- 20 7月, 2010 3 次提交
-
-
由 Daniel P. Berrange 提交于
The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
-
由 Daniel P. Berrange 提交于
Update the QEMU cgroups code, QEMU DAC security driver, SELinux and AppArmour security drivers over to use the shared helper API virDomainDiskDefForeachPath(). * src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c, src/security/security_selinux.c, src/security/virt-aa-helper.c: Convert over to use virDomainDiskDefForeachPath()
-
由 Daniel P. Berrange 提交于
Require the disk image to be passed into virStorageFileGetMetadata. If this is set to VIR_STORAGE_FILE_AUTO, then the format will be resolved using probing. This makes it easier to control when probing will be used * src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c, src/security/security_selinux.c, src/security/virt-aa-helper.c: Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata. * src/storage/storage_backend_fs.c: Probe for disk format before calling virStorageFileGetMetadata. * src/util/storage_file.h, src/util/storage_file.c: Remove format from virStorageFileMeta struct & require it to be passed into method.
-
- 15 7月, 2010 1 次提交
-
-
由 Jim Meyering 提交于
* src/qemu/qemu_driver.c (qemuConnectMonitor): Correct erroneous parenthesization in two expressions. Without this fix, failure to set or clear SELinux security context in the monitor would go undiagnosed. Also correct a diagnostic and split some long lines.
-
- 13 7月, 2010 2 次提交
-
-
由 Jiri Denemark 提交于
In case qemu supports -nodefconfig, libvirt adds uses it when launching new guests. Since this option may affect CPU models supported by qemu, we need to use it when probing for available models.
-
由 Daniel P. Berrange 提交于
An indentation mistake meant that a check for return status was not properly performed in all cases. This could result in a crash on NULL pointer in a following line. * src/qemu/qemu_monitor_json.c: Fix check for return status when processing JSON for blockstats
-
- 02 7月, 2010 1 次提交
-
-
由 Cole Robinson 提交于
Log some info if we can't find a config file. Make parse failures fatal, and actually raise an error message.
-
- 30 6月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
Some, but not all, codepaths in the qemuMonitorOpen() method would trigger the destroy callback. The caller does not expect this to be invoked if construction fails, only during normal release of the monitor. This resulted in a possible double-unref of the virDomainObjPtr, because the caller explicitly unrefs the virDomainObjPtr if qemuMonitorOpen() fails * src/qemu/qemu_monitor.c: Don't invoke destroy callback from qemuMonitorOpen() failure paths
-
- 29 6月, 2010 3 次提交
-
-
由 Chris Lalancette 提交于
Make sure to *not* call qemuDomainPCIAddressReleaseAddr if QEMUD_CMD_FLAG_DEVICE is *not* set (for older qemu). This prevents a crash when trying to do device detachment from a qemu guest. Signed-off-by: NChris Lalancette <clalance@redhat.com>
-
由 Chris Lalancette 提交于
In the current libvirt PCI code, there is no checking whether a PCI device is in use by a guest when doing node device detach or reattach. This causes problems when a device is assigned to a guest, and the administrator starts issuing nodedevice commands. Make it so that we check the list of active devices when trying to detach/reattach, and only allow the operation if the device is not assigned to a guest. Signed-off-by: NChris Lalancette <clalance@redhat.com>
-
由 Laine Stump 提交于
This code was just recently added (by me) and didn't account for the fact that stdin_path is sometimes NULL. If it's NULL, and SetSecurityAllLabel fails, a segfault would result.
-
- 28 6月, 2010 3 次提交
-
-
由 Laine Stump 提交于
When the saved domain image is on an NFS share, at least some part of domainSetSecurityAllLabel will fail (for example, selinux labels can't be modified). To allow domain restore to still work in this case, just ignore the errors.
-
由 Laine Stump 提交于
Previously, this function had it's own bit of code performing the same function. Since there's now an equivalent utility function, let's use it.
-
由 Laine Stump 提交于
Also restore the label to its original value after qemu is finished with the file. Prior to this patch, qemu domain restore did not function properly if selinux was set to enforce.
-
- 25 6月, 2010 5 次提交
-
-
由 Daniel P. Berrange 提交于
If an active migration operation fails, or is cancelled by the admin, the QEMU on the destination is shutdown and the one on the source continues running. It is important in shutting down the QEMU on the destination, the security drivers don't reset the file labelling/permissions. * src/qemu/qemu_driver.c: Don't reset labelling/permissions on migration abort
-
由 Daniel P. Berrange 提交于
The patches for shared storage migration were not correctly written for json mode. Thus the 'blk' and 'inc' parameters were never being set. In addition they didn't set the QEMU_MONITOR_MIGRATE_BACKGROUND so migration was synchronous. Due to multiple bugs in QEMU's JSON impl this wasn't noticed because it treated the sync migration requst as asynchronous anyway. Finally 'background' parameter was converted to take arbitrary flags but not renamed, and not all uses were changed to unsigned int. * src/qemu/qemu_driver.c: Set QEMU_MONITOR_MIGRATE_BACKGROUND in doNativeMigrate * src/qemu/qemu_monitor_json.c: Process QEMU_MONITOR_MIGRATE_NON_SHARED_DISK and QEMU_MONITOR_MIGRATE_NON_SHARED_INC flags * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h, src/qemu/qemu_monitor_json.h, src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: change 'int background' to 'unsigned int flags' in migration APIs. Add logging of flags parameter
-
由 Daniel P. Berrange 提交于
During incoming migration the QEMU monitor is not able to be used. The incoming migration code did not keep hold of the job lock because migration is split across multiple API calls. This meant that further monitor commands on the guest would hang until migration finished with no timeout. In this change the qemuDomainMigratePrepare method sets the job flag just before it returns. The qemuDomainMigrateFinish method checks for this job flag & clears it once done. This prevents any use of the monitor between prepare+finish steps. The qemuDomainGetJobInfo method is also updated to refresh the job elapsed time. This means that virsh domjobinfo can return time data during incoming migration * src/qemu/qemu_driver.c: Keep a job active during incoming migration. Refresh job elapsed time when returning job info
-
由 Daniel P. Berrange 提交于
When configuring serial, parallel, console or channel devices with a file, dev or pipe backend type, it is necessary to label the file path in the security drivers. For char devices of type file, it is neccessary to pre-create (touch) the file if it does not already exist since QEMU won't be allowed todo so itself. dev/pipe configs already require the admin to pre-create before starting the guest. * src/qemu/qemu_security_dac.c: set file ownership for character devices * src/security/security_selinux.c: Set file labeling for character devices * src/qemu/qemu_driver.c: Add character devices to cgroup ACL
-
由 Laine Stump 提交于
We previously assumed that if the -device option existed in qemu, that -nodefconfig would also exist. It turns out that isn't the case, as demonstrated by qemu-kvm-0.12.3 in Fedora 13. */src/qemu/qemu_conf.[hc] - add a new QEMUD_CMD_FLAG, set it via the help output, and check it before adding -nodefconfig to the qemu commandline.
-
- 24 6月, 2010 2 次提交
-
-
由 Matthias Bolte 提交于
This is a step towards controller support for the ESX driver.
-
由 Matthias Bolte 提交于
The domain XML parsing code autogenerates disk address and controller elements when they are not explicitly specified. The code assumes a narrow SCSI bus (7 units per bus). ESX uses a wide SCSI bus (16 units per bus). This is a step towards controller support for the ESX driver.
-
- 23 6月, 2010 3 次提交
-
-
由 Daniel P. Berrange 提交于
We already use the '-nodefaults' command line arg with QEMU to stop it adding any default devices to guests. Unfortunately, QEMU will load global config files from /etc/qemu that may also add default devices. These aren't blocked by '-nodefaults', so we need to also add the '-nodefconfig' arg to prevent that. Unfortunately these global config files are also used to define custom CPU models. So in blocking global hardware device addition we also block definitions of new CPU models. Libvirt doesn't know about these custom CPU models though, so it would never make use of them anyway. Thus blocking them via -nodefconfig isn't a show stopping problem. We would need to expand libvirt's own CPU model XML database to support these instead. * src/qemu/qemu_conf.c: Add '-nodefconfig' if available * tests/qemuxml2argvdata/: Add '-nodefconfig' to all data files which have '-nodefaults' present
-
由 Daniel P. Berrange 提交于
The current code pattern requires that callers of qemuMonitorClose check for the return value == 0, and if so, set priv->mon = NULL and release the reference held on the associated virDomainObjPtr The change d84bb6d6 violated that requirement, meaning that priv->mon never gets set to NULL, and a reference count is leaked on virDomainObjPtr. This design was a bad one, so remove the need to check the return valueof qemuMonitorClose(). Instead allow registration of a callback that's invoked just when the last reference on qemuMonitorPtr is released. Finally there was a potential reference leak in qemuConnectMonitor in the failure path. * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a destroy callback invoked from qemuMonitorFree * src/qemu/qemu_driver.c: Use the destroy callback to release the reference on virDomainObjPtr when the monitor is freed. Fix other potential reference count leak in connecting to monitor
-
由 Daniel P. Berrange 提交于
Before issuing monitor commands it is neccessary to check whether the guest is still running. Most places use virDomainIsActive() correctly, but a few relied on 'priv->mon != NULL'. In theory these should be equivalent, but the release of the last reference count on priv->mon can be delayed a small amount of time until the event handler is finally deregistered. A further ref counting bug also means that priv->mon might be never released. In such a case, code could mistakenly issue a monitor command and wait for a response that will never arrive, effectively leaving the QEMU driver waiting on virCondWait() forever.. To protect against these possibilities, make sure all code uses virDomainIsActive(), not 'priv->mon != NULL' * src/qemu/qemu_driver.c: Replace 'priv->mon != NULL' with calls to 'priv->mon != NULL'()
-
- 22 6月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
Following Daniel Berrange's multiple helpful suggestions for improving this patch and introducing another driver interface, I now wrote the below patch where the nwfilter driver registers the functions to instantiate and teardown the nwfilters with a function in conf/domain_nwfilter.c called virDomainConfNWFilterRegister. Previous helper functions that were called from qemu_driver.c and qemu_conf.c were move into conf/domain_nwfilter.h with slight renaming done for consistency. Those functions now call the function expored by domain_nwfilter.c, which in turn call the functions of the new driver interface, if available.
-
- 18 6月, 2010 2 次提交
-
-
由 Cole Robinson 提交于
If VM startup fails early enough (can't find a referenced USB device), libvirtd will crash trying to clear the VNC port bit, since port = 0, which overflows us out of the bitmap bounds. Fix this by being more defensive in the bitmap operations, and only clearing a previously set VNC port. Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Eric Blake 提交于
Followup to https://bugzilla.redhat.com/show_bug.cgi?id=599091, commit 20206a4b, to reduce disk waste in padding. * src/qemu/qemu_monitor.h (QEMU_MONITOR_MIGRATE_TO_FILE_BS): Drop back to 4k. (QEMU_MONITOR_MIGRATE_TO_FILE_TRANSFER_SIZE): New macro. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update comment. * src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToFile): Use two invocations of dd to output non-aligned large blocks. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToFile): Likewise.
-
- 15 6月, 2010 3 次提交
-
-
由 Eric Blake 提交于
Match earlier change for qemu pause support with virDomainCreateXML. * src/qemu/qemu_driver.c (qemudDomainObjStart): Add parameter; all callers changed. (qemudDomainStartWithFlags): Implement flag support.
-
由 Eric Blake 提交于
* src/esx/esx_driver.c (esxDomainCreate): Move guts... (esxDomainCreateWithFlags): ...to new function. (esxDriver): Trivially support the new API. * src/lxc/lxc_driver.c (lxcDomainStart, lxcDomainStartWithFlags) (lxcDriver): Likewise. * src/opennebula/one_driver.c (oneDomainStart) (oneDomainStartWithFlags, oneDriver): Likewise. * src/openvz/openvz_driver.c (openvzDomainCreate) (openvzDomainCreateWithFlags, openvzDriver): Likewise. * src/qemu/qemu_driver.c (qemudDomainStart) (qemudDomainStartWithFlags, qemuDriver): Likewise. * src/test/test_driver.c (testDomainCreate) (testDomainCreateWithFlags, testDriver): Likewise. * src/uml/uml_driver.c (umlDomainStart, umlDomainStartWithFlags) (umlDriver): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainCreate) (vboxDomainCreateWithFlags, Driver): Likewise. * src/xen/xen_driver.c (xenUnifiedDomainCreate) (xenUnifiedDomainCreateWithFlags, xenUnifiedDriver): Likewise. * src/xenapi/xenapi_driver.c (xenapiDomainCreate) (xenapiDomainCreateWithFlags, xenapiDriver): Likewise.
-
由 Eric Blake 提交于
Persistent domain creation needs the same features as transient domains, but virDomainCreate lacks the flags argument present in virDomainCreateXML. virDomainCreateFlags is already claimed as a public enum, so we have to break convention and expose virDomainCreateWithFlags. * include/libvirt/libvirt.h.in (virDomainCreateWithFlags): Add. * src/driver.h (virDrvDomainCreateWithFlags): Internal API. * src/libvirt.c (virDomainCreateWithFlags): Glue public API to driver API. * src/libvirt_public.syms (LIBVIRT_0.8.2): Expose public API. * src/esx/esx_driver.c (esxDriver): Add stub for driver. * src/lxc/lxc_driver.c (lxcDriver): Likewise. * src/opennebula/one_driver.c (oneDriver): Likewise. * src/openvz/openvz_driver.c (openvzDriver): Likewise. * src/phyp/phyp_driver.c (phypDriver): Likewise. * src/qemu/qemu_driver.c (qemuDriver): Likewise. * src/remote/remote_driver.c (remote_driver): Likewise. * src/test/test_driver.c (testDriver): Likewise. * src/uml/uml_driver.c (umlDriver): Likewise. * src/vbox/vbox_tmpl.c (Driver): Likewise. * src/xen/xen_driver.c (xenUnifiedDriver): Likewise. * src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.
-
- 09 6月, 2010 3 次提交
-
-
由 Daniel P. Berrange 提交于
When a disk is on a root squashed NFS server, it may not be possible to stat() the disk file in virCgroupAllowDevice. The virStorageFileGetMeta method may also fail to extract the parent backing store. Both of these errors have to be ignored to avoid breaking NFS deployments * src/qemu/qemu_driver.c: Ignore errors in cgroup setup to keep root squash NFS happy
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=589465 Some guests (eg with badly configured grub, or Windows' installation cd) require quick response from the console user. That's why we have a "launchPaused" option in vdsm. To implement it via libvirt, we need to ask libvirt not to call qemuMonitorStartCPUs() after starting qemu. Calling virDomainStop immediately after the domain is up is inherently raceful. * src/qemu/qemu_driver.c (qemudStartVMDaemon): Add new parameter; all callers adjusted. (qemudDomainCreate): Implement support for new flag.
-
由 Eric Blake 提交于
* include/libvirt/libvirt.h.in (virDomainCreateFlags): Add VIR_DOMAIN_START_PAUSED. * src/libvirt.c (virDomainCreateXML): Update documentation. * src/lxc/lxc_driver.c (lxcDomainCreateAndStart): Reject new flag as unimplemented. * src/opennebula/one_driver.c (oneDomainCreateAndStart): Likewise. * src/openvz/openvz_driver.c (openvzDomainCreateXML): Likewise. * src/phyp/phyp_driver.c (phypDomainCreateAndStart): Likewise. * src/qemu/qemu_driver.c (qemudDomainCreate): Likewise. * src/test/test_driver.c (testDomainCreateXML): Likewise. * src/uml/uml_driver.c (umlDomainCreate): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Likewise. * src/xen/xend_internal.c (xenDaemonCreateXML): Likewise. * src/xenapi/xenapi_driver.c (xenapiDomainCreateXML): Likewise.
-
- 08 6月, 2010 6 次提交
-
-
由 Daniel P. Berrange 提交于
When an attempt to hotplug a PCI device to a guest fails, the device was left attached to pci-stub. It is neccessary to reset the device and then attach it to the host driver again. * src/qemu/qemu_driver.c: Reattach PCI device to host if hotadd fails
-
由 Daniel P. Berrange 提交于
Any output at all from device_add indicates an error in the command execution. Thus it needs to check for reply != "" * src/qemu/qemu_monitor_text.c: Fix reply check for errors to treat any output as an error
-
由 Daniel J Walsh 提交于
When SELinux is running in MLS mode, libvirtd will have a different security level to the VMs. For libvirtd to be able to connect to the monitor console, the client end of the UNIX domain socket needs a different label. This adds infrastructure to set the socket label via the security driver framework * src/qemu/qemu_driver.c: Call out to socket label APIs in security driver * src/qemu/qemu_security_stacked.c: Wire up socket label drivers * src/security/security_driver.h: Define security driver entry points for socket labelling * src/security/security_selinux.c: Set socket label based on VM label
-
由 Daniel P. Berrange 提交于
To ensure that the device addressing scheme is stable across hotplug/unplug, all virtio serial channels needs to have an associated port number in their address. This is then specified to QEMU using the nr=NNN parameter * src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing for port number in vioserial address types. * src/qemu/qemu_conf.c: Set 'nr=NNN' parameter with virtio serial port number * tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args, tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Expand data set to ensure coverage of port addressing
-
由 Daniel P. Berrange 提交于
QEMU upstream decided against adding a 'reason' field to the block IO event in QMP. Disable this code to remove a annoying warning message. It will be renabled when the error string reason is re-introduced in QEMU
-
由 Jamie Strandboge 提交于
Adjust args to qemudStartVMDaemon() to also specify path to stdin_fd, so this can be passed to the AppArmor driver via SetSecurityAllLabel(). This updates all calls to qemudStartVMDaemon() as well as setting up the non-AppArmor security driver *SetSecurityAllLabel() declarations for the above. This is required for the following "apparmor-fix-save-restore" patch since AppArmor resolves the passed file descriptor to the pathname given to open().
-
- 05 6月, 2010 1 次提交
-
-
由 Laine Stump 提交于
See https://bugzilla.redhat.com/show_bug.cgi?id=599091 Saving a paused 512MB domain took 3m47s with the old block size of 512 bytes. Changing the block size to 1024*1024 decreased the time to 56 seconds. (Doubling again to 2048*1024 yielded 0 improvement; lowering to 512k increased the save time to 1m10s, about 20%)
-