- 11 2月, 2014 3 次提交
-
-
由 Chen Hanxiao 提交于
Some grammar fixes. s/namespace,set/namespace, set s/container being allowed/container are allowed s/the <code>uid/The <code>uid Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
由 Yuri Myasoedov 提交于
Reset line numbering on each input file in check-aclrules.pl. Otherwise it reports wrong line numbers in its error messages. Signed-off-by: NYuri Myasoedov <ymyasoedov@yandex.ru> Signed-off-by: NRoman Bogorodskiy <bogorodskiy@gmail.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Michal Privoznik 提交于
In the network status XML we may have the <floor/> element with the 'sum' attribute. The attribute represents sum of all 'floor'-s of computed over each interface connected to the network (this is needed to guarantee certain bandwidth for certain domain). The sum is therefore a number. However, if the number was mangled (e.g. by an user's interference to network status file), we've just ignored it without refusing to parse such file. This was all due to 'goto error' missing. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 10 2月, 2014 5 次提交
-
-
由 Peter Krempa 提交于
The code took into account only the global permissions. The domains now support per-vm DAC labels and per-image DAC labels. Use the most specific label available.
-
由 Michal Privoznik 提交于
The lack of debug printings might be frustrating in the future. Moreover, this function doesn't follow the usual pattern we have in the rest of the code: int ret = -1; /* do some work */ ret = 0; cleanup: /* some cleanup work */ return ret; Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Peter Krempa 提交于
Add a new <timer> for the HyperV reference time counter enlightenment and the iTSC reference page for Windows guests. This feature provides a paravirtual approach to track timer events for the guest (similar to kvmclock) with the option to use real hardware clock on systems with a iTSC with compensation across various hosts.
-
由 Peter Krempa 提交于
According to the documentation various timer options are only supported by certain timer types. Add a post parse check to verify that the user didn't specify invalid options. Also fix the qemu command line parsing function to set correct default values for the kvmclock timer so that it passes the new check.
-
由 Peter Krempa 提交于
According to the documentation describing various tunables for domain timers not all the fields are supported by all the driver types. Express these in the RNG: - rtc, platform: Only these support the "track" attribute. - tsc: only one to support "frequency" and "mode" attributes - hpet, pit: tickpolicy/catchup attribute/element - kvmclock: no extra attributes are supported Additionally the attributes of the <catchup> element for tickpolicy='catchup' are optional according to the parsing code. Express this in the XML and fix a spurious space added while formatting the <catchup> element and add tests for it.
-
- 08 2月, 2014 1 次提交
-
-
由 Felix Geyer 提交于
Tested on Debian unstable. The profile updates are partly taken from the Ubuntu trusty libvirt package. Signed-off-by: NGuido Günther <agx@sigxcpu.org>
-
- 07 2月, 2014 11 次提交
-
-
由 John Ferlan 提交于
Coverity complains about "USE_AFTER_FREE" due to how virPCIDeviceSetStubDriver "could" return either -1, 0, or 1 from the VIR_STRDUP() and then possibly makes a call to virPCIDeviceDetach(). The only way this could happen is if NULL were passed as the "driver" name and virStrdup() returned 0. Since the calling functions check < 0 on the initial function call, the 0 possibility causes Coverity to complain. To fix this - enforce that the second parameter is not NULL using ATTRIBUTE_NONNULL(2) for the function prototype, then in virPCIDeviceDetach add an sa_assert(dev->stubDriver). This will result in Coverity not complaining any more.
-
由 Christophe Fergeau 提交于
If it's not present in this list, we won't be able to get only glusterfs pools when using virConnectListAllStoragePools.
-
由 Christophe Fergeau 提交于
LIBGLUSTER_LIBS is emptied before gluster is enabled/disabled, but nothing else sets/uses this variable, so it can be removed.
-
由 Martin Kletzander 提交于
Couple of codepaths shared the same code which can be moved out to a function and on one of such places, qemuMigrationConfirmPhase(), the domain was resumed even if it wasn't running before the migration started. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1057407Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Jim Fehlig 提交于
libxlDomainRestoreFlags acquires the driver lock while reading the domain config from the save file and adding it to libxlDriverPrivatePtr->domains. But virDomainObjList provides self-locking APIs, so remove the needless driver locking. Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
If available, let libxl handle reaping any children it creates by specifying libxl_sigchld_owner_libxl_always_selective_reap. This feature was added to improve subprocess handling in libxl when used in an application that does not install a SIGCHLD handler like libvirt http://lists.xen.org/archives/html/xen-devel/2014-01/msg01555.html Prior to this patch, it is possible to hit asserts in libxl when reaping subprocesses, particularly during simultaneous operations on multiple domains. With this patch, and the corresponding changes to libxl, I no longer see the asserts. Note that the libxl changes will be included in Xen 4.4.0. Previous Xen versions will be susceptible to hitting the asserts even with this patch applied to the libvirt libxl driver. Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
Handling the domain shutdown event within the event handler seems a bit unfair to libxl's event machinery. Domain "shutdown" could take considerable time. E.g. if the shutdown reason is reboot, the domain must be reaped and then started again. Spawn a shutdown handler thread to do this work, allowing libxl's event machinery to go about its business. Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
Due to some misunderstanding of requirements libxl places on timer handling, I introduced the half-brained idea of maintaining a list of timeouts that the driver could force to expire before freeing a libxlDomainObjPrivate (and hence libxl_ctx). But testing all the latest versions of Xen supported by the libxl driver (4.2.3, 4.3.1, 4.4.0 RC3), I see that libxl will handle this just fine and there is no need to force expiration behind libxl's back. Indeed it may be harmful to do so. This patch removes the timer list, allowing libxl to handle cleanup of its timer registrations. Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
When libxl registers an FD with the libxl driver, the refcnt of the associated libxlDomainObjPrivate object is incremented. The refcnt is decremented when libxl deregisters the FD. But some FDs are only deregistered when their libxl ctx is freed, which unfortunately is done in the libxlDomainObjPrivate dispose function. With references held by the FDs, libxlDomainObjPrivate is never disposed. I added the ref/unref in FD registration/deregistration when adding the same in timer registration/deregistration. For timers, this is a simple approach to ensuring the libxlDomainObjPrivate is not disposed prior to their expirtation, which libxl guarantees will occur. It is not needed for FDs, and only causes libxlDomainObjPrivate to leak. This patch removes the reference on libxlDomainObjPrivate for FD registrations, but retains them for timer registrations. Tested on the latest releases of Xen supported by the libxl driver: 4.2.3, 4.3.1, and 4.4.0 RC3. Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Matthieu Coudron 提交于
This commit allows to attach/detach a <filesystem> device in qemu. For this purpose I'm introducing two new functions: virDomainFSInsert() and virDomainFSRemove() and adding necessary code in the qemu driver. It compares filesystems based on their "destination" folder. So if two filesystems share the same destination, they are considered equal and the qemu driver would reject the insertion. Signed-off-by: NMatthieu Coudron <mattator@gmail.com>
-
由 Matthieu Coudron 提交于
With this change the code gets shorter and more readable. Signed-off-by: NMatthieu Coudron <mattator@gmail.com>
-
- 06 2月, 2014 11 次提交
-
-
由 Michal Privoznik 提交于
With my recent work on the test, both time() and localtime() are used. While mocking the former one, we get predictable result for UTC. But since the latter function uses timezone to get local time, the result of localtime() is not so predictive. Therefore, we must set the TZ variable at the beginning of the test. To be able to catch some things that work just by a blind chance, I'm choosing a virtual timezone that (hopefully) no libvirt developer resides in.
-
由 Michal Privoznik 提交于
The qemuxml2argvtest is run on more platforms than linux. For instance FreeBSD. On these platforms we are, however, not mocking time() which results in current time being fetched from system and hence tests number 32 and 33 failing. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Rewrite the function to use an array instead of a struct, translating the field names to int via an enum.
-
由 Roman Bogorodskiy 提交于
Implementation obtains CPU usage information using kern.cp_time and kern.cp_times sysctl(8)s and reports CPU utilization.
-
由 Jiri Denemark 提交于
If virDomainMemoryStats was run on a domain with virtio balloon driver running on an old qemu which supports QMP but does not support qom-list QMP command, libvirtd would crash. The reason is we did not check if qemuMonitorJSONGetObjectListPaths failed and moreover we even stored its result in an unsigned integer type.
-
由 Peter Krempa 提交于
When attempting a blockcommit from the top layer, the base argument passed is NULL. This will be dereferenced when attempting a commit with an empty image chain. Output the real volume path instead: virsh blockcommit --verbose --path vda --domain DOMNAME --wait error: invalid argument: top '/path/somefile' in chain for 'vda' has no backing file instead of: error: invalid argument: top '(null)' in chain for 'vda' has no backing file
-
由 Peter Krempa 提交于
Eric Blake suggested to change this message to be different from the glibc's NULL deref protection message in printf to be able to differentiate errors.
-
由 Michal Privoznik 提交于
When trying to introduce a test for previous patch, I've noticed that the command line is constructed using current time. This won't work in our test suite (unless you guys wants to set a specific time prior to each test run :) ). Therefore we need to mock calls to time(2) to return the same value every time it's called. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1046192 Commit b8bf79aa, which adds clock='variable', forgets to check localtime basis in qemuBuildClockArgStr(). So that localtime basis could not be used. Reported-by: NJincheng Miao <jmiao@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Commit 2ce63c16 added imagelabel generation when relabeling is turned off. But we weren't filling out the sensitivity for type 'none' labels, resulting in an invalid label: $ virsh managedsave domain error: unable to set security context 'system_u:object_r:svirt_image_t' on fd 28: Invalid argument
-
由 Eric Blake 提交于
Noticed a misuse of 'to' while testing my event regression under polkit ACLs, and decided to review the entire conf files for other legibility bugs. * daemon/libvirtd.conf: Use correct grammar. * src/qemu/qemu.conf: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 05 2月, 2014 4 次提交
-
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1058839 Commit f9f56340 for CVE-2014-0028 almost had the right idea - we need to check the ACL rules to filter which events to send. But it overlooked one thing: the event dispatch queue is running in the main loop thread, and therefore does not normally have a current virIdentityPtr. But filter checks can be based on current identity, so when libvirtd.conf contains access_drivers=["polkit"], we ended up rejecting access for EVERY event due to failure to look up the current identity, even if it should have been allowed. Furthermore, even for events that are triggered by API calls, it is important to remember that the point of events is that they can be copied across multiple connections, which may have separate identities and permissions. So even if events were dispatched from a context where we have an identity, we must change to the correct identity of the connection that will be receiving the event, rather than basing a decision on the context that triggered the event, when deciding whether to filter an event to a particular connection. If there were an easy way to get from virConnectPtr to the appropriate virIdentityPtr, then object_event.c could adjust the identity prior to checking whether to dispatch an event. But setting up that back-reference is a bit invasive. Instead, it is easier to delay the filtering check until lower down the stack, at the point where we have direct access to the RPC client object that owns an identity. As such, this patch ends up reverting a large portion of the framework of commit f9f56340. We also have to teach 'make check' to special-case the fact that the event registration filtering is done at the point of dispatch, rather than the point of registration. Note that even though we don't actually use virConnectDomainEventRegisterCheckACL (because the RegisterAny variant is sufficient), we still generate the function for the purposes of documenting that the filtering takes place. Also note that I did not entirely delete the notion of a filter from object_event.c; I still plan on using that for my upcoming patch series for qemu monitor events in libvirt-qemu.so. In other words, while this patch changes ACL filtering to live in remote.c and therefore we have no current client of the filtering in object_event.c, the notion of filtering in object_event.c is still useful down the road. * src/check-aclrules.pl: Exempt event registration from having to pass checkACL filter down call stack. * daemon/remote.c (remoteRelayDomainEventCheckACL) (remoteRelayNetworkEventCheckACL): New functions. (remoteRelay*Event*): Use new functions. * src/conf/domain_event.h (virDomainEventStateRegister) (virDomainEventStateRegisterID): Drop unused parameter. * src/conf/network_event.h (virNetworkEventStateRegisterID): Likewise. * src/conf/domain_event.c (virDomainEventFilter): Delete unused function. * src/conf/network_event.c (virNetworkEventFilter): Likewise. * src/libxl/libxl_driver.c: Adjust caller. * src/lxc/lxc_driver.c: Likewise. * src/network/bridge_driver.c: Likewise. * src/qemu/qemu_driver.c: Likewise. * src/remote/remote_driver.c: Likewise. * src/test/test_driver.c: Likewise. * src/uml/uml_driver.c: Likewise. * src/vbox/vbox_tmpl.c: Likewise. * src/xen/xen_driver.c: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
On Fedora 20, with wireshark-devel installed, 'make rpm' failed due to installed but unpackaged files related to wireshark. As F20 is already released without wireshark, I chose to add a new sub-package that is enabled only for F21 and later. Furthermore, all existing wireshark plugins belong to the wireshark package, so I got to invent behavior of how the first third-party wireshark module will behave. * libvirt.spec.in (with_wireshark): Add new conditional. * configure.ac (ws-plugindir): Improve wording. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Laine Stump 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1057321 pointed out that we weren't honoring the <bandwidth> element in libvirt networks using <forward mode='bridge'/>. In fact, these networks are just a method of giving a libvirt network name to an existing Linux host bridge on the system, and libvirt doesn't have enough information to know where to set such limits. We are working on a method of supporting network bandwidths for some specific cases of <forward mode='bridge'/>, but currently libvirt doesn't support it. So the proper thing to do now is just log an error when someone tries to put a <bandwidth> element in that type of network. (It's unclear if we will be able to do proper bandwidth limiting for macvtap networks, and most definitely we will not be able to support it for hostdev networks). While looking through the network XML documentation and comparing it to the networkValidate function, I noticed that we also ignore the presence of a mac address in the config in the same cases, rather than failing so that the user will understand that their desired action has not been taken. This patch updates networkValidate() (which is called any time a persistent network is defined, or a transient network created) to log an error and fail if it finds either a <bandwidth> or <mac> element and the network forward mode is anything except 'route'. 'nat', or nothing. (Yes, neither of those elements is acceptable for any macvtap mode, nor for a hostdev network). NB: This does *not* cause failure to start any existing network that contains one of those elements, so someone might have erroneously defined such a network in the past, and that network will continue to function unmodified. I considered it too disruptive to suddenly break working configs on the next reboot after a libvirt upgrade.
-
由 Justin Clift 提交于
While at it, also relinquish active commit rights: [x years between commits] is probably a poster child example of inactivity :) Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 04 2月, 2014 5 次提交
-
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1045124 When loading modules, libvirt does not honor the modprobe blacklist. Use the new virKModLoad() API in order to attempt load with blacklist check. Use the new virKModIsBlacklisted() API to check if the failure to load was due to the blacklist Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Adding tests for new virKMod{Config|Load|Unload}() API's. A test for virKModIsBlacklisted() would require some setup which cannot be assumed.
-
由 John Ferlan 提交于
virKModConfig() - Return a buffer containing kernel module configuration virKModLoad() - Load a specific module into the kernel configuration virKModUnload() - Unload a specific module from the kernel configuration virKModIsBlacklisted() - Determine whether a module is blacklisted within the kernel configuration
-
由 Laine Stump 提交于
commit f094aaac changed qemuPrepareHostdevPCIDevices() such that it may modify the "backend" (vfio vs. legacy kvm) setting in the virHostdevDef. However, qemuDomainAttachHostPciDevice() (used by hotplug) copies the backend setting into a local *before* calling qemuPrepareHostdevPCIDevices(), and then later makes a decision based on that pre-change value. The result is that, if the backend had been set to "default" (i.e. not specified in the config) and was later updated to "VFIO" by qemuPrepareHostdevPCIDevices(), the qemu process' MacMemLock is not increased (as is required for VFIO device assignment). This patch delays making the local copy of backend until after its potential modification.
-
由 Daniel P. Berrange 提交于
The project has historically operated as a meritocratic consensus based community. Formally document what has always been an unwritten assumption amongst the community participants. Also include an explicit code of conduct to preempt any potential, but unlikely, future problems. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-