- 18 12月, 2012 9 次提交
-
-
由 Daniel P. Berrange 提交于
When LXC labels USB devices during hotplug, it is running in host context, so it needs to pass in a vroot path to the container root. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virSecurityManager{Set,Restore}AllLabel methods are invoked at domain startup/shutdown to relabel resources associated with a domain. This works fine with QEMU, but with LXC they are in fact both currently no-ops since LXC does not support disks, hostdevs, or kernel/initrd files. Worse, when LXC gains support for disks/hostdevs, they will do the wrong thing, since they run in host context, not container context. Thus this patch turns then into a formal no-op when used with LXC. The LXC controller will call out to specific security manager labelling APIs as required during startup. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The code for creating veth/macvlan devices is part of the LXC process startup code. Refactor this a little and export the methods to the rest of the LXC driver. This allows them to be reused for NIC hotplug code Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The <hostdev> device type has long had a redundant "mode" attribute, which has always been "subsys". This finally introduces a new mode "capabilities", which will be used by the LXC driver for device assignment. Since container based virtualization uses a single kernel, the idea of assigning physical PCI devices doesn't make sense. It is still reasonable to assign USB devices, but for assigning arbitrary nodes in /dev, the new 'capabilities' mode is to be used. The first capability support is 'storage', which is for assignment of block devices. Functionally this is really pretty similar to the <disk> support. The only difference is the device node name is identical in both host and container namespaces. <hostdev mode='capabilities' type='storage'> <source> <block>/dev/sdf1</block> </source> </hostdev> The second capability support is 'misc', which is for assignment of character devices. There is no existing parallel to this. Again the device node is the same inside & outside the container. <hostdev mode='capabilities' type='misc'> <source> <char>/dev/input/event3</char> </source> </hostdev> The reason for keeping the char & storage devices separate in the domain XML, is to mirror the split in the node device XML. NB the node device XML does not yet report character devices, but that's another new patch to come Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Viktor Mihajlovski 提交于
Test cases for virSysinfoRead. Initially, there are tests for x86 (DMI based) and s390 (/proc/... based). In lack of PPC data, I have stubbed out the test for it, but it can be added with a minimal effort. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-
由 Viktor Mihajlovski 提交于
There was a double free issue caused by virSysinfoRead on s390, as the same manufacturer string instance was assigned to more than one processor record. Cleaned up other potential memory issues and restructured the sysinfo parsing code by moving repeating patterns into a helper function. The restructuring made it necessary to conditionally disable -Wlogical-op for some older GCC versions, using pragma GCC diagnostic. This is a GCC specific pragma, which is acceptable, since we're using it to work around a GCC specific bug. Finally, added a function virSysinfoSetup to configure the sysinfo data source files/script during run time, to facilitate writing test programs. This function is not published in sysinfo.h and only there for testing. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-
由 Viktor Mihajlovski 提交于
Some older versions of GCC report a false positive on code like char * haystack, needle; strchr(haystack, needle); Added an extra check in configure.ac which will #define BROKEN_GCC_WLOGICALOP 1 in this case, allowing to special handle "offending" code. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-
由 Peter Krempa 提交于
-
由 Peter Krempa 提交于
This patch simplifies the code that parses the fallback and vendor_id attributes from the domain xml cpu definition. Changes done: - free temp variables in the cleanup section instead of local use - remove checking for presence of the attribute to directly getting the value (saving call to virXPathBoolean) - replace loop used to check for ',' in the vendor_id string with strchr
-
- 17 12月, 2012 9 次提交
-
-
由 Peter Krempa 提交于
The field was not freed from the cpu definition.
-
由 Ken ICHIKAWA 提交于
This patch fixes a problem that vendor_id attribute can not be defined when fallback attribute is not defined. If I define domain xml like below: <domain> <cpu> <model vendor_id='aaaabbbbcccc'>core2duo</model> </cpu> </domain> In dumpxml, vendor_id is not reflected: <domain> <cpu mode='custom' match='exact'> <model fallback='allow'>core2duo</model> </cpu> </domain> The expected output is: <domain> <cpu mode='custom' match='exact'> <model fallback='allow' vendor_id='aaaabbbbcccc'>core2duo</model> </cpu> </domain> If the fallback attribute and vendor_id attribute is defined at the same time, it's reflected as expected. Signed-off-by: NKen ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
-
由 Daniel P. Berrange 提交于
The current SELinux policy only works for KVM guests, since TCG requires the 'execmem' privilege. There is a 'virt_use_execmem' boolean to turn this on globally, but that is unpleasant for users. This changes libvirt to automatically use a new 'svirt_tcg_t' context for TCG based guests. This obsoletes the previous boolean tunable and makes things 'just work(tm)' Since we can't assume we run with new enough policy, I also make us log a warning message (once only) if we find the policy lacks support. In this case we fallback to the normal label and expect users to set the boolean tunable Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Peter Krempa 提交于
-
由 Guannan Ren 提交于
The testcase is for testing non-fixed PCI address for primary video device and using video args to -deivce qemu option.
-
由 Guannan Ren 提交于
'-device VGA' maps to '-vga std' '-device cirrus-vga' maps to '-vga cirrus' '-device qxl-vga' maps to '-vga qxl' (there is also '-device qxl' for secondary devices) '-device vmware-svga' maps to '-vga vmware' For qemu(>=1.2), we can use -device to replace -vga for video device. For the primary video device, the patch tries to use 0x2 slot for matching old qemu. If the 0x2 slot is allocated already, the addr property could help for using any available slot. For qemu(< 1.2), we keep using -vga for primary device.
-
由 Guannan Ren 提交于
If there are multiple video devices primary = 'yes' marks this video device as the primary one. The rest are secondary video devices. No more than one could be mark as primary. If none of them has primary attribute, the first one will be the primary by default like what it was. The reason of this changing is that for qemu, only one primary video device is permitted which can be of any type. For secondary video devices, only qxl is allowd. Primary attribute removes the restriction that the first have to be the primary one. We always put the primary video device into the first position of video device structure array after parsing.
-
由 Guannan Ren 提交于
QEMU_CAPS_DEVICE_QXL -device qxl QEMU_CAPS_DEVICE_VGA -device VGA QEMU_CAPS_DEVICE_CIRRUS_VGA -device cirrus-vga QEMU_CAPS_DEVICE_VMWARE_SVGA -device vmware-svga QEMU_CAPS_DEVICE_VIDEO_PRIMARY /* safe to use -device XXX for primary video device */ Fix a typo in qemuCapsObjectTypes, the string 'qxl' here should be -device qxl rather than -vga [...|qxl|..]
-
由 Daniel Veillard 提交于
- configure.ac docs/news.html.in: update for the release - po/*.po: updated from transifex
-
- 15 12月, 2012 4 次提交
-
-
由 Eric Blake 提交于
Noticed these while building on FreeBSD. * src/qemu/qemu_monitor.c (qemuMonitorBlockInfoLookup): Rename variable to avoid 'devname' collision. * src/qemu/qemu_driver.c (qemuDomainInterfaceStats): Mark unused variable.
-
由 Roman Bogorodskiy 提交于
This adds an implementation of virNetSocketGetUNIXIdentity() using LOCAL_PEERCRED socket option and xucred struct, defined in <sys/ucred.h> on systems that have it.
-
由 Laine Stump 提交于
A forgotten "!" in recently-modified code at the top of networkRefreshDaemon() meant an improper early return, which led to 1) dnsmasq config files not being updated from the newly modified config, and 2) dnsmasq not being sent a SIGHUP so that it could learn about the changes to the config. virNetworkDefGetIpByIndex() returns NULL if there are no ip objects of the requested type, and if there are no IP elements, then dnsmasq shouldn't be running, so we can return early. Otherwise we should rewrite the config files and send a SIGHUP.
-
由 Guido Günther 提交于
since compilation breaks otherwise with older libsanlock.
-
- 14 12月, 2012 13 次提交
-
-
由 Eric Blake 提交于
As detected in https://bugzilla.redhat.com/show_bug.cgi?id=887187 * docs/formatdomain.html.in: Fix XML typos.
-
由 Michal Privoznik 提交于
Currently, if sanlock is already registering a lockspace other libvirtd instances (from other hosts) obtain -EINPROGRESS. On sufficiently new sanlock, sanlock_inq_lockspace() is called, which suspend execution until lockspace state is changed. With current libvirt implementation, we fail to retry adding the lockspace again but continue in error path. Therefore we produce meaningless error message: virLockManagerSanlockSetupLockspace:363 : Unable to add lockspace /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__: Success qemudLoadDriverConfig:558 : Failed to load lock manager sanlock We should try to re-add the lockspace after its state change to be sure it was added successfully. In fact, with sufficiently new sanlock we can just avoid dummy usleep() which is used if there's no inquire API.
-
由 Eric Blake 提交于
The virtlockd daemon scripts were lousy, when compared to their counterparts in daemon/Makefile.am. In particular, when init scripts were selected, this resulted in 'make distcheck' failing due to failure to clean up src/virtlockd.init. * src/Makefile.am (install-systemd): Fix dependencies. Use MKDIR_P. (uninstall-systemd): Remove empty directory. Use fewer processes. (install-init, install-sysconfig): Use MKDIR_P. (uninstall-init): Remove correct file, and also empty directory. (uninstall-sysconfig): Remove empty directory. (DISTCLEANFILES): Clean up trivially built sources.
-
由 Michał Łomnicki 提交于
For a unprivileged user libvirt.conf and auth.conf are looked up in $XDG_CONFIG_HOME but the docs incorrectly state that it's $XDG_CONFIG_DIR.
-
由 Laine Stump 提交于
When a network device's bridge connection is changed by virDomainUpdateDevice, libvirt first removes the netdev's tap from its old bridge, then adds it to the new bridge. Sometimes, due to a network being destroyed while a guest device is still attached, the tap may already be "removed" from the old bridge (or the old bridge may not even exist any more); the existing code was needlessly failing the update when this happened, making it impossible to recover from the situation without completely detaching (i.e. removing) the netdev from the guest and re-attaching. Instead of failing the entire operation when removal of the tap from the old bridge fails, this patch changes qemuDomainChangeNetBridge to just log a warning and continue, allowing a reasonable recover from the situation. (you'll appreciate this change if you ever accidentally destroy a network while your guests are still using it).
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
With sanlock enabled, only one of those files was installed.
-
由 Eric Blake 提交于
* src/Makefile.am (libvirt.syms): Let cat loop for us.
-
由 Ján Tomko 提交于
In the case of an OOM error in virDomainDefGetSecurityLabelDef, secdef is set to NULL, then dereferenced while printing the debug message.
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Laine Stump 提交于
This patch resolves the problem reported in: https://bugzilla.redhat.com/show_bug.cgi?id=886663 The source of the problem was the fix for CVE 2011-3411: https://bugzilla.redhat.com/show_bug.cgi?id=833033 which was originally committed upstream in commit 753ff83a. That commit improperly removed the "--except-interface lo" from dnsmasq commandlines when --bind-dynamic was used (based on comments in the latter bug). It turns out that the problem reported in the CVE could be eliminated without removing "--except-interface lo", and removing it actually caused each instance of dnsmasq to listen on localhost on port 53, which created a new problem: If another instance of dnsmasq using "bind-interfaces" (instead of "bind-dynamic") had already been started (or if another instance started later used "bind-dynamic"), this wouldn't have any immediately visible ill effects, but if you tried to start another dnsmasq instance using "bind-interfaces" *after* starting any libvirt networks, the new dnsmasq would fail to start, because there was already another process listening on port 53. (Subsequent to the CVE fix, another patch changed the network driver to put dnsmasq options in a conf file rather than directly on the dnsmasq commandline, but preserved the same options.) This patch changes the network driver to *always* add "except-interface=lo" to dnsmasq conf files, regardless of whether we use bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances are listening on localhost (and the CVE is still fixed). The actual code change is miniscule, but must be propogated through all of the test files as well.
-
由 Jiri Denemark 提交于
$(srcdir) is already part of $$file since commit f1f9a7ac.
-
- 13 12月, 2012 5 次提交
-
-
由 Ján Tomko 提交于
For non-default connections (specified by the environment variable or the command line option) we call virConnectOpenAuth without registering the vshCatchDisconnect callback. This calls vshReconnect instead which takes care of it.
-
由 Ján Tomko 提交于
Since we (ab)use vshReconnect for the default URI connection, if it fails it might print 'Failed to reconnect to the hypervisor' even if we were never connected before. This changes it to only mention reconnection on the first try after getting disconnected.
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
The default lockd driver behavour is to acquire leases directly on the disk files. This introduces an alternative mode, where leases are acquire indirectly on a file that is based on a SHA256 hash of the disk filename. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-