- 23 3月, 2018 22 次提交
-
-
由 Daniel P. Berrangé 提交于
The libvirtd daemon has some arbitrary logic to drop privileges, but only on Solaris platforms. This was added during Xen days, when Xen was the only driver running in libvirtd. There's no expectation or testing that this works with the new libxl stack, nor whether dropping privileges breaks any of the secondary drivers. Finally, we'll be splitting drivers out into their own independant daemons, so this won't be applicable to libvirtd in future anyway. The remote driver client meanwhile arbitrarily disables daemon auto-spawn when connecting as non-root, breaking a key feature of libvirt unprivileged connections. Since we've not had any contributions for Solaris since circa 2012 and we don't do any CI testing we should consider this platform unmaintained and thus reasonable to remove this cruft. If someone steps forward to maintain Solaris again, this code would need re-evaluating to come up with something more targetted. There's various __sun conditionals in the Xen driver code, but those are not touched. This is all for the legacy Xen driver, which will be entirely removed at some point in future, so not benefit to hacking out just the Solaris parts. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1558317 Similarly to b133fac3 we need to look up alias of CCID controller when constructing smartcard command line instead of relying on broken assumption it will always be 'ccid0'. After user aliases it can be anything. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 John Ferlan 提交于
Starting with commit id 'fab9d6e1' the formatting of: { "command-name", QEMU_CAPS_NAME }, was altered to: { "command-name", QEMU_CAPS_NAME}, and then commit id 'e2b05c9a' altered that to: { "command-name", QEMU_CAPS_NAME} So, let's just fix that up to make things consistent with the rest of the structures. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Peter Krempa 提交于
There is no such function in our code. Commit abca72fa added it spuriously. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
The 'simple' monitor tests were quite useless, since the code did not even check whether the correct command was called. This patch uses the QAPI schema validator to validate that the arguments are in format according to the schema. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Add infrastructure that will allow testing schema of the commands we pass to the fake monitor object, so that we can make sure that it actually does something. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Prepare for testing of the schema of used commands by changing few arguments to values which will not be rejected. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Add a function which will allow to test whether a JSON object conforms to the QAPI schema. This greatly helps when developing formatters for new JSON objects and will help make sure that the code will not break in cases which have unit tests but were actually not function-tested (mostly various disk access protocols). Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Add the QAPI schema (returned by 'query-qmp-schema' command) which will be used for QAPI schema testing in upcoming patches. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
virQEMUQAPISchemaTraverse would return previous-to-last queried item on a query. It would not be a problem if checking if the given path exists since error reporting works properly but if the caller is interested in the result, it would be wrong. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
The JSON array was processed to the hash table used by the query apis in the monitor code. Move it to a new helper in qemu_qapi.c. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Change the prefix of the functions to 'virQEMUQapi' and rename the two public APIs so that the verb is put last. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Extract the code into qemu_qapi.c/h so that we separate it from various parts of the code. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
Most other buffer APIs tolerate the buffer being NULL. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Prafull 提交于
The code that calls VIR_WARN after a function fails, doesn't report the error message raised by the failing function. Such error messages are now reported in lxc/lxc_driver.c Signed-off-by: NPrafullkumar Tale <talep158@gmail.com>
-
由 Pavel Hrdina 提交于
libvirt-dbus is a new binding that wraps libvirt API into D-Bus calls. Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Daniel P. Berrangé 提交于
Most of the augeas test files use ::CONFIG:: to pull in the master config file for testing. This ensures that entries added to the config file are actually tested by augeas. This identified the missing admin_max_clients example in the virtlogd config file, which in turn prompted a change in description of the max_clients parameter, since these daemons don't have separate readonly & readwrite sockets. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The global log buffer feature was deleted in: commit c0c8c1d7 Author: Daniel P. Berrange <berrange@redhat.com> Date: Mon Mar 3 14:54:33 2014 +0000 Remove global log buffer feature entirely A earlier commit changed the global log buffer so that it only records messages that are explicitly requested via the log filters setting. This removes the performance burden, and improves the signal/noise ratio for messages in the global buffer. At the same time though, it is somewhat pointless, since all the recorded log messages are already going to be sent to an explicit log output like syslog, stderr or the journal. The global log buffer is thus just duplicating this data on stderr upon crash. The log_buffer_size config parameter is left in the augeas lens to prevent breakage for users on upgrade. It is however completely ignored hereafter. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> This was in the 1.2.3 release, and 4 years is sufficient time for a graceful upgrade path for augeas, so all remaining traces are now removed. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Christian Ehrhardt 提交于
So far the virt-aa-helper tests only checked the return code and thereby catched aborts like issues failing to parse the XML. But there is one category of virt-aa-helper issues so far untested - not generating the expected rule. This adds a basic grep based checks after each test to match against the rule that is expected to be added by the test. Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Katerina Koukiou 提交于
Adding this for completeness Signed-off-by: NKaterina Koukiou <kkoukiou@redhat.com>
-
- 22 3月, 2018 16 次提交
-
-
由 Christian Ehrhardt 提交于
nvdimm memory is backed by a path on the host. This currently works only via hotplug where the AppArmor label is created via the domain label callbacks. This adds the virt-aa-helper support for nvdimm memory devices to generate rules for the needed paths from the initial guest definition as well. Example in domain xml: <memory model='nvdimm'> <source> <path>/tmp/nvdimm-base</path> </source> <target> <size unit='KiB'>524288</size> <node>0</node> </target> </memory> Works to start now and creates: "/tmp/nvdimm-base" rw, Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Christian Ehrhardt 提交于
Input devices can passthrough an event device. This currently works only via hotplug where the AppArmor label is created via the domain label callbacks. This adds the virt-aa-helper support for passthrough input devices to generate rules for the needed paths from the initial guest definition as well. Example in domain xml: <input type='passthrough' bus='virtio'> <source evdev='/dev/input/event0' /> </input> Works to start now and creates: "/dev/input/event0" rw, Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Christian Ehrhardt 提交于
d8116b5a "security: Introduce functions for input device hot(un)plug" implemented the code (Set|Restore)InputLabel for several security modules, this patch adds an AppArmor implementation for it as well. That fixes hot-plugging event input devices by generating a rule for the path that needs to be accessed. Example hot adding: <input type='passthrough' bus='virtio'> <source evdev='/dev/input/event0' /> </input> Creates now: "/dev/input/event0" rwk, Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1755153Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Christian Ehrhardt 提交于
Recent changes have made implementing this mandatory to hot add any memory. Implementing this in apparmor fixes this as well as allows hot-add of nvdimm tpye memory with an nvdimmPath set generating a AppArmor rule for that path. Example hot adding: <memory model='nvdimm'> <source> <path>/tmp/nvdimm-test</path> </source> <target> <size unit='KiB'>524288</size> <node>0</node> </target> </memory> Creates now: "/tmp/nvdimm-test" rwk, Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1755153Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Michal Privoznik 提交于
The set of arguments was changed a long time ago (040d9963 which dates back to July 2013) but the corresponding documentation was not updated. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NLaine Stump <laine@laine.org>
-
由 Michal Privoznik 提交于
The flags passed to virCommandPassFD() are unnamed and documentation to this function doesn't list them either. Give them name and mention it in documentation to functions using them. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NLaine Stump <laine@laine.org>
-
由 Jim Fehlig 提交于
Also describe a possible side-affect due to changes in the default (unspecified) value from 1000 to 256. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Jim Fehlig 提交于
Long ago in commit dfa1e1dd the scheduler weight was accidentally hardcoded to 1000. Weight is a setting with no unit since it is relative to the weight of other domains. If no weight is specified, libxl defaults to 256. Instead of hardcoding the weight to 1000, honor any <shares> specified in <cputune>. libvirt's notion of shares is synonomous to libxl's scheduler weight setting. If shares is unspecified, defer default weight setting to libxl. Removing the hardcoded weight required some test fixup. While at it, add an explicit test for <shares> conversion to scheduler weight. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Jim Fehlig 提交于
Inspired by commit ffb7954f to improve readability of the libxl migration APIs. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Jim Fehlig 提交于
Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Jim Fehlig 提交于
In libxlDomainMigrationPrepare it is possible to dereference a NULL libxlDomainObjPrivatePtr in early error paths. Check for a valid 'priv' before using it. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Jim Fehlig 提交于
Similar to other uses of virDomainObjListAdd, on success add a ref to the virDomainObj so that virDomainObjEndAPI can be called as usual. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Jim Fehlig 提交于
If starting the domain fails in libxlDomainCreateXML, we mistakenly jumped to cleanup without calling libxlDomainObjEndJob. Remove the jump to 'cleanup'. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Jim Fehlig 提交于
Most libxl driver API use the pattern of lock and add a ref to virDomainObj, perform API, then decrement ref and unlock in virDomainEndAPI. In some cases the API may call virDomainObjListRemove, which unlocks the virDomainObj. Relock the object in such cases so EndAPI is called with a locked object. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Andrea Bolognani 提交于
The QEMU binary is compiled from the v2.12.0-rc0 tag. Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Andrea Bolognani 提交于
We're going to use the same test case to exercise all optional pSeries features, so a more generic name is needed. Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 21 3月, 2018 2 次提交
-
-
由 Daniel P. Berrangé 提交于
The https:// protocol is much more reliably usable than git:// when faced with unreasonably strict firewalls. The libvirt.org web server is now setup to support the smart https:// protocol, which is just as fast as git://, so change all the docs to use https:// Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The gitorious.org service went away a long time ago now, and our main download.html page tells people where all the official mirrors are for every component. Meanwhile telling people about CVS is a bad joke in 2018, and the CVS server no longer exists on libvirt.org Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-