You need to sign in or sign up before continuing.
- 09 8月, 2019 5 次提交
-
-
由 Daniel P. Berrangé 提交于
The remote daemon tries to print out its help text in a couple of giant blocks of text. This has already lead to duplication of the text for the privileged vs unprivileged execution mode. With the introduction of more daemons, this text is going to be duplicated many more times with small variations. This is very unfriendly to translators as they have to translate approximately the same text many times with small tweaks. Splitting the text up into individual strings to print means that each piece will only need translating once. It also gets rid of all the layout information from the translated strings, so avoids the problem of translators breaking formatting by mistake. Reviewed-by: NChristophe de Dinechin <dinechin@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Instead of each subdir containing its own custom rule for checking the augeas tests, use common rule for all. The new rule searches both src + build dirs for include files, since some augeas files will be auto-generated very shortly. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The current make rules are inconsistent about which directory the augeas test files are created in. Put them all in the same dir as their source. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
We already have a variable that lists all augeas test files, so we can add everything to CLEANFILES at once. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The augeas-gentest.pl program merges a config file into a augeas file, saving the output to a new file. It is going to be useful to further process the output file, and it would be easier if this can be done with a pipeline, so change augeas-gentest.pl to write to stdout instead of a file. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 07 8月, 2019 2 次提交
-
-
由 Daniel P. Berrangé 提交于
Now that 100% of libvirt code is forbidden in a SUID environment, we no longer need to worry about whether env variables are trustworthy or not. The virt-login-shell setuid program, which does not link to any libvirt code, will purge all environment variables, except $TERM, before invoking the virt-login-shell-helper program which uses libvirt. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Now that none of the libvirt.so code will ever run in a setuid context, we can remove the virIsSUID() method. The global initializer function can just inline the check itself. The new inlined check is slightly stronger as it also looks for a setgid situation. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 06 8月, 2019 1 次提交
-
-
由 Jim Fehlig 提交于
The xencommons service provides all the essential services such as xenstored, xenconsoled, etc. needed by the libvirt Xen driver, so libvirtd should be started after xencommons. The xendomains service uses Xen's xl tool to operate on any domains it finds running, even those managed by libvirt. Add a conflicts on the xendomains service to ensure it is not enabled when libvirtd is enabled. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 31 7月, 2019 1 次提交
-
-
由 Eric Blake 提交于
I messed up formatting during conflict resolution across rebasing while preparing my checkpoint patches :) Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 27 7月, 2019 1 次提交
-
-
由 Eric Blake 提交于
The remote code generator had to be taught about the new virDomainCheckpointPtr type, at which point the remote driver code for checkpoints can be generated. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 19 7月, 2019 2 次提交
-
-
由 Daniel P. Berrangé 提交于
Shutting down the daemon after 30 seconds of being idle is a little bit too aggressive. Especially when using 'virsh' in single-shot mode, as opposed to interactive shell mode, it would not be unusual to have more than 30 seconds between commands. This will lead to the daemon shutting down and starting up between a series of commands. Increasing the shutdown timer to 2 minutes will make it less likely that the daemon will shutdown while the user is in the middle of a series of commands. Reviewed-by: NJim Fehlig <jfehlig@suse.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Instead of having each caller pass in the desired logfile name, pass in the binary name instead. The logging code can then just derive a logfile name by appending ".log". Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 12 7月, 2019 6 次提交
-
-
由 Daniel P. Berrangé 提交于
Certain libvirtd.conf settings are not honoured when using systemd socket activation. Certain systemd unit file settings must match those defined in libvirtd.conf for systemd socket activation to work with systemd version < 227, otherwise libvirtd cannot determine which inherited FD to use for which service. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Since we have socket activation available now, we can let the system libvirtd exit when it is idle. This allows it to still do autostart when the host boots up, but when nothing was started it will quickly exit again until some mgmt app connects to the socket. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
We don't do socket activation of libvirtd, since we need to unconditionally start libvirtd in order to perform autostart. This doesn't mean we can't have systemd socket units. Some use cases will not need libvirt's autostart & are thus free to use activation. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The current libvirtd code for systemd socket activation assumes socket FDs are passed in the order unix-rw, unix-ro, unix-admin. There is in fact no ordering guarantee made by systemd. Applications are expected to check the address or name associated with each FD to figure out its identity. This rewrites libvirtd to make use of the new systemd activation APIs to make it robust wrt socket ordering changes. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The virtlogd config is set to rollover logs every 2 MB. Normally a logrotate config file is also installed to handle cases where virtlogd is disabled. This is set to rollover weekly with no size constraint. As a result logrotate can interfere with virtlogd's, rolling over files that virtlogd has already taken care of. This changes logrotate configs to rollover based on a max size constraint of 2 MB + 1 byte. When virtlogd is running the log files will never get this large, making logrotate a no-op. If the user changes the size in virtlogd's config to something larger, they are responsible for also changing the logrotate config suitably. The LXC/libxl drivers don't use virtlogd, but there logrotate config is altered to match the QEMU driver config, for the sake of consistency. Reviewed-by: NJim Fehlig <jfehlig@suse.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 06 7月, 2019 3 次提交
-
-
由 Daniel P. Berrangé 提交于
The 'tty' variable is only used on Win32. Instead of just annotating it with ATTRIBUTE_UNUSED, make its declaration conditional on WIN32 so that it is clear why it is not used. Reviewed-by: NFabiano Fidêncio <fidencio@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Simplify the clean code paths for doRemoteOpen by using VIR_AUTOFREE Reviewed-by: NFabiano Fidêncio <fidencio@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The doRemoteOpen method was a little unusual in declaring a bunch of local variables in the middle of the function. Move them to the top as it is normal libvirt style. Reviewed-by: NFabiano Fidêncio <fidencio@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 04 7月, 2019 3 次提交
-
-
由 Pino Toscano 提交于
Mention libssh as possible transport in the error message of an unrecognized transport. https://bugzilla.redhat.com/show_bug.cgi?id=1727013Signed-off-by: NPino Toscano <ptoscano@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Peter Krempa 提交于
The constant is not unused and breaks the build of the remote driver. This reverts commit 86fbce56. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Daniel P. Berrangé 提交于
The LIBVIRTD_CONFIGURATION_FILE constant was introduced in commit b7c42619 Author: Richard W.M. Jones <rjones@redhat.com> Date: Mon Jun 11 11:43:41 2007 +0000 Mon Jun 11 12:41:00 BST 2007 Richard W.M. Jones <rjones@redhat.com> and then never used ! Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 03 7月, 2019 2 次提交
-
-
由 Daniel P. Berrangé 提交于
The LIBVIRTD_CONFIG and LIBVIRTD_NOFILES_LIMIT parameters were only honoured when using the sysvinit scripts. This was removed already in commit 912fe2df Author: Andrea Bolognani <abologna@redhat.com> Date: Fri Mar 15 16:47:27 2019 +0100 Drop support for "Red Hat" init scripts so the parameters can safely be dropped. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The sysvinit script was previously removed in commit 912fe2df Author: Andrea Bolognani <abologna@redhat.com> Date: Fri Mar 15 16:47:27 2019 +0100 Drop support for "Red Hat" init scripts A make rule was accidentally left behind. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 21 6月, 2019 4 次提交
-
-
由 Daniel P. Berrangé 提交于
We currently refuse to connect to remote libvirtd over SSH if we see the path ends in /session. Earlier on though we checked for /session and set the VIR_DRV_OPEN_REMOTE_USER flag. There is one subtle distinction though with the test driver. All test URIs are marked with this flag, regardless of whether the URI indicates a local or remote connection. Previously a local connection to the test driver would have used the unprivileged libvirtd while a remote connection would have tried the privileged libvirtd. With this we are consistent and use the unprivileged for both local & remote, if the current user is non-root. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Currently the VIR_DRV_OPEN_REMOTE_USER flag is only set when we identify that we're connecting to a local libvirtd daemon. We would like to be able to set that even if connecting to a remote libvirtd daemon. This entails refactoring the conditional check. One subtle change is that the VIR_DRV_OPEN_REMOTE_USER is now set when the test+XXX:// URI is used, even if a servername is present. This has no effect in this patch, but will later. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Libvirtd has long had integration with avahi for advertising libvirtd using mDNS when TCP/TLS listening is enabled. For a long time the virt-manager application had support for auto-detecting libvirtds on the local network using mDNS, but this was removed last year commit fc8f8d5d7e3ba80a0771df19cf20e84a05ed2422 Author: Cole Robinson <crobinso@redhat.com> Date: Sat Oct 6 20:55:31 2018 -0400 connect: Drop avahi support Libvirtd can advertise itself over avahi. The feature is disabled by default though and in practice I hear of no one actually using it and frankly I don't think it's all that useful The 'Open Connection' wizard has a disproportionate amount of code devoted to this feature, but I don't think it's useful or worth maintaining, so let's drop it I've never heard of any other applications having support for using mDNS to detect libvirtd instances. Though it is theoretically possible something exists out there, it is clearly going to be a niche use case in the virt ecosystem as a whole. By removing avahi integration we can cut down the dependency chain for the basic libvirtd install and reduce our code maint burden. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The unprivileged libvirtd daemon switched to use the XDG dir layout in the 0.9.13 release, and included code for moving config files from the old location. The chances of someone upgrading libvirt from <= 0.9.12 directly to libvirt >= 5.5.0 is close enough to zero that we can reasonably drop the back compat code. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 20 6月, 2019 1 次提交
-
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 19 6月, 2019 2 次提交
-
-
由 Jonathon Jongsma 提交于
Signed-off-by: NJonathon Jongsma <jjongsma@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Daniel P. Berrangé 提交于
The libvirtd.conf file has a comment pointing people to format.html which has nothing todo with the configuration file format. It also has a comment about tests/daemon-conf which no longer exists, and even if it did exist such comment is not relevant to end users when this file is installed in /etc/. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 17 6月, 2019 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Define the wire protocol for the virNetworkPort APIs and enable the client/server RPC dispatch. Reviewed-by: NLaine Stump <laine@laine.org> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 12 4月, 2019 3 次提交
-
-
由 Andrea Bolognani 提交于
Vim has trouble figuring out the filetype automatically because the name doesn't follow existing conventions; annotations like the ones we already have in Makefile.ci help it out. Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Andrea Bolognani 提交于
A bunch of files include src/rpc/virnetsaslcontext.h, which in turn includes <sasl/sasl.h>, and without the corresponding CFLAGS the compiler can't locate the latter if it happens to be installed outside of the default include path as is the case, for example, on FreeBSD. Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Cole Robinson 提交于
Standardize on putting the _LAST enum value on the second line of VIR_ENUM_IMPL invocations. Later patches that add string labels to VIR_ENUM_IMPL will push most of these to the second line anyways, so this saves some noise. Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
- 11 4月, 2019 2 次提交
-
-
由 Daniel P. Berrangé 提交于
Getting the guest time and hostname both require use of guest agent commands. These must not be allowed for read-only users, so the permissions check must validate "write" permission not "read". Fixes CVE-2019-3886 Reviewed-by: NJim Fehlig <jfehlig@suse.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Pavel Hrdina 提交于
The only place where we have extra empty comment line. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 10 4月, 2019 1 次提交
-
-
由 Peter Krempa 提交于
This reverts commit a5e16020. Getting rid of unistd.h from our headers will require more work than just fixing the broken mingw build. Revert it until I have a more complete proposal. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-