- 30 8月, 2019 5 次提交
-
-
由 Michal Privoznik 提交于
There are some network file systems that do support XATTRs (e.g. gluster via FUSE). And they appear to support SELinux too. However, not really. Problem is, that it is impossible to change SELinux label of a file stored there, and yet we claim success (rightfully - hypervisor succeeds in opening the file). But this creates a problem for us - from XATTR bookkeeping POV, we haven't changed the label and thus if we remembered any label, we must roll back and remove it. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740506Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Michal Privoznik 提交于
This function is no longer needed because after previous commits it's just an alias to virSecuritySELinuxSetFilecon. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Michal Privoznik 提交于
Now, that we don't need to remember if setting context is 'optional' (the argument only made virSecuritySELinuxSetFileconImpl() return a different success code), we can drop it from the _virSecuritySELinuxContextItem structure as we don't need to remember it in transactions. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Michal Privoznik 提交于
There is no real difference between virSecuritySELinuxSetFilecon() and virSecuritySELinuxSetFileconOptional(). Drop the latter in favour of the former. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Michal Privoznik 提交于
The only thing that the @optional argument does is that it makes the function return 1 instead of 0 if setting SELinux context failed in a non-critical fashion. Drop the argument then and return 1 in that case. This enables caller to learn if SELinux context was set or not. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 29 8月, 2019 9 次提交
-
-
由 Peter Krempa 提交于
As qemu documents we should use everything in the 'props' sub-object of the data returned by query-hotpluggable-cpus. Until now we only used everything we recognized, but that may break in cases when qemu introduces new fields. This change requires a fix to the test data as some fields were reordered. https://bugzilla.redhat.com/show_bug.cgi?id=1741658Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
In addition to the data that libvirt needs and extracts internally, copy and store the whole 'props' JSON sub-object of the data returned by query-hotpluggable-cpus for future use. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Jonathon Jongsma 提交于
On error paths, info_ret could potentially leak. Make sure it's freed. Signed-off-by: NJonathon Jongsma <jjongsma@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Nikolay Shirokovskiy 提交于
After 7cfb7aab commit starting a domain pullutes logs with warnings like [1]. The reason is resource files do not have timestamp before starting a domain and after destroying domain the timestamp is cleared. Let's check the timestamp only if attribute with refcounter is found. [1] warning : virSecurityValidateTimestamp:198 : Invalid XATTR timestamp detected on \ /some/path secdriver=dac Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Daniel P. Berrangé 提交于
Use the templates at https://github.com/terinjokes/StickerConstructorSpec to provide square and hexagon logos for libvirt, suitable for printing as stickers. Reviewed-by: NErik Skultety <eskultet@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Jonathon Jongsma 提交于
It appears that all commands were originally fully in alphabetical order but as new commands were added, they were sometimes inserted out of order. Fix up all domain commands so that they're in alphabetical order again. Signed-off-by: NJonathon Jongsma <jjongsma@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Jonathon Jongsma 提交于
The 'guestinfo' command uses the new virDomainGetGuestInfo() API to query information about the specified domain and print it out for the user. The output is modeled roughly on the 'domstats' command. Signed-off-by: NJonathon Jongsma <jjongsma@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Jonathon Jongsma 提交于
When we're collecting guest information, older agents may not support all agent commands. In the case where the user requested all info types (i.e. types == 0), ignore unsupported command errors and gather as much information as possible. If the agent command failed for some other reason, or if the user explciitly requested a specific info type (i.e. types != 0), abort on the first error. Signed-off-by: NJonathon Jongsma <jjongsma@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Jonathon Jongsma 提交于
Due to a typo, some of the field names didn't have closing quotes, the information about the hostname was omitted and there was an empty line missing after filesystem info description (which helps our docs generator produce better looking HTML). Signed-off-by: NJonathon Jongsma <jjongsma@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 28 8月, 2019 13 次提交
-
-
由 Jim Fehlig 提交于
Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Michal Privoznik 提交于
According to HTML specification, <a name=''> works in HTML4, but <a id=''> works in both HTML4 and HTML5. This is followed even in docs/page.xsl where HTML bookmark links are generated only for those anchors which have @id attribute. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Boris Fiuczynski 提交于
Add support to specify a boot order on vfio-ccw passthrough devices. Reviewed-by: NMarc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: NBjoern Walk <bwalk@linux.ibm.com> Signed-off-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Boris Fiuczynski 提交于
Refactoring the method signatures in preparation for checking boot index of the mediated devices. Reviewed-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMarc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: NBjoern Walk <bwalk@linux.ibm.com> Signed-off-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Boris Fiuczynski 提交于
Changing the error messages to report the problem encountered. Reviewed-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMarc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: NBjoern Walk <bwalk@linux.ibm.com> Signed-off-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Boris Fiuczynski 提交于
Moving the hostdev boot support validation from the command line generator code into the domain validation code. Reviewed-by: NMarc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: NBjoern Walk <bwalk@linux.ibm.com> Signed-off-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Boris Fiuczynski 提交于
Adding a failure test for booting from a vhost scsi hostdev device. Reviewed-by: NMarc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: NBjoern Walk <bwalk@linux.ibm.com> Signed-off-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Boris Fiuczynski 提交于
Reviewed-by: NMarc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: NBjoern Walk <bwalk@linux.ibm.com> Signed-off-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
At two places we are open coding xdr_free(): remoteRelayDomainEventTunable() and remoteRelayDomainEventJobCompleted(). Bot of these functions use make_nonnull_domain() to put domain IDs tuple into return structure and then continue encoding the rest of structure. If that fails, they call VIR_FREE() directly. While this okay, we should use xdr_free() which frees the whole return structure for us. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Michal Privoznik 提交于
If there's a problem in encoding @ret (for instance virTypedParamsSerialize() fails) then @ret is leaked. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Michal Privoznik 提交于
The same way we check for limits when decoding typed parameters (virTypedParamsDeserialize()) we should do the same check when serializing them so that we don't put onto the wire more than our limits allow. Surprisingly, we were doing so explicitly in some places but not all of them. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com> Reviewed-by: NJonathon Jongsma <jjongsma@redhat.com>
-
由 Michal Privoznik 提交于
The return structure is a bit complicated and that's why it is very easy to check for RPC limits incorrectly. The structure is an array of remote_domain_stats_record structures with the limit of REMOTE_DOMAIN_LIST_MAX. The latter structure then poses a different limit on typed params: REMOTE_CONNECT_GET_ALL_DOMAIN_STATS_MAX (which is what we are checking for mistakenly). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com> Reviewed-by: NJonathon Jongsma <jjongsma@redhat.com>
-
由 Jim Fehlig 提交于
Commit f15789ec added support for setting postcopy migration bandwidth to the migrate subcommand. This change does the same for precopy migration. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 27 8月, 2019 13 次提交
-
-
由 Michal Privoznik 提交于
If a libvirt error occurred during a test, then virTestRun() reports it (regardless of test returning success or failure). For instance, in this specific case, a hostdev is detached twice and the second attempt is expected to fail. It does fail and libvirt error is reported which is then printed onto stderr. Insert virResetLastError() calls on appropriate places to avoid that. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
There's no need to have VIR_DEBUG() really. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
The virTestRun() already reports the same. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
In this test there is this macro CHECK_LIST_COUNT() which checks if a list of PCI devices contains expected count. If it doesn't an error is reported and 'goto cleanup' is invoked. There's no real reason for that as even since its introduction there is no cleanup done and all 'cleanup' labels contain nothing but 'return'. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
There are few functions called from the test which return an integer but their retval is compared as if it was a pointer. Now, there is nothing wrong with that from machine POV, but from readability perspective it's wrong. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
Similarly to the previous commit, VIR_TEST_VERBOSE should put '\n' at the end of each call so that the output is not broken. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
There is an inconsistency with VIR_TEST_DEBUG() calls. One half (roughly) of calls does have the newline character the other one doesn't. Well, it doesn't have it because it assumed blindly that new line will be printed, which is not the case. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
Introduced in v3.0.0-rc1~336, the commit message doesn't really justifies the expensive domain def copy creation. Now, that vm->def is guarded in this function by job acquirement we can use vm->def directly. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
These two functions work with vm->def in their critical sections (i.e. after the job was acquired and before it is released). But that means, they need QUERY domain job too to prevent vm->def change. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Daniel P. Berrangé 提交于
The remote client invokes the 'nc' binary on the remote server to tunnel access to the socket. As such the 'nc' binary needs to be pulled in only by the libvirt-daemon sub-RPM, not the libvirt-client sub-RPM. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The 'nc' RPM does not in fact exist anymore, this is a virtual provide from the nmap-ncat RPM which the maintainer wishes to delete. Change the dep to use the actual binary path we want to invoke. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Currently during RPM upgrade we restart libvirtd and unconditionally enable use of systemd socket activation for the UNIX sockets. If the user had previously given the --listen arg to libvirtd though, this will no longer be honoured if socket activation is used. We could start libvirtd-tcp.socket or libvirtd-tls.socket for this, but mgmt tools like puppet/ansible might not be expecting this. So for now we silently disable socket activation if we see --listen was previously set on the host. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-