- 08 1月, 2020 1 次提交
-
-
由 Ján Tomko 提交于
Remove the 'gluster' part and decouple the return from the gluster_debug_level parsing to allow adding more options to this section. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 20 12月, 2019 3 次提交
-
-
由 Fabiano Fidêncio 提交于
virGetUserRuntimeDirectory() *never* *ever* returns NULL, making the checks for it completely unnecessary. Signed-off-by: NFabiano Fidêncio <fidencio@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Fabiano Fidêncio 提交于
virGetUserConfigDirectory() *never* *ever* returns NULL, making the checks for it completely unnecessary. Signed-off-by: NFabiano Fidêncio <fidencio@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Fabiano Fidêncio 提交于
virGetUserCacheDirectory() *never* *ever* returns NULL, making the checks for it completely unnecessary. Signed-off-by: NFabiano Fidêncio <fidencio@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 12 12月, 2019 1 次提交
-
-
由 Daniel P. Berrangé 提交于
When QEMU uid/gid is set to non-root this is pointless as if we just used a regular setuid/setgid call, the process will have all its capabilities cleared anyway by the kernel. When QEMU uid/gid is set to root, this is almost (always?) never what people actually want. People make QEMU run as root in order to access some privileged resource that libvirt doesn't support yet and this often requires capabilities. As a result they have to go find the qemu.conf param to turn this off. This is not viable for libguestfs - they want to control everything via the XML security label to request running as root regardless of the qemu.conf settings for user/group. Clearing capabilities was implemented originally because there was a proposal in Fedora to change permissions such that root, with no capabilities would not be able to compromise the system. ie a locked down root account. This never went anywhere though, and as a result clearing capabilities when running as root does not really get us any security benefit AFAICT. The root user can easily do something like create a cronjob, which will then faithfully be run with full capabilities, trivially bypassing the restriction we place. IOW, our clearing of capabilities is both useless from a security POV, and breaks valid use cases when people need to run as root. This removes the clear_emulator_capabilities configuration option from qemu.conf, and always runs QEMU with capabilities when root. The behaviour when non-root is unchanged. Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 09 12月, 2019 5 次提交
-
-
由 Daniel P. Berrangé 提交于
Now that nearly all internal APIs use the QEMU capabilities or other QEMU driver data directly, there's no compelling benefit to create virCapsPtr at driver startup. Skipping this means we don't probe capabilities for all 30 system emulator targets at startup, only those emulators which are referenced by an XML doc. This massively improves libvirtd startup time when the capabilities cache is not populated. It even improves startup time when the cache is up to date, as we don't bother to load files from the cache until we need them. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Avoid grabbing the whole virCapsPtr object when we only need the host CPU information. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Avoid grabbing the whole virCapsPtr object when we only need the NUMA information. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Instead of using the virCapsPtr to get the default security model, pass this in via the parser config. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
As part of a goal to eliminate the need to use virCapsPtr for anything other than the virConnectGetCapabilies() API impl, cache the host arch against the QEMU driver struct and use that field directly. In the tests we move virArchFromHost() globally in testutils.c so that every test runs with a fixed default architecture reported. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 22 11月, 2019 1 次提交
-
-
由 Daniel P. Berrangé 提交于
This previous commit introduced a simpler free callback for hash data with only 1 arg, the value to free: commit 49288fac Author: Peter Krempa <pkrempa@redhat.com> Date: Wed Oct 9 15:26:37 2019 +0200 util: hash: Add possibility to use simpler data free function in virHash It missed two functions in the hash table code which need to call the alternate data free function, virHashRemoveEntry and virHashRemoveSet. After the previous patch though, there is no code that makes functional use of the 2nd key arg in the data free function. There is merely one log message that can be dropped. We can thus purge the current virHashDataFree callback entirely, and rename virHashDataFreeSimple to replace it. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 12 11月, 2019 2 次提交
-
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Michal Privoznik 提交于
There are two ways for specifying loader:nvram pairs: 1) --with-loader-nvram configure option 2) nvram variable in qemu.conf Since we have FW descriptors, using this old style is discouraged, but not as strong as one would expect. Produce more warnings: 1) produce a warning if somebody tries the configure option 2) produce a warning if somebody sets nvram variable and at least on FW descriptor was found The reason for producing warning in case 1) is that package maintainers, who set the configure option in the first place should start moving towards FW descriptors and abandon the configure option. After all, the warning is printed into config output only in this case. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1763477Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 21 10月, 2019 1 次提交
-
-
由 Ján Tomko 提交于
Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 18 10月, 2019 1 次提交
-
-
由 Cole Robinson 提交于
When searching qemuCaps->domCapsCache for existing domCaps data, we check for a matching pair of arch+virttype+machine+emulator. However for the hash table key we only use the machine string. So if the cache already contains: x86_64 + kvm + pc + /usr/bin/qemu-kvm But a new VM is defined with x86_64 + qemu + pc + /usr/bin/qemu-kvm We correctly fail to find matching cached domCaps, but then attempt to use a colliding key with virHashAddEntry Fix this by building a hash key from the 4 values, not just machine Reviewed-by: NJonathon Jongsma <jjongsma@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
- 16 10月, 2019 4 次提交
-
-
由 Ján Tomko 提交于
Prefer: return g_steal_pointer(&ptr); Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Now that all the types using VIR_AUTOUNREF have a cleanup func defined to virObjectUnref, use g_autoptr instead of VIR_AUTOUNREF. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Since commit 44e7f029 util: rewrite auto cleanup macros to use glib's equivalent VIR_AUTOPTR aliases to g_autoptr. Replace all of its use by the GLib macro version. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Since commit 44e7f029 util: rewrite auto cleanup macros to use glib's equivalent VIR_AUTOFREE is just an alias for g_autofree. Use the GLib macros directly instead of our custom aliases. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 15 10月, 2019 2 次提交
-
-
由 Ján Tomko 提交于
Prefer the GLib version of the macro. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 19 9月, 2019 1 次提交
-
-
由 Xu Yandong 提交于
The macro VIR_DELETE_ELEMENT assume that the items being deleted have already been cleared, so we must explicitly free domain name from the list of domains using the shared device to prevent a memory leak. Signed-off-by: NXu Yandong <xuyandong2@huawei.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 10 9月, 2019 5 次提交
-
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Michal Privoznik 提交于
There are two 'cleanup' labels - one in virQEMUDriverConfigHugeTLBFSInit() and the other in virQEMUDriverConfigSetDefaults() that do nothing more than return and integer value. No memory freeing or anything important is done there. Drop them in favour of returning immediately. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Michal Privoznik 提交于
Our naming rules prefer qemuObjectOperation() scheme rather than qemuOperationObject() for function names. These were not honoured in recent commits to qemu_conf.c. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
- 09 9月, 2019 3 次提交
-
-
由 Daniel Henrique Barboza 提交于
After the previous commits, qemuAddSharedDevice() and qemuRemoveSharedDevice() are now the same code with a different flag to call the internal functions. This patch aggregates the common code into a new function called qemuAddRemoveSharedDeviceInternal() to further reduce code repetition. Both qemuAddSharedDevice() and qemuRemoveSharedDevice() are kept since they are public functions used elsewhere. No functional change was made. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Daniel Henrique Barboza 提交于
Following the same idea of avoid code repetition from the previous patch, this commit introduces a new function that aggregates the functions of qemuAddSharedDisk() and qemuRemoveSharedDisk() into a single place, using a flag to switch between add/remove operations. Both qemuAddSharedDisk() and qemuRemoveSharedDisk() are public, so keep them around to avoid changing other files due to an internal qemu_conf.c refactory. No functional change was made. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Daniel Henrique Barboza 提交于
qemuAddSharedHostdev() has a code similar to qemuRemoveSharedHostdev(), with exception of one line that defines the operation (add or remove). This patch introduces a new function that aggregates the common code, using a flag to switch between the operations, avoiding code repetition. No functional change was made. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
- 06 9月, 2019 2 次提交
-
-
由 Marc-André Lureau 提交于
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Marc-André Lureau 提交于
A slirp helper is a process that provides user-mode networking through a unix domain socket. It is expected to follow the following specification: https://gitlab.freedesktop.org/slirp/libslirp-rs/blob/master/src/bin/README.rstSigned-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 30 8月, 2019 1 次提交
-
-
由 Daniel Henrique Barboza 提交于
'virQEMUDriverConfigPtr cfg' is declared, initiated, but never used in virQEMUDriverCreateCapabilities(). Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NErik Skultety <eskultet@redhat.com> Reviewed-by: NChristophe de Dinechin <dinechin@redhat.com>
-
- 27 8月, 2019 1 次提交
-
-
由 Daniel P. Berrangé 提交于
All code using LOCALSTATEDIR "/run" is updated to use RUNSTATEDIR instead. The exception is the remote driver client which still uses LOCALSTATEDIR "/run". The client needs to connect to remote machines which may not be using /run, so /var/run is more portable due to the /var/run -> /run symlink. Some duplicate paths in the apparmor code are also purged. There's no functional change by default yet since both expressions expand to the same value. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 07 8月, 2019 2 次提交
-
-
由 Cole Robinson 提交于
qemuCaps is tied to a binary on disk. domCaps is tied to a combo of binary+machine+arch+virttype values. For the qemu driver this almost entirely translates to a permutation of qemuCaps though Upcoming patches want to use the domCaps data store at XML validate time, but we need to cache the data so we aren't repeatedly regenerating it. Add a domCapsCache hash table to qemuCaps. This ensures that the domCaps cache is blown away whenever qemuCaps needs to be regenerated. Similarly when qemuCaps is invalidated, the next call to virQEMUCapsCacheLookup will unref qemuCaps and free our cache as well. Adjust virQEMUDriverGetDomainCapabilities to search the cache and add to it if we don't find a hit. Signed-off-by: NCole Robinson <crobinso@redhat.com> Reviewed-by: NReviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Cole Robinson 提交于
For now it's just a helper for building a qemu virDomainCapsPtr, used in qemuConnectGetDomainCapabilities Reviewed-by: NReviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
- 29 7月, 2019 1 次提交
-
-
由 Eric Blake 提交于
This is similar to the existing directory for snapshots; the domain will save one xml file per checkpoint, for reloading on the next libvirtd restart. Fortunately, since checkpoints mandate RNG validation, we are assured that the checkpoint name will be usable as a file name (no abuse of '../escape' as a checkpoint name, for example). Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 25 7月, 2019 1 次提交
-
-
由 Jim Fehlig 提交于
Some VM configurations may result in a large number of threads created by the associated qemu process which can exceed the system default limit. The maximum number of threads allowed per process is controlled by the pids cgroup controller and is set to 16k when creating VMs with systemd's machined service. The maximum number of threads per process is recorded in the pids.max file under the machine's pids controller cgroup hierarchy, e.g. $cgrp-mnt/pids/machine.slice/machine-qemu\\x2d1\\x2dtest.scope/pids.max Maximum threads per process is controlled with the TasksMax property of the systemd scope for the machine. This patch adds an option to qemu.conf which can be used to override the maximum number of threads allowed per qemu process. If the value of option is greater than zero, it will be set in the TasksMax property of the machine's scope after creating the machine. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 03 7月, 2019 1 次提交
-
-
由 Michal Privoznik 提交于
This reverts commit fc3990c7. Now that all the reported bugs are fixed let's turn the feature back on. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 21 6月, 2019 1 次提交
-
-
由 Peter Krempa 提交于
In cases when e.g. a new feature breaks upstream behaviour it's useful to allow users to disable the new feature to verify the regression and possibly use it as a workaround until a fix is available. The new qemu.conf option named "capability_filters" allows to remove qemu capabilities from the detected bitmap. This patch introduces the configuration infrastructure to parse the option and pass it around. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-