- 22 8月, 2013 3 次提交
-
-
由 Roman Bogorodskiy 提交于
Implement networkEnableIpForwarding() using BSD style sysctl.
-
由 Roman Bogorodskiy 提交于
Provide an implementation of virNetDev(Set|Clear)IPv4Address based on BSD ifconfig tool in addition to 'ip' from Linux iproute2 package.
-
由 Jim Fehlig 提交于
More fallout from commit d72ef888. When reconnecting to running domains, the libxl_ctx in libxlDomainObjPrivate was used before initializing it, causing a segfault in libxl and consequently crashing libvirtd. Initialize the libxlDomainObjPrivate libxl_ctx in libxlReconnectDomain, and while at it use this ctx in libxlReconnectDomain instead of the driver-wide ctx.
-
- 21 8月, 2013 14 次提交
-
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=822052 When doing a live migration, if the destination fails for any reason after the point in which files should be labeled, then the cleanup of the destination would restore the labels to their defaults, even though the source is still trying to continue running with the image open. Bug 822052 mentioned one source of live migration failure - a mismatch in SELinux virt_use_nfs settings (on for source, off for destination); but I found other situations that would also trigger it (for example, having a graphics device tied to port 5999 on the source, and a different domain on the destination already using that port, so that the destination cannot reuse the port). In short, just as cleanup of the source on a successful migration must not relabel files (because the destination would be crippled by the relabel), cleanup of the destination on a failed migration must not relabel files (because the source would be crippled). * src/qemu/qemu_process.c (qemuProcessStart): Set flag to avoid label restoration when cleaning up on failed migration. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Claudio Bley 提交于
Only compile securityselinuxhelper.c if xattr support was detected to avoid this error: securityselinuxhelper.c:34:24: fatal error: attr/xattr.h: No such file or directory compilation terminated. Since all SELinux tests depend upon the securityselinuxhelper library, these test programs are now only build when xattr support is available.
-
由 Daniel P. Berrange 提交于
In commit f905cc99 a use of uninitialized data was fixed based on a coverity report. It turns out it was possible to trigger this issue by pointing libvirt at non-existent certificate files, typically causing a crash. This adds a test case for that scenario. With the above commit reverted, this new test case will crash with a SEGV. With the fix applied, it passes, reporting a normal libvirt error to the caller. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Osier Yang 提交于
Introduced by commit e0139e30. virStorageVolDefFree free'ed the pointers that are still used by the added volume object, this changes it back to VIR_FREE.
-
由 Osier Yang 提交于
Introduced by commit e0139e30: 1777 /* Updating pool metadata */ (40) Event var_deref_op: Dereferencing null pointer "newvol". Also see events: [assign_zero] 1778 pool->def->allocation += newvol->allocation; 1779 pool->def->available -= newvol->allocation;
-
由 John Ferlan 提交于
Update the iSCSI storage pool example to include the secret
-
由 John Ferlan 提交于
Update formatsecret docs to describe the various options and provide examples in order to set up secrets for each type of secret.
-
由 John Ferlan 提交于
Add more iSCSI examples including having a secret attached. There are 4 new examples; one for each way to have an iSCSI - a network disk using virtio, a passthrough network lun using scsi, a volume disk using "mode='host'", and a volume disk using "mode='direct'"
-
由 John Ferlan 提交于
Each of the modules handled reporting error messages from the secret fetching slightly differently with respect to the error. Provide a similar message for each error case and provide as much data as possible.
-
由 Osier Yang 提交于
Following XML would fail : <disk type='network' device='lun'> <driver name='qemu' type='raw'/> <source protocol='iscsi' name='iqn.2013-07.com.example:iscsi/1'> <host name='example.com' port='3260'/> </source> <target dev='sda' bus='scsi'/> </disk> With the message: error: Failed to start domain iscsilun error: Unable to get device ID 'iqn.2013-07.com.example:iscsi/1': No such fi Cause was commit id '1f49b05a' which added 'virDomainDiskSourceIsBlockType'
-
由 John Ferlan 提交于
When using virsh secret-list - if the secret types are cephx or iscsi, then allow fetch/print of the usage information. Prior to the change the following would print: UUID Usage ----------------------------------------------------------- 1b40a534-8301-45d5-b1aa-11894ebb1735 Unused a5ba3efe-6adf-4a6a-b243-f010a043e314 Unused Afterwards: UUID Usage ----------------------------------------------------------- 1b40a534-8301-45d5-b1aa-11894ebb1735 ceph ceph_example a5ba3efe-6adf-4a6a-b243-f010a043e314 iscsi libvirtiscsi
-
由 John Ferlan 提交于
If we reached cleanup: prior to allocating cpus, it was possible that 'nr_nodes' had a value, but cpus was NULL leading to a possible NULL deref. Add a 'cpus' as an end condition to for loop
-
由 Eric Blake 提交于
Daniel Berrange (correctly) pointed out that we should do a better job of testing selinux labeling fallbacks on NFS disks that lack labeling support. * tests/securityselinuxhelper.c (includes): Makefile already guaranteed xattr support. Add additional headers. (init_syms): New function, borrowing from vircgroupmock.c. (setfilecon_raw, getfilecon_raw): Fake NFS failure. (statfs): Fake an NFS mount point. (security_getenforce, security_get_boolean_active): Don't let host environment affect test. * tests/securityselinuxlabeldata/nfs.data: New file. * tests/securityselinuxlabeldata/nfs.xml: New file. * tests/securityselinuxlabeltest.c (testSELinuxCreateDisks) (testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount. (testSELinuxCheckLabels): Test handling of SELinux NFS denial. Fix memory leak. (testSELinuxLabeling): Avoid infinite loop on dirty tree. (mymain): Add new test.
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=924153 Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with an attribute relabel='no' in order to try and minimize the impact of shutdown delays when an NFS server disappears. The idea was that if a disk is on NFS and can't be labeled in the first place, there is no need to attempt the (no-op) relabel on domain shutdown. Unfortunately, the way this was implemented was by modifying the domain XML so that the optimization would survive libvirtd restart, but in a way that is indistinguishable from an explicit user setting. Furthermore, once the setting is turned on, libvirt avoids attempts at labeling, even for operations like snapshot or blockcopy where the chain is being extended or pivoted onto non-NFS, where SELinux labeling is once again possible. As a result, it was impossible to do a blockcopy to pivot from an NFS image file onto a local file. The solution is to separate the semantics of a chain that must not be labeled (which the user can set even on persistent domains) vs. the optimization of not attempting a relabel on cleanup (a live-only annotation), and using only the user's explicit notation rather than the optimization as the decision on whether to skip a label attempt in the first place. When upgrading an older libvirtd to a newer, an NFS volume will still attempt the relabel; but as the avoidance of a relabel was only an optimization, this shouldn't cause any problems. In the ideal future, libvirt will eventually have XML describing EVERY file in the backing chain, with each file having a separate <seclabel> element. At that point, libvirt will be able to track more closely which files need a relabel attempt at shutdown. But until we reach that point, the single <seclabel> for the entire <disk> chain is treated as a hint - when a chain has only one file, then we know it is accurate; but if the chain has more than one file, we have to attempt relabel in spite of the attribute, in case part of the chain is local and SELinux mattered for that portion of the chain. * src/conf/domain_conf.h (_virSecurityDeviceLabelDef): Add new member. * src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML): Parse it, for live images only. (virSecurityDeviceLabelDefFormat): Output it. (virDomainDiskDefParseXML, virDomainChrSourceDefParseXML) (virDomainDiskSourceDefFormat, virDomainChrDefFormat) (virDomainDiskDefFormat): Pass flags on through. * src/security/security_selinux.c (virSecuritySELinuxRestoreSecurityImageLabelInt): Honor labelskip when possible. (virSecuritySELinuxSetSecurityFileLabel): Set labelskip, not norelabel, if labeling fails. (virSecuritySELinuxSetFileconHelper): Fix indentation. * docs/formatdomain.html.in (seclabel): Document new xml. * docs/schemas/domaincommon.rng (devSeclabel): Allow it in RNG. * tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.xml: * tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.args: * tests/qemuxml2xmloutdata/qemuxml2xmlout-seclabel-*-labelskip.xml: New test files. * tests/qemuxml2argvtest.c (mymain): Run the new tests. * tests/qemuxml2xmltest.c (mymain): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 20 8月, 2013 10 次提交
-
-
由 Peter Krempa 提交于
Use the new semantics of vshStringToArray to avoid leaking the array of volumes to be deleted. The array would be leaked in case the first volume was found in the domain definition. Also refactor the code a bit to sanitize naming of variables hoding arrays and dimensions of the arrays. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050
-
由 Peter Krempa 提交于
Explicitly let the user know about the unknown pool type.
-
由 Peter Krempa 提交于
At a slightly larger memory expense allow stealing of items from the string array returned from vshStringToArray and turn the result into a string list compatible with virStringSplit. This will allow to use the common dealloc function. This patch also fixes a few forgotten checks of return from vshStringToArray and one memory leak.
-
由 Michal Privoznik 提交于
If there's no hard_limit set and domain uses VFIO we still must lock the guest memory (prerequisite from qemu). Hence, we should compute the amount to be locked from max_balloon.
-
由 Michal Privoznik 提交于
Since 16bcb3 we have a regression. The hard_limit is set unconditionally. By default the limit is zero. Hence, if user hasn't configured any, we set the zero in cgroup subsystem making the kernel kill the corresponding qemu process immediately. The proper fix is to set hard_limit iff user has configured any.
-
由 Michal Privoznik 提交于
-
由 Eric Blake 提交于
Another program gains --help/--version :) * tools/virt-pki-validate.in: Add option parsing. Update documentation to match. * tools/Makefile.am (virt-pki-validate): Substitute version. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
We were failing to autoprobe which schema to use for several top-level XML elements. * tools/virt-xml-validate.in (TYPE): Recognize <domainsnapshot>, <filter>, and <secret>. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
All good tools should have --help and --version output :) Furthermore, we want to ensure a failed exit if xmllint fails, or even for 'virt-xml-validate > /dev/full'. * tools/virt-xml-validate.in: Add option parsing. Output errors to stderr. Update documentation to match. * tools/Makefile.am (virt-xml-validate): Substitute version. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Jim Fehlig 提交于
From: Dario Faggioli <dario.faggioli@citrix.com> Starting from Xen 4.2, libxl has all the bits and pieces in place for retrieving an adequate amount of information about the host NUMA topology. It is therefore possible, after a bit of shuffling, to arrange those information in the way libvirt wants to present them to the outside world. Therefore, with this patch, the <topology> section of the host capabilities is properly populated, when running on Xen, so that we can figure out whether or not we're running on a NUMA host, and what its characteristics are. [raistlin@Zhaman ~]$ sudo virsh --connect xen:/// capabilities <capabilities> <host> <cpu> .... <topology> <cells num='2'> <cell id='0'> <memory unit='KiB'>6291456</memory> <cpus num='8'> <cpu id='0' socket_id='1' core_id='0' siblings='0-1'/> <cpu id='1' socket_id='1' core_id='0' siblings='0-1'/> <cpu id='2' socket_id='1' core_id='1' siblings='2-3'/> <cpu id='3' socket_id='1' core_id='1' siblings='2-3'/> <cpu id='4' socket_id='1' core_id='9' siblings='4-5'/> <cpu id='5' socket_id='1' core_id='9' siblings='4-5'/> <cpu id='6' socket_id='1' core_id='10' siblings='6-7'/> <cpu id='7' socket_id='1' core_id='10' siblings='6-7'/> </cpus> </cell> <cell id='1'> <memory unit='KiB'>6881280</memory> <cpus num='8'> <cpu id='8' socket_id='0' core_id='0' siblings='8-9'/> <cpu id='9' socket_id='0' core_id='0' siblings='8-9'/> <cpu id='10' socket_id='0' core_id='1' siblings='10-11'/> <cpu id='11' socket_id='0' core_id='1' siblings='10-11'/> <cpu id='12' socket_id='0' core_id='9' siblings='12-13'/> <cpu id='13' socket_id='0' core_id='9' siblings='12-13'/> <cpu id='14' socket_id='0' core_id='10' siblings='14-15'/> <cpu id='15' socket_id='0' core_id='10' siblings='14-15'/> </cpus> </cell> </cells> </topology> </host> ....
-
- 19 8月, 2013 8 次提交
-
-
由 Peter Krempa 提交于
When the daemon is compiled with firewalld support but the DBus message bus isn't started in the system, the initialization of the nwfilter driver fails even if there are fallback options.
-
由 Peter Krempa 提交于
On hosts that don't have the DBus service running or installed the new systemd cgroups code failed with hard error instead of falling back to "manual" cgroup creation. Use the new helper to check for the system bus and use the fallback code in case it isn't available.
-
由 Peter Krempa 提交于
Some systems may not use DBus in their system. Add a method to check if the system bus is available that doesn't print error messages so that code can later check for this condition and use an alternative approach.
-
由 Peter Krempa 提交于
Coverity reported a memleak in the test added in 7efd5fd1. In case the code will be broken and the code will actually parse a faulty bitmap the resulting pointer would be leaked. Free it although that shouldn't ever happen.
-
由 David Weber 提交于
Each new VM requires a new connection from libvirtd to virtlockd. The default max clients limit in virtlockd of 20 is thus woefully insufficient. virtlockd sockets are only accessible to matching users, so there is no security need for such a tight limit. Make it configurable and default to 1024. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Michal Privoznik 提交于
In one of my previous patches I am removing the hard_limit heuristic to guess the correct value if none set. However, it turned out, this limit is hard to guess even for users. We should advise them to not set the limit as their domains may be OOM killed. Sigh.
-
由 Michal Privoznik 提交于
This function is to guess the correct limit for maximal memory usage by qemu for given domain. This can never be guessed correctly, not to mention all the pains and sleepless nights this code has caused. Once somebody discovers algorithm to solve the Halting Problem, we can compute the limit algorithmically. But till then, this code should never see the light of the release again.
-
由 Osier Yang 提交于
One has to refresh the pool to get the correct pool info after adding/removing/resizing a volume, this updates the pool metadata (allocation, available) after those operation are done.
-
- 18 8月, 2013 1 次提交
-
-
由 Cole Robinson 提交于
-
- 17 8月, 2013 4 次提交
-
-
由 Cole Robinson 提交于
Similar to how other objects arrange their parse APIs. This will be used by the test driver.
-
由 Cole Robinson 提交于
Right now things are split a bit between parsing from a relative file path or parsing from inline XML. Unify it. This will simplify upcoming bits.
-
由 Cole Robinson 提交于
Passing virConnectPtr is redundant, just pass testConnPtr and simplify certain callers.
-
由 Cole Robinson 提交于
The function that parses custom driver XML was getting pretty unruly, split the object parsing into their own functions. Rename some variables to be consistent across each function. This should be functionally identical.
-