- 03 4月, 2013 9 次提交
-
-
由 Daniel P. Berrange 提交于
By passing the flags -z relro -z now to the linker, we can force it to resolve all library symbols at startup, instead of on-demand. This allows it to then make the global offset table (GOT) read-only, which makes some security attacks harder. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
PIE (position independent executable) adds security to executables by composing them entirely of position-independent code (PIC. The .so libraries already build with -fPIC. This adds -fPIE which is the equivalent to -fPIC, but for executables. This for allows Exec Shield to use address space layout randomization to prevent attackers from knowing where existing executable code is during a security attack using exploits that rely on knowing the offset of the executable code in the binary, such as return-to-libc attacks. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Peter Krempa 提交于
The JSON generator is able to represent only values less than LLONG_MAX, fix the bandwidth limit checks when converting to value to catch overflows before they reach the generator.
-
由 Osier Yang 提交于
It's long enough to have a independant definition.
-
由 Daniel P. Berrange 提交于
Every source file is currently built twice by libtool, once for the shared library and once for the static library. Static libs are not commonly packaged by distros and slow down compilation time by more than 50% compared to a shared-only build time. Time for 'make -j 4': shared only: 2 mins 9 secs shared + static: 3 mins 26 secs Time for non-parallel make shared only: 3 mins 32 secs shared + static: 5 mins 41 secs Those few people who really want them, can pass --enable-static to configure Disabling them by default requires use of LT_INIT, but for compat with RHEL5 we can't rely on that. So we conditionally use LT_INIT, but fallback to AM_PROG_LIBTOOL if not present.
-
由 Peter Krempa 提交于
s/persitent/persistent/
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=947387 If a user configures a domain to use a seclabel of a specific type, but the appropriate driver is not accessible, we should refuse to start the domain. For instance, if user requires selinux, but it is either non present in the system, or is just disabled, we should not start the domain. Moreover, since we are touching only those labels we have a security driver for, the other labels may confuse libvirt when reconnecting to a domain on libvirtd restart. In our selinux example, when starting up a domain, missing security label is okay, as we auto-generate one. But later, when libvirt is re-connecting to a live qemu instance, we parse a state XML, where security label is required and it is an error if missing: error : virSecurityLabelDefParseXML:3228 : XML error: security label is missing This results in a qemu process left behind without any libvirt control.
-
由 Martin Kletzander 提交于
virsh schedinfo was able to set only one parameter at a time (not counting the deprecated options), but it is useful to set more at once, so this patch adds the possibility to do stuff like this: virsh schedinfo <domain> cpu_shares=0 vcpu_period=0 vcpu_quota=0 \ emulator_period=0 emulator_quota=0 Invalid scheduler options are reported as well. These were previously reported only if the command hadn't updated any values (when cmdSchedInfoUpdate returned 0). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=810078 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919372 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919375
-
由 Peter Krempa 提交于
Mimic the fix done in 02b90972 to fix crash by accessing an already freed structure. Also copy the explaining comment why the pointer can't be accessed any more.
-
- 02 4月, 2013 19 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=928197 The virsh domfstrim command was not freeing allocated domain, leaving leaked references behind.
-
由 Martin Kletzander 提交于
Descriptions for vol-download and vol-upload didn't make much sense. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=923613
-
由 Martin Kletzander 提交于
The virsh(1) man page wasn't saying anything about the 'migrateuri' parameter other than it can be usually omitted. A patched version of docs/migrate.html.in is taken in this patch to fix that up in the man page.
-
由 Peter Krempa 提交于
Use the established approach to improve this function too.
-
由 Peter Krempa 提交于
Use the established approach to improve this function too.
-
由 Peter Krempa 提交于
Use the established approach to improve this function too.
-
由 Peter Krempa 提交于
The man page states that with --config the next boot is affected. This can be understood as if _only_ the next boot was affected. This isn't true if the machine is running. This patch adds the full --live, --config, --current infrastructure and tweaks stuff to correctly support the obsolete --persistent flag. Note that this patch changes the the behavior of the --config flag to match the use of this flag in rest of libvirt. This flag was mistakenly renamed from --persistent that originaly had different semantics.
-
由 Peter Krempa 提交于
The parameter options can be declared directly. Also use macros for mutual exclusion on some of the incompatible parameter variables.
-
由 Peter Krempa 提交于
This patch uses the new helper to avoid the more complex check for domain state modification flags.
-
由 Peter Krempa 提交于
The domif-getlink command did not terminate successfully when the interface state was found. As the code used old and too complex approach to do the job, this patch refactors it and fixes the bug.
-
由 Peter Krempa 提交于
Format the address using the helper instead of having similar code in multiple places. This patch also fixes leak of the MAC address string in ebtablesRemoveForwardAllowIn() and ebtablesAddForwardAllowIn() in src/util/virebtables.c
-
由 Peter Krempa 提交于
The domain XML generator creates the mac addres strings with lowercase strings with a separate piece of code. This patch changes the formating helper to do the same stuff to allow using it to normalize a string provided by the user. After this change some of the tests that are outputing the mac address will need to be changed.
-
由 Li Zhang 提交于
Currently, -machine option is used only when dump-guest-core is set. To use options defined in machine option for newer version of QEMU, it needs to use -machine xxx, and to be compatible with older version -M, this patch adds QEMU_CAPS_MACHINE_OPT capability for newer version which supports -machine option. Signed-off-by: NLi Zhang <zhlcindy@linux.vnet.ibm.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
The limits are documented at http://libvirt.org/formatdomain.html#elementsCPUTuning . Enforce them when going through XML parsing in addition to being enforced by the API.
-
由 Michal Privoznik 提交于
This is just a bare Easter Egg. Whenever a user runs virDomainScreenshot over a domain in test driver, he'll get the Libvirt PNG logo in return.
-
由 Eric Blake 提交于
Reported by Anthony Messina in https://bugzilla.redhat.com/show_bug.cgi?id=904692 Present since introduction of smartcard support in commit f5fd9baa * src/qemu/qemu_command.c (qemuBuildCommandLine): Match qemu spelling. * tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args: Fix broken test.
-
由 Ján Tomko 提交于
Allow migration over IPv6 by listening on [::] instead of 0.0.0.0 when QEMU supports it (QEMU_CAPS_IPV6_MIGRATION) and there is at least one v6 address configured on the system. Use virURIParse in qemuMigrationPrepareDirect to allow parsing IPv6 addresses, which would cause an 'incorrect :port' error message before. Move setting of migrateFrom from qemuMigrationPrepare{Direct,Tunnel} after domain XML parsing, since we need the QEMU binary path from it to get its capabilities. Bug: https://bugzilla.redhat.com/show_bug.cgi?id=846013
-
由 Osier Yang 提交于
The 'virsh vcpupin' and 'virsh emulatorpin' commands use the same code to parse the cpulist. This patch abstracts the same code as a helper. Along with various code style fixes, and error improvement (only error "Physical CPU %d doesn't exist" if the specified CPU exceed the range, no "cpulist: Invalid format", see the following for an example of the error prior to this patch). % virsh vcpupin 4 0 0-8 error: Physical CPU 4 doesn't exist. error: cpulist: Invalid format.
-
由 John Ferlan 提交于
Code added by commit id '523207fe' TEST: qemuxml2argvtest ........................................ 40 ........................................ 80 ........................................ 120 ........................................ 160 ........................................ 200 ........................................ 240 ................................. 273 OK ==30993== 39 bytes in 1 blocks are definitely lost in loss record 33 of 87 ==30993== at 0x4A0887C: malloc (vg_replace_malloc.c:270) ==30993== by 0x41E501: fakeSecretGetValue (qemuxml2argvtest.c:33) ==30993== by 0x427591: qemuBuildDriveURIString (qemu_command.c:2571) ==30993== by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627) ==30993== by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443) ==30993== by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154 ==30993== by 0x41FE8F: virtTestRun (testutils.c:157) ==30993== by 0x418BE3: mymain (qemuxml2argvtest.c:506) ==30993== by 0x4204CA: virtTestMain (testutils.c:719) ==30993== by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so) ==30993== ==30993== 46 bytes in 1 blocks are definitely lost in loss record 64 of 87 ==30993== at 0x4A0887C: malloc (vg_replace_malloc.c:270) ==30993== by 0x38D690A167: __vasprintf_chk (in /usr/lib64/libc-2.16.so) ==30993== by 0x4CB28E7: virVasprintf (stdio2.h:210) ==30993== by 0x4CB29A3: virAsprintf (virutil.c:2017) ==30993== by 0x4275B4: qemuBuildDriveURIString (qemu_command.c:2580) ==30993== by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627) ==30993== by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443) ==30993== by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154 ==30993== by 0x41FE8F: virtTestRun (testutils.c:157) ==30993== by 0x418BE3: mymain (qemuxml2argvtest.c:506) ==30993== by 0x4204CA: virtTestMain (testutils.c:719) ==30993== by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so) ==30993== ==30993== 385 (56 direct, 329 indirect) bytes in 1 blocks are definitely los ==30993== at 0x4A06B6F: calloc (vg_replace_malloc.c:593) ==30993== by 0x4C6B2CF: virAllocN (viralloc.c:152) ==30993== by 0x4C9C7EB: virObjectNew (virobject.c:191) ==30993== by 0x4D21810: virGetSecret (datatypes.c:642) ==30993== by 0x41E5D5: fakeSecretLookupByUsage (qemuxml2argvtest.c:51) ==30993== by 0x4D4BEC5: virSecretLookupByUsage (libvirt.c:15295) ==30993== by 0x4276A9: qemuBuildDriveURIString (qemu_command.c:2565) ==30993== by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627) ==30993== by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443) ==30993== by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154 ==30993== by 0x41FE8F: virtTestRun (testutils.c:157) ==30993== by 0x418BE3: mymain (qemuxml2argvtest.c:506) ==30993== PASS: qemuxml2argvtest Interesting side note is that running the test singularly via 'make -C tests check TESTS=qemuxml2argvtest' didn't trip the valgrind error; however, running during 'make -C tests valgrind' did cause the error to be seen.
-
- 01 4月, 2013 1 次提交
-
-
由 Daniel Veillard 提交于
- configure.ac docs/news.html.in libvirt.spec.in: updates for the release - po/*.po*: fetch translation updates from Transifex and regenerate
-
- 29 3月, 2013 4 次提交
-
-
由 Christophe Fergeau 提交于
-
由 Ján Tomko 提交于
Since the refactoring in fbe2d494 we call virSecretFree even if virSecretDefineXML fails, which leads to overwriting the error message with: error: Invalid secret: virSecretFree Bug: https://bugzilla.redhat.com/show_bug.cgi?id=929045
-
由 Martin Kletzander 提交于
When logical pool has no PVs associated with itself (user-created), virCommandFree(cmd) is called twice with the same pointer and that causes a segfault in daemon.
-
由 Ján Tomko 提交于
Both virIsCapableFCHost and virIsCapableVport return 0 when the respective sysfs path is accessible.
-
- 28 3月, 2013 7 次提交
-
-
由 Michal Privoznik 提交于
With my previous patches, we unconditionally appended a seclabel, even if it wasn't generated but found in array of defined seclabels. This resulted in double free later when doing virDomainDefFree and iterating over the array of defined seclabels. Moreover, there was another possibility of double free, if the seclabel was generated in the last iteration of the process of walking trough security managers array.
-
由 Michal Privoznik 提交于
There has been a typo in virIsCapbleVport function name.
-
由 Osier Yang 提交于
--- Pushed under build-breaker rule.
-
由 Michal Privoznik 提交于
One of my previous patches manipulated virSecurityLabel* APIs, some were added to header files, and some were renamed. However, these changes were not reflected in libvirt_private.syms.
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=923946 The <seclabel type='none'/> should be added iff there is no other seclabel defined within a domain. This bug can be easily reproduced: 1) configure selinux seclabel for a domain 2) disable system's selinux and restart libvirtd 3) observe <seclabel type='none'/> being appended to a domain on its startup
-
由 Michal Privoznik 提交于
The virDomainDefGetSecurityLabelDef was modifying the domain XML. It tried to find a seclabel corresponding to given sec driver. If the label wasn't found, the function created one which is wrong. In fact it's security manager which should modify this part of domain XML.
-
由 Guannan Ren 提交于
When libvirtd loads active network configs from network state directory, it should release the class_id memory block which was allocated at the time of loading xml from network config directory. virBitmapParse will create a new memory block of bitmap class_id which causes a memory leak. This happens when at least one virtual network is active before. ==12234== 8,216 (24 direct, 8,192 indirect) bytes in 1 blocks are definitely \ lost in loss record 702 of 709 ==12234== at 0x4A06B2F: calloc (vg_replace_malloc.c:593) ==12234== by 0x37AB04D77D: virAlloc (in /usr/lib64/libvirt.so.0.1000.3) ==12234== by 0x37AB04EF89: virBitmapNew (in /usr/lib64/libvirt.so.0.1000.3) ==12234== by 0x37AB0BFB37: virNetworkAssignDef (in /usr/lib64/libvirt.so.0.1000.3) ==12234== by 0x37AB0BFD31: ??? (in /usr/lib64/libvirt.so.0.1000.3) ==12234== by 0x37AB0BFE92: virNetworkLoadAllConfigs (in /usr/lib64/libvirt.so.0.1000.3) ==12234== by 0x10650E5A: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_network.so) ==12234== by 0x37AB0EB72F: virStateInitialize (in /usr/lib64/libvirt.so.0.1000.3) ==12234== by 0x40DE04: ??? (in /usr/sbin/libvirtd) ==12234== by 0x37AB0832E8: ??? (in /usr/lib64/libvirt.so.0.1000.3) ==12234== by 0x3796807D14: start_thread (in /usr/lib64/libpthread-2.16.so) ==12234== by 0x37960F246C: clone (in /usr/lib64/libc-2.16.so)
-