1. 22 8月, 2013 3 次提交
  2. 21 8月, 2013 14 次提交
    • E
      migration: do not restore labels on failed migration · e4ddcf09
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=822052
      
      When doing a live migration, if the destination fails for any
      reason after the point in which files should be labeled, then
      the cleanup of the destination would restore the labels to their
      defaults, even though the source is still trying to continue
      running with the image open.  Bug 822052 mentioned one source
      of live migration failure - a mismatch in SELinux virt_use_nfs
      settings (on for source, off for destination); but I found other
      situations that would also trigger it (for example, having a
      graphics device tied to port 5999 on the source, and a different
      domain on the destination already using that port, so that the
      destination cannot reuse the port).
      
      In short, just as cleanup of the source on a successful migration
      must not relabel files (because the destination would be crippled
      by the relabel), cleanup of the destination on a failed migration
      must not relabel files (because the source would be crippled).
      
      * src/qemu/qemu_process.c (qemuProcessStart): Set flag to avoid
      label restoration when cleaning up on failed migration.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      e4ddcf09
    • C
      tests: fix building without xattr support · d7c4e003
      Claudio Bley 提交于
      Only compile securityselinuxhelper.c if xattr support was detected to
      avoid this error:
      
      securityselinuxhelper.c:34:24: fatal error: attr/xattr.h: No such file
      or directory compilation terminated.
      
      Since all SELinux tests depend upon the securityselinuxhelper library,
      these test programs are now only build when xattr support is
      available.
      d7c4e003
    • D
      Test handling of non-existent x509 certs · 4b8d387e
      Daniel P. Berrange 提交于
      In commit f905cc99 a use of
      uninitialized data was fixed based on a coverity report. It
      turns out it was possible to trigger this issue by pointing
      libvirt at non-existent certificate files, typically causing
      a crash.
      
      This adds a test case for that scenario. With the above
      commit reverted, this new test case will crash with a SEGV.
      With the fix applied, it passes, reporting a normal libvirt
      error to the caller.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4b8d387e
    • O
      storage: Fix the use-after-free memory bug · 4140dbed
      Osier Yang 提交于
      Introduced by commit e0139e30. virStorageVolDefFree free'ed the
      pointers that are still used by the added volume object, this changes
      it back to VIR_FREE.
      4140dbed
    • O
      storage: Fix coverity warning · b8a0103d
      Osier Yang 提交于
      Introduced by commit e0139e30:
      
      1777 	    /* Updating pool metadata */
      
      (40) Event var_deref_op: Dereferencing null pointer "newvol".
           Also see events: [assign_zero]
      
      1778 	    pool->def->allocation += newvol->allocation;
      1779 	    pool->def->available -= newvol->allocation;
      b8a0103d
    • J
      docs: Update iSCSI storage pool example · c753749c
      John Ferlan 提交于
      Update the iSCSI storage pool example to include the secret
      c753749c
    • J
      docs: Update formatsecrets to include more examples of each type · 4ba05290
      John Ferlan 提交于
      Update formatsecret docs to describe the various options and provide examples
      in order to set up secrets for each type of secret.
      4ba05290
    • J
      docs: Update the formatdomain disk examples · cb3b7dce
      John Ferlan 提交于
      Add more iSCSI examples including having a secret attached. There are 4 new
      examples; one for each way to have an iSCSI - a network disk using virtio,
      a passthrough network lun using scsi, a volume disk using "mode='host'",
      and a volume disk using "mode='direct'"
      cb3b7dce
    • J
      Report secret usage error message similarly · 1fa7946f
      John Ferlan 提交于
      Each of the modules handled reporting error messages from the secret fetching
      slightly differently with respect to the error. Provide a similar message
      for each error case and provide as much data as possible.
      1fa7946f
    • O
      qemu_conf: Fix broken logic for adding passthrough iscsi lun · 109d026a
      Osier Yang 提交于
      Following XML would fail :
      
          <disk type='network' device='lun'>
            <driver name='qemu' type='raw'/>
            <source protocol='iscsi' name='iqn.2013-07.com.example:iscsi/1'>
              <host name='example.com' port='3260'/>
            </source>
            <target dev='sda' bus='scsi'/>
          </disk>
      
      With the message:
      
      error: Failed to start domain iscsilun
      error: Unable to get device ID 'iqn.2013-07.com.example:iscsi/1': No such fi
      
      Cause was commit id '1f49b05a' which added 'virDomainDiskSourceIsBlockType'
      109d026a
    • J
      virsh: Print cephx and iscsi usage · db1382f3
      John Ferlan 提交于
      When using virsh secret-list - if the secret types are cephx or iscsi,
      then allow fetch/print of the usage information. Prior to the change
      the following would print:
      
      UUID                                 Usage
      -----------------------------------------------------------
      1b40a534-8301-45d5-b1aa-11894ebb1735 Unused
      a5ba3efe-6adf-4a6a-b243-f010a043e314 Unused
      
      Afterwards:
      
      UUID                                 Usage
      -----------------------------------------------------------
      1b40a534-8301-45d5-b1aa-11894ebb1735 ceph ceph_example
      a5ba3efe-6adf-4a6a-b243-f010a043e314 iscsi libvirtiscsi
      db1382f3
    • J
      libxl: Resolve possible NULL dereference · 6aea4ebc
      John Ferlan 提交于
      If we reached cleanup: prior to allocating cpus, it was possible that
      'nr_nodes' had a value, but cpus was NULL leading to a possible NULL
      deref. Add a 'cpus' as an end condition to for loop
      6aea4ebc
    • E
      selinux: enhance test to cover nfs label failure · 95577af4
      Eric Blake 提交于
      Daniel Berrange (correctly) pointed out that we should do a better
      job of testing selinux labeling fallbacks on NFS disks that lack
      labeling support.
      
      * tests/securityselinuxhelper.c (includes): Makefile already
      guaranteed xattr support.  Add additional headers.
      (init_syms): New function, borrowing from vircgroupmock.c.
      (setfilecon_raw, getfilecon_raw): Fake NFS failure.
      (statfs): Fake an NFS mount point.
      (security_getenforce, security_get_boolean_active): Don't let host
      environment affect test.
      * tests/securityselinuxlabeldata/nfs.data: New file.
      * tests/securityselinuxlabeldata/nfs.xml: New file.
      * tests/securityselinuxlabeltest.c (testSELinuxCreateDisks)
      (testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount.
      (testSELinuxCheckLabels): Test handling of SELinux NFS denial.
      Fix memory leak.
      (testSELinuxLabeling): Avoid infinite loop on dirty tree.
      (mymain): Add new test.
      95577af4
    • E
      selinux: distinguish failure to label from request to avoid label · 0f082e69
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=924153
      
      Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with
      an attribute relabel='no' in order to try and minimize the
      impact of shutdown delays when an NFS server disappears.  The idea
      was that if a disk is on NFS and can't be labeled in the first
      place, there is no need to attempt the (no-op) relabel on domain
      shutdown.  Unfortunately, the way this was implemented was by
      modifying the domain XML so that the optimization would survive
      libvirtd restart, but in a way that is indistinguishable from an
      explicit user setting.  Furthermore, once the setting is turned
      on, libvirt avoids attempts at labeling, even for operations like
      snapshot or blockcopy where the chain is being extended or pivoted
      onto non-NFS, where SELinux labeling is once again possible.  As
      a result, it was impossible to do a blockcopy to pivot from an
      NFS image file onto a local file.
      
      The solution is to separate the semantics of a chain that must
      not be labeled (which the user can set even on persistent domains)
      vs. the optimization of not attempting a relabel on cleanup (a
      live-only annotation), and using only the user's explicit notation
      rather than the optimization as the decision on whether to skip
      a label attempt in the first place.  When upgrading an older
      libvirtd to a newer, an NFS volume will still attempt the relabel;
      but as the avoidance of a relabel was only an optimization, this
      shouldn't cause any problems.
      
      In the ideal future, libvirt will eventually have XML describing
      EVERY file in the backing chain, with each file having a separate
      <seclabel> element.  At that point, libvirt will be able to track
      more closely which files need a relabel attempt at shutdown.  But
      until we reach that point, the single <seclabel> for the entire
      <disk> chain is treated as a hint - when a chain has only one
      file, then we know it is accurate; but if the chain has more than
      one file, we have to attempt relabel in spite of the attribute,
      in case part of the chain is local and SELinux mattered for that
      portion of the chain.
      
      * src/conf/domain_conf.h (_virSecurityDeviceLabelDef): Add new
      member.
      * src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML):
      Parse it, for live images only.
      (virSecurityDeviceLabelDefFormat): Output it.
      (virDomainDiskDefParseXML, virDomainChrSourceDefParseXML)
      (virDomainDiskSourceDefFormat, virDomainChrDefFormat)
      (virDomainDiskDefFormat): Pass flags on through.
      * src/security/security_selinux.c
      (virSecuritySELinuxRestoreSecurityImageLabelInt): Honor labelskip
      when possible.
      (virSecuritySELinuxSetSecurityFileLabel): Set labelskip, not
      norelabel, if labeling fails.
      (virSecuritySELinuxSetFileconHelper): Fix indentation.
      * docs/formatdomain.html.in (seclabel): Document new xml.
      * docs/schemas/domaincommon.rng (devSeclabel): Allow it in RNG.
      * tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.xml:
      * tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.args:
      * tests/qemuxml2xmloutdata/qemuxml2xmlout-seclabel-*-labelskip.xml:
      New test files.
      * tests/qemuxml2argvtest.c (mymain): Run the new tests.
      * tests/qemuxml2xmltest.c (mymain): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      0f082e69
  3. 20 8月, 2013 10 次提交
    • P
      virsh: Don't leak list of volumes when undefining domain with storage · 04898f60
      Peter Krempa 提交于
      Use the new semantics of vshStringToArray to avoid leaking the array of
      volumes to be deleted. The array would be leaked in case the first
      volume was found in the domain definition. Also refactor the code a bit
      to sanitize naming of variables hoding arrays and dimensions of the
      arrays.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050
      04898f60
    • P
      virsh-pool: Improve error message in cmdPoolList · 5b5da082
      Peter Krempa 提交于
      Explicitly let the user know about the unknown pool type.
      5b5da082
    • P
      virsh: modify vshStringToArray to duplicate the elements too · d64af6ce
      Peter Krempa 提交于
      At a slightly larger memory expense allow stealing of items from the
      string array returned from vshStringToArray and turn the result into a
      string list compatible with virStringSplit. This will allow to use the
      common dealloc function.
      
      This patch also fixes a few forgotten checks of return from
      vshStringToArray and one memory leak.
      d64af6ce
    • M
      qemuBuildCommandLine: Fall back to mem balloon if there's no hard_limit · a7f94a40
      Michal Privoznik 提交于
      If there's no hard_limit set and domain uses VFIO we still must lock the
      guest memory (prerequisite from qemu). Hence, we should compute the
      amount to be locked from max_balloon.
      a7f94a40
    • M
      qemuSetupMemoryCgroup: Handle hard_limit properly · 94a24dd3
      Michal Privoznik 提交于
      Since 16bcb3 we have a regression. The hard_limit is set
      unconditionally. By default the limit is zero. Hence, if user hasn't
      configured any, we set the zero in cgroup subsystem making the kernel
      kill the corresponding qemu process immediately. The proper fix is to
      set hard_limit iff user has configured any.
      94a24dd3
    • M
      docs: Clean 09adfdc6 up · 8563b091
      Michal Privoznik 提交于
      8563b091
    • E
      virt-pki-validate: add --help/--version option · 53924ad5
      Eric Blake 提交于
      Another program gains --help/--version :)
      
      * tools/virt-pki-validate.in: Add option parsing.  Update
      documentation to match.
      * tools/Makefile.am (virt-pki-validate): Substitute version.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      53924ad5
    • E
      virt-xml-validate: add missing schemas · ab4304b7
      Eric Blake 提交于
      We were failing to autoprobe which schema to use for several
      top-level XML elements.
      
      * tools/virt-xml-validate.in (TYPE): Recognize <domainsnapshot>,
      <filter>, and <secret>.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ab4304b7
    • E
      virt-xml-validate: add --help/--version option · b2ea248e
      Eric Blake 提交于
      All good tools should have --help and --version output :)
      
      Furthermore, we want to ensure a failed exit if xmllint fails,
      or even for 'virt-xml-validate > /dev/full'.
      
      * tools/virt-xml-validate.in: Add option parsing.  Output errors
      to stderr.  Update documentation to match.
      * tools/Makefile.am (virt-xml-validate): Substitute version.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      b2ea248e
    • J
      libxl: implement NUMA capabilities reporting · 0192fd67
      Jim Fehlig 提交于
      From: Dario Faggioli <dario.faggioli@citrix.com>
      
      Starting from Xen 4.2, libxl has all the bits and pieces in place
      for retrieving an adequate amount of information about the host
      NUMA topology. It is therefore possible, after a bit of shuffling,
      to arrange those information in the way libvirt wants to present
      them to the outside world.
      
      Therefore, with this patch, the <topology> section of the host
      capabilities is properly populated, when running on Xen, so that
      we can figure out whether or not we're running on a NUMA host,
      and what its characteristics are.
      
      [raistlin@Zhaman ~]$ sudo virsh --connect xen:/// capabilities
      <capabilities>
        <host>
          <cpu>
          ....
          <topology>
            <cells num='2'>
              <cell id='0'>
                <memory unit='KiB'>6291456</memory>
                <cpus num='8'>
                  <cpu id='0' socket_id='1' core_id='0' siblings='0-1'/>
                  <cpu id='1' socket_id='1' core_id='0' siblings='0-1'/>
                  <cpu id='2' socket_id='1' core_id='1' siblings='2-3'/>
                  <cpu id='3' socket_id='1' core_id='1' siblings='2-3'/>
                  <cpu id='4' socket_id='1' core_id='9' siblings='4-5'/>
                  <cpu id='5' socket_id='1' core_id='9' siblings='4-5'/>
                  <cpu id='6' socket_id='1' core_id='10' siblings='6-7'/>
                  <cpu id='7' socket_id='1' core_id='10' siblings='6-7'/>
                </cpus>
              </cell>
              <cell id='1'>
                <memory unit='KiB'>6881280</memory>
                <cpus num='8'>
                  <cpu id='8' socket_id='0' core_id='0' siblings='8-9'/>
                  <cpu id='9' socket_id='0' core_id='0' siblings='8-9'/>
                  <cpu id='10' socket_id='0' core_id='1' siblings='10-11'/>
                  <cpu id='11' socket_id='0' core_id='1' siblings='10-11'/>
                  <cpu id='12' socket_id='0' core_id='9' siblings='12-13'/>
                  <cpu id='13' socket_id='0' core_id='9' siblings='12-13'/>
                  <cpu id='14' socket_id='0' core_id='10' siblings='14-15'/>
                  <cpu id='15' socket_id='0' core_id='10' siblings='14-15'/>
                </cpus>
              </cell>
            </cells>
          </topology>
        </host>
        ....
      0192fd67
  4. 19 8月, 2013 8 次提交
    • P
      nwfilter: Don't fail to start if DBus isn't available · e0e61b4c
      Peter Krempa 提交于
      When the daemon is compiled with firewalld support but the DBus message
      bus isn't started in the system, the initialization of the nwfilter
      driver fails even if there are fallback options.
      e0e61b4c
    • P
      virsystemd: Don't fail to start VM if DBus isn't available or compiled in · ee3db56f
      Peter Krempa 提交于
      On hosts that don't have the DBus service running or installed the new
      systemd cgroups code failed with hard error instead of falling back to
      "manual" cgroup creation.
      
      Use the new helper to check for the system bus and use the fallback code
      in case it isn't available.
      ee3db56f
    • P
      virdbus: Add virDBusHasSystemBus() · 2398dd3d
      Peter Krempa 提交于
      Some systems may not use DBus in their system. Add a method to check if
      the system bus is available that doesn't print error messages so that
      code can later check for this condition and use an alternative approach.
      2398dd3d
    • P
      virbitmaptest: Shut coverity up in case of broken test · 39d963d1
      Peter Krempa 提交于
      Coverity reported a memleak in the test added in 7efd5fd1. In case
      the code will be broken and the code will actually parse a faulty bitmap
      the resulting pointer would be leaked. Free it although that shouldn't
      ever happen.
      39d963d1
    • D
      Make max_clients in virtlockd configurable · 9f5b4b1f
      David Weber 提交于
      Each new VM requires a new connection from libvirtd to virtlockd.
      The default max clients limit in virtlockd of 20 is thus woefully
      insufficient. virtlockd sockets are only accessible to matching
      users, so there is no security need for such a tight limit. Make
      it configurable and default to 1024.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      9f5b4b1f
    • M
      docs: Discourage users to set hard_limit · 09adfdc6
      Michal Privoznik 提交于
      In one of my previous patches I am removing the hard_limit heuristic to
      guess the correct value if none set. However, it turned out, this limit
      is hard to guess even for users. We should advise them to not set the
      limit as their domains may be OOM killed. Sigh.
      09adfdc6
    • M
      qemu: Drop qemuDomainMemoryLimit · 16bcb3b6
      Michal Privoznik 提交于
      This function is to guess the correct limit for maximal memory
      usage by qemu for given domain. This can never be guessed
      correctly, not to mention all the pains and sleepless nights this
      code has caused. Once somebody discovers algorithm to solve the
      Halting Problem, we can compute the limit algorithmically. But
      till then, this code should never see the light of the release
      again.
      16bcb3b6
    • O
      storage: Update pool metadata after adding/removing/resizing volume · e0139e30
      Osier Yang 提交于
      One has to refresh the pool to get the correct pool info after
      adding/removing/resizing a volume, this updates the pool metadata
      (allocation, available) after those operation are done.
      e0139e30
  5. 18 8月, 2013 1 次提交
  6. 17 8月, 2013 4 次提交