1. 22 7月, 2013 1 次提交
  2. 11 7月, 2013 1 次提交
  3. 10 7月, 2013 1 次提交
  4. 03 7月, 2013 1 次提交
  5. 21 5月, 2013 1 次提交
  6. 09 5月, 2013 1 次提交
  7. 02 5月, 2013 1 次提交
    • M
      virutil: Move string related functions to virstring.c · 7c9a2d88
      Michal Privoznik 提交于
      The source code base needs to be adapted as well. Some files
      include virutil.h just for the string related functions (here,
      the include is substituted to match the new file), some include
      virutil.h without any need (here, the include is removed), and
      some require both.
      7c9a2d88
  8. 23 4月, 2013 1 次提交
  9. 22 4月, 2013 1 次提交
    • D
      Change default resource partition to /machine · aed49863
      Daniel P. Berrange 提交于
      After discussions with systemd developers it was decided that
      a better default policy for resource partitions is to have
      3 default partitions at the top level
      
         /system   - system services
         /machine - virtual machines / containers
         /user    - user login session
      
      This ensures that the default policy isolates guest from
      user login sessions & system services, so a mis-behaving
      guest can't consume 100% of CPU usage if other things are
      contending for it.
      
      Thus we change the default partition from /system to
      /machine
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      aed49863
  10. 16 4月, 2013 5 次提交
    • D
      Remove non-functional code for setting up non-root cgroups · 767596bd
      Daniel P. Berrange 提交于
      The virCgroupNewDriver method had a 'bool privileged' param.
      If a false value was ever passed in, it would simply not
      work, since non-root users don't have any privileges to create
      new cgroups. Just delete this broken code entirely and make
      the QEMU driver skip cgroup setup in non-privileged mode
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      767596bd
    • D
      Change default cgroup layout for QEMU/LXC and honour XML config · db44eb1b
      Daniel P. Berrange 提交于
      Historically QEMU/LXC guests have been placed in a cgroup layout
      that is
      
         $LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
      
      This is bad for a number of reasons
      
       - The cgroup hierarchy gets very deep which seriously
         impacts kernel performance due to cgroups scalability
         limitations.
      
       - It is hard to setup cgroup policies which apply across
         services and virtual machines, since all VMs are underneath
         the libvirtd service.
      
      To address this the default cgroup location is changed to
      be
      
          /system/$VMNAME.{lxc,qemu}.libvirt
      
      This puts virtual machines at the same level in the hierarchy
      as system services, allowing consistent policy to be setup
      across all of them.
      
      This also honours the new resource partition location from the
      XML configuration, for example
      
        <resource>
          <partition>/virtualmachines/production</partitions>
        </resource>
      
      will result in the VM being placed at
      
          /virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
      
      NB, with the exception of the default, /system, path which
      is intended to always exist, libvirt will not attempt to
      auto-create the partitions in the XML. It is the responsibility
      of the admin/app to configure the partitions. Later libvirt
      APIs will provide a way todo this.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      db44eb1b
    • D
      Add a new virCgroupNewPartition for setting up resource partitions · aa8604dd
      Daniel P. Berrange 提交于
      A resource partition is an absolute cgroup path, ignoring the
      current process placement. Expose a virCgroupNewPartition API
      for constructing such cgroups
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      aa8604dd
    • D
      Rename virCgroupForXXX to virCgroupNewXXX · 04c18d25
      Daniel P. Berrange 提交于
      Rename all the virCgroupForXXX methods to use the form
      virCgroupNewXXX since they are all constructors. Also
      make sure the output parameter is the last one in the
      list, and annotate all pointers as non-null. Fix up
      all callers, and make sure they use true/false not 0/1
      for the boolean parameters
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      04c18d25
    • D
      Store a virCgroupPtr instance in virLXCDomainObjPrivatePtr · cfed9ad4
      Daniel P. Berrange 提交于
      Instead of calling virCgroupForDomain every time we need
      the virCgrouPtr instance, just do it once at Vm startup
      and cache a reference to the object in virLXCDomainObjPrivatePtr
      until shutdown of the VM. Removing the virCgroupPtr from
      the LXC driver state also means we don't have stale mount
      info, if someone mounts the cgroups filesystem after libvirtd
      has been started
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      cfed9ad4
  11. 05 4月, 2013 2 次提交
  12. 20 3月, 2013 1 次提交
  13. 19 3月, 2013 1 次提交
    • D
      Setup LXC cgroups in two phases · 1760258c
      Daniel P. Berrange 提交于
      Currently the LXC controller creates the cgroup, configures the
      resources and adds the task all in one go. This is not sufficiently
      flexible for the forthcoming NBD integration. We need to make sure
      the NBD process gets into the right cgroup immediately, but we can
      not have limits (in particular the device ACL) applied at the point
      where we start qemu-nbd. So create a virLXCCgroupCreate method
      which creates the cgroup and adds the current task to be called
      early, and leave virLXCCgroupSetup to only do resource config.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      1760258c
  14. 06 2月, 2013 2 次提交
  15. 21 12月, 2012 4 次提交
  16. 18 12月, 2012 4 次提交
  17. 28 11月, 2012 4 次提交
    • G
      make /proc/meminfo isolate with host through fuse · d671c0ed
      Gao feng 提交于
      with this patch,container's meminfo will be shown based on
      containers' mem cgroup.
      
      Right now,it's impossible to virtualize all values in meminfo,
      I collect some values such as MemTotal,MemFree,Cached,Active,
      Inactive,Active(anon),Inactive(anon),Active(file),Inactive(anon),
      Active(file),Inactive(file),Unevictable,SwapTotal,SwapFree.
      
      if I miss something, please let me know.
      Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
      d671c0ed
    • G
      add fuse support for libvirt lxc · 2a596dac
      Gao feng 提交于
      this patch addes fuse support for libvirt lxc.
      we can use fuse filesystem to generate sysinfo dynamically,
      So we can isolate /proc/meminfo,cpuinfo and so on through
      fuse filesystem.
      
      we mount fuse filesystem for every container.
      the mount name is libvirt,mount point is
      localstatedir/run/libvirt/lxc/containername.
      Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
      2a596dac
    • D
      Treat missing driver cgroup as fatal in LXC driver · 7c5ba648
      Daniel P. Berrange 提交于
      The LXC driver relies on use of cgroups to kill off LXC processes
      in shutdown. If cgroups aren't available, we're unable to kill
      off processes, so we must treat lack of cgroups as a fatal startup
      error.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      7c5ba648
    • D
      Ensure LXC container exits if cgroups setup fails · 8e1f0c38
      Daniel P. Berrange 提交于
      The code setting up LXC cgroups used an 'rc' variable both
      for capturing the return value of methods it calls, and
      its own return status. The result was that several failures
      in setting up cgroups would actually result in success being
      returned.
      
      Use a separate 'ret' for tracking return value as per normal
      code design in other parts of libvirt
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      8e1f0c38
  18. 21 9月, 2012 1 次提交
  19. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  20. 19 7月, 2012 1 次提交