1. 30 8月, 2012 1 次提交
    • D
      Fix configuration of QEMU security drivers · d0c0e79a
      Daniel P. Berrange 提交于
      If no 'security_driver' config option was set, then the code
      just loaded the 'dac' security driver. This is a regression
      on previous behaviour, where we would probe for a possible
      security driver. ie default to SELinux if available.
      
      This changes things so that it 'security_driver' is not set,
      we once again do probing. For simplicity we also always
      create the stack driver, even if there is only one driver
      active.
      
      The desired semantics are:
      
       - security_driver not set
           -> probe for selinux/apparmour/nop
           -> auto-add DAC driver
       - security_driver set to a string
           -> add that one driver
           -> auto-add DAC driver
       - security_driver set to a list
           -> add all drivers in list
           -> auto-add DAC driver
      
      It is not allowed, or possible to specify 'dac' in the
      security_driver config param, since that is always
      enabled.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      d0c0e79a
  2. 29 8月, 2012 14 次提交
  3. 28 8月, 2012 7 次提交
    • O
      conf: Fix the problem which cause libvirtd to crash · a22909d5
      Osier Yang 提交于
      * src/conf/domain_conf.c: Use STREQ_NULLABLE instead of STREQ,
      as def->seclables[i]->model could be NULL.
      a22909d5
    • M
      build: define 'inline' iff HAVE_LIBNL1 · 500c2468
      Michal Privoznik 提交于
      Previous commit 0b4b53bb defined 'inline' to prevent broken build on
      systems with libnl1 headers. However, it broke build on systems with
      libnl3 headers. Therefore we must make that fix conditional.
      500c2468
    • M
      docs: CPU allocation and pinning clarification · 3de747c9
      Martin Kletzander 提交于
      There was a request for clarifying this part of the
      documentation. This also fixes a case used with CPU.
      3de747c9
    • E
      build: work with older libnl1 headers · 0b4b53bb
      Eric Blake 提交于
      Ubuntu 10.04 shipped with out-of-the-box libnl1 headers, which
      assumed the old gcc semantics of 'extern inline' as a C89 extension:
      the function will _always_ be inline if it is used, and that
      it may be declared extern inline in headers without a definition,
      as long as the definition occurs before any use.  But when C99
      added 'extern inline' as a mandatory feature of the language, with
      slightly different semantics than gcc (the function MUST have
      external linkage, and the inline definition MUST be present
      alongside any declaration, where the compiler can then choose
      which of the two versions to use), this rendered the use of
      'inline' in libnl's header obsolete.  Most distros already solved
      this by removing 'inline' (the resulting 'extern' is correct,
      regardless of gcc semantics), and libnl-3 does not have the
      problem (where it has switched to 'static inline' instead, again
      with the definition present, and again, our hack will result in
      plain 'static' with no ill effects).  But for the case of building
      out of the box, we hack around the broken Ubuntu header.
      
      * src/util/virnetlink.h: Work around libnl issue.
      0b4b53bb
    • M
      qemu: Fix define logic · 9eee40cc
      Michal Privoznik 提交于
      With current flow in qemudDomainDefine we might lose data
      when updating an existing domain. We parse given XML and
      overwrite the configuration.  Then we try to save the new
      config. However, this step may fail and we don't perform any
      roll back.  In fact, we remove the domain from the list of
      domains held up by qemu driver. This is okay as long as the
      domain was brand new one.
      9eee40cc
    • M
      qemu_agent: Switch to virReportSystemError() on system error · 3e0cc630
      Michal Privoznik 提交于
      Currently, if a syscall in qemu_agent.c fails we report an internal
      error even though we should be reporting a system error.
      3e0cc630
    • M
      Introduce new VIR_ERR_AGENT_UNRESPONSIVE error code · aa3e8bd4
      Michal Privoznik 提交于
      Currently, when guest agent is configured but not responsive
      (e.g. due to appropriate service not running in the guest)
      we return VIR_ERR_INTERNAL_ERROR. Both are wrong. Therefore
      we need to introduce new error code to reflect this case.
      aa3e8bd4
  4. 27 8月, 2012 7 次提交
    • J
      conf: prevent NULL pointer access in virSecurityLabelDefsParseXML · 1fe6d219
      Ján Tomko 提交于
      When checking for seclabels without security models, def->nseclabels is
      already set to n. In the case of an error def->seclabels is freed but
      nseclabels is left untouched. This leads to a segmentation fault when
      def is freed in virDomainDefParseXML.
      1fe6d219
    • M
      qemu: Switch to unified func name · 661d7fb4
      Michal Privoznik 提交于
      With the latest patches libvirt supports qemu agent monitor
      passthrough. However, function in qemu driver is called
      qemuDrvDomainAgentCommand. s/Drv// as used in all other names.
      661d7fb4
    • G
      rpc: fix segmentation fault caused by null client-sock · 2b8624dd
      Guannan Ren 提交于
      The client-sock could have been set to NULL by eventloop thread
      after async event fired.
      2b8624dd
    • M
      qemu: fix regression with spice tls port allocation · 340196c4
      Martin Kletzander 提交于
      In my quest for reusing variables I failed to edit one variable when
      fixing details between two patch versions. That results in a failure
      to start qemu with autoport and spice tls, because qemu is trying to
      bind two sockets to the same port.
      340196c4
    • M
      qemu: fix regression with pinning · 16ebec2b
      Martin Kletzander 提交于
      Commit 4b03d591 changed the pinning
      behavior in a way that makes some machines non-startable.
      
      The comment mentioning that we cannot control each vcpu when there is
      not VCPU<-> PID mapping available is true, however, this isn't
      necessarily an error, because this can be caused by old QEMU without
      support for "query-cpus" command as well as a software emulated
      machines that don't create more than one process.
      16ebec2b
    • A
      virsh: fix missing return value · 34c5ab95
      Alex Jia 提交于
      Although virsh command raises a correct error information, the command status
      returns 0(true), this patch is used for fixing this issue.
      Signed-off-by: NAlex Jia <ajia@redhat.com>
      34c5ab95
    • L
      specfile: require libnl3 for Fedora >= 18 and RHEL >= 7 · e9aaf806
      Laine Stump 提交于
      Everything is ready in both netcf and libvirt to switch over to libnl3
      in future releases of both Fedora and RHEL. This needs to be done more
      or less simultaneously in both packages, though, because you can't mix
      libnl1.1 and libnl3 in the same process (e.g. libvirtd using
      libnl-3.so and libnetcf.so, while libnetcf.so uses libnl.so)
      
      This patch does two things when fedora >= 18 || rhel >= 7):
      
        1) requires libnl3-devel
        2) requires netcf-devel-0.2.2 or greater
      
      (the idea is that a similar patch is going into netcf's specfile, so
      that when a build of netcf is done on F18 or later (or RHEL7 or later)
      netcf will be guaranteed to be built with libnl3 rather than
      libnl-1.1)
      e9aaf806
  5. 26 8月, 2012 1 次提交
    • L
      build: add LIBNL_CFLAGS to build of libvirt_lxc · 9cb9cbee
      Laine Stump 提交于
      When libvirt_lxc is built, it uses the utility library and #includes
      virnetdev.h, which #includes virnetlink.h, which includes
      <netlink/msg.h>.
      
      Normally, the netlink include directory would be just off
      /usr/include, so that wouldn't create a problem, but on Fedora and
      RHEL systems using libnl3, the libnl includes have been moved into
      /usr/include/libnl3 (to allow concurrent installation of libnl-1.1).
      
      All other binaries that need it have added $(LIBNL_CFLAGS) to their
      CFLAGS, but not libvirt_lxc, so it fails to build on Fedora and RHEL
      that have only libnl3-devel installed. This was previously unnoticed
      because everyone was building with libnl headers in
      /usr/include/netlink (even on systems with the headers in
      /usr/include/libnl3/netlink, many people (like me) usually also have
      the libnl1.1 headers in /usr/include/netlink).
      
      This patch adds the necessary CFLAGS for libvirt_lxc.
      
      Note that we don't need to add $(LIBNL_LIBS) to the LDADD for this
      binary, because it never directly calls libnl functions, but only
      calls them indirectly through the util library, which it's already
      linking against.
      9cb9cbee
  6. 24 8月, 2012 10 次提交
    • E
      snapshot: rename an enum · 1385c9cd
      Eric Blake 提交于
      The name 'virDomainDiskSnapshot' didn't fit in with our normal
      conventions of using a prefix hinting that it is related to a
      virDomainSnapshotPtr.  Also, a future patch will reuse the
      enum for declaring where the VM memory is stored.
      
      * src/conf/snapshot_conf.h (virDomainDiskSnapshot): Rename...
      (virDomainSnapshotLocation): ...to this.
      (_virDomainSnapshotDiskDef): Update clients.
      * src/conf/domain_conf.h (_virDomainDiskDef): Likewise.
      * src/libvirt_private.syms (domain_conf.h): Likewise.
      * src/conf/domain_conf.c (virDomainDiskDefParseXML)
      (virDomainDiskDefFormat): Likewise.
      * src/conf/snapshot_conf.c: (virDomainSnapshotDiskDefParseXML)
      (virDomainSnapshotAlignDisks, virDomainSnapshotDefFormat):
      Likewise.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
      (qemuDomainSnapshotCreateSingleDiskActive)
      (qemuDomainSnapshotCreateDiskActive, qemuDomainSnapshotCreateXML):
      Likewise.
      1385c9cd
    • E
      snapshot: split snapshot conf code into own file · 6478ec16
      Eric Blake 提交于
      This has several benefits:
      1. Future snapshot-related code has a definite place to go (and I
      _will_ be adding some)
      2. Snapshot errors now use the VIR_FROM_DOMAIN_SNAPSHOT error
      classification, which has been underutilized (previously only in
      libvirt.c)
      
      * src/conf/domain_conf.h, domain_conf.c: Split...
      * src/conf/snapshot_conf.h, snapshot_conf.c: ...into new files.
      * src/Makefile.am (DOMAIN_CONF_SOURCES): Build new files.
      * po/POTFILES.in: Mark new file for translation.
      * src/vbox/vbox_tmpl.c: Update caller.
      * src/esx/esx_driver.c: Likewise.
      * src/qemu/qemu_command.c: Likewise.
      * src/qemu/qemu_domain.h: Likewise.
      6478ec16
    • E
      snapshot: make virDomainSnapshotObjList opaque · 3211deba
      Eric Blake 提交于
      We were failing to react to allocation failure when initializing
      a snapshot object list.  Changing things to store a pointer
      instead of a complete object adds one more possible point of
      allocation failure, but at the same time, will make it easier to
      react to failure now, as well as making it easier for a future
      patch to split all virDomainSnapshotPtr handling into a separate
      file, as I continue to add even more snapshot code.
      
      Luckily, there was only one client outside of domain_conf.c that
      was actually peeking inside the object, and a new wrapper function
      was easy.
      
      * src/conf/domain_conf.h (_virDomainObj): Use a pointer.
      (virDomainSnapshotObjListInit): Rename.
      (virDomainSnapshotObjListFree, virDomainSnapshotForEach): New
      declarations.
      (_virDomainSnapshotObjList): Move definitions...
      * src/conf/domain_conf.c: ...here.
      (virDomainSnapshotObjListInit, virDomainSnapshotObjListDeinit):
      Rename...
      (virDomainSnapshotObjListNew, virDomainSnapshotObjListFree): ...to
      these.
      (virDomainSnapshotForEach): New function.
      (virDomainObjDispose, virDomainListPopulate): Adjust callers.
      * src/qemu/qemu_domain.c (qemuDomainSnapshotDiscard)
      (qemuDomainSnapshotDiscardAllMetadata): Likewise.
      * src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotLoad)
      (qemuDomainUndefineFlags, qemuDomainSnapshotCreateXML)
      (qemuDomainSnapshotListNames, qemuDomainSnapshotNum)
      (qemuDomainListAllSnapshots)
      (qemuDomainSnapshotListChildrenNames)
      (qemuDomainSnapshotNumChildren)
      (qemuDomainSnapshotListAllChildren)
      (qemuDomainSnapshotLookupByName, qemuDomainSnapshotGetParent)
      (qemuDomainSnapshotGetXMLDesc, qemuDomainSnapshotIsCurrent)
      (qemuDomainSnapshotHasMetadata, qemuDomainRevertToSnapshot)
      (qemuDomainSnapshotDelete): Likewise.
      * src/libvirt_private.syms (domain_conf.h): Export new function.
      3211deba
    • P
      xen-xs: fix uuid of renamed domain · fbe7a883
      Philipp Hahn 提交于
      When the XenStore tdb lives persistently and is not cleared between host
      reboots, Xend (version 3.4 and 4.1) re-creates the domain information
      located in XenStore below /vm/$UUID. (According to the xen-3.2-commit
      hg265950e3df69 to fix a problem when locally migrating a domain to the
      host itself.)
      
      When doing so a version number is added to the UUID separated by one
      dash, which confuses xenStoreDomainIntroduced(): It iterates over all
      domains and tries to lookup all inactive domains using
      xenStoreDomainGetUUID(), which fails if the running domain is renamed:
      virUUIDParse() fails to parse the versioned UUID and the domain is
      flagged as missing. When this happens the function delays .2s and
      re-tries 20 times again, multiplied by the number of renamed VMs.
        14:48:38.878: 4285: debug : xenStoreDomainIntroduced:1354 : Some domains were missing, trying again
      
      This adds a significant delay:
        # time virsh list >/dev/null
        real    0m6.529s
        # xenstore-list /vm
        00000000-0000-0000-0000-000000000000
        00000000-0000-0000-0000-000000000000-1
        00000000-0000-0000-0000-000000000000-2
        00000000-0000-0000-0000-000000000000-3
        00000000-0000-0000-0000-000000000000-4
        00000000-0000-0000-0000-000000000000-5
        7c06121e-90c3-93d4-0126-50481d485cca
        00000000-0000-0000-0000-000000000000-6
        00000000-0000-0000-0000-000000000000-7
        144ad19d-dfb4-2f80-8045-09196bb8784f
        00000000-0000-0000-0000-000000000000-8
        144ad19d-dfb4-2f80-8045-09196bb8784f-1
        00000000-0000-0000-0000-000000000000-9
        00000000-0000-0000-0000-000000000000-10
        00000000-0000-0000-0000-000000000000-11
        00000000-0000-0000-0000-000000000000-12
        00000000-0000-0000-0000-000000000000-13
        00000000-0000-0000-0000-000000000000-14
        144ad19d-dfb4-2f80-8045-09196bb8784f-2
        00000000-0000-0000-0000-000000000000-15
        144ad19d-dfb4-2f80-8045-09196bb8784f-3
        00000000-0000-0000-0000-000000000000-16
      
      The patch adds truncation of the UUID as read from the XenStore path
      before passing it to virUUIDParse().
      
      The same issue is reported at
      <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666135>
      Signed-off-by: NPhilipp Hahn <hahn@univention.de>
      fbe7a883
    • M
      conf: Don't always require security/@model · 0ee655f5
      Michal Privoznik 提交于
      Only parse model, if static labelling, or
      a base label is set, or doing active XML.
      0ee655f5
    • M
      security: Add DAC to security_drivers · 9f9b7b85
      Michal Privoznik 提交于
      Currently, if users set 'security_driver="dac"' in qemu.conf libvirtd
      fails to initialize as DAC driver is not found because it is missing
      in our security drivers array.
      9f9b7b85
    • P
      libssh2_transport: Add docs to remote.html · 239c5d71
      Peter Krempa 提交于
      Describe the existence of the transport driver and document the
      configurable options.
      239c5d71
    • L
      nwfilter: don't log error if firewalld is disabled, improve diagnostics · e1602a76
      Laine Stump 提交于
      The original patch to support firewalld in nwfilter wasn't personally
      checking the exit status of firewall-cmd, but was instead sending NULL
      in the *exitstatus arg, which meant that virCommandWait would log an
      error just for the exit status being non-0 (and a "more scary than
      useful" error at that).
      
      We don't want to treat this as an error, though, just as a reason to
      use standard (ip|eb)tables commands instead of firewall-cmd.
      
      This patch modifies the virCommandRun in the nwfilter code to request
      status back from the caller. This avoids virCommandWait logging an
      error message, and allows the caller to do as it likes after examining
      the status.
      
      The VIR_DEBUG() logged when firewalld is enabled has also been
      reworded and changed to a VIR_INFO, and a similar VIR_INFO has been
      added in the case that firewalld is *not* found+enabled.
      e1602a76
    • L
      openvz: check the exitstatus of vzlist · 46dc6432
      Laine Stump 提交于
      I noticed this while auditing all calls to virCommandRun that request
      an exit status from virCommandRun. Two functions in the openvz driver
      
        openvzDomainGetBarrierLimit
        openvzDomainSetBarrierLimit
      
      request an exit status from virCommandRun (thus assuring that
      virCommandRun won't log any errors just due to a non-0 exit status),
      but then fail to examine that exit status. This could result in the
      functions believing that the call to "vzlist" was successful, even
      though it may have encountered an error.
      46dc6432
    • E
      qemu-agent: available in 0.10.0 · 352cbae8
      Eric Blake 提交于
      The recent virDomainQemuAgentCommand addition is part of 0.10.0;
      also, grouping all libvirt-qemu.so callbacks together makes them
      easier to identify.
      
      * src/libvirt_qemu.syms: Fix release symbol.
      * src/qemu/qemu_driver.c (qemuDriver): Likewise.
      * src/remote/remote_driver.c (remote_driver): Likewise.
      * src/driver.h (_virDriver): Group qemu-specific callbacks.
      352cbae8