- 16 10月, 2017 1 次提交
-
-
由 Daniel P. Berrange 提交于
The default_tls_x509_verify (and related) parameters in qemu.conf control whether the QEMU TLS servers request & verify certificates from clients. This works as a simple access control system for servers by requiring the CA to issue certs to permitted clients. This use of client certificates is disabled by default, since it requires extra work to issue client certificates. Unfortunately the code was using this configuration parameter when setting up both TLS clients and servers in QEMU. The result was that TLS clients for character devices and disk devices had verification turned off, meaning they would ignore errors while validating the server certificate. This allows for trivial MITM attacks between client and server, as any certificate returned by the attacker will be accepted by the client. This is assigned CVE-2017-1000256 / LSN-2017-0002 Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 441d3eb6)
-
- 26 10月, 2016 1 次提交
-
-
由 John Ferlan 提交于
Add the secret object so the 'passwordid=' can be added if the command line if there's a secret defined in/on the host for TCP chardev TLS objects. Preparation for the secret involves adding the secinfo to the char source device prior to command line processing. There are multiple possibilities for TCP chardev source backend usage. Add test for at least a serial chardev as an example.
-
- 18 10月, 2016 2 次提交
-
-
由 Pavel Hrdina 提交于
There was inconsistency between alias used to create tls-creds-x509 object and alias used to link that object to chardev while hotpluging. Hotplug ends with this error: error: Failed to detach device from channel-tcp.xml error: internal error: unable to execute QEMU command 'chardev-add': No TLS credentials with id 'objcharchannel3_tls0' In XML we have for example alias "serial0", but on qemu command line we generate "charserial0". The issue was that code, that creates QMP command to hotplug chardev devices uses only the second alias "charserial0" and that alias is also used to link the tls-creds-x509 object. This patch unifies the aliases for tls-creds-x509 to be always generated from "charserial0". Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 John Ferlan 提交于
Missing the option to set verify-peer to yes Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 14 9月, 2016 1 次提交
-
-
由 Daniel P. Berrange 提交于
The test qemuxml2argv-serial-tcp-tlsx509-chardev.args will fail if libvirt is built with a --sysconfdir arg that is not /etc. Fix this by setting a hardcoded path in the test code. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 09 9月, 2016 1 次提交
-
-
由 John Ferlan 提交于
When building a chardev device string for tcp, add the necessary pieces to access provide the TLS X.509 path to qemu. This includes generating the 'tls-creds-x509' object and then adding the 'tls-creds' parameter to the VIR_DOMAIN_CHR_TYPE_TCP command line. Finally add the tests for the qemu command line. This test will make use of the "new(ish)" /etc/pki/qemu setting for a TLS certificate environment by *not* "resetting" the chardevTLSx509certdir prior to running the test. Also use the default "verify" option (which is "no"). Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 07 7月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
Support for SMP topology was added by qemu commit dc6b1c09849484fbbc50 prior to 0.12.0, our minimum supported qemu version. $ git describe --tags dc6b1c09849484fbbc50803307e4c7a3d81eab62 v0.11.0-rc0-449-gdc6b1c0 $ git describe --tags --contains dc6b1c09849484fbbc50803307e4c7a3d81eab v0.12.0-rc0~1477
-
- 01 3月, 2016 1 次提交
-
-
由 Martin Kletzander 提交于
Per-domain directories were introduced in order to be able to completely separate security labels for each domain (commit f1f68ca3). However when the domain name is long (let's say a ridiculous 110 characters), we cannot connect to the monitor socket because on length of UNIX socket address is limited. In order to get around this, let's shorten it in similar fashion and in order to avoid conflicts, throw in an ID there as well. Also save that into the status XML and load the old status XMLs properly (to clean up after older domains). That way we can change it in the future. The shortening can be seen in qemuxml2argv tests, for example in the hugepages-pages2 case. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 05 1月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
Just recently, qemu forbade specifying format for sourceless disks (qemu commit 39c4ae941ed992a3bb5). It kind of makes sense. If there's no file to open, why specify its format. Anyway, I have a domain like this: <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <target dev='hda' bus='ide'/> <readonly/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> and obviously I am unable to start it. Therefore, a fix on our side is needed too. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 10 11月, 2015 4 次提交
-
-
由 Daniel P. Berrange 提交于
As of QEMU 0.10.0 the -drive format= parameter was added, so the QEMU driver can assume it is always available. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The -uuid arg was added in QEMU 0.10.0, so the QEMU driver can assume it is always available. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The -name arg was added in QEMU 0.9.1, so the QEMU driver can assume it is always available. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
As of QEMU 0.9.1 the -drive argument can be used to configure all disks, so the QEMU driver can assume it is always available and drop support for -hda/-cdrom/etc. Many of the tests need updating because a great many were running without CAPS_DRIVE set, so using the -hda legacy syntax. Fixing the tests uncovered a bug in the argv -> xml convertor which failed to handle disk with if=floppy. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 09 11月, 2015 1 次提交
-
-
由 Daniel P. Berrange 提交于
Back in commit bd6c46fa Author: Juerg Haefliger <juerg.haefliger@hp.com> Date: Mon Jan 31 06:42:57 2011 -0500 tests: handle backspace-newline pairs in test input files all the test argv files were line wrapped so that the args were less than 80 characters. The way the line wrapping was done turns out to be quite undesirable, because it often leaves multiple parameters on the same line. If we later need to add or remove individual parameters, then it leaves us having to redo line wrapping. This commit changes the line wrapping so that every single "-param value" is one its own new line. If the "value" is still too long, then we break on ',' or ':' or ' ' as needed. This means that when we come to add / remove parameters from the test files line, the patch diffs will only ever show a single line added/removed which will greatly simplify review work. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 03 9月, 2013 1 次提交
-
-
由 Cole Robinson 提交于
On my machine, a guest fails to boot if it has a sound card, but not graphical device/display is configured, because pulseaudio fails to initialize since it can't access $HOME. A workaround is removing the audio device, however on ARM boards there isn't any option to do that, so -nographic always fails. Set QEMU_AUDIO_DRV=none if no <graphics> are configured. Unfortunately this has massive test suite fallout. Add a qemu.conf parameter nographics_allow_host_audio, that if enabled will pass through QEMU_AUDIO_DRV from sysconfig (similar to vnc_allow_host_audio)
-
- 30 10月, 2012 1 次提交
-
-
由 Vladislav Bogdanov 提交于
-
- 11 8月, 2011 1 次提交
-
-
由 Cole Robinson 提交于
The following XML: <serial type='udp'> <source mode='connect' service='9999'/> </serial> is accepted by domain_conf.c but maps to the qemu command line: -chardev udp,host=127.0.0.1,port=2222,localaddr=(null),localport=(null) qemu can cope with everything omitting except the connection port, which seems to also be the intent of domain_conf validation, so let's not generate bogus command lines for that case. The defaults are empty strings for addresses and 0 for the localport Additionally, tweak the qemu cli parsing to handle omitted host parameters for -serial udp
-
- 07 4月, 2011 1 次提交
-
-
由 Eric Blake 提交于
* tests/qemuxml2argvdata/qemuxml2argv-*.args: Reflect reserved VGA port change.
-
- 01 2月, 2011 1 次提交
-
-
由 Juerg Haefliger 提交于
This patch teaches testutil how to read multi-line input files with backspace-newline line continuation markers. The patch also breaks up all the single-line arguments test input files into multi-line files with lines shorter than 80 characters.
-
- 28 1月, 2011 1 次提交
-
-
由 Eric Blake 提交于
* src/qemu/qemu_command.c (qemuBuildChrChardevStr): Alter the chardev alias. (qemuBuildCommandLine): Output an id for the chardev counterpart. * tests/qemuxml2argvdata/*: Update tests to match. Reported by Daniel P. Berrange.
-
- 21 7月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
To try and ensure that people upgrading from old QEMU get guests with the same PCI device ordering, change the way we assign addrs to match QEMU's default order. This should make Windows less annoyed. * src/qemu/qemu_conf.c: Follow QEMU's default PCI ordering logic when assigning addresses * tests/*.args: Update for changed PCI addresses
-
- 23 6月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
We already use the '-nodefaults' command line arg with QEMU to stop it adding any default devices to guests. Unfortunately, QEMU will load global config files from /etc/qemu that may also add default devices. These aren't blocked by '-nodefaults', so we need to also add the '-nodefconfig' arg to prevent that. Unfortunately these global config files are also used to define custom CPU models. So in blocking global hardware device addition we also block definitions of new CPU models. Libvirt doesn't know about these custom CPU models though, so it would never make use of them anyway. Thus blocking them via -nodefconfig isn't a show stopping problem. We would need to expand libvirt's own CPU model XML database to support these instead. * src/qemu/qemu_conf.c: Add '-nodefconfig' if available * tests/qemuxml2argvdata/: Add '-nodefconfig' to all data files which have '-nodefaults' present
-
- 18 1月, 2010 2 次提交
-
-
由 Daniel P. Berrange 提交于
Replace -balloon virtio With -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 This allows it to get correct assigned PCI address as declared in previous patch * src/qemu/qemu_conf.c: Convert Virtio ballon to -device and give it an explicit PCI address * tests/qemuxml2argvdata/qemuxml2argv-*args: Add in virtio balloon where appropriate
-
由 Daniel P. Berrange 提交于
The current character device syntax uses either -serial tty,path=/dev/ttyS2 Or -chardev tty,id=serial0,path=/dev/ttyS2 -serial chardev:serial0 With the new -device support, we now prefer -chardev file,id=serial0,path=/tmp/serial.log -device isa-serial,chardev=serial0 This patch changes the existing -chardev syntax to use this new scheme, and fallbacks to the old plain -serial syntax for old QEMU. The monitor device changes to -chardev socket,id=monitor,path=/tmp/test-monitor,server,nowait -mon chardev=monitor In addition, this patch adds --nodefaults, which kills off the default serial, parallel, vga and nic devices. THis avoids the need for us to explicitly turn each off
-
- 14 12月, 2009 1 次提交
-
-
由 Matthew Booth 提交于
Change -monitor, -serial and -parallel output to use -chardev if it is available. * src/qemu/qemu_conf.c: Update qemudBuildCommandLine to use -chardev where available. * tests/qemuxml2argvtest.c tests/qemuxml2argvdata/: Add -chardev equivalents for all current serial and parallel tests.
-