- 28 6月, 2018 4 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1541921 In TCG mode, there are no vCPU threads and thus there's nothing to be placed into resctrl group. Forbid such configuration. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Jiri Denemark 提交于
If we ever fail to properly set jobinfo->statsType, qemuDomainJobInfoToParams would return -1 without setting an error. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Stefan Berger 提交于
This patch extends the AppArmor domain profile with file paths the swtpm accesses for state, log, pid, and socket files. Both, QEMU and swtpm, use this AppArmor profile. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Cc: Christian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Julio Faracco 提交于
The function nwfilterBindingCreateXML() is failing to compile due to a conditional branch which leads to an undefined 'obj' variable. So 'obj' must have an initial value to avoid compilation errors. See the problem: CC nwfilter/libvirt_driver_nwfilter_impl_la-nwfilter_driver.lo nwfilter/nwfilter_driver.c:752:9: error: variable 'obj' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized] if (virNWFilterBindingCreateXMLEnsureACL(conn, def) < 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ nwfilter/nwfilter_driver.c:779:10: note: uninitialized use occurs here if (!obj) ^~~ nwfilter/nwfilter_driver.c:752:5: note: remove the 'if' if its condition is always false if (virNWFilterBindingCreateXMLEnsureACL(conn, def) < 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ nwfilter/nwfilter_driver.c:742:33: note: initialize the variable 'obj' to silence this warning virNWFilterBindingObjPtr obj; ^ = NULL This commit initialized 'obj' with NULL to fix the error properly. Signed-off-by: NJulio Faracco <jcfaracco@gmail.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
- 27 6月, 2018 23 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1585108 When updating a live device users might pass different alias than the one the device has. Currently, this is silently ignored which goes against our behaviour for other parts of the device where we explicitly allow only certain changes and error out loudly on anything else. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
This was lost in c57f3fd2. But now we are going to need it again (except the DETACH action where checking for device compatibility does not make much sense anyway). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
When updating device it's worth parsing live info too as users might want to update it as well. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Pavel Hrdina 提交于
Commit <41d619e9> introduced new RNG schema files for nwfilter but forgot to update spec file. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Cole Robinson 提交于
It's in the domain_addr.h section, but should be in the domain_conf.h section Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Bjoern Walk 提交于
Mediated devices of model 'vfio-ccw' are using CCW addresses, so make sure to call the correct address preparation code for the model. Reviewed-by: NShalini Chellathurai Saroja <shalini@linux.ibm.com> Reviewed-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Signed-off-by: NBjoern Walk <bwalk@linux.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Include both the domain and storage modifications in a "Removed features" section as well as describing the improvement to allow using a raw input volume to create the luks encrypted volume. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Starting with QEMU 2.9, encryption convert processing requires a multi-step process in order to generate an encrypted image from some non encrypted raw image. Processing requires to first create an encrypted image using the sizing parameters from the input source and second to use the --image-opts, -n, and --target-image-opts options along with inline driver options to describe the input and output files, generating two commands such as: $ qemu-img create -f luks \ --object secret,id=demo.img_encrypt0,file=/path/to/secretFile \ -o key-secret=demo.img_encrypt0 \ demo.img 500K Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0 $ qemu-img convert --image-opts -n --target-image-opts \ --object secret,id=demo.img_encrypt0,file=/path/to/secretFile \ driver=raw,file.filename=sparse.img \ driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0 $ This patch handles the convert processing by running the processing in a do..while loop essentially reusing the existing create logic and arguments to create the target vol from the inputvol and then converting the inputvol using new arguments. This then allows the following virsh command to work properly: virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default where encrypt1-luks.xml would provided the path and secret for the new image, while data.img would be the source image. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Since we no longer support creating qcow2 encryption format volumes, we no longer have to possibly create some secret and have no real need for the function, so move the remaining functionality to build the secret path back into the caller storageBackendCreateQemuImg. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Since we only generate the @encinfo when there's a secret object and thus we need to reference it in the options, Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Remove the checks for qcow encryption since both callers (create and resize) would have already disallowed usage. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1526382 Since commit c4eedd79 disallowed qcow2 encrypted images to be used for domains, it no longer makes sense to allow a qcow2 encrypted volume to be created or resized. Add a test that will exhibit the failure of creation as well as the xml2xml validation of the format still being correct. Update the documentation to note the removal of the capability to create and use qcow/default encrypted volumes. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
We're about to disallow creation of a qcow2 encrypted storage volume, so let's remove the qcow encryption element from the tests which are testing whether other format='qcow2' related features work properly. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Change from @enc to @encinfo leaving @enc for the vol->target.encryption in the storageBackendCreateQemuImgSetOptions code path. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Add the storagevolxml2xmltest "luks" and "luks-cipher" tests to the storagevolxml2argvtest. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
Allowing a NULL @secretPath for virStorageBackendCreateQemuImgCmdFromVol would result in a generated command line with a dangling "file=" output. So let's make sure the @secretPath exists before processing. This means we should pass a dummy path from the storage test. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> ACKed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Cole Robinson 提交于
Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Daniel P. Berrangé 提交于
Remove the callbacks that the nwfilter driver registers with the domain object config layer. Instead make the current helper methods call into the public API for creating/deleting nwfilter bindings. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
This allows the virsh commands nwfilter-binding-create and nwfilter-binding-delete to be used. Note using these commands lets you delete filters that were previously created automatically by the virt drivers, or add filters for VM nics that were not there before. Generally it is expected these new APIs will only be used by virt drivers. It is the admin's responsibility to not shoot themselves in the foot. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Wire up the ListAll, LookupByPortDev and GetXMLDesc APIs to allow the virsh nwfilter-binding-list & nwfilter-binding-dumpxml commands to work. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Now that the nwfilter driver keeps a list of bindings that it has created, there is no need for the complex virt driver callbacks. It is possible to simply iterate of the list of recorded filter bindings. This means that rebuilding filters no longer has to acquire any locks on the virDomainObj objects, as they're never touched. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Currently the nwfilter driver does not keep any record of what filter bindings it has active. This means that when it needs to recreate filters, it has to rely on triggering callbacks provided by the virt drivers. This introduces a hash table recording the virNWFilterBinding objects so the driver has a record of all active filters. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 26 6月, 2018 13 次提交
-
-
由 Anya Harter 提交于
Add comma escaping for netsource. This is done here because qemuBuildNetworkDriveStr has other external callers which may not expect an escaped comma; however, this particular command building path needs to perform the escaping for the hostdev command line, so we do it now to ensure src->path and src->host->name are covered. Signed-off-by: NAnya Harter <aharter@redhat.com>
-
由 Anya Harter 提交于
Instead of source to enable use of virBuffer functions in string construction. Signed-off-by: NAnya Harter <aharter@redhat.com>
-
由 Michal Privoznik 提交于
If a thread is unable to acquire a job (e.g. because of timeout) an error is reported and the error message contains reference to the other thread holding the job. Well, the error message should report agent job too as it is yet another source of possible failure. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Chen Hanxiao 提交于
In [1], <type> are described as "on_poweroff", "on_reboot", "on_crash". but we accept "poweroff", "reboot" and "crash". This patch adds documentation for them. [1]: https://libvirt.org/formatdomain.html#elementsEventsSigned-off-by: NChen Hanxiao <chenhanxiao@gmail.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Daniel P. Berrangé 提交于
Introduce a new struct to act as the manager of a collection of virNWFilterBindingObjPtr objects. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Introduce a new struct to act as the stateful owner of the virNWFilterBindingDefPtr objects. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
If a <interface> includes a filter name but the nwfilter driver is not present we silently do nothing. This is very bad, because an application that thinks it is protected by malicious guest traffic will in fact be vulnerable. Reporting an error gives the administrator the ability to know there is a problem and fix it. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Use the virNWFilterBindingDefPtr struct in the DHCP address snooping code directly. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Use the virNWFilterBindingDefPTr struct in the IP address learning code directly. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Use the virNWFilterBindingDefPtr struct in the gentech driver code directly. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
$ virsh nwfilter-binding-list Port Dev Filter ------------------------------------------------------------------ vnet0 clean-traffic vnet1 clean-traffic $ virsh nwfilter-binding-dumpxml vnet1 <filterbinding> <owner> <name>f25arm7</name> <uuid>12ac8b8c-4f23-4248-ae42-fdcd50c400fd</uuid> </owner> <portdev name='vnet1'/> <mac address='52:54:00:9d:81:b1'/> <filterref filter='clean-traffic'> <parameter name='MAC' value='52:54:00:9d:81:b1'/> </filterref> </filterbinding> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-