- 16 6月, 2015 1 次提交
-
-
由 Martin Kletzander 提交于
This allows to have more servers in one daemon which helps isolating some resources. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 23 4月, 2015 1 次提交
-
-
由 Jim Fehlig 提交于
Some hypervisors like Xen do not have PIDs associated with domains. Relax the requirement for PID != 0 in the locking code so it can be used by hypervisors that do not represent domains as a process running on the host. Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
- 02 4月, 2015 1 次提交
-
-
由 Ján Tomko 提交于
In the order of appearance: * MAX_LISTEN - never used added by 23ad665c (qemud) and addec57 (lock daemon) * NEXT_FREE_CLASS_ID - never used, added by 07d1b6b5 * virLockError - never used, added by eb8268a4 * OPENVZ_MAX_ARG, CMDBUF_LEN, CMDOP_LEN unused since the removal of ADD_ARG_LIT in d8b31306 * QEMU_NB_PER_CPU_STAT_PARAM - unused since 897808e7 * QEMU_CMD_PROMPT, QEMU_PASSWD_PROMPT - unused since 1dc10a7b * TEST_MODEL_WORDSIZE - unused since c25c18f7 * TEMPDIR - never used, added by 714bef5b * NSIG - workaround around old headers added by commit 60ed1d2a unused since virExec was moved by commit 02e86910 * DO_TEST_PARSE - never used, added by 9afa0060 * DIFF_MSEC, GETTIMEOFDAY - unused since eee6eb66
-
- 15 11月, 2014 1 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 29 10月, 2014 1 次提交
-
-
由 Eric Blake 提交于
C guarantees that static variables are zero-initialized. Some older compilers (and also gcc -fno-zero-initialized-in-bss) create larger binaries if you explicitly zero-initialize a static variable. * src/conf/nwfilter_conf.c: Fix initialization. * src/cpu/cpu_x86.c: Likewise. * src/interface/interface_backend_netcf.c: Likewise. * src/locking/lock_daemon.c: Likewise. * src/locking/lock_driver_lockd.c: Likewise. * src/locking/lock_driver_sanlock.c: Likewise. * src/network/bridge_driver.c: Likewise. * src/node_device/node_device_udev.c: Likewise. * src/nwfilter/nwfilter_learnipaddr.c: Likewise. * src/rpc/virnetserver.c: Likewise. * src/security/security_selinux.c (virSecuritySELinuxGenSecurityLabel): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 15 9月, 2014 1 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 22 8月, 2014 2 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Since not only systemd can do this (we'll be doing it as well few patches later), change 'systemd' to 'caller' and fix LISTEN_FDS to LISTEN_PID where applicable. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 28 4月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virnetsocket.c API is hardcoded to pass --timeout=30 to any daemon it auto-starts. For inexplicable reasons the virtlockd daemon did not implement the --timeout option, so it would immediately exit on autostart with an error. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 25 4月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add calls to virFileActivateDirOverride so that the build dir overrides are activated. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 25 3月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
-
- 18 3月, 2014 4 次提交
-
-
由 Daniel P. Berrange 提交于
A earlier commit changed the global log buffer so that it only records messages that are explicitly requested via the log filters setting. This removes the performance burden, and improves the signal/noise ratio for messages in the global buffer. At the same time though, it is somewhat pointless, since all the recorded log messages are already going to be sent to an explicit log output like syslog, stderr or the journal. The global log buffer is thus just duplicating this data on stderr upon crash. The log_buffer_size config parameter is left in the augeas lens to prevent breakage for users on upgrade. It is however completely ignored hereafter. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=992980 This config tunable allows users to determine the maximum number of accepted but yet not authenticated users. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Nehal J Wani 提交于
Our current pidfile acquire APis (virPidFileAcquire) simply return -1 upon failure to acquire a lock. This patch adds a parameter 'bool waitForLock' which instructs the APIs if we want to make it block and wait for the lock or not.
-
- 22 1月, 2014 1 次提交
-
-
由 Michael Chapman 提交于
- Use $XDG_RUNTIME_DIR for re-exec state file when running unprivileged. - argv[0] may not contain a full path to the binary, however it should contain something that can be looked up in the PATH. Use execvp() to do path lookup on re-exec. - As per list discussion [1], ignore --daemon on re-exec. [1] https://www.redhat.com/archives/libvir-list/2013-December/msg00514.htmlSigned-off-by: NMichael Chapman <mike@very.puzzling.org>
-
- 06 1月, 2014 1 次提交
-
-
由 Eric Blake 提交于
Some of our operation denied messages are outright stupid; for example, if virIdentitySetAttr fails: error: operation Identity attribute is already set forbidden for read only access This patch fixes things to a saner: error: operation forbidden: Identity attribute is already set It also consolidates the most common usage pattern for operation denied errors: read-only connections preventing a public API. In this case, 'virsh -r -c test:///default destroy test' changes from: error: operation virDomainDestroy forbidden for read only access to: error: operation forbidden: read only access prevents virDomainDestroy Note that we were previously inconsistent on which APIs used VIR_FROM_DOM (such as virDomainDestroy) vs. VIR_FROM_NONE (such as virDomainPMSuspendForDuration). After this patch, all uses consistently use VIR_FROM_NONE, on the grounds that it is unlikely that a caller learning that a call is denied can do anything in particular with extra knowledge which error domain the call belongs to (similar to what we did in commit baa72449). * src/util/virerror.c (virErrorMsg): Rework OPERATION_DENIED error message. * src/internal.h (virCheckReadOnlyGoto): New macro. * src/util/virerror.h (virReportRestrictedError): New macro. * src/libvirt-lxc.c: Use new macros. * src/libvirt-qemu.c: Likewise. * src/libvirt.c: Likewise. * src/locking/lock_daemon.c (virLockDaemonClientNew): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 10 12月, 2013 3 次提交
-
-
由 Michal Privoznik 提交于
This reverts commit 8355d42d. After some discussion upstream [1] this patch turns out to be spurious. It better gets reverted prior to a release. 1: https://www.redhat.com/archives/libvir-list/2013-December/msg00563.htmlSigned-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michael Chapman 提交于
Also use a distinct, valid exit status for daemon re-execution failure. Signed-off-by: NMichael Chapman <mike@very.puzzling.org>
-
由 Michael Chapman 提交于
SIGHUP is commonly used to instruct a daemon to reload its config. For now we should handle it in virtlockd just like SIGUSR1, rather than having it kill the process. Signed-off-by: NMichael Chapman <mike@very.puzzling.org> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 21 10月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Most of the usage of getuid()/getgid() is in cases where we are considering what privileges we have. As such the code should be using the effective IDs, not real IDs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Unconditional use of getenv is not secure in setuid env. While not all libvirt code runs in a setuid env (since much of it only exists inside libvirtd) this is not always clear to developers. So make all the code paranoid, even if it only ever runs inside libvirtd. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 19 8月, 2013 1 次提交
-
-
由 David Weber 提交于
Each new VM requires a new connection from libvirtd to virtlockd. The default max clients limit in virtlockd of 20 is thus woefully insufficient. virtlockd sockets are only accessible to matching users, so there is no security need for such a tight limit. Make it configurable and default to 1024. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 13 8月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virtlockd/libvirtd daemons had listed '?' as the short option for --help. getopt_long uses '?' for any unknown option. We want to be able to distinguish unknown options (which use EXIT_FAILURE) from correct usage of help (which should use EXIT_SUCCESS). Thus we should use 'h' as a short option for --help. Also add this to the man page docs The virtlockd/libvirtd daemons did not list any short option for the --version arg. Add -V as a valid short option, since -v is already used for --verbose. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 05 8月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
This configuration knob lets user to set the length of queue of connection requests waiting to be accept()-ed by the daemon. IOW, it just controls the @backlog passed to listen: int listen(int sockfd, int backlog);
-
- 10 7月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 21 5月, 2013 1 次提交
-
-
由 Osier Yang 提交于
-
- 09 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 08 5月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Since PIDs can be reused, polkit prefers to be given a (PID,start time) pair. If given a PID on its own, it will attempt to lookup the start time in /proc/pid/stat, though this is subject to races. It is safer if the client app resolves the PID start time itself, because as long as the app has the client socket open, the client PID won't be reused. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 02 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both.
-
- 17 1月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
No need to check the run_dir variable twice for NULL.
-
- 14 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 09 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add checks for existence of GNUTLS and automatically disable it if not found. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 12月, 2012 6 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 13 12月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virtlockd daemon maintains file locks on behalf of libvirtd and any VMs it is running. These file locks must be held for as long as any VM is running. If virtlockd itself ever quits, then it is expected that a node would be fenced/rebooted. Thus to allow for software upgrads on live systemd, virtlockd needs the ability to re-exec() itself. Upon receipt of SIGUSR1, virtlockd will save its current live state out to a file /var/run/virtlockd-restart-exec.json It then re-exec()'s itself with exactly the same argv as it originally had, and loads the state file, reconstructing any objects as appropriate. The state file contains information about all locks held and all network services and clients currently active. An example state document is { "server": { "min_workers": 1, "max_workers": 20, "priority_workers": 0, "max_clients": 20, "keepaliveInterval": 4294967295, "keepaliveCount": 0, "keepaliveRequired": false, "services": [ { "auth": 0, "readonly": false, "nrequests_client_max": 1, "socks": [ { "fd": 6, "errfd": -1, "pid": 0, "isClient": false } ] } ], "clients": [ { "auth": 0, "readonly": false, "nrequests_max": 1, "sock": { "fd": 9, "errfd": -1, "pid": 0, "isClient": true }, "privateData": { "restricted": true, "ownerPid": 1722, "ownerId": 6, "ownerName": "f18x86_64", "ownerUUID": "97586ba9-df27-9459-c806-f016c8bbd224" } }, { "auth": 0, "readonly": false, "nrequests_max": 1, "sock": { "fd": 10, "errfd": -1, "pid": 0, "isClient": true }, "privateData": { "restricted": true, "ownerPid": 1784, "ownerId": 7, "ownerName": "f16x86_64", "ownerUUID": "7b8e5e42-b875-61e9-b981-91ad8fa46979" } } ] }, "defaultLockspace": { "resources": [ { "name": "/var/lib/libvirt/images/f16x86_64.raw", "path": "/var/lib/libvirt/images/f16x86_64.raw", "fd": 14, "lockHeld": true, "flags": 0, "owners": [ 1784 ] }, { "name": "/var/lib/libvirt/images/shared.img", "path": "/var/lib/libvirt/images/shared.img", "fd": 12, "lockHeld": true, "flags": 1, "owners": [ 1722, 1784 ] }, { "name": "/var/lib/libvirt/images/f18x86_64.img", "path": "/var/lib/libvirt/images/f18x86_64.img", "fd": 11, "lockHeld": true, "flags": 0, "owners": [ 1722 ] } ] }, "lockspaces": [ ], "magic": "30199" } Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-