1. 11 1月, 2012 4 次提交
    • D
      Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr · 99be754a
      Daniel P. Berrange 提交于
      When sVirt is integrated with the LXC driver, it will be neccessary
      to invoke the security driver APIs using only a virDomainDefPtr
      since the lxc_container.c code has no virDomainObjPtr available.
      Aside from two functions which want obj->pid, every bit of the
      security driver code only touches obj->def. So we don't need to
      pass a virDomainObjPtr into the security drivers, a virDomainDefPtr
      is sufficient. Two functions also gain a 'pid_t pid' argument.
      
      * src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
        src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
        src/security/security_apparmor.c,
        src/security/security_dac.c,
        src/security/security_driver.h,
        src/security/security_manager.c,
        src/security/security_manager.h,
        src/security/security_nop.c,
        src/security/security_selinux.c,
        src/security/security_stack.c: Change all security APIs to use a
        virDomainDefPtr instead of virDomainObjPtr
      99be754a
    • E
      snapshot: allow reuse of existing files in disk snapshot · 4e9953a4
      Eric Blake 提交于
      When disk snapshots were first implemented, libvirt blindly refused
      to allow an external snapshot destination that already exists, since
      qemu will blindly overwrite the contents of that file during the
      snapshot_blkdev monitor command, and we don't like a default of
      data loss by default.  But VDSM has a scenario where NFS permissions
      are intentionally set so that the destination file can only be
      created by the management machine, and not the machine where the
      guest is running, so that libvirt will necessarily see the destination
      file already existing; adding a flag will allow VDSM to force the file
      reuse without libvirt complaining of possible data loss.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=767104
      
      * include/libvirt/libvirt.h.in (virDomainSnapshotCreateFlags): Add
      VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT.
      * src/libvirt.c (virDomainSnapshotCreateXML): Document it.  Add
      note about partial failure.
      * tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Add new
      flag.
      * tools/virsh.pod (snapshot-create, snapshot-create-as): Document
      it.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
      (qemuDomainSnapshotCreateXML): Implement the new flag.
      4e9953a4
    • E
      docs: standardize description of flags · 529e4a50
      Eric Blake 提交于
      We had loads of different styles in describing the @flags parameter
      for various APIs, as well as several APIs that didn't list which
      enums provided the bit values valid for the flags.
      
      The end result is one of two formats:
      @flags: bitwise-OR of vir...Flags
      @flags: extra flags; not used yet, so callers should always pass 0
      
      * src/libvirt.c: Use common sentences for flags.  Also,
      (virDomainGetBlockIoTune): Mention virTypedParameterFlags.
      (virConnectOpenAuth): Mention virConnectFlags.
      (virDomainMigrate, virDomainMigrate2, virDomainMigrateToURI)
      (virDomainMigrateToURI2): Mention virDomainMigrateFlags.
      (virDomainMemoryPeek): Mention virDomainMemoryFlags.
      (virStoragePoolBuild): Mention virStoragePoolBuildFlags.
      (virStoragePoolDelete): Mention virStoragePoolDeleteFlags.
      (virStreamNew): Mention virStreamFlags.
      (virDomainOpenGraphics): Mention virDomainOpenGraphicsFlags.
      529e4a50
    • L
      qemu: check for kvm availability before starting kvm guests · 32f63e91
      Laine Stump 提交于
      This *kind of* addresses:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=772395
      
      (it doesn't eliminate the failure to start, but causes libvirt to give
      a better idea about the cause of the failure).
      
      If a guest uses a kvm emulator (e.g. /usr/bin/qemu-kvm) and the guest
      is started when kvm isn't available (either because virtualization is
      unavailable / has been disabled in the BIOS, or the kvm modules
      haven't been loaded for some reason), a semi-cryptic error message is
      logged:
      
        libvirtError: internal error Child process (LC_ALL=C
        PATH=/sbin:/usr/sbin:/bin:/usr/bin /usr/bin/qemu-kvm -device ? -device
        pci-assign,? -device virtio-blk-pci,? -device virtio-net-pci,?) status
        unexpected: exit status 1
      
      This patch notices at process start that a guest needs kvm, and checks
      for the presence of /dev/kvm (a reasonable indicator that kvm is
      available) before trying to execute the qemu binary. If kvm isn't
      available, a more useful (too verbose??) error is logged.
      32f63e91
  2. 10 1月, 2012 3 次提交
  3. 09 1月, 2012 2 次提交
    • L
      qemu: add new disk device='lun' for bus='virtio' & type='block' · 177db087
      Laine Stump 提交于
      In the past, generic SCSI commands issued from a guest to a virtio
      disk were always passed through to the underlying disk by qemu, and
      the kernel would also pass them on.
      
      As a result of CVE-2011-4127 (see:
      http://seclists.org/oss-sec/2011/q4/536), qemu now honors its
      scsi=on|off device option for virtio-blk-pci (which enables/disables
      passthrough of generic SCSI commands), and the kernel will only allow
      the commands for physical devices (not for partitions or logical
      volumes). The default behavior of qemu is still to allow sending
      generic SCSI commands to physical disks that are presented to a guest
      as virtio-blk-pci devices, but libvirt prefers to disable those
      commands in the standard virtio block devices, enabling it only when
      specifically requested (hopefully indicating that the requester
      understands what they're asking for). For this purpose, a new libvirt
      disk device type (device='lun') has been created.
      
      device='lun' is identical to the default device='disk', except that:
      
      1) It is only allowed if bus='virtio', type='block', and the qemu
         version is "new enough" to support it ("new enough" == qemu 0.11 or
         better), otherwise the domain will fail to start and a
         CONFIG_UNSUPPORTED error will be logged).
      
      2) The option "scsi=on" will be added to the -device arg to allow
         SG_IO commands (if device !='lun', "scsi=off" will be added to the
         -device arg so that SG_IO commands are specifically forbidden).
      
      Guests which continue to use disk device='disk' (the default) will no
      longer be able to use SG_IO commands on the disk; those that have
      their disk device changed to device='lun' will still be able to use SG_IO
      commands.
      
      *docs/formatdomain.html.in - document the new device attribute value.
      *docs/schemas/domaincommon.rng - allow it in the RNG
      *tests/* - update the args of several existing tests to add scsi=off, and
       add one new test that will test scsi=on.
      *src/conf/domain_conf.c - update domain XML parser and formatter
      
      *src/qemu/qemu_(command|driver|hotplug).c - treat
       VIR_DOMAIN_DISK_DEVICE_LUN *almost* identically to
       VIR_DOMAIN_DISK_DEVICE_DISK, except as indicated above.
      
      Note that no support for this new device value was added to any
      hypervisor drivers other than qemu, because it's unclear what it might
      mean (if anything) to those drivers.
      177db087
    • L
      qemu: add capabilities flags related to SG_IO · e8daeeb1
      Laine Stump 提交于
      This patch adds two capabilities flags to deal with various aspects
      of supporting SG_IO commands on virtio-blk-pci devices:
      
        QEMU_CAPS_VIRTIO_BLK_SCSI
          set if -device virtio-blk-pci accepts the scsi="on|off" option
          When present, this is on by default, but can be set to off to disable
          SG_IO functions.
      
        QEMU_CAPS_VIRTIO_BLK_SG_IO
          set if SG_IO commands are supported in the virtio-blk-pci driver
          (present since qemu 0.11 according to a qemu developer, if I
           understood correctly)
      e8daeeb1
  4. 08 1月, 2012 1 次提交
    • L
      config: report error when script given for inappropriate interface type · 1734cdb9
      Laine Stump 提交于
      This fixes https://bugzilla.redhat.com/show_bug.cgi?id=638633
      
      Although scripts are not used by interfaces of type other than
      "ethernet" in qemu, due to the fact that the parser stores the script
      name in a union that is only valid when type is ethernet or bridge,
      there is no way for anyone except the parser itself to catch the
      problem of specifying an interface script for an inappropriate
      interface type (by the time the parsed data gets back to the code that
      called the parser, all evidence that a script was specified is
      forgotten).
      
      Since the parser itself should be agnostic to which type of interface
      allows scripts (an example of why: a script specified for an interface
      of type bridge is valid for xen domains, but not for qemu domains),
      the solution here is to move the script out of the union(s) in the
      DomainNetDef, always populate it when specified (regardless of
      interface type), and let the driver decide whether or not it is
      appropriate.
      
      Currently the qemu, xen, libxml, and uml drivers recognize the script
      parameter and do something with it (the uml driver only to report that
      it isn't supported). Those drivers have been updated to log a
      CONFIG_UNSUPPORTED error when a script is specified for an interface
      type that's inappropriate for that particular hypervisor.
      
      (NB: There was earlier discussion of solving this problem by adding a
      VALIDATE flag to all libvirt APIs that accept XML, which would cause
      the XML to be validated against the RNG files. One statement during
      that discussion was that the RNG shouldn't contain hypervisor-specific
      things, though, and a proper solution to this problem would require
      that (again, because a script for an interface of type "bridge" is
      accepted by xen, but not by qemu).
      1734cdb9
  5. 07 1月, 2012 5 次提交
    • E
      qemu: one more client to live/config helper · 13a776ca
      Eric Blake 提交于
      Commit ae523427 missed one pair of functions that could use
      the helper routine.
      
      * src/qemu/qemu_driver.c (qemuSetSchedulerParametersFlags)
      (qemuGetSchedulerParametersFlags): Simplify.
      13a776ca
    • D
      Release of libvirt-0.9.9 · 2f667b56
      Daniel Veillard 提交于
      * configure.ac docs/news.html.in libvirt.spec.in: update for the release
      * po/*.po*: updated localizations from transifex and regenerated
      2f667b56
    • E
      tests: work around pdwtags 1.9 failure · cf6d3625
      Eric Blake 提交于
      On rawhide, gcc is new enough to output new DWARF information that
      pdwtags has not yet learned, but the resulting 'make check' output
      was rather confusing:
      
      $ make -C src check
      ...
        GEN    virkeepaliveprotocol-structs
      die__process_function: DW_TAG_INVALID (0x4109) @ <0x58c> not handled!
      WARNING: your pdwtags program is too old
      WARNING: skipping the virkeepaliveprotocol-structs test
      WARNING: install dwarves-1.3 or newer
      ...
      $ pdwtags --version
      v1.9
      
      I've filed the pdwtags deficiency as
      https://bugzilla.redhat.com/show_bug.cgi?id=772358
      
      * src/Makefile.am (PDWTAGS): Don't leave -t file behind on version
      mismatch.  Soften warning message, since 1.9 is newer than 1.3.
      Don't leak stderr from broken version.
      cf6d3625
    • E
      build: fix mingw virCommand build · 03ea5673
      Eric Blake 提交于
      Commit db371a21 mistakenly added new functions inside a #ifndef WIN32
      guard, even though they are needed on all platforms.
      
      * src/util/command.c (virCommandFDSet): Move outside WIN32
      conditional.
      03ea5673
    • E
      tests: avoid test failure on rawhide gnutls · 74ff5750
      Eric Blake 提交于
      I hit a VERY weird testsuite failure on rawhide, which included
      _binary_ output to stderr, followed by a hang waiting for me
      to type something! (Here, using ^@ for NUL):
      
      $ ./commandtest
      TEST: commandtest
            WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
      .WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
      .WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
      WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
      .8^@^@^@8^@^@^@^A^@^@^@^Bay^A^@^@^@)PRIVATE-GNOME-KEYRING-PKCS11-PROTOCOL-V-1
      
      I finally traced it to the fact that gnome-keyring, called via
      gnutls_global_init which is turn called by virNetTLSInit, opens
      an internal fd that it expects to communicate to via a
      pthread_atfork handler (never mind that it violates POSIX by
      using non-async-signal-safe functions in that handler:
      https://bugzilla.redhat.com/show_bug.cgi?id=772320).
      
      Our problem stems from the fact that we pulled the rug out from
      under the library's expectations by closing an fd that it had
      just opened.  While we aren't responsible for fixing the bugs
      in that pthread_atfork handler, we can at least avoid the bugs
      by not closing the fd in the first place.
      
      * tests/commandtest.c (mymain): Avoid closing fds that were opened
      by virInitialize.
      74ff5750
  6. 06 1月, 2012 4 次提交
    • A
      qemu: Avoid memory leaks on qemuParseRBDString · b41d440e
      Alex Jia 提交于
      Detected by valgrind. Leak introduced in commit 5745dc12.
      
      * src/qemu/qemu_command.c: fix memory leak on failure and successful path.
      
      * How to reproduce?
      % valgrind -v --leak-check=full ./qemuargv2xmltest
      
      * Actual result:
      
      ==2196== 80 bytes in 1 blocks are definitely lost in loss record 3 of 4
      ==2196==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
      ==2196==    by 0x39CF07F6E1: strdup (in /lib64/libc-2.12.so)
      ==2196==    by 0x419823: qemuParseRBDString (qemu_command.c:1657)
      ==2196==    by 0x4221ED: qemuParseCommandLine (qemu_command.c:5934)
      ==2196==    by 0x422AFB: qemuParseCommandLineString (qemu_command.c:7561)
      ==2196==    by 0x416864: testCompareXMLToArgvHelper (qemuargv2xmltest.c:48)
      ==2196==    by 0x417DB1: virtTestRun (testutils.c:141)
      ==2196==    by 0x415CAF: mymain (qemuargv2xmltest.c:175)
      ==2196==    by 0x4174A7: virtTestMain (testutils.c:696)
      ==2196==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
      ==2196==
      ==2196== LEAK SUMMARY:
      ==2196==    definitely lost: 80 bytes in 1 blocks
      Signed-off-by: NAlex Jia <ajia@redhat.com>
      b41d440e
    • E
      build: drop check for ANSI compiler · 307f3635
      Eric Blake 提交于
      Using automake.git (will become 1.12 someday), I got this error:
      
      configure.ac:90: error: automatic de-ANSI-fication support has been removed
      /usr/local/share/aclocal-1.11a/protos.m4:13: AM_C_PROTOTYPES is expanded from...
      configure.ac:90: the top level
      autom4te: /usr/bin/m4 failed with exit status: 1
      
      In short, pre-C89 compilers are no longer a viable portability
      target.  Besides, our code base already requires C99, so worrying
      about pre-C89 seems pointless.
      
      * configure.ac (AM_C_PROTOTYPES): Drop, since newer automake no
      longer provides it.
      307f3635
    • H
      qemu: fix a bug in numatune · 6b780f74
      Hu Tao 提交于
      When setting numa nodeset for a domain which has no nodeset set
      before, libvirtd crashes by dereferencing the pointer to the old
      nodemask which is null in that case.
      6b780f74
    • E
      qemu: fix use-after-free regression · 820a2159
      Eric Blake 提交于
      Commit baade4d fixed a memory leak on failure, but in the process,
      introduced a use-after-free on success, which can be triggered with:
      
      1. set bandwidth with --live
      2. query bandwidth
      3. set bandwidth with --live
      
      * src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Don't
      free newBandwidth on success.
      Reported by Hu Tao.
      820a2159
  7. 05 1月, 2012 4 次提交
    • E
      seclabel: fix regression in libvirtd restart · 302fe95f
      Eric Blake 提交于
      Commit b4343293 has a logic bug: seclabel overrides don't set
      def->type, but the default value is 0 (aka static).  Restarting
      libvirtd would thus reject the XML for any domain with an
      override of <seclabel relabel='no'/> (which happens quite
      easily if a disk image lives on NFS), with a message:
      
      2012-01-04 22:29:40.949+0000: 6769: error : virSecurityLabelDefParseXMLHelper:2593 : XML error: security label is missing
      
      Fix the logic to never read from an override's def->type, and
      to allow a missing <label> subelement when relabel is no.  There's
      a lot of stupid double-negatives in the code (!norelabel) because
      of the way that we want the zero-initialized defaults to behave.
      
      * src/conf/domain_conf.c (virSecurityLabelDefParseXMLHelper): Use
      type field from correct location.
      302fe95f
    • M
      command: Discard FD_SETSIZE limit for opened files · db371a21
      Michal Privoznik 提交于
      Currently, virCommand implementation uses FD_ macros from
      sys/select.h. However, those cannot handle more opened files
      than FD_SETSIZE. Therefore switch to generalized implementation
      based on array of integers.
      db371a21
    • J
      Support Xen domctl v8 · 49d8c8bc
      Jim Fehlig 提交于
      xen-unstable c/s 23874:651aed73b39c added another member to
      xen_domctl_getdomaininfo struct and bumped domctl version to 8.
      Add a corresponding domctl v8 struct in xen hypervisor sub-driver
      and detect domctl v8 during initialization.
      49d8c8bc
    • J
      Fix xenstore serial console path for HVM guests · beeea90a
      Jim Fehlig 提交于
      The console path in xenstore is /local/domain/<id>/console/tty
      for PV guests (PV console) and /local/domain/<id>/serial/0/tty
      (serial console) for HVM guests.  Similar to Xen's in-tree console
      client, read the correct path for PV vs HVM.
      beeea90a
  8. 04 1月, 2012 4 次提交
  9. 03 1月, 2012 4 次提交
    • E
      qemu: fix block stat naming · 851fc813
      Eric Blake 提交于
      Typo has existed since API introduction in commit ee0d8c3b.
      
      * src/qemu/qemu_driver.c (qemuDomainBlockStatsFlags): Use correct
      name.
      851fc813
    • E
      domiftune: clean up previous patches · 269ce467
      Eric Blake 提交于
      Most severe here is a latent (but currently untriggered) memory leak
      if any hypervisor ever adds a string interface property; the
      remainder are mainly cosmetic.
      
      * include/libvirt/libvirt.h.in (VIR_DOMAIN_BANDWIDTH_*): Move
      macros closer to interface that uses them, and document type.
      * src/libvirt.c (virDomainSetInterfaceParameters)
      (virDomainGetInterfaceParameters): Formatting tweaks.
      * daemon/remote.c (remoteDispatchDomainGetInterfaceParameters):
      Avoid memory leak.
      * src/libvirt_public.syms (LIBVIRT_0.9.9): Sort lines.
      * src/libvirt_private.syms (domain_conf.h): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Fix
      comments, break long lines.
      269ce467
    • P
      virsh: Fix checking for reconnect conditions · d82c6bcf
      Peter Krempa 提交于
      virshReportError() function frees the most recent error reported from
      libvirt. Condition that checks if connection to the daemon was broken
      during last command was then limited to check for SIGPIPE signal not
      taking into account possible errors signalized without SIGPIPE.
      
      This patch moves the check before the error is freed, to take into
      account code that does not emit SIGPIPE while failing.
      
      * tools/virsh.c: - move check for broken connection before error print.
      d82c6bcf
    • P
      network_conf: Fix whitespace to pass syntax-check · f4384b84
      Peter Krempa 提交于
      f4384b84
  10. 02 1月, 2012 1 次提交
    • M
      Implement DNS SRV record into the bridge driver · 973af236
      Michal Novotny 提交于
      Hi,
      this is the fifth version of my SRV record for DNSMasq patch rebased
      for the current codebase to the bridge driver and libvirt XML file to
      include support for the SRV records in the DNS. The syntax is based on
      DNSMasq man page and tests for both xml2xml and xml2argv were added as
      well. There are some things written a better way in comparison with
      version 4, mainly there's no hack in tests/networkxml2argvtest.c and
      also the xPath context is changed to use a simpler query using the
      virXPathInt() function relative to the current node.
      
      Also, the patch is also fixing the networkxml2argv test to pass both
      checks, i.e. both unit tests and also syntax check.
      
      Please review,
      Michal
      Signed-off-by: NMichal Novotny <minovotn@redhat.com>
      973af236
  11. 01 1月, 2012 2 次提交
  12. 31 12月, 2011 1 次提交
  13. 30 12月, 2011 5 次提交
    • D
      Fix build on s390(x) and other stange arches · c4ac050f
      Daniel Veillard 提交于
      The blocks to extract node information on a per-arch
      basis wasn't well balanced leading to a compilation
      failure if not on one of the handled arches (PCs and PPCs)
      c4ac050f
    • E
      seclabel: honor device override in selinux · 904e05a2
      Eric Blake 提交于
      This wires up the XML changes in the previous patch to let SELinux
      labeling honor user overrides, as well as affecting the live XML
      configuration in one case where the user didn't specify anything
      in the offline XML.
      
      I noticed that the logs contained messages like this:
      
      2011-12-05 23:32:40.382+0000: 26569: warning : SELinuxRestoreSecurityFileLabel:533 : cannot lookup default selinux label for /nfs/libvirt/images/dom.img
      
      for all my domain images living on NFS.  But if we would just remember
      that on domain creation that we were unable to set a SELinux label (due to
      NFSv3 lacking labels, or NFSv4 not being configured to expose attributes),
      then we could avoid wasting the time trying to clear the label on
      domain shutdown.  This in turn is one less point of NFS failure,
      especially since there have been documented cases of virDomainDestroy
      hanging during an attempted operation on a failed NFS connection.
      
      * src/security/security_selinux.c (SELinuxSetFilecon): Move guts...
      (SELinuxSetFileconHelper): ...to new function.
      (SELinuxSetFileconOptional): New function.
      (SELinuxSetSecurityFileLabel): Honor override label, and remember
      if labeling failed.
      (SELinuxRestoreSecurityImageLabelInt): Skip relabeling based on
      override.
      904e05a2
    • E
      seclabel: allow a seclabel override on a disk src · b4343293
      Eric Blake 提交于
      Implement the parsing and formatting of the XML addition of
      the previous commit.  The new XML doesn't affect qemu command
      line, so we can now test round-trip XML->memory->XML handling.
      
      I chose to reuse the existing structure, even though per-device
      override doesn't use all of those fields, rather than create a
      new structure, in order to reuse more code.
      
      * src/conf/domain_conf.h (_virDomainDiskDef): Add seclabel member.
      * src/conf/domain_conf.c (virDomainDiskDefFree): Free it.
      (virSecurityLabelDefFree): New function.
      (virDomainDiskDefFormat): Print it.
      (virSecurityLabelDefFormat): Reduce output if model not present.
      (virDomainDiskDefParseXML): Alter signature, and parse seclabel.
      (virSecurityLabelDefParseXML): Split...
      (virSecurityLabelDefParseXMLHelper): ...into new helper.
      (virDomainDeviceDefParse, virDomainDefParseXML): Update callers.
      * tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.args:
      New file.
      * tests/qemuxml2xmltest.c (mymain): Enhance test.
      * tests/qemuxml2argvtest.c (mymain): Likewise.
      b4343293
    • E
      seclabel: extend XML to allow per-disk label overrides · 6cb4acce
      Eric Blake 提交于
      When doing security relabeling, there are cases where a per-file
      override might be appropriate.  For example, with a static label
      and relabeling, it might be appropriate to skip relabeling on a
      particular disk, where the backing file lives on NFS that lacks
      the ability to track labeling.  Or with dynamic labeling, it might
      be appropriate to use a custom (non-dynamic) label for a disk
      specifically intended to be shared across domains.
      
      The new XML resembles the top-level <seclabel>, but with fewer
      options (basically relabel='no', or <label>text</label>):
      
      <domain ...>
        ...
        <devices>
          <disk type='file' device='disk'>
            <source file='/path/to/image1'>
              <seclabel relabel='no'/> <!-- override for just this disk -->
            </source>
            ...
          </disk>
          <disk type='file' device='disk'>
            <source file='/path/to/image1'>
              <seclabel relabel='yes'> <!-- override for just this disk -->
                <label>system_u:object_r:shared_content_t:s0</label>
              </seclabel>
            </source>
            ...
          </disk>
          ...
        </devices>
        <seclabel type='dynamic' model='selinux'>
          <baselabel>text</baselabel> <!-- used for all devices without override -->
        </seclabel>
      </domain>
      
      This patch only introduces the XML and documentation; future patches
      will actually parse and make use of it.  The intent is that we can
      further extend things as needed, adding a per-device <seclabel> in
      more places (such as the source of a console device), and possibly
      allowing a <baselabel> instead of <label> for labeling where we want
      to reuse the cNNN,cNNN pair of a dynamically labeled domain but a
      different base label.
      
      First suggested by Daniel P. Berrange here:
      https://www.redhat.com/archives/libvir-list/2011-December/msg00258.html
      
      * docs/schemas/domaincommon.rng (devSeclabel): New define.
      (disk): Use it.
      * docs/formatdomain.html.in (elementsDisks, seclabel): Document
      the new XML.
      * tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.xml:
      New test, to validate RNG.
      6cb4acce
    • E
      seclabel: move seclabel stuff earlier · e8383794
      Eric Blake 提交于
      Pure code motion; no semantic change.
      
      * src/conf/domain_conf.h (virDomainSeclabelType)
      (virSecurityLabelDefPtr): Declare earlier.
      * src/conf/domain_conf.c (virSecurityLabelDefClear)
      (virSecurityLabelDefParseXML): Move earlier.
      (virDomainDefParseXML): Move seclabel parsing earlier.
      e8383794