Re: [libvirt] [RFC][PATCH] lxc: fix for ns cgroups subsystem
Hi Serge, On Fri, May 8, 2009 at 11:48 AM, Serge E. Hallyn se...@us.ibm.com wrote: IIUC, the real problem is that src/cgroup.c assumes that the cgroup name should be $CGROUP_MOUNTPOINT/groupname. But of course if the ns cgroup is enabled, then the unshare(CLONE_NEWNS) to create a new namespace in which to mount the new devpts locks the driver under $CGROUP_MOUNTPOINT/pid_of_driver/ or somesuch. If this fixes the problem I have no objections, but it seems more fragile than perhaps trying to teach src/cgroup.c to consider it's current cgroup as a starting point. hmm, I don't know why the assumption is bad and how the approach you are suggesting helps the ns problem. Thanks, ozaki-r -serge Quoting Ryota Ozaki (ozaki.ry...@gmail.com): From 46531182708dc3eb132b14ce2f23fbc639430176 Mon Sep 17 00:00:00 2001 From: Ryota Ozaki ozaki.ry...@gmail.com Date: Fri, 8 May 2009 05:31:03 +0900 Subject: [PATCH] lxc: fix for ns cgroups subsystem lxc does not work if ns cgroups subsystem is enabled because of two factors; one is that ns has a special rule to create a group[*] unlike other subsystems and the other is lxc controller creates a new namespace for /dev/pts prior to create a new group for a domain. Unfortunately the new namespace breaks the rule of ns and that prevents a lxc controller from creating a new group. This patch addresses the problem by creating a new group before creating a new namespace (i.e. call unshare syscall). Note that this patch is only for the case ns is enabled and current code works well if it disabled. However, I think this patch makes sense because not just a few users know much about cgroups and likely to enable all of subsystems without notions (i.e. mount cgroups without any options). [*] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/ns_cgroup.c;hb=HEAD --- src/lxc_controller.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lxc_controller.c b/src/lxc_controller.c index e0fb05d..1231817 100644 --- a/src/lxc_controller.c +++ b/src/lxc_controller.c @@ -458,6 +458,9 @@ lxcControllerRun(virDomainDefPtr def, goto cleanup; } + if (lxcSetContainerResources(def) 0) + goto cleanup; + root = virDomainGetRootFilesystem(def); /* @@ -543,9 +546,6 @@ lxcControllerRun(virDomainDefPtr def, } - if (lxcSetContainerResources(def) 0) - goto cleanup; - if ((container = lxcContainerStart(def, nveths, veths, -- 1.6.0.6 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] change permissions of directories in cgroups
On Fri, May 08, 2009 at 09:03:32AM +0900, Ryota Ozaki wrote: Hi, This patch creates a directory in cgroups with an ordinary permission 0755 (rwxr-xr-x) instead of 0655 (rw-r-xr-x). I guess 0655 is not expected and just a mistake, or is there a special reason? ACK, this looks fine. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [RFC][PATCH] lxc: drop CAP_SYS_BOOT capability to prevent rebooting from inside containers
On Fri, May 08, 2009 at 09:04:35AM +0900, Ryota Ozaki wrote:
Hi,
Current lxc driver unexpectedly allows users inside containers to reboot
host physical machine. This patch prevents this by dropping CAP_SYS_BOOT
capability in the bounding set of the init processes in every containers.
Note that the patch intends to make it easy to add further capabilities
to drop if needed, although I'm not sure which capabilities should be
dropped. (We might need to drop CAP_SETFCAP as well to be strict...)
Great, the dropping of capabilities has been one of our major
todo items for LXC.
ACK to this patch
Daniel
Signed-off-by: Ryota Ozaki ozaki.ry...@gmail.com
From 0e7a7622bc6411bbe76c05c63c6e6e61d379d97b Mon Sep 17 00:00:00 2001
From: Ryota Ozaki ozaki.ry...@gmail.com
Date: Fri, 8 May 2009 04:29:24 +0900
Subject: [PATCH] lxc: drop CAP_SYS_BOOT capability to prevent
rebooting from inside containers
Current lxc driver unexpectedly allows users inside containers to reboot
host physical machine. This patch prevents this by dropping CAP_SYS_BOOT
capability in the bounding set of the init processes in every containers.
---
src/lxc_container.c | 30 ++
1 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/src/lxc_container.c b/src/lxc_container.c
index 3946b84..37ab216 100644
--- a/src/lxc_container.c
+++ b/src/lxc_container.c
@@ -32,6 +32,8 @@
#include sys/ioctl.h
#include sys/mount.h
#include sys/wait.h
+#include sys/prctl.h
+#include sys/capability.h
#include unistd.h
#include mntent.h
@@ -639,6 +641,30 @@ static int lxcContainerSetupMounts(virDomainDefPtr vmDef,
return lxcContainerSetupExtraMounts(vmDef);
}
+
+static int lxcContainerDropCapabilities( virDomainDefPtr vmDef )
+{
+int i;
+const struct {
+int id;
+const char *name;
+} caps[] = {
+#define ID_STRING(name) name, #name
+{ ID_STRING(CAP_SYS_BOOT) },
+};
+
+for (i = 0 ; i ARRAY_CARDINALITY(caps) ; i++) {
+if (prctl(PR_CAPBSET_DROP, caps[i].id, 0, 0, 0)) {
+lxcError(NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ %s, _(failed to drop %s), caps[i].name);
+return -1;
+}
+}
+
+return 0;
+}
+
+
/**
* lxcChild:
* @argv: Pointer to container arguments
@@ -705,6 +731,10 @@ static int lxcContainerChild( void *data )
if (lxcContainerEnableInterfaces(argv-nveths, argv-veths) 0)
return -1;
+/* drop a set of root capabilities */
+if (lxcContainerDropCapabilities(vmDef) 0)
+return -1;
+
/* this function will only return if an error occured */
return lxcContainerExecInit(vmDef);
}
--
1.6.0.6
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Works: libvirt client on OS X 10.5.6
On Thu, May 07, 2009 at 11:50:25PM -0500, Schley Andrew Kutz wrote:
Getting libvirt-0.6.3 (client) to compile on OS X
- Use MacPorts to install gnutls (and its several dependencies)
- Set environment variables:
export LDFLAGS=-L/opt/local/lib
export CPPFLAGS=-I/opt/local/include
export MACOSX_DEPLOYMENT_TARGET=10.4
- Configure
--prefix=/opt/libvirt/ --without-sasl --without-avahi --without-polkit
--without-python --without-xen --without-qemu --without-lxc --without-
openvz --without-libvirtd --without-uml
- Apply patches
src/pci.c
#ifndef MODPROBE
#define MODPROBE 0
#endif
src/virsh.c:5665
if (command_ret != 0 /* WEXITSTATUS (0) */) {
That's great - we can easily fix these 2 bugs.
- Compile
The MACOSX_DEPLOYMENT_TARGET variable is very important, otherwise you
will get symbol errors when linking.
We currently have a patch on the website describing how to build for
Windows
http://libvirt.org/windows.html
I think it'd be great to get an equivalent page for OS-X, if you'd
like to document your process formally. Just create a new .html.in
file in the docs/ directory, and add it to docs/sitemap.html.in too.
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix the style of argument(cpumap) in op_pincpu()
Hi Daniel,
Daniel Veillard wrote:
* xen-unstable
Set cpu affinity used by xenDaemonDomainPinCpu():
# set xenHypervisorPinVcpu() always return -1 for test
| libvirt | libvirt
| current format | new format
+--+--+--+--
| old xend | new xend | old xend | new xend
-+--+--+--+--
inactive |(1) | (3)| (5)|(7)
domain |NG1 | NG2| NG1|OK
-+--+--+--+--
active |(2) | (4)| (6)|(8)
domain |NG1 | NG2| NG1|OK
old xend: before xen-unstable changeset 19579
new xend: after xen-unstable changeset 19580
OK : virsh command end normaly and
set cpu affinity.
NG1: virsh command end normaly, but
can't set cpu affinity.
NG2: virsh command end with show error msg.
Result (1),(2) is the same as result (5),(6).
Okay, but I'm still worrying.
The fact that we fail to detect the error NG1 is a bug, and that
bug should be fixed. Seems to me the change may just replace one error
by another one but in the end we should instead aim at fixing the NG1
problem with the old format, not substituing it with something else.
I would prefer if the patch did some checking about the current xend
version running, but unfortunately priv-xendConfigVersion won't be
precise enough.
Sorry I don't know how to handle this more correctly right now
I see.
priv-xendConfigVersion isn't appropriate for tracing the xend's
version. We should request to the xen community for new interface
of to get the xend's version.
On other hand,
the new xend and libvirt without the cpumap patch occur error(NG2).
Behavior of the old xend and libvirt with the cpumap patch is the same
behavior of libvirt without the cpumap patch.
Moreover, there is no work for libvirt of this issue any further at present.
I make the patch that added the foregoing content as TODO comment.
Signed-off-by: Tatsuro Enokura fj202...@aa.jp.fujitsu.com
Thanks,
Tatsuro Enokura
Index: src/xend_internal.c
===
RCS file: /data/cvs/libvirt/src/xend_internal.c,v
retrieving revision 1.261
diff -u -r1.261 xend_internal.c
--- src/xend_internal.c 7 May 2009 07:27:49 - 1.261
+++ src/xend_internal.c 8 May 2009 09:41:42 -
@@ -3765,6 +3765,13 @@
* @maplen: length of cpumap in bytes
*
* Dynamically change the real CPUs which can be allocated to a virtual CPU.
+ * TODO: When we use libvirt,
+ * the XenD cpu affinity works on after cset 19579.
+ * But we cannot detect the XenD version precisely.
+ * This is because XenD does not have precise version info I/F.
+ * We need to request precise XenD version detection I/F
+ * to the Xen community.
+ * After that, we need to discriminate the XenD version.
*
* Returns 0 for success; -1 (with errno) on error
*/
@@ -3772,7 +3779,7 @@
xenDaemonDomainPinVcpu(virDomainPtr domain, unsigned int vcpu,
unsigned char *cpumap, int maplen)
{
-char buf[VIR_UUID_BUFLEN], mapstr[sizeof(cpumap_t) * 64] = [;
+char buf[VIR_UUID_BUFLEN], mapstr[sizeof(cpumap_t) * 64] = ;
int i, j;
if ((domain == NULL) || (domain-conn == NULL) || (domain-name == NULL)
@@ -3788,7 +3795,7 @@
snprintf(buf, sizeof(buf), %d,, (8 * i) + j);
strcat(mapstr, buf);
}
-mapstr[strlen(mapstr) - 1] = ']';
+mapstr[strlen(mapstr) - 1] = '\0';
snprintf(buf, sizeof(buf), %d, vcpu);
return(xend_op(domain-conn, domain-name, op, pincpu, vcpu, buf,
cpumap, mapstr, NULL));
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] vbox: don't crash if init fails early
On Thu, May 07, 2009 at 11:25:49AM +0200, Pritesh Kothari wrote: On Thursday 07 May 2009 10:52:15 Guido Günther wrote: Hi, not having set up pfuncs already results in a core dump. O.k. to apply? ACK, Applied now. -- Guido -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] vbox: don't fail on missing vbox
On Thu, May 07, 2009 at 10:25:34AM +0100, Daniel P. Berrange wrote: On Thu, May 07, 2009 at 11:19:01AM +0200, Pritesh Kothari wrote: On Thursday 07 May 2009 10:50:54 Guido Günther wrote: Hi, virsh fails with: 10:47:37.104: debug : do_open:922 : no name, allowing driver auto-select 10:47:37.104: debug : do_open:930 : trying driver 0 (Test) ... 10:47:37.104: debug : do_open:936 : driver 0 Test returned DECLINED 10:47:37.104: debug : do_open:930 : trying driver 1 (OPENVZ) ... 10:47:37.105: debug : do_open:936 : driver 1 OPENVZ returned DECLINED 10:47:37.105: debug : do_open:930 : trying driver 2 (VBOX) ... 10:47:37.106: debug : do_open:936 : driver 2 VBOX returned ERROR 10:47:37.106: debug : virUnrefConnect:210 : unref connection 0x10032b10 1 10:47:37.106: debug : virReleaseConnect:171 : release connection 0x10032b10 error: failed to connect to the hypervisor if one has built with vbox support but vbox is not installed. Attached patch calls VBoxCGlueInit() early so we can return 'declined' instead of 'error'. O.k. to apply? the above patch leads to memory leaks as vboxUninitialize() needs to be called if VBoxCGlueInit() is called, so modifying it as below solves both the problems. (declined is right here cause the only error condition is while conn-uri == NULL is already being handled, and thus the following patch) Ok, thanks for checking this. ACK to this patch instead of Guido's. Applied now. -- Guido -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: fix mknod file type
On Thu, May 07, 2009 at 09:48:57AM +0900, Ryota Ozaki wrote: Hi, On Thu, May 7, 2009 at 7:39 AM, Ryota Ozaki ozaki.ry...@gmail.com wrote: Hi Daniel, On Wed, May 6, 2009 at 7:31 PM, Daniel P. Berrange berra...@redhat.com wrote: On Wed, May 06, 2009 at 04:01:32AM +0900, Ryota Ozaki wrote: Hi, This patch fixes the 2nd argument of mknod syscall. The argument should include a file type, i.e., S_IFCHR in this case, otherwise created files will be regular files. Wierd. I guess no one has anything that uses this becasue current code is clearly useless / broken. I think so unfortunately ; Actually lxc does not work in my system with cgroups enabled. lxc code probably remains some other bugs. oops, I've found a bug in the previous patch. Please replace with the following patch. Thanks, I've committed this patch now. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] change permissions of directories in cgroups
On Fri, May 08, 2009 at 09:03:32AM +0900, Ryota Ozaki wrote: Hi, This patch creates a directory in cgroups with an ordinary permission 0755 (rwxr-xr-x) instead of 0655 (rw-r-xr-x). I guess 0655 is not expected and just a mistake, or is there a special reason? I've committed this patch now Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] PATCH: Fix QEMU arg detection for kvm = 85
The -help output from KVM = 85 is now large than we expected. This patch
increases the buffer from 8k to 64k when reading help. It also provides
more detailed error messages should something go wrong in the future.
Two examples of improved error reporting
# virsh -c qemu:///system start VirtTest
error: Failed to start domain VirtTest
error: Unable to read QEMU help output: Value too large for defined data type
# virsh -c qemu:///system start VirtTest
error: Failed to start domain VirtTest
error: internal error cannot parse QEMU version number in 'QEMU PC emulator
version 0.9.1 (kvm-79), Copyright (c) 2003-2008 Fabrice Bellard'
Daniel
Index: src/qemu_conf.c
===
RCS file: /data/cvs/libvirt/src/qemu_conf.c,v
retrieving revision 1.145
diff -u -p -r1.145 qemu_conf.c
--- src/qemu_conf.c 8 May 2009 10:07:16 - 1.145
+++ src/qemu_conf.c 8 May 2009 10:37:22 -
@@ -431,18 +431,28 @@ int qemudExtractVersionInfo(const char *
return -1;
char *help = NULL;
-enum { MAX_HELP_OUTPUT_SIZE = 8192 };
+enum { MAX_HELP_OUTPUT_SIZE = 1024*64 };
int len = virFileReadLimFD(newstdout, MAX_HELP_OUTPUT_SIZE, help);
-if (len 0)
+if (len 0) {
+virReportSystemError(NULL, errno, %s,
+ _(Unable to read QEMU help output));
goto cleanup2;
+}
if (sscanf(help, QEMU PC emulator version %u.%u.%u (kvm-%u),
major, minor, micro, kvm_version) != 4)
kvm_version = 0;
-if (!kvm_version sscanf(help, QEMU PC emulator version %u.%u.%u,
- major, minor, micro) != 3)
+if (!kvm_version
+sscanf(help, QEMU PC emulator version %u.%u.%u,
+ major, minor, micro) != 3) {
+char *eol = strchr(help, '\n');
+if (eol) *eol = '\0';
+qemudReportError(NULL, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _(cannot parse QEMU version number in '%s'),
+ help);
goto cleanup2;
+}
version = (major * 1000 * 1000) + (minor * 1000) + micro;
Index: src/qemu_driver.c
===
RCS file: /data/cvs/libvirt/src/qemu_driver.c,v
retrieving revision 1.236
diff -u -p -r1.236 qemu_driver.c
--- src/qemu_driver.c 8 May 2009 10:11:14 - 1.236
+++ src/qemu_driver.c 8 May 2009 10:37:22 -
@@ -1379,12 +1379,8 @@ static int qemudStartVMDaemon(virConnect
if (qemudExtractVersionInfo(emulator,
NULL,
-qemuCmdFlags) 0) {
-qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
- _(Cannot determine QEMU argv syntax %s),
- emulator);
+qemuCmdFlags) 0)
goto cleanup;
-}
if (qemuPrepareHostDevices(conn, vm-def) 0)
goto cleanup;
@@ -3703,12 +3699,8 @@ static int qemudDomainChangeEjectableMed
if (qemudExtractVersionInfo(vm-def-emulator,
NULL,
-qemuCmdFlags) 0) {
-qemudReportError(conn, dom, NULL, VIR_ERR_INTERNAL_ERROR,
- _(Cannot determine QEMU argv syntax %s),
- vm-def-emulator);
+qemuCmdFlags) 0)
return -1;
-}
if (qemuCmdFlags QEMUD_CMD_FLAG_DRIVE) {
if (!(devname = qemudDiskDeviceName(conn, newdisk)))
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Works: libvirt client on OS X 10.5.6
Happy to do it, I just need permission to put a file there.
Additionally, you can grab the binaries at http://files.lostcreations.com/libvirt-0.6.3-bin.tar.gz
and http://files.lostcreations.com/libvirt-java-0.2.1-bin.tar.gz.
Both archives belong in /opt. They will decompress to libvirt-0.6.3
and libvirt-java-0.2.1 respectively. The latter depends on the
former's location. Additionally, the libvirt binaries depend on gnutls
and all of its dependencies existing in /opt/local (the default
MacPorts root location).
--
-a
Ideally, a code library must be immediately usable by naive
developers, easily customized by more sophisticated developers, and
readily extensible by experts. -- L. Stein
On May 8, 2009, at 4:41 AM, Daniel P. Berrange wrote:
On Thu, May 07, 2009 at 11:50:25PM -0500, Schley Andrew Kutz wrote:
Getting libvirt-0.6.3 (client) to compile on OS X
- Use MacPorts to install gnutls (and its several dependencies)
- Set environment variables:
export LDFLAGS=-L/opt/local/lib
export CPPFLAGS=-I/opt/local/include
export MACOSX_DEPLOYMENT_TARGET=10.4
- Configure
--prefix=/opt/libvirt/ --without-sasl --without-avahi --without-
polkit
--without-python --without-xen --without-qemu --without-lxc --
without-
openvz --without-libvirtd --without-uml
- Apply patches
src/pci.c
#ifndef MODPROBE
#define MODPROBE 0
#endif
src/virsh.c:5665
if (command_ret != 0 /* WEXITSTATUS (0) */) {
That's great - we can easily fix these 2 bugs.
- Compile
The MACOSX_DEPLOYMENT_TARGET variable is very important, otherwise
you
will get symbol errors when linking.
We currently have a patch on the website describing how to build for
Windows
http://libvirt.org/windows.html
I think it'd be great to get an equivalent page for OS-X, if you'd
like to document your process formally. Just create a new .html.in
file in the docs/ directory, and add it to docs/sitemap.html.in too.
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/
:|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org
:|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/
:|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742
7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [RFC][PATCH] lxc: fix for ns cgroups subsystem
Quoting Ryota Ozaki (ozaki.ry...@gmail.com): Hi Serge, On Fri, May 8, 2009 at 11:48 AM, Serge E. Hallyn se...@us.ibm.com wrote: IIUC, the real problem is that src/cgroup.c assumes that the cgroup name should be $CGROUP_MOUNTPOINT/groupname. But of course if the ns cgroup is enabled, then the unshare(CLONE_NEWNS) to create a new namespace in which to mount the new devpts locks the driver under $CGROUP_MOUNTPOINT/pid_of_driver/ or somesuch. If this fixes the problem I have no objections, but it seems more fragile than perhaps trying to teach src/cgroup.c to consider it's current cgroup as a starting point. hmm, I don't know why the assumption is bad and how the approach you are suggesting helps the ns problem. To be clear, the asssumption is that the driver starts in the root cgroup, i.e. it's pid is listed in $CGROUP_MOUNTPOINT/tasks. And that it can create $CGROUP_MOUNTPOINT/groupname and move itself into $CGROUP_MOUNTPOINT/groupname/tasks. So, the assumption is bad because when the driver does a unshare(CLONE_NEWNS), it gets moved into $CGROUP_MOUNTPOINT/X, and after that can only move itself into $CGROUP_MOUNTPOINT/X/groupname. Even with your patch, it's possible for the lxc driver to have been started under say $CGROUP_MOUNTPOINT/libvir or $CGROUP_MOUNTPOINT/username through libcgroup/PAM for instance, in which case your patch would be insufficient. thanks, -serge PS The point of the ns cgroup is to prevent even privileged tasks in a resource group from escaping that resource group. FWIW this can currently also be done using selinux/smack, and eventually should be accomplished using user namespaces. At that point we should seriously consider removing the movement restriction. -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] PATCH: Another attempt to fix vbox driver open
The patches we just applied for the VirtualBox open method still were
not quite right. It would return VIR_DRV_OPEN_DECLINED when uri==NULL,
but before doing so it would have set conn-uri to vbox:///session. So
even though it declined the connection, all the later drivers would now
ignore it. Also, it now returns DECLINED for some real errors that
should be reported to the user.
Here's an alternative idea I've had for trying to address this. Some
goals:
- If the user gives a URI with a vbox:/// prefix, we should always
handle it, unless a 'server' is set when we leave it to the remote
driver
- If an invalid path is given we must give back a real error code
- If after deciding the URI is for us, any initialization fails
we must raise an error.
- If the vbox glue layer is missing, we should still raise errors
for requested URIs, so user knows their URI is correct.
To do this, I've taken the approach of registering a dummy vbox driver
if the glue layer is missing. This just parses the URI and always returns
an error for any vbox:// URIs that would otherwise work
Daniel
Index: src/vbox/vbox_driver.c
===
RCS file: /data/cvs/libvirt/src/vbox/vbox_driver.c,v
retrieving revision 1.2
diff -u -p -r1.2 vbox_driver.c
--- src/vbox/vbox_driver.c 6 May 2009 13:51:19 - 1.2
+++ src/vbox/vbox_driver.c 8 May 2009 16:35:57 -
@@ -34,6 +34,7 @@
#include logging.h
#include vbox_driver.h
#include vbox_XPCOMCGlue.h
+#include virterror_internal.h
#define VIR_FROM_THIS VIR_FROM_VBOX
@@ -43,15 +44,25 @@ extern virDriver vbox22Driver;
extern virDriver vbox25Driver;
#endif
+static virDriver vboxDriverDummy;
+
+#define VIR_FROM_THIS VIR_FROM_VBOX
+
+#define vboxError(conn, code, fmt...) \
+virReportErrorHelper(conn, VIR_FROM_VBOX, code, __FILE__, \
+__FUNCTION__, __LINE__, fmt)
int vboxRegister(void) {
virDriverPtrdriver;
uint32_tuVersion;
-/* vboxRegister() shouldn't fail as that will render libvirt unless.
- * So, we use the v2.2 driver as a fallback/dummy.
+/*
+ * If the glue layer won' initialize, we register a driver
+ * with a dummy open method, so we can report nicer errors
+ * if the user requests a vbox:// URI which we know won't
+ * ever work
*/
-driver= vbox22Driver;
+driver= vboxDriverDummy;
/* Init the glue and get the API version. */
if (VBoxCGlueInit() == 0) {
@@ -79,7 +90,7 @@ int vboxRegister(void) {
}
} else {
-DEBUG0(VBoxCGlueInit failed);
+DEBUG0(VBoxCGlueInit failed, using dummy driver);
}
if (virRegisterDriver(driver) 0)
@@ -87,3 +98,46 @@ int vboxRegister(void) {
return 0;
}
+
+static virDrvOpenStatus vboxOpenDummy(virConnectPtr conn,
+ virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+ int flags ATTRIBUTE_UNUSED) {
+uid_t uid = getuid();
+
+if (conn-uri == NULL ||
+conn-uri-scheme == NULL ||
+STRNEQ (conn-uri-scheme, vbox) ||
+conn-uri-server != NULL)
+return VIR_DRV_OPEN_DECLINED;
+
+if (conn-uri-path == NULL || STREQ(conn-uri-path, )) {
+vboxError(conn, VIR_ERR_INTERNAL_ERROR, %s,
+ _(no VirtualBox drviver path specified (try
vbox:///session)));
+return VIR_DRV_OPEN_ERROR;
+}
+
+if (uid != 0) {
+if (STRNEQ (conn-uri-path, /session)) {
+vboxError(conn, VIR_ERR_INTERNAL_ERROR,
+ _(unknown driver path '%s' specified (try
vbox:///session)), conn-uri-path);
+return VIR_DRV_OPEN_ERROR;
+}
+} else { /* root */
+if (STRNEQ (conn-uri-path, /system)
+STRNEQ (conn-uri-path, /session)) {
+vboxError(conn, VIR_ERR_INTERNAL_ERROR,
+ _(unknown driver path '%s' specified (try
vbox:///system)), conn-uri-path);
+return VIR_DRV_OPEN_ERROR;
+}
+}
+
+vboxError(conn, VIR_ERR_INTERNAL_ERROR, %s,
+ _(unable to initialize VirtualBox driver API));
+return VIR_DRV_OPEN_ERROR;
+}
+
+static virDriver vboxDriverDummy = {
+VIR_DRV_VBOX,
+VBOX,
+.open = vboxOpenDummy,
+};
Index: src/vbox/vbox_tmpl.c
===
RCS file: /data/cvs/libvirt/src/vbox/vbox_tmpl.c,v
retrieving revision 1.5
diff -u -p -r1.5 vbox_tmpl.c
--- src/vbox/vbox_tmpl.c8 May 2009 10:18:26 - 1.5
+++ src/vbox/vbox_tmpl.c8 May 2009 16:35:57 -
@@ -216,16 +216,6 @@ no_memory:
}
static int vboxInitialize(virConnectPtr conn, vboxGlobalData *data) {
-
-if (VBoxCGlueInit() != 0) {
-vboxError(conn, VIR_ERR_INTERNAL_ERROR, Can't Initialize VirtualBox,
VBoxCGlueInit failed.);
-goto cleanup;
-}
-
-/* This is for when glue init failed
[libvirt] PATCH: Fix virsh reporting open errors
The error handling refactor we did in virsh a few months back, accidentally
means we never report the real libvirt error message for the initial
connection attempt. This patch fixes it
Daniel
Index: src/virsh.c
===
RCS file: /data/cvs/libvirt/src/virsh.c,v
retrieving revision 1.202
diff -u -p -r1.202 virsh.c
--- src/virsh.c 28 Apr 2009 10:55:45 - 1.202
+++ src/virsh.c 8 May 2009 16:36:30 -
@@ -6876,6 +6876,7 @@ vshInit(vshControl *ctl)
* such as help.
*/
if (!ctl-conn) {
+virshReportError(ctl);
vshError(ctl, FALSE, %s, _(failed to connect to the hypervisor));
return FALSE;
}
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 0/5] Interface Config public APIs and remote stubs
These 5 patches contain the public virInterface*() API definition, the local plumbing, and the RPC glue. The test driver and real driver are still TBI, but having this in will allow other people to work on related stuff. Other things still needed: python/java bindings cli commands in virsh I'm sure lots of other things I don't know about yet. Note that I have added a couple things to the API that I previously didn't realize were needed (virInterfaceRef and virInterfaceFree - I had figured the client side would just pass around a cookie, not actually have storage associated with it). -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/5] Public API for new virInterface* functions, which facilitate
From: Laine Stump la...@redhat.com --- include/libvirt/libvirt.h| 84 ++ include/libvirt/libvirt.h.in | 84 ++ 2 files changed, 168 insertions(+), 0 deletions(-) diff --git a/include/libvirt/libvirt.h b/include/libvirt/libvirt.h index 30f559d..91af6fd 100644 --- a/include/libvirt/libvirt.h +++ b/include/libvirt/libvirt.h @@ -854,6 +854,90 @@ int virNetworkGetAutostart (virNetworkPtr network, int virNetworkSetAutostart (virNetworkPtr network, int autostart); +/* + * Physical host interface configuration API + */ + +/** + * virInterface: + * + * a virInterface is a private structure representing a virtual interface. + */ +typedef struct _virInterface virInterface; + +/** + * virInterfacePtr: + * + * a virInterfacePtr is pointer to a virInterface private structure, this is the + * type used to reference a virtual interface in the API. + */ +typedef virInterface *virInterfacePtr; + +/* + * Get connection from interface. + */ +virConnectPtr virInterfaceGetConnect(virInterfacePtr interface); + +/* + * List defined interfaces + */ +int virConnectNumOfInterfaces (virConnectPtr conn); +int virConnectListInterfaces (virConnectPtr conn, + char **const names, + int maxnames); + +/* + * Lookup interface by name or MAC address + */ +virInterfacePtr virInterfaceLookupByName (virConnectPtr conn, + const char *name); +virInterfacePtr virInterfaceLookupByMAC (virConnectPtr conn, + const unsigned char *mac); +virInterfacePtr virInterfaceLookupByMACString (virConnectPtr conn, + const char *mac); + +/* + * Interface information + */ +const char* virInterfaceGetName (virInterfacePtr interface); +int virInterfaceGetMAC(virInterfacePtr interface, + unsigned char *mac); +int virInterfaceGetMACString (virInterfacePtr interface, + char *mac); + +char * virInterfaceGetXMLDesc(virInterfacePtr interface, + int flags); +/* + * Define interface (or modify existing interface configuration) + */ +virInterfacePtr virInterfaceDefineXML (virConnectPtr conn, + const char *xmlDesc, + int flags); + +/* + * Delete interface + */ +int virInterfaceUndefine (virInterfacePtr interface); + +/* + * Activate interface (ie call ifup) + */ +int virInterfaceCreate(virInterfacePtr interface, + int flags); + +/* + * De-activate interface (call ifdown) + */ +int virInterfaceDestroy (virInterfacePtr interface, + int flags); + +/* + * interface object memory management - you must call + * virInterfaceFree() once for each call to virInterfaceRef, or any + * API function that returns a virInterfacePtr. + */ +int virInterfaceRef (virInterfacePtr interface); +int virInterfaceFree (virInterfacePtr interface); /** * virStoragePool: diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index 2f7076f..cee3d94 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -854,6 +854,90 @@ int virNetworkGetAutostart (virNetworkPtr network, int virNetworkSetAutostart (virNetworkPtr network, int autostart); +/* + * Physical host interface configuration API + */ + +/** + * virInterface: + * + * a virInterface is a private structure representing a virtual interface. + */ +typedef struct _virInterface virInterface; + +/** + * virInterfacePtr: + * + * a virInterfacePtr is pointer to a virInterface private structure, this is the + * type used to reference a virtual interface in the API. + */ +typedef virInterface *virInterfacePtr; + +/* + * Get connection from interface. + */ +virConnectPtr virInterfaceGetConnect(virInterfacePtr interface); + +/* + * List defined interfaces + */ +int virConnectNumOfInterfaces (virConnectPtr conn); +int virConnectListInterfaces (virConnectPtr conn, + char **const names, +
[libvirt] [PATCH 2/5] First level of plumbing for virInterface*.
From: Laine Stump la...@redhat.com
---
include/libvirt/libvirt.h| 18 ++
include/libvirt/libvirt.h.in | 18 ++
include/libvirt/virterror.h |4 +
src/datatypes.h | 25 ++
src/driver.h | 60
src/libvirt.c| 695 ++
src/util.h |2 -
src/virterror.c | 21 ++
8 files changed, 841 insertions(+), 2 deletions(-)
diff --git a/include/libvirt/libvirt.h b/include/libvirt/libvirt.h
index 91af6fd..b0d93a2 100644
--- a/include/libvirt/libvirt.h
+++ b/include/libvirt/libvirt.h
@@ -433,6 +433,24 @@ extern virConnectAuthPtr virConnectAuthPtrDefault;
#define VIR_UUID_STRING_BUFLEN (36+1)
+/**
+ * VIR_MAC_BUFLEN:
+ *
+ * This macro provides the length of the buffer required
+ * for an interface MAC address
+ */
+
+#define VIR_MAC_BUFLEN (6)
+
+/**
+ * VIR_MAC_STRING_BUFLEN:
+ *
+ * This macro provides the length of the buffer required
+ * for virInterfaceGetMACString()
+ */
+
+#define VIR_MAC_STRING_BUFLEN (VIR_MAC_BUFLEN * 3)
+
/* library versioning */
/**
diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index cee3d94..fbaf212 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -433,6 +433,24 @@ extern virConnectAuthPtr virConnectAuthPtrDefault;
#define VIR_UUID_STRING_BUFLEN (36+1)
+/**
+ * VIR_MAC_BUFLEN:
+ *
+ * This macro provides the length of the buffer required
+ * for an interface MAC address
+ */
+
+#define VIR_MAC_BUFLEN (6)
+
+/**
+ * VIR_MAC_STRING_BUFLEN:
+ *
+ * This macro provides the length of the buffer required
+ * for virInterfaceGetMACString()
+ */
+
+#define VIR_MAC_STRING_BUFLEN (VIR_MAC_BUFLEN * 3)
+
/* library versioning */
/**
diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h
index faf3f61..766cbad 100644
--- a/include/libvirt/virterror.h
+++ b/include/libvirt/virterror.h
@@ -63,6 +63,7 @@ typedef enum {
VIR_FROM_XEN_INOTIFY, /* Error from xen inotify layer */
VIR_FROM_SECURITY, /* Error from security framework */
VIR_FROM_VBOX,/* Error from VirtualBox driver */
+VIR_FROM_INTERFACE, /* Error when operating on an interface */
} virErrorDomain;
@@ -157,6 +158,9 @@ typedef enum {
VIR_ERR_INVALID_NODE_DEVICE,/* invalid node device object */
VIR_ERR_NO_NODE_DEVICE,/* node device not found */
VIR_ERR_NO_SECURITY_MODEL, /* security model not found */
+VIR_WAR_NO_INTERFACE, /* failed to start interface driver */
+VIR_ERR_NO_INTERFACE, /* interface driver not running */
+VIR_ERR_INVALID_INTERFACE, /* invalid interface object */
} virErrorNumber;
/**
diff --git a/src/datatypes.h b/src/datatypes.h
index 5956c5d..deac9df 100644
--- a/src/datatypes.h
+++ b/src/datatypes.h
@@ -59,6 +59,16 @@
#define VIR_IS_CONNECTED_NETWORK(obj) (VIR_IS_NETWORK(obj)
VIR_IS_CONNECT((obj)-conn))
/**
+ * VIR_INTERFACE_MAGIC:
+ *
+ * magic value used to protect the API when pointers to interface structures
+ * are passed down by the users.
+ */
+#define VIR_INTERFACE_MAGIC0xDEAD5309
+#define VIR_IS_INTERFACE(obj) ((obj)
(obj)-magic==VIR_INTERFACE_MAGIC)
+#define VIR_IS_CONNECTED_INTERFACE(obj)(VIR_IS_INTERFACE(obj)
VIR_IS_CONNECT((obj)-conn))
+
+/**
* VIR_STORAGE_POOL_MAGIC:
*
* magic value used to protect the API when pointers to storage pool structures
@@ -106,6 +116,7 @@ struct _virConnect {
/* The underlying hypervisor driver and network driver. */
virDriverPtr driver;
virNetworkDriverPtr networkDriver;
+virInterfaceDriverPtr interfaceDriver;
virStorageDriverPtr storageDriver;
virDeviceMonitorPtr deviceMonitor;
@@ -115,6 +126,7 @@ struct _virConnect {
*/
void *privateData;
void *networkPrivateData;
+void *interfacePrivateData;
void *storagePrivateData;
void *devMonPrivateData;
@@ -167,6 +179,19 @@ struct _virNetwork {
};
/**
+* _virInterface:
+*
+* Internal structure associated to a physical host interface
+*/
+struct _virInterface {
+unsigned int magic; /* specific value to check */
+int refs;/* reference count */
+virConnectPtr conn; /* pointer back to the connection */
+char *name; /* the network external name */
+unsigned char mac[VIR_MAC_BUFLEN]; /* the interface MAC address */
+};
+
+/**
* _virStoragePool:
*
* Internal structure associated to a storage pool
diff --git a/src/driver.h b/src/driver.h
index c357b76..30905c0 100644
--- a/src/driver.h
+++ b/src/driver.h
@@ -488,6 +488,65 @@ struct _virNetworkDriver {
virDrvNetworkSetAutostart networkSetAutostart;
};
+/*---*/
+typedef int
+(*virDrvNumOfInterfaces)(virConnectPtr conn);
+typedef int
+(*virDrvListInterfaces) (virConnectPtr conn,
+
[libvirt] [PATCH 3/5] Implement RPC part of interface config API.
---
qemud/remote.c | 235
qemud/remote_dispatch_args.h |8 +
qemud/remote_dispatch_prototypes.h | 63 +++
qemud/remote_dispatch_ret.h|6 +
qemud/remote_dispatch_table.h | 50 +
qemud/remote_protocol.c| 156
qemud/remote_protocol.h| 127 +
qemud/remote_protocol.x| 90 +-
src/datatypes.c| 154
src/datatypes.h|6 +
src/libvirt.c | 10 -
src/remote_internal.c | 351
12 files changed, 1245 insertions(+), 11 deletions(-)
diff --git a/qemud/remote.c b/qemud/remote.c
index 8d24a3a..6dfd83a 100644
--- a/qemud/remote.c
+++ b/qemud/remote.c
@@ -60,10 +60,12 @@ static void remoteDispatchFormatError (remote_error *rerr,
ATTRIBUTE_FORMAT(printf, 2, 3);
static virDomainPtr get_nonnull_domain (virConnectPtr conn,
remote_nonnull_domain domain);
static virNetworkPtr get_nonnull_network (virConnectPtr conn,
remote_nonnull_network network);
+static virInterfacePtr get_nonnull_interface (virConnectPtr conn,
remote_nonnull_interface interface);
static virStoragePoolPtr get_nonnull_storage_pool (virConnectPtr conn,
remote_nonnull_storage_pool pool);
static virStorageVolPtr get_nonnull_storage_vol (virConnectPtr conn,
remote_nonnull_storage_vol vol);
static void make_nonnull_domain (remote_nonnull_domain *dom_dst, virDomainPtr
dom_src);
static void make_nonnull_network (remote_nonnull_network *net_dst,
virNetworkPtr net_src);
+static void make_nonnull_interface (remote_nonnull_interface *interface_dst,
virInterfacePtr interface_src);
static void make_nonnull_storage_pool (remote_nonnull_storage_pool *pool_dst,
virStoragePoolPtr pool_src);
static void make_nonnull_storage_vol (remote_nonnull_storage_vol *vol_dst,
virStorageVolPtr vol_src);
static void make_nonnull_node_device (remote_nonnull_node_device *dev_dst,
virNodeDevicePtr dev_src);
@@ -2559,6 +2561,225 @@ remoteDispatchNumOfNetworks (struct qemud_server
*server ATTRIBUTE_UNUSED,
}
+/*-*/
+static int
+remoteDispatchNumOfInterfaces (struct qemud_server *server ATTRIBUTE_UNUSED,
+ struct qemud_client *client ATTRIBUTE_UNUSED,
+ virConnectPtr conn,
+ remote_error *rerr,
+ void *args ATTRIBUTE_UNUSED,
+ remote_num_of_interfaces_ret *ret)
+{
+
+ret-num = virConnectNumOfInterfaces (conn);
+if (ret-num == -1) {
+remoteDispatchConnError(rerr, conn);
+return -1;
+}
+
+return 0;
+}
+
+static int
+remoteDispatchListInterfaces (struct qemud_server *server ATTRIBUTE_UNUSED,
+ struct qemud_client *client ATTRIBUTE_UNUSED,
+ virConnectPtr conn,
+ remote_error *rerr,
+ remote_list_interfaces_args *args,
+ remote_list_interfaces_ret *ret)
+{
+
+if (args-maxnames REMOTE_INTERFACE_NAME_LIST_MAX) {
+remoteDispatchFormatError (rerr,
+ %s, _(maxnames
REMOTE_INTERFACE_NAME_LIST_MAX));
+return -1;
+}
+
+/* Allocate return buffer. */
+if (VIR_ALLOC_N(ret-names.names_val, args-maxnames) 0) {
+remoteDispatchOOMError(rerr);
+return -1;
+}
+
+ret-names.names_len =
+virConnectListInterfaces (conn,
+ ret-names.names_val, args-maxnames);
+if (ret-names.names_len == -1) {
+VIR_FREE(ret-names.names_len);
+remoteDispatchConnError(rerr, conn);
+return -1;
+}
+
+return 0;
+}
+
+static int
+remoteDispatchInterfaceLookupByName (struct qemud_server *server
ATTRIBUTE_UNUSED,
+ struct qemud_client *client
ATTRIBUTE_UNUSED,
+ virConnectPtr conn,
+ remote_error *rerr,
+ remote_interface_lookup_by_name_args
*args,
+ remote_interface_lookup_by_name_ret *ret)
+{
+virInterfacePtr interface;
+
+interface = virInterfaceLookupByName (conn, args-name);
+if (interface == NULL) {
+remoteDispatchConnError(rerr, conn);
+return -1;
+}
+
+make_nonnull_interface (ret-interface, interface);
+virInterfaceFree(interface);
+return 0;
+}
+
+static int
+remoteDispatchInterfaceLookupByMac (struct qemud_server *server
ATTRIBUTE_UNUSED,
+struct qemud_client *client
ATTRIBUTE_UNUSED,
+virConnectPtr conn,
+remote_error *rerr,
+
[libvirt] [PATCH 4/5] Publish the new Interface config API beginning with 0.6.4.
---
src/libvirt_public.syms | 20
1 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index b8f9128..cd369cb 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -264,4 +264,24 @@ LIBVIRT_0.6.3 {
virNodeDeviceDestroy;
} LIBVIRT_0.6.1;
+LIBVIRT_0.6.4 {
+global:
+ virInterfaceGetConnect;
+ virConnectNumOfInterfaces;
+ virConnectListInterfaces;
+ virInterfaceLookupByName;
+ virInterfaceLookupByMAC;
+ virInterfaceLookupByMACString;
+ virInterfaceGetName;
+ virInterfaceGetMAC;
+ virInterfaceGetMACString;
+ virInterfaceGetXMLDesc;
+ virInterfaceRef;
+ virInterfaceFree;
+ virInterfaceDefineXML;
+ virInterfaceUndefine;
+ virInterfaceCreate;
+ virInterfaceDestroy;
+
+} LIBVIRT_0.6.3;
# define new API here using predicted next version number
--
1.6.0.6
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 5/5] Use pkg_config in configure.in to detect presence of libnetcf and
From: Laine Stump la...@redhat.com --- configure.in| 35 --- src/Makefile.am |5 + 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index 1cdb64c..4ce4342 100644 --- a/configure.in +++ b/configure.in @@ -28,6 +28,7 @@ GNUTLS_REQUIRED=1.0.25 AVAHI_REQUIRED=0.6.0 POLKIT_REQUIRED=0.6 PARTED_REQUIRED=1.8.0 +NETCF_REQUIRED=0.0.1 dnl Checks for C compiler. AC_PROG_CC @@ -789,9 +790,31 @@ if test $with_qemu:$with_lxc:$with_network != no:no:no; then fi AM_CONDITIONAL([WITH_BRIDGE], [test $with_bridge = yes]) -dnl -dnl Storage driver checks -dnl +dnl netcf library +AC_ARG_WITH([netcf], +[ --with-netcf libnetcf support to configure physical host network interfaces], +[], [with_netcf=check]) + +NETCF_CFLAGS= +NETCF_LIBS= +if test $with_netcf = yes -o $with_netcf = check; then + PKG_CHECK_MODULES(NETCF, netcf = $NETCF_REQUIRED, +[with_netcf=yes], [ +if test $with_netcf = check ; then + with_netcf=no +else + AC_MSG_ERROR( + [You must install libnetcf = $NETCF_REQUIRED to compile libvirt]) +fi + ]) + if test $with_netcf = yes ; then +AC_DEFINE_UNQUOTED([WITH_NETCF], 1, + [whether libnetcf is available to configure physical host network interfaces]) + fi +fi +AM_CONDITIONAL([WITH_NETCF], [test $with_netcf = yes]) +AC_SUBST([NETCF_CFLAGS]) +AC_SUBST([NETCF_LIBS]) AC_ARG_WITH([storage-fs], [ --with-storage-fs with FileSystem backend for the storage driver (on)],[],[with_storage_fs=check]) @@ -1376,6 +1399,7 @@ AC_MSG_NOTICE([Test: $with_test]) AC_MSG_NOTICE([ Remote: $with_remote]) AC_MSG_NOTICE([ Network: $with_network]) AC_MSG_NOTICE([Libvirtd: $with_libvirtd]) +AC_MSG_NOTICE([ netcf: $with_netcf]) AC_MSG_NOTICE([]) AC_MSG_NOTICE([Storage Drivers]) AC_MSG_NOTICE([]) @@ -1443,6 +1467,11 @@ AC_MSG_NOTICE([ devkit: $DEVKIT_CFLAGS $DEVKIT_LIBS]) else AC_MSG_NOTICE([ devkit: no]) fi +if test $with_netcf = yes ; then +AC_MSG_NOTICE([ netcf: $NETCF_CFLAGS $NETCF_LIBS]) +else +AC_MSG_NOTICE([ netcf: no]) +fi AC_MSG_NOTICE([]) AC_MSG_NOTICE([Test suite]) AC_MSG_NOTICE([]) diff --git a/src/Makefile.am b/src/Makefile.am index fd692b4..7d7ef74 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -351,6 +351,11 @@ endif libvirt_driver_network_la_SOURCES = $(NETWORK_DRIVER_SOURCES) endif +if WITH_NETCF +libvirt_driver_interface_la_CFLAGS = $(NETCF_CFLAGS) +libvirt_driver_interface_la_LDFLAGS = $(NETCF_LIBS) +endif + # Needed to keep automake quiet about conditionals libvirt_driver_storage_la_SOURCES = if WITH_STORAGE_DIR -- 1.6.0.6 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [RFC][PATCH] lxc: fix for ns cgroups subsystem
Quoting Daniel P. Berrange (berra...@redhat.com): On Fri, May 08, 2009 at 08:34:12AM -0500, Serge E. Hallyn wrote: Quoting Ryota Ozaki (ozaki.ry...@gmail.com): Hi Serge, On Fri, May 8, 2009 at 11:48 AM, Serge E. Hallyn se...@us.ibm.com wrote: IIUC, the real problem is that src/cgroup.c assumes that the cgroup name should be $CGROUP_MOUNTPOINT/groupname. But of course if the ns cgroup is enabled, then the unshare(CLONE_NEWNS) to create a new namespace in which to mount the new devpts locks the driver under $CGROUP_MOUNTPOINT/pid_of_driver/ or somesuch. If this fixes the problem I have no objections, but it seems more fragile than perhaps trying to teach src/cgroup.c to consider it's current cgroup as a starting point. hmm, I don't know why the assumption is bad and how the approach you are suggesting helps the ns problem. To be clear, the asssumption is that the driver starts in the root cgroup, i.e. it's pid is listed in $CGROUP_MOUNTPOINT/tasks. And that it can create $CGROUP_MOUNTPOINT/groupname and move itself into $CGROUP_MOUNTPOINT/groupname/tasks. So, the assumption is bad because when the driver does a unshare(CLONE_NEWNS), it gets moved into $CGROUP_MOUNTPOINT/X, and after that can only move itself into $CGROUP_MOUNTPOINT/X/groupname. Even with your patch, it's possible for the lxc driver to have been started under say $CGROUP_MOUNTPOINT/libvir or $CGROUP_MOUNTPOINT/username through libcgroup/PAM for instance, in which case your patch would be insufficient. Indeed, we can't assume we're in the root group at any time. Our general plan is that libvirt itself uses 3 levels of cgroup starting at the cgroup that libvirtd was placed in by the admin of the host, then a per-driver group, then per-guest groups $LIBVIRTD_ROOT_CGROUP | +- lxc || |+- LXC-GUEST-1 |+- LXC-GUEST-2 |+- LXC-GUEST-3 |+- ... | +- qemu | +- QEMU-GUEST-1 +- QEMU-GUEST-2 +- QEMU-GUEST-3 +- ... $LIBVIRTD_ROOT_CGROUP, may be the actaul root mount point for the cgroup controller in question, or it may be a sub-directory that the admin chose to put it in. Also, if running libvirtd as a normal user, the admin may have created per-user account cgroups and so libvirtd would end up in there. So we have to be prepared for anything wrt initial libvirtd cgroup root. NB The code for putting QEMU in a cgroup isn't merged yet. That sounds good. I just don't think the code currently does it. To do the right thing, IIUC, virCgroupPathOfGroup() should parse the /proc/pid/cgroup contents of the 'controller' process, and insert that between the virCgroupGetMount(controller) result and the group name. Or something... (right?) thanks, -serge -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/2] Backend of node device API NPIV support
---
src/node_device.c | 355
src/node_device.h | 14 ++
src/node_device_conf.c | 106 ++-
src/node_device_conf.h | 16 ++
src/node_device_hal.c | 134 ++
src/storage_backend.c | 24 +---
src/virsh.c| 53 +++
7 files changed, 678 insertions(+), 24 deletions(-)
diff --git a/src/node_device.c b/src/node_device.c
index b84729f..25d3251 100644
--- a/src/node_device.c
+++ b/src/node_device.c
@@ -25,6 +25,8 @@
#include unistd.h
#include errno.h
+#include fcntl.h
+#include time.h
#include virterror_internal.h
#include datatypes.h
@@ -133,6 +135,53 @@ cleanup:
return ret;
}
+
+/* Caller must hold the driver lock. */
+static virNodeDevicePtr
+nodeDeviceLookupByWWN(virConnectPtr conn,
+ const char *wwnn,
+ const char *wwpn)
+{
+unsigned int i, found = 0;
+virDeviceMonitorStatePtr driver = conn-devMonPrivateData;
+virNodeDeviceObjListPtr devs = driver-devs;
+virNodeDevCapsDefPtr cap = NULL;
+virNodeDeviceObjPtr obj = NULL;
+virNodeDevicePtr dev = NULL;
+
+for (i = 0; i devs-count; i++) {
+
+obj = devs-objs[i];
+virNodeDeviceObjLock(obj);
+cap = obj-def-caps;
+
+while (cap) {
+
+if (cap-type == VIR_NODE_DEV_CAP_SCSI_HOST) {
+if (cap-data.scsi_host.flags
VIR_NODE_DEV_CAP_FLAG_HBA_FC_HOST) {
+if (STREQ(cap-data.scsi_host.wwnn, wwnn)
+STREQ(cap-data.scsi_host.wwpn, wwpn)) {
+found = 1;
+goto out;
+}
+}
+}
+cap = cap-next;
+}
+
+virNodeDeviceObjUnlock(obj);
+}
+
+out:
+if (found) {
+dev = virGetNodeDevice(conn, obj-def-name);
+virNodeDeviceObjUnlock(obj);
+}
+
+return dev;
+}
+
+
static char *nodeDeviceDumpXML(virNodeDevicePtr dev,
unsigned int flags ATTRIBUTE_UNUSED)
{
@@ -258,6 +307,310 @@ cleanup:
}
+static int
+nodeDeviceVportCreateDelete(virConnectPtr conn,
+const int parent_host,
+const char *wwpn,
+const char *wwnn,
+int operation)
+{
+int fd = -1;
+int retval = 0;
+char *operation_path;
+const char *operation_file;
+char *vport_name;
+size_t towrite = 0;
+unsigned int written = 0;
+
+switch (operation) {
+case VPORT_CREATE:
+operation_file = LINUX_SYSFS_VPORT_CREATE_POSTFIX;
+break;
+case VPORT_DELETE:
+operation_file = LINUX_SYSFS_VPORT_DELETE_POSTFIX;
+break;
+default:
+virNodeDeviceReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ _(Invalid vport operation (%d)), operation);
+retval = -1;
+goto no_unwind;
+break;
+}
+
+if (virAsprintf(operation_path,
+%shost%d%s,
+LINUX_SYSFS_FC_HOST_PREFIX,
+parent_host,
+operation_file) 0) {
+
+virReportOOMError(conn);
+retval = -1;
+goto no_unwind;
+}
+
+VIR_DEBUG(_(Vport operation path is '%s'), operation_path);
+
+fd = open(operation_path, O_WRONLY);
+
+if (fd 0) {
+virReportSystemError(conn, errno,
+ _(Could not open '%s' for vport operation),
+ operation_path);
+retval = -1;
+goto free_path;
+}
+
+if (virAsprintf(vport_name,
+%s:%s,
+wwpn,
+wwnn) 0) {
+
+virReportOOMError(conn);
+retval = -1;
+goto close_fd;
+}
+
+towrite = strlen(vport_name);
+written = safewrite(fd, vport_name, towrite);
+if (written != towrite) {
+virReportSystemError(conn, errno,
+ _(Write of '%s' to '%s' during
+ vport create/delete failed
+ (towrite: %lu written: %d)),
+ vport_name, operation_path,
+ towrite, written);
+retval = -1;
+}
+
+VIR_FREE(vport_name);
+close_fd:
+close(fd);
+free_path:
+VIR_FREE(operation_path);
+no_unwind:
+VIR_DEBUG(%s, _(Vport operation complete));
+return retval;
+}
+
+
+static int
+get_wwns(virConnectPtr conn,
+ virNodeDeviceDefPtr def,
+ char **wwnn,
+ char **wwpn)
+{
+virNodeDevCapsDefPtr cap = NULL;
+int ret = 0;
+
+cap = def-caps;
+while (cap != NULL) {
+if (cap-type == VIR_NODE_DEV_CAP_SCSI_HOST
+cap-data.scsi_host.flags VIR_NODE_DEV_CAP_FLAG_HBA_FC_HOST) {
+*wwnn = cap-data.scsi_host.wwnn;
+*wwpn = cap-data.scsi_host.wwnn;
+break;
+
[libvirt] [PATCH 0/2] Implement nodedev destroy API
Here is a patch that implements the node device destroy API call, as well as the suggestions that Dan made in his feedback on the patch implementing create. The patch also makes it not necessary for the caller of the node device create function to specify a name for the device and a host number for the adapter in the XML. The change to do so is kind of kludgy, though, IMO, as it involved changing the function signature of chain of internal function calls to differentiate a device that is being created from an existing device. I'm torn as to whether I think that's a better solution than requiring the caller of the nodedev create API to specify a name that will be ignored. One benefit of requiring the user to specify the name is that it is used in some error messages, so I can argue it both ways. Opinions very welcome. I'd particularly like someone in the Solaris world to make sure that the code builds as there is some #ifdef __linux__ in the patch. I tried to spin up Opensolaris to try it out but ran up against bug 6784591 and a lack of time. I've also tried to make it relatively easy for someone to add support for non-Linux OSes, so a patch there would be appreciated. Dave -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/2] Implement destroy API
---
src/Makefile.am |4 +-
src/node_device.c | 123
src/node_device.h |1 -
src/node_device_conf.c | 30 +---
src/node_device_conf.h |6 ++-
src/node_device_hal.c | 131 +--
src/node_device_hal.h | 40 ++
src/node_device_hal_linux.c | 165 +++
src/qemu_driver.c |2 +-
src/remote_internal.c |2 +-
src/virsh.c | 56 ++-
src/xen_unified.c |2 +-
tests/nodedevxml2xmltest.c |2 +-
13 files changed, 384 insertions(+), 180 deletions(-)
create mode 100644 src/node_device_hal.h
create mode 100644 src/node_device_hal_linux.c
diff --git a/src/Makefile.am b/src/Makefile.am
index fd692b4..39fabce 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -188,7 +188,9 @@ NODE_DEVICE_DRIVER_SOURCES =
\
node_device.c node_device.h
NODE_DEVICE_DRIVER_HAL_SOURCES = \
- node_device_hal.c
+ node_device_hal.c \
+ node_device_hal_linux.c
+
NODE_DEVICE_DRIVER_DEVKIT_SOURCES =\
node_device_devkit.c
diff --git a/src/node_device.c b/src/node_device.c
index 25d3251..41a7fd9 100644
--- a/src/node_device.c
+++ b/src/node_device.c
@@ -316,9 +316,8 @@ nodeDeviceVportCreateDelete(virConnectPtr conn,
{
int fd = -1;
int retval = 0;
-char *operation_path;
+char *operation_path = NULL, *vport_name = NULL;
const char *operation_file;
-char *vport_name;
size_t towrite = 0;
unsigned int written = 0;
@@ -333,7 +332,7 @@ nodeDeviceVportCreateDelete(virConnectPtr conn,
virNodeDeviceReportError(conn, VIR_ERR_INTERNAL_ERROR,
_(Invalid vport operation (%d)), operation);
retval = -1;
-goto no_unwind;
+goto cleanup;
break;
}
@@ -345,7 +344,7 @@ nodeDeviceVportCreateDelete(virConnectPtr conn,
virReportOOMError(conn);
retval = -1;
-goto no_unwind;
+goto cleanup;
}
VIR_DEBUG(_(Vport operation path is '%s'), operation_path);
@@ -357,7 +356,7 @@ nodeDeviceVportCreateDelete(virConnectPtr conn,
_(Could not open '%s' for vport operation),
operation_path);
retval = -1;
-goto free_path;
+goto cleanup;
}
if (virAsprintf(vport_name,
@@ -367,7 +366,7 @@ nodeDeviceVportCreateDelete(virConnectPtr conn,
virReportOOMError(conn);
retval = -1;
-goto close_fd;
+goto cleanup;
}
towrite = strlen(vport_name);
@@ -382,12 +381,12 @@ nodeDeviceVportCreateDelete(virConnectPtr conn,
retval = -1;
}
+cleanup:
+if (fd != -1) {
+close(fd);
+}
VIR_FREE(vport_name);
-close_fd:
-close(fd);
-free_path:
VIR_FREE(operation_path);
-no_unwind:
VIR_DEBUG(%s, _(Vport operation complete));
return retval;
}
@@ -406,8 +405,8 @@ get_wwns(virConnectPtr conn,
while (cap != NULL) {
if (cap-type == VIR_NODE_DEV_CAP_SCSI_HOST
cap-data.scsi_host.flags VIR_NODE_DEV_CAP_FLAG_HBA_FC_HOST) {
-*wwnn = cap-data.scsi_host.wwnn;
-*wwpn = cap-data.scsi_host.wwnn;
+*wwnn = strdup(cap-data.scsi_host.wwnn);
+*wwpn = strdup(cap-data.scsi_host.wwpn);
break;
}
@@ -415,13 +414,17 @@ get_wwns(virConnectPtr conn,
}
if (cap == NULL) {
-/* XXX This error code is wrong--it results in errors of the form:
- error: invalid node device pointer in Device foo is not a fibre
channel HBA
-*/
-virNodeDeviceReportError(conn, VIR_ERR_INVALID_NODE_DEVICE,
- _(Device %s is not a fibre channel HBA),
- def-name);
+virNodeDeviceReportError(conn, VIR_ERR_NO_SUPPORT,
+ %s, _(Device is not a fibre channel HBA));
+ret = -1;
+}
+
+if (*wwnn == NULL || *wwpn == NULL) {
+/* Free the other one, if allocated... */
+VIR_FREE(wwnn);
+VIR_FREE(wwpn);
ret = -1;
+virReportOOMError(conn);
}
return ret;
@@ -431,27 +434,30 @@ get_wwns(virConnectPtr conn,
static int
get_parent_host(virConnectPtr conn,
virDeviceMonitorStatePtr driver,
-virNodeDeviceDefPtr def,
+const char *dev_name,
+const char *parent_name,
int *parent_host)
{
virNodeDeviceObjPtr parent = NULL;
virNodeDevCapsDefPtr cap = NULL;
int ret = 0;
-parent = virNodeDeviceFindByName(driver-devs, def-parent);
+parent =
Re: [libvirt] [RFC] Power Hypervisor Libvirt support
Em Qua, 2009-05-06 às 09:44 +0100, Daniel P. Berrange escreveu:
On Mon, May 04, 2009 at 05:50:03PM -0300, Eduardo Otubo wrote:
+
+/* return the lpar_id given a name and a managed system name */
+static int
+phypGetLparID(SSH_SESSION * ssh_session, const char *managed_system,
+ const char *name)
+{
+int exit_status = 0;
+virBuffer cmd = VIR_BUFFER_INITIALIZER;
+
+virBufferVSprintf(cmd,
+ lssyscfg -r lpar -m %s --filter lpar_names=%s
-F lpar_id,
+ managed_system, name);
+const char *tex_ret =
+__inner_exec_command(ssh_session,
virBufferContentAndReset(cmd),
+ exit_status);
+
+virBufferContentAndReset(cmd);
Huh ? you're supposed to get the resulting char *, and then free it
later once you're done with the data. Here youre just leaking memory
I'm afraid
same thing for most of the commands in that file.
Here, I just would like to free the Buffer, and this was the best way I
find since I couldn't find any better function to manipulate this. How
do I simply free a buffer using the internal virBuffer* API?
The virBufferContentAndReset() method returns you the internal char *
string, and resets the virBuffer state to its inital value. You are
now owner of the char * string, and are responsible for free'ing it
when done.
You should also check virBufferError() and report OOM error if it fails.
So, in the above example. what you'd want todo is
static int
phypGetLparID(SSH_SESSION * ssh_session, const char *managed_system,
const char *name)
{
int exit_status = 0;
virBuffer cmd = VIR_BUFFER_INITIALIZER;
char *buf;
virBufferVSprintf(cmd,
lssyscfg -r lpar -m %s --filter lpar_names=%s -F
lpar_id,
managed_system, name);
if (virBufferError(cmd)) {
virReportOOMError(conn);
return NULL;
}
buf = virBufferContentAndReset(cmd);
const char *tex_ret =
__inner_exec_command(ssh_session, buf
exit_status);
VIR_FREE(buf);
}
That all said, in this particular function I it is overkill to use
the virBuffer APIs, since you've only got a single printf() call
to make. virBuffer is more appropriate when you have 2 or more
printfs() or strcats() to make. If just doing a single printf,
then use virAsprintf,
eg
static int
phypGetLparID(SSH_SESSION * ssh_session, const char *managed_system,
const char *name)
{
int exit_status = 0;
char *buf;
if (virAsprintf(buf,
lssyscfg -r lpar -m %s --filter lpar_names=%s -F
lpar_id,
managed_system, name) 0) {
virReportOOMError(conn);
return NULL;
}
const char *tex_ret =
__inner_exec_command(ssh_session, buf
exit_status);
VIR_FREE(buf);
}
Regards,
Daniel
DV and danpb,
First of all, thanks for the tips. Is helping me a lot.
Here is the phyp_driver.c with the memory leaks fixed with your
suggestions. With those things done, do you think this code is enough
and compliant to libvirt patterns to be included in the next libvirt
release?
The only feature we have until now is just to list the LPARs (Logical
PARtitions, the IBM virtual machines for Power). Once this code is safe
and goot enough, the implementations of new commands will be much faster
and easier.
Here is the code:
/*
* Copyright IBM Corp. 2009
*
* phyp_driver.c: ssh layer to access Power Hypervisors
*
* Authors:
* Eduardo Otubo otubo at linux.vnet.ibm.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA
*/
#include config.h
#include sys/types.h
#include limits.h
#include string.h
#include strings.h
#include stdio.h
#include stdarg.h
#include stdlib.h
#include unistd.h
#include errno.h
#include stdio.h
#include libssh/libssh.h
#include internal.h
#include util.h
#include datatypes.h
#include buf.h
#include memory.h
#include logging.h
#include driver.h
#include libvirt/libvirt.h
#include virterror_internal.h
#include phyp_driver.h
