- 23 7月, 2014 4 次提交
-
-
由 Ján Tomko 提交于
For the values "default", "on", "off" Replaces virDeviceAddressPCIMulti virDomainFeatureState virDomainIoEventFd virDomainVirtioEventIdx virDomainDiskCopyOnRead virDomainMemDump virDomainPCIRombarMode virDomainGraphicsSpicePlaybackCompression
-
由 Peter Krempa 提交于
The patch described above introduced two problems caught by the compiler and thus breaking the build. One of the problems was comparison of unsigned with < 0 and the second one jumped a variable init.
-
由 Cédric Bosdonnat 提交于
Added <capabilities> in the <features> section of LXC domains configuration. This section can contain elements named after the capabilities like: <mknod state="on"/>, keep CAP_MKNOD capability <sys_chroot state="off"/> drop CAP_SYS_CHROOT capability Users can restrict or give more capabilities than the default using this mechanism.
-
由 Chen Hanxiao 提交于
kernel commit 7dc5dbc879bd0779924b5132a48b731a0bc04a1e forbid us doing a fresh mount for sysfs when enable userns but disable netns. This patch will create a bind mount in this senario. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 18 7月, 2014 1 次提交
-
-
由 Cédric Bosdonnat 提交于
LXC network devices can now be assigned a custom NIC device name on the container side. For example, this is configured with: <interface type='network'> <source network='default'/> <guest dev="eth1"/> </interface> In this example the network card will appear as eth1 in the guest.
-
- 03 7月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
They report errors in all other cases.
-
- 25 3月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
-
- 18 3月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 3月, 2014 1 次提交
-
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 04 3月, 2014 1 次提交
-
-
由 Eric Blake 提交于
Right now, a caller waiting for a child process either requires the child to have status 0, or must use WIFEXITED() and friends itself. But in many cases, we want the middle ground of treating fatal signals as an error, and directly accessing the normal exit value without having to use WEXITSTATUS(), in order to easily detect an expected non-zero exit status. This adds the middle ground to the low-level virProcessWait; the next patch will add it to virCommand. * src/util/virprocess.h (virProcessWait): Alter signature. * src/util/virprocess.c (virProcessWait): Add parameter. (virProcessRunInMountNamespace): Adjust caller. * src/util/vircommand.c (virCommandWait): Likewise. * src/util/virfile.c (virFileAccessibleAs): Likewise. * src/lxc/lxc_container.c (lxcContainerHasReboot) (lxcContainerAvailable): Likewise. * daemon/libvirtd.c (daemonForkIntoBackground): Likewise. * tools/virt-login-shell.c (main): Likewise. * tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise. * tests/testutils.c (virtTestCaptureProgramOutput): Likewise. * tests/commandtest.c (test23): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 20 2月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virDomainGetRootFilesystem method can be generalized to allow any filesystem path to be obtained. While doing this, start a new test case for purpose of testing various helper methods in the domain_conf.{c,h} files, such as this one. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 13 2月, 2014 1 次提交
-
-
由 Cédric Bosdonnat 提交于
Tmpfs relative size and default 50% size values aren't supported as we have no idea of the available memory at the conversion time.
-
- 18 12月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Systemd specified that any /dev/pts/NNN device on which it is expected to spawn a agetty login, should be listed in the 'container_ttys' env variable. It should just contain the relative paths, eg 'pts/0' not '/dev/pts/0' and should be space separated. http://cgit.freedesktop.org/systemd/systemd/commit/?id=1d97ff7dd71902a5604c2fed8964925d54e09de9Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 16 12月, 2013 1 次提交
-
-
由 Gao feng 提交于
The newroot is not mounted as tmpfs, we bind root->src to it. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
- 11 12月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
re-mount it again. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 06 12月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
Currently, if virFileMakePath() fails, the @ret is left initialized from virAsprintf() just a few lines above leading to a wrong return value of zero whereas -1 should be returned. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 29 11月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
When setting up filesystems backed by block devices or file images, the SELinux mount options must be used to ensure the correct context is set Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 28 11月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Move the code for lxcContainerGetSubtree into the virfile module creating 2 new functions int virFileGetMountSubtree(const char *mtabpath, const char *prefix, char ***mountsret, size_t *nmountsret); int virFileGetMountReverseSubtree(const char *mtabpath, const char *prefix, char ***mountsret, size_t *nmountsret); Add a new virfiletest.c test case to validate the new code. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add virStringSortCompare and virStringSortRevCompare as standard functions to use with qsort. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 26 11月, 2013 2 次提交
-
-
由 Gao feng 提交于
Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942 vfs: Lock in place mounts from more privileged users, unprivileged user has no rights to umount the mounts that inherited from parent mountns. right now, I have no good idea to fix this problem, we need to do more research. this patch just skip unmounting these mounts for shared root. BTW, I think when libvirt lxc enables user namespace, the configuation that shares root with host is very rara. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942 vfs: Lock in place mounts from more privileged users, unprivileged user has no rights to move the mounts that inherited from parent mountns. we use this feature to move the /stateDir/domain-name.{dev, devpts} to the /dev/ and /dev/pts directroy of container. this commit breaks libvirt lxc. this patch changes the behavior to bind these mounts when user namespace is enabled and move these mounts when user namespace is disabled. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
- 25 11月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
Don't do duplicate work when getting pagesize. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 21 11月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Most of our code base uses space after comma but not before; fix the remaining uses before adding a syntax check. * src/lxc/lxc_container.c: Consistently use commas. * src/openvz/openvz_driver.c: Likewise. * src/openvz/openvz_util.c: Likewise. * src/remote/remote_driver.c: Likewise. * src/test/test_driver.c: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 08 11月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
Currently we were storing domain feature flags in a bit field as the they were either enabled or disabled. New features such as paravirtual spinlocks however can be tri-state as the default option may depend on hypervisor version. To allow storing tri-state feature state in the same place instead of having to declare dedicated variables for each feature this patch refactors the bit field to an array.
-
- 05 11月, 2013 5 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the LXC container tries to skip selinux/securityfs mounts if the directory does not exist in the filesystem, or if SELinux is disabled. The former check is flawed because the /sys/fs/selinux or /sys/kernel/securityfs directories may exist in sysfs even if the mount type is disabled. Instead of just doing an access() check, use an virFileIsMounted() to see if the FS is actually present in the host OS. This also avoids the need to check is_selinux_enabled(). Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Some mounts must be skipped if running inside a user namespace, since the kernel forbids their use. Instead of strcmp'ing the filesystem type in the body of the loop, set an explicit flag in the lxcBasicMounts table. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the lxcBasicMounts array has separate entries for most mounts, to reflect that we must do a separate mount operation to make mounts read-only. Remove the duplicate entries and instead set the MS_RDONLY flag against the main entry. Then change lxcContainerMountBasicFS to look for the MS_RDONLY flag, mask it out & do a separate bind mount. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The 'srcpath' variable is initialized from 'mnt->src' and never changed thereafter. Some places continue to use 'mnt->src' and others use 'srcpath'. Remove the pointless 'srcpath' variable and use 'mnt->src' everywhere. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virLXCBasicMountInfo struct contains a 'char *opts' field passed onto the mount() syscall. Every entry in the list sets this to NULL though, so it can be removed to simplify life. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 29 10月, 2013 1 次提交
-
-
由 Gao feng 提交于
Introduced by commit 0f31f7b7. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 28 10月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
The lxcContainerSetID() method prints a misleading log message about setting the uid/gid when no ID map is present in the XML config. Skip the debug message in this case. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 14 10月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
The lxcContainerResolveSymlinks method merely logged some errors as debug messages, rather than reporting them as proper errors. This meant startup failures were not diagnosed at all. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure the lxcContainerMain method reports any errors that occur during setup to stderr, where libvirtd will pick them up. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 09 10月, 2013 1 次提交
-
-
由 Ján Tomko 提交于
Since 76b644c3 when the support for RAM filesystems was introduced, libvirt accepted the following XML: <source usage='1024' unit='KiB'/> This was parsed correctly and internally stored in bytes, but it was formatted as (with an extra 's'): <source usage='1024' units='KiB'/> When read again, this was treated as if the units were missing, meaning libvirt was unable to parse its own XML correctly. The usage attribute was documented as being in KiB, but it was not scaled if the unit was missing. Transient domains still worked, because this was balanced by an extra 'k' in the mount options. This patch: Changes the parser to use 'units' instead of 'unit', as the latter was never documented (fixing persistent domains) and some programs (libvirt-glib, libvirt-sandbox) already parse the 'units' attribute. Removes the extra 'k' from the tmpfs mount options, which is needed because now we parse our own XML correctly. Changes the default input unit to KiB to match documentation, fixing: https://bugzilla.redhat.com/show_bug.cgi?id=1015689
-
- 01 10月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
We forgot to do cleanup when lxcContainerMountFSTmpfs failed to bind fs as read-only. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 23 9月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
If a dir does not exist, raise an immediate error in logs rather than letting virFileResolveAllLinks fail, since this gives better error reporting to the user. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 12 9月, 2013 3 次提交
-
-
由 Gao feng 提交于
Right now we mount selinuxfs even user namespace is enabled and ignore the error. But we shouldn't ignore these errors when user namespace is not enabled. This patch skips mounting selinuxfs when user namespace enabled. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Daniel P. Berrange 提交于
If the guest is configured with <filesystem type='mount'> <source dir='/'/> <target dir='/'/> <readonly/> </filesystem> Then any submounts under / should also end up readonly, except for those setup as basic mounts. eg if the user has /home on a separate volume, they'd expect /home to be readonly, but we should not touch the /sys, /proc, etc dirs we setup ourselves. Users can selectively make sub-mounts read-write again by simply listing them as new mounts without the <readonly> flag set <filesystem type='mount'> <source dir='/home'/> <target dir='/home'/> </filesystem> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the array of basic mounts out of the lxcContainerMountBasicFS function, to a global variable. This is to allow it to be referenced by other methods wanting to know what the basic mount paths are. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 11 9月, 2013 1 次提交
-
-
由 Gao feng 提交于
Move the unmounting private or useless filesystems for container to this function. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-