- 16 5月, 2012 4 次提交
-
-
由 Daniel P. Berrange 提交于
If the LXC config has a filesystem <filesystem> <source dir='/'/> <target dir='/'/> </filesystem> then there is no need to go down the pivot root codepath. We can simply use the existing root as needed. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently to make sysfs readonly, we remount the existing instance and then bind it readonly. Unfortunately this means sysfs is still showing device objects wrt the host OS namespace. We need it to reflect the container namespace, so we must mount a completely new instance of it. Do the same for selinuxfs since there is no benefit to bind mounting & this lets us simplify the code. * src/lxc/lxc_container.c: Mount fresh sysfs instance Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
Instead of hardcoding use of SELinux contexts in the LXC driver, switch over to using the official security driver API. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel Walsh 提交于
To allow the security drivers to apply different configuration information per hypervisor, pass the virtualization driver name into the security manager constructor. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 01 5月, 2012 4 次提交
-
-
由 Daniel P. Berrange 提交于
Once lxcContainerSetStdio is invoked, logging will not work as expected in libvirt_lxc. So make sure this is the last thing to be called, in particular after setting the security process label
-
由 Daniel P. Berrange 提交于
The virLogSetFromEnv call was done too late in startup to catch many log messages (eg from security driver initialization). To assist debugging also explicitly log the security details at startup
-
由 Daniel P. Berrange 提交于
The driver->securityDriverName field may be NULL, if automatic probing is used to determine security driver. This meant that unless selinux was explicitly requested in lxc.conf, it was not being sent to the libvirt_lxc process. The driver->securityManager field is guaranteed non-NULL, since there will always be the 'none' security driver present if nothing else exists. So use that to set the driver name for libvirt_lxc Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the libvirt_lxc process uses VIR_DOMAIN_XML_INACTIVE when loading the XML for the container. This means it loses any dynamic data such as the, just allocated, SELinux label. Further there is an inconsistency in the libvirt LXC driver whereby it saves the live config XML and then later overwrites the file with the live status XML instead. Add a comment about this for future reference. * src/lxc/lxc_controller.c: Remove VIR_DOMAIN_XML_INACTIVE when loading XML * src/lxc/lxc_driver.c: Add comment about inconsistent config file formats Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 28 4月, 2012 1 次提交
-
-
由 Stefan Berger 提交于
Error: UNINIT: /libvirt/src/lxc/lxc_driver.c:1412: var_decl: Declaring variable "fd" without initializer. /libvirt/src/lxc/lxc_driver.c:1460: uninit_use_in_call: Using uninitialized value "fd" when calling "virFileClose". /libvirt/src/util/virfile.c:50: read_parm: Reading a parameter value. Error: DEADCODE: /libvirt/src/lxc/lxc_controller.c:960: dead_error_condition: On this path, the condition "ret == 4" cannot be true. /libvirt/src/lxc/lxc_controller.c:959: at_most: After this line, the value of "ret" is at most -1. /libvirt/src/lxc/lxc_controller.c:959: new_values: Noticing condition "ret < 0". /libvirt/src/lxc/lxc_controller.c:961: dead_error_line: Execution cannot reach this statement "continue;". Error: UNINIT: /libvirt/src/lxc/lxc_controller.c:1104: var_decl: Declaring variable "consoles" without initializer. /libvirt/src/lxc/lxc_controller.c:1237: uninit_use: Using uninitialized value "consoles".
-
- 30 3月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The code is splattered with a mix of sizeof foo sizeof (foo) sizeof(foo) Standardize on sizeof(foo) and add a syntax check rule to enforce it Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 27 3月, 2012 3 次提交
-
-
由 Daniel P. Berrange 提交于
Pass argv to the init binary of LXC, using a new <initarg> element. * docs/formatdomain.html.in: Document <os> usage for containers * docs/schemas/domaincommon.rng: Add <initarg> element * src/conf/domain_conf.c, src/conf/domain_conf.h: parsing and formatting of <initarg> * src/lxc/lxc_container.c: Setup LXC argv * tests/Makefile.am, tests/lxcxml2xmldata/lxc-systemd.xml, tests/lxcxml2xmltest.c, tests/testutilslxc.c, tests/testutilslxc.h: Test parsing/formatting of LXC related XML parts
-
由 Daniel P. Berrange 提交于
The SELinux mount point moved from /selinux to /sys/fs/selinux when systemd came along. * configure.ac: Probe for SELinux mount point * src/lxc/lxc_container.c: Use SELinux mount point determined by configure.ac
-
由 Martin Kletzander 提交于
Return statements with parameter enclosed in parentheses were modified and parentheses were removed. The whole change was scripted, here is how: List of files was obtained using this command: git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' | \ grep -e '\.[ch]$' -e '\.py$' Found files were modified with this command: sed -i -e \ 's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \ -e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_' Then checked for nonsense. The whole command looks like this: git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' | \ grep -e '\.[ch]$' -e '\.py$' | xargs sed -i -e \ 's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \ -e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_'
-
- 23 3月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Move error reporting out of the callers, into virURIParse and virURIFormat, to get consistency. * include/libvirt/virterror.h, src/util/virterror.c: Add VIR_FROM_URI * src/util/viruri.c, src/util/viruri.h: Add error reporting * src/esx/esx_driver.c, src/libvirt.c, src/libxl/libxl_driver.c, src/lxc/lxc_driver.c, src/openvz/openvz_driver.c, src/qemu/qemu_driver.c, src/qemu/qemu_migration.c, src/remote/remote_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c, src/vmx/vmx.c, src/xen/xen_driver.c, src/xen/xend_internal.c, tests/viruritest.c: Remove error reporting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 16 3月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
If no <interface> elements are included in an LXC guest XML description, then the LXC guest will just see the host's network interfaces. It is desirable to be able to hide the host interfaces, without having to define any guest interfaces. This patch introduces a new feature flag <privnet/> to allow forcing of a private network namespace for LXC. In the future I also anticipate that we will add <privuser/> to force a private user ID namespace. * src/conf/domain_conf.c, src/conf/domain_conf.h: Add support for <privnet/> feature. Auto-set <privnet> if any <interface> devices are defined * src/lxc/lxc_container.c: Honour request for private network namespace
-
- 15 3月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Systemd has declared that all container virtualization technologies should set 'container_uuid' to identify themselves. http://cgit.freedesktop.org/systemd/systemd/commit/?id=09b967eaa51a39dabb7f238927f67bd682466dbc
-
- 12 3月, 2012 1 次提交
-
-
由 Daniel Veillard 提交于
this was raised by our hindi localization team chandan kumar <chandankumar.093047@gmail.com>
-
- 09 3月, 2012 1 次提交
-
-
由 Ansis Atteka 提交于
This patch will allow OpenFlow controllers to identify which interface belongs to a particular VM by using the Domain UUID. ovs-vsctl get Interface vnet0 external_ids {attached-mac="52:54:00:8C:55:2C", iface-id="83ce45d6-3639-096e-ab3c-21f66a05f7fa", iface-status=active, vm-id="142a90a7-0acc-ab92-511c-586f12da8851"} V2 changes: Replaced vm-uuid with vm-id. There was a discussion in Open vSwitch mailinglist that we should stick with the same DB key postfixes for the sake of consistency (e.g iface-id, vm-id ...).
-
- 08 3月, 2012 1 次提交
-
-
由 Eric Blake 提交于
On 64-bit platforms, unsigned long and unsigned long long are identical, so we don't have to worry about overflow checks. On 32-bit platforms, anywhere we narrow unsigned long long back to unsigned long, we have to worry about overflow; it's easier to do this in one place by having most of the code use the same or wider types, and only doing the narrowing at the last minute. Therefore, the memory set commands remain unsigned long, and the memory get command now centralizes the overflow check into libvirt.c, so that drivers don't have to repeat the work. This also fixes a bug where xen returned the wrong value on failure (most APIs return -1 on failure, but getMaxMemory must return 0 on failure). * src/driver.h (virDrvDomainGetMaxMemory): Use long long. * src/libvirt.c (virDomainGetMaxMemory): Raise overflow. * src/test/test_driver.c (testGetMaxMemory): Fix driver. * src/rpc/gendispatch.pl (name_to_ProcName): Likewise. * src/xen/xen_hypervisor.c (xenHypervisorGetMaxMemory): Likewise. * src/xen/xen_driver.c (xenUnifiedDomainGetMaxMemory): Likewise. * src/xen/xend_internal.c (xenDaemonDomainGetMaxMemory): Likewise. * src/xen/xend_internal.h (xenDaemonDomainGetMaxMemory): Likewise. * src/xen/xm_internal.c (xenXMDomainGetMaxMemory): Likewise. * src/xen/xm_internal.h (xenXMDomainGetMaxMemory): Likewise. * src/xen/xs_internal.c (xenStoreDomainGetMaxMemory): Likewise. * src/xen/xs_internal.h (xenStoreDomainGetMaxMemory): Likewise. * src/xenapi/xenapi_driver.c (xenapiDomainGetMaxMemory): Likewise. * src/esx/esx_driver.c (esxDomainGetMaxMemory): Likewise. * src/libxl/libxl_driver.c (libxlDomainGetMaxMemory): Likewise. * src/qemu/qemu_driver.c (qemudDomainGetMaxMemory): Likewise. * src/lxc/lxc_driver.c (lxcDomainGetMaxMemory): Likewise. * src/uml/uml_driver.c (umlDomainGetMaxMemory): Likewise.
-
- 29 2月, 2012 2 次提交
-
-
由 Martin Kletzander 提交于
Just a cleanup of commit 32f881c6.
-
由 Jiri Denemark 提交于
Hooks may now be used as filters.
-
- 25 2月, 2012 1 次提交
-
-
由 Martin Kletzander 提交于
Function xmlParseURI does not remove square brackets around IPv6 address when parsing. One of the solutions is making wrappers around functions working with xmlURI*. This assures that uri->server will be always properly assigned and it doesn't have to be changed when used on some new place in the code. For this purpose, functions virParseURI and virSaveURI were added. These function are wrappers around xmlParseURI and xmlSaveUri respectively. Also there is one new syntax check function to prohibit these functions anywhere else. File changes: - src/util/viruri.h -- declaration - src/util/viruri.c -- definition - src/libvirt_private.syms -- symbol export - src/Makefile.am -- added source and header files - cfg.mk -- added sc_prohibit_xmlURI - all others -- ID name and include fixes
-
- 16 2月, 2012 2 次提交
-
-
由 Ansis Atteka 提交于
This patch allows libvirt to add interfaces to already existing Open vSwitch bridges. The following syntax in domain XML file can be used: <interface type='bridge'> <mac address='52:54:00:d0:3f:f2'/> <source bridge='ovsbr'/> <virtualport type='openvswitch'> <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'/> </virtualport> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> or if libvirt should auto-generate the interfaceid use following syntax: <interface type='bridge'> <mac address='52:54:00:d0:3f:f2'/> <source bridge='ovsbr'/> <virtualport type='openvswitch'> </virtualport> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> It is also possible to pass an optional profileid. To do that use following syntax: <interface type='bridge'> <source bridge='ovsbr'/> <mac address='00:55:1a:65:a2:8d'/> <virtualport type='openvswitch'> <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d' profileid='test-profile'/> </virtualport> </interface> To create Open vSwitch bridge install Open vSwitch and run the following command: ovs-vsctl add-br ovsbr
-
由 Laine Stump 提交于
An upcoming patch will add a <virtualport> element to interfaces of type='bridge', so it makes sense to give this function a more generic name.
-
- 09 2月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Some applications expect /dev/std{in,out,err} to exist. Populate them during container startup as symlinks to /proc/self/fd
-
- 04 2月, 2012 1 次提交
-
-
由 Philipp Hahn 提交于
compat{a->i}bility erron{->e}ous nec{c->}essary. Either "the" or "a". Signed-off-by: NPhilipp Hahn <hahn@univention.de>
-
- 03 2月, 2012 3 次提交
-
-
由 Martin Kletzander 提交于
This patch fixes the access of variable "con" in two files where the variable was declared only on SELinux builds and thus the build failed without SELinux. It's a rather nasty fix but helps fix the build quickly and without any major changes to the code.
-
由 Daniel P. Berrange 提交于
To allow the container to access /dev and /dev/pts when under sVirt, set an explicit mount option. Also set a max size on the /dev mount to prevent DOS on memory usage * src/lxc/lxc_container.c: Set /dev mount context * src/lxc/lxc_controller.c: Set /dev/pts mount context
-
由 Daniel P. Berrange 提交于
For the sake of backwards compat, LXC guests are *not* confined by default. This is because it is not practical to dynamically relabel containers using large filesystem trees. Applications can create confined containers though, by giving suitable XML configs * src/Makefile.am: Link libvirt_lxc to security drivers * src/lxc/libvirtd_lxc.aug, src/lxc/lxc_conf.h, src/lxc/lxc_conf.c, src/lxc/lxc.conf, src/lxc/test_libvirtd_lxc.aug: Config file handling for security driver * src/lxc/lxc_driver.c: Wire up security driver functions * src/lxc/lxc_controller.c: Add a '--security' flag to specify which security driver to activate * src/lxc/lxc_container.c, src/lxc/lxc_container.h: Set the process label just before exec'ing init.
-
- 25 1月, 2012 2 次提交
-
-
由 Eric Blake 提交于
Systemd detects containers based on whether they have an environment variable starting with 'container=lxc'; using a longer name fits the expectations, while also allowing detection of who created the container. Requested by Lennart Poettering, in response to https://bugs.freedesktop.org/show_bug.cgi?id=45175 * src/lxc/lxc_container.c (lxcContainerBuildInitCmd): Add another env-var.
-
由 Daniel P. Berrange 提交于
The current setup code for LXC is bind mounting /dev/pts/ptmx on top of a character device /dev/ptmx. This is denied by SELinux policy and is just wrong. The target of a bind mount should just be a plain file * src/lxc/lxc_container.c: Don't bind /dev/pts/ptmx onto a char device
-
- 20 1月, 2012 2 次提交
-
-
由 Eric Blake 提交于
Reusing common code makes things smaller; it also buys us some additional safety, such as now rejecting duplicate parameters during a set operation. * src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters) (qemuDomainSetMemoryParameters, qemuDomainSetNumaParameters) (qemuSetSchedulerParametersFlags) (qemuDomainSetInterfaceParameters, qemuDomainSetBlockIoTune) (qemuDomainGetBlkioParameters, qemuDomainGetMemoryParameters) (qemuDomainGetNumaParameters, qemuGetSchedulerParametersFlags) (qemuDomainBlockStatsFlags, qemuDomainGetInterfaceParameters) (qemuDomainGetBlockIoTune): Use new helpers. * src/esx/esx_driver.c (esxDomainSetSchedulerParametersFlags) (esxDomainSetMemoryParameters) (esxDomainGetSchedulerParametersFlags) (esxDomainGetMemoryParameters): Likewise. * src/libxl/libxl_driver.c (libxlDomainSetSchedulerParametersFlags) (libxlDomainGetSchedulerParametersFlags): Likewise. * src/lxc/lxc_driver.c (lxcDomainSetMemoryParameters) (lxcSetSchedulerParametersFlags, lxcDomainSetBlkioParameters) (lxcDomainGetMemoryParameters, lxcGetSchedulerParametersFlags) (lxcDomainGetBlkioParameters): Likewise. * src/test/test_driver.c (testDomainSetSchedulerParamsFlags) (testDomainGetSchedulerParamsFlags): Likewise. * src/xen/xen_hypervisor.c (xenHypervisorSetSchedulerParameters) (xenHypervisorGetSchedulerParameters): Likewise.
-
由 Eric Blake 提交于
Based on qemu changes made in commits ae523427 and 659ded58. * src/lxc/lxc_driver.c (lxcSetSchedulerParametersFlags) (lxcGetSchedulerParametersFlags, lxcDomainSetBlkioParameters) (lxcDomainGetBlkioParameters): Use helpers. (lxcDomainSetBlkioParameters): Allow setting live and config at once.
-
- 18 1月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Given an LXC guest with a root filesystem path of /export/lxc/roots/helloworld/root During startup, we will pivot the root filesystem to end up at /.oldroot/export/lxc/roots/helloworld/root We then try to open /.oldroot/export/lxc/roots/helloworld/root/dev/pts Now consider if '/export/lxc' is an absolute symlink pointing to '/media/lxc'. The kernel will try to open /media/lxc/roots/helloworld/root/dev/pts whereas it should be trying to open /.oldroot//media/lxc/roots/helloworld/root/dev/pts To deal with the fact that the root filesystem can be moved, we need to resolve symlinks in *any* part of the filesystem source path. * src/libvirt_private.syms, src/util/util.c, src/util/util.h: Add virFileResolveAllLinks to resolve all symlinks in a path * src/lxc/lxc_container.c: Resolve all symlinks in filesystem paths during startup
-
- 13 1月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the LXC controller attempts to deal with EOF on a tty by spawning a thread to do an edge triggered epoll_wait(). This avoids the normal event loop spinning on POLLHUP. There is a subtle mistake though - even after seeing POLLHUP on a master PTY, it is still perfectly possible & valid to write data to the PTY. There is a buffer that can be filled with data, even when no client is present. The second mistake is that the epoll_wait() thread was not looking for the EPOLLOUT condition, so when a new client connects to the LXC console, it had to explicitly send a character before any queued output would appear. Finally, there was in fact no need to spawn a new thread to deal with epoll_wait(). The epoll file descriptor itself can be poll()'d on normally. This patch attempts to deal with all these problems. - The blocking epoll_wait() thread is replaced by a poll on the epoll file descriptor which then does a non-blocking epoll_wait() to handle events - Even if POLLHUP is seen, we continue trying to write any pending output until getting EAGAIN from write. - Once write returns EAGAIN, we modify the epoll event mask to also look for EPOLLOUT * src/lxc/lxc_controller.c: Avoid stalled I/O upon connected to an LXC console
-
- 19 12月, 2011 4 次提交
-
-
由 Daniel P. Berrange 提交于
The lifetime of the virDomainEventState object is tied to the lifetime of the driver, which in stateless drivers is tied to the lifetime of the virConnectPtr. If we add & remove a timer when allocating/freeing the virDomainEventState object, we can get a situation where the timer still triggers once after virDomainEventState has been freed. The timeout callback can't keep a ref on the event state though, since that would be a circular reference. The trick is to only register the timer when a callback is registered with the event state & remove the timer when the callback is unregistered. The demo for the bug is to run while true ; do date ; ../tools/virsh -q -c test:///default 'shutdown test; undefine test; dominfo test' ; done prior to this fix, it will frequently hang and / or crash, or corrupt memory
-
由 Daniel P. Berrange 提交于
Currently all drivers using domain events need to provide a callback for handling a timer to dispatch events in a clean stack. There is no technical reason for dispatch to go via driver specific code. It could trivially be dispatched directly from the domain event code, thus removing tedious boilerplate code from all drivers Also fix the libxl & xen drivers to pass 'true' when creating the virDomainEventState, since they run inside the daemon & thus always expect events to be present. * src/conf/domain_event.c, src/conf/domain_event.h: Internalize dispatch of events from timer callback * src/libxl/libxl_driver.c, src/lxc/lxc_driver.c, src/qemu/qemu_domain.c, src/qemu/qemu_driver.c, src/remote/remote_driver.c, src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Remove all timer dispatch functions
-
由 Daniel P. Berrange 提交于
* src/libxl/libxl_driver.c, src/lxc/lxc_driver.c, src/qemu/qemu_driver.c, src/remote/remote_driver.c, src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Convert to threadsafe APIs
-
由 Daniel P. Berrange 提交于
When registering a callback for a particular event some callers need to know how many callbacks already exist for that event. While it is possible to ask for a count, this is not free from race conditions when threaded. Thus the API for registering callbacks should return the count of callbacks. Also rename virDomainEventStateDeregisterAny to virDomainEventStateDeregisterID * src/conf/domain_event.c, src/conf/domain_event.h, src/libvirt_private.syms: Return count of callbacks when registering callbacks * src/libxl/libxl_driver.c, src/libxl/libxl_driver.c, src/qemu/qemu_driver.c, src/remote/remote_driver.c, src/remote/remote_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Update for change in APIs
-
- 09 12月, 2011 1 次提交
-
-
由 Stefan Berger 提交于
A preparatory patch for DHCP snooping where we want to be able to differentiate between a VM's interface using the tuple of <VM UUID, Interface MAC address>. We assume that MAC addresses could possibly be re-used between different networks (VLANs) thus do not only want to rely on the MAC address to identify an interface. At the current 'final destination' in virNWFilterInstantiate I am leaving the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive. (we may not post the DHCP snooping patches for 0.9.9, though) Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver and uml_conf, I am passing the virDomainDefPtr around until I am passing only the VM's uuid into the NWFilter calls.
-