- 21 12月, 2012 3 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 19 12月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Convert the host capabilities and domain config structs to use the virArch datatype. Update the parsers and all drivers to take account of datatype change Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 28 11月, 2012 1 次提交
-
-
由 Gao feng 提交于
this patch addes fuse support for libvirt lxc. we can use fuse filesystem to generate sysinfo dynamically, So we can isolate /proc/meminfo,cpuinfo and so on through fuse filesystem. we mount fuse filesystem for every container. the mount name is libvirt,mount point is localstatedir/run/libvirt/lxc/containername. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
- 26 11月, 2012 2 次提交
-
-
由 Peter Krempa 提交于
When no security driver is specified libvirt_lxc segfaults as a debug message tries to access security labels for the container that are not present. This problem was introduced in commit 6c3cf57d.
-
由 Peter Krempa 提交于
Early jumps to the cleanup label caused a crash of the libvirt_lxc container helper as the cleanup section called virLXCControllerDeleteInterfaces(ctrl) without checking the ctrl argument for NULL. The argument was de-referenced soon after. $ /usr/libexec/libvirt_lxc /usr/libexec/libvirt_lxc: missing --name argument for configuration Segmentation fault
-
- 23 11月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virLXCControllerClientCloseHook method was mistakenly assuming that the private data associated with the network client was the virLXCControllerPtr. In fact it was just a dummy int, so we were derefencing a bogus struct. The frequent result of this was that we would never quit, because we tried to arm a non-existant timer. Fix the code by removing the dummy private data and just using the virLXCControllerPtr instance as private data Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 22 11月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the LXC driver logs audit messages when a container is started or stopped. These audit messages, however, contain the PID of the libvirt_lxc supervisor process. To enable sysadmins to correlate with audit messages generated by processes /inside/ the container, we need to include the container init process PID. We can't do this in the main 'start' audit message, since the init PID is not available at that point. Instead we output a completely new audit record, that lists both PIDs. type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success' Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC controller code currently directly invokes the libvirt main loop code. The problem is that this misses the cleanup of virNetServerClient connections that virNetServerRun takes care of. The result is that when libvirtd is stopped, the libvirt_lxc controller process gets stuck in a I/O loop. When libvirtd is then started again, it fails to connect to the controller and thus kills off the entire domain. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 15 11月, 2012 1 次提交
-
-
由 Viktor Mihajlovski 提交于
The drivers for QEMU and LXC use virNodeGetInfo only to determine the number of host CPUs. On Linux hosts nodeGetCPUCount has less overhead.
-
- 14 11月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The lack of initialization of 'opts' caused a SEGV in the cleanup: path if the root->src directory did not exist
-
- 16 10月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add two new APIs virNetServerClientNewPostExecRestart and virNetServerClientPreExecRestart which allow a virNetServerClientPtr object to be created from a JSON object and saved to a JSON object, for the purpose of re-exec'ing a process. This includes serialization of the connected socket associated with the client Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 27 9月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Many parts of virDomainDefPtr were using 'int' variables as array length counts. Replace all these with size_t and update various format strings & API signatures to adapt Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 26 9月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Continue consolidation of process functions by moving some helpers out of command.{c,h} into virprocess.{c,h} Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Change "Pid" to "Process" to align with the virProcessKill API naming prefix Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 18 9月, 2012 3 次提交
- 21 8月, 2012 1 次提交
-
-
由 Marcelo Cerri 提交于
This patch updates the structures that store information about each domain and each hypervisor to support multiple security labels and drivers. It also updates all the remaining code to use the new fields. Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
-
- 15 8月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Currently there is a hook function that is invoked when a new client connection comes in, which allows an app to setup private data. This setup will make it difficult to serialize client state during process re-exec(). Change to a model where the app registers a callback when creating the virNetServerPtr instance, which is used to allocate the client private data immediately during virNetClientPtr construction. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 07 8月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Make all the virNetServer* objects use the virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 06 8月, 2012 1 次提交
-
-
由 Eric Blake 提交于
All callers used the same initialization seed (well, the new viratomictest forgot to look at getpid()); so we might as well make this value automatic. And while it may feel like we are giving up functionality, I documented how to get it back in the unlikely case that you actually need to debug with a fixed pseudo-random sequence. I left that crippled by default, so that a stray environment variable doesn't cause a lack of randomness to become a security issue. * src/util/virrandom.c (virRandomInitialize): Rename... (virRandomOnceInit): ...and make static, with one-shot call. Document how to do fixed-seed debugging. * src/util/virrandom.h (virRandomInitialize): Drop prototype. * src/libvirt_private.syms (virrandom.h): Don't export it. * src/libvirt.c (virInitialize): Adjust caller. * src/lxc/lxc_controller.c (main): Likewise. * src/security/virt-aa-helper.c (main): Likewise. * src/util/iohelper.c (main): Likewise. * tests/seclabeltest.c (main): Likewise. * tests/testutils.c (virtTestMain): Likewise. * tests/viratomictest.c (mymain): Likewise.
-
- 30 7月, 2012 3 次提交
-
-
由 Daniel P. Berrange 提交于
The reboot() syscall is allowed by new kernels for LXC containers. The LXC controller can detect whether a reboot was requested (instead of a normal shutdown) by looking at the "init" process exit status. If a reboot was triggered, the exit status will record SIGHUP as the kill reason. The LXC controller has cleared all its capabilities, and the veth network devices will no longer exist at this time. Thus it cannot restart the container init process itself. Instead it emits an event which is picked up by the LXC driver in libvirtd. This will then re-create the container, using the same configuration as it was previously running with (ie it will not activate 'newDef'). Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This defines a new RPC protocol to be used between the LXC controller and the libvirtd LXC driver. There is only a single RPC message defined thus far, an asynchronous "EXIT" event that is emitted just before the LXC controller process exits. This provides the LXC driver with details about how the container shutdown - normally, or abnormally (crashed), thus allowing the driver to emit better libvirt events. Emitting the event in the LXC controller requires a few little tricks with the RPC service. Simply calling the virNetServiceClientSendMessage does not work, since this merely queues the message for asynchronous processing. In addition the main event loop is no longer running at the point the event is emitted, so no I/O is processed. Thus after invoking virNetServiceClientSendMessage it is necessary to mark the client as being in "delayed close" mode. Then the event loop is run again, until the client completes its close - this happens only after the queued message has been fully transmitted. The final complexity is that it is not safe to run virNetServerQuit() from the client close callback, since that is invoked from a context where the server is locked. Thus a zero-second timer is used to trigger shutdown of the event loop, causing the controller to finally exit. * src/Makefile.am: Add rules for generating RPC protocol files and dispatch methods * src/lxc/lxc_controller.c: Emit an RPC event immediately before exiting * src/lxc/lxc_domain.h: Record the shutdown reason given by the controller * src/lxc/lxc_monitor.c, src/lxc/lxc_monitor.h: Register RPC program and event handler. Add callback to let driver receive EXIT event. * src/lxc/lxc_process.c: Use monitor exit event to decide what kind of domain event to emit * src/lxc/lxc_protocol.x: Define wire protocol for LXC controller monitor. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Update all LXC code to use virReportError instead of the custom lxcError macro Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 19 7月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Move the cgroup setup code out of the lxc_controller.c file and into lxc_cgroup.{c,h}. This reduces the size of the lxc_controller.c file and paves the way to invoke cgroup setup from lxc_driver.c instead of lxc_controller.c in the future Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 11 7月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Since we are not yet using the virNetServerPtr object for running the event loop, we can't use virNetServerQuit(). Instead set the global 'quit' flag in libvirt_lxc
-
- 05 7月, 2012 10 次提交
-
-
由 Daniel P. Berrange 提交于
In preparation for introducing a full RPC protocol for libvirt_lxc, switch over to using the virNetServer APIs for the monitor connection Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
While it is not currently used elsewhere in libvirt, the code for finding a free loop device & associating a file with it is not LXC specific. Move it into the viffile.{c,h} file where potentially shared code is more commonly kept. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the cgroup object into virLXCControllerPtr and rename all the setup methods to include 'Cgroup' in their name if appropriate Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the monitor FDs into the virLXCControllerPtr object removing the need for the 'struct lxcMonitor' object Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virLXCControllerRun method is getting a little too large, and about 50% of its code is related to setting up a /dev/pts mount. Move the latter out into a dedicated method Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the security manager object into the virLXCControllerPtr object. Also simplify the code creating it in the first place Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the list of loop device FDs into the virLXCControllerPtr object and make sure that virLXCControllerStopInit will close them all Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Keep the FD used to handshake with the libvirtd daemon in the virLXCControllerPtr object. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Turn 'struct lxc_console' into virLXCControllerConsolePtr and make it a part of virLXCControllerPtr Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Keep a record of the init PID in the virLXCController object and create a virLXCControllerStopInit method for killing this process Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-