- 22 11月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the LXC driver logs audit messages when a container is started or stopped. These audit messages, however, contain the PID of the libvirt_lxc supervisor process. To enable sysadmins to correlate with audit messages generated by processes /inside/ the container, we need to include the container init process PID. We can't do this in the main 'start' audit message, since the init PID is not available at that point. Instead we output a completely new audit record, that lists both PIDs. type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success' Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC controller code currently directly invokes the libvirt main loop code. The problem is that this misses the cleanup of virNetServerClient connections that virNetServerRun takes care of. The result is that when libvirtd is stopped, the libvirt_lxc controller process gets stuck in a I/O loop. When libvirtd is then started again, it fails to connect to the controller and thus kills off the entire domain. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 15 11月, 2012 1 次提交
-
-
由 Viktor Mihajlovski 提交于
The drivers for QEMU and LXC use virNodeGetInfo only to determine the number of host CPUs. On Linux hosts nodeGetCPUCount has less overhead.
-
- 14 11月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The lack of initialization of 'opts' caused a SEGV in the cleanup: path if the root->src directory did not exist
-
- 16 10月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add two new APIs virNetServerClientNewPostExecRestart and virNetServerClientPreExecRestart which allow a virNetServerClientPtr object to be created from a JSON object and saved to a JSON object, for the purpose of re-exec'ing a process. This includes serialization of the connected socket associated with the client Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 27 9月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Many parts of virDomainDefPtr were using 'int' variables as array length counts. Replace all these with size_t and update various format strings & API signatures to adapt Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 26 9月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Continue consolidation of process functions by moving some helpers out of command.{c,h} into virprocess.{c,h} Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Change "Pid" to "Process" to align with the virProcessKill API naming prefix Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 18 9月, 2012 3 次提交
- 21 8月, 2012 1 次提交
-
-
由 Marcelo Cerri 提交于
This patch updates the structures that store information about each domain and each hypervisor to support multiple security labels and drivers. It also updates all the remaining code to use the new fields. Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
-
- 15 8月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Currently there is a hook function that is invoked when a new client connection comes in, which allows an app to setup private data. This setup will make it difficult to serialize client state during process re-exec(). Change to a model where the app registers a callback when creating the virNetServerPtr instance, which is used to allocate the client private data immediately during virNetClientPtr construction. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 07 8月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Make all the virNetServer* objects use the virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 06 8月, 2012 1 次提交
-
-
由 Eric Blake 提交于
All callers used the same initialization seed (well, the new viratomictest forgot to look at getpid()); so we might as well make this value automatic. And while it may feel like we are giving up functionality, I documented how to get it back in the unlikely case that you actually need to debug with a fixed pseudo-random sequence. I left that crippled by default, so that a stray environment variable doesn't cause a lack of randomness to become a security issue. * src/util/virrandom.c (virRandomInitialize): Rename... (virRandomOnceInit): ...and make static, with one-shot call. Document how to do fixed-seed debugging. * src/util/virrandom.h (virRandomInitialize): Drop prototype. * src/libvirt_private.syms (virrandom.h): Don't export it. * src/libvirt.c (virInitialize): Adjust caller. * src/lxc/lxc_controller.c (main): Likewise. * src/security/virt-aa-helper.c (main): Likewise. * src/util/iohelper.c (main): Likewise. * tests/seclabeltest.c (main): Likewise. * tests/testutils.c (virtTestMain): Likewise. * tests/viratomictest.c (mymain): Likewise.
-
- 30 7月, 2012 3 次提交
-
-
由 Daniel P. Berrange 提交于
The reboot() syscall is allowed by new kernels for LXC containers. The LXC controller can detect whether a reboot was requested (instead of a normal shutdown) by looking at the "init" process exit status. If a reboot was triggered, the exit status will record SIGHUP as the kill reason. The LXC controller has cleared all its capabilities, and the veth network devices will no longer exist at this time. Thus it cannot restart the container init process itself. Instead it emits an event which is picked up by the LXC driver in libvirtd. This will then re-create the container, using the same configuration as it was previously running with (ie it will not activate 'newDef'). Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This defines a new RPC protocol to be used between the LXC controller and the libvirtd LXC driver. There is only a single RPC message defined thus far, an asynchronous "EXIT" event that is emitted just before the LXC controller process exits. This provides the LXC driver with details about how the container shutdown - normally, or abnormally (crashed), thus allowing the driver to emit better libvirt events. Emitting the event in the LXC controller requires a few little tricks with the RPC service. Simply calling the virNetServiceClientSendMessage does not work, since this merely queues the message for asynchronous processing. In addition the main event loop is no longer running at the point the event is emitted, so no I/O is processed. Thus after invoking virNetServiceClientSendMessage it is necessary to mark the client as being in "delayed close" mode. Then the event loop is run again, until the client completes its close - this happens only after the queued message has been fully transmitted. The final complexity is that it is not safe to run virNetServerQuit() from the client close callback, since that is invoked from a context where the server is locked. Thus a zero-second timer is used to trigger shutdown of the event loop, causing the controller to finally exit. * src/Makefile.am: Add rules for generating RPC protocol files and dispatch methods * src/lxc/lxc_controller.c: Emit an RPC event immediately before exiting * src/lxc/lxc_domain.h: Record the shutdown reason given by the controller * src/lxc/lxc_monitor.c, src/lxc/lxc_monitor.h: Register RPC program and event handler. Add callback to let driver receive EXIT event. * src/lxc/lxc_process.c: Use monitor exit event to decide what kind of domain event to emit * src/lxc/lxc_protocol.x: Define wire protocol for LXC controller monitor. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Update all LXC code to use virReportError instead of the custom lxcError macro Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 19 7月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Move the cgroup setup code out of the lxc_controller.c file and into lxc_cgroup.{c,h}. This reduces the size of the lxc_controller.c file and paves the way to invoke cgroup setup from lxc_driver.c instead of lxc_controller.c in the future Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 11 7月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Since we are not yet using the virNetServerPtr object for running the event loop, we can't use virNetServerQuit(). Instead set the global 'quit' flag in libvirt_lxc
-
- 05 7月, 2012 12 次提交
-
-
由 Daniel P. Berrange 提交于
In preparation for introducing a full RPC protocol for libvirt_lxc, switch over to using the virNetServer APIs for the monitor connection Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
While it is not currently used elsewhere in libvirt, the code for finding a free loop device & associating a file with it is not LXC specific. Move it into the viffile.{c,h} file where potentially shared code is more commonly kept. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the cgroup object into virLXCControllerPtr and rename all the setup methods to include 'Cgroup' in their name if appropriate Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the monitor FDs into the virLXCControllerPtr object removing the need for the 'struct lxcMonitor' object Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virLXCControllerRun method is getting a little too large, and about 50% of its code is related to setting up a /dev/pts mount. Move the latter out into a dedicated method Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the security manager object into the virLXCControllerPtr object. Also simplify the code creating it in the first place Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the list of loop device FDs into the virLXCControllerPtr object and make sure that virLXCControllerStopInit will close them all Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Keep the FD used to handshake with the libvirtd daemon in the virLXCControllerPtr object. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Turn 'struct lxc_console' into virLXCControllerConsolePtr and make it a part of virLXCControllerPtr Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Keep a record of the init PID in the virLXCController object and create a virLXCControllerStopInit method for killing this process Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the veth device name state into the virLXCControllerPtr object and stop passing it around. Also use size_t instead of unsigned int for the array length parameters. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC controller code is having to pass around an ever increasing number of parameters between methods. To make the code more managable introduce a virLXCControllerPtr to hold all this state, starting with the container name and virDomainDefPtr object Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 6月, 2012 1 次提交
-
-
由 Jim Fehlig 提交于
The lxc contoller eventually makes use of virRandomBits(), which was segfaulting since virRandomInitialize() is never invoked. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff554d560 in random_r () from /lib64/libc.so.6 (gdb) bt 0 0x00007ffff554d560 in random_r () from /lib64/libc.so.6 1 0x0000000000469eaa in virRandomBits (nbits=32) at util/virrandom.c:80 2 0x000000000045bf69 in virHashCreateFull (size=256, dataFree=0x4aa2a2 <hashDataFree>, keyCode=0x45bd40 <virHashStrCode>, keyEqual=0x45bdad <virHashStrEqual>, keyCopy=0x45bdfa <virHashStrCopy>, keyFree=0x45be37 <virHashStrFree>) at util/virhash.c:134 3 0x000000000045c069 in virHashCreate (size=0, dataFree=0x4aa2a2 <hashDataFree>) at util/virhash.c:164 4 0x00000000004aa562 in virNWFilterHashTableCreate (n=0) at conf/nwfilter_params.c:686 5 0x00000000004aa95b in virNWFilterParseParamAttributes (cur=0x711d30) at conf/nwfilter_params.c:793 6 0x0000000000481a7f in virDomainNetDefParseXML (caps=0x702c90, node=0x7116b0, ctxt=0x7101b0, bootMap=0x0, flags=0) at conf/domain_conf.c:4589 7 0x000000000048cc36 in virDomainDefParseXML (caps=0x702c90, xml=0x710040, root=0x7103b0, ctxt=0x7101b0, expectedVirtTypes=16, flags=0) at conf/domain_conf.c:8658 8 0x000000000048f011 in virDomainDefParseNode (caps=0x702c90, xml=0x710040, root=0x7103b0, expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9360 9 0x000000000048ee30 in virDomainDefParse (xmlStr=0x0, filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", caps=0x702c90, expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9310 10 0x000000000048ef00 in virDomainDefParseFile (caps=0x702c90, filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9332 11 0x0000000000425053 in main (argc=5, argv=0x7fffffffe2b8) at lxc/lxc_controller.c:1773
-
- 16 5月, 2012 2 次提交
-
-
由 Daniel Walsh 提交于
Instead of hardcoding use of SELinux contexts in the LXC driver, switch over to using the official security driver API. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
To allow the security drivers to apply different configuration information per hypervisor, pass the virtualization driver name into the security manager constructor. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 01 5月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
The virLogSetFromEnv call was done too late in startup to catch many log messages (eg from security driver initialization). To assist debugging also explicitly log the security details at startup
-
由 Daniel P. Berrange 提交于
Currently the libvirt_lxc process uses VIR_DOMAIN_XML_INACTIVE when loading the XML for the container. This means it loses any dynamic data such as the, just allocated, SELinux label. Further there is an inconsistency in the libvirt LXC driver whereby it saves the live config XML and then later overwrites the file with the live status XML instead. Add a comment about this for future reference. * src/lxc/lxc_controller.c: Remove VIR_DOMAIN_XML_INACTIVE when loading XML * src/lxc/lxc_driver.c: Add comment about inconsistent config file formats Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 28 4月, 2012 1 次提交
-
-
由 Stefan Berger 提交于
Error: UNINIT: /libvirt/src/lxc/lxc_driver.c:1412: var_decl: Declaring variable "fd" without initializer. /libvirt/src/lxc/lxc_driver.c:1460: uninit_use_in_call: Using uninitialized value "fd" when calling "virFileClose". /libvirt/src/util/virfile.c:50: read_parm: Reading a parameter value. Error: DEADCODE: /libvirt/src/lxc/lxc_controller.c:960: dead_error_condition: On this path, the condition "ret == 4" cannot be true. /libvirt/src/lxc/lxc_controller.c:959: at_most: After this line, the value of "ret" is at most -1. /libvirt/src/lxc/lxc_controller.c:959: new_values: Noticing condition "ret < 0". /libvirt/src/lxc/lxc_controller.c:961: dead_error_line: Execution cannot reach this statement "continue;". Error: UNINIT: /libvirt/src/lxc/lxc_controller.c:1104: var_decl: Declaring variable "consoles" without initializer. /libvirt/src/lxc/lxc_controller.c:1237: uninit_use: Using uninitialized value "consoles".
-