- 08 2月, 2015 1 次提交
-
-
由 Cole Robinson 提交于
-
- 23 1月, 2015 2 次提交
-
-
由 Peter Krempa 提交于
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the appropriate permission for it. Found via code inspection while fixing permissions for save images. (cherry picked from commit b347c0c2)
-
由 Peter Krempa 提交于
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the appropriate permission for it. (cherry picked from commit 03c3c0c8)
-
- 24 12月, 2014 1 次提交
-
-
由 Peter Krempa 提交于
Avoid leaving the domain locked on a failed ACL check in qemuDomainMigratePerform() and qemuDomainMigrateFinish2(). Introduced in commit abf75aea (Add ACL checks into the QEMU driver). (cherry picked from commit 2bdcd29c)
-
- 16 11月, 2014 3 次提交
-
-
由 Cole Robinson 提交于
-
由 Cole Robinson 提交于
The e5120a6e backport used an undefined make variable. Not sure why I didn't hit it at first...
-
由 Cole Robinson 提交于
-
- 08 11月, 2014 1 次提交
-
-
由 Eric Blake 提交于
Commit 28f8dfdc (v1.0.0) introduced a security hole: in at least the qemu implementation of virDomainGetXMLDesc, the use of the flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE prior to calling qemuDomainFormatXML. However, the use of VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write clients only. This patch treats the migratable flag as requiring the same permissions, rather than analyzing what might break if migratable xml no longer includes secret information. Fortunately, the information leak is low-risk: all that is gated by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password; but VNC passwords are already weak (FIPS forbids their use, and on a non-FIPS machine, anyone stupid enough to trust a max-8-byte password sent in plaintext over the network deserves what they get). SPICE offers better security than VNC, and all other secrets are properly protected by use of virSecret associations rather than direct output in domain XML. * src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC): Tighten rules on use of migratable flag. * src/libvirt-domain.c (virDomainGetXMLDesc): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit b1674ad5) Conflicts: src/libvirt-domain.c - file split from older src/libvirt.c; context with older virLibConnError Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 30 10月, 2014 3 次提交
-
-
由 Lubomir Rintel 提交于
The manufacurer and product from USB device itself are usually not particularly useful -- they tend to be missing, or ugly (all-uppercase, padded with spaces, etc.). Prefer what's in the usb id database and fall back to descriptors only if the device is too new to be in database. https://bugzilla.redhat.com/show_bug.cgi?id=1138887 (cherry picked from commit 3ef77a54)
-
由 Martin Kletzander 提交于
gnutls-3.3.0 and newer leaves 2 FDs open in order to be backwards compatible when it comes to chrooted binaries [1]. Linking commandhelper with gnutls then leaves these two FDs open and commandtest fails thanks to that. This patch does not link commandhelper with libvirt.la, but rather only the utilities making the test pass. Based on suggestion from Daniel [2]. [1] http://lists.gnutls.org/pipermail/gnutls-help/2014-April/003429.html [2] https://www.redhat.com/archives/libvir-list/2014-April/msg01119.htmlSigned-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 4cbc15d0)
-
由 Cédric Bosdonnat 提交于
D-bus introduced some changes in its locking code. Overriding the init function skips the new locking init and thus crashes later in libvirt test. Removing the function makes the test pass again. (cherry picked from commit 5e397d9c)
-
- 02 10月, 2014 1 次提交
-
-
由 Pavel Hrdina 提交于
If you use public api virConnectListAllDomains() with second parameter set to NULL to get only the number of domains you will lock out all other operations with domains. Introduced by commit 2c680804. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> (cherry picked from commit fc22b2e7)
-
- 18 9月, 2014 1 次提交
-
-
由 Peter Krempa 提交于
Live definition was used to look up the disk index while persistent one was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the correct def and report a nice error. Unfortunately it's accessible via read-only connection, though it can only crash libvirtd in the cases where the guest is hot-plugging disks without reflecting those changes to the persistent definition. So avoiding hotplug, or doing hotplug where persistent is always modified alongside live definition, will avoid the out-of-bounds access. Introduced in: eca96694a (v0.9.8) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724Reported-by: NLuyao Huang <lhuang@redhat.com> Signed-off-by: NPeter Krempa <pkrempa@redhat.com> (cherry picked from commit 3e745e8f)
-
- 09 9月, 2014 10 次提交
-
-
由 Cole Robinson 提交于
-
由 Bamvor Jian Zhang 提交于
in recently xen commit: 7051d5c8, there is a api changes in libxl_domain_create_restore. Author: Andrew Cooper <andrew.cooper3@citrix.com> Date: Thu Oct 10 12:23:10 2013 +0100 tools/migrate: Fix regression when migrating from older version of Xen use the macro LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS in libxl.h in order to make libvirt could compile with old and new xen. the params checkpointed_stream is useful if libvirt libxl driver support migration. for new, set it as zero. Signed-off-by: NBamvor Jian Zhang <bjzhang@suse.com> (cherry picked from commit a52fa556)
-
由 Eric Blake 提交于
Use correct variable name. * m4/virt-selinux.m4: Fix one last variable name. (cherry picked from commit 5fa10f32)
-
由 Jim Fehlig 提交于
Commit 292d3f2d fixed the build with libselinux 2.3, but missed some suggestions by eblake https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html This patch changes the macro introduced in 292d3f2d to either be empty in the case of newer libselinux, or contain 'const' in the case of older libselinux. The macro is then used directly in tests/securityselinuxhelper.c. (cherry picked from commit b109c097)
-
由 Cédric Bosdonnat 提交于
Several function signatures changed in libselinux 2.3, now taking a 'const char *' instead of 'security_context_t'. The latter is defined in selinux/selinux.h as typedef char *security_context_t; Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 292d3f2d)
-
由 Cole Robinson 提交于
(cherry picked from commit 3e8699d3)
-
由 Cole Robinson 提交于
Currently VolOpen notifies the user of a potentially non-fatal failure by returning -2 and logging a VIR_WARN or VIR_INFO. Unfortunately most callers treat -2 as fatal but don't actually report any message with the error APIs. Rename the VOL_OPEN_ERROR flag to VOL_OPEN_NOERROR. If NOERROR is specified, we preserve the current behavior of returning -2 (there's only one caller that wants this). However in the default case, only return -1, and actually use the error APIs. Fix up a couple callers as a result. (cherry picked from commit 138e65c3) Conflicts: src/storage/storage_backend.c src/storage/storage_backend_fs.c
-
由 Cole Robinson 提交于
Remove the original VolOpen implementation, which is now only used in one spot. (cherry picked from commit fa5b5549)
-
由 Cole Robinson 提交于
(cherry picked from commit 847a9eb1) Conflicts: src/storage/storage_backend.h src/storage/storage_backend_mpath.c src/storage/storage_backend_scsi.c
-
由 Cole Robinson 提交于
And drop the original UpdateVolInfo. Makes it a bit easier to follow the function usage. And change the int parameter to an explicit bool. (cherry picked from commit 16d75d19) Conflicts: src/storage/storage_backend.h
-
- 08 9月, 2014 3 次提交
-
-
由 Gao feng 提交于
After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942 vfs: Lock in place mounts from more privileged users, unprivileged user has no rights to move the mounts that inherited from parent mountns. we use this feature to move the /stateDir/domain-name.{dev, devpts} to the /dev/ and /dev/pts directroy of container. this commit breaks libvirt lxc. this patch changes the behavior to bind these mounts when user namespace is enabled and move these mounts when user namespace is disabled. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> (cherry picked from commit 46f2d16f)
-
由 Daniel P. Berrange 提交于
Recent discussions around naming of 'pci' vs 'pci.0' for PPC made me go back and look at the PPC emulator in every historical version of QEMU since 1.0. The results were worse than I imagined. This patch adds the logic required to make libvirt work with PPC correctly with naming variations across all versions & machine types. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 27b2b987)
-
由 Stefan Bader 提交于
As soon as any guest mounts xenfs to /proc/xen, there is a capabilities file in that directory. However it returns nothing when reading from it. Change the test to actually check the contents of the file. BugLink: http://bugs.launchpad.net/bugs/1248025Signed-off-by: NStefan Bader <stefan.bader@canonical.com> (cherry picked from commit 8c869ad9)
-
- 02 9月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1135388 (cherry picked from commit 628c2255)
-
- 27 8月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt.pc file we install is ending up polluted with a load of compiler flags that should be private to the libvirt build. eg Libs: -L${libdir} -lvirt -ldl -O2 -g -pipe -Wall \ -Wp,-D_FORTIFY_SOURCE=2 -fexceptions \ -fstack-protector-strong --param=ssp-buffer-size=4 \ -grecord-gcc-switches -m64 -mtune=generic this is caused by including @libs@ in the Libs: line of the pkgconfig.pc.in file. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 1167751f)
-
- 03 7月, 2014 2 次提交
-
-
由 Peter Krempa 提交于
We have the following matrix of possible arguments handled by the logic statement touched by this patch: | flags & _REUSE_EXT | !(flags & _REUSE_EXT) -------+--------------------+---------------------- format| (1) | (2) -------+--------------------+---------------------- !format| (3) | (4) -------+--------------------+---------------------- In cases 1 and 2 the user provided a format, in cases 3 and 4 not. The user requests to use a pre-existing image in 1 and 3 and libvirt will create a new image in 2 and 4. The difference between cases 3 and 4 is that for 3 the format is probed from the user-provided image, whereas in 4 we just use the existing disk format. The current code would treat cases 1,3 and 4 correctly but in case 2 the format provided by the user would be ignored. The particular piece of code was broken in commit 35c7701c but since it was introduced a few commits before that it was never released as working. (cherry picked from commit 42619ed0) Signed-off-by: NEric Blake <eblake@redhat.com> Conflicts: src/qemu/qemu_driver.c - no refactoring of commits 7b7bf001, 4f202266
-
由 Eric Blake 提交于
Newer git doesn't like the maint.mk rule 'public-submodule-commit' run during 'make check', as inherited from our checkout of gnulib. I tracked down that libvirt commit 8531301d picked up a gnulib fix that makes git happy. Rather than try and do a full .gnulib submodule update to gnulib.git d18d1b802 (as used in that libvirt commit), it was easier to just backport the fixed maint.mk from gnulib on top of our existing submodule level. I did it as follows, where these steps will have to be repeated when cherry-picking this commit to any other maintenance branch: mkdir -p gnulib/local/top cd .gnulib git checkout d18d1b802 top/maint.mk git diff HEAD > ../gnulib/local/top/maint.mk.diff git reset --hard cd .. git add gnulib/local/top Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 27 6月, 2014 2 次提交
-
-
由 Eric Blake 提交于
We publish libvirt-api.xml for others to use, and in fact, the libvirt-python bindings use it to generate python constants that correspond to our enum values. However, we had an off-by-one bug that any enum that relied on C's rules for implicit initialization of the first enum member to 0 got listed in the xml as having a value of 1 (and all later members of the enum were equally botched). The fix is simple - since we add one to the previous value when encountering an enum without an initializer, the previous value must start at -1 so that the first enum member is assigned 0. The python generator code has had the off-by-one ever since DV first wrote it years ago, but most of our public enums were immune because they had an explicit = 0 initializer. The only affected enums are: - virDomainEventGraphicsAddressType (such as VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4), since commit 987e31ed (libvirt v0.8.0) - virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW), since commit 9fbaff00 (libvirt v1.2.3) - virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4), since commit 03e0e79e (not yet released) Thanks to Nehal J Wani for reporting the problem on IRC, and for helping me zero in on the culprit function. * docs/apibuild.py (CParser.parseEnumBlock): Fix implicit enum values. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 9b291bbe)
-
由 Peter Krempa 提交于
When creating a new disk mirror the new struct is stored in a separate variable until everything went well. The removed hunk would actually remove existing mirror information for example when the api would be run if a mirror still exists. (cherry picked from commit 02b364e1) This fixes a regression introduced in commit ff5f30b6. Signed-off-by: NEric Blake <eblake@redhat.com> Conflicts: src/qemu/qemu_driver.c - no refactoring of commits 7b7bf001, 4f202266
-
- 06 5月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
If the XML_PARSE_NOENT flag is passed to libxml2, then any entities in the input document will be fully expanded. This allows the user to read arbitrary files on the host machine by creating an entity pointing to a local file. Removing the XML_PARSE_NOENT flag means that any entities are left unchanged by the parser, or expanded to "" by the XPath APIs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit d6b27d3e)
-
- 05 5月, 2014 1 次提交
-
-
由 Jim Fehlig 提交于
libxl uses the libxl_vnc_info and libxl_sdl_info fields from the hvm union in libxl_domain_build_info struct when generating QEMU args for VNC or SDL. These fields were left unset by the libxl driver, causing libxl to ignore any user settings. E.g. with <graphics type='vnc' port='5950'/> port would be ignored and QEMU would instead be invoked with -vnc 127.0.0.1:0,to=99 Unlike the libxl_domain_config struct, the libxl_domain_build_info contains only a single libxl_vnc_info and libxl_sdl_info, so populate these fields from the first vfb in libxl_domain_config->vfbs. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Signed-off-by: NDavid Kiarie <davidkiarie4@gmail.com> (cherry picked from commit b55cc5f4)
-
- 04 5月, 2014 4 次提交
-
-
由 Cole Robinson 提交于
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=994364 Whenever we check for ABI stability, we have new xml (e.g. provided by user, or obtained from snapshot, whatever) which we compare to old xml and see if ABI won't break. However, if the new xml was produced via virDomainGetXMLDesc(..., VIR_DOMAIN_XML_MIGRATABLE) it lacks some devices, e.g. 'pci-root' controller. Hence, the ABI stability check fails even though it is stable. Moreover, we can't simply fix virDomainDefCheckABIStability because removing the correct devices is task for the driver. For instance, qemu driver wants to remove the usb controller too, while LXC driver doesn't. That's why we need special qemu wrapper over virDomainDefCheckABIStability which removes the correct devices from domain XML, produces MIGRATABLE xml and calls the check ABI stability function. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit 7d704812)
-
由 Laine Stump 提交于
Other drivers in libvirt (e.g. network, qemu) will automatically return the "inactive" (persistent configuration) XML of an object when that object is inactive. The netcf backend of the interface driver would always try to return the live status XML of the interface, even when it was down. Although netcf does return valid XML in that case, for bond interfaces it is missing almost all of its content, including the <bond> subelement itself, leading to this error message from "virsh iface-dumpxml" of a bond interface that is inactive: error: XML error: bond interface misses the bond element (this is because libvirt's validation of the XML returned by netcf always requires a <bond> element be present). This patch modifies the interface driver netcf backend to check if the interface is inactive, and in that case always return the inactive XML (which will always have a <bond> element, thus eliminating the error message, as well as making operation more in line with other drivers. This fixes the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=878394 (cherry picked from commit 7284c499)
-
由 Michal Privoznik 提交于
This function barely wraps ncf_if_status() and error handling code. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit 50f5468c)
-
- 03 5月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
There has been a new field introduced in iscsiadm --mode session output [1], but our regex only expects four fields. This breaks startup of iscsi pools: error: Failed to start pool iscsi error: internal error: cannot find session Fix this by ignoring anything after the fourth field. https://bugzilla.redhat.com/show_bug.cgi?id=1067173 [1] https://github.com/mikechristie/open-iscsi/commit/181af9a (cherry picked from commit 57e17a74)
-
- 01 5月, 2014 1 次提交
-
-
由 Laine Stump 提交于
If a domain network interface that contains a <filterref> is modified "live" using "virsh update-device --live", libvirtd would crash. This was because the code supporting live update of an interface's filterref was assuming that a filterref might be added or modified, but didn't account for removing the filterref, resulting in a null dereference of the filter name. Introduced with commit 258fb278, which was first in libvirt v1.0.1. This addresses https://bugzilla.redhat.com/show_bug.cgi?id=1093301 (cherry picked from commit 0eac9d1e)
-