1. 29 10月, 2014 1 次提交
    • E
      maint: avoid static zero init in helpers · ff99c791
      Eric Blake 提交于
      C guarantees that static variables are zero-initialized.  Some older
      compilers (and also gcc -fno-zero-initialized-in-bss) create larger
      binaries if you explicitly zero-initialize a static variable.
      
      * src/conf/nwfilter_conf.c: Fix initialization.
      * src/cpu/cpu_x86.c: Likewise.
      * src/interface/interface_backend_netcf.c: Likewise.
      * src/locking/lock_daemon.c: Likewise.
      * src/locking/lock_driver_lockd.c: Likewise.
      * src/locking/lock_driver_sanlock.c: Likewise.
      * src/network/bridge_driver.c: Likewise.
      * src/node_device/node_device_udev.c: Likewise.
      * src/nwfilter/nwfilter_learnipaddr.c: Likewise.
      * src/rpc/virnetserver.c: Likewise.
      * src/security/security_selinux.c
      (virSecuritySELinuxGenSecurityLabel): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ff99c791
  2. 15 9月, 2014 1 次提交
  3. 22 8月, 2014 2 次提交
  4. 28 4月, 2014 1 次提交
  5. 25 4月, 2014 1 次提交
  6. 25 3月, 2014 1 次提交
  7. 18 3月, 2014 4 次提交
  8. 22 1月, 2014 1 次提交
  9. 06 1月, 2014 1 次提交
    • E
      maint: improve VIR_ERR_OPERATION_DENIED usage · d219826c
      Eric Blake 提交于
      Some of our operation denied messages are outright stupid; for
      example, if virIdentitySetAttr fails:
      
      error: operation Identity attribute is already set forbidden for read only access
      
      This patch fixes things to a saner:
      
      error: operation forbidden: Identity attribute is already set
      
      It also consolidates the most common usage pattern for operation
      denied errors: read-only connections preventing a public API.  In
      this case, 'virsh -r -c test:///default destroy test' changes from:
      
      error: operation virDomainDestroy forbidden for read only access
      
      to:
      
      error: operation forbidden: read only access prevents virDomainDestroy
      
      Note that we were previously inconsistent on which APIs used
      VIR_FROM_DOM (such as virDomainDestroy) vs. VIR_FROM_NONE (such as
      virDomainPMSuspendForDuration).  After this patch, all uses
      consistently use VIR_FROM_NONE, on the grounds that it is unlikely
      that a caller learning that a call is denied can do anything in
      particular with extra knowledge which error domain the call belongs
      to (similar to what we did in commit baa72449).
      
      * src/util/virerror.c (virErrorMsg): Rework OPERATION_DENIED error
      message.
      * src/internal.h (virCheckReadOnlyGoto): New macro.
      * src/util/virerror.h (virReportRestrictedError): New macro.
      * src/libvirt-lxc.c: Use new macros.
      * src/libvirt-qemu.c: Likewise.
      * src/libvirt.c: Likewise.
      * src/locking/lock_daemon.c (virLockDaemonClientNew): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      d219826c
  10. 10 12月, 2013 3 次提交
  11. 21 10月, 2013 2 次提交
  12. 19 8月, 2013 1 次提交
    • D
      Make max_clients in virtlockd configurable · 9f5b4b1f
      David Weber 提交于
      Each new VM requires a new connection from libvirtd to virtlockd.
      The default max clients limit in virtlockd of 20 is thus woefully
      insufficient. virtlockd sockets are only accessible to matching
      users, so there is no security need for such a tight limit. Make
      it configurable and default to 1024.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      9f5b4b1f
  13. 13 8月, 2013 1 次提交
    • D
      Properly handle -h / -V for --help/--version aliases in virtlockd/libvirtd · 63ba687f
      Daniel P. Berrange 提交于
      The virtlockd/libvirtd daemons had listed '?' as the short option
      for --help. getopt_long uses '?' for any unknown option. We want
      to be able to distinguish unknown options (which use EXIT_FAILURE)
      from correct usage of help (which should use EXIT_SUCCESS). Thus
      we should use 'h' as a short option for --help. Also add this to
      the man page docs
      
      The virtlockd/libvirtd daemons did not list any short option
      for the --version arg. Add -V as a valid short option, since
      -v is already used for --verbose.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      63ba687f
  14. 05 8月, 2013 1 次提交
    • M
      Introduce max_queued_clients · 1199edb1
      Michal Privoznik 提交于
      This configuration knob lets user to set the length of queue of
      connection requests waiting to be accept()-ed by the daemon. IOW, it
      just controls the @backlog passed to listen:
      
        int listen(int sockfd, int backlog);
      1199edb1
  15. 10 7月, 2013 1 次提交
  16. 21 5月, 2013 1 次提交
  17. 09 5月, 2013 1 次提交
  18. 08 5月, 2013 1 次提交
  19. 02 5月, 2013 1 次提交
    • M
      virutil: Move string related functions to virstring.c · 7c9a2d88
      Michal Privoznik 提交于
      The source code base needs to be adapted as well. Some files
      include virutil.h just for the string related functions (here,
      the include is substituted to match the new file), some include
      virutil.h without any need (here, the include is removed), and
      some require both.
      7c9a2d88
  20. 17 1月, 2013 1 次提交
  21. 14 1月, 2013 1 次提交
  22. 09 1月, 2013 1 次提交
  23. 21 12月, 2012 6 次提交
  24. 13 12月, 2012 4 次提交
    • D
      Add support for re-exec() of virtlockd upon SIGUSR1 · f234dc93
      Daniel P. Berrange 提交于
      The virtlockd daemon maintains file locks on behalf of libvirtd
      and any VMs it is running. These file locks must be held for as
      long as any VM is running. If virtlockd itself ever quits, then
      it is expected that a node would be fenced/rebooted. Thus to
      allow for software upgrads on live systemd, virtlockd needs the
      ability to re-exec() itself.
      
      Upon receipt of SIGUSR1, virtlockd will save its current live
      state out to a file /var/run/virtlockd-restart-exec.json
      It then re-exec()'s itself with exactly the same argv as it
      originally had, and loads the state file, reconstructing any
      objects as appropriate.
      
      The state file contains information about all locks held and
      all network services and clients currently active. An example
      state document is
      
       {
          "server": {
              "min_workers": 1,
              "max_workers": 20,
              "priority_workers": 0,
              "max_clients": 20,
              "keepaliveInterval": 4294967295,
              "keepaliveCount": 0,
              "keepaliveRequired": false,
              "services": [
                  {
                      "auth": 0,
                      "readonly": false,
                      "nrequests_client_max": 1,
                      "socks": [
                          {
                              "fd": 6,
                              "errfd": -1,
                              "pid": 0,
                              "isClient": false
                          }
                      ]
                  }
              ],
              "clients": [
                  {
                      "auth": 0,
                      "readonly": false,
                      "nrequests_max": 1,
                      "sock": {
                          "fd": 9,
                          "errfd": -1,
                          "pid": 0,
                          "isClient": true
                      },
                      "privateData": {
                          "restricted": true,
                          "ownerPid": 1722,
                          "ownerId": 6,
                          "ownerName": "f18x86_64",
                          "ownerUUID": "97586ba9-df27-9459-c806-f016c8bbd224"
                      }
                  },
                  {
                      "auth": 0,
                      "readonly": false,
                      "nrequests_max": 1,
                      "sock": {
                          "fd": 10,
                          "errfd": -1,
                          "pid": 0,
                          "isClient": true
                      },
                      "privateData": {
                          "restricted": true,
                          "ownerPid": 1784,
                          "ownerId": 7,
                          "ownerName": "f16x86_64",
                          "ownerUUID": "7b8e5e42-b875-61e9-b981-91ad8fa46979"
                      }
                  }
              ]
          },
          "defaultLockspace": {
              "resources": [
                  {
                      "name": "/var/lib/libvirt/images/f16x86_64.raw",
                      "path": "/var/lib/libvirt/images/f16x86_64.raw",
                      "fd": 14,
                      "lockHeld": true,
                      "flags": 0,
                      "owners": [
                          1784
                      ]
                  },
                  {
                      "name": "/var/lib/libvirt/images/shared.img",
                      "path": "/var/lib/libvirt/images/shared.img",
                      "fd": 12,
                      "lockHeld": true,
                      "flags": 1,
                      "owners": [
                          1722,
                          1784
                      ]
                  },
                  {
                      "name": "/var/lib/libvirt/images/f18x86_64.img",
                      "path": "/var/lib/libvirt/images/f18x86_64.img",
                      "fd": 11,
                      "lockHeld": true,
                      "flags": 0,
                      "owners": [
                          1722
                      ]
                  }
              ]
          },
          "lockspaces": [
      
          ],
          "magic": "30199"
       }
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f234dc93
    • D
      Enable systemd socket activation with virtlockd · 74c0353e
      Daniel P. Berrange 提交于
      This enhancement virtlockd so that it can receive a pre-opened
      UNIX domain socket from systemd at launch time, and adds the
      systemd service/socket unit files
      
      * daemon/libvirtd.service.in: Require virtlockd to be running
      * libvirt.spec.in: Add virtlockd systemd files
      * src/Makefile.am: Install systemd files
      * src/locking/lock_daemon.c: Support socket activation
      * src/locking/virtlockd.service.in, src/locking/virtlockd.socket.in:
        systemd unit files
      * src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h:
        Add virNetServerServiceNewFD() method
      * src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virNetSocketNewListenFD
        method
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      74c0353e
    • D
      Implement dispatch functions for lock protocol in virtlockd · 0e49b839
      Daniel P. Berrange 提交于
      Introduce a lock_daemon_dispatch.c file which implements the
      server side dispatcher the RPC APIs previously defined in the
      lock protocol.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      0e49b839
    • D
      Introduce basic infrastructure for virtlockd daemon · c57e3d89
      Daniel P. Berrange 提交于
      The virtlockd daemon will maintain locks on behalf of libvirtd.
      There are two reasons for it to be separate
      
       - Avoid risk of other libvirtd threads accidentally
         releasing fcntl() locks by opening + closing a file
         that is locked
       - Ensure locks can be preserved across libvirtd restarts.
         virtlockd will need to be able to re-exec itself while
         maintaining locks. This is simpler to achieve if its
         sole job is maintaining locks
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      c57e3d89