1. 28 6月, 2011 5 次提交
    • D
      Add a virSecurityManagerSetProcessFDLabel · 8e3c6fbb
      Daniel P. Berrange 提交于
      Add a new security driver method for labelling an FD with
      the process label, rather than the image label
      
      * src/libvirt_private.syms, src/security/security_apparmor.c,
        src/security/security_dac.c, src/security/security_driver.h,
        src/security/security_manager.c, src/security/security_manager.h,
        src/security/security_selinux.c, src/security/security_stack.c:
        Add virSecurityManagerSetProcessFDLabel & impl
      8e3c6fbb
    • D
      Rename virSecurityManagerSetFDLabel method · 4438c63e
      Daniel P. Berrange 提交于
      The virSecurityManagerSetFDLabel method is used to label
      file descriptors associated with disk images. There will
      shortly be a need to label other file descriptors in a
      different way. So the current name is ambiguous. Rename
      the method to virSecurityManagerSetImageFDLabel to clarify
      its purpose
      
      * src/libvirt_private.syms,
        src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
        src/security/security_apparmor.c, src/security/security_dac.c,
        src/security/security_driver.h, src/security/security_manager.c,
        src/security/security_manager.h, src/security/security_selinux.c,
        src/security/security_stack.c: s/FDLabel/ImageFDLabel/
      4438c63e
    • M
    • J
      qemu: Fix update device for CURRENT + FORCE flags · ad7b3276
      Jiri Denemark 提交于
      When CURRENT and FORCE flags were used together, UpdateDeviceFlags did
      nothing because it failed to transform CURRENT into either LIVE or
      CONFIG.
      ad7b3276
    • S
      nwfilter: Return error message about unresolvable variables · ecfbf795
      Stefan Berger 提交于
      This is in response to bugzilla 664629
      
      https://bugzilla.redhat.com/show_bug.cgi?id=664629
      
      The patch below returns an appropriate error message if the chain of
      nwfilters is found to contain unresolvable variables and therefore
      cannot be instantiated.
      
      Example: The following XMl added to a domain:
      
          <interface type='bridge'>
            <mac address='52:54:00:9f:80:45'/>
            <source bridge='virbr0'/>
            <model type='virtio'/>
            <filterref filter='test'/>
          </interface>
      
      that references the following filter
      
      <filter name='test' chain='root'>
        <filterref filter='clean-traffic'/>
        <filterref filter='allow-dhcp-server'/>
      </filter>
      
      now displays upon 'virsh start mydomain'
      
      error: Failed to start domain mydomain
      error: internal error Cannot instantiate filter due to unresolvable variable: DHCPSERVER
      
      'DHPCSERVER' is contained in allow-dhcp-server.
      ecfbf795
  2. 27 6月, 2011 7 次提交
  3. 25 6月, 2011 22 次提交
    • E
      build: avoid uninitialized variable · 2bebf938
      Eric Blake 提交于
      Caught by gcc -O2, during autobuild.sh.
      
      * src/qemu/qemu_driver.c (qemudDomainGetVcpupinInfo): Initialize vm.
      2bebf938
    • E
      build: fix VPATH builds · 481e4d79
      Eric Blake 提交于
      The build currently fails when trying to create virnetprotocol.c
      into $(builddir)/rpc, which doesn't exist.  But since the file
      is part of the tarball, it should be generated into $(srcdir).
      Caught by autobuild.sh.
      
      * src/Makefile.am (VIR_NET_RPC_GENERATED): Generate into srcdir.
      481e4d79
    • T
      vcpupin: add query option to virsh vcpupin command · e0858026
      Taku Izumi 提交于
      This patch teaches "virsh vcpupin" command to query if no list
      is given. Its feature is to show CPU affinity information in more
      reader-friendly way.
      
       # virsh vcpupin VM --config
       VCPU: CPU Affinity
       ----------------------------------
          0: 1-6,9-20
          1: 10
          2: 5,9-11,15-20
          3: 1,3,5,7,9,11,13,15
      
      When cpulist is omitted, vcpu number is optional. When vcpu number is
      provided, information of only specified vcpu is displayed.
      Signed-off-by: NTaku Izumi <izumi.taku@jp.fujitsu.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      e0858026
    • T
      vcpuinfo: add the code to fallback to try new API · ffb552eb
      Taku Izumi 提交于
      The "virsh vcpuinfo" command results in failure when the target domain
      is inactive on KVM. This patch improves this behavior by adding the
      fallback to invoke virDomainGetVcpupinInfo API in case of
      virDomainGetVcpus API returns error and the target domain is inactive.
      Signed-off-by: NTaku Izumi <izumi.taku@jp.fujitsu.com>
      ffb552eb
    • T
      vcpupin: implement the remote protocol to address the new API · 291162ab
      Taku Izumi 提交于
      This patch implements the remote protocol to address the new API
      (virDomainGetVcpupinInfo).
      Signed-off-by: NTaku Izumi <izumi.taku@jp.fujitsu.com>
      291162ab
    • T
      vcpupin: implement the code to support new API for the qemu driver · 96414c4e
      Taku Izumi 提交于
      This patch implements the code to address the new API (virDomainGetVcpupinInfo)
      in the qemu driver.
      Signed-off-by: NTaku Izumi <izumi.taku@jp.fujitsu.com>
      96414c4e
    • T
      vcpupin: introduce the new libvirt API (virDomainGetVcpupinInfo) · e261987c
      Taku Izumi 提交于
      This patch introduces a new libvirt API (virDomainGetVcpupinInfo),
      as a counterpart to virDomainPinVcpuFlags.
      
      We can use virDomainGetVcpus API to retrieve CPU affinity information,
      but can't use this API against inactive domains (at least in case of KVM),
      as it lacks a flags parameter.
      The usual thing is to add a new virDomainGetVcpusFlags, but that API name
      is already occupied by the counterpart to virDomainGetMaxVcpus, which
      has a completely different signature.
      
      The virDomainGetVcpupinInfo is the new API to retrieve CPU affinity
      information of active and inactive domains.  While the usual convention
      is to list an array before its length, this API violates that rule
      in order to be more like virDomainGetVcpus (where maxinfo was doing
      double-duty as the length of two different arrays).
      Signed-off-by: NTaku Izumi <izumi.taku@jp.fujitsu.com>
      e261987c
    • L
      docs: fix indentation of sub-elements of <ip> in network XML · 303133ee
      Laine Stump 提交于
      The sub-elements of <ip> had been placed at the same level of
      indentation as ip itself, implying that they were really elements of
      <network>. Within that, sub-elements of ip/dhcp were also at that same
      level. These have been double-indented.
      
      At the same time, I realized that the documentation for the new <dns>
      element had been placed right in the middle of the description of the
      sub-elements of <ip>. I moved it up out of the way.
      303133ee
    • E
      buf: protect against integer overflow · 4a27eb13
      Eric Blake 提交于
      It's unlikely that we'll ever want to escape a string as long as
      INT_MAX/6, but adding this check can't hurt.
      
      * src/util/buf.c (virBufferEscapeSexpr, virBufferEscapeString):
      Check for (unlikely) overflow.
      4a27eb13
    • E
      remote: protect against integer overflow · 774b21c1
      Eric Blake 提交于
      Integer overflow and remote code are never a nice mix.
      
      This has existed since commit 56cd4140.
      
      * src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
      * src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
      on sending rpc.
      * daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
      receiving rpc.
      774b21c1
    • E
      build: update gnulib for intprops · 89d994ad
      Eric Blake 提交于
      Done as a separate commit to make backporting the next patch easier.
      We are already using "intprops.h", but this makes it explicit.
      
      * .gnulib: Update, for syntax-check fix.
      * bootstrap.conf (gnulib_modules): Make intprops use explicit.
      * src/locking/domain_lock.c (includes): Drop unused header.
      * src/nwfilter/nwfilter_learnipaddr.c (includes): Use "", not <>,
      for gnulib.
      89d994ad
    • E
      build: avoid long line tests · 2abb4616
      Eric Blake 提交于
      'make syntax-check' regression introduced in commit 60b9c693.
      
      * tests/networkxml2argvdata/*.argv: Break long lines.
      2abb4616
    • M
    • M
      Fix typo in libvirt_private.syms · a800d66b
      Matthias Bolte 提交于
      Triggered a linker error on MinGW.
      a800d66b
    • M
      Network: Add support for DNS hosts definition to the network XML · 9d4e2845
      Michal Novotny 提交于
      This commit introduces names definition for the DNS hosts file using
      the following syntax:
      
        <dns>
          <host ip="192.168.1.1">
            <name>alias1</name>
            <name>alias2</name>
          </host>
        </dns>
      
      Some of the improvements and fixes were done by Laine Stump so
      I'm putting him into the SOB clause again ;-)
      Signed-off-by: NMichal Novotny <minovotn@redhat.com>
      Signed-off-by: NLaine Stump <laine@laine.org>
      9d4e2845
    • M
      91b7924e
    • M
      Network: Add regression tests for the command-line arguments · 60b9c693
      Michal Novotny 提交于
      The regression testing done by comparison of command-line
      generated from the network XML file and the expected
      command-line arguments (read from file).
      Signed-off-by: NMichal Novotny <minovotn@redhat.com>
      60b9c693
    • M
      Network: modify dnsmasq commandline build function to allow testing · 89ae9849
      Michal Novotny 提交于
      The dnsmasq commandline was being built as a part of running
      dnsmasq. This patch puts the commandline build into a separate
      function (and exports it as a private API) making it possible to build
      a dnsmasq commandline without executing it, so that we can write a
      test program to verify that the proper commandlines are being created.
      Signed-off-by: NMichal Novotny <minovotn@redhat.com>
      89ae9849
    • M
      Add TXT record support for virtual DNS service · 5dd986db
      Michal Novotny 提交于
      This commit introduces the <dns> element and <txt> record for the
      virtual DNS network. The DNS TXT record can be defined using following
      syntax in the network XML file:
      
        <dns>
          <txt name="example" value="example value" />
        </dns>
      
      Also, the Relax-NG scheme has been altered to allow the texts without
      spaces only for the name element and some nitpicks about memory
      free'ing have been fixed by Laine so therefore I'm adding Laine to the
      SOB clause ;-)
      Signed-off-by: NMichal Novotny <minovotn@redhat.com>
      Signed-off-by: NLaine Stump <laine@laine.org>
      5dd986db
    • M
      python: Don't declare Py_ssize_t for Python 2.6 · 9a48ed54
      Matthias Bolte 提交于
      Commit cd48c3f4 added a Py_ssize_t typedef for Python < 2.7.
      But Py_ssize_t was added in Python 2.5. This makes the build fail
      for Python 2.6.
      
      Adjust the check to match Python < 2.5 to fix this.
      9a48ed54
    • M
      tests: Improve IPv6 detection for virNetSocket tests · d772167f
      Matthias Bolte 提交于
      getifaddrs can return an IPv6 address, but getaddrinfo can fail
      for an IPv6 address. Cover this combination.
      d772167f
    • J
      Move load of AppArmor profile to GenLabel() · 0b501bd4
      Jamie Strandboge 提交于
      Commit 12317957 introduced an incompatible
      architectural change for the AppArmor security driver. Specifically,
      virSecurityManagerSetAllLabel() is now called much later in
      src/qemu/qemu_process.c:qemuProcessStart(). Previously, SetAllLabel() was
      called immediately after GenLabel() such that after the dynamic label (profile
      name) was generated, SetAllLabel() would be called to create and load the
      AppArmor profile into the kernel before qemuProcessHook() was executed. With
      12317957, qemuProcessHook() is now called
      before SetAllLabel(), such that aa_change_profile() ends up being called
      before the AppArmor profile is loaded into the kernel (via ProcessLabel() in
      qemuProcessHook()).
      
      This patch addresses the change by making GenLabel() load the AppArmor
      profile into the kernel after the label (profile name) is generated.
      SetAllLabel() is then adjusted to only reload_profile() and append stdin_fn to
      the profile when it is specified. This also makes the AppArmor driver work
      like its SELinux counterpart with regard to SetAllLabel() and stdin_fn.
      Bug-Ubuntu: https://launchpad.net/bugs/801569
      0b501bd4
  4. 24 6月, 2011 6 次提交