- 30 8月, 2017 5 次提交
-
-
由 Daniel P. Berrange 提交于
With gnutls 3.6.0, SHA1 is no longer accepted for certificate signatures. We must usw SHA256 instead. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Kothapally Madhu Pavan 提交于
Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
-
由 Martin Kletzander 提交于
Commit e4cb8500 changed the way ssh command line is created by adding '--' before the hostname in order to fix a potential security flaw. However it failed to modify the tests, so let's do that. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1484234 Turns out, only vhostuser type of interfaces are supported currently. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Daniel P. Berrange 提交于
Inspired by the recent GIT / Mercurial security flaws (http://blog.recurity-labs.com/2017-08-10/scm-vulns), consider someone/something manages to feed libvirt a bogus URI such as: virsh -c qemu+ssh://-oProxyCommand=gnome-calculator/system In this case, the hosname "-oProxyCommand=gnome-calculator" will get interpreted as an argument to ssh, not a hostname. Fortunately, due to the set of args we have following the hostname, SSH will then interpret our bit of shell script that runs 'nc' on the remote host as a cipher name, which is clearly invalid. This makes ssh exit during argv parsing and so it never tries to run gnome-calculator. We are lucky this time, but lets be more paranoid, by using '--' to explicitly tell SSH when it has finished seeing command line options. This forces it to interpret "-oProxyCommand=gnome-calculator" as a hostname, and thus see a fail from hostname lookup. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 29 8月, 2017 30 次提交
-
-
由 Martin Kletzander 提交于
When recreating folders with namespaces, the directory type was not being handled at all. It's not special, we probably just didn't know that that can be used as a volume path as well. The code failed gracefully, but we want to allow that so that we can use <disk type='dir'> in domains again. Partially-resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1443434Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Our backing probing code handles directory file types properly in virStorageFileGetMetadataRecurse(), by that I mean it leaves them alone. However its caller, the virStorageFileGetMetadata() resets the type to raw before probing, without even checking the type. We need to special-case TYPE_DIR in order to achieve desired results. Also, in order to properly test this, we need to stop resetting format of volumes in tests for TYPE_DIR (probably the reason why we didn't catch that and why the test data didn't need to be modified). Partially-resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1443434Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Kothapally Madhu Pavan 提交于
Add a simple virsh command handler which makes use of the new API. Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
-
由 Kothapally Madhu Pavan 提交于
Add a simple virsh command handler which makes use of the new API. Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
-
由 Kothapally Madhu Pavan 提交于
Add a simple virsh command handler which makes use of the new API. Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
-
由 Kothapally Madhu Pavan 提交于
This commit adds qemu driver implementation to edit xml configuration of managed save state file of a domain. Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
-
由 Kothapally Madhu Pavan 提交于
This commit adds qemu driver implementation to get xml description for managed save state domain. Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
-
由 Kothapally Madhu Pavan 提交于
Similar to domainSaveImageDefineXML this commit adds domainManagedSaveDefineXML API which allows to edit domain's managed save state xml configuration. Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
-
由 Kothapally Madhu Pavan 提交于
Similar to domainSaveImageGetXMLDesc this commit adds domainManagedSaveGetXMLDesc API which allows to get the xml of managed save state domain. Signed-off-by: NKothapally Madhu Pavan <kmp@linux.vnet.ibm.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1476866 For some reason, we completely ignore <on_reboot/> setting for domains. The implementation is simply not there. It never was. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
This API is definitely modifying state of @vm. Therefore it should grab a job. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
At some places we either already have synchronous job or we just released it. Also, some APIs might want to use this code without having to release their job. Anyway, the job acquire code is moved out to qemuDomainRemoveInactiveJob so that qemuDomainRemoveInactive does just what it promises. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
We can now check for the error and not care about the return value as it will be properly handled in virBufferContentAndReset() anyway. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
The function is useful even without using the return value. And if needed, the return value can be obtained by other calls as well. The potential for clean-up can be seen in the following patch. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Otherwise longer domain names might generate paths that are too long to be created. This follows what other parts of the code do as well. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1453194Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
We always truncated the name at 20 bytes instead of characters. In case 20 bytes were in the middle of a multi-byte character, then the string became invalid and various parts of the code would error out (e.g. XML parsing of that string). Let's instead properly truncate it after 20 characters instead. We cannot test this in our test suite because we would need to know what locales are installed on the system where the tests are ran and if there is supported one (most probably there will be, but we cannot be 100% sure), we could initialize gettext in qemuxml2argvtest, but there would still be a chance of getting two different (both valid, though) results. In order to test this it is enough to start a machine with a name for which trimming it after 20 bytes would create invalid sequence (e.g. 1234567890123456789č where č is any multi-byte character). Then start the domain and restart libvirtd. The domain would disappear because such illegal sequence will not go through the XML parser. And that's not a bug of the parser, it should not be in the XML in the first place, but since we don't use any sophisticated formatter, just mash some strings together, the formatting succeeds. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1448766Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1436042Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1449712Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
The reconnect attribute for chardev devices in QEMU is used to configure the reconnect timeout in seconds. Setting '0' value disables the reconnect functionality thus we don't allow to set '0' for QEMU. To disable the reconnect user should use <reconnect enabled='no'/>. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1254971Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 John Ferlan 提交于
Rather than an int, it returns a bool - so let's define it that way Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
This reverts commit 92840eb3. More recent reviews/changes don't have the vir*ObjNew APIs consuming the @def, so remove from Interface as well. Changes needed to also deal with conflicts from commit id '46f5eca4'. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 28 8月, 2017 5 次提交
-
-
由 Eric Blake 提交于
3 out of 4 uses of gl_WARN_ADD() were incorrectly adding "" around the argument, which in turn resulted in the argument being used unquoted (configure had gl_positive=""-fstack-protector-all"", rather than the intended gl_positive="-fstack-protector-all"). Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Erik Skultety 提交于
Commit 94c465d0 refactored the logging setup phase but introduced an issue, where the daemon ignores verbose mode when there are no outputs defined and the default must be used. The problem is that the default output was determined too early, thus ignoring the potential '--verbose' option taking effect. This patch postpones the creation of the default output to the very last moment when nothing else can change. Since the default output is only created during the init phase, it's safe to leave the pointer as NULL for a while, but it will be set eventually, thus not affecting runtime. Patch also adjusts both the other daemons. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1442947Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Andrea Bolognani 提交于
We can't retrieve the isolation group of a device that's not present in the system. However, it's very common for VFs to be created late in the boot, so they might not be present yet when libvirtd starts, which would cause the guests using them to disappear. Moreover, for other architectures and even ppc64 before isolation groups were introduced, it's considered perfectly fine to configure a guest to use a device that's not yet (or no longer) available to the host, with the obvious caveat that such a guest won't be able to start before the device is available. In order to be consistent, when a device's isolation group can't be determined fall back to not isolating it rather than erroring out or, worse, making the guest disappear. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1484254Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Pavel Hrdina 提交于
While formatting disk or chardev element they both uses virDomainDiskSourceDefFormatSeclabel() function which also closes the source element. This is not extendable. Use the new virXMLFormatElement() to properly format the source element with possible child elements. As a side effect it fixes a bug in disk source formatting. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
This helper allows you to better structurize the code if some element may or may not contains attributes and/or child elements. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-