1. 03 4月, 2013 9 次提交
    • D
      Enable full RELRO mode · fc8c1787
      Daniel P. Berrange 提交于
      By passing the flags -z relro -z now to the linker, we can force
      it to resolve all library symbols at startup, instead of on-demand.
      This allows it to then make the global offset table (GOT) read-only,
      which makes some security attacks harder.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      fc8c1787
    • D
      Build all binaries with PIE · 1150999c
      Daniel P. Berrange 提交于
      PIE (position independent executable) adds security to executables
      by composing them entirely of position-independent code (PIC. The
      .so libraries already build with -fPIC. This adds -fPIE which is
      the equivalent to -fPIC, but for executables. This for allows Exec
      Shield to use address space layout randomization to prevent attackers
      from knowing where existing executable code is during a security
      attack using exploits that rely on knowing the offset of the
      executable code in the binary, such as return-to-libc attacks.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      1150999c
    • P
      qemu-blockjob: Fix limit of bandwidth for block jobs to supported value · 24ca8fae
      Peter Krempa 提交于
      The JSON generator is able to represent only values less than LLONG_MAX, fix the
      bandwidth limit checks when converting to value to catch overflows before they
      reach the generator.
      24ca8fae
    • O
      rng: Add definition for network disk source · ad5298e1
      Osier Yang 提交于
      It's long enough to have a independant definition.
      ad5298e1
    • D
      Disable static libraries by default · ad42b34b
      Daniel P. Berrange 提交于
      Every source file is currently built twice by libtool, once for
      the shared library and once for the static library. Static libs
      are not commonly packaged by distros and slow down compilation
      time by more than 50% compared to a shared-only build time.
      
      Time for 'make -j 4':
      
            shared only: 2 mins  9 secs
        shared + static: 3 mins 26 secs
      
      Time for non-parallel make
      
            shared only: 3 mins 32 secs
        shared + static: 5 mins 41 secs
      
      Those few people who really want them, can pass --enable-static
      to configure
      
      Disabling them by default requires use of LT_INIT, but for
      compat with RHEL5 we can't rely on that. So we conditionally
      use LT_INIT, but fallback to AM_PROG_LIBTOOL if not present.
      ad42b34b
    • P
      virsh: Fix typo in docs · f006f195
      Peter Krempa 提交于
      s/persitent/persistent/
      f006f195
    • M
      sec_manager: Refuse to start domain with unsupported seclabel · 8d68cbea
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=947387
      
      If a user configures a domain to use a seclabel of a specific type,
      but the appropriate driver is not accessible, we should refuse to
      start the domain. For instance, if user requires selinux, but it is
      either non present in the system, or is just disabled, we should not
      start the domain. Moreover, since we are touching only those labels we
      have a security driver for, the other labels may confuse libvirt when
      reconnecting to a domain on libvirtd restart. In our selinux example,
      when starting up a domain, missing security label is okay, as we
      auto-generate one. But later, when libvirt is re-connecting to a live
      qemu instance, we parse a state XML, where security label is required
      and it is an error if missing:
      
        error : virSecurityLabelDefParseXML:3228 : XML error: security label
        is missing
      
      This results in a qemu process left behind without any libvirt control.
      8d68cbea
    • M
      Allow multiple parameters for schedinfo · e7cd2844
      Martin Kletzander 提交于
      virsh schedinfo was able to set only one parameter at a time (not
      counting the deprecated options), but it is useful to set more at
      once, so this patch adds the possibility to do stuff like this:
      
      virsh schedinfo <domain> cpu_shares=0 vcpu_period=0 vcpu_quota=0 \
      emulator_period=0 emulator_quota=0
      
      Invalid scheduler options are reported as well.  These were previously
      reported only if the command hadn't updated any values (when
      cmdSchedInfoUpdate returned 0).
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=810078
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919372
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919375
      e7cd2844
    • P
      qemu: Fix crash when updating media with shared device · 43b6f304
      Peter Krempa 提交于
      Mimic the fix done in 02b90972 to fix crash by
      accessing an already freed structure. Also copy the explaining comment why the
      pointer can't be accessed any more.
      43b6f304
  2. 02 4月, 2013 19 次提交
    • M
      virsh: Call virDomainFree in cmdDomFSTrim · deb86ee9
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=928197
      
      The virsh domfstrim command was not freeing allocated domain,
      leaving leaked references behind.
      deb86ee9
    • M
      manual: Fix copy-paste errors · 11e29570
      Martin Kletzander 提交于
      Descriptions for vol-download and vol-upload didn't make much sense.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=923613
      11e29570
    • M
      manual: Add info about migrateuri in virsh manual · d1d2acd7
      Martin Kletzander 提交于
      The virsh(1) man page wasn't saying anything about the 'migrateuri'
      parameter other than it can be usually omitted.  A patched version of
      docs/migrate.html.in is taken in this patch to fix that up in the man
      page.
      d1d2acd7
    • P
      virsh-domain: Add --live, --config, --current logic to cmdDetachDisk · b685a73e
      Peter Krempa 提交于
      Use the established approach to improve this function too.
      b685a73e
    • P
      virsh-domain: Add --live, --config, --current logic to cmdDetachDevice · d87f7210
      Peter Krempa 提交于
      Use the established approach to improve this function too.
      d87f7210
    • P
      virsh-domain: Add --live, --config, --current logic to cmdDetachInterface · c3d9f399
      Peter Krempa 提交于
      Use the established approach to improve this function too.
      c3d9f399
    • P
      virsh: Fix semantics of --config for "update-device" command · 69ce3ffa
      Peter Krempa 提交于
      The man page states that with --config the next boot is affected. This
      can be understood as if _only_ the next boot was affected. This isn't
      true if the machine is running.
      
      This patch adds the full --live, --config, --current infrastructure and
      tweaks stuff to correctly support the obsolete --persistent flag.
      
      Note that this patch changes the the behavior of the --config flag to match the
      use of this flag in rest of libvirt. This flag was mistakenly renamed from
      --persistent that originaly had different semantics.
      69ce3ffa
    • P
      virsh-domain: Fix declarations of flag variables in cmdChangeMedia · cc0cc6b7
      Peter Krempa 提交于
      The parameter options can be declared directly.
      
      Also use macros for mutual exclusion on some of the incompatible
      parameter variables.
      cc0cc6b7
    • P
      virsh-domain: Simplify usage of --current, --live and --config flags · 803e4670
      Peter Krempa 提交于
      This patch uses the new helper to avoid the more complex check for
      domain state modification flags.
      803e4670
    • P
      virsh-domain-monitor: Refactor cmdDomIfGetLink · 1f0cac35
      Peter Krempa 提交于
      The domif-getlink command did not terminate successfully when the
      interface state was found. As the code used old and too complex approach
      to do the job, this patch refactors it and fixes the bug.
      1f0cac35
    • P
      Use virMacAddrFormat instead of manual mac address formatting · 6bd94a1b
      Peter Krempa 提交于
      Format the address using the helper instead of having similar code in
      multiple places.
      
      This patch also fixes leak of the MAC address string in
      ebtablesRemoveForwardAllowIn() and ebtablesAddForwardAllowIn() in
      src/util/virebtables.c
      6bd94a1b
    • P
      util: Change virMacAddrFormat to lowercase hex characters · ab4bf20e
      Peter Krempa 提交于
      The domain XML generator creates the mac addres strings with lowercase
      strings with a separate piece of code. This patch changes the formating
      helper to do the same stuff to allow using it to normalize a string
      provided by the user. After this change some of the tests that are
      outputing the mac address will need to be changed.
      ab4bf20e
    • L
      Optimize machine option to set more options with it · f84b92ea
      Li Zhang 提交于
      Currently, -machine option is used only when dump-guest-core is set.
      
      To use options defined in machine option for newer version of QEMU,
      it needs to use -machine xxx, and to be compatible with older version
      -M, this patch adds QEMU_CAPS_MACHINE_OPT capability for newer
      version which supports -machine option.
      Signed-off-by: NLi Zhang <zhlcindy@linux.vnet.ibm.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      f84b92ea
    • P
      conf: Enforce ranges on cputune variables · f8e3221f
      Peter Krempa 提交于
      The limits are documented at
      http://libvirt.org/formatdomain.html#elementsCPUTuning . Enforce them
      when going through XML parsing in addition to being enforced by the API.
      f8e3221f
    • M
      test: Return Libvirt logo as domain screenshot · 5e5ca84e
      Michal Privoznik 提交于
      This is just a bare Easter Egg. Whenever a user runs virDomainScreenshot
      over a domain in test driver, he'll get the Libvirt PNG logo in return.
      5e5ca84e
    • E
      smartcard: spell ccid-card-emulated qemu property correctly · 6f7e4ea3
      Eric Blake 提交于
      Reported by Anthony Messina in
      https://bugzilla.redhat.com/show_bug.cgi?id=904692
      Present since introduction of smartcard support in commit f5fd9baa
      
      * src/qemu/qemu_command.c (qemuBuildCommandLine): Match qemu spelling.
      * tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args:
      Fix broken test.
      6f7e4ea3
    • J
      qemu: Allow migration over IPv6 · f03dcc5d
      Ján Tomko 提交于
      Allow migration over IPv6 by listening on [::] instead of 0.0.0.0
      when QEMU supports it (QEMU_CAPS_IPV6_MIGRATION) and there is
      at least one v6 address configured on the system.
      
      Use virURIParse in qemuMigrationPrepareDirect to allow parsing
      IPv6 addresses, which would cause an 'incorrect :port' error
      message before.
      
      Move setting of migrateFrom from qemuMigrationPrepare{Direct,Tunnel}
      after domain XML parsing, since we need the QEMU binary path from it
      to get its capabilities.
      
      Bug: https://bugzilla.redhat.com/show_bug.cgi?id=846013
      f03dcc5d
    • O
      virsh: Add a helper to parse cpulist · 8893df38
      Osier Yang 提交于
      The 'virsh vcpupin' and 'virsh emulatorpin' commands use the same
      code to parse the cpulist. This patch abstracts the same code as
      a helper. Along with various code style fixes, and error improvement
      (only error "Physical CPU %d doesn't exist" if the specified CPU
      exceed the range, no "cpulist: Invalid format", see the following
      for an example of the error prior to this patch).
      
      % virsh vcpupin 4 0 0-8
      error: Physical CPU 4 doesn't exist.
      error: cpulist: Invalid format.
      8893df38
    • J
      Resolve valgrind failure · 9a80050e
      John Ferlan 提交于
      Code added by commit id '523207fe'
      
      TEST: qemuxml2argvtest
            ........................................ 40
            ........................................ 80
            ........................................ 120
            ........................................ 160
            ........................................ 200
            ........................................ 240
            .................................        273 OK
      ==30993== 39 bytes in 1 blocks are definitely lost in loss record 33 of 87
      ==30993==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
      ==30993==    by 0x41E501: fakeSecretGetValue (qemuxml2argvtest.c:33)
      ==30993==    by 0x427591: qemuBuildDriveURIString (qemu_command.c:2571)
      ==30993==    by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627)
      ==30993==    by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443)
      ==30993==    by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154
      ==30993==    by 0x41FE8F: virtTestRun (testutils.c:157)
      ==30993==    by 0x418BE3: mymain (qemuxml2argvtest.c:506)
      ==30993==    by 0x4204CA: virtTestMain (testutils.c:719)
      ==30993==    by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so)
      ==30993==
      ==30993== 46 bytes in 1 blocks are definitely lost in loss record 64 of 87
      ==30993==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
      ==30993==    by 0x38D690A167: __vasprintf_chk (in /usr/lib64/libc-2.16.so)
      ==30993==    by 0x4CB28E7: virVasprintf (stdio2.h:210)
      ==30993==    by 0x4CB29A3: virAsprintf (virutil.c:2017)
      ==30993==    by 0x4275B4: qemuBuildDriveURIString (qemu_command.c:2580)
      ==30993==    by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627)
      ==30993==    by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443)
      ==30993==    by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154
      ==30993==    by 0x41FE8F: virtTestRun (testutils.c:157)
      ==30993==    by 0x418BE3: mymain (qemuxml2argvtest.c:506)
      ==30993==    by 0x4204CA: virtTestMain (testutils.c:719)
      ==30993==    by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so)
      ==30993==
      ==30993== 385 (56 direct, 329 indirect) bytes in 1 blocks are definitely los
      ==30993==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
      ==30993==    by 0x4C6B2CF: virAllocN (viralloc.c:152)
      ==30993==    by 0x4C9C7EB: virObjectNew (virobject.c:191)
      ==30993==    by 0x4D21810: virGetSecret (datatypes.c:642)
      ==30993==    by 0x41E5D5: fakeSecretLookupByUsage (qemuxml2argvtest.c:51)
      ==30993==    by 0x4D4BEC5: virSecretLookupByUsage (libvirt.c:15295)
      ==30993==    by 0x4276A9: qemuBuildDriveURIString (qemu_command.c:2565)
      ==30993==    by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627)
      ==30993==    by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443)
      ==30993==    by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154
      ==30993==    by 0x41FE8F: virtTestRun (testutils.c:157)
      ==30993==    by 0x418BE3: mymain (qemuxml2argvtest.c:506)
      ==30993==
      PASS: qemuxml2argvtest
      
      Interesting side note is that running the test singularly via 'make -C tests
      check TESTS=qemuxml2argvtest' didn't trip the valgrind error; however,
      running during 'make -C tests valgrind' did cause the error to be seen.
      9a80050e
  3. 01 4月, 2013 1 次提交
    • D
      Release of libvirt-1.0.4 · 89d73020
      Daniel Veillard 提交于
      - configure.ac docs/news.html.in libvirt.spec.in: updates for the release
      - po/*.po*: fetch translation updates from Transifex and regenerate
      89d73020
  4. 29 3月, 2013 4 次提交
  5. 28 3月, 2013 7 次提交
    • M
      security_manager.c: Append seclabel iff generated · a1c68a1f
      Michal Privoznik 提交于
      With my previous patches, we unconditionally appended a seclabel,
      even if it wasn't generated but found in array of defined seclabels.
      This resulted in double free later when doing virDomainDefFree
      and iterating over the array of defined seclabels.
      
      Moreover, there was another possibility of double free, if the
      seclabel was generated in the last iteration of the process of
      walking trough security managers array.
      a1c68a1f
    • M
      virutil: Fix compilation on non-linux platforms · 0e9df6bd
      Michal Privoznik 提交于
      There has been a typo in virIsCapbleVport function name.
      0e9df6bd
    • O
      util: Fix the conflict type for virIsCapableFCHost · 5eeb56fb
      Osier Yang 提交于
      ---
      Pushed under build-breaker rule.
      5eeb56fb
    • M
      libvirt_private.syms: Correctly export seclabel APIs · a919e6f7
      Michal Privoznik 提交于
      One of my previous patches manipulated virSecurityLabel* APIs,
      some were added to header files, and some were renamed. However,
      these changes were not reflected in libvirt_private.syms.
      a919e6f7
    • M
      security: Don't add seclabel of type none if there's already a seclabel · e4a28a32
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=923946
      
      The <seclabel type='none'/> should be added iff there is no other
      seclabel defined within a domain. This bug can be easily reproduced:
      1) configure selinux seclabel for a domain
      2) disable system's selinux and restart libvirtd
      3) observe <seclabel type='none'/> being appended to a domain on its
         startup
      e4a28a32
    • M
      security_manager: Don't manipulate domain XML in virDomainDefGetSecurityLabelDef · 6c4de116
      Michal Privoznik 提交于
      The virDomainDefGetSecurityLabelDef was modifying the domain XML.
      It tried to find a seclabel corresponding to given sec driver. If the
      label wasn't found, the function created one which is wrong. In fact
      it's security manager which should modify this part of domain XML.
      6c4de116
    • G
      conf: fix memory leak of class_id bitmap · 7a0f5021
      Guannan Ren 提交于
      When libvirtd loads active network configs from network state directory,
      it should release the class_id memory block which was allocated
      at the time of loading xml from network config directory.
      virBitmapParse will create a new memory block of bitmap class_id which
      causes a memory leak.
      
      This happens when at least one virtual network is active before.
      
      ==12234== 8,216 (24 direct, 8,192 indirect) bytes in 1 blocks are definitely \
                    lost in loss record 702 of 709
      ==12234==    at 0x4A06B2F: calloc (vg_replace_malloc.c:593)
      ==12234==    by 0x37AB04D77D: virAlloc (in /usr/lib64/libvirt.so.0.1000.3)
      ==12234==    by 0x37AB04EF89: virBitmapNew (in /usr/lib64/libvirt.so.0.1000.3)
      ==12234==    by 0x37AB0BFB37: virNetworkAssignDef (in /usr/lib64/libvirt.so.0.1000.3)
      ==12234==    by 0x37AB0BFD31: ??? (in /usr/lib64/libvirt.so.0.1000.3)
      ==12234==    by 0x37AB0BFE92: virNetworkLoadAllConfigs (in /usr/lib64/libvirt.so.0.1000.3)
      ==12234==    by 0x10650E5A: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_network.so)
      ==12234==    by 0x37AB0EB72F: virStateInitialize (in /usr/lib64/libvirt.so.0.1000.3)
      ==12234==    by 0x40DE04: ??? (in /usr/sbin/libvirtd)
      ==12234==    by 0x37AB0832E8: ??? (in /usr/lib64/libvirt.so.0.1000.3)
      ==12234==    by 0x3796807D14: start_thread (in /usr/lib64/libpthread-2.16.so)
      ==12234==    by 0x37960F246C: clone (in /usr/lib64/libc-2.16.so)
      7a0f5021
新手
引导
客服 返回
顶部