1. 18 12月, 2012 15 次提交
    • D
      Add support for misc host device passthrough with LXC · 83a9c938
      Daniel P. Berrange 提交于
      This extends support for host device passthrough with LXC to
      cover misc devices. In this case all we need todo is a
      mknod in the container's /dev and whitelist the device in
      cgroups
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      83a9c938
    • D
      Add support for storage host device passthrough with LXC · 313669d1
      Daniel P. Berrange 提交于
      This extends support for host device passthrough with LXC to
      cover storage devices. In this case all we need todo is a
      mknod in the container's /dev and whitelist the device in
      cgroups
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      313669d1
    • D
      Add support for USB host device passthrough with LXC · 95fef5f4
      Daniel P. Berrange 提交于
      This adds support for host device passthrough with the
      LXC driver. Since there is only a single kernel image,
      it doesn't make sense to pass through PCI devices, but
      USB devices are fine. For the latter we merely need to
      make the /dev/bus/usb/NNN/MMM character device exist
      in the container's /dev
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      95fef5f4
    • D
      Add support for disks with LXC · 368e341a
      Daniel P. Berrange 提交于
      Currently LXC guests can be given arbitrary pre-mounted
      filesystems, however, for some usecases it is more appropriate
      to provide block devices which the container can mount itself.
      This first impl only allows for <disk type='block'>, in other
      words exposing a host disk device to a container. Since LXC
      does not have device namespace virtualization, we are cheating
      a little bit. If the XML specifies /dev/sdc4 to be given to
      the container as /dev/sda1, when we do the mknod /dev/sda1
      in the container's /dev, we actually use the major:minor
      number of /dev/sdc4, not /dev/sda1.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      368e341a
    • D
      Add support for SELinux labelling of hostdev storage/misc devices · a6cbdd7b
      Daniel P. Berrange 提交于
      The SELinux security driver needs to learn to label storage/misc
      hostdev devices for LXC
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      a6cbdd7b
    • D
      Refactor SELinux security driver hostdev labelling · 570ad09e
      Daniel P. Berrange 提交于
      Prepare to support different types of hostdevs by refactoring
      the current SELinux security driver code
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      570ad09e
    • D
      Allow passing a vroot into security manager hostdev labelling · df5928ea
      Daniel P. Berrange 提交于
      When LXC labels USB devices during hotplug, it is running in
      host context, so it needs to pass in a vroot path to the
      container root.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      df5928ea
    • D
      Skip bulk relabelling of resources in SELinux driver when used with LXC · 89c5a9d0
      Daniel P. Berrange 提交于
      The virSecurityManager{Set,Restore}AllLabel methods are invoked
      at domain startup/shutdown to relabel resources associated with
      a domain. This works fine with QEMU, but with LXC they are in
      fact both currently no-ops since LXC does not support disks,
      hostdevs, or kernel/initrd files. Worse, when LXC gains support
      for disks/hostdevs, they will do the wrong thing, since they
      run in host context, not container context. Thus this patch
      turns then into a formal no-op when used with LXC. The LXC
      controller will call out to specific security manager labelling
      APIs as required during startup.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      89c5a9d0
    • D
      Refactor LXC NIC creation to allow reuse by hotplug code · e89c68b8
      Daniel P. Berrange 提交于
      The code for creating veth/macvlan devices is part of the
      LXC process startup code. Refactor this a little and export
      the methods to the rest of the LXC driver. This allows them
      to be reused for NIC hotplug code
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e89c68b8
    • D
      Add support for <hostdev mode="capabilities"> · aae0fc2a
      Daniel P. Berrange 提交于
      The <hostdev> device type has long had a redundant "mode"
      attribute, which has always been "subsys". This finally
      introduces a new mode "capabilities", which will be used
      by the LXC driver for device assignment. Since container
      based virtualization uses a single kernel, the idea of
      assigning physical PCI devices doesn't make sense. It is
      still reasonable to assign USB devices, but for assigning
      arbitrary nodes in /dev, the new 'capabilities' mode is
      to be used.
      
      The first capability support is 'storage', which is for
      assignment of block devices. Functionally this is really
      pretty similar to the <disk> support. The only difference
      is the device node name is identical in both host and
      container namespaces.
      
          <hostdev mode='capabilities' type='storage'>
            <source>
              <block>/dev/sdf1</block>
            </source>
          </hostdev>
      
      The second capability support is 'misc', which is for
      assignment of character devices. There is no existing
      parallel to this. Again the device node is the same
      inside & outside the container.
      
          <hostdev mode='capabilities' type='misc'>
            <source>
              <char>/dev/input/event3</char>
            </source>
          </hostdev>
      
      The reason for keeping the char & storage devices
      separate in the domain XML, is to mirror the split
      in the node device XML. NB the node device XML does
      not yet report character devices, but that's another
      new patch to come
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      aae0fc2a
    • V
      tests: Add tests for sysinfo · 347a712a
      Viktor Mihajlovski 提交于
      Test cases for virSysinfoRead. Initially, there are tests for
      x86 (DMI based) and s390 (/proc/... based).
      In lack of PPC data, I have stubbed out the test for it, but it
      can be added with a minimal effort.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      347a712a
    • V
      S390: Fix virSysinfoRead memory corruption · cab938c9
      Viktor Mihajlovski 提交于
      There was a double free issue caused by virSysinfoRead on s390,
      as the same manufacturer string instance was assigned to more
      than one processor record.
      Cleaned up other potential memory issues and restructured the sysinfo
      parsing code by moving repeating patterns into a helper function.
      
      The restructuring made it necessary to conditionally disable
      -Wlogical-op for some older GCC versions, using pragma GCC diagnostic.
      This is a GCC specific pragma, which is acceptable, since we're
      using it to work around a GCC specific bug.
      
      Finally, added a function virSysinfoSetup to configure the sysinfo
      data source files/script during run time, to facilitate writing test
      programs. This function is not published in sysinfo.h and only
      there for testing.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      cab938c9
    • V
      build: Check for broken GCC -Wlogical-op in configure · 8b8fcdea
      Viktor Mihajlovski 提交于
      Some older versions of GCC report a false positive on code like
        char * haystack, needle;
        strchr(haystack, needle);
      
      Added an extra check in configure.ac which will
        #define BROKEN_GCC_WLOGICALOP 1
      in this case, allowing to special handle "offending" code.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      8b8fcdea
    • P
      conf: cpu: Break some long lines · 41bd91f8
      Peter Krempa 提交于
      41bd91f8
    • P
      conf: cpu: Refactor parsing of vendor_id and fallback attributes · 4a9c1793
      Peter Krempa 提交于
      This patch simplifies the code that parses the fallback and vendor_id
      attributes from the domain xml cpu definition.
      
      Changes done:
      - free temp variables in the cleanup section instead of local use
      - remove checking for presence of the attribute to directly getting the
      value (saving call to virXPathBoolean)
      - replace loop used to check for ',' in the vendor_id string with strchr
      4a9c1793
  2. 17 12月, 2012 9 次提交
    • P
      conf: cpu: Fix memory leak when specifying cpu vendor_id manually · fb49ffc3
      Peter Krempa 提交于
      The field was not freed from the cpu definition.
      fb49ffc3
    • K
      conf: cpu: Fix parsing of vendor_id · 1190a824
      Ken ICHIKAWA 提交于
      This patch fixes a problem that vendor_id attribute can not be defined
      when fallback attribute is not defined.
      
      If I define domain xml like below:
      <domain>
        <cpu>
          <model vendor_id='aaaabbbbcccc'>core2duo</model>
        </cpu>
      </domain>
      
      In dumpxml, vendor_id is not reflected:
      <domain>
        <cpu mode='custom' match='exact'>
          <model fallback='allow'>core2duo</model>
        </cpu>
      </domain>
      
      The expected output is:
      <domain>
        <cpu mode='custom' match='exact'>
          <model fallback='allow' vendor_id='aaaabbbbcccc'>core2duo</model>
        </cpu>
      </domain>
      
      If the fallback attribute and vendor_id attribute is defined at the same
      time, it's reflected as expected.
      Signed-off-by: NKen ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
      1190a824
    • D
      Support custom 'svirt_tcg_t' context for TCG based guests · 77d3a809
      Daniel P. Berrange 提交于
      The current SELinux policy only works for KVM guests, since
      TCG requires the 'execmem' privilege. There is a 'virt_use_execmem'
      boolean to turn this on globally, but that is unpleasant for users.
      This changes libvirt to automatically use a new 'svirt_tcg_t'
      context for TCG based guests. This obsoletes the previous
      boolean tunable and makes things 'just work(tm)'
      
      Since we can't assume we run with new enough policy, I also
      make us log a warning message (once only) if we find the policy
      lacks support. In this case we fallback to the normal label and
      expect users to set the boolean tunable
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      77d3a809
    • P
      docs: Replace </br> with <br/> in docs/news.html.in · c17b16d1
      Peter Krempa 提交于
      c17b16d1
    • G
      tests: add one -device video device testcase · ed6fc41b
      Guannan Ren 提交于
      The testcase is for testing non-fixed PCI address for primary
      video device and using video args to -deivce qemu option.
      ed6fc41b
    • G
      qemu: use newer -device video device in qemu commandline · aa51202b
      Guannan Ren 提交于
      '-device VGA' maps to '-vga std'
      '-device cirrus-vga' maps to '-vga cirrus'
      '-device qxl-vga' maps to '-vga qxl'
                   (there is also '-device qxl' for secondary devices)
      '-device vmware-svga' maps to '-vga vmware'
      
      For qemu(>=1.2), we can use -device to replace -vga for video
      device. For the primary video device, the patch tries to use 0x2
      slot for matching old qemu. If the 0x2 slot is allocated already,
      the addr property could help for using any available slot.
      For qemu(< 1.2), we keep using -vga for primary device.
      aa51202b
    • G
      conf: add optional attribte primary to video <model> element · 09938bb3
      Guannan Ren 提交于
      If there are multiple video devices
      primary = 'yes' marks this video device as the primary one.
      The rest are secondary video devices. No more than one could be
      mark as primary. If none of them has primary attribute, the first
      one will be the primary by default like what it was.
      The reason of this changing is that for qemu, only one primary video
      device is permitted which can be of any type. For secondary video
      devices, only qxl is allowd. Primary attribute removes the restriction
      that the first have to be the primary one.
      
      We always put the primary video device into the first position of
      video device structure array after parsing.
      09938bb3
    • G
      qemu: add qemu vga devices caps and one cap to mark them usable · 4c993d8a
      Guannan Ren 提交于
      QEMU_CAPS_DEVICE_QXL          -device qxl
      QEMU_CAPS_DEVICE_VGA          -device VGA
      QEMU_CAPS_DEVICE_CIRRUS_VGA   -device cirrus-vga
      QEMU_CAPS_DEVICE_VMWARE_SVGA  -device vmware-svga
      
      QEMU_CAPS_DEVICE_VIDEO_PRIMARY  /* safe to use -device XXX
                                       for primary video device */
      
      Fix a typo in qemuCapsObjectTypes, the string 'qxl' here
      should be -device qxl rather than -vga [...|qxl|..]
      4c993d8a
    • D
      Release of libvirt-1.0.1 · 34ca5684
      Daniel Veillard 提交于
      - configure.ac docs/news.html.in: update for the release
      - po/*.po: updated from transifex
      34ca5684
  3. 15 12月, 2012 4 次提交
    • E
      build: minor build fixes for BSD · 70743dae
      Eric Blake 提交于
      Noticed these while building on FreeBSD.
      
      * src/qemu/qemu_monitor.c (qemuMonitorBlockInfoLookup): Rename
      variable to avoid 'devname' collision.
      * src/qemu/qemu_driver.c (qemuDomainInterfaceStats): Mark unused
      variable.
      70743dae
    • R
      Socket identity support for FreeBSD. · 0c94357f
      Roman Bogorodskiy 提交于
      This adds an implementation of virNetSocketGetUNIXIdentity()
      using LOCAL_PEERCRED socket option and xucred struct, defined
      in <sys/ucred.h> on systems that have it.
      0c94357f
    • L
      network: fix (non)update of dnsmasq config during virDomainUpdateDeviceFlags · e3802e13
      Laine Stump 提交于
      A forgotten "!" in recently-modified code at the top of
      networkRefreshDaemon() meant an improper early return, which led to 1)
      dnsmasq config files not being updated from the newly modified config,
      and 2) dnsmasq not being sent a SIGHUP so that it could learn about
      the changes to the config.
      
      virNetworkDefGetIpByIndex() returns NULL if there are no ip objects of
      the requested type, and if there are no IP elements, then dnsmasq
      shouldn't be running, so we can return early. Otherwise we should
      rewrite the config files and send a SIGHUP.
      e3802e13
    • G
      Require SANLK_INQ_WAIT for inq_lockspace support · 238dba0f
      Guido Günther 提交于
      since compilation breaks otherwise with older libsanlock.
      238dba0f
  4. 14 12月, 2012 12 次提交
    • E
      docs: fix some typos in examples · 9821f8f6
      Eric Blake 提交于
      As detected in https://bugzilla.redhat.com/show_bug.cgi?id=887187
      
      * docs/formatdomain.html.in: Fix XML typos.
      9821f8f6
    • M
      sanlock: Re-add lockspace unconditionally · 11cfa288
      Michal Privoznik 提交于
      Currently, if sanlock is already registering a lockspace other
      libvirtd instances (from other hosts) obtain -EINPROGRESS. On
      sufficiently new sanlock, sanlock_inq_lockspace() is called,
      which suspend execution until lockspace state is changed. With
      current libvirt implementation, we fail to retry adding the
      lockspace again but continue in error path. Therefore we produce
      meaningless error message:
      
      virLockManagerSanlockSetupLockspace:363 : Unable to add lockspace
      /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__: Success
      qemudLoadDriverConfig:558 : Failed to load lock manager sanlock
      
      We should try to re-add the lockspace after its state change to
      be sure it was added successfully. In fact, with sufficiently new
      sanlock we can just avoid dummy usleep() which is used if there's
      no inquire API.
      11cfa288
    • E
      install: fix virtlockd installation · 8d59a025
      Eric Blake 提交于
      The virtlockd daemon scripts were lousy, when compared to their
      counterparts in daemon/Makefile.am.  In particular, when init
      scripts were selected, this resulted in 'make distcheck' failing
      due to failure to clean up src/virtlockd.init.
      
      * src/Makefile.am (install-systemd): Fix dependencies.  Use MKDIR_P.
      (uninstall-systemd): Remove empty directory.  Use fewer processes.
      (install-init, install-sysconfig): Use MKDIR_P.
      (uninstall-init): Remove correct file, and also empty directory.
      (uninstall-sysconfig): Remove empty directory.
      (DISTCLEANFILES): Clean up trivially built sources.
      8d59a025
    • M
      docs: Fix location of libvirt.conf and auth.conf · c86f53d5
      Michał Łomnicki 提交于
      For a unprivileged user libvirt.conf and auth.conf are looked up in
      $XDG_CONFIG_HOME but the docs incorrectly state that it's $XDG_CONFIG_DIR.
      c86f53d5
    • L
      qemu: don't fail update netdev on bridge detach failure · 9cf8734e
      Laine Stump 提交于
      When a network device's bridge connection is changed by
      virDomainUpdateDevice, libvirt first removes the netdev's tap from its
      old bridge, then adds it to the new bridge. Sometimes, due to a
      network being destroyed while a guest device is still attached, the
      tap may already be "removed" from the old bridge (or the old bridge
      may not even exist any more); the existing code was needlessly failing
      the update when this happened, making it impossible to recover from
      the situation without completely detaching (i.e. removing) the netdev
      from the guest and re-attaching.
      
      Instead of failing the entire operation when removal of the tap from
      the old bridge fails, this patch changes qemuDomainChangeNetBridge to
      just log a warning and continue, allowing a reasonable recover from
      the situation.
      
      (you'll appreciate this change if you ever accidentally destroy a
      network while your guests are still using it).
      9cf8734e
    • J
      spec: Include lockd files in libvirt-daemon package · b4f20d07
      Jiri Denemark 提交于
      b4f20d07
    • J
      build: Install both qemu-lockd.conf and qemu-sanlock.conf · 2e59e120
      Jiri Denemark 提交于
      With sanlock enabled, only one of those files was installed.
      2e59e120
    • E
      build: use fewer cat processes · c0a8056e
      Eric Blake 提交于
      * src/Makefile.am (libvirt.syms): Let cat loop for us.
      c0a8056e
    • J
      selinux: fix NULL dereference in GetSecurityMountOptions · b28fb61f
      Ján Tomko 提交于
      In the case of an OOM error in virDomainDefGetSecurityLabelDef, secdef
      is set to NULL, then dereferenced while printing the debug message.
      b28fb61f
    • J
      build: Distribute more files · 912a4e9c
      Jiri Denemark 提交于
      912a4e9c
    • J
      809473ba
    • L
      network: prevent dnsmasq from listening on localhost · d66eb786
      Laine Stump 提交于
      This patch resolves the problem reported in:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=886663
      
      The source of the problem was the fix for CVE 2011-3411:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=833033
      
      which was originally committed upstream in commit
      753ff83a. That commit improperly
      removed the "--except-interface lo" from dnsmasq commandlines when
      --bind-dynamic was used (based on comments in the latter bug).
      
      It turns out that the problem reported in the CVE could be eliminated
      without removing "--except-interface lo", and removing it actually
      caused each instance of dnsmasq to listen on localhost on port 53,
      which created a new problem:
      
      If another instance of dnsmasq using "bind-interfaces" (instead of
      "bind-dynamic") had already been started (or if another instance
      started later used "bind-dynamic"), this wouldn't have any immediately
      visible ill effects, but if you tried to start another dnsmasq
      instance using "bind-interfaces" *after* starting any libvirt
      networks, the new dnsmasq would fail to start, because there was
      already another process listening on port 53.
      
      (Subsequent to the CVE fix, another patch changed the network driver
      to put dnsmasq options in a conf file rather than directly on the
      dnsmasq commandline, but preserved the same options.)
      
      This patch changes the network driver to *always* add
      "except-interface=lo" to dnsmasq conf files, regardless of whether we use
      bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances
      are listening on localhost (and the CVE is still fixed).
      
      The actual code change is miniscule, but must be propogated through all
      of the test files as well.
      d66eb786