1. 22 11月, 2012 2 次提交
    • D
      Log an audit message with the LXC init pid · a6158336
      Daniel P. Berrange 提交于
      Currently the LXC driver logs audit messages when a container
      is started or stopped. These audit messages, however, contain
      the PID of the libvirt_lxc supervisor process. To enable
      sysadmins to correlate with audit messages generated by
      processes /inside/ the container, we need to include the
      container init process PID.
      
      We can't do this in the main 'start' audit message, since
      the init PID is not available at that point. Instead we output
      a completely new audit record, that lists both PIDs.
      
      type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success'
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      a6158336
    • D
      Use virNetServerRun instead of custom main loop · f33e43c2
      Daniel P. Berrange 提交于
      The LXC controller code currently directly invokes the
      libvirt main loop code. The problem is that this misses
      the cleanup of virNetServerClient connections that
      virNetServerRun takes care of.
      
      The result is that when libvirtd is stopped, the
      libvirt_lxc controller process gets stuck in a I/O loop.
      When libvirtd is then started again, it fails to connect
      to the controller and thus kills off the entire domain.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f33e43c2
  2. 15 11月, 2012 1 次提交
  3. 14 11月, 2012 1 次提交
  4. 16 10月, 2012 1 次提交
  5. 27 9月, 2012 1 次提交
  6. 26 9月, 2012 2 次提交
  7. 21 9月, 2012 1 次提交
  8. 18 9月, 2012 3 次提交
  9. 21 8月, 2012 1 次提交
  10. 15 8月, 2012 1 次提交
    • D
      Refactor RPC client private data setup · 39b5e4d4
      Daniel P. Berrange 提交于
      Currently there is a hook function that is invoked when a
      new client connection comes in, which allows an app to
      setup private data. This setup will make it difficult to
      serialize client state during process re-exec(). Change to
      a model where the app registers a callback when creating
      the virNetServerPtr instance, which is used to allocate
      the client private data immediately during virNetClientPtr
      construction.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      39b5e4d4
  11. 07 8月, 2012 1 次提交
  12. 06 8月, 2012 1 次提交
    • E
      virrandom: make virRandomInitialize an automatic one-shot · 87de27b7
      Eric Blake 提交于
      All callers used the same initialization seed (well, the new
      viratomictest forgot to look at getpid()); so we might as well
      make this value automatic.  And while it may feel like we are
      giving up functionality, I documented how to get it back in the
      unlikely case that you actually need to debug with a fixed
      pseudo-random sequence.  I left that crippled by default, so
      that a stray environment variable doesn't cause a lack of
      randomness to become a security issue.
      
      * src/util/virrandom.c (virRandomInitialize): Rename...
      (virRandomOnceInit): ...and make static, with one-shot call.
      Document how to do fixed-seed debugging.
      * src/util/virrandom.h (virRandomInitialize): Drop prototype.
      * src/libvirt_private.syms (virrandom.h): Don't export it.
      * src/libvirt.c (virInitialize): Adjust caller.
      * src/lxc/lxc_controller.c (main): Likewise.
      * src/security/virt-aa-helper.c (main): Likewise.
      * src/util/iohelper.c (main): Likewise.
      * tests/seclabeltest.c (main): Likewise.
      * tests/testutils.c (virtTestMain): Likewise.
      * tests/viratomictest.c (mymain): Likewise.
      87de27b7
  13. 30 7月, 2012 3 次提交
    • D
      Add handling for reboots of LXC containers · cb612ee4
      Daniel P. Berrange 提交于
      The reboot() syscall is allowed by new kernels for LXC containers.
      The LXC controller can detect whether a reboot was requested
      (instead of a normal shutdown) by looking at the "init" process
      exit status. If a reboot was triggered, the exit status will
      record SIGHUP as the kill reason.
      
      The LXC controller has cleared all its capabilities, and the
      veth network devices will no longer exist at this time. Thus
      it cannot restart the container init process itself. Instead
      it emits an event which is picked up by the LXC driver in
      libvirtd. This will then re-create the container, using the
      same configuration as it was previously running with (ie it
      will not activate 'newDef').
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      cb612ee4
    • D
      Run an RPC protocol over the LXC controller monitor · 9117fcb2
      Daniel P. Berrange 提交于
      This defines a new RPC protocol to be used between the LXC
      controller and the libvirtd LXC driver. There is only a
      single RPC message defined thus far, an asynchronous "EXIT"
      event that is emitted just before the LXC controller process
      exits. This provides the LXC driver with details about how
      the container shutdown - normally, or abnormally (crashed),
      thus allowing the driver to emit better libvirt events.
      
      Emitting the event in the LXC controller requires a few
      little tricks with the RPC service. Simply calling the
      virNetServiceClientSendMessage does not work, since this
      merely queues the message for asynchronous processing.
      In addition the main event loop is no longer running at
      the point the event is emitted, so no I/O is processed.
      
      Thus after invoking virNetServiceClientSendMessage it is
      necessary to mark the client as being in "delayed close"
      mode. Then the event loop is run again, until the client
      completes its close - this happens only after the queued
      message has been fully transmitted. The final complexity
      is that it is not safe to run virNetServerQuit() from the
      client close callback, since that is invoked from a
      context where the server is locked. Thus a zero-second
      timer is used to trigger shutdown of the event loop,
      causing the controller to finally exit.
      
      * src/Makefile.am: Add rules for generating RPC protocol
        files and dispatch methods
      * src/lxc/lxc_controller.c: Emit an RPC event immediately
        before exiting
      * src/lxc/lxc_domain.h: Record the shutdown reason
        given by the controller
      * src/lxc/lxc_monitor.c, src/lxc/lxc_monitor.h: Register
        RPC program and event handler. Add callback to let
        driver receive EXIT event.
      * src/lxc/lxc_process.c: Use monitor exit event to decide
        what kind of domain event to emit
      * src/lxc/lxc_protocol.x: Define wire protocol for LXC
        controller monitor.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      9117fcb2
    • D
      Replace use of lxcError with virReportError · 4343fee0
      Daniel P. Berrange 提交于
      Update all LXC code to use virReportError instead of the custom
      lxcError macro
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4343fee0
  14. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  15. 19 7月, 2012 1 次提交
  16. 11 7月, 2012 1 次提交
    • D
      Fix shutdown of LXC controller · 97d7f02d
      Daniel P. Berrange 提交于
      Since we are not yet using the virNetServerPtr object for running
      the event loop, we can't use virNetServerQuit(). Instead set the
      global 'quit' flag in libvirt_lxc
      97d7f02d
  17. 05 7月, 2012 12 次提交
  18. 21 6月, 2012 1 次提交
    • J
      Initialize random generator in lxc controller · 57349ffc
      Jim Fehlig 提交于
      The lxc contoller eventually makes use of virRandomBits(), which was
      segfaulting since virRandomInitialize() is never invoked.
      
      Program received signal SIGSEGV, Segmentation fault.
      0x00007ffff554d560 in random_r () from /lib64/libc.so.6
      (gdb) bt
      0  0x00007ffff554d560 in random_r () from /lib64/libc.so.6
      1  0x0000000000469eaa in virRandomBits (nbits=32) at util/virrandom.c:80
      2  0x000000000045bf69 in virHashCreateFull (size=256,
          dataFree=0x4aa2a2 <hashDataFree>, keyCode=0x45bd40 <virHashStrCode>,
          keyEqual=0x45bdad <virHashStrEqual>, keyCopy=0x45bdfa <virHashStrCopy>,
          keyFree=0x45be37 <virHashStrFree>) at util/virhash.c:134
      3  0x000000000045c069 in virHashCreate (size=0, dataFree=0x4aa2a2 <hashDataFree>)
          at util/virhash.c:164
      4  0x00000000004aa562 in virNWFilterHashTableCreate (n=0)
          at conf/nwfilter_params.c:686
      5  0x00000000004aa95b in virNWFilterParseParamAttributes (cur=0x711d30)
          at conf/nwfilter_params.c:793
      6  0x0000000000481a7f in virDomainNetDefParseXML (caps=0x702c90, node=0x7116b0,
          ctxt=0x7101b0, bootMap=0x0, flags=0) at conf/domain_conf.c:4589
      7  0x000000000048cc36 in virDomainDefParseXML (caps=0x702c90, xml=0x710040,
          root=0x7103b0, ctxt=0x7101b0, expectedVirtTypes=16, flags=0)
          at conf/domain_conf.c:8658
      8  0x000000000048f011 in virDomainDefParseNode (caps=0x702c90, xml=0x710040,
          root=0x7103b0, expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9360
      9  0x000000000048ee30 in virDomainDefParse (xmlStr=0x0,
          filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", caps=0x702c90,
          expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9310
      10 0x000000000048ef00 in virDomainDefParseFile (caps=0x702c90,
          filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", expectedVirtTypes=16, flags=0)
          at conf/domain_conf.c:9332
      11 0x0000000000425053 in main (argc=5, argv=0x7fffffffe2b8)
          at lxc/lxc_controller.c:1773
      57349ffc
  19. 16 5月, 2012 2 次提交
  20. 01 5月, 2012 2 次提交
    • D
      Ensure logging is initialized early in libvirt_lxc · 43ee9873
      Daniel P. Berrange 提交于
      The virLogSetFromEnv call was done too late in startup to
      catch many log messages (eg from security driver initialization).
      To assist debugging also explicitly log the security details
      at startup
      43ee9873
    • D
      Ensure libvirt_lxc process loads the live XML config · eb06375a
      Daniel P. Berrange 提交于
      Currently the libvirt_lxc process uses VIR_DOMAIN_XML_INACTIVE
      when loading the XML for the container. This means it loses
      any dynamic data such as the, just allocated, SELinux label.
      
      Further there is an inconsistency in the libvirt LXC driver
      whereby it saves the live config XML and then later overwrites
      the file with the live status XML instead. Add a comment about
      this for future reference.
      
      * src/lxc/lxc_controller.c: Remove VIR_DOMAIN_XML_INACTIVE
        when loading XML
      * src/lxc/lxc_driver.c: Add comment about inconsistent
        config file formats
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      eb06375a
  21. 28 4月, 2012 1 次提交
    • S
      lxc: Fix coverity findings · f74471de
      Stefan Berger 提交于
      Error: UNINIT:
      /libvirt/src/lxc/lxc_driver.c:1412:
      var_decl: Declaring variable "fd" without initializer.
      /libvirt/src/lxc/lxc_driver.c:1460:
      uninit_use_in_call: Using uninitialized value "fd" when calling "virFileClose".
      /libvirt/src/util/virfile.c:50:
      read_parm: Reading a parameter value.
      
      Error: DEADCODE:
      /libvirt/src/lxc/lxc_controller.c:960:
      dead_error_condition: On this path, the condition "ret == 4" cannot be true.
      /libvirt/src/lxc/lxc_controller.c:959:
      at_most: After this line, the value of "ret" is at most -1.
      /libvirt/src/lxc/lxc_controller.c:959:
      new_values: Noticing condition "ret < 0".
      /libvirt/src/lxc/lxc_controller.c:961:
      dead_error_line: Execution cannot reach this statement "continue;".
      
      Error: UNINIT:
      /libvirt/src/lxc/lxc_controller.c:1104:
      var_decl: Declaring variable "consoles" without initializer.
      /libvirt/src/lxc/lxc_controller.c:1237:
      uninit_use: Using uninitialized value "consoles".
      f74471de