1. 21 12月, 2012 3 次提交
  2. 19 12月, 2012 1 次提交
  3. 28 11月, 2012 1 次提交
    • G
      add fuse support for libvirt lxc · 2a596dac
      Gao feng 提交于
      this patch addes fuse support for libvirt lxc.
      we can use fuse filesystem to generate sysinfo dynamically,
      So we can isolate /proc/meminfo,cpuinfo and so on through
      fuse filesystem.
      
      we mount fuse filesystem for every container.
      the mount name is libvirt,mount point is
      localstatedir/run/libvirt/lxc/containername.
      Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
      2a596dac
  4. 26 11月, 2012 2 次提交
  5. 23 11月, 2012 1 次提交
    • D
      Fix exiting of libvirt_lxc program on container quit · 37db3f5d
      Daniel P. Berrange 提交于
      The virLXCControllerClientCloseHook method was mistakenly
      assuming that the private data associated with the network
      client was the virLXCControllerPtr. In fact it was just a
      dummy int, so we were derefencing a bogus struct. The
      frequent result of this was that we would never quit, because
      we tried to arm a non-existant timer.
      
      Fix the code by removing the dummy private data and just
      using the virLXCControllerPtr instance as private data
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      37db3f5d
  6. 22 11月, 2012 2 次提交
    • D
      Log an audit message with the LXC init pid · a6158336
      Daniel P. Berrange 提交于
      Currently the LXC driver logs audit messages when a container
      is started or stopped. These audit messages, however, contain
      the PID of the libvirt_lxc supervisor process. To enable
      sysadmins to correlate with audit messages generated by
      processes /inside/ the container, we need to include the
      container init process PID.
      
      We can't do this in the main 'start' audit message, since
      the init PID is not available at that point. Instead we output
      a completely new audit record, that lists both PIDs.
      
      type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success'
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      a6158336
    • D
      Use virNetServerRun instead of custom main loop · f33e43c2
      Daniel P. Berrange 提交于
      The LXC controller code currently directly invokes the
      libvirt main loop code. The problem is that this misses
      the cleanup of virNetServerClient connections that
      virNetServerRun takes care of.
      
      The result is that when libvirtd is stopped, the
      libvirt_lxc controller process gets stuck in a I/O loop.
      When libvirtd is then started again, it fails to connect
      to the controller and thus kills off the entire domain.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f33e43c2
  7. 15 11月, 2012 1 次提交
  8. 14 11月, 2012 1 次提交
  9. 16 10月, 2012 1 次提交
  10. 27 9月, 2012 1 次提交
  11. 26 9月, 2012 2 次提交
  12. 21 9月, 2012 1 次提交
  13. 18 9月, 2012 3 次提交
  14. 21 8月, 2012 1 次提交
  15. 15 8月, 2012 1 次提交
    • D
      Refactor RPC client private data setup · 39b5e4d4
      Daniel P. Berrange 提交于
      Currently there is a hook function that is invoked when a
      new client connection comes in, which allows an app to
      setup private data. This setup will make it difficult to
      serialize client state during process re-exec(). Change to
      a model where the app registers a callback when creating
      the virNetServerPtr instance, which is used to allocate
      the client private data immediately during virNetClientPtr
      construction.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      39b5e4d4
  16. 07 8月, 2012 1 次提交
  17. 06 8月, 2012 1 次提交
    • E
      virrandom: make virRandomInitialize an automatic one-shot · 87de27b7
      Eric Blake 提交于
      All callers used the same initialization seed (well, the new
      viratomictest forgot to look at getpid()); so we might as well
      make this value automatic.  And while it may feel like we are
      giving up functionality, I documented how to get it back in the
      unlikely case that you actually need to debug with a fixed
      pseudo-random sequence.  I left that crippled by default, so
      that a stray environment variable doesn't cause a lack of
      randomness to become a security issue.
      
      * src/util/virrandom.c (virRandomInitialize): Rename...
      (virRandomOnceInit): ...and make static, with one-shot call.
      Document how to do fixed-seed debugging.
      * src/util/virrandom.h (virRandomInitialize): Drop prototype.
      * src/libvirt_private.syms (virrandom.h): Don't export it.
      * src/libvirt.c (virInitialize): Adjust caller.
      * src/lxc/lxc_controller.c (main): Likewise.
      * src/security/virt-aa-helper.c (main): Likewise.
      * src/util/iohelper.c (main): Likewise.
      * tests/seclabeltest.c (main): Likewise.
      * tests/testutils.c (virtTestMain): Likewise.
      * tests/viratomictest.c (mymain): Likewise.
      87de27b7
  18. 30 7月, 2012 3 次提交
    • D
      Add handling for reboots of LXC containers · cb612ee4
      Daniel P. Berrange 提交于
      The reboot() syscall is allowed by new kernels for LXC containers.
      The LXC controller can detect whether a reboot was requested
      (instead of a normal shutdown) by looking at the "init" process
      exit status. If a reboot was triggered, the exit status will
      record SIGHUP as the kill reason.
      
      The LXC controller has cleared all its capabilities, and the
      veth network devices will no longer exist at this time. Thus
      it cannot restart the container init process itself. Instead
      it emits an event which is picked up by the LXC driver in
      libvirtd. This will then re-create the container, using the
      same configuration as it was previously running with (ie it
      will not activate 'newDef').
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      cb612ee4
    • D
      Run an RPC protocol over the LXC controller monitor · 9117fcb2
      Daniel P. Berrange 提交于
      This defines a new RPC protocol to be used between the LXC
      controller and the libvirtd LXC driver. There is only a
      single RPC message defined thus far, an asynchronous "EXIT"
      event that is emitted just before the LXC controller process
      exits. This provides the LXC driver with details about how
      the container shutdown - normally, or abnormally (crashed),
      thus allowing the driver to emit better libvirt events.
      
      Emitting the event in the LXC controller requires a few
      little tricks with the RPC service. Simply calling the
      virNetServiceClientSendMessage does not work, since this
      merely queues the message for asynchronous processing.
      In addition the main event loop is no longer running at
      the point the event is emitted, so no I/O is processed.
      
      Thus after invoking virNetServiceClientSendMessage it is
      necessary to mark the client as being in "delayed close"
      mode. Then the event loop is run again, until the client
      completes its close - this happens only after the queued
      message has been fully transmitted. The final complexity
      is that it is not safe to run virNetServerQuit() from the
      client close callback, since that is invoked from a
      context where the server is locked. Thus a zero-second
      timer is used to trigger shutdown of the event loop,
      causing the controller to finally exit.
      
      * src/Makefile.am: Add rules for generating RPC protocol
        files and dispatch methods
      * src/lxc/lxc_controller.c: Emit an RPC event immediately
        before exiting
      * src/lxc/lxc_domain.h: Record the shutdown reason
        given by the controller
      * src/lxc/lxc_monitor.c, src/lxc/lxc_monitor.h: Register
        RPC program and event handler. Add callback to let
        driver receive EXIT event.
      * src/lxc/lxc_process.c: Use monitor exit event to decide
        what kind of domain event to emit
      * src/lxc/lxc_protocol.x: Define wire protocol for LXC
        controller monitor.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      9117fcb2
    • D
      Replace use of lxcError with virReportError · 4343fee0
      Daniel P. Berrange 提交于
      Update all LXC code to use virReportError instead of the custom
      lxcError macro
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4343fee0
  19. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  20. 19 7月, 2012 1 次提交
  21. 11 7月, 2012 1 次提交
    • D
      Fix shutdown of LXC controller · 97d7f02d
      Daniel P. Berrange 提交于
      Since we are not yet using the virNetServerPtr object for running
      the event loop, we can't use virNetServerQuit(). Instead set the
      global 'quit' flag in libvirt_lxc
      97d7f02d
  22. 05 7月, 2012 10 次提交