1. 19 7月, 2013 12 次提交
    • J
      d327ac53
    • J
      util: Non-existent string array does not contain any string · 09e9f281
      Jiri Denemark 提交于
      Make virStringArrayHasString return false when called on a non-existent
      string array.
      09e9f281
    • E
      security: fix deadlock with prefork · bfc183c1
      Eric Blake 提交于
      Attempts to start a domain with both SELinux and DAC security
      modules loaded will deadlock; latent problem introduced in commit
      fdb3bde3 and exposed in commit 29fe5d74.  Basically, when recursing
      into the security manager for other driver's prefork, we have to
      undo the asymmetric lock taken at the manager level.
      
      Reported by Jiri Denemark, with diagnosis help from Dan Berrange.
      
      * src/security/security_stack.c (virSecurityStackPreFork): Undo
      extra lock grabbed during recursion.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      bfc183c1
    • D
      Change s/i/iv/ in test code to avoid syntax-check · a81eb0b4
      Daniel P. Berrange 提交于
      The code parsing VIR_TEST_RANGE mistakenly used 'unsigned int i'
      which violated syntax-check rules
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      a81eb0b4
    • D
      Allow test cases to be run selectively · ab92ae33
      Daniel P. Berrange 提交于
      When debugging a failing test with many test cases, it is useful
      to be able to skip most tests. Introducing a new environment
      variable VIR_TEST_RANGE=N-M enables execution of only the test
      cases numbered N-M inclusive, starting from 1.
      
      For example, to skip all the cgroup tests except 2
      
      $ VIR_TEST_RANGE=2-3 VIR_TEST_DEBUG=1 ./vircgrouptest
      TEST: vircgrouptest
       2) New cgroup for driver                                             ... Unexpected found LXC cgroup: 1
      libvirt: Cgroup error : Failed to create controller cpu for group: No such file or directory
      FAILED
       3) New cgroup for domain driver                                      ... Cannot find LXC cgroup: 1
      libvirt: Cgroup error : Failed to create controller cpu for group: No such file or directory
      FAILED
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      ab92ae33
    • E
      maint: update to latest gnulib · ac0852c7
      Eric Blake 提交于
      Upstream gnulib recently patched a bug in bootstrap, for projects
      that use a different name than build-aux for a subdirectory.  We
      don't, but it doesn't hurt to update.
      
      * .gnulib: Update, for bootstrap fix.
      * bootstrap: Sync to upstream.
      * bootstrap.conf: Match upstream bug fix.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ac0852c7
    • M
      autogen: Handle case when libvirt's submodule · 5cfe0d37
      Michal Privoznik 提交于
      Currently, in the autogen.sh script we check whether .git is an existing
      directory in which case bootstrap is run. However, if libvirt is a
      submodule, then the .git is just a file (with reference to the topmost
      .git directory). However, our submodule routines work well. So there's
      no real reason why we should prohibit users to build libvirt from
      submodule.
      5cfe0d37
    • E
      maint: split long lines in Makefiles · d21d40bf
      Eric Blake 提交于
      Makefiles are another easy file to enforce line limits.
      
      Mostly straightforward; interesting tricks worth noting:
      src/Makefile.am: $(confdir) was already defined, use it in more places
      tests/Makefile.am: path_add and VG required some interesting compression
      
      * cfg.mk (sc_prohibit_long_lines): Add another test.
      * Makefile.am: Fix offenders.
      * daemon/Makefile.am: Likewise.
      * docs/Makefile.am: Likewise.
      * python/Makefile.am: Likewise.
      * src/Makefile.am: Likewise.
      * tests/Makefile.am: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      d21d40bf
    • E
      security_dac: compute supplemental groups before fork · 29fe5d74
      Eric Blake 提交于
      Commit 75c12564 states that virGetGroupList must not be called
      between fork and exec, then commit ee777e99 promptly violated
      that for lxc's use of virSecurityManagerSetProcessLabel.  Hoist
      the supplemental group detection to the time that the security
      manager needs to fork.  Qemu is safe, as it uses
      virSecurityManagerSetChildProcessLabel which in turn uses
      virCommand to determine supplemental groups.
      
      This does not fix the fact that virSecurityManagerSetProcessLabel
      calls virSecurityDACParseIds calls parseIds which eventually
      calls getpwnam_r, which also violates fork/exec async-signal-safe
      safety rules, but so far no one has complained of hitting
      deadlock in that case.
      
      * src/security/security_dac.c (_virSecurityDACData): Track groups
      in private data.
      (virSecurityDACPreFork): New function, to set them.
      (virSecurityDACClose): Clean up new fields.
      (virSecurityDACGetIds): Alter signature.
      (virSecurityDACSetSecurityHostdevLabelHelper)
      (virSecurityDACSetChardevLabel, virSecurityDACSetProcessLabel)
      (virSecurityDACSetChildProcessLabel): Update callers.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      29fe5d74
    • E
      security: framework for driver PreFork handler · fdb3bde3
      Eric Blake 提交于
      A future patch wants the DAC security manager to be able to safely
      get the supplemental group list for a given uid, but at the time
      of a fork rather than during initialization so as to pick up on
      live changes to the system's group database.  This patch adds the
      framework, including the possibility of a pre-fork callback
      failing.
      
      For now, any driver that implements a prefork callback must be
      robust against the possibility of being part of a security stack
      where a later element in the chain fails prefork.  This means
      that drivers cannot do any action that requires a call to postfork
      for proper cleanup (no grabbing a mutex, for example).  If this
      is too prohibitive in the future, we would have to switch to a
      transactioning sequence, where each driver has (up to) 3 callbacks:
      PreForkPrepare, PreForkCommit, and PreForkAbort, to either clean
      up or commit changes made during prepare.
      
      * src/security/security_driver.h (virSecurityDriverPreFork): New
      callback.
      * src/security/security_manager.h (virSecurityManagerPreFork):
      Change signature.
      * src/security/security_manager.c (virSecurityManagerPreFork):
      Optionally call into driver, and allow returning failure.
      * src/security/security_stack.c (virSecurityDriverStack):
      Wrap the handler for the stack driver.
      * src/qemu/qemu_process.c (qemuProcessStart): Adjust caller.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      fdb3bde3
    • G
      Use AC_LINK_IFELSE · c5d79fb0
      Guido Günther 提交于
      instead of the deprecated AC_TRY_LINK
      c5d79fb0
    • E
      tests: split long lines · 684c90bf
      Eric Blake 提交于
      Long lines are harder to read and harder to diff; in fact, if lines get
      too long (> 1000 bytes), it starts causing issues where git send-email
      refuses to send patches for the file.  I've cleaned up the tests
      directory in the past (see commits bd6c46fa, 3b750d13), but new long
      lines have been introduced in the meantime.
      
      Why 90 instead of 80? Because there were too many tests on the fringe
      edge, and I didn't want to edit that many files.
      
      Add a syntax check to prevent future long lines.
      
      * cfg.mk (sc_prohibit_long_lines): New rule.
      * tests/qemuxml2argvdata/qemuxml2argv-*.args: Split lines of any
      file with content longer than 90 columns.
      * tests/storagevolxml2argvdata/*.argv: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      684c90bf
  2. 18 7月, 2013 28 次提交