- 24 6月, 2019 1 次提交
-
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit aed6a032) Signed-off-by: NJán Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit 12a51f37 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 04 10月, 2016 1 次提交
-
-
由 Martin Kletzander 提交于
If this reminds you of a commit message from around a year ago, it's 41c2aa72 and yes, we're dealing with "the same thing" again. Or f309db1f and it's similar. There is a logic in place that if there is no real need for memory-backend-file, qemuBuildMemoryBackendStr() returns 0. However that wasn't the case with hugepage backing. The reason for that was that we abused the 'pagesize' variable for storing that information, but we should rather have a separate one that specifies whether we really need the new object for hugepage backing. And that variable should be set only if this particular NUMA cell needs special treatment WRT hugepages. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372153Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 4372a7845acbc6974f6027ef68e7dd3eeb47f425)
-
- 02 8月, 2016 6 次提交
-
-
由 Daniel Veillard 提交于
* docs/news.html.in: updated for release * po/*.po*: regenerated
-
由 Daniel Veillard 提交于
This reverts commit 6a408011. release of 2.1.0 need to go first
-
由 Yuri Chornoivan 提交于
-
由 Erik Skultety 提交于
Once the SASL authentication process has successfully passed, we should also save the SASL username used to client's identity, so that when a client like virt-admin tries to obtain it, the server will actually format the username to the response data. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Erik Skultety 提交于
When commit 4a0e9108 added a support for client information retrieval, it made the API return SASL identity info only for clients connected remotely, yet SASL can be happily used with UNIX sockets as well. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Martin Kletzander 提交于
When wiping a volume we just rewrite all the data of the volume, not only the content. Since format gets overridden, we need to recreate the volume. However we can't do that for every possible format out there. Since it was only coded for the ploop volume type, let's document what might be the consequences instead of forbidding it for every other format out there. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868771Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 01 8月, 2016 6 次提交
-
-
由 Boris Fiuczynski 提交于
The panic devices with models s390 and pseries are autogenerated. For backwards compatibility reasons the devices are to be removed when migrating. Signed-off-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
The only function that we currently use from glib is g_sprintf(). That's a very big gun for such small target. Not only that, but we've silently relied on wireshark dragging in the glib. Replace the g_sprintf() with plain sprinf() so that we can drop the glib dependency. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Nikolay Shirokovskiy 提交于
This patch reflects cases when <interface> element and its <source> subelement for network type are formated based on actual type resolved from referenced network instead of original one. networkAllocateActualDevice and virDomainActualNetDefContentsFormat are taken as reference.
-
由 Nikolay Shirokovskiy 提交于
-
由 Sascha Silbe 提交于
Ever since virDomainCreateWithFlags() was introduced by de3aadaa [drivers: add virDomainCreateWithFlags if virDomainCreate exists], the domain ID retrieved with virDomainGetID() was incorrect for several drivers after virDomainCreateWithFlags() was called. The API consumer had to look up the domain anew to retrieve the correct ID. For the ESX driver, this was fixed in 6139b274 [esx: Update ID after starting a domain]. For the openvz driver, it was fixed in fd81a097 [openvzDomainCreateWithFlags: set domain id to the correct value]. The test driver, the OpenNebula driver (removed in the meantime) and the vbox driver were already updating the domain ID correctly in domainCreate(). Copy over the ID in qemuDomainCreateWithFlags() to fix this for the qemu driver, too. Fixes: de3aadaa ("drivers: add virDomainCreateWithFlags if virDomainCreate exists") Reported-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> Signed-off-by: NSascha Silbe <silbe@linux.vnet.ibm.com> Tested-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
-
由 Peter Krempa 提交于
==2064442== 200 (88 direct, 112 indirect) bytes in 1 blocks are definitely lost in loss record 54 of 73 ==2064442== at 0x4C2E0F0: calloc (vg_replace_malloc.c:711) ==2064442== by 0x18E75B80: virAllocVar (viralloc.c:560) ==2064442== by 0x18EC43B0: virObjectNew (virobject.c:193) ==2064442== by 0x18EC476E: virObjectLockableNew (virobject.c:219) ==2064442== by 0x1906BC73: virSecurityManagerNewDriver (security_manager.c:93) ==2064442== by 0x1906C076: virSecurityManagerNewStack (security_manager.c:115) ==2064442== by 0x43CC39: qemuTestDriverInit (testutilsqemu.c:548) ==2064442== by 0x4337ED: mymain (qemumonitorjsontest.c:2440) ==2064442== by 0x43BABE: virTestMain (testutils.c:982) ==2064442== by 0x43A490: main (qemumonitorjsontest.c:2558)
-
- 29 7月, 2016 2 次提交
-
-
由 Michal Privoznik 提交于
Consider the following XML snippet: <memory model=''> <target> <size unit='KiB'>523264</size> <node>0</node> </target> </memory> Whats wrong you ask? The @model attribute. This should result in an error thrown into users faces during virDomainDefine phase. Except it doesn't. The XML validation catches this error, but if users chose to ignore that, they will end up with invalid XML. Well, they won't be able to start the machine - that's when error is produced currently. But it would be nice if we could catch the error like this earlier. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Erik Skultety 提交于
The original name 'admin_uri_default' was introduced to our code by commit dbecb87f. However, at that time we already had a separate config file for admin library but the commit mentioned above didn't properly adjust the config's option name. The result is that when we're loading the config, we check a non-existent config option (there's not much to do with the URIs anyway, since we only allow local connection). Additionally, virt-admin's man page documents, that the default URI can be altered by setting admin_uri_default option. So the fix proposed by this patch leaves the libvirt-admin.conf as is and adjusts the naming in the code as well as in the virt-admin's man page. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
- 28 7月, 2016 13 次提交
-
-
由 Michal Privoznik 提交于
In wireshark commit bbdd89b9 (contained in 2.1.0 release) they have changed prototype of dissector function. Now it returns number of bytes consumed by the dissector, and can get a pointer to user specified data (which we don't use). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 John Ferlan 提交于
The virJSONValueObjectCreate only consumes the object on success, so on failure we must free - from commit id 'f4441017' (found by Coverity).
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1356436 Commit id '56057900' altered the discovery of iSCSI node targets by using the "--op nonpersistent". This caused issues for clean environments or if by chance a "-m node -o delete" was executed. Since each iSCSI Storage Pool has the required iSCSI target path, use that and the virISCSINodeNew API in order to generate the iSCSI node record.
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1356436 According to RFC 3721 (https://www.ietf.org/rfc/rfc3721.txt), there are two ways to "discover" targets in/for the iSCSI environment. Discovery is the process which allows the initiator to find the targets to which it has access and at least one address at which each target may be accessed. The method currently implemented in libvirt using the virISCSIScanTargets API is known as "SendTargets" discovery. This method is more useful when the target IP Address and TCP port information are available, e.g. in libvirt terms the "portal". It returns a list of targets for the portal. From that list, the target can be found. This operation can also fill an iSCSI node table into which iSCSI logins may occur. Commit id '56057900' altered that filling by adding the "--op nonpersistent" since it was not necessarily desired to perform that for non libvirt related targets. The second method is "Static Configuration". This method not only needs the IP Address and TCP port (e.g. portal), but also the iSCSI target name. In libvirt terms this would be the device path field from the iSCSI pool <source> XML. This patch implements the second methodology using that required device path as the targetname.
-
由 Erik Skultety 提交于
Since commit 834c5720 which extracted the generic functionality out of virsh and made it available for other clients like virt-admin to make use of it, it also introduced a bug when it renamed the original VIRSH_ environment variables to VSH_ variables. Virt-admin of course suffers from the same bug, so this patch modifies the generic module vsh.c to construct the correct name for environment variables of each client from information it has. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1357363Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Erik Skultety 提交于
Well, the reason behind this change is that if the function is extended in some way that e.g. would involve allocation we do not have a way of telling it to the caller. More specifically, vshInitDebug only relies on some hardcoded environment variables (by a mistake) that aren't documented anywhere so neither virsh's nor virt-admin's documented environment variables take effect. One possible solution would be duplicate the code for each CLI client or leave the method be generic and provide means that it could figure out, which client called it, thus initializing the proper environment variables but that could involve operations that might as well fail in certain circumstances and the caller should know that an error occurred. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Michal Privoznik 提交于
My compiler identified some variables that were set, but never actually used. For instance, opts_required, and data_acomplete. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
This function tries to look up desired option for a given parsed command. Upon successful return it also stores option position into passed *opt_index. Now, this variable is type of int, even though it is never ever used to store negative value. Moreover, the variable is set from a local variable which is type of size_t. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This previous commit commit cd9fcc8b Author: Michal Privoznik <mprivozn@redhat.com> Date: Wed Jul 27 16:58:32 2016 +0200 libvirt.spec.in: Adapt to newest wireshark plugindir Adapted the libvirt spec for wireshark >= 2.1.0 but this ignored the fact that we enable wireshark from Fedora 21 and 2.1.0 was only added in Fedora 24 Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The current LUKS support has a "luks" volume type which has a "luks" encryption format. This partially makes sense if you consider the QEMU shorthand syntax only requires you to specify a format=luks, and it'll automagically uses "raw" as the next level driver. QEMU will however let you override the "raw" with any other driver it supports (vmdk, qcow, rbd, iscsi, etc, etc) IOW the intention though is that the "luks" encryption format is applied to all disk formats (whether raw, qcow2, rbd, gluster or whatever). As such it doesn't make much sense for libvirt to say the volume type is "luks" - we should be saying that it is a "raw" file, but with "luks" encryption applied. IOW, when creating a storage volume we should use this XML <volume> <name>demo.raw</name> <capacity>5368709120</capacity> <target> <format type='raw'/> <encryption format='luks'> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccd2f80d6f'/> </encryption> </target> </volume> and when configuring a guest disk we should use <disk type='file' device='disk'> <driver name='qemu' type='raw'/> <source file='/home/berrange/VirtualMachines/demo.raw'/> <target dev='sda' bus='scsi'/> <encryption format='luks'> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccd2f80d6f'/> </encryption> </disk> This commit thus removes the "luks" storage volume type added in commit 318ebb36 Author: John Ferlan <jferlan@redhat.com> Date: Tue Jun 21 12:59:54 2016 -0400 util: Add 'luks' to the FileTypeInfo The storage file probing code is modified so that it can probe the actual encryption formats explicitly, rather than merely probing existance of encryption and letting the storage driver guess the format. The rest of the code is then adapted to deal with VIR_STORAGE_FILE_RAW w/ VIR_STORAGE_ENCRYPTION_FORMAT_LUKS instead of just VIR_STORAGE_FILE_LUKS. The commit mentioned above was included in libvirt v2.0.0. So when querying volume XML this will be a change in behaviour vs the 2.0.0 release - it'll report 'raw' instead of 'luks' for the volume format, but still report 'luks' for encryption format. I think this change is OK because the storage driver did not include any support for creating volumes, nor starting guets with luks volumes in v2.0.0 - that only since then. Clearly if we change this we must do it before v2.1.0 though. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Refactor the virStorageFileMatchesNNN methods so that they don't take a struct FileFormatInfo parameter, but instead get the actual raw dat items they needs. This will facilitate reuse in other contexts. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 27 7月, 2016 11 次提交
-
-
由 Michal Privoznik 提交于
In the old days, when wireshark plugin was introduced it was installed under /usr/lib64/wireshark/plugins/$VERSION/ while with wireshark-2.1.0 this path has changed just to /usr/lib64/wireshark/plugins. We should teach our spec file about this change. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
So, when building wireshark plugin, we get the plugindir variable from the wireshark.pc as well as prefix. Then we replace the prefix in the plugindir with our own prefix where libvirt is building to: plugindir="${prefix}${plugindir#ws_prefix}" However, as you can see, there's '$' missing in front of the ws_prefix variable. This results in the mangled plugindir, for instance like this: plugindir='/usr/usr/lib64/wireshark/plugins' Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Derbyshev Dmitry 提交于
To collect all balloon statistics for all guests it was necessary to make several libvirt requests. Now it's possible to get all balloon statiscs via single connectGetAllDomainStats call. Signed-off-by: NDerbyshev Dmitry <dderbyshev@virtuozzo.com>
-
由 Derbyshev Dmitry 提交于
Is necessary to call it from other contexts, such as qemuDomainGetStatsBalloon. Signed-off-by: NDerbyshev Dmitry <dderbyshev@virtuozzo.com>
-
由 Pavel Hrdina 提交于
This fixes commit 200a40f9 which introduced 'last-update' timestamp. Signed-off-by: NDerbyshev Dmitry <dderbyshev@virtuozzo.com> Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
This fixes commit 65bf0446 which introduced 'usable' stat. Signed-off-by: NDerbyshev Dmitry <dderbyshev@virtuozzo.com> Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Derbyshev Dmitry 提交于
Description for existing balloon stats was missing for dommemstat. Signed-off-by: NDerbyshev Dmitry <dderbyshev@virtuozzo.com>
-
由 Erik Skultety 提交于
There's been a forgotten fragment (copy-paste error probably) in the virt-admin's man page referring the reader to our web page on how to construct URIs in case of remote access, which sort of implies that we support it which we don't at the moment, so better remove that. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Prasanna Kumar Kalever 提交于
To allow using failover with gluster it's necessary to specify multiple volume hosts. Add support for starting qemu with such configurations. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
To allow richer definitions of disk sources add infrastructure that will allow to register functionst generating a JSON object based definition. This infrastructure will then convert the definition to the proper command line syntax and use it in cases where it's necessary. This will allow to keep legacy definitions for back-compat when possible and use the new definitions for the configurations requiring them.
-
由 Peter Krempa 提交于
Add support for converting objects nested in arrays with a numbering discriminator on the command line. This syntax is used for the object-based specification of disk source properties.
-