- 31 10月, 2013 5 次提交
-
-
由 Hongwei Bi 提交于
Fix the if statement coding style. Signed-off-by: NHongwei Bi <hwbi2008@gmail.com>
-
由 Eric Blake 提交于
Using size_t counts will let us use VIR_APPEND_ELEMENT and friends. * src/conf/storage_conf.h (_virStoragePoolObjList) (_virStorageVolDefList): Track list sizes with size_t. * src/storage/storage_backend_rbd.c (virStorageBackendRBDRefreshPool): Fix type fallout. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
To make it easier to forbid future attempts at a confusing typedef name ending in Ptr that isn't actually a pointer, insist that we follow our preferred style of 'typedef foo *fooPtr'. * cfg.mk (sc_forbid_const_pointer_typedef): Enforce consistent style, to prevent issue fixed in previous storage patch. * src/conf/capabilities.h (virCapsPtr): Fix offender. * src/security/security_stack.c (virSecurityStackItemPtr): Likewise. * tests/qemucapabilitiestest.c (testQemuDataPtr): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Claudio Bley 提交于
By indenting code inside of comments, it gets recognized as a code block when generating the HTML documentation.
-
由 Claudio Bley 提交于
See libvirt-libvirt.html#virStreamSend for the effect.
-
- 30 10月, 2013 6 次提交
-
-
由 Daniel P. Berrange 提交于
The following sequence 1. Define a persistent QMEU guest 2. Start the QEMU guest 3. Stop libvirtd 4. Kill the QEMU process 5. Start libvirtd 6. List persistent guests At the last step, the previously running persistent guest will be missing. This is because of a race condition in the QEMU driver startup code. It does 1. Load all VM state files 2. Spawn thread to reconnect to each VM 3. Load all VM config files Only at the end of step 3, does the 'virDomainObjPtr' get marked as "persistent". There is therefore a window where the thread reconnecting to the VM will remove the persistent VM from the list. The easy fix is to simply switch the order of steps 2 & 3. In addition to this though, we must only attempt to reconnect to a VM which had a non-zero PID loaded from its state file. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The 'error' cleanup block in qemuProcessReconnect() had a 'return' statement in the middle of it. This caused a leak of virConnectPtr & virQEMUDriverConfigPtr instances. This was identified because netcf recently started checking its refcount in libvirtd shutdown: netcfStateCleanup:109 : internal error: Attempt to close netcf state driver with open connections Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
virDomainObjListLoadAllConfigs sets dom->persistent after having released its lock on the domain object. This exposes a possible race condition. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 John Ferlan 提交于
To ensure proper processing by virGetUserID() and virGetGroupID() of a uid/gid add a "+" prior to the uid/gid to denote it's really a uid/gid for the label.
-
由 Eric Blake 提交于
The rbd code had a confusing typedef ending in Ptr that was not actually a pointer, which made the rest of the code harder to read. This fixes things to actually pass by pointer rather than by copy. * src/storage/storage_backend_rbd.c (virStorageBackendStatePtr): Fix typedef. (virStorageBackendRBDOpenRADOSConn) (virStorageBackendRBDCloseRADOSConn) (volStorageBackendRBDRefreshVolInfo) (virStorageBackendRBDRefreshPool, virStorageBackendRBDDeleteVol) (virStorageBackendRBDCreateVol, virStorageBackendRBDRefreshVol) (virStorageBackendRBDResizeVol): Fix fallout. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
Commit 64a68a4a introduced a typo in the initialization of the apparmor driver structure breaking the build with apparmor enabled.
-
- 29 10月, 2013 5 次提交
-
-
由 Michael Chapman 提交于
When adding an automatically allocated port to a well-formed migration URI, keep it well-formed: tcp://1.2.3.4/ -> tcp://1.2.3.4/:12345 # wrong tcp://1.2.3.4/ -> tcp://1.2.3.4:12345/ # fixed tcp://1.2.3.4 -> tcp://1.2.3.4:12345 # still works tcp:1.2.3.4 -> tcp:1.2.3.4:12345 # still works (old syntax) Signed-off-by: NMichael Chapman <mike@very.puzzling.org>
-
由 Gao feng 提交于
Introduced by commit 0f31f7b7. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Giuseppe Scrivano 提交于
Expand the "secmodel" XML fragment of "host" with a sequence of baselabel's which describe the default security context used by libvirt with a specific security model and virtualization type: <secmodel> <model>selinux</model> <doi>0</doi> <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel> <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel> </secmodel> <secmodel> <model>dac</model> <doi>0</doi> <baselabel type='kvm'>107:107</baselabel> <baselabel type='qemu'>107:107</baselabel> </secmodel> "baselabel" is driver-specific information, e.g. in the DAC security model, it indicates USER_ID:GROUP_ID. Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Giuseppe Scrivano 提交于
virSecurityManagerGetBaseLabel queries the default settings used by a security model. Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com>
-
由 Giuseppe Scrivano 提交于
Merge the functions 'virSecurityDACSetUser' and 'virSecurityDACSetGroup' into 'virSecurityDACSetUserAndGroup'. Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com>
-
- 28 10月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
The lxcContainerSetID() method prints a misleading log message about setting the uid/gid when no ID map is present in the XML config. Skip the debug message in this case. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 24 10月, 2013 2 次提交
-
-
由 John Ferlan 提交于
Commit '922b7fda' resulted in two DEADCODE warnings from Coverity in remoteDispatchAuthPolkit and virAccessDriverPolkitFormatProcess. Commit '604ae657' modified the daemon.c code to remove the deadcode issue, but did not do so for viracessdriverpolkit.c. This just mimics the same changes
-
由 Martin Kletzander 提交于
According to the following valgrind output, there seems to be a invalid limit for the iterator (captured on Fedora 19): ==3945== Invalid read of size 1 ==3945== at 0x1E1FA410: libxlVmStart (libxl_driver.c:475) ==3945== by 0x1E1FAD9A: libxlDomainCreateWithFlags (libxl_driver.c:2633) ==3945== by 0x5187D46: virDomainCreate (libvirt.c:9439) ==3945== by 0x13BAA6: remoteDispatchDomainCreateHelper (remote_dispatch.h:2910) ==3945== by 0x51DE5B9: virNetServerProgramDispatch (virnetserverprogram.c:435) ==3945== by 0x51D93E7: virNetServerHandleJob (virnetserver.c:165) ==3945== by 0x50F5BF4: virThreadPoolWorker (virthreadpool.c:144) ==3945== by 0x50F5670: virThreadHelper (virthreadpthread.c:161) ==3945== by 0x8046C52: start_thread (pthread_create.c:308) ==3945== by 0x8758E1C: clone (clone.S:113) ==3945== Address 0x23424d81 is 0 bytes after a block of size 1 alloc'd ==3945== at 0x4A08121: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==3945== by 0x50B1F8C: virAllocN (viralloc.c:189) ==3945== by 0x1E1FA3CA: libxlVmStart (libxl_driver.c:468) ==3945== by 0x1E1FAD9A: libxlDomainCreateWithFlags (libxl_driver.c:2633) ==3945== by 0x5187D46: virDomainCreate (libvirt.c:9439) ==3945== by 0x13BAA6: remoteDispatchDomainCreateHelper (remote_dispatch.h:2910) ==3945== by 0x51DE5B9: virNetServerProgramDispatch (virnetserverprogram.c:435) ==3945== by 0x51D93E7: virNetServerHandleJob (virnetserver.c:165) ==3945== by 0x50F5BF4: virThreadPoolWorker (virthreadpool.c:144) ==3945== by 0x50F5670: virThreadHelper (virthreadpthread.c:161) ==3945== by 0x8046C52: start_thread (pthread_create.c:308) ==3945== by 0x8758E1C: clone (clone.S:113) ==3945== Related: https://bugzilla.redhat.com/show_bug.cgi?id=1013045Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 23 10月, 2013 1 次提交
-
-
由 Hongwei Bi 提交于
Currently, we ignore whether dnsmasqCapsRefresh succeeds or fails. We shouldn't do that as we may generate wrong dnsmasq command line (what is done just a few lines below). Signed-off-by: NHongwei Bi <hwbi2008@gmail.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 22 10月, 2013 4 次提交
-
-
由 Doug Goldstein 提交于
While LOCAL_PEERCRED on the BSDs does not return the pid information of the peer, Mac OS X 10.8 added LOCAL_PEERPID to retrieve the pid so we should use that when its available to get that information.
-
由 Michal Privoznik 提交于
There are still two places where we are using 1bit width unsigned integer to store a boolean. There's no real need for this and these occurrences can be replaced with 'bool'. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Jim Fehlig 提交于
After commit 3e2f27e1, I've noticed build failures of virt-login-shell when libapparmor-devel is installed on the build host CCLD virt-login-shell ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec': /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile' collect2: error: ld returned 1 exit status I was about to commit an easy fix under the build-breaker rule (build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it makes sense (build-fix-2.patch). Should I just stick with the simple fix, or is something along the lines of patch 2 preferred? Regards, Jim >From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001 From: Jim Fehlig <jfehlig@suse.com> Date: Mon, 21 Oct 2013 15:30:02 -0600 Subject: [PATCH] build: fix virt-login-shell build with apparmor With libapparmor-devel installed, virt-login-shell fails to link CCLD virt-login-shell ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec': /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile' collect2: error: ld returned 1 exit status Fix by linking libvirt_setuid_rpc_client with previously determined SECDRIVER_LIBS in src/Makefile.am. While at it, introduce SECDRIVER_CFLAGS and use both throughout src/Makefile.am where it makes sense. Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Ryota Ozaki 提交于
HW_PHYSMEM is available on Mac OS X as well as FreeBSD, however, its resulting value for Mac OS X is 32 bits. Mac OS X provides HW_MEMSIZE that is 64 bits version of HW_PHYSMEM. We have to use it. I tested the patch on Mac OS X 10.6.8, 10.7.4, 10.8.5 and FreeBSD 9.2. Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com>
-
- 21 10月, 2013 15 次提交
-
-
由 Laine Stump 提交于
This patch (and the two patches that precede it) resolve: https://bugzilla.redhat.com/show_bug.cgi?id=1005682 When libvirt was changed to delay the final cleanup of device removal until the qemu process had signaled it with a DEVICE_DELETED event for that device, the hostdev removal function (qemuDomainRemoveHostDevice()) was written to properly handle the removal of a hostdev that was actually an SRIOV virtual function (defined with <interface type='hostdev'>). However, the function used to search for a device matching the alias name provided in the DEVICE_DELETED message (virDomainDefFindDevice()) would search through the list of netdevs before hostdevs, so qemuDomainRemoveHostDevice() was never called; instead the netdev function, qemuDomainRemoveNetDevice() (which *doesn't* properly cleanup after removal of <interface type='hostdev'>), was called. (As a reminder - each <interface type='hostdev'> results in a virDomainNetDef which contains a virDomainHostdevDef having a parent type of VIR_DOMAIN_DEVICE_NET, and parent.data.net pointing back to the virDomainNetDef; both Defs point to the same device info object (and the info contains the device's "alias", which is used by qemu to identify the device). The virDomainHostdevDef is added to the domain's hostdevs list *and* the virDomainNetDef is added to the domain's nets list, so searching either list for a particular alias will yield a positive result.) This function modifies the qemuDomainRemoveNetDevice() to short circuit itself and call qemu DomainRemoveHostDevice() instead when the actual device is a VIR_DOMAIN_NET_TYPE_HOSTDEV (similar logic to what is done in the higher level qemuDomainDetachNetDevice()) Note that even if virDomainDefFindDevice() changes in the future so that it finds the hostdev entry first, the current code will continue to work properly.
-
由 Laine Stump 提交于
pure code movement to setup for next patch.
-
由 Laine Stump 提交于
This function was called in three places, and in each the call was qualified by a slightly different conditional. In reality, this function should only be called for a hostdev if all of the following are true: 1) mode='subsystem' 2) type='pci' 3) there is a parent device definition which is an <interface> (VIR_DOMAIN_DEVICE_NET) We can simplify the callers and make them more consistent by checking these conditions at the top ov qemuDomainHostdevNetConfigRestore and returning 0 if one of them isn't satisfied. The location of the call to qemuDomainHostdevNetConfigRestore() has also been changed in the hot-plug case - it is moved into the caller of its previous location (i.e. from qemuDomainRemovePCIHostDevice() to qemuDomainRemoveHostDevice()). This was done to be more consistent about which functions pay attention to whether or not this is one of the special <interface> hostdevs or just a normal hostdev - qemuDomainRemoveHostDevice() already contained a call to networkReleaseActualDevice() and virDomainNetDefFree(), so it makes sense for it to also handle the resetting of the device's MAC address and vlan tag (which is what's done by qemuDomainHostdevNetConfigRestore()).
-
由 Daniel P. Berrange 提交于
Avoid people introducing security flaws in their apps by forbidding the use of libvirt.so in setuid programs, with a check in virInitialize. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Most of the usage of getuid()/getgid() is in cases where we are considering what privileges we have. As such the code should be using the effective IDs, not real IDs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
We already have stubs for getuid, geteuid, getgid but not for getegid. Something in gnulib already does a check for it during configure, so we already have the HAVE_GETEGID macro defined. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
We don't want setuid programs automatically spawning libvirtd, so disable any use of autostart when setuid. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
We don't know enough about quality of external libraries used for non-UNIX transports, nor do we want to spawn external commands when setuid. Restrict to the bare minimum which is UNIX transport for local usage. Users shouldn't need to be running setuid if connecting to remote hypervisors in any case. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The use of getenv is typically insecure, and we want people to use our wrappers, to force them to think about setuid needs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Unconditional use of getenv is not secure in setuid env. While not all libvirt code runs in a setuid env (since much of it only exists inside libvirtd) this is not always clear to developers. So make all the code paranoid, even if it only ever runs inside libvirtd. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
When running setuid, we must be careful about what env vars we allow commands to inherit from us. Replace the virCommandAddEnvPass function with two new ones which do filtering virCommandAddEnvPassAllowSUID virCommandAddEnvPassBlockSUID And make virCommandAddEnvPassCommon use the appropriate ones Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The libvirt.so library has far too many library deps to allow linking against it from setuid programs. Those libraries can do stuff in __attribute__((constructor) functions which is not setuid safe. The virt-login-shell needs to link directly against individual files that it uses, with all library deps turned off except for libxml2 and libselinux. Create a libvirt-setuid-rpc-client.la library which is linked to by virt-login-shell. A config-post.h file allows this library to disable all external deps except libselinux and libxml2. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
We must not allow file/syslog/journald log outputs when running setuid since they can be abused to do bad things. In particular the 'file' output can be used to overwrite files. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Care must be taken accessing env variables when running setuid. Introduce a virGetEnvAllowSUID for env vars which are safe to use in a setuid environment, and another virGetEnvBlockSUID for vars which are not safe. Also add a virIsSUID helper method for any other non-env var code to use. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virConnectDomainXMLToNative API should require 'connect:write' not 'connect:read', since it will trigger execution of the QEMU binaries listed in the XML. Also make virConnectDomainXMLFromNative API require a full read-write connection and 'connect:write' permission. Although the current impl doesn't trigger execution of QEMU, we should not rely on that impl detail from an API permissioning POV. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 19 10月, 2013 1 次提交
-
-
由 Geoff Hickey 提交于
The meaning of one line of code was accidentally inverted. Signed-off-by: NEric Blake <eblake@redhat.com>
-