- 25 9月, 2017 1 次提交
-
-
由 Jim Fehlig 提交于
Kernel 4.13 introduced finer-grained ptrace checks https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.13.2&id=290f458a4f16f9cf6cb6562b249e69fe1c3c3a07 With kernel 4.13 and apparmor 2.11, simply starting libvirtd results in the following apparmor denial type=AVC msg=audit(1506112085.645:954): apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=6984 comm="libvirtd" requested_mask="trace" denied_mask="trace" peer="unconfined" Attempting to start an unconfined domain results in type=AVC msg=audit(1506112301.227:1112): apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=7498 comm="libvirtd" requested_mask="trace" denied_mask="trace" peer="/usr/sbin/libvirtd" And attempting to start a confined domain results in type=AVC msg=audit(1506112631.408:1312): apparmor="DENIED" operation="open" profile="virt-aa-helper" name="/etc/libnl/classid" pid=8283 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1506112631.530:1319): apparmor="DENIED" operation="open" profile="virt-aa-helper" name="/etc/libnl/classid" pid=8289 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1506112632.186:1324): apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=8342 comm="libvirtd" requested_mask="trace" denied_mask="trace" peer="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff" Add ptrace rules to allow the trace operations. Resolves: https://bugzilla.suse.com/show_bug.cgi?id=1058847Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NGuido Günther <agx@sigxcpu.org>
-
- 22 9月, 2017 12 次提交
-
-
由 Ján Tomko 提交于
The functionality was added in 4.8, but due to a rename of the DEVLINK_CMD_ESWITCH_GET constant in the kernel headers, the headers from kernel 4.11 are required by the libvirt code. Remove the reference from the news entry, since it could be misleading.
-
由 Peter Krempa 提交于
Some distros (see diff) chose to backport QMP support rather than rebase to newer version of qemu. As a hack they added the string 'libvirt' to the qemu -help output. Remove this as downstream-only hacks should be carried by downstream and not litter upstream. This effectively reverts commit ff88cd59
-
由 Jiri Denemark 提交于
Because qemuDomainDefCopy needs a string representation of a domain definition, there's no reason for calling the lower level qemuDomainDefFormatBuf API. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
virDomainDefFormatInternal (called by qemuDomainDefFormatXMLInternal) already checks for buffer errors and properly resets the buffer on failure. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Michal Privoznik 提交于
In my previous commit of b1d87f9a I've made a typo breaking the FreeBSD build. s/ipAaddr/ipAddr/ Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Guido Günther 提交于
instead of only unloading it. This makes sure old profiles don't pile up in /etc/apparmor.d/libvirt and we get updates to modified templates on VM restart. Reviewed-by: NJim Fehlig <jfehlig@suse.com>
-
由 Laine Stump 提交于
After commit 8708ca01 libvirtd consistently aborts with "stack smashing detected" when nodedev driver is initialized. This is caused by nlmsg_parse() being told that its array of nlattr* has CTRL_CMD_MAX (10) entries, when in fact it is declared to have CTRL_ATTR_MAX (8) entries. Since all the entries are initialized to NULL, the result is that nlmsg_parse is overwriting 2*(sizof(nlattr*)) bytes outside the array. Signed-off-by: NLaine Stump <laine@laine.org> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Michal Privoznik 提交于
In aiforaf() (which exists only when building for BSD) the @ipAddr may be leaked. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Commit id '5604c056' used the wrong API to generate the <secret type='%s'..." field. The previous code used the correct API as was done in commit id '6887af39'. The data is actually a usage type not an auth type even though the result is the same.
-
由 John Ferlan 提交于
Move the virSecretUsageType into the util.
-
由 Ashish Mittal 提交于
Passing a NULL value for the argument secAlias to the function qemuDomainGetTLSObjects would cause a segmentation fault in libvirtd. Changed code to check before dereferencing a NULL secAlias. Signed-off-by: NAshish Mittal <ashmit602@gmail.com>
-
由 Boris Fiuczynski 提交于
Adding s390x qemu caps test for qemu version 2.10.0. Signed-off-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
-
- 21 9月, 2017 16 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1448268 When migrating to a file (e.g. when doing 'virsh save file'), couple of things are happening in the thread that is executing the API: 1) the domain obj is locked 2) iohelper is spawned as a separate process to handle all I/O 3) the thread waits for iohelper to finish 4) the domain obj is unlocked Now, the problem is that while the thread waits in step 3 for iohelper to finish this may take ages because iohelper calls fdatasync(). And unfortunately, we are waiting the whole time with the domain locked. So if another thread wants to jump in and say copy the domain name ('virsh list' for instance), they are stuck. The solution is to unlock the domain whenever waiting for I/O and lock it back again when it finished. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1471225 Commit id '99a2d6af' was a bit too aggressive with determining whether the provided path was a "physical" cd-rom in order to generate a taint message due to the possibility of some guest and host trying to control the tray. For cd-rom guest devices backed to some VIR_STORAGE_TYPE_FILE storage, this wouldn't be a problem and as such it shouldn't be a problem for guest devices using some sort of block device on the host such as iSCSI, LVM, or a Disk pool would present. So before issuing a taint message, let's check if the provided path of the VIR_STORAGE_TYPE_BLOCK backed device is a "known" physical cdrom name by comparing the beginning of the path w/ "/dev/cdrom" and "/dev/sr". Also since it's possible the provided path could resolve to some /dev/srN device, let's get that path as well and perform the same check. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
The virSocketAddrFormat() allocates the string and it's caller responsibility to free it afterwards. ==28857== 11 bytes in 1 blocks are definitely lost in loss record 37 of 168 ==28857== at 0x4C2BEDF: malloc (vg_replace_malloc.c:299) ==28857== by 0x9A81D79: strdup (in /lib64/libc-2.23.so) ==28857== by 0x5DA3BF0: virStrdup (virstring.c:902) ==28857== by 0x5D96182: virSocketAddrFormatFull (virsocketaddr.c:427) ==28857== by 0x5D95E13: virSocketAddrFormat (virsocketaddr.c:352) ==28857== by 0x5706890: qemuBuildHostNetStr (qemu_command.c:3891) ==28857== by 0x57138D3: qemuBuildInterfaceCommandLine (qemu_command.c:8597) ==28857== by 0x5713D6A: qemuBuildNetCommandLine (qemu_command.c:8699) ==28857== by 0x57176F6: qemuBuildCommandLine (qemu_command.c:10027) ==28857== by 0x5769D61: qemuProcessCreatePretendCmd (qemu_process.c:6004) ==28857== by 0x4056EC: testCompareXMLToArgv (qemuxml2argvtest.c:502) ==28857== by 0x41DF40: virTestRun (testutils.c:180) Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Jiri Denemark 提交于
Since commit v2.2.0-199-g7ce711a3 libvirt stores an updated guest CPU in domain's live definition and there's no need to update it every time we want to format the definition. The commit itself tried to address this in qemuDomainFormatXML, but forgot to fix qemuDomainDefFormatLive. Not to mention that masking a previously set flag is only acceptable if the flag was set by a public API user. Internally, libvirt should have never set the flag in the first place. https://bugzilla.redhat.com/show_bug.cgi?id=1485022Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
When a user requested a domain XML description with VIR_DOMAIN_XML_UPDATE_CPU flag, libvirt would use the host CPU definition from host capabilities rather than the one which will actually be used once the domain is started. https://bugzilla.redhat.com/show_bug.cgi?id=1481309Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
The only real usage of this flag was removed by "cpu_conf: Drop updateCPU from virCPUDefFormat". Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
In the past we updated host-model CPUs with host CPU data by adding a model and features, but keeping the host-model mode. And since the CPU model is not normally formatted for host-model CPU defs, we had to pass the updateCPU flag to the formatting code to be able to properly output updated host-model CPUs. Libvirt doesn't do this anymore, host-model CPUs are turned into custom mode CPUs once updated with host CPU data and thus there's no reason for keeping the hacks inside CPU XML formatters. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Pino Toscano 提交于
They are simply not supported on that machine type. Partially-resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1487499Signed-off-by: NPino Toscano <ptoscano@redhat.com>
-
由 Pino Toscano 提交于
They are simply not supported on those architectures. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1487499Signed-off-by: NPino Toscano <ptoscano@redhat.com>
-
由 Pino Toscano 提交于
This will be used to improve the validation for this type of devices. The former @def parameter is renamed to @dev, leaving @def for the virDomainDef (following the style used elsewhere). Signed-off-by: NPino Toscano <ptoscano@redhat.com>
-
由 Pino Toscano 提交于
If a test expects either a parse error or a failure but then there is neither a parse error nor a failure, then properly mark the test as failing, instead of failing later on (e.g. trying to open a non-existing .args file). Signed-off-by: NPino Toscano <ptoscano@redhat.com>
-
由 Pino Toscano 提交于
The guest of usb-bus-missing does not cause a parse error, but a validation issue -- hence, switch from DO_TEST_PARSE_ERROR to DO_TEST_FAILURE. Fixes commit b003b978. Signed-off-by: NPino Toscano <ptoscano@redhat.com>
-
由 Daniel P. Berrange 提交于
For win32 we need EXIT_AM_SKIP which is in testutils.h. We must define NO_LIBVIRT to prevent replacement of fprintf with virFilePrintf as we can't link to libvirt_util.la Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The iohelper currently calls saferead() to get data from the underlying file. This has a problem with O_DIRECT when hitting end-of-file. saferead() is asked to read 1MB, but the first read() it does may return only a few KB, so it'll try another read() to fill the remaining buffer. Unfortunately the buffer pointer passed into this 2nd read() is likely not aligned to the extent that O_DIRECT requires, so rather than seeing '0' for end-of-file, we'll get -1 + EINVAL due to misaligned buffer. The way the iohelper is currently written, it already handles getting short reads, so there is actually no need to use saferead() at all. We can simply call read() directly. The benefit of this is that we can now write() the data immediately so when we go into the subsequent reads() we'll always have a correctly aligned buffer. Technically the file position ought to be aligned for O_DIRECT too, but this does not appear to matter when at end-of-file. Tested-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 20 9月, 2017 11 次提交
-
-
由 Daniel P. Berrange 提交于
The commandhelper binary is a helper for commandtest that validates what file handles were inherited. For this to work reliably we must not have any libraries that leak file descriptors into commandhelper. Unfortunately some versions of gnutls will intentionally open file handles at library load time via a constructor function. We previously hacked around this in commit 4cbc15d0 Author: Martin Kletzander <mkletzan@redhat.com> Date: Fri May 2 09:55:52 2014 +0200 tests: don't fail with newer gnutls gnutls-3.3.0 and newer leaves 2 FDs open in order to be backwards compatible when it comes to chrooted binaries [1]. Linking commandhelper with gnutls then leaves these two FDs open and commandtest fails thanks to that. This patch does not link commandhelper with libvirt.la, but rather only the utilities making the test pass. Based on suggestion from Daniel [2]. [1] http://lists.gnutls.org/pipermail/gnutls-help/2014-April/003429.html [2] https://www.redhat.com/archives/libvir-list/2014-April/msg01119.html That fix relied on fact that while libvirt.so linked with gnutls, libvirt_util.la did not link to it. With the introduction of the util/vircrypto.c file that assumption is no longer valid. We must not link to libvirt_util.la at all - only gnulib and libc can (hopefully) be relied on not to open random file descriptors in constructors. Reviewed-by: NMartin Kletzander <mkletzan@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 ZhiPeng Lu 提交于
For vhost-user ports, Open vSwitch acts as the server and QEMU the client. When OVS crashed or restart, QEMU shoule be reconnect to OVS. Signed-off-by: NZhiPeng Lu <lu.zhipeng@zte.com.cn> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Julio Faracco 提交于
This commit adds new events for two methods and operations: *PoolBuild() and *PoolDelete(). Using the event-test and the commands set below we have the following outputs: $ sudo ./event-test Registering event callbacks myStoragePoolEventCallback EVENT: Storage pool test Defined 0 myStoragePoolEventCallback EVENT: Storage pool test Created 0 myStoragePoolEventCallback EVENT: Storage pool test Started 0 myStoragePoolEventCallback EVENT: Storage pool test Stopped 0 myStoragePoolEventCallback EVENT: Storage pool test Deleted 0 myStoragePoolEventCallback EVENT: Storage pool test Undefined 0 Another terminal: $ sudo virsh pool-define test.xml Pool test defined from test.xml $ sudo virsh pool-build test Pool test built $ sudo virsh pool-start test Pool test started $ sudo virsh pool-destroy test Pool test destroyed $ sudo virsh pool-delete test Pool test deleted $ sudo virsh pool-undefine test Pool test has been undefined This commits can be a solution for RHBZ #1475227. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1475227Signed-off-by: NJulio Faracco <jcfaracco@gmail.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 ZhiPeng Lu 提交于
The patch passes the reconnect timeout to QEMU by monitor on chardev hotplug. Signed-off-by: NZhiPeng Lu <lu.zhipeng@zte.com.cn> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Daniel P. Berrange 提交于
The util/vircrypto.c file uses gnutls, so we must directly link libvirt_util.la with gnutls to avoid errors on OS which do not resolve symbols against indirectly linked libraries. This fixes a build failure on Ubuntu Trusty CCLD storagevolxml2argvtest /usr/bin/ld: ../src/.libs/libvirt_util.a(libvirt_util_la-vircrypto.o): undefined reference to symbol 'gnutls_strerror@@GNUTLS_1_4' //usr/lib/x86_64-linux-gnu/libgnutls.so.26: error adding symbols: DSO missing from command line Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Ashish Mittal 提交于
The VxHS block device will only use the newer formatting options and avoid the legacy URI syntax. An excerpt for a sample QEMU command line is: -drive file.driver=vxhs,file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\ file.server.type=tcp,file.server.host=192.168.0.1,\ file.server.port=9999,format=raw,if=none,id=drive-virtio-disk0,cache=none \ -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ id=virtio-disk0 Update qemuxml2argvtest with a simple test. Signed-off-by: NAshish Mittal <Ashish.Mittal@veritas.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Ashish Mittal 提交于
Extract out the "guts" of building a server entry into it's own separately callable/usable function in order to allow building a server entry for a consumer with src->nhosts == 1.
-
由 Ashish Mittal 提交于
Add the backing parse and a test case to verify parsing of VxHS backing storage. Signed-off-by: NAshish Mittal <Ashish.Mittal@veritas.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Ashish Mittal 提交于
Alter the schema to allow a VxHS block device. Sample XML is: <disk type='network' device='disk'> <driver name='qemu' type='raw' cache='none'/> <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-4e85ed4dc251'> <host name='192.168.0.1' port='9999'/> </source> <target dev='vda' bus='virtio'/> <serial>eb90327c-8302-4725-9e1b-4e85ed4dc251</serial> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> </disk> Update the html docs to describe the capability for VxHS. Alter the qemuxml2xmltest to validate the formatting. Signed-off-by: NAshish Mittal <Ashish.Mittal@veritas.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Ashish Mittal 提交于
Add a new virStorageNetProtocol for Veritas HyperScale (VxHS) disks Signed-off-by: NAshish Mittal <Ashish.Mittal@veritas.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Using the query-qmp-schema introspection - look for the 'vxhs' blockdevOptions type. NB: This is a "best effort" type situation as there is not a mechanism to determine whether the running QEMU has been built with '--enable-vxhs'. All we can do is check if the option to use vxhs for a blockdev-add exists in the command infrastructure which does not take that into account when building its table of commands and options. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-