- 29 10月, 2013 1 次提交
-
-
由 Giuseppe Scrivano 提交于
Expand the "secmodel" XML fragment of "host" with a sequence of baselabel's which describe the default security context used by libvirt with a specific security model and virtualization type: <secmodel> <model>selinux</model> <doi>0</doi> <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel> <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel> </secmodel> <secmodel> <model>dac</model> <doi>0</doi> <baselabel type='kvm'>107:107</baselabel> <baselabel type='qemu'>107:107</baselabel> </secmodel> "baselabel" is driver-specific information, e.g. in the DAC security model, it indicates USER_ID:GROUP_ID. Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 18 7月, 2013 3 次提交
-
-
由 Michal Privoznik 提交于
With the majority of fields in the virLXCDriverPtr struct now immutable or self-locking, there is no need for practically any methods to be using the LXC driver lock. Only a handful of helper APIs now need it.
-
由 Michal Privoznik 提交于
The 'driver->caps' pointer can be changed on the fly. Accessing it currently requires the global driver lock. Isolate this access in a single helper, so a future patch can relax the locking constraints.
-
由 Michal Privoznik 提交于
Currently the virLXCDriverPtr struct contains an wide variety of data with varying access needs. Move all the static config data into a dedicated virLXCDriverConfigPtr object. The only locking requirement is to hold the driver lock, while obtaining an instance of virLXCDriverConfigPtr. Once a reference is held on the config object, it can be used completely lockless since it is immutable. NB, not all APIs correctly hold the driver lock while getting a reference to the config object in this patch. This is safe for now since the config is never updated on the fly. Later patches will address this fully.
-
- 17 7月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
Currently, if the primary security driver is 'none', we skip initializing caps->host.secModels. This means, later, when LXC domain XML is parsed and <seclabel type='none'/> is found (see virSecurityLabelDefsParseXML), the model name is not copied to the seclabel. This leads to subsequent crash in virSecurityManagerGenLabel where we call STREQ() over the model (note, that we are expecting model to be !NULL).
-
- 10 7月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 09 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 05 4月, 2013 5 次提交
-
-
由 Peter Krempa 提交于
This patch refactors various places to allow removing of the defaultConsoleTargetType callback from the virCaps structure. A new console character device target type is introduced - VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_NONE - to mark that no type was specified in the XML. This type is at the end converted to the standard VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL. Other types that are different from this default have to be processed separately in the device post parse callback.
-
由 Peter Krempa 提交于
Use the virDomainXMLConf structure to hold this data and tweak the code to avoid semantic change. Without configuration the KVM mac prefix is used by default. I chose it as it's in the privately administered segment so it should be usable for any purposes.
-
由 Peter Krempa 提交于
This patch removes the emulatorRequired field and associated infrastructure from the virCaps object. Instead the driver specific callbacks are used as this field isn't enforced by all drivers. This patch implements the appropriate callbacks in the qemu and lxc driver and moves to check to that location.
-
由 Peter Krempa 提交于
This patch adds instrumentation that will allow hypervisor drivers to fill and validate domain and device definitions after parsed by the XML parser. With this patch, after the XML is parsed, a callback to the driver is issued requesting to fill and validate driver specific details of the configuration. This allows to use sensible defaults and checks on a per driver basis at the time the XML is parsed. Two callback pointers are stored in the new virDomainXMLConf object: * virDomainDeviceDefPostParseCallback (devicesPostParseCallback) - called for a single device parsed and for every single device in a domain config. A virDomainDeviceDefPtr is passed along with the domain definition and virCaps. * virDomainDefPostParseCallback, (domainPostParseCallback) - A callback that is meant to process the domain config after it's parsed. A virDomainDefPtr is passed along with virCaps. Both types of callbacks support arbitrary opaque data passed for the callback functions. Errors may be reported in those callbacks resulting in a XML parsing failure.
-
由 Peter Krempa 提交于
This patch is the result of running: for i in $(git ls-files | grep -v html | grep -v \.po$ ); do sed -i -e "s/virDomainXMLConf/virDomainXMLOption/g" -e "s/xmlconf/xmlopt/g" $i done and a few manual tweaks.
-
- 13 3月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
The virCaps structure gathered a ton of irrelevant data over time that. The original reason is that it was propagated to the XML parser functions. This patch aims to create a new data structure virDomainXMLConf that will contain immutable data that are used by the XML parser. This will allow two things we need: 1) Get rid of the stuff from virCaps 2) Allow us to add callbacks to check and add driver specific stuff after domain XML is parsed. This first attempt removes pointers to private data allocation functions to this new structure and update all callers and function that require them.
-
- 08 2月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
To enable virCapabilities instances to be reference counted, turn it into a virObject. All cases of virCapabilitiesFree turn into virObjectUnref Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 12月, 2012 5 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 19 12月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Convert the host capabilities and domain config structs to use the virArch datatype. Update the parsers and all drivers to take account of datatype change Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 11月, 2012 1 次提交
-
-
由 Viktor Mihajlovski 提交于
For S390, the default console target type cannot be of type 'serial'. It is necessary to at least interpret the 'arch' attribute value of the os/type element to produce the correct default type. Therefore we need to extend the signature of defaultConsoleTargetType to account for architecture. As a consequence all the drivers supporting this capability function must be updated. Despite the amount of changed files, the only change in behavior is that for S390 the default console target type will be 'virtio'. N.B.: A more future-proof approach could be to to use hypervisor specific capabilities to determine the best possible console type. For instance one could add an opaque private data pointer to the virCaps structure (in case of QEMU to hold capsCache) which could then be passed to the defaultConsoleTargetType callback to determine the console target type. Seems to be however a bit overengineered for the use case... Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-
- 02 11月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt coding standard is to use 'function(...args...)' instead of 'function (...args...)'. A non-trivial number of places did not follow this rule and are fixed in this patch. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 21 8月, 2012 1 次提交
-
-
由 Marcelo Cerri 提交于
This patch updates the structures that store information about each domain and each hypervisor to support multiple security labels and drivers. It also updates all the remaining code to use the new fields. Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
-
- 30 7月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Update all LXC code to use virReportError instead of the custom lxcError macro Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Rename the lxc_driver_t struct typedef to virLXCDriver to more closely follow normal libvirt naming conventions Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 03 2月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
For the sake of backwards compat, LXC guests are *not* confined by default. This is because it is not practical to dynamically relabel containers using large filesystem trees. Applications can create confined containers though, by giving suitable XML configs * src/Makefile.am: Link libvirt_lxc to security drivers * src/lxc/libvirtd_lxc.aug, src/lxc/lxc_conf.h, src/lxc/lxc_conf.c, src/lxc/lxc.conf, src/lxc/test_libvirtd_lxc.aug: Config file handling for security driver * src/lxc/lxc_driver.c: Wire up security driver functions * src/lxc/lxc_controller.c: Add a '--security' flag to specify which security driver to activate * src/lxc/lxc_container.c, src/lxc/lxc_container.h: Set the process label just before exec'ing init.
-
- 30 11月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
* src/lxc/lxc_conf.c, src/uml/uml_conf.c, src/xen/xen_hypervisor.c: Initialize suspend capabilities * tests/xencapsdata/*xml: Add empty powermgmt capabilities
-
- 03 11月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
The default console type may vary based on the OS type. ie a Xen paravirt guests wants a 'xen' console, while a fullvirt guests wants a 'serial' console. A plain integer default console type in the capabilities does not suffice. Instead introduce a callback that is passed the OS type. * src/conf/capabilities.h: Use a callback for default console type * src/conf/domain_conf.c, src/conf/domain_conf.h: Use callback for default console type. Add missing LXC/OpenVZ console types. * src/esx/esx_driver.c, src/libxl/libxl_conf.c, src/lxc/lxc_conf.c, src/openvz/openvz_conf.c, src/phyp/phyp_driver.c, src/qemu/qemu_capabilities.c, src/uml/uml_conf.c, src/vbox/vbox_tmpl.c, src/vmware/vmware_conf.c, src/xen/xen_hypervisor.c, src/xenapi/xenapi_driver.c: Set default console type callback
-
- 12 5月, 2011 1 次提交
-
-
由 Lai Jiangshan 提交于
These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead. How do these coversions works? The magic is using the gcc extension of ##. When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to avoid compile error. example: origin after CPP high_level_api("%d", a_int) low_level_api("%d", a_int) high_level_api("a string") low_level_api("a string") About 400 conversions. 8 special conversions: VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal) (for security) 6 conversions Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
-
- 24 2月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
Using the 'personality(2)' system call, we can make a container on an x86_64 host appear to be i686. Likewise for most other Linux 64bit arches. * src/lxc/lxc_conf.c: Fill in 32bit capabilities for x86_64 hosts * src/lxc/lxc_container.h, src/lxc/lxc_container.c: Add API to check if an arch has a 32bit alternative * src/lxc/lxc_controller.c: Set the process personality when starting guest
-
- 17 11月, 2010 1 次提交
-
-
由 Eric Blake 提交于
* bootstrap.conf (gnulib_modules): Add configmake. * daemon/Makefile.am (libvirtd_CFLAGS): Drop defines provided by gnulib. * src/Makefile.am (INCLUDES): Likewise. * tests/Makefile.am (INCLUDES): Likewise. * tools/Makefile.am (virsh_CFLAGS): Likewise. * daemon/libvirtd.c (qemudInitPaths, usage, main): Update clients. * src/cpu/cpu_map.c (CPUMAPFILE): Likewise. * src/driver.c (DEFAULT_DRIVER_DIR): Likewise. * src/internal.h (_): Likewise. * src/libvirt.c (virInitialize): Likewise. * src/lxc/lxc_conf.h (LXC_CONFIG_DIR, LXC_STATE_DIR, LXC_LOG_DIR): Likewise. * src/lxc/lxc_conf.c (lxcCapsInit, lxcLoadDriverConfig): Likewise. * src/network/bridge_driver.c (NETWORK_PID_DIR) (NETWORK_STATE_DIR, DNSMASQ_STATE_DIR, networkStartup): Likewise. * src/nwfilter/nwfilter_driver.c (nwfilterDriverStartup): Likewise. * src/qemu/qemu_conf.c (qemudLoadDriverConfig): Likewise. * src/qemu/qemu_driver.c (qemudStartup): Likewise. * src/remote/remote_driver.h (LIBVIRTD_PRIV_UNIX_SOCKET) (LIBVIRTD_PRIV_UNIX_SOCKET_RO, LIBVIRTD_CONFIGURATION_FILE) (LIBVIRT_PKI_DIR): Likewise. * src/secret/secret_driver.c (secretDriverStartup): Likewise. * src/security/security_apparmor.c (VIRT_AA_HELPER): Likewise. * src/security/virt-aa-helper.c (main): Likewise. * src/storage/storage_backend_disk.c (PARTHELPER): Likewise. * src/storage/storage_driver.c (storageDriverStartup): Likewise. * src/uml/uml_driver.c (TEMPDIR, umlStartup): Likewise. * src/util/hooks.c (LIBVIRT_HOOK_DIR): Likewise. * tools/virsh.c (main): Likewise. * docs/hooks.html.in: Likewise.
-
- 26 5月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
Allow for a host UUID in the capabilities XML. Local drivers will initialize this from the SMBIOS data. If a sanity check shows SMBIOS uuid is invalid, allow an override from the libvirtd.conf configuration file * daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid configuration option * docs/schemas/capability.rng: Add optional host uuid field * src/conf/capabilities.c, src/conf/capabilities.h: Include host UUID in XML * src/libvirt_private.syms: Export new uuid.h functions * src/lxc/lxc_conf.c, src/qemu/qemu_driver.c, src/uml/uml_conf.c: Set host UUID in capabilities * src/util/uuid.c, src/util/uuid.h: Support for host UUIDs * src/node_device/node_device_udev.c: Use the host UUID functions * tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add new host_uuid config option to test
-
- 09 2月, 2010 1 次提交
-
-
由 Matthias Bolte 提交于
-
- 11 11月, 2009 1 次提交
-
-
由 Daniel Veillard 提交于
* src/libvirt.c src/lxc/lxc_conf.c src/lxc/lxc_container.c src/lxc/lxc_controller.c src/node_device/node_device_hal.c src/openvz/openvz_conf.c src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.c src/remote/remote_driver.c src/storage/storage_backend_disk.c src/storage/storage_driver.c src/util/logging.c src/xen/sexpr.c src/xen/xend_internal.c src/xen/xm_internal.c: Steve Grubb <sgrubb@redhat.com> sent a code review and those are the fixes correcting the problems
-
- 21 10月, 2009 1 次提交
-
-
由 Daniel Veillard 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=528575 virsh -c lxc:/// autostart vm1 was crashing the daemon * src/lxc/lxc_conf.h src/lxc/lxc_conf.c: initialize the driver autostartDir to avoid a NULL reference and implement autostart for LXC
-
- 08 10月, 2009 1 次提交
-
-
由 Amy Griffis 提交于
* src/lxc/lxc.conf: new configuration file, there is currently one tunable "log_with_libvirtd" that controls whether an lxc controller will log only to the container log file, or whether it will honor libvirtd's log output configuration. This provides a way to have libvirtd and its children log to a single file. The default is to log to the container log file. * src/Makefile.am libvirt.spec.in: add the new file * src/lxc/lxc_conf.[ch] src/lxc/lxc_driver.c: read the new log value from the configuration file and pass the log informations when starting up a container.
-
- 21 9月, 2009 1 次提交
-
-
由 Daniel P. Berrange 提交于
* src/lxc_conf.c, src/lxc_conf.h, src/lxc_container.c, src/lxc_container.h, src/lxc_controller.c, src/lxc_driver.c, src/lxc_driver.h, src/veth.c, src/veth.h: Move to src/lxc/ * src/opennebula/one_driver.c: Remove bogus veth.h include * src/Makefile.am: Adjust for lxc paths * daemon/qemud.c: Adjust include for lxc
-
- 13 8月, 2009 1 次提交
-
-
由 Daniel P. Berrange 提交于
Some kernel versions expose broken NUMA topology for some machines. This causes the LXC/UML drivers to fail to start. QEMU driver was already fixed for this problem * src/lxc_conf.c: Log and ignore failure to populate NUMA info * src/uml_conf.c: Log and ignore failure to populate NUMA info * src/capabilities.c: Reset nnumaCell to 0 after freeing
-