPYING: New file, copied from gnulib.
      * COPYING.LIB: Rename...
      * COPYING.LESSER: ...to this.
      * .gitignore: Track licenses in git.
      * cfg.mk (exclude_file_name_regexp--sc_copyright_address): Tweak
      rule.
      * libvirt.spec.in (daemon, client, python): Reflect rename.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      de483052
    • E
      maint: use LGPL correctly · d7f53c7b
      Eric Blake 提交于
      Several files called out COPYING or COPYING.LIB instead of using
      the normal boilerplate.  It's especially important that we don't
      call out COPYING from an LGPL file, since COPYING is traditionally
      used for the GPL.  A few files were lacking copyright altogether.
      
      * src/rpc/gendispatch.pl: Add missing copyright.
      * Makefile.nonreentrant: Likewise.
      * src/check-symfile.pl: Likewise.
      * src/check-symsorting.pl: Likewise.
      * src/driver.h: Likewise.
      * src/internal.h: Likewise.
      * tools/libvirt-guests.sh.in: Likewise.
      * tools/virt-pki-validate.in: Mention copyright in comment, not just code.
      * tools/virt-sanlock-cleanup.in: Likewise.
      * src/rpc/genprotocol.pl: Spell out license terms.
      * src/xen/xend_internal.h: Likewise.
      * src/xen/xend_internal.c: Likewise.
      * Makefile.am: Likewise.
      * daemon/Makefile.am: Likewise.
      * docs/Makefile.am: Likewise.
      * docs/schemas/Makefile.am: Likewise.
      * examples/apparmor/Makefile.am: Likewise.
      * examples/domain-events/events-c/Makefile.am: Likewise.
      * examples/dominfo/Makefile.am: Likewise.
      * examples/domsuspend/Makefile.am: Likewise.
      * examples/hellolibvirt/Makefile.am: Likewise.
      * examples/openauth/Makefile.am: Likewise.
      * examples/python/Makefile.am: Likewise.
      * examples/systemtap/Makefile.am: Likewise.
      * examples/xml/nwfilter/Makefile.am: Likewise.
      * gnulib/lib/Makefile.am: Likewise.
      * gnulib/tests/Makefile.am: Likewise.
      * include/Makefile.am: Likewise.
      * include/libvirt/Makefile.am: Likewise.
      * python/Makefile.am: Likewise.
      * python/tests/Makefile.am: Likewise.
      * src/Makefile.am: Likewise.
      * tests/Makefile.am: Likewise.
      * tools/Makefile.am: Likewise.
      * configure.ac: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      d7f53c7b
  12. 14 5月, 2013 2 次提交
    • D
      Only pass -export-dynamic to linker, not compiler · 421846e4
      Daniel P. Berrange 提交于
      Clang does not like the -export-dynamic flag. The compiler does
      not need it in the first place, so we can avoid the problem by
      only setting it for the linker
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      421846e4
    • R
      build: avoid gcrypt deprecation warnings · bf87b99d
      Roman Bogorodskiy 提交于
      When combining old gcc (4.2.1) and new gcrypt (1.5.2), such as
      when using the Ports repository on FreeBSD, the build fails with:
      
        CC       libvirt_driver_la-libvirt.lo
      cc1: warnings being treated as errors
      In file included from libvirt.c:58:
      /usr/local/include/gcrypt.h:1336: warning: 'gcry_ac_io_mode_t' is deprecated [-Wdeprecated-declarations]
      
      Relevant part of gcrypt.h:
      1333 typedef struct gcry_ac_io
      1334 {
      1335   /* This is an INTERNAL structure, do NOT use manually.  */
      1336   gcry_ac_io_mode_t mode _GCRY_ATTR_INTERNAL;
      1337   gcry_ac_io_type_t type _GCRY_ATTR_INTERNAL;
      1338   union
      
      The sad part is that we aren't even using the deprecated symbols - their
      mere inclusion in the installed header is provoking the problems.  It
      looks like newer gcc is a bit more tolerant (that is, this is a
      shortcoming of FreeBSD's use of an older compiler).
      Signed-off-by: NEric Blake <eblake@redhat.com>
      bf87b99d
  13. 11 5月, 2013 1 次提交
  14. 02 5月, 2013 1 次提交
    • D
      Release of libvirt-1.0.5 · 8e20a23f
      Daniel Veillard 提交于
      * configure.ac docs/news.html.in libvirt.spec.in: updated for the release
      * po/*.po*: pulled and merged a number of new localization updates
      8e20a23f
  15. 30 4月, 2013 1 次提交
    • R
      portability: handle ifreq differences in virnetdev · 5295e35f
      Roman Bogorodskiy 提交于
      FreeBSD (and maybe other BSDs) have different member
      names in struct ifreq when compared to Linux, such as:
      
       - uses ifr_data instead of ifr_newname for setting
         interface names
       - uses ifr_index instead of ifr_ifindex for interface
         index
      
      Also, add a check for SIOCGIFHWADDR for virNetDevValidateConfig().
      
      Use AF_LOCAL if AF_PACKET is not available.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      5295e35f
  16. 26 4月, 2013 1 次提交
    • L
      util: new virCommandSetMax(MemLock|Processes|Files) · 776d49f4
      Laine Stump 提交于
      This patch adds two sets of functions:
      
      1) lower level virProcessSet*() functions that will immediately set
      the RLIMIT_MEMLOCK. RLIMIT_NPROC, or RLIMIT_NOFILE of either the
      current process (using setrlimit()) or any other process (using
      prlimit()). "current process" is indicated by passing a 0 for pid.
      
      2) functions for virCommand* that will setup a virCommand object to
      set those limits at a later time just after it has forked a new
      process, but before it execs the new program.
      
      configure.ac has prlimit and setrlimit added to the list of functions
      to check for, and the low level functions log an "unsupported" error)
      on platforms that don't support those functions.
      776d49f4
  17. 16 4月, 2013 2 次提交
  18. 03 4月, 2013 3 次提交
    • D
      Enable full RELRO mode · fc8c1787
      Daniel P. Berrange 提交于
      By passing the flags -z relro -z now to the linker, we can force
      it to resolve all library symbols at startup, instead of on-demand.
      This allows it to then make the global offset table (GOT) read-only,
      which makes some security attacks harder.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      fc8c1787
    • D
      Build all binaries with PIE · 1150999c
      Daniel P. Berrange 提交于
      PIE (position independent executable) adds security to executables
      by composing them entirely of position-independent code (PIC. The
      .so libraries already build with -fPIC. This adds -fPIE which is
      the equivalent to -fPIC, but for executables. This for allows Exec
      Shield to use address space layout randomization to prevent attackers
      from knowing where existing executable code is during a security
      attack using exploits that rely on knowing the offset of the
      executable code in the binary, such as return-to-libc attacks.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      1150999c
    • D
      Disable static libraries by default · ad42b34b
      Daniel P. Berrange 提交于
      Every source file is currently built twice by libtool, once for
      the shared library and once for the static library. Static libs
      are not commonly packaged by distros and slow down compilation
      time by more than 50% compared to a shared-only build time.
      
      Time for 'make -j 4':
      
            shared only: 2 mins  9 secs
        shared + static: 3 mins 26 secs
      
      Time for non-parallel make
      
            shared only: 3 mins 32 secs
        shared + static: 5 mins 41 secs
      
      Those few people who really want them, can pass --enable-static
      to configure
      
      Disabling them by default requires use of LT_INIT, but for
      compat with RHEL5 we can't rely on that. So we conditionally
      use LT_INIT, but fallback to AM_PROG_LIBTOOL if not present.
      ad42b34b
  19. 01 4月, 2013 1 次提交
    • D
      Release of libvirt-1.0.4 · 89d73020
      Daniel Veillard 提交于
      - configure.ac docs/news.html.in libvirt.spec.in: updates for the release
      - po/*.po*: fetch translation updates from Transifex and regenerate
      89d73020
  20. 05 3月, 2013 1 次提交
    • D
      Release of libvirt 1.0.3 · be1c364d
      Daniel Veillard 提交于
      - configure.ac docs/news.html.in libvirt.spec.in: update for the release
      - po/*.po*: merged in transifex updates for fr,hi,pl,ja,uk,it and
        regenerated
      be1c364d
  21. 30 1月, 2013 1 次提交
    • D
      Release of libvirt-1.0.2 · 4a824cdb
      Daniel Veillard 提交于
      * configure.ac docs/news.html.in libvirt.spec.in: update for the release
      * po/*.po*: updated localizations
      4a824cdb
  22. 26 1月, 2013 1 次提交
  23. 15 1月, 2013 3 次提交
    • E
      build: further fixes for broken if_bridge.h · 1bf661ca
      Eric Blake 提交于
      Commit c308a9ae was incomplete; it resolved the configure failure,
      but not a later build failure.
      
      * src/util/virnetdevbridge.c: Include pre-req header.
      * configure.ac (AC_CHECK_HEADERS): Prefer standard in.h over
      non-standard ip6.h.
      1bf661ca
    • D
      Fix typo LIBCURL_{CFLAGS,LIBS} to CURL_{CFLAGS,LIBS} · 688b3ecf
      Daniel P. Berrange 提交于
      Some places missed the conversion from LIBCURL_{CFLAGS,LIBS} to
      CURL_{CFLAGS,LIBS}, and a part of curl check was left in
      configure.ac instead of m4/virt-curl.m4 by mistake
      688b3ecf
    • E
      build: work around broken kernel header · c308a9ae
      Eric Blake 提交于
      I got this scary warning during ./configure on rawhide:
      
      checking linux/if_bridge.h usability... no
      checking linux/if_bridge.h presence... yes
      configure: WARNING: linux/if_bridge.h: present but cannot be compiled
      configure: WARNING: linux/if_bridge.h:     check for missing prerequisite headers?
      configure: WARNING: linux/if_bridge.h: see the Autoconf documentation
      configure: WARNING: linux/if_bridge.h:     section "Present But Cannot Be Compiled"
      configure: WARNING: linux/if_bridge.h: proceeding with the compiler's result
      configure: WARNING:     ## ------------------------------------- ##
      configure: WARNING:     ## Report this to libvir-list@redhat.com ##
      configure: WARNING:     ## ------------------------------------- ##
      checking for linux/if_bridge.h... no
      
      * configure.ac (AC_CHECK_HEADERS): Provide struct in6_addr, since
      linux/if_bridge.h uses it without declaring it.
      c308a9ae
  24. 14 1月, 2013 10 次提交