- 18 2月, 2014 11 次提交
-
-
由 Michal Privoznik 提交于
Basically, the idea is copied from domain code, where tainting exists for a while. Currently, only one taint reason exists - VIR_NETWORK_TAINT_HOOK to mark those networks which caused invoking of hook script. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
There might be some use cases, where user wants to prepare the host or its environment prior to starting a network and do some cleanup after the network has been shut down. Consider all the functionality that libvirt doesn't currently have as an example what a hook script can possibly do. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
In the next patch I'm going to need the network format function that takes virBuffer as argument. However, slightly change of name is more appropriate then: virNetworkDefFormatBuf to match the rest of functions that format an object to buffer. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Daniel P. Berrange 提交于
Rewrite multiple hotunplug functions to to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with an absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Rewrite lxcDomainAttachDeviceHostdevMiscLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Rewrite lxcDomainAttachDeviceHostdevStorageLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Rewrite lxcDomainAttachDeviceHostdevSubsysUSBLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Rewrite lxcDomainAttachDeviceDiskLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Eric Blake 提交于
Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and lxcDomainReboot. Otherwise, a malicious guest could use symlinks to force the host to manipulate the wrong file in the host's namespace. Idea by Dan Berrange, based on an initial report by Reco <recoverym4n@gmail.com> at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Daniel P. Berrange 提交于
Implement virProcessRunInMountNamespace, which runs callback of type virProcessNamespaceCallback in a container namespace. This uses a child process to run the callback, since you can't change the mount namespace of a thread. This implies that callbacks have to be careful about what code they run due to async safety rules. Idea by Dan Berrange, based on an initial report by Reco <recoverym4n@gmail.com> at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394Signed-off-by: NDaniel Berrange <berrange@redhat.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Daniel P. Berrange 提交于
Add a helper function which takes a file path and ensures that all directory components leading up to the file exist. IOW, it strips the filename part of the path and passes the result to virFileMakePath. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 17 2月, 2014 8 次提交
-
-
由 Daniel P. Berrange 提交于
The check for whether the cgroup devices ACL is available is done quite late during LXC hotplug - in fact after the device node is already created in the container in some cases. Better to do it upfront so we fail immediately. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC disk hotplug code was allowing block or character devices to be given as disk. A disk is always a block device. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
When detaching a USB device from an LXC guest we must remove the device from the cgroup ACL. Unfortunately we were telling the cgroup code to use the guest /dev path, not the host /dev path, and the guest device node had already been unlinked. This was, however, fortunate since the code passed &priv->cgroup instead of priv->cgroup, so would have crash if the device node were accessible. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
After hotplugging a USB device, the LXC driver forgot to add the device def to the virDomainDefPtr. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC code missed the 'usb' component out of the path /dev/bus/usb/$BUSNUM/$DEVNUM, so it failed to actually setup cgroups for the device. This was in fact lucky because the call to virLXCSetupHostUsbDeviceCgroup was also mistakenly passing '&priv->cgroup' instead of just 'priv->cgroup'. So once the path is fixed, libvirtd would then crash trying to access the bogus virCgroupPtr pointer. This would have been a security issue, were it not for the bogus path preventing the pointer reference being reached. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
virDomainDefCompatibleDevice blocks use of USB if no USB controller is present. This is not correct for containers since devices can be assigned directly regardless of any controllers. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Michal Privoznik 提交于
Currently, there's just one place where we care if hook script is changing the domain XML: migration hook for incoming migration. In all other places where a hook script is executed, we don't read the XML back from the script. Anyway, the hook script can alter domain XML and hence we should taint it if the script did. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
This new flag is to be used for tainting domains which XML definition was altered at runtime by a hook script. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 15 2月, 2014 1 次提交
-
-
由 Peter Krempa 提交于
The internal pools were an idea in one of the first iterations of the gluster series, which we decided not to use. Somehow the patch still got pushed. Remove it as the internal flag isn't needed. This reverts commit 362da820.
-
- 14 2月, 2014 16 次提交
-
-
由 Ján Tomko 提交于
also validate it against the RNG schema.
-
由 Ján Tomko 提交于
This belongs to the pool definition.
-
由 Cédric Bosdonnat 提交于
-
由 Peter Krempa 提交于
Yet another variable name frowned upon by older compilers. Introduced in commit b73c029d.
-
由 Ján Tomko 提交于
Also try to bind on IPv6 to check if the port is occupied. Change the mocked bind in the test to return EADDRINUSE for some ports only for the IPv4/IPv6 socket if we're testing on a host with IPv6 compiled in. Also mock socket() to make it fail with EAFNOTSUPPORTED if LIBVIRT_TEST_IPV4ONLY is set in the environment, to simulate a host without IPv6 support in the kernel. The tests are repeated again with this variable set. https://bugzilla.redhat.com/show_bug.cgi?id=1025407
-
由 Ján Tomko 提交于
-
由 Peter Krempa 提交于
In a44b7b87 I've introduced a function that initializes a storage file wrapper object on gluster based volumes. The initialization function leaks the private data pointer in case of failure. This patch fixes it. Reported by John Ferlan.
-
由 Peter Krempa 提交于
In commit e3226818 I accidentally added twice a typedef for virStorageFileBackend when I moved it between files across patch iterations. The double declaration breaks build on older compilers in RHEL5 and FreeBSD. Remove the spurious definition.
-
由 Peter Krempa 提交于
Add support for gluster backed images as sources for snapshots in the qemu driver. This will also simplify adding further network backed volumes as sources for snapshot in case qemu will support them.
-
由 Peter Krempa 提交于
Use the new storage driver based "stat" api to detect exiting files just as we did with local files.
-
由 Peter Krempa 提交于
Use the new storage driver APIs to delete snapshot backing files in case of failure instead of directly relying on "unlink". This will help us in the future when we will be adding network based storage without local representation in the host.
-
由 Peter Krempa 提交于
Implement storage backend functions to deal with gluster volumes and implement the "stat" and "unlink" backend APIs.
-
由 Peter Krempa 提交于
Implement the "stat" and "unlink" function for "file" volumes and "stat" for "block" volumes using the regular system calls.
-
由 Peter Krempa 提交于
Add APIs that will allow to use the storage driver to assist in operations on files even for remote filesystems without native representation as files in the host.
-
由 Peter Krempa 提交于
All the data for getting the actual type is present in the snapshot config. There is no need to have this function private to the qemu driver and it will be re-used later in other parts of libvirt
-
由 Peter Krempa 提交于
All the data for getting the actual type is present in the domain config. There is no need to have this function private to the qemu driver and it will be re-used later in other parts of libvirt
-
- 13 2月, 2014 4 次提交
-
-
由 Eric Blake 提交于
Similar to cf76c4b3, if modules are used, then nwfilter configuration requires the nwfilter driver module. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
This reverts commit 8d6c3659. After further list discussion, it was decided that pulling in wireshark as a dependency is a bit too much for the base 'libvirt' package. Remember also that 'libvirt-devel' is also not pulled in by the base 'libvirt' - the metapackage exists for full functionality of libvirtd, rather than to pull in all subpackages.
-
由 Cédric Bosdonnat 提交于
-
由 Philipp Hahn 提交于
Remove double "is". Consistent spelling of all-uppercase I/O. Signed-off-by: NPhilipp Hahn <hahn@univention.de>
-