- 05 11月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
The 'srcpath' variable is initialized from 'mnt->src' and never changed thereafter. Some places continue to use 'mnt->src' and others use 'srcpath'. Remove the pointless 'srcpath' variable and use 'mnt->src' everywhere. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virLXCBasicMountInfo struct contains a 'char *opts' field passed onto the mount() syscall. Every entry in the list sets this to NULL though, so it can be removed to simplify life. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 29 10月, 2013 2 次提交
-
-
由 Gao feng 提交于
Introduced by commit 0f31f7b7. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Giuseppe Scrivano 提交于
Expand the "secmodel" XML fragment of "host" with a sequence of baselabel's which describe the default security context used by libvirt with a specific security model and virtualization type: <secmodel> <model>selinux</model> <doi>0</doi> <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel> <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel> </secmodel> <secmodel> <model>dac</model> <doi>0</doi> <baselabel type='kvm'>107:107</baselabel> <baselabel type='qemu'>107:107</baselabel> </secmodel> "baselabel" is driver-specific information, e.g. in the DAC security model, it indicates USER_ID:GROUP_ID. Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 28 10月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
The lxcContainerSetID() method prints a misleading log message about setting the uid/gid when no ID map is present in the XML config. Skip the debug message in this case. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 21 10月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
Most of the usage of getuid()/getgid() is in cases where we are considering what privileges we have. As such the code should be using the effective IDs, not real IDs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Unconditional use of getenv is not secure in setuid env. While not all libvirt code runs in a setuid env (since much of it only exists inside libvirtd) this is not always clear to developers. So make all the code paranoid, even if it only ever runs inside libvirtd. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
When running setuid, we must be careful about what env vars we allow commands to inherit from us. Replace the virCommandAddEnvPass function with two new ones which do filtering virCommandAddEnvPassAllowSUID virCommandAddEnvPassBlockSUID And make virCommandAddEnvPassCommon use the appropriate ones Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 16 10月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
A typo in the setup of NBD backed filesystems meant the /dev/nbdN device would not be added to the cgroups device ACL. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
To facilitate debugging, add some more logging to LXC cgroup devices ACL setup. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 15 10月, 2013 3 次提交
-
-
由 Hongwei Bi 提交于
-
由 Eric Blake 提交于
'const fooPtr' is the same as 'foo * const' (the pointer won't change, but it's contents can). But in general, if an interface is trying to be const-correct, it should be using 'const foo *' (the pointer is to data that can't be changed). Fix up all remaining offenders. * src/lxc/lxc_process.c (virLXCProcessSetupInterfaceBridged): Drop needless const. * src/uml/uml_driver.c (umlMonitorCommand): Use intended type. (umlMonitorAddress): Fix fallout. * src/xen/xm_internal.c (xenXMDomainSearchForUUID): Use intended type. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
'const fooPtr' is the same as 'foo * const' (the pointer won't change, but it's contents can). But in general, if an interface is trying to be const-correct, it should be using 'const foo *' (the pointer is to data that can't be changed). Fix up offenders in src/conf/domain_conf, and their fallout. Several things to note: virObjectLock() requires a non-const argument; if this were C++, we could treat the locking field as 'mutable' and allow locking an otherwise 'const' object, but that is a more invasive change, so I instead dropped attempts to be const-correct on domain lookup. virXMLPropString and friends require a non-const xmlNodePtr - this is because libxml2 is not a const-correct library. We could make the src/util/virxml wrappers cast away const, but I figured it was easier to not try to mark xmlNodePtr as const. Finally, virDomainDeviceDefCopy was a rather hard conversion - it calls virDomainDeviceDefPostParse, which in turn in the xen driver was actually modifying the domain outside of the current device being visited. We should not be adding a device on the first per-device callback, but waiting until after all per-device callbacks are complete. * src/conf/domain_conf.h (virDomainObjListFindByID) (virDomainObjListFindByUUID, virDomainObjListFindByName) (virDomainObjAssignDef, virDomainObjListAdd): Drop attempt at const. (virDomainDeviceDefCopy): Use intended type. (virDomainDeviceDefParse, virDomainDeviceDefPostParseCallback) (virDomainVideoDefaultType, virDomainVideoDefaultRAM) (virDomainChrGetDomainPtrs): Make const-correct. * src/conf/domain_conf.c (virDomainObjListFindByID) (virDomainObjListFindByUUID, virDomainObjListFindByName) (virDomainDeviceDefCopy, virDomainObjListAdd) (virDomainObjAssignDef, virDomainHostdevSubsysUsbDefParseXML) (virDomainHostdevSubsysPciOrigStatesDefParseXML) (virDomainHostdevSubsysPciDefParseXML) (virDomainHostdevSubsysScsiDefParseXML) (virDomainControllerModelTypeFromString) (virDomainTPMDefParseXML, virDomainTimerDefParseXML) (virDomainSoundCodecDefParseXML, virDomainSoundDefParseXML) (virDomainWatchdogDefParseXML, virDomainRNGDefParseXML) (virDomainMemballoonDefParseXML, virDomainNVRAMDefParseXML) (virSysinfoParseXML, virDomainVideoAccelDefParseXML) (virDomainVideoDefParseXML, virDomainHostdevDefParseXML) (virDomainRedirdevDefParseXML) (virDomainRedirFilterUsbDevDefParseXML) (virDomainRedirFilterDefParseXML, virDomainIdMapEntrySort) (virDomainIdmapDefParseXML, virDomainVcpuPinDefParseXML) (virDiskNameToBusDeviceIndex, virDomainDeviceDefCopy) (virDomainVideoDefaultType, virDomainHostdevAssignAddress) (virDomainDeviceDefPostParseInternal, virDomainDeviceDefPostParse) (virDomainChrGetDomainPtrs, virDomainControllerSCSINextUnit) (virDomainSCSIDriveAddressIsUsed) (virDomainDriveAddressIsUsedByDisk) (virDomainDriveAddressIsUsedByHostdev): Fix fallout. * src/openvz/openvz_driver.c (openvzDomainDeviceDefPostParse): Likewise. * src/libxl/libxl_domain.c (libxlDomainDeviceDefPostParse): Likewise. * src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse) (qemuDomainDefaultNetModel): Likewise. * src/lxc/lxc_domain.c (virLXCDomainDeviceDefPostParse): Likewise. * src/uml/uml_driver.c (umlDomainDeviceDefPostParse): Likewise. * src/xen/xen_driver.c (xenDomainDeviceDefPostParse): Split... (xenDomainDefPostParse): ...since per-device callback is not the time to be adding a device. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 14 10月, 2013 8 次提交
-
-
由 Daniel P. Berrange 提交于
Make the virLXCProcessReadLogOutputData method ignore the log lines about the container startup argv, ignore the generic error message from libvirt_lxc when lxcContainerMain fails and skip over blank lines. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The lxcContainerResolveSymlinks method merely logged some errors as debug messages, rather than reporting them as proper errors. This meant startup failures were not diagnosed at all. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure the lxcContainerMain method reports any errors that occur during setup to stderr, where libvirtd will pick them up. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
In Fedora 20, libvirt_lxc crashes immediately at startup with a trace #0 0x00007f0cddb653ec in free () from /lib64/libc.so.6 #1 0x00007f0ce0e16f4a in virFree (ptrptr=ptrptr@entry=0x7f0ce1830058) at util/viralloc.c:580 #2 0x00007f0ce0e2764b in virResetError (err=0x7f0ce1830030) at util/virerror.c:354 #3 0x00007f0ce0e27a5a in virResetLastError () at util/virerror.c:387 #4 0x00007f0ce0e28858 in virEventRegisterDefaultImpl () at util/virevent.c:233 #5 0x00007f0ce0db47c6 in main (argc=11, argv=0x7fff4596c328) at lxc/lxc_controller.c:2352 Normally virInitialize calls virErrorInitialize and virThreadInitialize, but we don't link to libvirt.so in libvirt_lxc, and nor did we ever call the error or thread initializers. I have absolutely no idea how this has ever worked, let alone what caused it to stop working in Fedora 20. In addition not all code paths from virLogSetFromEnv will ensure virLogInitialize is called correctly, which is another possible crash scenario. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC code would read the log file if an LXC guest failed to startup. There were a number of failure cases where the guest will not start and libvirtd never gets as far as looking at the log file. Fix this by replacing some earlier generic errors with messages from the log. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC controller main() method initialized 'rc' to 1 rather than '-1'. In the cleanup path it will print any error to stderr, if-and-only-if rc < 0. Hence the incorrect initialization caused errors to be lost. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The LXC controller uses dbus to talk to systemd to create cgroups. This means that each LXC controller instance has a dbus connection. The DBus daemon is limited to 256 connections by default and we want to be able to run many 1000 of containers. While the dbus limit could be raised in the config files, it is simpler to make libvirt LXC controller close its dbus connection once everything is configured. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Chen Hanxiao 提交于
Fix the improper comment for the "release" hook. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 09 10月, 2013 1 次提交
-
-
由 Ján Tomko 提交于
Since 76b644c3 when the support for RAM filesystems was introduced, libvirt accepted the following XML: <source usage='1024' unit='KiB'/> This was parsed correctly and internally stored in bytes, but it was formatted as (with an extra 's'): <source usage='1024' units='KiB'/> When read again, this was treated as if the units were missing, meaning libvirt was unable to parse its own XML correctly. The usage attribute was documented as being in KiB, but it was not scaled if the unit was missing. Transient domains still worked, because this was balanced by an extra 'k' in the mount options. This patch: Changes the parser to use 'units' instead of 'unit', as the latter was never documented (fixing persistent domains) and some programs (libvirt-glib, libvirt-sandbox) already parse the 'units' attribute. Removes the extra 'k' from the tmpfs mount options, which is needed because now we parse our own XML correctly. Changes the default input unit to KiB to match documentation, fixing: https://bugzilla.redhat.com/show_bug.cgi?id=1015689
-
- 07 10月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virConnectPtr is passed around loads of nwfilter code in order to provide it as a parameter to the callback registered by the virt drivers. None of the virt drivers use this param though, so it serves no purpose. Avoiding the need to pass a virConnectPtr means that the nwfilterStateReload method no longer needs to open a bogus QEMU driver connection. This addresses a race condition that can lead to a crash on startup. The nwfilter driver starts before the QEMU driver and registers some callbacks with DBus to detect firewalld reload. If the firewalld reload happens while the QEMU driver is still starting up though, the nwfilterStateReload method will open a connection to the partially initialized QEMU driver and cause a crash. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 03 10月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
If veth device allocation has a fatal error, the veths array may contain NULL device names. Avoid calling the virNetDevVethDelete function on such names. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
During container cleanup there is a race where the kernel may have destroyed the veth device before we try to set it offline. This causes log error messages. Given that we're about to delete the device entirely, setting it offline is pointless. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 01 10月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
We forgot to do cleanup when lxcContainerMountFSTmpfs failed to bind fs as read-only. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 30 9月, 2013 1 次提交
-
-
由 Cédric Bosdonnat 提交于
The problem is described by [0] but its effect on libvirt is that starting a container with a full distro running systemd after having stopped it simply fails. The container cleanup now calls the machined Terminate function to make sure that everything is in order for the next run. [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370
-
- 27 9月, 2013 2 次提交
-
-
由 Chen Hanxiao 提交于
s/becuase/because/ Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
由 Eric Blake 提交于
* src/lxc/lxc_controller.c (virLXCControllerSetupDisk): Fix typo. * src/lxc/lxc_driver.c (lxcDomainAttachDeviceDiskLive): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 26 9月, 2013 1 次提交
-
-
由 Chen Hanxiao 提交于
Free dst before lxcDomainAttachDeviceDiskLive returns Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 23 9月, 2013 2 次提交
-
-
由 Chen Hanxiao 提交于
If a dir does not exist, raise an immediate error in logs rather than letting virFileResolveAllLinks fail, since this gives better error reporting to the user. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
由 Chen Hanxiao 提交于
When FUSE is enabled, the LXC container is setup with a custom /proc/meminfo file. This file uses "KB" as a suffix, rather than "kB" which is the kernel's style. Fix this inconsistency to avoid confusing apps. Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
- 17 9月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
-
- 16 9月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
The function existed in two identical instances in lxc and qemu. Move it to vircgroup.c and simplify it. Refactor the callers too.
-
- 12 9月, 2013 3 次提交
-
-
由 Gao feng 提交于
Right now we mount selinuxfs even user namespace is enabled and ignore the error. But we shouldn't ignore these errors when user namespace is not enabled. This patch skips mounting selinuxfs when user namespace enabled. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Daniel P. Berrange 提交于
If the guest is configured with <filesystem type='mount'> <source dir='/'/> <target dir='/'/> <readonly/> </filesystem> Then any submounts under / should also end up readonly, except for those setup as basic mounts. eg if the user has /home on a separate volume, they'd expect /home to be readonly, but we should not touch the /sys, /proc, etc dirs we setup ourselves. Users can selectively make sub-mounts read-write again by simply listing them as new mounts without the <readonly> flag set <filesystem type='mount'> <source dir='/home'/> <target dir='/home'/> </filesystem> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Move the array of basic mounts out of the lxcContainerMountBasicFS function, to a global variable. This is to allow it to be referenced by other methods wanting to know what the basic mount paths are. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 11 9月, 2013 2 次提交
-
-
由 Gao feng 提交于
Move the unmounting private or useless filesystems for container to this function. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Gao feng 提交于
The devpts, dev and fuse filesystems are mounted temporarily. there is no need to export them to container if container shares the root directory with host. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-