1. 26 11月, 2013 2 次提交
    • G
      LXC: don't unmount mounts for shared root · f575fda7
      Gao feng 提交于
      Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
      vfs: Lock in place mounts from more privileged users,
      
      unprivileged user has no rights to umount the mounts that
      inherited from parent mountns.
      
      right now, I have no good idea to fix this problem, we need
      to do more research. this patch just skip unmounting these
      mounts for shared root.
      
      BTW, I think when libvirt lxc enables user namespace, the
      configuation that shares root with host is very rara.
      Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
      f575fda7
    • G
      LXC: fix the problem that libvirt lxc fail to start on latest kernel · 46f2d16f
      Gao feng 提交于
      After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
      vfs: Lock in place mounts from more privileged users,
      
      unprivileged user has no rights to move the mounts that
      inherited from parent mountns. we use this feature to move
      the /stateDir/domain-name.{dev, devpts} to the /dev/ and
      /dev/pts directroy of container. this commit breaks libvirt lxc.
      
      this patch changes the behavior to bind these mounts when
      user namespace is enabled and move these mounts when user
      namespace is disabled.
      Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
      46f2d16f
  2. 25 11月, 2013 1 次提交
  3. 21 11月, 2013 1 次提交
    • E
      maint: fix comma style issues: remaining drivers · 64b2335c
      Eric Blake 提交于
      Most of our code base uses space after comma but not before;
      fix the remaining uses before adding a syntax check.
      
      * src/lxc/lxc_container.c: Consistently use commas.
      * src/openvz/openvz_driver.c: Likewise.
      * src/openvz/openvz_util.c: Likewise.
      * src/remote/remote_driver.c: Likewise.
      * src/test/test_driver.c: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      64b2335c
  4. 08 11月, 2013 1 次提交
    • P
      conf: Refactor storing and usage of feature flags · de7b5faf
      Peter Krempa 提交于
      Currently we were storing domain feature flags in a bit field as the
      they were either enabled or disabled. New features such as paravirtual
      spinlocks however can be tri-state as the default option may depend on
      hypervisor version.
      
      To allow storing tri-state feature state in the same place instead of
      having to declare dedicated variables for each feature this patch
      refactors the bit field to an array.
      de7b5faf
  5. 05 11月, 2013 5 次提交
  6. 29 10月, 2013 1 次提交
  7. 28 10月, 2013 1 次提交
  8. 14 10月, 2013 2 次提交
  9. 09 10月, 2013 1 次提交
    • J
      LXC: Fix handling of RAM filesystem size units · 3f029fb5
      Ján Tomko 提交于
      Since 76b644c3 when the support for RAM filesystems was introduced,
      libvirt accepted the following XML:
      <source usage='1024' unit='KiB'/>
      
      This was parsed correctly and internally stored in bytes, but it
      was formatted as (with an extra 's'):
      <source usage='1024' units='KiB'/>
      When read again, this was treated as if the units were missing,
      meaning libvirt was unable to parse its own XML correctly.
      
      The usage attribute was documented as being in KiB, but it was not
      scaled if the unit was missing. Transient domains still worked,
      because this was balanced by an extra 'k' in the mount options.
      
      This patch:
      Changes the parser to use 'units' instead of 'unit', as the latter
      was never documented (fixing persistent domains) and some programs
      (libvirt-glib, libvirt-sandbox) already parse the 'units' attribute.
      
      Removes the extra 'k' from the tmpfs mount options, which is needed
      because now we parse our own XML correctly.
      
      Changes the default input unit to KiB to match documentation, fixing:
      https://bugzilla.redhat.com/show_bug.cgi?id=1015689
      3f029fb5
  10. 01 10月, 2013 1 次提交
  11. 23 9月, 2013 1 次提交
  12. 12 9月, 2013 3 次提交
  13. 11 9月, 2013 2 次提交
  14. 06 9月, 2013 1 次提交
  15. 05 9月, 2013 1 次提交
  16. 13 8月, 2013 2 次提交
  17. 08 8月, 2013 1 次提交
  18. 22 7月, 2013 2 次提交
  19. 18 7月, 2013 1 次提交
  20. 17 7月, 2013 1 次提交
  21. 16 7月, 2013 3 次提交
  22. 12 7月, 2013 3 次提交
    • D
      Add a couple of debug statements to LXC driver · f45dbdb2
      Daniel P. Berrange 提交于
      When failing to start a container due to inaccessible root
      filesystem path, we did not log any meaningful error. Add a
      few debug statements to assist diagnosis
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f45dbdb2
    • E
      util: make virSetUIDGID async-signal-safe · ee777e99
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=964358
      
      POSIX states that multi-threaded apps should not use functions
      that are not async-signal-safe between fork and exec, yet we
      were using getpwuid_r and initgroups.  Although rare, it is
      possible to hit deadlock in the child, when it tries to grab
      a mutex that was already held by another thread in the parent.
      I actually hit this deadlock when testing multiple domains
      being started in parallel with a command hook, with the following
      backtrace in the child:
      
       Thread 1 (Thread 0x7fd56bbf2700 (LWP 3212)):
       #0  __lll_lock_wait ()
           at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
       #1  0x00007fd5761e7388 in _L_lock_854 () from /lib64/libpthread.so.0
       #2  0x00007fd5761e7257 in __pthread_mutex_lock (mutex=0x7fd56be00360)
           at pthread_mutex_lock.c:61
       #3  0x00007fd56bbf9fc5 in _nss_files_getpwuid_r (uid=0, result=0x7fd56bbf0c70,
           buffer=0x7fd55c2a65f0 "", buflen=1024, errnop=0x7fd56bbf25b8)
           at nss_files/files-pwd.c:40
       #4  0x00007fd575aeff1d in __getpwuid_r (uid=0, resbuf=0x7fd56bbf0c70,
           buffer=0x7fd55c2a65f0 "", buflen=1024, result=0x7fd56bbf0cb0)
           at ../nss/getXXbyYY_r.c:253
       #5  0x00007fd578aebafc in virSetUIDGID (uid=0, gid=0) at util/virutil.c:1031
       #6  0x00007fd578aebf43 in virSetUIDGIDWithCaps (uid=0, gid=0, capBits=0,
           clearExistingCaps=true) at util/virutil.c:1388
       #7  0x00007fd578a9a20b in virExec (cmd=0x7fd55c231f10) at util/vircommand.c:654
       #8  0x00007fd578a9dfa2 in virCommandRunAsync (cmd=0x7fd55c231f10, pid=0x0)
           at util/vircommand.c:2247
       #9  0x00007fd578a9d74e in virCommandRun (cmd=0x7fd55c231f10, exitstatus=0x0)
           at util/vircommand.c:2100
       #10 0x00007fd56326fde5 in qemuProcessStart (conn=0x7fd53c000df0,
           driver=0x7fd55c0dc4f0, vm=0x7fd54800b100, migrateFrom=0x0, stdin_fd=-1,
           stdin_path=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
           flags=1) at qemu/qemu_process.c:3694
       ...
      
      The solution is to split the work of getpwuid_r/initgroups into the
      unsafe portions (getgrouplist, called pre-fork) and safe portions
      (setgroups, called post-fork).
      
      * src/util/virutil.h (virSetUIDGID, virSetUIDGIDWithCaps): Adjust
      signature.
      * src/util/virutil.c (virSetUIDGID): Add parameters.
      (virSetUIDGIDWithCaps): Adjust clients.
      * src/util/vircommand.c (virExec): Likewise.
      * src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
      (virDirCreate): Likewise.
      * src/security/security_dac.c (virSecurityDACSetProcessLabel):
      Likewise.
      * src/lxc/lxc_container.c (lxcContainerSetID): Likewise.
      * configure.ac (AC_CHECK_FUNCS_ONCE): Check for setgroups, not
      initgroups.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ee777e99
    • J
      testutils: Resolve Coverity issues · 8283ef9e
      John Ferlan 提交于
      Recent changes uncovered a NEGATIVE_RETURNS in the return from sysconf()
      when processing a for loop in virtTestCaptureProgramExecChild() in
      testutils.c
      
      Code review uncovered 3 other code paths with the same condition that
      weren't found by Covirity, so fixed those as well.
      8283ef9e
  23. 11 7月, 2013 2 次提交
  24. 10 7月, 2013 1 次提交