- 24 6月, 2019 2 次提交
-
-
由 Ján Tomko 提交于
This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 8afa68ba) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit aed6a032) Signed-off-by: NJán Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit 12a51f37 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 30 6月, 2016 1 次提交
-
-
由 Jiri Denemark 提交于
CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit bb848fee)
-
- 13 12月, 2015 1 次提交
-
-
由 Eric Blake 提交于
The libvirt file system storage driver determines what file to act on by concatenating the pool location with the volume name. If a user is able to pick names like "../../../etc/passwd", then they can escape the bounds of the pool. For that matter, virStoragePoolListVolumes() doesn't descend into subdirectories, so a user really shouldn't use a name with a slash. Normally, only privileged users can coerce libvirt into creating or opening existing files using the virStorageVol APIs; and such users already have full privilege to create any domain XML (so it is not an escalation of privilege). But in the case of fine-grained ACLs, it is feasible that a user can be granted storage_vol:create but not domain:write, and it violates assumptions if such a user can abuse libvirt to access files outside of the storage pool. Therefore, prevent all use of volume names that contain "/", whether or not such a name is actually attempting to escape the pool. This changes things from: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 Vol ../../../../../../etc/haha created $ rm /etc/haha to: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 error: Failed to create vol ../../../../../../etc/haha error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/' Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 034e47c3)
-
- 02 10月, 2015 1 次提交
-
-
由 Daniel Veillard 提交于
* docs/news.html.in libvirt.spec.in: update for new release * po/*.po*: regenerate localization
-
- 29 9月, 2015 4 次提交
-
-
由 Cole Robinson 提交于
Commit 307fb904 (Sep 10) added a 'privileged' variable when creating the DAC driver: @@ -153,6 +157,7 @@ virSecurityManagerNewDAC(const char *virtDriver, bool defaultConfined, bool requireConfined, bool dynamicOwnership, + bool privileged, virSecurityManagerDACChownCallback chownCallback) But argument order is mixed up at the caller, swapping dynamicOwnership and privileged values. This corrects the argument order https://bugzilla.redhat.com/show_bug.cgi?id=1266628
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1250331 Even after my rework of startupPolicy handling, one command slipped my attention. The change-media command has a very unique approach to constructing disk XML. However, it will not preserve startupPolicy attribute. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Since the previous commit, the shallow copy is only used inside the if (backend->buildVol) if.
-
由 Ján Tomko 提交于
Since commit e0139e30, we update the pool allocation with the user-provided allocation values. For qcow2, the allocation is ignored for volume building, but we still subtracted it from pool's allocation. This can result in interesting values if the user-provided allocation is large enough: Capacity: 104.71 GiB Allocation: 109.13 GiB Available: 16.00 EiB We already do a VolRefresh on volume creation. Also refresh the volume after creating and use the new value to update the pool. https://bugzilla.redhat.com/show_bug.cgi?id=1163091
-
- 26 9月, 2015 3 次提交
-
-
由 John Ferlan 提交于
Commit id '7383b8cc' changed virDomainDef 'virtType' to an enum, that caused a build failure on some archs due to comparing an unsigned value to < 0. Adjust the fetch of 'type' to be into temporary 'int virtType' and then assign that virtType to the def->virtType
-
由 Shivangi Dhir 提交于
Earlier virtType was of type int. After, introducing the enum VIR_DOMAIN_VIRT_NONE, the type of virtType is modified to virDomainVirtType.
-
由 Shivangi Dhir 提交于
Introduce VIR_DOMAIN_VIRT_NONE to give domaintype the default value of zero. This is specially helpful in constructing better error messages when we don't want to look up the default emulator by virtType. The test data in vircapstest.c is also modified to reflect this change.
-
- 25 9月, 2015 3 次提交
-
-
由 Guido Günther 提交于
otherwise messages end up in /var/log/kern.log if journald forwards to syslog. Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799633
-
由 Michal Privoznik 提交于
So, our mingw build is broken. It's because while libvirt_shell library is using some of our internal APIs, e.g. virStrndup, and readline API but it's not being linked with nor libvirt.la nor libreadline. Only subsequent users of the library, like virsh, do link to the needed libraries. In fact, I'm surprised Linux linker doesn't care, because how can it make a static library with missing symbols is mystery to me. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Andrea Bolognani 提交于
-
- 24 9月, 2015 15 次提交
-
-
由 Jiri Denemark 提交于
As of commit 69929941, we set graphics/@listen attribute according to the first listen child element even if that element is of type='network'. This was done for backward compatibility with applications which only support the original listen attribute. However, by doing so we broke migration to older libvirt which tried to check that the listen attribute matches one of the listen child elements but which did not take type='network' elements into account. We are not concerned about compatibility with old applications when formatting domain XML for migration for two reasons. The XML is consumed only by libvirtd and the IP address associated with type='network' listen address on the source host is just useless on the destination host. Thus, we can safely avoid propagating the type='network' IP address to graphics/@listen attribute when creating migratable XML. https://bugzilla.redhat.com/show_bug.cgi?id=1265111Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Erik Skultety 提交于
Instead of referencing vsh sources in all relevant client targets, create a library that the client can link against.
-
由 John Ferlan 提交于
This seemed to be more of a false positive as for some reason Coverity was missing the "ret < 0" goto error condition and somehow believing that event could be overwritten. At first I thought it was just the ret != 0 condition difference, but it wasn't. In any case, make use of the recent change to qemuDomainEventQueue to check event == NULL and just pass it as a parameter directly in the error path. That avoids the error. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
As it turns out, ret can only be 0 or -1, so rather than have some comparisons be "ret < 0" and others be "ret != 0", make them all "ret < 0".
-
由 John Ferlan 提交于
Coverity complains that return from virHookCall is not checked in one place in qemuProcessStop. Since the comment notes that we cannot stop the operation even it if fails, just added the ignore_value.
-
由 John Ferlan 提交于
Use 'dead_error_condition' instead of 'dead_error_begin'
-
由 John Ferlan 提交于
The cleanup path did not clear the reference for sk1 and sk2 Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
In the error path need to unref the 'caps' as well Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
So while working on my previous patches, I've noticed that virDomainRestore implementation in qemu and test drivers has the same problem as I am fixing. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
So far we have the following pattern occurring over and over again: if (!vm->persistent) qemuDomainRemoveInactive(driver, vm); It's safe to put the check into the function and save some LoC. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=871452 So, you want to create a domain from XML. The domain already exists in libvirt's database of domains. It's okay, because name and UUID matches. However, on domain startup, internal representation of the domain is overwritten with your XML even though we claim that the XML you've provided is a transient one. The bug is to be found across nearly all the drivers. Le sigh. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=871452 Okay, so we allow users to 'virsh create' an already existing domain, providing completely different XML than the one stored in Libvirt. Well, as long as name and UUID matches. However, in some drivers the code that handles errors unconditionally removes the domain that failed to start even though the domain might have been persistent. Fortunately, the domain is removed just from the internal list of domains and the config file is kept around. Steps to reproduce: 1) virsh dumpxml $dom > /tmp/dom.xml 2) change XML so that it is still parse-able but won't boot, e.g. change guest agent path to /foo/bar 3) virsh create /tmp/dom.xml 4) virsh dumpxml $dom 5) Observe "No such domain" error Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
As announced on the list [1], Cherrypop is a management application based on libvirt. It's a decentralized cloud software with nice scaling ability. 1: https://www.redhat.com/archives/libvir-list/2015-September/msg00670.htmlSigned-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Martin Kletzander 提交于
I initially added this in order to keep the code more error-prone to following additions, but it seems it's still frowned upon. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Michal Privoznik 提交于
Now that virQEMUDriverCreateXMLConf is never called with NULL (after 086f37e9) we can safely drop useless check in qemuDomainDeviceDefPostParse as we are guaranteed to be always called with the driver initialized. Therefore checking if driver is NULL makes no sense. Moreover, if we mix it with direct driver dereference. And after that, we are sure that nor @cfg will be NULL, therefore we can drop checks for that too. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 23 9月, 2015 10 次提交
-
-
由 Peter Krempa 提交于
Although 0 length block jobs aren't entirely useful, the output of virsh blockjob is empty due to the condition that suppresses the output for migration jobs that did not start. Since the only place that actually uses the condition that suppresses the output is in migration, let's move the check there and thus add support for 0 of 0 equaling to 100%. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1196711
-
由 Peter Krempa 提交于
Qemu unfortunately doesn't update internal state right after migration and so the actual balloon size as returned by 'query-balloon' are invalid for a while after the CPUs are started after migration. If we'd refresh our internal state at this point we would report invalid current memory size until the next balloon event would arrive. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1242940
-
由 Peter Krempa 提交于
My original implementation was based on a qemu version that still did not have all the checks in place. Using sizes that would align to odd megabyte increments will produce the following error: qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0,id=dimm0: backend memory size must be multiple of 0x200000 qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0,id=dimm0: Device 'pc-dimm' could not be initialized Introduce an alignment retrieval function for memory devices and use it to align the devices separately and modify a test case to verify it.
-
由 Jiri Denemark 提交于
After my "client rpc: Report proper error for keepalive disconnections" patch, virsh would no long print a warning when it closes a connection to a daemon after a keepalive timeout. Although the warning virsh # 2015-09-15 10:59:26.729+0000: 642080: info : libvirt version: 1.2.19 2015-09-15 10:59:26.729+0000: 642080: warning : virKeepAliveTimerInternal:143 : No response from client 0x7efdc0a46730 after 1 keepalive messages in 2 seconds was pretty ugly, it was still useful. This patch brings the useful part back while making it much nicer: virsh # error: Disconnected from qemu:///system due to keepalive timeout Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
Even though we hit an error in client's IO loop, we still want to process any pending data. So instead of reporting the error right away, we can finish the current iteration and report the error once we're done with it. Note that the error is stored in client->error by virNetClientMarkClose so we don't need to worry about it being reset or rewritten by any API we call in the meantime. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
Whenever a connection was closed due to keepalive timeout, we would log a warning but the interrupted API would return rather useless generic error: internal error: received hangup / error event on socket Let's report a proper keepalive timeout error and make sure it is propagated to all pending APIs. The error should be better now: internal error: connection closed due to keepalive timeout Based on an old patch from Martin Kletzander. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Luyao Huang 提交于
Just like e92e5ba1, this attribute was missed. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Luyao Huang 提交于
Build fail and error like this: CC qemu/libvirt_driver_qemu_impl_la-qemu_command.lo qemu/qemu_capabilities.c:46:27: fatal error: qemu_capspriv.h: No such file or directory #include "qemu_capspriv.h" Add qemu_capspriv.h to source. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
由 Cole Robinson 提交于
$ rpmbuild -ba libvirt.spec warning: Macro expanded in comment on line 5: # If neither fedora nor rhel was defined, try to guess them from %{dist} warning: Macro %enable_autotools defined but not used within scope warning: Macro %client_only defined but not used within scope ...
-