1. 03 2月, 2012 9 次提交
    • O
      Replace TAB with white spaces · f0495ae9
      Osier Yang 提交于
      f0495ae9
    • J
      lxc: Fix build with AppArmor · b24ed37f
      Jiri Denemark 提交于
      b24ed37f
    • A
      conf: Plug memory on virDomainDiskDefParseXML · d166cf76
      Alex Jia 提交于
      Detected by valgrind. Leak is introduced in commit 397e6a70.
      
      * src/conf/domain_conf.c(virDomainDiskDefParseXML): fix memory leak.
      
      How to reproduce?
      % make -C tests check TESTS=qemuxml2argvtest
      % cd tests && valgrind -v --leak-check=full ./qemuxml2argvtest
      
      * Actual result:
      
      ==16352== 4 bytes in 1 blocks are definitely lost in loss record 12 of 147
      ==16352==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
      ==16352==    by 0x39D90A67DD: xmlStrndup (xmlstring.c:45)
      ==16352==    by 0x4E83D5: virDomainDiskDefParseXML (domain_conf.c:2894)
      ==16352==    by 0x4F542D: virDomainDefParseXML (domain_conf.c:7626)
      ==16352==    by 0x4F8683: virDomainDefParseNode (domain_conf.c:8390)
      ==16352==    by 0x4F904E: virDomainDefParse (domain_conf.c:8340)
      ==16352==    by 0x41C626: testCompareXMLToArgvHelper (qemuxml2argvtest.c:105)
      ==16352==    by 0x41DED1: virtTestRun (testutils.c:142)
      ==16352==    by 0x418172: mymain (qemuxml2argvtest.c:486)
      ==16352==    by 0x41D5C7: virtTestMain (testutils.c:697)
      ==16352==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
      Signed-off-by: NAlex Jia <ajia@redhat.com>
      d166cf76
    • D
      Set a security context on /dev and /dev/pts mounts · 5df67cdc
      Daniel P. Berrange 提交于
      To allow the container to access /dev and /dev/pts when under
      sVirt, set an explicit mount option. Also set a max size on
      the /dev mount to prevent DOS on memory usage
      
      * src/lxc/lxc_container.c: Set /dev mount context
      * src/lxc/lxc_controller.c: Set /dev/pts mount context
      5df67cdc
    • D
      Add support for sVirt in the LXC driver · 0f01192e
      Daniel P. Berrange 提交于
      For the sake of backwards compat, LXC guests are *not*
      confined by default. This is because it is not practical
      to dynamically relabel containers using large filesystem
      trees. Applications can create confined containers though,
      by giving suitable XML configs
      
      * src/Makefile.am: Link libvirt_lxc to security drivers
      * src/lxc/libvirtd_lxc.aug, src/lxc/lxc_conf.h,
        src/lxc/lxc_conf.c, src/lxc/lxc.conf,
        src/lxc/test_libvirtd_lxc.aug: Config file handling for
        security driver
      * src/lxc/lxc_driver.c: Wire up security driver functions
      * src/lxc/lxc_controller.c: Add a '--security' flag to
        specify which security driver to activate
      * src/lxc/lxc_container.c, src/lxc/lxc_container.h: Set
        the process label just before exec'ing init.
      0f01192e
    • D
      Add two new security label types · b170eb99
      Daniel P. Berrange 提交于
      Curently security labels can be of type 'dynamic' or 'static'.
      If no security label is given, then 'dynamic' is assumed. The
      current code takes advantage of this default, and avoids even
      saving <seclabel> elements with type='dynamic' to disk. This
      means if you temporarily change security driver, the guests
      can all still start.
      
      With the introduction of sVirt to LXC though, there needs to be
      a new default of 'none' to allow unconfined LXC containers.
      
      This patch introduces two new security label types
      
       - default:  the host configuration decides whether to run the
                   guest with type 'none' or 'dynamic' at guest start
       - none:     the guest will run unconfined by security policy
      
      The 'none' label type will obviously be undesirable for some
      deployments, so a new qemu.conf option allows a host admin to
      mandate confined guests. It is also possible to turn off default
      confinement
      
        security_default_confined = 1|0  (default == 1)
        security_require_confined = 1|0  (default == 0)
      
      * src/conf/domain_conf.c, src/conf/domain_conf.h: Add new
        seclabel types
      * src/security/security_manager.c, src/security/security_manager.h:
        Set default sec label types
      * src/security/security_selinux.c: Handle 'none' seclabel type
      * src/qemu/qemu.conf, src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
        src/qemu/libvirtd_qemu.aug: New security config options
      * src/qemu/qemu_driver.c: Tell security driver about default
        config
      b170eb99
    • D
      Re-add domain device seclabel parsing / formatting · 87c39f0e
      Daniel P. Berrange 提交于
      This re-introduces parsing & formatting for per device seclabels.
      There is a new virDomainDeviceSeclabelPtr struct and corresponding
      APIs for parsing/formatting.
      87c39f0e
    • D
      Revert changes to sec label parsing · ae6135bf
      Daniel P. Berrange 提交于
      Revert parsing changes:
      
        commit 302fe95f
        Author: Eric Blake <eblake@redhat.com>
        Date:   Wed Jan 4 16:01:24 2012 -0700
      
          seclabel: fix regression in libvirtd restart
      
        commit b4343293
        Author: Eric Blake <eblake@redhat.com>
        Date:   Thu Dec 22 17:47:50 2011 -0700
      
          seclabel: allow a seclabel override on a disk src
      
      These two commits changed the sec label parsing code so that
      the same code dealt with both the VM level sec label, and the
      per device label. Unfortunately, as we add more options to the
      VM level sec label, the logic required to use the same parsing
      code for the per device label becomes unintelligible.
      
      * src/conf/domain_conf.c: Remove support for parsing per
        device sec labels
      ae6135bf
    • D
      Add detail to documentation on storage pools and volumes. · e68f22ae
      Dave Allan 提交于
      The storage pools page contains details about the capabilities of the
      various pool types, but not an overview of how they are intended to be
      used.  This patch adds some explanation of what pools and volumes can
      be used for and why an administrator might want to use them.
      e68f22ae
  2. 02 2月, 2012 16 次提交
    • A
      virsh: Plug memory leak on cmdUndefine · 6152c745
      Alex Jia 提交于
      Detected by valgrind. Leak is introduced in commit 3bb6bcfc.
      
      Free 'vol' memory before allocating memory, the codes will miss one time
      free when 'vol_i = nvolumes' in for loop, so plug memory leak.
      
      * tools/virsh.c: fix memory leak on cmdUndefine.
      
      * How to reproduce?
      % dd if=/dev/null of=/var/lib/libvirt/images/foo bs=1 count=1 seek=10M
      % virsh define foo.xml                   (disk source file points to '/var/lib/libvirt/images/foo')
      % virsh vol-clone foo foo-clone default  (the original guest name is 'foo')
      % virsh pool-refresh default
      % virsh vol-list default                 (make sure 'foo-clone' volume exists)
      % virsh define foo-clone.xml             (disk source file points to '/var/lib/libvirt/images/foo-clone')
      % valgrind -v --leak-check=full virsh undefine foo-clone --remove-all-storage
      
      * Actual results:
      
      1. virsh output
      Domain foo-clone has been undefined
      Volume '/var/lib/libvirt/images/foo-clone' removed.
      
      error: Failed to disconnect from the hypervisor, 1 leaked reference(s)
      
      2. valgrind result
      
      ==6515== 92 (40 direct, 52 indirect) bytes in 1 blocks are definitely lost in loss record 46 of 69
      ==6515==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
      ==6515==    by 0x4C89B71: virAlloc (memory.c:101)
      ==6515==    by 0x4CFCACE: virGetStorageVol (datatypes.c:724)
      ==6515==    by 0x4D4A8E0: remoteStorageVolLookupByPath (remote_driver.c:4664)
      ==6515==    by 0x4D07153: virStorageVolLookupByPath (libvirt.c:12508)
      ==6515==    by 0x4270E6: cmdUndefine (virsh.c:2828)
      ==6515==    by 0x4151B6: vshCommandRun (virsh.c:17693)
      ==6515==    by 0x4264D3: main (virsh.c:19270)
      ==6515==
      ==6515== LEAK SUMMARY:
      ==6515==    definitely lost: 40 bytes in 1 blocks
      
      RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=786674Signed-off-by: NAlex Jia <ajia@redhat.com>
      6152c745
    • M
      02ee8745
    • P
      tests: dynamically replace dnsmasq path · 22ec6000
      Philipp Hahn 提交于
      The path to the dnsmasq binary can be configured while in the test data
      the path is hard-coded to /usr/bin/. This break the test suite if a the
      binary is located in a different location, like /usr/local/sbin/.
      
      Replace the hard coded path in the test data by a token, which is
      dynamically replaced in networkxml2argvtest with the configured path
      after the test data has been loaded.
      
      (Another option would have been to modify configure.ac to generate the
       test data during configure, but I do not know of an easy way do trick
       configure into mass-generate those test files without listing every
       single one, which I consider less flexible.)
      
      - unit-test the unit-test:
        #include <assert.h>
        #define TEST(in,token,rep,out) { char *buf = strdup(in); assert(!replaceTokens(&buf, token, rep) && !strcmp(buf, out)); free(buf); }
        TEST("", "AA", "B", "");
        TEST("A", "AA", "B", "A");
        TEST("AA", "AA", "B", "B");
        TEST("AAA", "AA", "B", "BA");
        TEST("AA", "AA", "BB", "BB");
        TEST("AA", "AA", "BBB", "BBB");
        TEST("<AA", "AA", "B", "<B");
        TEST("<AA", "AA", "BB", "<BB");
        TEST("<AA", "AA", "BBB", "<BBB");
        TEST("AA>", "AA", "B", "B>");
        TEST("AA>", "AA", "BB", "BB>");
        TEST("AA>", "AA", "BBB", "BBB>");
        TEST("<AA>", "AA", "B", "<B>");
        TEST("<AA>", "AA", "BB", "<BB>");
        TEST("<AA>", "AA", "BBB", "<BBB>");
        TEST("<AA|AA>", "AA", "B", "<B|B>");
        TEST("<AA|AA>", "AA", "BB", "<BB|BB>");
        TEST("<AA|AA>", "AA", "BBB", "<BBB|BBB>");
        TEST("<AAAA>", "AA", "B", "<BB>");
        TEST("<AAAA>", "AA", "BB", "<BBBB>");
        TEST("<AAAA>", "AA", "BBB", "<BBBBBB>");
        TEST("AAAA>", "AA", "B", "BB>");
        TEST("AAAA>", "AA", "BB", "BBBB>");
        TEST("AAAA>", "AA", "BBB", "BBBBBB>");
        TEST("<AAAA", "AA", "B", "<BB");
        TEST("<AAAA", "AA", "BB", "<BBBB");
        TEST("<AAAA", "AA", "BBB", "<BBBBBB");
        alarm(1); /* no infinite loop */
        TEST("A", "A", "A", "A");
        TEST("AA", "A", "A", "AA");
        alarm(0);
      Signed-off-by: NPhilipp Hahn <hahn@univention.de>
      22ec6000
    • E
      network: fix testsuite regression · 0aaf88e8
      Eric Blake 提交于
      I slightly botched commit be9fb5af - I converted '--arg=value' to
      '--arg value', which has no semantic change, but did trip up the
      testsuite.
      
      * src/network/bridge_driver.c (networkBuildDnsmasqArgv): Restore
      expected output.
      0aaf88e8
    • P
      tests: virnettlscontexttest needs gnutls-2.6.0 · 08f680ee
      Philipp Hahn 提交于
      virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and
      GNUTLS_FSAN_APPEND, which - according to
      <http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only
      available since 2.6.0.
      
      Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only
      enable the test when the version of GNUTLS is at least 2.6.0.
      Signed-off-by: NPhilipp Hahn <hahn@univention.de>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      08f680ee
    • P
      xen_xs: name xendConfigVersion magic numbers · 184fc07f
      Philipp Hahn 提交于
      libvirt supports 4 different versions of the user-land XenD daemon. When
      queried the daemon just returns its generation number, which is hard to
      match to the version of the Xen tools.
      
      Replace the magic generation numbers by named enum definitions to
      improve code readability.
      Signed-off-by: NPhilipp Hahn <hahn@univention.de>
      184fc07f
    • A
      network: Avoid memory leaks on networkBuildDnsmasqArgv · be9fb5af
      Alex Jia 提交于
      Detected by valgrind. Leaks introduced in commit 973af236.
      
      * src/network/bridge_driver.c: fix memory leaks on failure and successful path.
      
      * How to reproduce?
      % make -C tests check TESTS=networkxml2argvtest
      % cd tests && valgrind -v --leak-check=full ./networkxml2argvtest
      
      * Actual result:
      
      ==2226== 3 bytes in 1 blocks are definitely lost in loss record 1 of 24
      ==2226==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
      ==2226==    by 0x39CF0FEDE7: __vasprintf_chk (in /lib64/libc-2.12.so)
      ==2226==    by 0x41DFF7: virVasprintf (stdio2.h:199)
      ==2226==    by 0x41E0B7: virAsprintf (util.c:1695)
      ==2226==    by 0x41A2D9: networkBuildDhcpDaemonCommandLine (bridge_driver.c:545)
      ==2226==    by 0x4145C8: testCompareXMLToArgvHelper (networkxml2argvtest.c:47)
      ==2226==    by 0x4156A1: virtTestRun (testutils.c:141)
      ==2226==    by 0x414332: mymain (networkxml2argvtest.c:123)
      ==2226==    by 0x414D97: virtTestMain (testutils.c:696)
      ==2226==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
      ==2226==
      ==2226== 3 bytes in 1 blocks are definitely lost in loss record 2 of 24
      ==2226==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
      ==2226==    by 0x39CF0FEDE7: __vasprintf_chk (in /lib64/libc-2.12.so)
      ==2226==    by 0x41DFF7: virVasprintf (stdio2.h:199)
      ==2226==    by 0x41E0B7: virAsprintf (util.c:1695)
      ==2226==    by 0x41A307: networkBuildDhcpDaemonCommandLine (bridge_driver.c:551)
      ==2226==    by 0x4145C8: testCompareXMLToArgvHelper (networkxml2argvtest.c:47)
      ==2226==    by 0x4156A1: virtTestRun (testutils.c:141)
      ==2226==    by 0x414332: mymain (networkxml2argvtest.c:123)
      ==2226==    by 0x414D97: virtTestMain (testutils.c:696)
      ==2226==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
      ==2226==
      ==2226== 5 bytes in 1 blocks are definitely lost in loss record 4 of 24
      ==2226==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
      ==2226==    by 0x39CF0FEDE7: __vasprintf_chk (in /lib64/libc-2.12.so)
      ==2226==    by 0x41DFF7: virVasprintf (stdio2.h:199)
      ==2226==    by 0x41E0B7: virAsprintf (util.c:1695)
      ==2226==    by 0x41A2AB: networkBuildDhcpDaemonCommandLine (bridge_driver.c:539)
      ==2226==    by 0x4145C8: testCompareXMLToArgvHelper (networkxml2argvtest.c:47)
      ==2226==    by 0x4156A1: virtTestRun (testutils.c:141)
      ==2226==    by 0x414332: mymain (networkxml2argvtest.c:123)
      ==2226==    by 0x414D97: virtTestMain (testutils.c:696)
      ==2226==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
      ==2226==
      ==2226== LEAK SUMMARY:
      ==2226==    definitely lost: 11 bytes in 3 blocks
      Signed-off-by: NAlex Jia <ajia@redhat.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      be9fb5af
    • E
      block rebase: initial qemu implementation · 9f902a2e
      Eric Blake 提交于
      This is a trivial implementation, which works with the current
      released qemu 1.0 with backports of preliminary block pull but
      no partial rebase.  Future patches will update the monitor handling
      to support an optional parameter for partial rebase; but as qemu
      1.1 is unreleased, it can be in later patches, designed to be
      backported on top of the supported API.
      
      * src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Add parameter,
      and adjust callers.  Drop redundant check.
      (qemuDomainBlockPull): Move guts...
      (qemuDomainBlockRebase): ...to new function.
      9f902a2e
    • E
      block rebase: wire up remote protocol · 8ee8fd65
      Eric Blake 提交于
      Nice and simple.
      
      * src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_BLOCK_REBASE):
      New RPC.
      * src/remote/remote_driver.c (remote_driver): Wire it up.
      * src/remote_protocol-structs: Regenerate.
      8ee8fd65
    • E
      block rebase: add new API virDomainBlockRebase · 99fd69c3
      Eric Blake 提交于
      Qemu is adding the ability to do a partial rebase.  That is, given:
      
      base <- intermediate <- current
      
      virDomainBlockPull will produce:
      
      current
      
      but qemu now has the ability to leave base in the chain, to produce:
      
      base <- current
      
      Note that current qemu can only do a forward merge, and only with
      the current image as the destination, which is fully described by
      this API without flags.  But in the future, it may be possible to
      enhance this API for additional scenarios by using flags:
      
      Merging the current image back into a previous image (that is,
      undoing a live snapshot), could be done by passing base as the
      destination and flags with a bit requesting a backward merge.
      
      Merging any other part of the image chain, whether forwards (the
      backing image contents are pulled into the newer file) or backwards
      (the deltas recorded in the newer file are merged back into the
      backing file), could also be done by passing a new flag that says
      that base should be treated as an XML snippet rather than an
      absolute path name, where the XML could then supply the additional
      instructions of which part of the image chain is being merged into
      any other part.
      
      * include/libvirt/libvirt.h.in (virDomainBlockRebase): New
      declaration.
      * src/libvirt.c (virDomainBlockRebase): Implement it.
      * src/libvirt_public.syms (LIBVIRT_0.9.10): Export it.
      * src/driver.h (virDrvDomainBlockRebase): New driver callback.
      * src/rpc/gendispatch.pl (long_legacy): Add exemption.
      * docs/apibuild.py (long_legacy_functions): Likewise.
      99fd69c3
    • P
      qemu: Add support for virDomainGetMetadata and virDomainSetMetadata · 21d13ddc
      Peter Krempa 提交于
      This patch adds support for the new api into the qemu driver to support
      modification and retrieval of domain description and title. This patch
      does not add support for modifying the <metadata> element.
      21d13ddc
    • P
      virsh: Add support for modifying domain description and titles · fad5cd21
      Peter Krempa 提交于
      This patch adds a new command "desc" to show and modify titles and
      description for the domains using the new API.
      
      This patch also adds a new flag for the "list" command to show titles in
      the domain list, to allow easy identification of VMs by storing a short
      description.
      
      Example:
      virsh # list --title
       Id Name                 State      Title
       -----------------------------------------------
         0 Domain-0             running    Mailserver 1
         2 fedora               paused
      fad5cd21
    • P
      API: Add api to set and get domain metadata · c471e55e
      Peter Krempa 提交于
      This patch adds API to modify domain metadata for running and stopped
      domains. The api supports changing description, title as well as the
      newly added <metadata> element. The API has support for storing data in
      the metadata element using xml namespaces.
      
      * include/libvirt/libvirt.h.in
      * src/libvirt_public.syms
              - add function headers
              - add enum to select metadata to operate on
              - export functions
      * src/libvirt.c
              - add public api implementation
      * src/driver.h
              - add driver support
      * src/remote/remote_driver.c
      * src/remote/remote_protocol.x
              - wire up the remote protocol
      * include/libvirt/virterror.h
      * src/util/virterror.c
              - add a new error message note that metadata for domain are
              missing
      c471e55e
    • P
      xml: Add element <title> to allow short description of domains · b79ba838
      Peter Krempa 提交于
      This patch adds a new element <title> to the domain XML. This attribute
      can hold a short title defined by the user to ease the identification of
      domains. The title may not contain newlines and should be reasonably short.
      
       *docs/formatdomain.html.in
       *docs/schemas/domaincommon.rng
              - add schema grammar for the new element and documentation
        *src/conf/domain_conf.c
        *src/conf/domain_conf.h
              - add field to hold the new attribute
              - add code to parse and create XML with the new attribute
      b79ba838
    • L
      build: add missing virStorageFileResize to libvirt_private.syms · 26e9fdc0
      Laine Stump 提交于
      This was forgotten when the function was originally written (not
      noticed because it wasn't used at the time). It's required for
      proper compilation with modules enabled after applying the recent
      virStorageVolResize patches.
      26e9fdc0
    • L
      build: add missing virCommandAddCap to libvirt_private.syms · f594cdda
      Laine Stump 提交于
      This was forgotten when the function was initially written (not
      noticed because it wasn't used at the time). It's required for proper
      compilation with modules enabled after applying the recent rawio
      patches.
      f594cdda
  3. 01 2月, 2012 15 次提交