- 31 8月, 2012 12 次提交
-
-
由 Marcelo Cerri 提交于
To avoid backward compatibility issues, this patch suppresses auto-generated DAC labels from XML. This change affects commands such as dumpxml and save. Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
-
由 Marcelo Cerri 提交于
With this patch libvirt tries to assign a model to a single seclabel when model is missing. Libvirt will look up at host's capabilities and assign the first model to seclabel. This patch fixes: 1. The problem with existing guests that have a seclabel defined in its XML. 2. A XML parse error when a guest is restored. Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
-
由 Jiri Denemark 提交于
When domain XML contains any of the elements for setting up CPU scheduling parameters (period, quota, emulator_period, or emulator_quota) we need cpu cgroup to enforce the configuration. However, the existing code would just ignore silently such settings if either cgroups were not available at all cpu cgroup was not available. Moreover, APIs for manipulating CPU scheduler parameters were already failing if cpu cgroup was not available. This patch makes cpu cgroup mandatory for all domains that use CPU scheduling elements in their XML.
-
由 Guannan Ren 提交于
The variable max_id is initialized again in the step of getting cpu mapping variable map2. But in the next for loop we still expect original value of max_id, the bug will crash libvirtd when using on NUMA machine with big number of cpus.
-
由 Guannan Ren 提交于
-
由 Guannan Ren 提交于
On NUMA machine, the length of string got from file cpuacct.usage_percpu is quite large, so expand the limit of 1024 bytes. errors like: Failed to read file \ '/cgroup/cpuacct/libvirt/qemu/rhel6q/cpuacct.usage_percpu': \ Value too large for defined data type
-
由 Stefan Berger 提交于
Adapt the IP learning code to also accept broadcasted DHCP replies
-
由 Stefan Berger 提交于
Some DHCP servers send their DHCP replies to the broadcast MAC address rather than to the MAC address of the VM. The existing DHCP snooping code assumes that the reply always goes to the MAC address of the VM thus filtering the traffic of some DHCP servers' replies. The below patch adapts the code to 1) filter DHCP replies by comparing the MAC address in the reply against the MAC address of the VM (held in the snoop request) 2) adapts the pcap filter for traffic towards the VM to accept DHCP replies sent to any MAC address; for further filtering we rely on 1) 3) creates initial rules that are active while waiting for DHCP replies; these rules now accept DHCP replies to the VM's MAC address or to the MAC broadcast address
-
由 Stefan Berger 提交于
Add function for testing for Ethernet broadcast address
-
由 Kyle Mestery 提交于
The introduction of the new VLAN code, along with the fix from 5e465df6, caused the addition of OVS ports to fail with the following message: ovs-vsctl: 00002|vsctl|ERR|: missing column name This fix takes into account the VLAN arguments are optional, and correctly sets up the command line to run the "ovs-vsctl" command to add ports to the OVS bridge. Signed-off-by: NKyle Mestery <kmestery@cisco.com> CC: Eric Blake <eblake@redhat.com>
-
由 Nishank Trivedi 提交于
If a 8021.Qbh network device supports SRIOV and its VF is being used in pci passthrough mode, when the guest is shutdown or destroyed, the PF inteface is also brought down. qemuDomainHostdevNetConfigRestore() finds out the PF for provided hostdev (which is VF) and passes it to virNetDevPortProfileDisassociate() as linkdev. Later, linkdev gets passed to virNetDevSetOnline() where the interface is brought down by clearing IFF_UP flag. Bringing down a PF, when only VF is being brought down is not expected behavior. This patch adds a check so that virNetDevSetOnline() is called only for PF and not if device is a VF. Signed-off-by: NNishank Trivedi <nistrive@cisco.com>
-
由 Stefan Berger 提交于
The loop processing the trusted DHCP server generated one too many rules and added one final rules that accepted responses from all DHCP servers. Below patch fixes this.
-
- 30 8月, 2012 11 次提交
-
-
由 Peter Krempa 提交于
Recent changes in the security driver discarded changes that fixed labeling un-confined guests.
-
由 Peter Krempa 提交于
virDomainVcpuPinAdd does a realloc on vcpupin_list if the new vcpu pin definition doesn't fit into the array. The list is an array of pointers but the function definition didn't support returning the changed pointer to the caller if it was realloced. This caused segfaults if realloc would change the base pointer.
-
由 Peter Krempa 提交于
virDomainVcpuPinDefCopy when the control flow reaches out of memory cleanup code, the flow would end in a infinite loop as the loop variable wasn't decremented. Also a dereference of NULL pointers was possible if allocation of the Vcpu pinning definiton structure failed.
-
由 Peter Krempa 提交于
Commit d0c0e79a left behind some dead code (hasDAC can't be efectively set to true, because virSecurityManagerNew fails to load the "dac" driver). This patch also enhances the condition for adding the default auto-detected security manager if the manager array is allocated but empty. Also the configuration file for qemu driver still contains reference to the DAC driver that can't be enabled manualy.
-
由 Jiri Denemark 提交于
Before commit 05447e3a, qemuAgentCommand blocked until it got a reply or appropriate event. When new parameter was added to qemuAgentCommand in the above commit, all existing callers of it were updated in a wrong way changing them from blocking to 5-seconds timeout.
-
由 Jiri Denemark 提交于
The @timeout parameter of qemuAgentSend is both redundant and confusing. This patch should not result in any functional changes.
-
由 Laine Stump 提交于
This bug was revealed by the crash described in https://bugzilla.redhat.com/show_bug.cgi?id=852383 The vlan info pointer sent to virNetDevOpenvswitchAddPort should never be non-NULL unless there is at least one tag. The factthat such a vlan info pointer was receveid pointed out that a caller was passing the wrong pointer. Instead of sending &net->vlan, the result of virDomainNetGetActualVlan(net) should be sent - that function will look for vlan info in net->data.network.actual->vlan, and in cany case return NULL instead of a pointer if the vlan info it finds has no tags. Aside from causing the crash, sending a hardcoded &net->vlan has the effect of ignoring vlan info from a <network> or <portgroup> config.
-
由 Daniel Veillard 提交于
As pointed by Eric Blake
-
由 Kyle Mestery 提交于
Fixup buffer usage when handling VLANs. Also fix the logic used to determine if the virNetDevVlanPtr is valid or not. Fixes crashes in the latest code when using Open vSwitch virtualports. Signed-off-by: NKyle Mestery <kmestery@cisco.com>
-
由 Osier Yang 提交于
As the next boot doesn't have to worry about the previous numa params setting (there is no).
-
由 Daniel P. Berrange 提交于
If no 'security_driver' config option was set, then the code just loaded the 'dac' security driver. This is a regression on previous behaviour, where we would probe for a possible security driver. ie default to SELinux if available. This changes things so that it 'security_driver' is not set, we once again do probing. For simplicity we also always create the stack driver, even if there is only one driver active. The desired semantics are: - security_driver not set -> probe for selinux/apparmour/nop -> auto-add DAC driver - security_driver set to a string -> add that one driver -> auto-add DAC driver - security_driver set to a list -> add all drivers in list -> auto-add DAC driver It is not allowed, or possible to specify 'dac' in the security_driver config param, since that is always enabled. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 29 8月, 2012 12 次提交
-
-
由 Peter Krempa 提交于
The security driver loading code in qemu has a flaw that causes it to register the DAC security driver twice. This causes problems (machines unable to start) as the two DAC drivers clash together. This patch refactors the code to allow loading the DAC driver even if its specified in configuration (it can't be registered as a common security driver), and does not add the driver twice.
-
由 Peter Krempa 提交于
This reverts commit 9f9b7b85. The DAC security driver needs special handling and extra parameters and can't just be added to regular security drivers.
-
由 Jiri Denemark 提交于
If cgroups are enabled in general but cpu cgroup is disabled in qemu.conf or not mounted at all, libvirt would refuse to start any domain even though scheduler parameters are not set in domain XML. This patch makes cpu cgroup mandatory only for domains that actually want to use it.
-
由 Alex Jia 提交于
* src/security/security_dac.c: remove useless dead code. Signed-off-by: NAlex Jia <ajia@redhat.com>
-
由 Peter Krempa 提交于
To silence error if DBus support is not compiled in.
-
由 Guido Günther 提交于
Fedora uses gawk as awk so there's no change and in behavior while Debian/Ubuntu use mawk by default. This was reported by Luca Capello in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636712
-
由 Alex Jia 提交于
* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort): avoid libvirtd crash due to derefing a NULL virtVlan->tag. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=852383Signed-off-by: NAlex Jia <ajia@redhat.com>
-
由 Osier Yang 提交于
To keep the internal data structure consistent.
-
由 Peter Krempa 提交于
As in the previous commit, images are also chowned to uninitialised uid and gid if the label is not present.
-
由 Peter Krempa 提交于
When starting a machine the DAC security driver tries to set the UID and GID of the newly spawned process. This worked as desired if the desired label was set. When the label was missing a logical bug in virSecurityDACGenLabel() caused that uninitialised values were used as uid and gid for the new process. With this patch, default values (from qemu driver configuration) are used if the label is not found.
-
由 Peter Krempa 提交于
When no DAC "label" was requested for a domain the DAC manager tried to strdup a NULL string causing a segfault.
-
由 Peter Krempa 提交于
getpwuid_r returns success but sets the return structure to NULL when it fails to deliver data about the requested uid. In our helper code this created following strange error messages: " ... cannot getpwuid_r(1234): Success" This patch creates a more helpful message: " ... getpwuid_r failed to retrieve data for uid '1234'"
-
- 28 8月, 2012 5 次提交
-
-
由 Osier Yang 提交于
* src/conf/domain_conf.c: Use STREQ_NULLABLE instead of STREQ, as def->seclables[i]->model could be NULL.
-
由 Michal Privoznik 提交于
Previous commit 0b4b53bb defined 'inline' to prevent broken build on systems with libnl1 headers. However, it broke build on systems with libnl3 headers. Therefore we must make that fix conditional.
-
由 Eric Blake 提交于
Ubuntu 10.04 shipped with out-of-the-box libnl1 headers, which assumed the old gcc semantics of 'extern inline' as a C89 extension: the function will _always_ be inline if it is used, and that it may be declared extern inline in headers without a definition, as long as the definition occurs before any use. But when C99 added 'extern inline' as a mandatory feature of the language, with slightly different semantics than gcc (the function MUST have external linkage, and the inline definition MUST be present alongside any declaration, where the compiler can then choose which of the two versions to use), this rendered the use of 'inline' in libnl's header obsolete. Most distros already solved this by removing 'inline' (the resulting 'extern' is correct, regardless of gcc semantics), and libnl-3 does not have the problem (where it has switched to 'static inline' instead, again with the definition present, and again, our hack will result in plain 'static' with no ill effects). But for the case of building out of the box, we hack around the broken Ubuntu header. * src/util/virnetlink.h: Work around libnl issue.
-
由 Michal Privoznik 提交于
With current flow in qemudDomainDefine we might lose data when updating an existing domain. We parse given XML and overwrite the configuration. Then we try to save the new config. However, this step may fail and we don't perform any roll back. In fact, we remove the domain from the list of domains held up by qemu driver. This is okay as long as the domain was brand new one.
-
由 Michal Privoznik 提交于
Currently, if a syscall in qemu_agent.c fails we report an internal error even though we should be reporting a system error.
-