1. 22 10月, 2010 9 次提交
    • D
      Remove all use of inet_pton and inet_ntop · a8ae7d19
      Daniel P. Berrange 提交于
      The  inet_pton and inet_ntop functions are obsolete, replaced
      by getaddrinfo+getnameinfo with the AI_NUMERICHOST flag set.
      These can be accessed via the virSocket APIs.
      
      The bridge.c code had methods for fetching the IP address of
      a bridge which used inet_ntop. Aside from the use of inet_ntop
      these methods are broken, because a NIC can have multiple
      addresses and this only returns one address. Since the methods
      are never used, just remove them.
      
      * src/conf/network_conf.c, src/nwfilter/nwfilter_learnipaddr.c:
        Replace inet_pton and inet_ntop with virSocket APIs
      * src/util/bridge.c, src/util/bridge.h: Remove unused methods
        which called inet_ntop.
      a8ae7d19
    • D
      Remove both addrToString methods · 640c5f19
      Daniel P. Berrange 提交于
      The addrToString functionality is now available via the
      virSocketFormatAddrFull method.
      
      * daemon/remote.c, src/remote/remote_driver.c: Remove
        addrToString methods
      640c5f19
    • D
      Fix error reporting for virSocketParse · 179c4be0
      Daniel P. Berrange 提交于
      The virSocketParse method was not doing any error reporting
      which meant the true cause of the problem was lost. Remove
      all error reporting from callers, and push it into virSocketParse
      
      * src/util/network.c: Add error reporting to virSocketParse
      * src/conf/domain_conf.c, src/conf/network_conf.c,
        src/network/bridge_driver.c: Remove error reporting in
        callers of virSocketParse
      179c4be0
    • D
      Expand virSocketFormat to be more flexible · 497adba2
      Daniel P. Berrange 提交于
      The getnameinfo() function is more flexible than inet_ntop()
      avoiding the need to if/else the code based on socket family.
      Also make it support UNIX socket addrs and allow inclusion
      of a port (service) address. Finally do proper error reporting
      via normal APIs.
      
      * src/conf/domain_conf.c, src/nwfilter/nwfilter_ebiptables_driver.c,
        src/qemu/qemu_conf.c: Fix error handling with virSocketFormat
      * src/util/network.c: Rewrite virSocketFormat to use getnameinfo
        and cope with UNIX socket addrs.
      497adba2
    • D
      Remove pointless nwIPAddress struct & void *casts · 7ab7d17b
      Daniel P. Berrange 提交于
      The nwIPAddress was simply a wrapper about virSocketAddr.
      Just use the latter directly, removing all the extra field
      de-references from code & helper APIs for parsing/formatting.
      
      Also remove all the redundant casts from strong types to
      void * and then immediately back to strong types.
      
      * src/conf/nwfilter_conf.h: Remove nwIPAddress
      * src/conf/nwfilter_conf.c, src/nwfilter/nwfilter_ebiptables_driver.c:
        Update to use virSocketAddr and remove void * casts.
      7ab7d17b
    • D
      Fix netmask checks for IPv6 in virSocketCheckNetmask · f4b54aa0
      Daniel P. Berrange 提交于
      There was a typo in the IPv6 path of virSocketCheckNetmask which
      caused it to never execute.
      
      * src/util/network.c: s/AF_INET/AF_INET6/ in virSocketCheckNetmask
      f4b54aa0
    • D
      Fix passing of address family to virSocketParseAddr · 746c3364
      Daniel P. Berrange 提交于
      The virSocketParseAddr function was accepting any AF_* constant
      and using that to set the ai_flags field in struct addrinfo.
      This is invalid, since address families must go in the ai_family
      field of the struct.
      
      * src/util/network.c: Fix handling of address family
      * src/conf/network_conf.c, src/network/bridge_driver.c: Pass
        AF_UNSPEC instead of relying on it being 0.
      746c3364
    • D
      Include length with virSocketAddr data · af3d4eec
      Daniel P. Berrange 提交于
      Some operations on socket addresses need to know the length of
      the sockaddr struct for the particular address family. This
      info was being discarded when passing around virSocketAddr
      instances. Turn it from a union into a struct containing
      union+socklen_t fields, so length is always kept around.
      
      * src/util/network.h: Add socklen_t field to virSocketAddr
      * src/util/network.c, src/network/bridge_driver.c,
        src/conf/domain_conf.c: Update to take account of new
        struct definition.
      af3d4eec
    • D
      Remove useless code in error path of getnameinfo() · 9e42b40a
      Daniel P. Berrange 提交于
      If getnameinfo() with NI_NUMERICHOST set fails, there are no
      grounds to expect inet_ntop to succeed, since these calls
      are functionally equivalent. Remove useless inet_ntop code
      in the getnameinfo() error path.
      
      * daemon/remote.c, src/remote/remote_driver.c: Remove
        calls to inet_ntop
      9e42b40a
  2. 21 10月, 2010 6 次提交
  3. 20 10月, 2010 21 次提交
    • J
      Add process= support for 'qemu-kvm -name' · c08c7b01
      John Morrissey 提交于
      This sets the process name to the same value as the Windows title,
      but since the name is limited to 16 chars only this is kept as a
      configuration option and turned off by default
      * src/qemu/qemu.conf src/qemu/qemu_conf.[ch]: hceck for support in the
        QEmu help output, add the option in qemu conf file and augment
        qemudBuildCommandLine to add it if switched on
      * src/qemu/libvirtd_qemu.aug src/qemu/test_libvirtd_qemu.aug: augment
        the augeas lenses accordingly
      * tests/qemuhelptest.c: cope with the extra flag being detected now
      c08c7b01
    • S
      nwfilter: avoid dir. enforcement for certain types of rules · c2fbdf10
      Stefan Berger 提交于
       Avoid the enforcement of direction if
      - icmp rules specify the type/code information
      - the 'skipMatch' variable is set to 'true'
      c2fbdf10
    • G
      Don't fail lxc domain start when memory controller support is missing · 679b464b
      Guido Günther 提交于
      Debian stock kernel has CONFIG_CGROUP_MEM_RES_CTLR disabled due to the
      overhead [1]. Allow to start containers if the corresponding files in
      the cgroup filesystem are missing. This fixes Debian bug #566180 [2].
      
      [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534964
      [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566180
      679b464b
    • M
      83e57114
    • D
      Fix symbol exports & remove duplicated libvirt_util.la linkage · 9bd3cce0
      Daniel P. Berrange 提交于
      The libvirt_util.la library was mistakenly linked into libvirtd
      directly. Since libvirt_util.la is already linked to libvirt.so,
      this resulted in libvirtd getting two copies of the code and
      more critically 2 copies of static global variables.
      
      Testing in turn exposed a issue with loadable modules. The
      gnulib replacement functions are not exported to loadable
      modules. Rather than trying to figure out the name sof all
      gnulib functions & export them, just linkage all loadable
      modules against libgnu.la statically.
      
      * daemon/Makefile.am: Remove linkage of libvirt_util.la
        and libvirt_driver.la
      * src/Makefile.am: Link driver modules against libgnu.la
      * src/libvirt.c: Don't try to load modules which were
        compiled out
      * src/libvirt_private.syms: Export all other internal
        symbols that are required  by drivers
      9bd3cce0
    • M
      Audit SELinux label assignment. · b8e2de88
      Miloslav Trmač 提交于
      A more natural auditing point would perhaps be
      SELinuxSetSecurityProcessLabel, but this happens in the child after root
      permissions are dropped, so the kernel would refuse the audit record.
      b8e2de88
    • M
      Audit VM start/stop/suspend/resume · a8b5f9bd
      Miloslav Trmač 提交于
      Most operations are audited at the libvirtd level; auditing in
      src/libvirt.c would result in two audit entries per operation (one in
      the client, one in libvirtd).
      
      The only exception is a domain stopping of its own will (e.g. because
      the user clicks on "shutdown" inside the interface).  There can often be
      no client connected at the time the domain stops, so libvirtd does not
      have any virConnectPtr object on which to attach an event watch.  This
      patch therefore adds auditing directly inside the qemu driver (other
      drivers are not supported).
      a8b5f9bd
    • D
      Basic framework for auditing integration · 8f680ad3
      Daniel P. Berrange 提交于
      Integrate with libaudit.so for auditing of important operations.
      libvirtd gains a couple of config entries for auditing. By
      default it will enable auditing, if its enabled on the host.
      It can be configured to force exit if auditing is disabled
      on the host. It will can also send audit messages via libvirt
      internal logging API
      
      Places requiring audit reporting can use the VIR_AUDIT
      macro to report data. This is a no-op unless auditing is
      enabled
      
      * autobuild.sh, mingw32-libvirt.spec.in: Disable audit
        on mingw
      * configure.ac: Add check for libaudit
      * daemon/libvirtd.aug, daemon/libvirtd.conf,
        daemon/test_libvirtd.aug, daemon/libvirtd.c: Add config
        options to enable auditing
      * include/libvirt/virterror.h, src/util/virterror.c: Add
        VIR_FROM_AUDIT source
      * libvirt.spec.in: Enable audit
      * src/util/virtaudit.h, src/util/virtaudit.c: Simple internal
        API for auditing messages
      8f680ad3
    • E
      vcpu: remove dead xen code · b0137887
      Eric Blake 提交于
      * src/xen/xen_driver.h (xenUnifiedDriver): Remove now-unused
      domainGetMaxVcpus, domainSetVcpus.
      * src/xen/proxy_internal.c (xenProxyDriver): Likewise.
      * src/xen/xen_hypervisor.c (xenHypervisorDriver): Likewise.
      * src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
      * src/xen/xend_internal.c (xenDaemonDriver)
      (xenDaemonDomainSetVcpus): Likewise.
      * src/xen/xm_internal.c (xenXMDriver, xenXMDomainSetVcpus):
      Likewise.
      * src/xen/xs_internal.c (xenStoreDriver): Likewise.
      b0137887
    • E
      vcpu: improve support for setting xen vcpu counts · e443a003
      Eric Blake 提交于
      Tested with RHEL 5.6 (xendConfigVersion 2, where xend_internal
      controls live domains and xm_internal controls inactive domains).
      Hopefully this works with xendConfigVersion 3 (where xend_internal
      controls everything).
      
      * src/xen/xen_driver.c (xenUnifiedDomainSetVcpusFlags): Support
      more flags.
      (xenUnifiedGetMaxVcpus): Export.
      * src/xen/xm_internal.h (xenXMDomainSetVcpusFlags): New prototype.
      * src/xen/xend_internal.h (xenDaemonDomainSetVcpusFlags): Likewise.
      * src/xen/xen_driver.h (xenUnifiedGetMaxVcpus): Likewise.
      * src/xen/xm_internal.c (xenXMDomainSetVcpusFlags): New function.
      * src/xen/xend_internal.c (xenDaemonDomainSetVcpusFlags): Likewise.
      e443a003
    • E
      vcpu: improve support for getting xen vcpu counts · 290ea331
      Eric Blake 提交于
      * src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Support
      more flags.
      * src/xen/xend_internal.h (xenDaemonDomainGetVcpusFlags): New
      prototype.
      * src/xen/xm_internal.h (xenXMDomainGetVcpusFlags): Likewise.
      * src/xen/xend_internal.c (virDomainGetVcpusFlags): New function.
      * src/xen/xm_internal.c (xenXMDomainGetVcpusFlags): Likewise.
      290ea331
    • E
      vcpu: improve vcpu support in xen command line · 0fab10e5
      Eric Blake 提交于
      This patch series focuses on xendConfigVersion 2 (xm_internal) and 3
      (xend_internal), but leaves out changes for xenapi drivers.
      
      See this link for more details about vcpu_avail for xm usage.
      http://lists.xensource.com/archives/html/xen-devel/2009-11/msg01061.html
      
      This relies on the fact that def->maxvcpus can be at most 32 with xen.
      
      * src/xen/xend_internal.c (xenDaemonParseSxpr)
      (sexpr_to_xend_domain_info, xenDaemonFormatSxpr): Use vcpu_avail
      when current vcpus is less than maximum.
      * src/xen/xm_internal.c (xenXMDomainConfigParse)
      (xenXMDomainConfigFormat): Likewise.
      * tests/xml2sexprdata/xml2sexpr-pv-vcpus.sexpr: New file.
      * tests/sexpr2xmldata/sexpr2xml-pv-vcpus.sexpr: Likewise.
      * tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml: Likewise.
      * tests/xmconfigdata/test-paravirt-vcpu.cfg: Likewise.
      * tests/xmconfigdata/test-paravirt-vcpu.xml: Likewise.
      * tests/xml2sexprtest.c (mymain): New test.
      * tests/sexpr2xmltest.c (mymain): Likewise.
      * tests/xmconfigtest.c (mymain): Likewise.
      0fab10e5
    • E
      vcpu: complete vcpu support in qemu driver · 28a36059
      Eric Blake 提交于
      * src/qemu/qemu_driver.c (qemudDomainSetVcpusFlags)
      (qemudDomainGetVcpusFlags): Support all feasible flag
      combinations.
      28a36059
    • E
      vcpu: improve vcpu support in qemu command line · d67c189e
      Eric Blake 提交于
      * src/qemu/qemu_conf.c (qemuParseCommandLineSmp): Distinguish
      between vcpus and maxvcpus, for new enough qemu.
      * tests/qemuargv2xmltest.c (mymain): Add new test.
      * tests/qemuxml2argvtest.c (mymain): Likewise.
      * tests/qemuxml2xmltest.c (mymain): Likewise.
      * tests/qemuxml2argvdata/qemuxml2argv-smp.args: New file.
      d67c189e
    • E
      vcpu: support all flags in test driver · 6c9e6b95
      Eric Blake 提交于
      * src/test/test_driver.c (testDomainGetVcpusFlags)
      (testDomainSetVcpusFlags): Support all flags.
      (testDomainUpdateVCPUs): Update cpu count here.
      6c9e6b95
    • E
      vcpu: support maxvcpu in domain_conf · 4617eedf
      Eric Blake 提交于
      Although this patch adds a distinction between maximum vcpus and
      current vcpus in the XML, the values should be identical for all
      drivers at this point.  Only in subsequent per-driver patches will
      a distinction be made.
      
      In general, virDomainGetInfo should prefer the current vcpus.
      
      * src/conf/domain_conf.h (_virDomainDef): Adjust vcpus to unsigned
      short, to match virDomainGetInfo limit.  Add maxvcpus member.
      * src/conf/domain_conf.c (virDomainDefParseXML)
      (virDomainDefFormat): parse and print out vcpu details.
      * src/xen/xend_internal.c (xenDaemonParseSxpr)
      (xenDaemonFormatSxpr): Manage both vcpu numbers, and require them
      to be equal for now.
      * src/xen/xm_internal.c (xenXMDomainConfigParse)
      (xenXMDomainConfigFormat): Likewise.
      * src/phyp/phyp_driver.c (phypDomainDumpXML): Likewise.
      * src/openvz/openvz_conf.c (openvzLoadDomains): Likewise.
      * src/openvz/openvz_driver.c (openvzDomainDefineXML)
      (openvzDomainCreateXML, openvzDomainSetVcpusInternal): Likewise.
      * src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxDomainDefineXML):
      Likewise.
      * src/xenapi/xenapi_driver.c (xenapiDomainDumpXML): Likewise.
      * src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise.
      * src/esx/esx_vmx.c (esxVMX_ParseConfig, esxVMX_FormatConfig):
      Likewise.
      * src/qemu/qemu_conf.c (qemuBuildSmpArgStr)
      (qemuParseCommandLineSmp, qemuParseCommandLine): Likewise.
      * src/qemu/qemu_driver.c (qemudDomainHotplugVcpus): Likewise.
      * src/opennebula/one_conf.c (xmlOneTemplate): Likewise.
      4617eedf
    • E
      vcpu: make old API trivially wrap to new API · 50c51f13
      Eric Blake 提交于
      Note - this wrapping is completely mechanical; the old API will
      function identically, since the new API validates that the exact
      same flags are provided by the old API.  On a per-driver basis,
      it may make sense to have the old API pass a different set of flags,
      but that should be done in the per-driver patch that implements
      the full range of flag support in the new API.
      
      * src/esx/esx_driver.c (esxDomainSetVcpus, escDomainGetMaxVpcus):
      Move guts...
      (esxDomainSetVcpusFlags, esxDomainGetVcpusFlags): ...to new
      functions.
      (esxDriver): Trivially support the new API.
      * src/openvz/openvz_driver.c (openvzDomainSetVcpus)
      (openvzDomainSetVcpusFlags, openvzDomainGetMaxVcpus)
      (openvzDomainGetVcpusFlags, openvzDriver): Likewise.
      * src/phyp/phyp_driver.c (phypDomainSetCPU)
      (phypDomainSetVcpusFlags, phypGetLparCPUMAX)
      (phypDomainGetVcpusFlags, phypDriver): Likewise.
      * src/qemu/qemu_driver.c (qemudDomainSetVcpus)
      (qemudDomainSetVcpusFlags, qemudDomainGetMaxVcpus)
      (qemudDomainGetVcpusFlags, qemuDriver): Likewise.
      * src/test/test_driver.c (testSetVcpus, testDomainSetVcpusFlags)
      (testDomainGetMaxVcpus, testDomainGetVcpusFlags, testDriver):
      Likewise.
      * src/vbox/vbox_tmpl.c (vboxDomainSetVcpus)
      (vboxDomainSetVcpusFlags, virDomainGetMaxVcpus)
      (virDomainGetVcpusFlags, virDriver): Likewise.
      * src/xen/xen_driver.c (xenUnifiedDomainSetVcpus)
      (xenUnifiedDomainSetVcpusFlags, xenUnifiedDomainGetMaxVcpus)
      (xenUnifiedDomainGetVcpusFlags, xenUnifiedDriver): Likewise.
      * src/xenapi/xenapi_driver.c (xenapiDomainSetVcpus)
      (xenapiDomainSetVcpusFlags, xenapiDomainGetMaxVcpus)
      (xenapiDomainGetVcpusFlags, xenapiDriver): Likewise.
      (xenapiError): New helper macro.
      50c51f13
    • E
      vcpu: implement the remote protocol · eb826444
      Eric Blake 提交于
      Done by editing the first three files, then running
      'make -C src rpcgen', then editing src/remote_protocol-structs
      to match.
      
      * daemon/remote.c (remoteDispatchDomainSetVcpusFlags)
      (remoteDispatchDomainGetVcpusFlags): New functions.
      * src/remote/remote_driver.c (remoteDomainSetVcpusFlags)
      (remoteDomainGetVcpusFlags, remote_driver): Client side
      serialization.
      * src/remote/remote_protocol.x
      (remote_domain_set_vcpus_flags_args)
      (remote_domain_get_vcpus_flags_args)
      (remote_domain_get_vcpus_flags_ret)
      (REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
      (REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS): Define wire format.
      * daemon/remote_dispatch_args.h: Regenerate.
      * daemon/remote_dispatch_prototypes.h: Likewise.
      * daemon/remote_dispatch_table.h: Likewise.
      * src/remote/remote_protocol.c: Likewise.
      * src/remote/remote_protocol.h: Likewise.
      * src/remote_protocol-structs: Likewise.
      eb826444
    • E
      vcpu: implement the public APIs · 9d2c6079
      Eric Blake 提交于
      Factors common checks (such as nonzero vcpu count) up front, but
      drivers will still need to do additional flag checks.
      
      * src/libvirt.c (virDomainSetVcpusFlags, virDomainGetVcpusFlags):
      New functions.
      (virDomainSetVcpus, virDomainGetMaxVcpus): Refer to new API.
      9d2c6079
    • E
      vcpu: define internal driver API · dd255d64
      Eric Blake 提交于
      * src/driver.h (virDrvDomainSetVcpusFlags)
      (virDrvDomainGetVcpusFlags): New typedefs.
      (_virDriver): New callback members.
      * src/esx/esx_driver.c (esxDriver): Add stub for driver.
      * src/lxc/lxc_driver.c (lxcDriver): Likewise.
      * src/opennebula/one_driver.c (oneDriver): Likewise.
      * src/openvz/openvz_driver.c (openvzDriver): Likewise.
      * src/phyp/phyp_driver.c (phypDriver): Likewise.
      * src/qemu/qemu_driver.c (qemuDriver): Likewise.
      * src/remote/remote_driver.c (remote_driver): Likewise.
      * src/test/test_driver.c (testDriver): Likewise.
      * src/uml/uml_driver.c (umlDriver): Likewise.
      * src/vbox/vbox_tmpl.c (Driver): Likewise.
      * src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
      * src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.
      dd255d64
    • E
      vcpu: add new public API · ea3f5c68
      Eric Blake 提交于
      API agreed on in
      https://www.redhat.com/archives/libvir-list/2010-September/msg00456.html,
      but modified for enum names to be consistent with virDomainDeviceModifyFlags.
      
      * include/libvirt/libvirt.h.in (virDomainVcpuFlags)
      (virDomainSetVcpusFlags, virDomainGetVcpusFlags): New
      declarations.
      * src/libvirt_public.syms: Export new symbols.
      ea3f5c68
  4. 19 10月, 2010 4 次提交
    • S
      nwfilter: changes to rules in VM->host table · 7d79da24
      Stefan Berger 提交于
      In the table built for traffic coming from the VM going to the host make the following changes:
      
      - don't ACCEPT the packets but do a 'RETURN' and let the host-specific firewall rules in subsequent rules evaluate whether the traffic is allowed to enter
      
      - use the '-m state' in the rules as everywhere else
      7d79da24
    • M
      esx: Handle non-UTF-8 encoded VMX files · 1c616489
      Matthias Bolte 提交于
      ESX(i) uses UTF-8, but a Windows based GSX server writes
      Windows-1252 encoded VMX files.
      
      Add a test case to ensure that libxml2 provides Windows-1252
      to UTF-8 conversion.
      1c616489
    • S
      Introduce VIR_CLOSE to be used rather than close() · f04de501
      Stefan Berger 提交于
      Since bugs due to double-closed file descriptors are difficult to track down in a multi-threaded system, I am introducing the VIR_CLOSE(fd) macro to help avoid mistakes here.
      
      There are lots of places where close() is being used. In this patch I am only cleaning up usage of close() in src/conf where the problems were.
      
      I also dare to declare close() as being deprecated in libvirt code base (HACKING).
      f04de501
    • D
      root_squash: virFileOperation may fail with EPERM too · b2c9a879
      Dan Kenigsberg 提交于
      Over root-squashing nfs, when virFileOperation() is called as uid==0,
      it may fail with EACCES, but also with EPERM, due to
      virFileOperationNoFork()'s failed attemp to chown a writable file.
      
      qemudDomainSaveFlag() should expect this case, too.
      b2c9a879