- 24 7月, 2013 1 次提交
-
-
由 Roman Bogorodskiy 提交于
link_addr detection in configure always reports that link_addr is missing because it uses link_addr(NULL, NULL) in AC_LINK_IFELSE check with limited set of headers that doesn't define NULL. Fix by replacing 'NULL' with just '0'.
-
- 19 7月, 2013 1 次提交
-
-
由 Guido Günther 提交于
instead of the deprecated AC_TRY_LINK
-
- 18 7月, 2013 1 次提交
-
-
由 Guido Günther 提交于
Some versions of kFreeBSD (like 9.0) declare link_addr in a header but lack an implementation. This makes ./configure pass but breaks compilation later with a undefined reference to `link_addr' Althought that's a bug in the OS header we can detect it easily by also trying to link. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715320
-
- 12 7月, 2013 1 次提交
-
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=964358 POSIX states that multi-threaded apps should not use functions that are not async-signal-safe between fork and exec, yet we were using getpwuid_r and initgroups. Although rare, it is possible to hit deadlock in the child, when it tries to grab a mutex that was already held by another thread in the parent. I actually hit this deadlock when testing multiple domains being started in parallel with a command hook, with the following backtrace in the child: Thread 1 (Thread 0x7fd56bbf2700 (LWP 3212)): #0 __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136 #1 0x00007fd5761e7388 in _L_lock_854 () from /lib64/libpthread.so.0 #2 0x00007fd5761e7257 in __pthread_mutex_lock (mutex=0x7fd56be00360) at pthread_mutex_lock.c:61 #3 0x00007fd56bbf9fc5 in _nss_files_getpwuid_r (uid=0, result=0x7fd56bbf0c70, buffer=0x7fd55c2a65f0 "", buflen=1024, errnop=0x7fd56bbf25b8) at nss_files/files-pwd.c:40 #4 0x00007fd575aeff1d in __getpwuid_r (uid=0, resbuf=0x7fd56bbf0c70, buffer=0x7fd55c2a65f0 "", buflen=1024, result=0x7fd56bbf0cb0) at ../nss/getXXbyYY_r.c:253 #5 0x00007fd578aebafc in virSetUIDGID (uid=0, gid=0) at util/virutil.c:1031 #6 0x00007fd578aebf43 in virSetUIDGIDWithCaps (uid=0, gid=0, capBits=0, clearExistingCaps=true) at util/virutil.c:1388 #7 0x00007fd578a9a20b in virExec (cmd=0x7fd55c231f10) at util/vircommand.c:654 #8 0x00007fd578a9dfa2 in virCommandRunAsync (cmd=0x7fd55c231f10, pid=0x0) at util/vircommand.c:2247 #9 0x00007fd578a9d74e in virCommandRun (cmd=0x7fd55c231f10, exitstatus=0x0) at util/vircommand.c:2100 #10 0x00007fd56326fde5 in qemuProcessStart (conn=0x7fd53c000df0, driver=0x7fd55c0dc4f0, vm=0x7fd54800b100, migrateFrom=0x0, stdin_fd=-1, stdin_path=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=1) at qemu/qemu_process.c:3694 ... The solution is to split the work of getpwuid_r/initgroups into the unsafe portions (getgrouplist, called pre-fork) and safe portions (setgroups, called post-fork). * src/util/virutil.h (virSetUIDGID, virSetUIDGIDWithCaps): Adjust signature. * src/util/virutil.c (virSetUIDGID): Add parameters. (virSetUIDGIDWithCaps): Adjust clients. * src/util/vircommand.c (virExec): Likewise. * src/util/virfile.c (virFileAccessibleAs, virFileOpenForked) (virDirCreate): Likewise. * src/security/security_dac.c (virSecurityDACSetProcessLabel): Likewise. * src/lxc/lxc_container.c (lxcContainerSetID): Likewise. * configure.ac (AC_CHECK_FUNCS_ONCE): Check for setgroups, not initgroups. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 10 7月, 2013 1 次提交
-
-
由 Roman Bogorodskiy 提交于
In order to properly detect bridge related definitions such as BRDGSFD, BRDGADD and BRDGDEL on kFreeBSD we need to include <stdint.h>. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715321 Reported by Laurent Bigonville.
-
- 01 7月, 2013 1 次提交
-
-
由 Daniel Veillard 提交于
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release * po/*.po*: updated localizations and regenerated
-
- 21 6月, 2013 1 次提交
-
-
由 Roman Bogorodskiy 提交于
-
- 12 6月, 2013 1 次提交
-
-
由 Cole Robinson 提交于
brctl isn't used anywhere AFAICT
-
- 03 6月, 2013 1 次提交
-
-
由 Daniel Veillard 提交于
* configure.ac docs/news.html.in libvirt.spec.in: update for the release * po/*.po*: pull localization updates and regenerate the po
-
- 29 5月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Building with gnutls 3.2.0 (such as shipped with current cygwin) fails with: rpc/virnettlscontext.c: In function 'virNetTLSSessionGetKeySize': rpc/virnettlscontext.c:1358:5: error: implicit declaration of function 'gnutls_cipher_get_key_size' [-Wimplicit-function-declaration] Yeah, it's stupid that gnutls broke API by moving their declaration into a new header without including that header from the old one, but it's easy enough to work around, all without breaking on gnutls 1.4.1 (hello RHEL 5) that lacked the new header. * configure.ac (gnutls): Check for <gnutls/crypto.h>. * src/rpc/virnettlscontext.c (includes): Include additional header. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 21 5月, 2013 2 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html states: You should also include a copy of the license itself somewhere in the distribution of your program. All programs, whether they are released under the GPL or LGPL, should include the text version of the GPL. In GNU programs the license is usually in a file called COPYING. If you are releasing your program under the LGPL, you should also include the text version of the LGPL, usually in a file called COPYING.LESSER. Please note that, since the LGPL is a set of additional permissions on top of the GPL, it's important to include both licenses so users have all the materials they need to understand their rights. * configure.ac (COPYING): No more games with non-git file. * COPYING: New file, copied from gnulib. * COPYING.LIB: Rename... * COPYING.LESSER: ...to this. * .gitignore: Track licenses in git. * cfg.mk (exclude_file_name_regexp--sc_copyright_address): Tweak rule. * libvirt.spec.in (daemon, client, python): Reflect rename. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Several files called out COPYING or COPYING.LIB instead of using the normal boilerplate. It's especially important that we don't call out COPYING from an LGPL file, since COPYING is traditionally used for the GPL. A few files were lacking copyright altogether. * src/rpc/gendispatch.pl: Add missing copyright. * Makefile.nonreentrant: Likewise. * src/check-symfile.pl: Likewise. * src/check-symsorting.pl: Likewise. * src/driver.h: Likewise. * src/internal.h: Likewise. * tools/libvirt-guests.sh.in: Likewise. * tools/virt-pki-validate.in: Mention copyright in comment, not just code. * tools/virt-sanlock-cleanup.in: Likewise. * src/rpc/genprotocol.pl: Spell out license terms. * src/xen/xend_internal.h: Likewise. * src/xen/xend_internal.c: Likewise. * Makefile.am: Likewise. * daemon/Makefile.am: Likewise. * docs/Makefile.am: Likewise. * docs/schemas/Makefile.am: Likewise. * examples/apparmor/Makefile.am: Likewise. * examples/domain-events/events-c/Makefile.am: Likewise. * examples/dominfo/Makefile.am: Likewise. * examples/domsuspend/Makefile.am: Likewise. * examples/hellolibvirt/Makefile.am: Likewise. * examples/openauth/Makefile.am: Likewise. * examples/python/Makefile.am: Likewise. * examples/systemtap/Makefile.am: Likewise. * examples/xml/nwfilter/Makefile.am: Likewise. * gnulib/lib/Makefile.am: Likewise. * gnulib/tests/Makefile.am: Likewise. * include/Makefile.am: Likewise. * include/libvirt/Makefile.am: Likewise. * python/Makefile.am: Likewise. * python/tests/Makefile.am: Likewise. * src/Makefile.am: Likewise. * tests/Makefile.am: Likewise. * tools/Makefile.am: Likewise. * configure.ac: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 14 5月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Clang does not like the -export-dynamic flag. The compiler does not need it in the first place, so we can avoid the problem by only setting it for the linker Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Roman Bogorodskiy 提交于
When combining old gcc (4.2.1) and new gcrypt (1.5.2), such as when using the Ports repository on FreeBSD, the build fails with: CC libvirt_driver_la-libvirt.lo cc1: warnings being treated as errors In file included from libvirt.c:58: /usr/local/include/gcrypt.h:1336: warning: 'gcry_ac_io_mode_t' is deprecated [-Wdeprecated-declarations] Relevant part of gcrypt.h: 1333 typedef struct gcry_ac_io 1334 { 1335 /* This is an INTERNAL structure, do NOT use manually. */ 1336 gcry_ac_io_mode_t mode _GCRY_ATTR_INTERNAL; 1337 gcry_ac_io_type_t type _GCRY_ATTR_INTERNAL; 1338 union The sad part is that we aren't even using the deprecated symbols - their mere inclusion in the installed header is provoking the problems. It looks like newer gcc is a bit more tolerant (that is, this is a shortcoming of FreeBSD's use of an older compiler). Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 11 5月, 2013 1 次提交
-
-
由 Roman Bogorodskiy 提交于
- provide virNetDevSetMAC() implementation based on SIOCSIFLLADDR ioctl. - adjust virNetDevExists() to check for ENXIO error because FreeBSD throws it when device doesn't exist Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 02 5月, 2013 1 次提交
-
-
由 Daniel Veillard 提交于
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release * po/*.po*: pulled and merged a number of new localization updates
-
- 30 4月, 2013 1 次提交
-
-
由 Roman Bogorodskiy 提交于
FreeBSD (and maybe other BSDs) have different member names in struct ifreq when compared to Linux, such as: - uses ifr_data instead of ifr_newname for setting interface names - uses ifr_index instead of ifr_ifindex for interface index Also, add a check for SIOCGIFHWADDR for virNetDevValidateConfig(). Use AF_LOCAL if AF_PACKET is not available. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 26 4月, 2013 1 次提交
-
-
由 Laine Stump 提交于
This patch adds two sets of functions: 1) lower level virProcessSet*() functions that will immediately set the RLIMIT_MEMLOCK. RLIMIT_NPROC, or RLIMIT_NOFILE of either the current process (using setrlimit()) or any other process (using prlimit()). "current process" is indicated by passing a 0 for pid. 2) functions for virCommand* that will setup a virCommand object to set those limits at a later time just after it has forked a new process, but before it execs the new program. configure.ac has prlimit and setrlimit added to the list of functions to check for, and the low level functions log an "unsupported" error) on platforms that don't support those functions.
-
- 16 4月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Add a virCgroupIsolateMount method which looks at where the current process is place in the cgroups (eg /system/demo.lxc.libvirt) and then remounts the cgroups such that this sub-directory becomes the root directory from the current process' POV. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
On Win32 symlink() is not available, so virstoragetest.c must be conditionalized to avoid compile failures. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 03 4月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
By passing the flags -z relro -z now to the linker, we can force it to resolve all library symbols at startup, instead of on-demand. This allows it to then make the global offset table (GOT) read-only, which makes some security attacks harder. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
PIE (position independent executable) adds security to executables by composing them entirely of position-independent code (PIC. The .so libraries already build with -fPIC. This adds -fPIE which is the equivalent to -fPIC, but for executables. This for allows Exec Shield to use address space layout randomization to prevent attackers from knowing where existing executable code is during a security attack using exploits that rely on knowing the offset of the executable code in the binary, such as return-to-libc attacks. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Every source file is currently built twice by libtool, once for the shared library and once for the static library. Static libs are not commonly packaged by distros and slow down compilation time by more than 50% compared to a shared-only build time. Time for 'make -j 4': shared only: 2 mins 9 secs shared + static: 3 mins 26 secs Time for non-parallel make shared only: 3 mins 32 secs shared + static: 5 mins 41 secs Those few people who really want them, can pass --enable-static to configure Disabling them by default requires use of LT_INIT, but for compat with RHEL5 we can't rely on that. So we conditionally use LT_INIT, but fallback to AM_PROG_LIBTOOL if not present.
-
- 01 4月, 2013 1 次提交
-
-
由 Daniel Veillard 提交于
- configure.ac docs/news.html.in libvirt.spec.in: updates for the release - po/*.po*: fetch translation updates from Transifex and regenerate
-
- 05 3月, 2013 1 次提交
-
-
由 Daniel Veillard 提交于
- configure.ac docs/news.html.in libvirt.spec.in: update for the release - po/*.po*: merged in transifex updates for fr,hi,pl,ja,uk,it and regenerated
-
- 30 1月, 2013 1 次提交
-
-
由 Daniel Veillard 提交于
* configure.ac docs/news.html.in libvirt.spec.in: update for the release * po/*.po*: updated localizations
-
- 26 1月, 2013 1 次提交
-
-
由 Guido Günther 提交于
-
- 15 1月, 2013 3 次提交
-
-
由 Eric Blake 提交于
Commit c308a9ae was incomplete; it resolved the configure failure, but not a later build failure. * src/util/virnetdevbridge.c: Include pre-req header. * configure.ac (AC_CHECK_HEADERS): Prefer standard in.h over non-standard ip6.h.
-
由 Daniel P. Berrange 提交于
Some places missed the conversion from LIBCURL_{CFLAGS,LIBS} to CURL_{CFLAGS,LIBS}, and a part of curl check was left in configure.ac instead of m4/virt-curl.m4 by mistake
-
由 Eric Blake 提交于
I got this scary warning during ./configure on rawhide: checking linux/if_bridge.h usability... no checking linux/if_bridge.h presence... yes configure: WARNING: linux/if_bridge.h: present but cannot be compiled configure: WARNING: linux/if_bridge.h: check for missing prerequisite headers? configure: WARNING: linux/if_bridge.h: see the Autoconf documentation configure: WARNING: linux/if_bridge.h: section "Present But Cannot Be Compiled" configure: WARNING: linux/if_bridge.h: proceeding with the compiler's result configure: WARNING: ## ------------------------------------- ## configure: WARNING: ## Report this to libvir-list@redhat.com ## configure: WARNING: ## ------------------------------------- ## checking for linux/if_bridge.h... no * configure.ac (AC_CHECK_HEADERS): Provide struct in6_addr, since linux/if_bridge.h uses it without declaring it.
-
- 14 1月, 2013 10 次提交
-
-
由 Daniel P. Berrange 提交于
This patch introduces support for LXC specific public APIs. In common with what was done for QEMU, this creates a libvirt_lxc.so library and libvirt/libvirt-lxc.h header file. The actual APIs are int virDomainLxcOpenNamespace(virDomainPtr domain, int **fdlist, unsigned int flags); int virDomainLxcEnterNamespace(virDomainPtr domain, unsigned int nfdlist, int *fdlist, unsigned int *noldfdlist, int **oldfdlist, unsigned int flags); which provide a way to use the setns() system call to move the calling process into the container's namespace. It is not practical to write in a generically applicable manner. The nearest that we could get to such an API would be an API which allows to pass a command + argv to be executed inside a container. Even if we had such a generic API, this LXC specific API is still useful, because it allows the caller to maintain the current process context, in particular any I/O streams they have open. NB the virDomainLxcEnterNamespace() API is special in that it runs client side, so does not involve the internal driver API. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
There are many aspects of the guest XML which result in the SELinux driver applying file labelling. With the increasing configuration options it is desirable to test this behaviour. It is not possible to assume that the test suite has the ability to set SELinux labels. Most filesystems though will support extended attributes. Thus for the purpose of testing, it is possible to extend the existing LD_PRELOAD hack to override setfilecon() and getfilecon() to simply use the 'user.libvirt.selinux' attribute for the sake of testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
This converts the libssh2 configure check to use LIBVIRT_CHECK_PKG. Previously it would check version 1.0 and 1.3, but this simplifies things to just require version 1.3
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-