- 13 2月, 2014 3 次提交
-
-
由 Cédric Bosdonnat 提交于
Tmpfs relative size and default 50% size values aren't supported as we have no idea of the available memory at the conversion time.
-
由 Cédric Bosdonnat 提交于
LXC rootfs can be either a directory or a block device or an image file. The first two types have been implemented, but the image file is still to be done since LXC auto-guesses the file format at mount time and the LXC driver doesn't support the 'auto' format.
-
由 Cédric Bosdonnat 提交于
This function aims at converting LXC configuration into a libvirt domain XML description to help users migrate from LXC to libvirt. Here is an example of how the lxc configuration works: virsh -c lxc:/// domxml-from-native lxc-tools /var/lib/lxc/migrate_test/config It is possible that some parts couldn't be properly mapped into a domain XML fragment, so users should carefully review the result before creating the domain. fstab files in lxc.mount lines will need to be merged into the configuration file as lxc.mount.entry. As we can't know the amount of memory of the host, we have to set a default value for max_balloon that users will probably want to adjust.
-
- 05 2月, 2014 1 次提交
-
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1058839 Commit f9f56340 for CVE-2014-0028 almost had the right idea - we need to check the ACL rules to filter which events to send. But it overlooked one thing: the event dispatch queue is running in the main loop thread, and therefore does not normally have a current virIdentityPtr. But filter checks can be based on current identity, so when libvirtd.conf contains access_drivers=["polkit"], we ended up rejecting access for EVERY event due to failure to look up the current identity, even if it should have been allowed. Furthermore, even for events that are triggered by API calls, it is important to remember that the point of events is that they can be copied across multiple connections, which may have separate identities and permissions. So even if events were dispatched from a context where we have an identity, we must change to the correct identity of the connection that will be receiving the event, rather than basing a decision on the context that triggered the event, when deciding whether to filter an event to a particular connection. If there were an easy way to get from virConnectPtr to the appropriate virIdentityPtr, then object_event.c could adjust the identity prior to checking whether to dispatch an event. But setting up that back-reference is a bit invasive. Instead, it is easier to delay the filtering check until lower down the stack, at the point where we have direct access to the RPC client object that owns an identity. As such, this patch ends up reverting a large portion of the framework of commit f9f56340. We also have to teach 'make check' to special-case the fact that the event registration filtering is done at the point of dispatch, rather than the point of registration. Note that even though we don't actually use virConnectDomainEventRegisterCheckACL (because the RegisterAny variant is sufficient), we still generate the function for the purposes of documenting that the filtering takes place. Also note that I did not entirely delete the notion of a filter from object_event.c; I still plan on using that for my upcoming patch series for qemu monitor events in libvirt-qemu.so. In other words, while this patch changes ACL filtering to live in remote.c and therefore we have no current client of the filtering in object_event.c, the notion of filtering in object_event.c is still useful down the road. * src/check-aclrules.pl: Exempt event registration from having to pass checkACL filter down call stack. * daemon/remote.c (remoteRelayDomainEventCheckACL) (remoteRelayNetworkEventCheckACL): New functions. (remoteRelay*Event*): Use new functions. * src/conf/domain_event.h (virDomainEventStateRegister) (virDomainEventStateRegisterID): Drop unused parameter. * src/conf/network_event.h (virNetworkEventStateRegisterID): Likewise. * src/conf/domain_event.c (virDomainEventFilter): Delete unused function. * src/conf/network_event.c (virNetworkEventFilter): Likewise. * src/libxl/libxl_driver.c: Adjust caller. * src/lxc/lxc_driver.c: Likewise. * src/network/bridge_driver.c: Likewise. * src/qemu/qemu_driver.c: Likewise. * src/remote/remote_driver.c: Likewise. * src/test/test_driver.c: Likewise. * src/uml/uml_driver.c: Likewise. * src/vbox/vbox_tmpl.c: Likewise. * src/xen/xen_driver.c: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 01 2月, 2014 1 次提交
-
-
由 John Ferlan 提交于
Coverity complains about default: label in libxl_driver.c not be able to be reached. It's by design for the code and since it's not necessary in the code nor does it elicit any compiler/make check warnings - just remove it rather than adding a coverity[dead_error_begin] tag. While I'm at it, lxc_driver.c and nodeinfo.c have the same design, so I removed the default labels and the existing coverity tags.
-
- 31 1月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
The NWFilter code has as a deadlock race condition between the virNWFilter{Define,Undefine} APIs and starting of guest VMs due to mis-matched lock ordering. In the virNWFilter{Define,Undefine} codepaths the lock ordering is 1. nwfilter driver lock 2. virt driver lock 3. nwfilter update lock 4. domain object lock In the VM guest startup paths the lock ordering is 1. virt driver lock 2. domain object lock 3. nwfilter update lock As can be seen the domain object and nwfilter update locks are not acquired in a consistent order. The fix used is to push the nwfilter update lock upto the top level resulting in a lock ordering for virNWFilter{Define,Undefine} of 1. nwfilter driver lock 2. nwfilter update lock 3. virt driver lock 4. domain object lock and VM start using 1. nwfilter update lock 2. virt driver lock 3. domain object lock This has the effect of serializing VM startup once again, even if no nwfilters are applied to the guest. There is also the possibility of deadlock due to a call graph loop via virNWFilterInstantiate and virNWFilterInstantiateFilterLate. These two problems mean the lock must be turned into a read/write lock instead of a plain mutex at the same time. The lock is used to serialize changes to the "driver->nwfilters" hash, so the write lock only needs to be held by the define/undefine methods. All other methods can rely on a read lock which allows good concurrency. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 23 1月, 2014 1 次提交
-
-
由 Eric Blake 提交于
I noticed that we allow virDomainGetVcpusFlags even for read-only connections, but that with a flag, it can require guest agent interaction. It is feasible that a malicious guest could intentionally abuse the replies it sends over the guest agent connection to possibly trigger a bug in libvirt's JSON parser, or withhold an answer so as to prevent the use of the agent in a later command such as a shutdown request. Although we don't know of any such exploits now (and therefore don't mind posting this patch publicly without trying to get a CVE assigned), it is better to err on the side of caution and explicitly require full access to any domain where the API requires guest interaction to operate correctly. I audited all commands that are marked as conditionally using a guest agent. Note that at least virDomainFSTrim is documented as needing a guest agent, but that such use is unconditional depending on the hypervisor (so the existing domain:fs_trim ACL should be sufficient there, rather than also requirng domain:write). But when designing future APIs, such as the plans for obtaining a domain's IP addresses, we should copy the approach of this patch in making interaction with the guest be specified via a flag, and use that flag to also require stricter access checks. * src/libvirt.c (virDomainGetVcpusFlags): Forbid guest interaction on read-only connection. (virDomainShutdownFlags, virDomainReboot): Improve docs on agent interaction. * src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_SNAPSHOT_CREATE_XML) (REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS) (REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS, REMOTE_PROC_DOMAIN_REBOOT) (REMOTE_PROC_DOMAIN_SHUTDOWN_FLAGS): Require domain:write for any conditional use of a guest agent. * src/xen/xen_driver.c: Fix clients. * src/libxl/libxl_driver.c: Likewise. * src/uml/uml_driver.c: Likewise. * src/qemu/qemu_driver.c: Likewise. * src/lxc/lxc_driver.c: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 21 1月, 2014 2 次提交
-
-
由 Martin Kletzander 提交于
Commit 399394ab removed some coverity comments which skipped the dead code, so add them back. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Gao feng 提交于
With this patch,user can set throttle blkio cgroup for lxc domain through virsh tool. Signed-off-by: NGuan Qiang <hzguanqiang@corp.netease.com> Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
- 20 1月, 2014 1 次提交
-
-
由 Gao feng 提交于
This patch introduces virCgroupSetBlkioDeviceReadIops, virCgroupSetBlkioDeviceWriteIops, virCgroupSetBlkioDeviceReadBps and virCgroupSetBlkioDeviceWriteBps, we can use these interfaces to set up throttle blkio cgroup for domain. This patch also adds the new throttle blkio cgroup elements to the test xml. Signed-off-by: NGuan Qiang <hzguanqiang@corp.netease.com> Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
- 17 1月, 2014 1 次提交
-
-
由 Eric Blake 提交于
The public virConnectRef and virConnectClose API are just thin wrappers around virObjectRef/virObjectRef, with added object validation and an error reset. Within our backend drivers, use of the object validation is just an inefficiency since we always pass valid objects. More important to think about is what happens with the error reset; our uses of virConnectRef happened to be safe (since we hadn't encountered any earlier errors), but in several cases the use of virConnectClose could lose a real error. Ideally, we should also avoid calling virConnectOpen() from within backend drivers - but that is a known situation that needs much more design work. * src/qemu/qemu_process.c (qemuProcessReconnectHelper) (qemuProcessReconnect): Avoid nested public API call. * src/qemu/qemu_driver.c (qemuAutostartDomains) (qemuStateInitialize, qemuStateStop): Likewise. * src/qemu/qemu_migration.c (doPeer2PeerMigrate): Likewise. * src/storage/storage_driver.c (storageDriverAutostart): Likewise. * src/uml/uml_driver.c (umlAutostartConfigs): Likewise. * src/lxc/lxc_process.c (virLXCProcessAutostartAll): Likewise. (virLXCProcessReboot): Likewise, and avoid leaking conn on error. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 16 1月, 2014 1 次提交
-
-
由 Eric Blake 提交于
Ever since ACL filtering was added in commit 76397360 (v1.1.1), a user could still use event registration to obtain access to a domain that they could not normally access via virDomainLookup* or virConnectListAllDomains and friends. We already have the framework in the RPC generator for creating the filter, and previous cleanup patches got us to the point that we can now wire the filter through the entire object event stack. Furthermore, whether or not domain:getattr is honored, use of global events is a form of obtaining a list of networks, which is covered by connect:search_domains added in a93cd08f (v1.1.0). Ideally, we'd have a way to enforce connect:search_domains when doing global registrations while omitting that check on a per-domain registration. But this patch just unconditionally requires connect:search_domains, even when no list could be obtained, based on the following observations: 1. Administrators are unlikely to grant domain:getattr for one or all domains while still denying connect:search_domains - a user that is able to manage domains will want to be able to manage them efficiently, but efficient management includes being able to list the domains they can access. The idea of denying connect:search_domains while still granting access to individual domains is therefore not adding any real security, but just serves as a layer of obscurity to annoy the end user. 2. In the current implementation, domain events are filtered on the client; the server has no idea if a domain filter was requested, and must therefore assume that all domain event requests are global. Even if we fix the RPC protocol to allow for server-side filtering for newer client/server combos, making the connect:serach_domains ACL check conditional on whether the domain argument was NULL won't benefit older clients. Therefore, we choose to document that connect:search_domains is a pre-requisite to any domain event management. Network events need the same treatment, with the obvious change of using connect:search_networks and network:getattr. * src/access/viraccessperm.h (VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS) (VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional effect of the permission. * src/conf/domain_event.h (virDomainEventStateRegister) (virDomainEventStateRegisterID): Add new parameter. * src/conf/network_event.h (virNetworkEventStateRegisterID): Likewise. * src/conf/object_event_private.h (virObjectEventStateRegisterID): Likewise. * src/conf/object_event.c (_virObjectEventCallback): Track a filter. (virObjectEventDispatchMatchCallback): Use filter. (virObjectEventCallbackListAddID): Register filter. * src/conf/domain_event.c (virDomainEventFilter): New function. (virDomainEventStateRegister, virDomainEventStateRegisterID): Adjust callers. * src/conf/network_event.c (virNetworkEventFilter): New function. (virNetworkEventStateRegisterID): Adjust caller. * src/remote/remote_protocol.x (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER) (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY) (REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a filter, and require connect:search_domains instead of weaker connect:read. * src/test/test_driver.c (testConnectDomainEventRegister) (testConnectDomainEventRegisterAny) (testConnectNetworkEventRegisterAny): Update callers. * src/remote/remote_driver.c (remoteConnectDomainEventRegister) (remoteConnectDomainEventRegisterAny): Likewise. * src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister) (xenUnifiedConnectDomainEventRegisterAny): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise. * src/libxl/libxl_driver.c (libxlConnectDomainEventRegister) (libxlConnectDomainEventRegisterAny): Likewise. * src/qemu/qemu_driver.c (qemuConnectDomainEventRegister) (qemuConnectDomainEventRegisterAny): Likewise. * src/uml/uml_driver.c (umlConnectDomainEventRegister) (umlConnectDomainEventRegisterAny): Likewise. * src/network/bridge_driver.c (networkConnectNetworkEventRegisterAny): Likewise. * src/lxc/lxc_driver.c (lxcConnectDomainEventRegister) (lxcConnectDomainEventRegisterAny): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 08 1月, 2014 1 次提交
-
-
由 Gao feng 提交于
the unix socket /var/run/libvirt/lxc/domain.sock is not created under the selinux context which configured by <seclabel>. If we try to connect the domain.sock under the selinux context of domain in virtLXCProcessConnectMonitor,selinux will deny this connect operation. type=AVC msg=audit(1387953696.067:662): avc: denied { connectto } for pid=21206 comm="libvirtd" path="/usr/local/var/run/libvirt/lxc/systemd.sock" scontext=unconfined_u:system_r:svirt_lxc_net_t:s0:c770,c848 tcontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket fix this problem by creating socket under selinux context of domain. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
- 07 1月, 2014 5 次提交
-
-
由 Michal Privoznik 提交于
The argument is --handshakefd not --handshake. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
The @name variable is VIR_STRDUP()-ed into, but never freed. In fact, there's no need to duplicate a command line argument since all places where @name is used expect const char. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Eric Blake 提交于
Ever since their introduction (commit 1509b802 in v0.5.0 for virConnectDomainEventRegister, commit 44457238 in v0.8.0 for virConnectDomainEventDeregisterAny), the event deregistration functions have been documented as returning 0 on success; likewise for older registration (only the newer RegisterAny must return a non-zero callbackID). And now that we are adding virConnectNetworkEventDeregisterAny for v1.2.1, it should have the same semantics. Fortunately, all of the stateful drivers have been obeying the docs and returning 0, thanks to the way the remote_driver tracks things (in fact, the RPC wire protocol is unable to send a return value for DomainEventRegisterAny, at least not without adding a new RPC number). Well, except for vbox, which was always failing deregistration, due to failure to set the return value to anything besides its initial -1. But for local drivers, such as test:///default, we've been returning non-zero numbers; worse, the non-zero numbers have differed over time. For example, in Fedora 12 (libvirt 0.8.2), calling Register twice would return 0 and 1 [the callbackID generated under the hood]; while in Fedora 20 (libvirt 1.1.3), it returns 1 and 2 [the number of callbacks registered for that event type]. Since we have changed the behavior over time, and since it differs by local vs. remote, we can safely argue that no one could have been reasonably relying on any particular behavior, so we might as well obey the docs, as well as prepare callers that might deal with older clients to not be surprised if the docs are not strictly followed. For consistency, this patch fixes the code for all drivers, even though it only makes an impact for vbox and for local drivers. By fixing all drivers, future copy and paste from a remote driver to a local driver is less likely to reintroduce the bug. Finally, update the testsuite to gain some coverage of the issue for local drivers, including the first test of old-style domain event registration via function pointer instead of event id. * src/libvirt.c (virConnectDomainEventRegister) (virConnectDomainEventDeregister) (virConnectDomainEventDeregisterAny): Clarify docs. * src/libxl/libxl_driver.c (libxlConnectDomainEventRegister) (libxlConnectDomainEventDeregister) (libxlConnectDomainEventDeregisterAny): Match documentation. * src/lxc/lxc_driver.c (lxcConnectDomainEventRegister) (lxcConnectDomainEventDeregister) (lxcConnectDomainEventDeregisterAny): Likewise. * src/test/test_driver.c (testConnectDomainEventRegister) (testConnectDomainEventDeregister) (testConnectDomainEventDeregisterAny) (testConnectNetworkEventDeregisterAny): Likewise. * src/uml/uml_driver.c (umlConnectDomainEventRegister) (umlConnectDomainEventDeregister) (umlConnectDomainEventDeregisterAny): Likewise. * src/vbox/vbox_tmpl.c (vboxConnectDomainEventRegister) (vboxConnectDomainEventDeregister) (vboxConnectDomainEventDeregisterAny): Likewise. * src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister) (xenUnifiedConnectDomainEventDeregister) (xenUnifiedConnectDomainEventDeregisterAny): Likewise. * src/network/bridge_driver.c (networkConnectNetworkEventDeregisterAny): Likewise. * tests/objecteventtest.c (testDomainCreateXMLOld): New test. (mymain): Run it. (testDomainCreateXML): Check return values. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
The libvirt_internal.h header was included by the internal.h header. This made it painful to add new stuff to the header file that would require some more specific types. Remove inclusion by internal.h and add it to appropriate places manually.
-
由 Eric Blake 提交于
This reverts commit aa461933. This patch was accidentally pushed prematurely, and has incorrect logic for which shutdown methods to attempt. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 05 1月, 2014 1 次提交
-
-
由 Eric Blake 提交于
We weren't very consistent in our use of VIR_ERR_NO_SUPPORT; many users just passed __FUNCTION__ on, while others passed "%s" to silence over-eager compilers that warn about __FUNCTION__ not containing any %. It's nicer to route all these uses through a single macro, so that if we ever need to change the reporting, we can do it in one place. I verified that 'virsh -c test:///default qemu-monitor-command test foo' gives the same error message before and after this patch: error: this function is not supported by the connection driver: virDomainQemuMonitorCommand Note that in libvirt.c, we were inconsistent on whether virDomain* API used virLibConnError() (with VIR_FROM_NONE) or virLibDomainError() (with VIR_FROM_DOMAIN); this patch unifies these errors to all use VIR_FROM_NONE, on the grounds that it is unlikely that a caller learning that a call is unimplemented can do anything in particular with extra knowledge of which error domain it belongs to. One particular change to note is virDomainOpenGraphics which was trying to fail with VIR_ERR_NO_SUPPORT after a failed VIR_DRV_SUPPORTS_FEATURE check; all other places that fail a feature check report VIR_ERR_ARGUMENT_UNSUPPORTED. * src/util/virerror.h (virReportUnsupportedError): New macro. * src/libvirt-qemu.c: Use new macro. * src/libvirt-lxc.c: Likewise. * src/lxc/lxc_driver.c: Likewise. * src/security/security_manager.c: Likewise. * src/util/virinitctl.c: Likewise. * src/libvirt.c: Likewise. (virDomainOpenGraphics): Use correct error for unsupported feature. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 25 12月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
Currently, the @flags usage is a bit unclear at first sight to say the least. There's no need for such unclear code especially when we can borrow the working code from qemuDomainShutdownFlags(). In addition, this fixes one bug too. If user requested both VIR_DOMAIN_SHUTDOWN_INITCTL and VIR_DOMAIN_SHUTDOWN_SIGNAL at the same time, he is basically saying: 'Use the force Luke! If initctl fails try sending a signal.' But with the current code we don't do that. If initctl fails for some reason (e.g. inability to write to /dev/initctl) we don't try sending any signal but fail immediately. To make things worse, making a domain shutdown with bare _SIGNAL was working by blind chance of a @rc variable being placed at correct place on the stack so its initial value was zero. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 20 12月, 2013 2 次提交
-
-
由 Martin Kletzander 提交于
The function doesn't check whether the request is made for active or inactive domain. Thus when the domain is not running it still tries accessing non-existing cgroups (priv->cgroup, which is NULL). I re-made the function in order for it to work the same way it's qemu counterpart does. Reproducer: 1) Define an LXC domain 2) Do 'virsh memtune <domain> --hard-limit 133T' Backtrace: Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)): #0 0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764 #1 0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824") at util/vircgroup.c:669 #2 0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740 #3 0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904 #4 0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576) at util/vircgroup.c:1944 #5 0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420, params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774 #6 0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420, params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051 #7 0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510) at remote_dispatch.h:7621 #8 0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510, ret=0x7fffe40b84f0) at remote_dispatch.h:7591 #9 0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0, server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0) at rpc/virnetserverprogram.c:435 #10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0, server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0) at rpc/virnetserverprogram.c:305 #11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10, prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165 #12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00) at rpc/virnetserver.c:186 #13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144 #14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161 #15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308 #16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
The function doesn't check whether the request is made for active or inactive domain. Thus when the domain is not running it still tries accessing non-existing cgroups (priv->cgroup, which is NULL). I re-made the function in order for it to work the same way it's qemu counterpart does. Reproducer: 1) Define an LXC domain 2) Do 'virsh memtune <domain>' Backtrace: Thread 6 (Thread 0x7fffec8c0700 (LWP 13387)): #0 0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf750) at util/vircgroup.c:1764 #1 0x00007ffff70e958c in virCgroupGetValueStr (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf7c0) at util/vircgroup.c:705 #2 0x00007ffff70e9d29 in virCgroupGetValueU64 (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf810) at util/vircgroup.c:804 #3 0x00007ffff70ee706 in virCgroupGetMemoryHardLimit (group=0x0, kb=0x7fffec8bf8a8) at util/vircgroup.c:1962 #4 0x00005555557d590f in lxcDomainGetMemoryParameters (dom=0x7fffd40024a0, params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at lxc/lxc_driver.c:826 #5 0x00007ffff72c28d3 in virDomainGetMemoryParameters (domain=0x7fffd40024a0, params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at libvirt.c:4137 #6 0x000055555563714d in remoteDispatchDomainGetMemoryParameters (server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0, ret=0x7fffd4002420) at remote.c:1895 #7 0x00005555556052c4 in remoteDispatchDomainGetMemoryParametersHelper (server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0, ret=0x7fffd4002420) at remote_dispatch.h:4050 #8 0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0, server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0) at rpc/virnetserverprogram.c:435 #9 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0, server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0) at rpc/virnetserverprogram.c:305 #10 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ebaef0, prog=0x555555ec3ae0, msg=0x555555ebb3e0) at rpc/virnetserver.c:165 #11 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ebc7e0, opaque=0x555555eb7e00) at rpc/virnetserver.c:186 #12 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144 #13 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161 #14 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308 #15 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 18 12月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Systemd specified that any /dev/pts/NNN device on which it is expected to spawn a agetty login, should be listed in the 'container_ttys' env variable. It should just contain the relative paths, eg 'pts/0' not '/dev/pts/0' and should be space separated. http://cgit.freedesktop.org/systemd/systemd/commit/?id=1d97ff7dd71902a5604c2fed8964925d54e09de9Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 16 12月, 2013 1 次提交
-
-
由 Gao feng 提交于
The newroot is not mounted as tmpfs, we bind root->src to it. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
- 13 12月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
We missed a return when virProcessKillPainfully failed to kill lxc process Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 12 12月, 2013 1 次提交
-
-
由 Gao feng 提交于
The throttle blkio cgroup will reuse this struct. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
- 11 12月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
re-mount it again. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 10 12月, 2013 3 次提交
-
-
由 Cédric Bosdonnat 提交于
The virDomainEvent class is kept as it indicates what meta informations are valid for the children classes. This may be useful in the future.
-
由 Cédric Bosdonnat 提交于
This aims at providing some consistency with other domain events
-
由 Cédric Bosdonnat 提交于
Leave virDomainEventRegister and its Deregister brother as these are legacy functions only for domain lifecycle events.
-
- 06 12月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
Currently, if virFileMakePath() fails, the @ret is left initialized from virAsprintf() just a few lines above leading to a wrong return value of zero whereas -1 should be returned. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 29 11月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
When setting up filesystems backed by block devices or file images, the SELinux mount options must be used to ensure the correct context is set Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 28 11月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Move the code for lxcContainerGetSubtree into the virfile module creating 2 new functions int virFileGetMountSubtree(const char *mtabpath, const char *prefix, char ***mountsret, size_t *nmountsret); int virFileGetMountReverseSubtree(const char *mtabpath, const char *prefix, char ***mountsret, size_t *nmountsret); Add a new virfiletest.c test case to validate the new code. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add virStringSortCompare and virStringSortRevCompare as standard functions to use with qsort. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 26 11月, 2013 2 次提交
-
-
由 Gao feng 提交于
Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942 vfs: Lock in place mounts from more privileged users, unprivileged user has no rights to umount the mounts that inherited from parent mountns. right now, I have no good idea to fix this problem, we need to do more research. this patch just skip unmounting these mounts for shared root. BTW, I think when libvirt lxc enables user namespace, the configuation that shares root with host is very rara. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942 vfs: Lock in place mounts from more privileged users, unprivileged user has no rights to move the mounts that inherited from parent mountns. we use this feature to move the /stateDir/domain-name.{dev, devpts} to the /dev/ and /dev/pts directroy of container. this commit breaks libvirt lxc. this patch changes the behavior to bind these mounts when user namespace is enabled and move these mounts when user namespace is disabled. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
- 25 11月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
Don't do duplicate work when getting pagesize. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 21 11月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Most of our code base uses space after comma but not before; fix the remaining uses before adding a syntax check. * src/lxc/lxc_container.c: Consistently use commas. * src/openvz/openvz_driver.c: Likewise. * src/openvz/openvz_util.c: Likewise. * src/remote/remote_driver.c: Likewise. * src/test/test_driver.c: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 19 11月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Without a 'return 0' in the stub lxcStartFuse() method, the compiler warns: lxc/lxc_fuse.c:374: error: control reaches end of non-void function [-Wreturn-type] Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 18 11月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The glibc setxid is supposed to be async signal safe, but libc developers confirm that it is not. This causes a problem when libvirt_lxc starts the FUSE thread and then runs clone() to start the container. If the clone() was done before the FUSE thread has completely started up, then the container will hang in setxid after clone(). The fix is to avoid creating any threads until after the container has been clone()'d. By avoiding any threads in the parent, the child is no longer required to run in an async signal safe context, and we thus avoid the glibc bug. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-