- 30 10月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
We don't know enough about quality of external libraries used for non-UNIX transports, nor do we want to spawn external commands when setuid. Restrict to the bare minimum which is UNIX transport for local usage. Users shouldn't need to be running setuid if connecting to remote hypervisors in any case. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit e22b0232)
-
由 Daniel P. Berrange 提交于
Unconditional use of getenv is not secure in setuid env. While not all libvirt code runs in a setuid env (since much of it only exists inside libvirtd) this is not always clear to developers. So make all the code paranoid, even if it only ever runs inside libvirtd. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 1e4a02bd)
-
- 21 10月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt.so library has far too many library deps to allow linking against it from setuid programs. Those libraries can do stuff in __attribute__((constructor) functions which is not setuid safe. The virt-login-shell needs to link directly against individual files that it uses, with all library deps turned off except for libxml2 and libselinux. Create a libvirt-setuid-rpc-client.la library which is linked to by virt-login-shell. A config-post.h file allows this library to disable all external deps except libselinux and libxml2. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 3e2f27e1)
-
由 Daniel P. Berrange 提交于
The virConnectDomainXMLToNative API should require 'connect:write' not 'connect:read', since it will trigger execution of the QEMU binaries listed in the XML. Also make virConnectDomainXMLFromNative API require a full read-write connection and 'connect:write' permission. Although the current impl doesn't trigger execution of QEMU, we should not rely on that impl detail from an API permissioning POV. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 57687fd6)
-
- 24 9月, 2013 1 次提交
-
-
由 Giuseppe Scrivano 提交于
The new function virConnectGetCPUModelNames allows to retrieve the list of CPU models known by the hypervisor for a specific architecture. Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 17 9月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
virDomainSetMetadata when operating on the metadata element was requesting the @key argument to be passed even if @metadata was NULL used to delete the corresponding metadata element. This is not needed as the key is only used when adding the element and matching is done via the XML namespace.
-
- 13 9月, 2013 1 次提交
-
-
由 Eric Blake 提交于
An off-list bug report mentioned some confusion where the public documentation of libvirt.c:virConnectGetHostname did not match the private documentation of util/virutil.c:virGetHostname. * src/libvirt.c (virConnectGetHostname): Tweak docs. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 12 9月, 2013 1 次提交
-
-
由 Michal Novotny 提交于
This fixes the description of virConnectGetType() API function in API documentation to match the real functionality that it can be used to get driver name, and provide a hint on how to learn about full capabilities. Signed-off-by: NMichal Novotny <minovotn@redhat.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 11 9月, 2013 1 次提交
-
-
由 Oskari Saarenmaa 提交于
Signed-off-by: NOskari Saarenmaa <os@ohmu.fi> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 17 8月, 2013 1 次提交
-
-
由 Don Dugger 提交于
Currently the virConnectBaselineCPU API does not expose the CPU features that are part of the CPU's model. This patch adds a new flag, VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, that causes the API to explicitly list all features that are part of that model. Signed-off-by: NDon Dugger <donald.d.dugger@intel.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 12 8月, 2013 1 次提交
-
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=951637 Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer regarding initialization. Yet we were unconditionally initializing gcrypt even when gnutls wouldn't be using it, and having two crypto libraries linked into libvirt.so is pointless, but mostly harmless (it doesn't crash, but does interfere with certification efforts). There are three distinct version ranges to worry about when determining which crypto lib gnutls uses, per these gnutls mails: 2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html 3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html If pkg-config can prove version numbers and/or list the crypto library used for static linking, we have our proof; if not, it is safer (even if pointless) to continue to use gcrypt ourselves. * configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and define a witness WITH_GNUTLS_GCRYPT. * src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy) (virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl) (virGlobalInit): Honor the witness. * libvirt.spec.in (BuildRequires): Make gcrypt usage conditional, no longer needed in Fedora 19. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 26 7月, 2013 1 次提交
-
-
由 John Ferlan 提交于
Separation allows for dependent drivers to be make a connection during the AutoStart phase of state initialization.
-
- 22 7月, 2013 1 次提交
-
-
由 Philipp Hahn 提交于
The description seems to be copied from virNodeGetCpuState. Change wrong 'cpu' to 'memory'. Signed-off-by: NPhilipp Hahn <hahn@univention.de>
-
- 18 7月, 2013 2 次提交
-
-
由 Jiri Denemark 提交于
-
由 Daniel P. Berrange 提交于
With container based virt, it is useful to be able to pass pre-opened file descriptors to the container init process. This allows for containers to be auto-activated from incoming socket connections, passing the active socket into the container. To do this, introduce a pair of new APIs, virDomainCreateXMLWithFiles and virDomainCreateWithFiles, which accept an array of file descriptors. For the LXC driver, UNIX file descriptor passing will be used to send them to libvirtd, which will them pass them down to libvirt_lxc, which will then pass them to the container init process. This will only be implemented for LXC right now, but the design is generic enough it could work with other hypervisors, hence I suggest adding this to libvirt.so, rather than libvirt-lxc.so Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 16 7月, 2013 1 次提交
-
-
由 John Ferlan 提交于
Add new API in order to set the balloon memory driver statistics collection period in order to allow dynamic period adjustment for the virsh dommemstats to display balloon stats data
-
- 11 7月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 7月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 08 7月, 2013 1 次提交
-
-
由 Jiri Denemark 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=981139 If a domain is paused before migration starts, we need to tell that to the destination libvirtd to prevent it from resuming the domain at the end of migration. This regression was introduced by commit 5379bb0f.
-
- 25 6月, 2013 6 次提交
-
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
This patch introduces two new APIs virDomainMigrate3 and virDomainMigrateToURI3 that may be used in place of their older variants. These new APIs take optional migration parameters (such as bandwidth, domain XML, ...) in an array of virTypedParameters, which makes adding new parameters easier as there's no need to introduce new APIs whenever a new migration parameter needs to be added. Both APIs are backward compatible and will automatically use older migration calls in case the new calls are not supported as long as the typed parameters array does not contain any parameter which was not supported by the older calls.
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
This patch implements extensible variants of all internal migration APIs used for v3 migration.
-
由 Jiri Denemark 提交于
-
- 24 6月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
The access control checks in the 'connectOpen' driver method will require 'conn->driver' to be non-NULL. Set this before running the 'connectOpen' method and NULL-ify it again on failure. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This patch introduces the virAccessManagerPtr class as the interface between virtualization drivers and the access control drivers. The viraccessperm.h file defines the various permissions that will be used for each type of object libvirt manages Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 18 6月, 2013 2 次提交
-
-
由 Peter Krempa 提交于
This flag is meant for errors happening on the source of the migration and isn't used on the destination. To allow better migration compatibility, don't propagate it to the destination.
-
由 Osier Yang 提交于
-
- 10 6月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
This patch fixes changes done in commit 29c1e913 that was pushed without implementing review feedback. The flag introduced by the patch is changed to VIR_DOMAIN_VCPU_GUEST and documentation makes the difference between regular hotplug and this new functionality more explicit. The virsh options that enable the use of the new flag are changed to "--guest" and the documentation is fixed too.
-
- 07 6月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
This flag will allow to use qemu guest agent commands to disable (offline) and enable (online) processors in a live guest that has the guest agent running.
-
- 01 6月, 2013 1 次提交
-
-
由 Jiri Denemark 提交于
-
- 21 5月, 2013 1 次提交
-
-
由 Osier Yang 提交于
-
- 16 5月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Change the build process & driver initialization so that the VirtualBox driver is built into libvirtd, instead of libvirt.so This change avoids the VirtualBox GPLv2-only license causing compatibility problems with libvirt.so which is under the GPLv2-or-later license. NB this change prevents use of the VirtualBox driver on the Windows platform, until such time as libvirtd can be made to work there. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 15 5月, 2013 2 次提交
-
-
由 Christophe Fergeau 提交于
qemu-img resize will fail with "The new size must be a multiple of 512" if libvirt doesn't round it first. This fixes rhbz#951495 Signed-off-by: NChristophe Fergeau <cfergeau@redhat.com>
-
由 John Ferlan 提交于
-
- 11 5月, 2013 1 次提交
-
-
由 Laine Stump 提交于
These all existed before virfile.c was created, and for some reason weren't moved. This is mostly straightfoward, although the syntax rule prohibiting write() had to be changed to have an exception for virfile.c instead of virutil.c. This movement pointed out that there is a function called virBuildPath(), and another almost identical function called virFileBuildPath(). They really should be a single function, which I'll take care of as soon as I figure out what the arglist should look like.
-
- 10 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 09 5月, 2013 1 次提交
-
-
由 Osier Yang 提交于
Pushed under trivial rule
-
- 07 5月, 2013 1 次提交
-
-
由 Daniel Hansel 提交于
We have seen an issue on s390x platform where domain XMLs larger than 1MB were used. The define command was finished successfully. The dumpxml command was not successful (i.e. could not encode message payload). Enlarged message related sizes (e.g. maximum string size, message size, etc.) to handle larger system configurations used on s390x platform. To improve handling of the RPC message size the allocation during encode process is changed to a dynamic one (i.e. starting with 64kB initial size and increasing that size in steps up to 16MB if the payload data is larger). Signed-off-by: NDaniel Hansel <daniel.hansel@linux.vnet.ibm.com> Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-