Re: [libvirt] [fedora-virt] Sanlock + libvirt
Hello, On Mon, Sep 09, 2013 at 01:51:19PM +0100, Daniel P. Berrange wrote: On Mon, Sep 09, 2013 at 08:43:39AM -0400, Cole Robinson wrote: cc-ing libvir-list On 09/09/2013 08:20 AM, Ján ONDREJ (SAL) wrote: in sanlock docs (https://fedorahosted.org/sanlock/) there is described, how to use it. There is no mention about NFS. Can I use sanlock with LVM (without NFS) with livbirt? It this feature implemented in libvirt for Fedora or RHEL? For libvirt I need to define lease dir as: disk_lease_dir = /var/lib/libvirt/sanlock but this have to be a directory. How to configure it to use sanlock on LVM? There are two ways to use sanlock in libvirt. With the automatic way, libvirt will create leases for each disk in a VM's config. This requires a shared filesystem of some kind, such as NFS. This is what all the config parameters in /etc/libvirt/qemu-sanlock.conf are about. With the manual way, the application / admin creating the guest XML files must manually specify leases using the lease XML element. This lets you use any type of storage including LVM or raw block devices. oVirt/RHEV-M is the only thing I know of that uses the manual approach. I would not recommend using the manual approach outside of oVirt since it requires alot of tedious work to get it right. The automatic approach is what we recomend for everyone else, and that's filesystem based only. This manual method looks to work well. It's enough to create an sanlock device init and add lockspace. But after each reboot I need to again add lockspaces and init resources. Is there an suggested way to add them into configuration files? Or do I need to create my own init script run between sanlock and libvirt? Another problem looks to be same for automatic and manual approach. My storage configuration is fully redundant. Each storage is in different location and each guest has 2 virtual disks in software mirror (mirrored in guest). If one storage fails, mirror fails, but guests are running without problems from secondary storage. Can I somehow configure sanlock storage same way? I tested to have 2 sanlock pools and lockspaces, but I can't init resource on 2 lockspaces. Second resource init removes my virtual disk from first lockspace. Is it possible to configure 2 fully redundant lockspaces. Shutdown of all virtual machines if first storage sounds a bit problematic. SAL -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [v0.9.12-maint v2 05/12] qemu: Fix off-by-one error while unescaping monitor strings
From: Peter Krempa pkre...@redhat.com
While unescaping the commands the commands passed through to the monitor
function qemuMonitorUnescapeArg() initialized lenght of the input string
to strlen()+1 which is fine for alloc but not for iteration of the
string.
This patch fixes the off-by-one error and drops the pointless check for
a single trailing slash that is automaticaly handled by the default
branch of switch.
(cherry picked from commit 0f4660c8787cc41fe67f869984c0ae11d680037e)
---
src/qemu/qemu_monitor.c | 11 +++
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 0d4319d..68ecdb9 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -157,20 +157,15 @@ char *qemuMonitorUnescapeArg(const char *in)
{
int i, j;
char *out;
-int len = strlen(in) + 1;
+int len = strlen(in);
char next;
-if (VIR_ALLOC_N(out, len) 0)
+if (VIR_ALLOC_N(out, len + 1) 0)
return NULL;
for (i = j = 0; i len; ++i) {
next = in[i];
if (in[i] == '\\') {
-if (len i + 1) {
-/* trailing backslash shouldn't be possible */
-VIR_FREE(out);
-return NULL;
-}
++i;
switch(in[i]) {
case 'r':
@@ -184,7 +179,7 @@ char *qemuMonitorUnescapeArg(const char *in)
next = in[i];
break;
default:
-/* invalid input */
+/* invalid input (including trailing '\' at end of in) */
VIR_FREE(out);
return NULL;
}
--
1.8.4.rc3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [v0.9.12-maint v2 00/12] Debian's 0.9.12 patches
These are the patches Debian is currently carrying on 0.9.12. Most are straight cherry-picks. Since we're maintaining 0.9.12 for our current stable release I'm happy to push these to v0.9.12-maint. Daniel P. Berrange (2): Don't ignore return value of qemuProcessKill Fix race condition when destroying guests Eric Blake (1): build: fix virnetlink on glibc 2.11 Jiri Denemark (3): daemon: Fix crash in virTypedParameterArrayClear Revert rpc: Discard non-blocking calls only when necessary qemu: Add support for -no-user-config Luca Tettamanti (1): Make sure regfree is called close to it's usage Martin Kletzander (1): security: Fix libvirtd crash possibility Peter Krempa (4): qemu: Fix off-by-one error while unescaping monitor strings rpc: Fix crash on error paths of message dispatching conf: Remove callback from stream when freeing entries in console hash conf: Remove console stream callback only when freeing console helper cfg.mk| 3 +- daemon/remote.c | 16 +- src/conf/virconsole.c | 13 ++ src/qemu/qemu_capabilities.c | 7 +- src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 11 +- src/qemu/qemu_driver.c| 21 ++- src/qemu/qemu_monitor.c | 11 +- src/rpc/virnetclient.c| 21 +-- src/rpc/virnetserverclient.c | 3 + src/rpc/virnetserverprogram.c | 11 +- src/storage/storage_backend_logical.c | 5 +- src/util/virnetlink.h | 2 + tests/qemuhelpdata/qemu-1.1 | 268 ++ tests/qemuhelpdata/qemu-1.1-device| 160 tests/qemuhelptest.c | 75 ++ 16 files changed, 586 insertions(+), 42 deletions(-) create mode 100644 tests/qemuhelpdata/qemu-1.1 create mode 100644 tests/qemuhelpdata/qemu-1.1-device -- 1.8.4.rc3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [v0.9.12-maint v2 04/12] Revert rpc: Discard non-blocking calls only when necessary
From: Jiri Denemark jdene...@redhat.com
This reverts commit b1e374a7ac56927cfe62435179bf0bba1e08b372, which was
rather bad since I failed to consider all sides of the issue. The main
things I didn't consider properly are:
- a thread which sends a non-blocking call waits for the thread with
the buck to process the call
- the code doesn't expect non-blocking calls to remain in the queue
unless they were already partially sent
Thus, the reverted patch actually breaks more than what it fixes and
clients (which may even be libvirtd during p2p migrations) will likely
end up in a deadlock.
(cherry picked from commit 63643f67abcdeaa33a0f85ea8e54da75ea9908e4)
---
src/rpc/virnetclient.c | 21 -
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 3a60db6..d88288d 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -1265,13 +1265,6 @@ static void
virNetClientIOEventLoopPassTheBuck(virNetClientPtr client, virNetCli
}
client-haveTheBuck = false;
-/* Remove non-blocking calls from the dispatch list since there is no
- * call with a thread in the list which could take care of them.
- */
-virNetClientCallRemovePredicate(client-waitDispatch,
-virNetClientIOEventLoopRemoveNonBlocking,
-thiscall);
-
VIR_DEBUG(No thread to pass the buck to);
if (client-wantClose) {
virNetClientCloseLocked(client);
@@ -1315,9 +1308,12 @@ static int virNetClientIOEventLoop(virNetClientPtr
client,
if (virNetSocketHasCachedData(client-sock) || client-wantClose)
timeout = 0;
-/* If we are non-blocking, we don't want to sleep in poll()
+/* If there are any non-blocking calls in the queue,
+ * then we don't want to sleep in poll()
*/
-if (thiscall-nonBlock)
+if (virNetClientCallMatchPredicate(client-waitDispatch,
+ virNetClientIOEventLoopWantNonBlock,
+ NULL))
timeout = 0;
fds[0].events = fds[0].revents = 0;
@@ -1422,6 +1418,13 @@ static int virNetClientIOEventLoop(virNetClientPtr
client,
virNetClientIOEventLoopRemoveDone,
thiscall);
+/* Iterate through waiting calls and if any are
+ * non-blocking, remove them from the dispatch list...
+ */
+virNetClientCallRemovePredicate(client-waitDispatch,
+
virNetClientIOEventLoopRemoveNonBlocking,
+thiscall);
+
/* Now see if *we* are done */
if (thiscall-mode == VIR_NET_CLIENT_MODE_COMPLETE) {
virNetClientCallRemove(client-waitDispatch, thiscall);
--
1.8.4.rc3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [v0.9.12-maint v2 08/12] Make sure regfree is called close to it's usage
From: Luca Tettamanti ltettama...@acunu.com
This is a backport of 71da3b66a8455faf8019effe3cf504a31f91f54a.
---
src/storage/storage_backend_logical.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/storage/storage_backend_logical.c
b/src/storage/storage_backend_logical.c
index 9a91dd9..7abb17b 100644
--- a/src/storage/storage_backend_logical.c
+++ b/src/storage/storage_backend_logical.c
@@ -204,13 +204,16 @@ virStorageBackendLogicalMakeVol(virStoragePoolObjPtr pool,
if (err != 0) {
char error[100];
regerror(err, reg, error, sizeof(error));
+regfree(reg);
virStorageReportError(VIR_ERR_INTERNAL_ERROR,
_(Failed to compile regex %s),
error);
goto cleanup;
}
-if (regexec(reg, groups[3], nvars, vars, 0) != 0) {
+err = regexec(reg, groups[3], nvars, vars, 0);
+regfree(reg);
+if (err != 0) {
virStorageReportError(VIR_ERR_INTERNAL_ERROR, %s,
_(malformed volume extent devices value));
goto cleanup;
--
1.8.4.rc3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [v0.9.12-maint v2 09/12] conf: Remove callback from stream when freeing entries in console hash
From: Peter Krempa pkre...@redhat.com When a domain has a active console connection and is destroyed the callback is called on private data that no longer exist causing a segfault. (cherry picked from commit ba226d334acbc49f6751b430e0c4e00f69eef6bf) --- src/conf/virconsole.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/conf/virconsole.c b/src/conf/virconsole.c index 443d80d..e665149 100644 --- a/src/conf/virconsole.c +++ b/src/conf/virconsole.c @@ -222,6 +222,9 @@ static void virConsoleHashEntryFree(void *data, const char *pty = name; virStreamPtr st = data; +/* remove callback from stream */ +virFDStreamSetInternalCloseCb(st, NULL, NULL, NULL); + /* free stream reference */ virStreamFree(st); -- 1.8.4.rc3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [v0.9.12-maint v2 02/12] security: Fix libvirtd crash possibility
From: Martin Kletzander mklet...@redhat.com
Fix for CVE-2012-4423.
When generating RPC protocol messages, it's strictly needed to have a
continuous line of numbers or RPC messages. However in case anyone
tries backporting some functionality and will skip a number, there is
a possibility to make the daemon segfault with newer virsh (version of
the library, rpc call, etc.) even unintentionally.
The problem is that the skipped numbers will get func filled with
NULLs, but there is no check whether these are set before the daemon
tries to run them. This patch very simply enhances one check and fixes
that.
(cherry picked from commit b7ff9e696063189a715802d081d55a398663c15a)
---
src/rpc/virnetserverprogram.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/rpc/virnetserverprogram.c b/src/rpc/virnetserverprogram.c
index 7f589c8..5439878 100644
--- a/src/rpc/virnetserverprogram.c
+++ b/src/rpc/virnetserverprogram.c
@@ -1,7 +1,7 @@
/*
* virnetserverprogram.c: generic network RPC server program
*
- * Copyright (C) 2006-2011 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -101,12 +101,19 @@ int virNetServerProgramMatches(virNetServerProgramPtr
prog,
static virNetServerProgramProcPtr
virNetServerProgramGetProc(virNetServerProgramPtr prog,
int procedure)
{
+virNetServerProgramProcPtr proc;
+
if (procedure 0)
return NULL;
if (procedure = prog-nprocs)
return NULL;
-return prog-procs[procedure];
+proc = prog-procs[procedure];
+
+if (!proc-func)
+return NULL;
+
+return proc;
}
unsigned int
--
1.8.4.rc3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [v0.9.12-maint v2 11/12] Don't ignore return value of qemuProcessKill
From: Daniel P. Berrange berra...@redhat.com
When calling qemuProcessKill from the virDomainDestroy impl
in QEMU, do not ignore the return value. This ensures that
if QEMU fails to respond to SIGKILL, the caller will know
about the failure.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
(cherry picked from commit f1b4021b38f9485c50d386af6f682ecfc8025af5)
---
src/qemu/qemu_driver.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 0053ed1..eefdf75 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1839,7 +1839,11 @@ qemuDomainDestroyFlags(virDomainPtr dom,
goto cleanup;
}
} else {
-ignore_value(qemuProcessKill(driver, vm, VIR_QEMU_PROCESS_KILL_FORCE));
+if (qemuProcessKill(driver, vm, VIR_QEMU_PROCESS_KILL_FORCE) 0) {
+qemuReportError(VIR_ERR_OPERATION_FAILED, %s,
+_(failed to kill qemu process with SIGTERM));
+goto cleanup;
+}
}
/* We need to prevent monitor EOF callback from doing our work (and sending
--
1.8.4.rc3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [v0.9.12-maint v2 10/12] conf: Remove console stream callback only when freeing console helper
From: Peter Krempa pkre...@redhat.com
Commit ba226d334acbc49f6751b430e0c4e00f69eef6bf tried to fix crash of
the daemon when a domain with an open console was destroyed. The fix was
wrong as it tried to remove the callback also when the stream was
aborted, where at that point the fd stream driver was already freed and
removed.
This patch clears the callbacks with a helper right before the hash is
freed, so that it doesn't interfere with other codepaths where the
stream object is freed.
(cherry picked from commit 45edefc7a7bcbec988f54331ff37fc32e4bc2718)
---
src/conf/virconsole.c | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/conf/virconsole.c b/src/conf/virconsole.c
index e665149..01f1c84 100644
--- a/src/conf/virconsole.c
+++ b/src/conf/virconsole.c
@@ -222,9 +222,6 @@ static void virConsoleHashEntryFree(void *data,
const char *pty = name;
virStreamPtr st = data;
-/* remove callback from stream */
-virFDStreamSetInternalCloseCb(st, NULL, NULL, NULL);
-
/* free stream reference */
virStreamFree(st);
@@ -293,6 +290,18 @@ error:
}
/**
+ * Helper to clear stream callbacks when freeing the hash
+ */
+static void virConsoleFreeClearCallbacks(void *payload,
+ const void *name ATTRIBUTE_UNUSED,
+ void *data ATTRIBUTE_UNUSED)
+{
+virStreamPtr st = payload;
+
+virFDStreamSetInternalCloseCb(st, NULL, NULL, NULL);
+}
+
+/**
* Free structures for handling open console streams.
*
* @cons Pointer to the private structure.
@@ -303,6 +312,7 @@ void virConsoleFree(virConsolesPtr cons)
return;
virMutexLock(cons-lock);
+virHashForEach(cons-hash, virConsoleFreeClearCallbacks, NULL);
virHashFree(cons-hash);
virMutexUnlock(cons-lock);
virMutexDestroy(cons-lock);
--
1.8.4.rc3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [v0.9.12-maint v2 07/12] qemu: Add support for -no-user-config
From: Jiri Denemark jdene...@redhat.com
Thanks to this new option we are now able to use modern CPU models (such
as Westmere) defined in external configuration file.
The qemu-1.1{,-device} data files for qemuhelptest are filled in with
qemu-1.1-rc2 output for now. I will update those files with real
qemu-1.1 output once it is released.
(cherry picked from commit 63b4243624b8fdabebaf5e6ec912095b2b5fdf5c)
---
cfg.mk | 3 +-
src/qemu/qemu_capabilities.c | 7 +-
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c| 11 +-
src/qemu/qemu_driver.c | 2 +-
tests/qemuhelpdata/qemu-1.1| 268 +
tests/qemuhelpdata/qemu-1.1-device | 160 ++
tests/qemuhelptest.c | 75 +++
8 files changed, 519 insertions(+), 8 deletions(-)
create mode 100644 tests/qemuhelpdata/qemu-1.1
create mode 100644 tests/qemuhelpdata/qemu-1.1-device
diff --git a/cfg.mk b/cfg.mk
index 9dab3c3..67141a9 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -823,7 +823,8 @@ exclude_file_name_regexp--sc_require_config_h = ^examples/
exclude_file_name_regexp--sc_require_config_h_first = ^examples/
-exclude_file_name_regexp--sc_trailing_blank = \.(fig|gif|ico|png)$$
+exclude_file_name_regexp--sc_trailing_blank = \
+ (/qemuhelpdata/|\.(fig|gif|ico|png)$$)
exclude_file_name_regexp--sc_unmarked_diagnostics = \
^(docs/apibuild.py|tests/virt-aa-helper-test)$$
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 6e5165b..a3c87d1 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -161,6 +161,7 @@ VIR_ENUM_IMPL(qemuCaps, QEMU_CAPS_LAST,
block-job-async,
scsi-cd,
ide-cd,
+ no-user-config,
);
struct qemu_feature_flags {
@@ -1082,6 +1083,8 @@ qemuCapsComputeCmdFlags(const char *help,
}
if (strstr(help, -nodefconfig))
qemuCapsSet(flags, QEMU_CAPS_NODEFCONFIG);
+if (strstr(help, -no-user-config))
+qemuCapsSet(flags, QEMU_CAPS_NO_USER_CONFIG);
/* The trailing ' ' is important to avoid a bogus match */
if (strstr(help, -rtc ))
qemuCapsSet(flags, QEMU_CAPS_RTC);
@@ -1634,7 +1637,9 @@ qemuCapsProbeCommand(const char *qemu,
virCommandPtr cmd = virCommandNew(qemu);
if (qemuCaps) {
-if (qemuCapsGet(qemuCaps, QEMU_CAPS_NODEFCONFIG))
+if (qemuCapsGet(qemuCaps, QEMU_CAPS_NO_USER_CONFIG))
+virCommandAddArg(cmd, -no-user-config);
+else if (qemuCapsGet(qemuCaps, QEMU_CAPS_NODEFCONFIG))
virCommandAddArg(cmd, -nodefconfig);
}
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 7a6c5a0..0e0899e 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -129,6 +129,7 @@ enum qemuCapsFlags {
QEMU_CAPS_BLOCKJOB_ASYNC = 91, /* qemu 1.1 block-job-cancel */
QEMU_CAPS_SCSI_CD= 92, /* -device scsi-cd */
QEMU_CAPS_IDE_CD = 93, /* -device ide-cd */
+QEMU_CAPS_NO_USER_CONFIG = 94, /* -no-user-config */
QEMU_CAPS_LAST, /* this must always be the last item */
};
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 117542f..8d14d41 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -4237,11 +4237,12 @@ qemuBuildCommandLine(virConnectPtr conn,
virCommandAddArg(cmd, -nographic);
if (qemuCapsGet(qemuCaps, QEMU_CAPS_DEVICE)) {
-if (qemuCapsGet(qemuCaps, QEMU_CAPS_NODEFCONFIG))
-virCommandAddArg(cmd,
- -nodefconfig); /* Disable global config files */
-virCommandAddArg(cmd,
- -nodefaults); /* Disable default guest devices */
+/* Disable global config files and default devices */
+if (qemuCapsGet(qemuCaps, QEMU_CAPS_NO_USER_CONFIG))
+virCommandAddArg(cmd, -no-user-config);
+else if (qemuCapsGet(qemuCaps, QEMU_CAPS_NODEFCONFIG))
+virCommandAddArg(cmd, -nodefconfig);
+virCommandAddArg(cmd, -nodefaults);
}
/* Serial graphics adapter */
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 385b861..0053ed1 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -4898,7 +4898,7 @@ qemudCanonicalizeMachineDirect(virDomainDefPtr def, char
**canonical)
int i, nmachines = 0;
/* XXX we should be checking emulator capabilities and pass them instead
- * of NULL so that -nodefconfig is properly added when
+ * of NULL so that -nodefconfig or -no-user-config is properly added when
* probing machine types. Luckily, qemu does not support specifying new
* machine types in its configuration files yet, which means passing this
* additional parameter makes no difference now.
diff --git a/tests/qemuhelpdata/qemu-1.1
[libvirt] [v0.9.12-maint v2 12/12] Fix race condition when destroying guests
From: Daniel P. Berrange berra...@redhat.com
When running virDomainDestroy, we need to make sure that no other
background thread cleans up the domain while we're doing our work.
This can happen if we release the domain object while in the
middle of work, because the monitor might detect EOF in this window.
For this reason we have a 'beingDestroyed' flag to stop the monitor
from doing its normal cleanup. Unfortunately this flag was only
being used to protect qemuDomainBeginJob, and not qemuProcessKill
This left open a race condition where either libvirtd could crash,
or alternatively report bogus error messages about the domain already
having been destroyed to the caller
Signed-off-by: Daniel P. Berrange berra...@redhat.com
(cherry picked from commit 81621f3e6e45e8681cc18ae49404736a0e772a11)
Conflicts:
src/qemu/qemu_driver.c
---
src/qemu/qemu_driver.c | 13 -
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index eefdf75..c0b4707 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1827,6 +1827,12 @@ qemuDomainDestroyFlags(virDomainPtr dom,
qemuDomainSetFakeReboot(driver, vm, false);
+
+/* We need to prevent monitor EOF callback from doing our work (and sending
+ * misleading events) while the vm is unlocked inside BeginJob/ProcessKill
API
+ */
+priv-beingDestroyed = true;
+
/* Although qemuProcessStop does this already, there may
* be an outstanding job active. We want to make sure we
* can kill the process even if a job is active. Killing
@@ -1834,23 +1840,20 @@ qemuDomainDestroyFlags(virDomainPtr dom,
*/
if (flags VIR_DOMAIN_DESTROY_GRACEFUL) {
if (qemuProcessKill(driver, vm, 0) 0) {
+priv-beingDestroyed = false;
qemuReportError(VIR_ERR_OPERATION_FAILED, %s,
_(failed to kill qemu process with SIGTERM));
goto cleanup;
}
} else {
if (qemuProcessKill(driver, vm, VIR_QEMU_PROCESS_KILL_FORCE) 0) {
+priv-beingDestroyed = false;
qemuReportError(VIR_ERR_OPERATION_FAILED, %s,
_(failed to kill qemu process with SIGTERM));
goto cleanup;
}
}
-/* We need to prevent monitor EOF callback from doing our work (and sending
- * misleading events) while the vm is unlocked inside BeginJob API
- */
-priv-beingDestroyed = true;
-
if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_DESTROY) 0)
goto cleanup;
--
1.8.4.rc3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] rpmbuild libvirt 1.1.2 problem
On 09/11/2013 07:18 PM, Nehal J Wani wrote: On Wed, Sep 11, 2013 at 10:17 AM, jsjshaowen...@21cn.com wrote: hi: i build rpm in centos 6.2, libvirt version 1.1.2,i found an error FAIL: virsh-uriprecedence Details in the attachment,thanks !Wait for a response Reproducible on Cent OS 6.4 x86_64 See attached log for details. I've identified the problem; we aren't correctly reading file paths when running as root. Are you running make check under root? Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] rbd: Use different formatter to display disk format
On 08/30/2013 12:30 PM, Wido den Hollander wrote:
RBD images are always in RAW format and should be displayed that way
Did anyone get the chance yet to review it?
Thanks!
Wido
Signed-off-by: Wido den Hollander w...@widodh.nl
---
src/conf/storage_conf.c |3 ++-
src/storage/storage_backend_rbd.c |2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c
index 002663f..e54fc64 100644
--- a/src/conf/storage_conf.c
+++ b/src/conf/storage_conf.c
@@ -230,7 +230,8 @@ static virStoragePoolTypeInfo poolTypeInfo[] = {
},
.volOptions = {
.defaultFormat = VIR_STORAGE_FILE_RAW,
- .formatToString = virStoragePoolFormatDiskTypeToString,
+ .formatFromString = virStorageVolumeFormatFromString,
+ .formatToString = virStorageFileFormatTypeToString,
}
},
{.poolType = VIR_STORAGE_POOL_SHEEPDOG,
diff --git a/src/storage/storage_backend_rbd.c
b/src/storage/storage_backend_rbd.c
index e5d720e..c435636 100644
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -32,6 +32,7 @@
#include base64.h
#include viruuid.h
#include virstring.h
+#include virstoragefile.h
#include rados/librados.h
#include rbd/librbd.h
@@ -271,6 +272,7 @@ static int
volStorageBackendRBDRefreshVolInfo(virStorageVolDefPtr vol,
vol-capacity = info.size;
vol-allocation = info.obj_size * info.num_objs;
vol-type = VIR_STORAGE_VOL_NETWORK;
+vol-target.format = VIR_STORAGE_FILE_RAW;
VIR_FREE(vol-target.path);
if (virAsprintf(vol-target.path, %s/%s,
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv2 RESEND] Add forwarders attribute to dns / element.
On 09/12/2013 01:07 AM, Diego Woitasen wrote: On Wed, Sep 11, 2013 at 11:05 AM, Ján Tomko jto...@redhat.com wrote: On 09/11/2013 03:36 PM, Laine Stump wrote: On 09/10/2013 04:26 PM, Diego Woitasen wrote: lt;dnsgt; lt;txt name=example value=example value /gt; + lt;forwarders addr=8.8.8.8 /gt; --^ Please remove this space as well, to be consistent with the other elements. Are you talking about the space before /? Yes. Jan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] rbd: Use rbd_create3 to create RBD format 2 images by default
This new RBD format supports snapshotting and cloning. By having
libvirt create images in format 2 end-users of the created images
can benefit of the new RBD format.
Signed-off-by: Wido den Hollander w...@widodh.nl
---
src/storage/storage_backend_rbd.c | 23 +--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/src/storage/storage_backend_rbd.c
b/src/storage/storage_backend_rbd.c
index d9e1789..e79873f 100644
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -435,6 +435,26 @@ cleanup:
return ret;
}
+static int virStorageBackendRBDCreateImage(rados_ioctx_t io,
+ char *name, long capacity)
+{
+int order = 0;
+#if LIBRBD_VERSION_CODE 260
+uint64_t features = 3;
+uint64_t stripe_count = 1;
+uint64_t stripe_unit = 4194304;
+
+if (rbd_create3(io, name, capacity, features, order,
+stripe_count, stripe_unit) 0) {
+#else
+if (rbd_create(io, name, capacity, order) 0) {
+#endif
+return -1;
+}
+
+return 0;
+}
+
static int virStorageBackendRBDCreateVol(virConnectPtr conn,
virStoragePoolObjPtr pool,
virStorageVolDefPtr vol)
@@ -442,7 +462,6 @@ static int virStorageBackendRBDCreateVol(virConnectPtr conn,
virStorageBackendRBDStatePtr ptr;
ptr.cluster = NULL;
ptr.ioctx = NULL;
-int order = 0;
int ret = -1;
VIR_DEBUG(Creating RBD image %s/%s with size %llu,
@@ -467,7 +486,7 @@ static int virStorageBackendRBDCreateVol(virConnectPtr conn,
goto cleanup;
}
-if (rbd_create(ptr.ioctx, vol-name, vol-capacity, order) 0) {
+if (virStorageBackendRBDCreateImage(ptr.ioctx, vol-name, vol-capacity)
0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_(failed to create volume '%s/%s'),
pool-def-source.name,
--
1.7.9.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] virsh domjobinfo: Do not return 1 if job is NONE
On Wed, Sep 11, 2013 at 16:54:21 +0200, Jano Tomko wrote: On 09/11/2013 04:16 PM, Jiri Denemark wrote: Commit 38ab1225 changed the default value of ret from true to false but forgot to set ret = true when job is NONE. Thus, virsh domjobinfo returned 1 when there was no job running for a domain but it used to (and should) return 0 in this case. --- tools/virsh-domain.c | 1 + 1 file changed, 1 insertion(+) ACK It would be nice to include the bug link in the commit message: https://bugzilla.redhat.com/show_bug.cgi?id=1006864 Yeah, I realized it too late. Added and pushed. Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: Fix checking of guest ABI compatibility when reverting snapshots
When reverting a live internal snapshot with a live guest the ABI
compatiblity check was comparing a migratable definition with a normal
one. This resulted in the check failing with:
revert requires force: Target device address type none does not match source pci
This patch generates a migratable definition from the actual one to
check against the definition from the snapshot to avoid this problem.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1006886
---
src/qemu/qemu_driver.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index bbf2d23..ae1948f 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -13037,6 +13037,7 @@ static int
qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
qemuDomainObjPrivatePtr priv;
int rc;
virDomainDefPtr config = NULL;
+virDomainDefPtr migratableDef = NULL;
virQEMUDriverConfigPtr cfg = NULL;
virCapsPtr caps = NULL;
@@ -13151,8 +13152,13 @@ static int
qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
* to have finer control. */
if (virDomainObjIsActive(vm)) {
/* Transitions 5, 6, 8, 9 */
-/* Check for ABI compatibility. */
-if (config !virDomainDefCheckABIStability(vm-def, config)) {
+/* Check for ABI compatibility. We need to do this check against
+ * the migratable XML or it will always fail otherwise */
+if (!(migratableDef = qemuDomainDefCopy(driver, vm-def,
+
VIR_DOMAIN_XML_MIGRATABLE)))
+goto cleanup;
+
+if (config !virDomainDefCheckABIStability(migratableDef,
config)) {
virErrorPtr err = virGetLastError();
if (!(flags VIR_DOMAIN_SNAPSHOT_REVERT_FORCE)) {
@@ -13357,6 +13363,7 @@ cleanup:
}
if (vm)
virObjectUnlock(vm);
+virDomainDefFree(migratableDef);
virObjectUnref(caps);
virObjectUnref(cfg);
--
1.8.3.2
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Allow root users to have their own configuration file
Currently, we have two configuration file paths, one global (where
global means root-only and we're probably not changing this in near
future) and one per-user. Unfortunately root user cannot use the
second option because until now we were choosing the file path
depending only on whether the user is root or not.
This patch modifies the mentioned behavior for root only, allowing him
to set his own configuration files without changing anything in
system-wide configuration folders.
This also makes the virsh-uriprecedence test pass its first test case
when ran as root.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
Notes:
I'm playing along previously mentioned proper behavior in this
patch. However, IMNSHO, our global or system-wide configuration
file (defaulting to '/etc/libvirt/libvirt.conf') should be accessible
for all users since this has no security impact (security information
may be in files 'libvirtd.conf' or 'qemu.conf'). This file should be
also read and used for all users. After that, settings in user
configuration file (defaulting to '~/.config/libvirt/libvirt.conf')
may override some of these settings for that user.
This is how all sensible configurations are loaded and that's also
what I'd prefer. Unfortunately some developers feels this should be
done in completely different way.
src/libvirt.c | 56
1 file changed, 36 insertions(+), 20 deletions(-)
diff --git a/src/libvirt.c b/src/libvirt.c
index 20a2d4c..bfc466b 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -957,28 +957,34 @@ error:
return -1;
}
-static char *
-virConnectGetConfigFilePath(void)
+/*
+ * Return code 0 means no error, but doesn't guarantee path != NULL.
+ */
+static int
+virConnectGetConfigFilePath(char **path, bool global)
{
-char *path;
-if (geteuid() == 0) {
-if (virAsprintf(path, %s/libvirt/libvirt.conf,
+char *userdir = NULL;
+int ret = -1;
+*path = NULL;
+
+/* Don't provide the global configuration file to non-root users */
+if (geteuid() != 0 global)
+return 0;
+
+if (global) {
+if (virAsprintf(path, %s/libvirt/libvirt.conf,
SYSCONFDIR) 0)
-return NULL;
+goto cleanup;
} else {
-char *userdir = virGetUserConfigDirectory();
-if (!userdir)
-return NULL;
-
-if (virAsprintf(path, %s/libvirt.conf,
-userdir) 0) {
-VIR_FREE(userdir);
-return NULL;
-}
-VIR_FREE(userdir);
+if (!(userdir = virGetUserConfigDirectory()) ||
+virAsprintf(path, %s/libvirt.conf, userdir) 0)
+goto cleanup;
}
-return path;
+ret = 0;
+ cleanup:
+VIR_FREE(userdir);
+return ret;
}
static int
@@ -989,12 +995,22 @@ virConnectGetConfigFile(virConfPtr *conf)
*conf = NULL;
-if (!(filename = virConnectGetConfigFilePath()))
+/* Try reading user configuration file unconditionally */
+if (virConnectGetConfigFilePath(filename, false) 0)
goto cleanup;
if (!virFileExists(filename)) {
-ret = 0;
-goto cleanup;
+/* and in case there is none, try the global one. */
+
+VIR_FREE(filename);
+if (virConnectGetConfigFilePath(filename, true) 0)
+goto cleanup;
+
+if (!filename ||
+!virFileExists(filename)) {
+ret = 0;
+goto cleanup;
+}
}
VIR_DEBUG(Loading config file '%s', filename);
--
1.8.3.2
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Allow root users to have their own configuration file
On Thu, Sep 12, 2013 at 11:53:32AM +0200, Martin Kletzander wrote: Currently, we have two configuration file paths, one global (where global means root-only and we're probably not changing this in near future) and one per-user. Unfortunately root user cannot use the second option because until now we were choosing the file path depending only on whether the user is root or not. This patch modifies the mentioned behavior for root only, allowing him to set his own configuration files without changing anything in system-wide configuration folders. This also makes the virsh-uriprecedence test pass its first test case when ran as root. Signed-off-by: Martin Kletzander mklet...@redhat.com --- Notes: I'm playing along previously mentioned proper behavior in this patch. However, IMNSHO, our global or system-wide configuration file (defaulting to '/etc/libvirt/libvirt.conf') should be accessible for all users since this has no security impact (security information may be in files 'libvirtd.conf' or 'qemu.conf'). This file should be also read and used for all users. After that, settings in user configuration file (defaulting to '~/.config/libvirt/libvirt.conf') may override some of these settings for that user. This is how all sensible configurations are loaded and that's also what I'd prefer. Unfortunately some developers feels this should be done in completely different way. src/libvirt.c | 56 1 file changed, 36 insertions(+), 20 deletions(-) NACK to this. The root user already has their own dedicated configuration file, /etc/libvirt/libvirt.conf. The /etc/libvirt directory permissions prevent *any* file there being read by non-root, so the /etc/libvirt/libvirt.conf file could not be used by non-root. IMHO the only flaw here is the test suite, not the config file path handling. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Allow root users to have their own configuration file
On 09/12/2013 11:53 AM, Martin Kletzander wrote:
Currently, we have two configuration file paths, one global (where
global means root-only and we're probably not changing this in near
future) and one per-user. Unfortunately root user cannot use the
second option because until now we were choosing the file path
depending only on whether the user is root or not.
This patch modifies the mentioned behavior for root only, allowing him
to set his own configuration files without changing anything in
system-wide configuration folders.
This also makes the virsh-uriprecedence test pass its first test case
when ran as root.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
Notes:
I'm playing along previously mentioned proper behavior in this
patch. However, IMNSHO, our global or system-wide configuration
file (defaulting to '/etc/libvirt/libvirt.conf') should be accessible
for all users since this has no security impact (security information
may be in files 'libvirtd.conf' or 'qemu.conf'). This file should be
also read and used for all users. After that, settings in user
configuration file (defaulting to '~/.config/libvirt/libvirt.conf')
may override some of these settings for that user.
This is how all sensible configurations are loaded and that's also
what I'd prefer. Unfortunately some developers feels this should be
done in completely different way.
src/libvirt.c | 56
1 file changed, 36 insertions(+), 20 deletions(-)
If someone doesn't like the 'bool global' parameter, I'm fine with
splitting the functions. If mentioned with an ACK, I'll squash this in:
diff --git a/src/libvirt.c b/src/libvirt.c
index bfc466b..927868f 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -961,25 +961,31 @@ error:
* Return code 0 means no error, but doesn't guarantee path != NULL.
*/
static int
-virConnectGetConfigFilePath(char **path, bool global)
+virConnectGetGlobalConfigFilePath(char **path)
{
-char *userdir = NULL;
-int ret = -1;
*path = NULL;
/* Don't provide the global configuration file to non-root users */
-if (geteuid() != 0 global)
+if (geteuid() != 0)
return 0;
-if (global) {
-if (virAsprintf(path, %s/libvirt/libvirt.conf,
-SYSCONFDIR) 0)
-goto cleanup;
-} else {
-if (!(userdir = virGetUserConfigDirectory()) ||
-virAsprintf(path, %s/libvirt.conf, userdir) 0)
-goto cleanup;
-}
+if (virAsprintf(path, %s/libvirt/libvirt.conf,
+SYSCONFDIR) 0)
+return -1;
+
+return 0;
+}
+
+static int
+virConnectGetUserConfigFilePath(char **path)
+{
+char *userdir = NULL;
+int ret = -1;
+*path = NULL;
+
+if (!(userdir = virGetUserConfigDirectory()) ||
+virAsprintf(path, %s/libvirt.conf, userdir) 0)
+goto cleanup;
ret = 0;
cleanup:
@@ -996,14 +1002,14 @@ virConnectGetConfigFile(virConfPtr *conf)
*conf = NULL;
/* Try reading user configuration file unconditionally */
-if (virConnectGetConfigFilePath(filename, false) 0)
+if (virConnectGetUserConfigFilePath(filename) 0)
goto cleanup;
if (!virFileExists(filename)) {
/* and in case there is none, try the global one. */
VIR_FREE(filename);
-if (virConnectGetConfigFilePath(filename, true) 0)
+if (virConnectGetGlobalConfigFilePath(filename) 0)
goto cleanup;
if (!filename ||
--
Martin
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Allow root users to have their own configuration file
On 09/12/2013 12:00 PM, Daniel P. Berrange wrote:
On Thu, Sep 12, 2013 at 11:53:32AM +0200, Martin Kletzander wrote:
Currently, we have two configuration file paths, one global (where
global means root-only and we're probably not changing this in near
future) and one per-user. Unfortunately root user cannot use the
second option because until now we were choosing the file path
depending only on whether the user is root or not.
This patch modifies the mentioned behavior for root only, allowing him
to set his own configuration files without changing anything in
system-wide configuration folders.
This also makes the virsh-uriprecedence test pass its first test case
when ran as root.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
Notes:
I'm playing along previously mentioned proper behavior in this
patch. However, IMNSHO, our global or system-wide configuration
file (defaulting to '/etc/libvirt/libvirt.conf') should be accessible
for all users since this has no security impact (security information
may be in files 'libvirtd.conf' or 'qemu.conf'). This file should be
also read and used for all users. After that, settings in user
configuration file (defaulting to '~/.config/libvirt/libvirt.conf')
may override some of these settings for that user.
This is how all sensible configurations are loaded and that's also
what I'd prefer. Unfortunately some developers feels this should be
done in completely different way.
src/libvirt.c | 56
1 file changed, 36 insertions(+), 20 deletions(-)
NACK to this. The root user already has their own dedicated configuration
file, /etc/libvirt/libvirt.conf. The /etc/libvirt directory permissions
prevent *any* file there being read by non-root, so the
/etc/libvirt/libvirt.conf
file could not be used by non-root.
As mentioned in the commit message, this patch doesn't change the
behavior for non-root users, that's only a nag in the notes.
The only thing that changes after applying this patch is that *iff* ran
as root, we'll *also* check ${XDG_CONFIG_HOME}/libvirt/libvirt.conf.
Martin
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/4] qemu: Expose file opening functions
The qemuOpenFileAs and qemuOpenFile functions are gonna
be needed in later patches. However, they are static now.
Signed-off-by: Michal Privoznik mpriv...@redhat.com
---
src/qemu/qemu_domain.c | 146 ++
src/qemu/qemu_domain.h | 10
src/qemu/qemu_driver.c | 155 -
3 files changed, 156 insertions(+), 155 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index f2cca70..b5770c5 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -39,6 +39,7 @@
#include virstoragefile.h
#include virstring.h
+#include sys/stat.h
#include sys/time.h
#include fcntl.h
@@ -2355,3 +2356,148 @@ qemuDomainUpdateDeviceList(virQEMUDriverPtr driver,
priv-qemuDevices = aliases;
return 0;
}
+
+/* Internal function to properly create or open existing files, with
+ * ownership affected by qemu driver setup and domain DAC label. */
+int
+qemuOpenFile(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ const char *path, int oflags,
+ bool *needUnlink, bool *bypassSecurityDriver)
+{
+int ret = -1;
+virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+uid_t user = cfg-user;
+gid_t group = cfg-group;
+bool dynamicOwnership = cfg-dynamicOwnership;
+virSecurityLabelDefPtr seclabel;
+
+virObjectUnref(cfg);
+
+/* TODO: Take imagelabel into account? */
+if (vm
+(seclabel = virDomainDefGetSecurityLabelDef(vm-def, dac)) != NULL
+(virParseOwnershipIds(seclabel-label, user, group) 0))
+goto cleanup;
+
+ret = qemuOpenFileAs(user, group, dynamicOwnership,
+ path, oflags, needUnlink, bypassSecurityDriver);
+
+ cleanup:
+return ret;
+}
+
+int
+qemuOpenFileAs(uid_t fallback_uid, gid_t fallback_gid,
+ bool dynamicOwnership,
+ const char *path, int oflags,
+ bool *needUnlink, bool *bypassSecurityDriver)
+{
+struct stat sb;
+bool is_reg = true;
+bool need_unlink = false;
+bool bypass_security = false;
+unsigned int vfoflags = 0;
+int fd = -1;
+int path_shared = virStorageFileIsSharedFS(path);
+uid_t uid = getuid();
+gid_t gid = getgid();
+
+/* path might be a pre-existing block dev, in which case
+ * we need to skip the create step, and also avoid unlink
+ * in the failure case */
+if (oflags O_CREAT) {
+need_unlink = true;
+
+/* Don't force chown on network-shared FS
+ * as it is likely to fail. */
+if (path_shared = 0 || dynamicOwnership)
+vfoflags |= VIR_FILE_OPEN_FORCE_OWNER;
+
+if (stat(path, sb) == 0) {
+is_reg = !!S_ISREG(sb.st_mode);
+/* If the path is regular file which exists
+ * already and dynamic_ownership is off, we don't
+ * want to change it's ownership, just open it as-is */
+if (is_reg !dynamicOwnership) {
+uid = sb.st_uid;
+gid = sb.st_gid;
+}
+}
+}
+
+/* First try creating the file as root */
+if (!is_reg) {
+if ((fd = open(path, oflags ~O_CREAT)) 0) {
+fd = -errno;
+goto error;
+}
+} else {
+if ((fd = virFileOpenAs(path, oflags, S_IRUSR | S_IWUSR, uid, gid,
+vfoflags | VIR_FILE_OPEN_NOFORK)) 0) {
+/* If we failed as root, and the error was permission-denied
+ (EACCES or EPERM), assume it's on a network-connected share
+ where root access is restricted (eg, root-squashed NFS). If the
+ qemu user is non-root, just set a flag to
+ bypass security driver shenanigans, and retry the operation
+ after doing setuid to qemu user */
+if ((fd != -EACCES fd != -EPERM) || fallback_uid == getuid())
+goto error;
+
+/* On Linux we can also verify the FS-type of the directory. */
+switch (path_shared) {
+case 1:
+/* it was on a network share, so we'll continue
+ * as outlined above
+ */
+break;
+
+case -1:
+virReportSystemError(-fd, oflags O_CREAT
+ ? _(Failed to create file
+ '%s': couldn't determine fs
type)
+ : _(Failed to open file
+ '%s': couldn't determine fs
type),
+ path);
+goto cleanup;
+
+case 0:
+default:
+/* local file - log the error returned by virFileOpenAs */
+goto error;
+}
+
+/* Retry creating the file as qemu
Re: [libvirt] [PATCH] Fix virsystemdtest for previous commit
On 09/11/2013 10:31 AM, Daniel P. Berrange wrote:
From: Daniel P. Berrange berra...@redhat.com
The change to query org.freedesktop.DBus.ListActivatableNames
to detect systemd broke the test suite, since we did not have
stubs to respond to this dbus call.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
tests/virsystemdmock.c | 54
+-
tests/virsystemdtest.c | 4
2 files changed, 40 insertions(+), 18 deletions(-)
Pushed under build break rule.
diff --git a/tests/virsystemdmock.c b/tests/virsystemdmock.c
index 5dbd33f..59b312d 100644
--- a/tests/virsystemdmock.c
+++ b/tests/virsystemdmock.c
@@ -65,29 +65,47 @@ dbus_bool_t dbus_message_set_reply_serial(DBusMessage
*message ATTRIBUTE_UNUSED,
}
DBusMessage *dbus_connection_send_with_reply_and_block(DBusConnection
*connection ATTRIBUTE_UNUSED,
- DBusMessage *message
ATTRIBUTE_UNUSED,
+ DBusMessage *message,
int
timeout_milliseconds ATTRIBUTE_UNUSED,
- DBusError *error)
+ DBusError *error
ATTRIBUTE_UNUSED)
{
DBusMessage *reply = NULL;
+const char *service = dbus_message_get_destination(message);
-if (getenv(FAIL_BAD_SERVICE)) {
-DBusMessageIter iter;
-const char *error_message = Something went wrong creating the
machine;
-if (!(reply = dbus_message_new(DBUS_MESSAGE_TYPE_ERROR)))
-return NULL;
-dbus_message_set_error_name(reply,
org.freedesktop.systemd.badthing);
-dbus_message_iter_init_append(reply, iter);
-if (!dbus_message_iter_append_basic(iter,
-DBUS_TYPE_STRING,
-error_message)) {
-dbus_message_unref(reply);
-return NULL;
+if (STREQ(service, org.freedesktop.machine1)) {
+if (getenv(FAIL_BAD_SERVICE)) {
+DBusMessageIter iter;
+const char *error_message = Something went wrong creating the
machine;
+if (!(reply = dbus_message_new(DBUS_MESSAGE_TYPE_ERROR)))
+return NULL;
+dbus_message_set_error_name(reply,
org.freedesktop.systemd.badthing);
+dbus_message_iter_init_append(reply, iter);
+if (!dbus_message_iter_append_basic(iter,
+DBUS_TYPE_STRING,
+error_message)) {
+dbus_message_unref(reply);
+return NULL;
+}
+} else {
+reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN);
}
-} else if (getenv(FAIL_NO_SERVICE)) {
-dbus_set_error(error,
- org.freedesktop.DBus.Error.ServiceUnknown,
- %s, The name org.freedesktop.machine1 was not
provided by any .service files);
+} else if (STREQ(service, org.freedesktop.DBus)) {
+const char *svc1 = org.foo.bar.wizz;
+const char *svc2 = org.freedesktop.machine1;
+DBusMessageIter iter, sub;
+reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN);
+dbus_message_iter_init_append(reply, iter);
+dbus_message_iter_open_container(iter, DBUS_TYPE_ARRAY,
+ s, sub);
+
+dbus_message_iter_append_basic(sub,
+ DBUS_TYPE_STRING,
+ svc1);
Coverity complains here that dbus_message_iter_append_basic() needs to
have it's return checked like other places (including in SET_NEXT_VAL)
+if (!getenv(FAIL_NO_SERVICE))
+dbus_message_iter_append_basic(sub,
+ DBUS_TYPE_STRING,
+ svc2);
Coverity complains here that dbus_message_iter_append_basic() needs to
have it's return checked like other places (including in SET_NEXT_VAL)
+dbus_message_iter_close_container(iter, sub);
} else {
reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN);
}
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/2] tests: Don't test user config file if ran as root
Signed-off-by: Martin Kletzander mklet...@redhat.com --- tests/virsh-uriprecedence | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/virsh-uriprecedence b/tests/virsh-uriprecedence index f4d84a4..aa90efe 100755 --- a/tests/virsh-uriprecedence +++ b/tests/virsh-uriprecedence @@ -56,7 +56,11 @@ bad_uri=test:///default?bad_uri good_uri=test:///default?good_uri printf uri_default=\%s\\n $good_uri $XDG_CONFIG_HOME/libvirt/libvirt.conf -test_uri User config file +if uid_is_privileged_; then +test_skip_case $counter User config file must be run as root +else +test_uri User config file +fi printf uri_default=\%s\\n $bad_uri $XDG_CONFIG_HOME/libvirt/libvirt.conf export LIBVIRT_DEFAULT_URI=$good_uri -- 1.8.3.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Allow root users to have their own configuration file
On Thu 12 Sep 2013 12:12:22 PM CEST, Daniel P. Berrange wrote:
On Thu, Sep 12, 2013 at 12:07:54PM +0200, Martin Kletzander wrote:
On 09/12/2013 12:00 PM, Daniel P. Berrange wrote:
On Thu, Sep 12, 2013 at 11:53:32AM +0200, Martin Kletzander wrote:
Currently, we have two configuration file paths, one global (where
global means root-only and we're probably not changing this in near
future) and one per-user. Unfortunately root user cannot use the
second option because until now we were choosing the file path
depending only on whether the user is root or not.
This patch modifies the mentioned behavior for root only, allowing him
to set his own configuration files without changing anything in
system-wide configuration folders.
This also makes the virsh-uriprecedence test pass its first test case
when ran as root.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
Notes:
I'm playing along previously mentioned proper behavior in this
patch. However, IMNSHO, our global or system-wide configuration
file (defaulting to '/etc/libvirt/libvirt.conf') should be accessible
for all users since this has no security impact (security information
may be in files 'libvirtd.conf' or 'qemu.conf'). This file should be
also read and used for all users. After that, settings in user
configuration file (defaulting to '~/.config/libvirt/libvirt.conf')
may override some of these settings for that user.
This is how all sensible configurations are loaded and that's also
what I'd prefer. Unfortunately some developers feels this should be
done in completely different way.
src/libvirt.c | 56
1 file changed, 36 insertions(+), 20 deletions(-)
NACK to this. The root user already has their own dedicated configuration
file, /etc/libvirt/libvirt.conf. The /etc/libvirt directory permissions
prevent *any* file there being read by non-root, so the
/etc/libvirt/libvirt.conf
file could not be used by non-root.
As mentioned in the commit message, this patch doesn't change the
behavior for non-root users, that's only a nag in the notes.
The only thing that changes after applying this patch is that *iff* ran
as root, we'll *also* check ${XDG_CONFIG_HOME}/libvirt/libvirt.conf.
I don't see any point in doing that at all. Root already has a config
file exclusively for their own use. They don't need 2.
I wasn't discussing that, but it might be possible to differentiate that
configs and made it possible to for them to share /etc configs between
hosts and make his own
Don't get me wrong, I'm not arguing nor I need this to go in, it just
(still) makes way more sense to me. Take a look at git for example (or
virtually anything) and his /etc/gitconfig = ~/.gitconfig;
$XDG_CONFIG_HOME/git/config = $repository/.git/config and so on...
I've sent a v2 [1] fixing the test.
Martin
[1] http://www.redhat.com/archives/libvir-list/2013-September/msg00701.html
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] tests: Don't test user config file if ran as root
On Thu, Sep 12, 2013 at 01:28:45PM +0200, Martin Kletzander wrote: Signed-off-by: Martin Kletzander mklet...@redhat.com --- tests/virsh-uriprecedence | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/virsh-uriprecedence b/tests/virsh-uriprecedence index f4d84a4..aa90efe 100755 --- a/tests/virsh-uriprecedence +++ b/tests/virsh-uriprecedence @@ -56,7 +56,11 @@ bad_uri=test:///default?bad_uri good_uri=test:///default?good_uri printf uri_default=\%s\\n $good_uri $XDG_CONFIG_HOME/libvirt/libvirt.conf -test_uri User config file +if uid_is_privileged_; then +test_skip_case $counter User config file must be run as root Should that say 'must not be run as root' ? ^^^ +else +test_uri User config file +fi printf uri_default=\%s\\n $bad_uri $XDG_CONFIG_HOME/libvirt/libvirt.conf export LIBVIRT_DEFAULT_URI=$good_uri ACK if you can answer the question either way. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [RESEND][PATCHv5 0/4] write separate module for hostdev passthrough
On 09/11/2013 09:25 PM, Chunyan Liu wrote: [rebased to latest libvirt code for applying and reviewing the patches] These patches implements a separate module for hostdev passthrough so that it could be shared by different drivers and can maintain a global state of a host device. Plus, add passthrough to libxl driver, and change qemu driver and lxc driver to use hostdev common library instead of their own hostdev APIs. This did not come through threaded, which makes it a bit harder to track your series (with each patch forming its own thread, a mail client that sorts threads by most recent activity scatters the pieces hither-and-yon as soon as any one patch has a reply). You may want to double-check your git settings for the next patch you send :) -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [v0.9.12-maint 08/11] Make sure regree is called close to it's usage
On 09/12/2013 03:35 AM, Luca Tettamanti wrote: Hi Eric, I wasn't aware that my patch had been posted upstream. Yeah, my unfortunate email addressing was due to a glitch in the way Guido posted the existing Debian patch queue for 0.9.12 to upstream, such that my usual 'reply-to-all' sent to the wrong people based on the awkward headers. No worries. Ok, something like this then? From 4b2a860148a3e9f41136f135449d5aa53b5824e9 Mon Sep 17 00:00:00 2001 From: John Ferlan jfer...@redhat.com Date: Thu, 10 Jan 2013 14:44:26 -0500 Subject: [PATCH] storage: Need to also VIR_FREE(reg) Commit-id 'afc4631b' added the regfree(reg) to free resources alloc'd during regcomp; however, reg still needed to be VIR_FREE()'d. The call to regfree() also didn't account for possible NULL value. Reformatted the call to be closer to usage. (cherry picked from commit 71da3b66a8455faf8019effe3cf504a31f91f54a) Backported to 0.9.12 with afc4631b and its revert skipped. Signed-off-by: Luca Tettamanti ltettama...@acunu.com Yes, I like that better than Guido's re-post at: https://www.redhat.com/archives/libvir-list/2013-September/msg00676.html -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] tests: Don't test user config file if ran as root
On Thu, Sep 12, 2013 at 01:48:31PM +0200, Martin Kletzander wrote: On 09/12/2013 01:35 PM, Daniel P. Berrange wrote: On Thu, Sep 12, 2013 at 01:28:45PM +0200, Martin Kletzander wrote: Signed-off-by: Martin Kletzander mklet...@redhat.com --- tests/virsh-uriprecedence | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/virsh-uriprecedence b/tests/virsh-uriprecedence index f4d84a4..aa90efe 100755 --- a/tests/virsh-uriprecedence +++ b/tests/virsh-uriprecedence @@ -56,7 +56,11 @@ bad_uri=test:///default?bad_uri good_uri=test:///default?good_uri printf uri_default=\%s\\n $good_uri $XDG_CONFIG_HOME/libvirt/libvirt.conf -test_uri User config file +if uid_is_privileged_; then +test_skip_case $counter User config file must be run as root Should that say 'must not be run as root' ? ^^^ Yes, should, fixed. +else +test_uri User config file +fi printf uri_default=\%s\\n $bad_uri $XDG_CONFIG_HOME/libvirt/libvirt.conf export LIBVIRT_DEFAULT_URI=$good_uri ACK if you can answer the question either way. Thanks, should I wait for ACK on 1/2 before pushing or have you seen that in the archives? Odd, I've not see any cover letter or 1/2 patch arrive. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv6 1/5] domifaddr: Implement the public APIs
Eric, could you please share your views on the discussion?
On Sun, Sep 8, 2013 at 2:42 PM, Osier Yang jy...@redhat.com wrote:
[..]
+ *
+ * If 0 is passed as @flags, libvirt will choose the best way, and
won't
+ * include agent in it.
I'm thinking if we don't need to be so complicated, by defaulting to one
of _LEASE or _SNOOP explicitly.
That says (conclusion of all of above), I'm wondering if define the enum
like
blow is better.
typedef enum {
VIR_DOMAIN_INTERFACE_**ADDRESSES_AGENT = (1 1), /* Query qemu
guest agent */
And s/AGENT/GUEST_AGENT/, since AGENT could mean too much than guest
agent
--
Nehal J Wani
UG3, BTech CS+MS(CL)
IIIT-Hyderabad
http://commandlinewani.blogspot.com
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv6 1/5] domifaddr: Implement the public APIs
On Sun, Sep 08, 2013 at 02:43:09PM +0800, Osier Yang wrote:
On 06/09/13 23:18, Nehal J Wani wrote:
The documentation for virDomainInterfaceAddresses is removed in this
version.
Define helper function virDomainInterfaceFree, which allows
the upper layer application to free the domain interface object
conveniently.
The API is going to provide multiple methods by flags, e.g.
* Query guest agent
* Parse lease file of dnsmasq
* DHCP snooping
At this stage, it will only work with guest agent. Passing other
flags will result in error: Method hasn't been implemented yet
Hm, not sure if I like this.
include/libvirt/libvirt.h.in:
* Define virDomainInterfaceAddresses, virDomainInterfaceFree
* Define structs virDomainInterface, virDomainIPAddress
python/generator.py:
* Skip the auto-generation for virDomainInterfaceAddresses
and virDomainInterfaceFree
src/driver.h:
* Define domainInterfaceAddresses
src/libvirt.c:
* Implement virDomainInterfaceAddresses
* Implement virDomainInterfaceFree
src/libvirt_public.syms:
* Export the new symbols
---
include/libvirt/libvirt.h.in | 38
python/generator.py | 3 +
src/driver.h | 6 ++
src/libvirt.c| 135
+++
src/libvirt_public.syms | 6 ++
5 files changed, 188 insertions(+)
diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index a47e33c..0995080 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -2044,6 +2044,44 @@ int
virDomainGetInterfaceParameters (virDomainPtr dom,
virTypedParameterPtr params,
int *nparams,
unsigned int flags);
+typedef enum {
+VIR_DOMAIN_INTERFACE_ADDRESSES_SNOOP = (1 0), /* Snoop traffic */
+VIR_DOMAIN_INTERFACE_ADDRESSES_LEASE = (1 1), /* Parse DHCP lease
file */
+VIR_DOMAIN_INTERFACE_ADDRESSES_AGENT = (1 2), /* Query qemu guest
agent */
I don't see a good reason for expose the flags which are not
supported yet. It will
keep biting us until the implementations are done. Especially when you have
documentations for them in virsh, API comments. (I see you exposed them as
options in 4/5).
I tend to agree that we should only define flags once they are
supported by at least one driver.
Also if we put the virNetwork DHCP lease series in first, then we
can be sure that this API will work when no flags are set too.
Regards,
Daniel
--
|: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Doc: How to use NPIV in libvirt
Before posting it to WIKI or somewhere, I want to see if there is any suggestions on it, or if I missed something. How to use NPIV in libvirt I planned to wrote a document about how to use NPIV in libvirt after more features are supported, but it looks like I can't wait till then, got lots lots of questions from both the bugs and mails. So here we go. The document tries to summary up the things about NPIV that libvirt supports till now, and the TODO list. Feedback or suggestion is welcomed. 1) How to find out which HBA(s) support vHBA For libvirt newer than 1.0.4, you can find it out simply by: # virsh nodedev-list --cap vports --cap vports is to tell nodedev-list only outputs the devices which support vports capability, i.e. support vHBA. And also since version 1.0.4, you should be able to know the maximum vports the HBA supports and the current vports number from the HBA's XML, e.g. # virsh nodedev-dumpxml scsi_host5 device namescsi_host5/name parentpci__04_00_1/parent capability type='scsi_host' host5/host capability type='fc_host' wwnn2001001b32a9da4e/wwnn wwpn2101001b32a9da4e/wwpn fabric_wwn2001000dec9877c1/fabric_wwn /capability capability type='vport_ops' max_vports164/max_vports vports5/vports /capability /capability /device For libvirt older than 1.0.4, it's a bit complicated than above: First you need to find out all the HBAs, e.g. # virsh nodedev-list --cap scsi_host scsi_host0 scsi_host1 scsi_host2 scsi_host3 scsi_host4 scsi_host5 And then, to see if the HBA supports vHBA, check if the dumped XML contains vport_ops capability. E.g. # virsh nodedev-dumpxml scsi_host3 device namescsi_host3/name parentpci__00_08_0/parent capability type='scsi_host' host3/host /capability /device That says scsi_host3 doesn't support vHBA # virsh nodedev-dumpxml scsi_host5 device namescsi_host5/name parentpci__04_00_1/parent capability type='scsi_host' host5/host capability type='fc_host' wwnn2001001b32a9da4e/wwnn wwpn2101001b32a9da4e/wwpn fabric_wwn2001000dec9877c1/fabric_wwn /capability capability type='vport_ops' / /capability /device But scsi_host5 supports it. One might be confused with the node device naming style (e.g. scsi_host5) in this document and RHEL6 Virtualization Guide [1] (pci_10df_fe00_scsi_host_0). It's because of libvirt has two backends for node device driver: udev and HAL. We prefer the udev backend more than HAL backend in internal implementation, I think there is good enough reason to do so (HAL is maintenance mode now). I believe udev backend is used more than HAL backend, but if your destribution packager build libvirt without udev backend, don't be surprised with the node device names like the ones in [1]. 2) How to create a vHBA Pick up one HBA which supports vHBA, use it's node device name as the parent of vHBA, and specify the wwnn and wwpn in the vHBA's XML. E.g. device namescsi_host6/name parentscsi_host5/parent capability type='scsi_host' capability type='fc_host' wwnn2001001b32a9da5e/wwnn wwpn2101001b32a9da5e/wwpn /capability /capability /device Then create the vHBA with virsh command nodedev-create (assuming above XML file is named vhba.xml): # virsh nodedev-create vhba.xml Node device scsi_host6 created from vhba.xml Since 0.9.10, libvirt will generate wwnn and wwpn automatically if they are not specified. It means one can create the vHBA by a more simple XML like: device parentscsi_host5/parent capability type='scsi_host' capability type='fc_host' /capability /capability /device 3) How to destroy a vHBA As usual, destroying something is always simpler than creating it: # virsh nodedev-destroy scsi_host6 Destroyed node device 'scsi_host6' You might already realize that the vHBA is removed permanently, don't be surprised, it's the life, node device driver doesn't support persistent config. I won't say it's nightmare for users who screams when realizing the vHBA disappeared after a system rebooting, but it's relatively not good, (assuming that you got the wwnn:wwpn pair from the storage admin, but didn't record it). Fortunately, we support the persistent vHBA now, see next section for details. 4) How to create a persistent vHBA Let's go back to the history a bit firstly. Prior to libvirt 1.0.5, one can define a scsi type pool based on a (v)HBA by it's scsi host name (e.g. host5 in XML below). E.g. pool type='scsi' namepoolhba0/name uuide9392370-2917-565e-692b-d057f46512d6/uuid capacity
Re: [libvirt] [PATCH] qemu: Fix checking of guest ABI compatibility when reverting snapshots
On 09/12/13 15:10, Jiri Denemark wrote: On Thu, Sep 12, 2013 at 11:50:28 +0200, Peter Krempa wrote: When reverting a live internal snapshot with a live guest the ABI compatiblity check was comparing a migratable definition with a normal one. This resulted in the check failing with: revert requires force: Target device address type none does not match source pci This patch generates a migratable definition from the actual one to check against the definition from the snapshot to avoid this problem. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1006886 ACK, this should be good enough until we have an api to canonicalize domain definitions. Jirka Pushed; thanks. Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Fix naming of permission for detecting storage pools
From: Daniel P. Berrange berra...@redhat.com
The VIR_ACCESS_PERM_CONNECT_DETECT_STORAGE_POOLS enum
constant had its string format be 'detect_storage_pool',
note the missing trailing 's'. This prevent the ACL
check from ever succeeding. Fix this and add a simple
test script to validate this problem of matching names.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/Makefile.am| 8 -
src/access/viraccessperm.c | 2 +-
src/check-aclperms.pl | 75 ++
3 files changed, 83 insertions(+), 2 deletions(-)
create mode 100755 src/check-aclperms.pl
diff --git a/src/Makefile.am b/src/Makefile.am
index 711da32..9f9dcd9 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -528,10 +528,16 @@ check-aclrules:
$(REMOTE_PROTOCOL) \
$(addprefix $(srcdir)/,$(filter-out
/%,$(STATEFUL_DRIVER_SOURCE_FILES)))
+check-aclperms:
+ $(AM_V_GEN)$(PERL) $(srcdir)/check-aclperms.pl \
+ $(srcdir)/access/viraccessperm.h \
+ $(srcdir)/access/viraccessperm.c
+
EXTRA_DIST += check-driverimpls.pl check-aclrules.pl
check-local: check-protocol check-symfile check-symsorting \
- check-drivername check-driverimpls check-aclrules
+ check-drivername check-driverimpls check-aclrules \
+check-aclperms
.PHONY: check-protocol $(PROTOCOL_STRUCTS:structs=struct)
# Mock driver, covering domains, storage, networks, etc
diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c
index 9c720f9..d517c66 100644
--- a/src/access/viraccessperm.c
+++ b/src/access/viraccessperm.c
@@ -30,7 +30,7 @@ VIR_ENUM_IMPL(virAccessPermConnect,
search_storage_pools, search_node_devices,
search_interfaces, search_secrets,
search_nwfilters,
- detect_storage_pool, pm_control,
+ detect_storage_pools, pm_control,
interface_transaction);
VIR_ENUM_IMPL(virAccessPermDomain,
diff --git a/src/check-aclperms.pl b/src/check-aclperms.pl
new file mode 100755
index 000..b7fadcd
--- /dev/null
+++ b/src/check-aclperms.pl
@@ -0,0 +1,75 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library. If not, see
+# http://www.gnu.org/licenses/.
+#
+# This script just validates that the stringified version of
+# a virAccessPerm enum matches the enum constant name. We do
+# alot of auto-generation of code, so when these don't match
+# problems occur, preventing auth from succeeding at all.
+
+my $hdr = shift;
+my $impl = shift;
+
+my %perms;
+
+my @perms;
+
+open HDR, $hdr or die cannot read $hdr: $!;
+
+while (HDR) {
+if (/^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)/) {
+my $perm = $1;
+
+$perms{$perm} = 1 unless ($perm =~ /_LAST$/);
+}
+}
+
+close HDR;
+
+
+open IMPL, $impl or die cannot read $impl: $!;
+
+my $group;
+my $warned = 0;
+
+while (defined (my $line = IMPL)) {
+if ($line =~ /VIR_ACCESS_PERM_([_A-Z]+)_LAST/) {
+$group = $1;
+} elsif ($line =~ /[_a-z]+/) {
+my @bits = split /,/, $line;
+foreach my $bit (@bits) {
+if ($bit =~ /([_a-z]+)/) {
+#print $1, \n;
+
+my $perm = uc($group . _ . $1);
+if (!exists $perms{$perm}) {
+print STDERR Unknown perm string $1 for group $group\n;
+$warned = 1;
+}
+delete $perms{$perm};
+}
+}
+}
+}
+close IMPL;
+
+foreach my $perm (keys %perms) {
+print STDERR Perm $perm had not string form\n;
+$warned = 1;
+}
+
+exit $warned;
--
1.8.3.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [v0.9.12-maint v2 00/12] Debian's 0.9.12 patches
On Thu, Sep 12, 2013 at 3:18 AM, Guido Günther a...@sigxcpu.org wrote: These are the patches Debian is currently carrying on 0.9.12. Most are straight cherry-picks. Since we're maintaining 0.9.12 for our current stable release I'm happy to push these to v0.9.12-maint. I think that's perfectly reasonable and desirable. It will make reviewing back port security patches a bit easier if we can see your tree in upstream. Daniel P. Berrange (2): Don't ignore return value of qemuProcessKill Fix race condition when destroying guests Eric Blake (1): build: fix virnetlink on glibc 2.11 Jiri Denemark (3): daemon: Fix crash in virTypedParameterArrayClear Revert rpc: Discard non-blocking calls only when necessary qemu: Add support for -no-user-config Luca Tettamanti (1): Make sure regfree is called close to it's usage Martin Kletzander (1): security: Fix libvirtd crash possibility Peter Krempa (4): qemu: Fix off-by-one error while unescaping monitor strings rpc: Fix crash on error paths of message dispatching conf: Remove callback from stream when freeing entries in console hash conf: Remove console stream callback only when freeing console helper cfg.mk| 3 +- daemon/remote.c | 16 +- src/conf/virconsole.c | 13 ++ src/qemu/qemu_capabilities.c | 7 +- src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 11 +- src/qemu/qemu_driver.c| 21 ++- src/qemu/qemu_monitor.c | 11 +- src/rpc/virnetclient.c| 21 +-- src/rpc/virnetserverclient.c | 3 + src/rpc/virnetserverprogram.c | 11 +- src/storage/storage_backend_logical.c | 5 +- src/util/virnetlink.h | 2 + tests/qemuhelpdata/qemu-1.1 | 268 ++ tests/qemuhelpdata/qemu-1.1-device| 160 tests/qemuhelptest.c | 75 ++ 16 files changed, 586 insertions(+), 42 deletions(-) create mode 100644 tests/qemuhelpdata/qemu-1.1 create mode 100644 tests/qemuhelpdata/qemu-1.1-device -- 1.8.4.rc3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- Doug Goldstein -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] rpmbuild libvirt 1.1.2 problem
The issue is being fixed by the patch: https://www.redhat.com/archives/libvir-list/2013-September/msg00703.html On Thu, Sep 12, 2013 at 8:35 PM, Alex Jia a...@redhat.com wrote: Hi Martin, BTW, I met the same question, and I ran 'make check' under root. -- Regards, Alex - Original Message - From: Martin Kletzander mklet...@redhat.com To: Nehal J Wani nehaljw.k...@gmail.com Cc: libvir-list libvir-list@redhat.com, jsjshaowen...@21cn.com Sent: Thursday, September 12, 2013 4:29:32 PM Subject: Re: [libvirt] rpmbuild libvirt 1.1.2 problem On 09/11/2013 07:18 PM, Nehal J Wani wrote: On Wed, Sep 11, 2013 at 10:17 AM, jsjshaowen...@21cn.com wrote: hi: i build rpm in centos 6.2, libvirt version 1.1.2,i found an error FAIL: virsh-uriprecedence Details in the attachment,thanks !Wait for a response Reproducible on Cent OS 6.4 x86_64 See attached log for details. I've identified the problem; we aren't correctly reading file paths when running as root. Are you running make check under root? Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- Nehal J Wani UG3, BTech CS+MS(CL) IIIT-Hyderabad http://commandlinewani.blogspot.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix naming of permission for detecting storage pools
On 09/12/2013 07:37 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com The VIR_ACCESS_PERM_CONNECT_DETECT_STORAGE_POOLS enum constant had its string format be 'detect_storage_pool', note the missing trailing 's'. This prevent the ACL check from ever succeeding. Fix this and add a simple test script to validate this problem of matching names. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/Makefile.am| 8 - src/access/viraccessperm.c | 2 +- src/check-aclperms.pl | 75 ++ 3 files changed, 83 insertions(+), 2 deletions(-) create mode 100755 src/check-aclperms.pl check-local: check-protocol check-symfile check-symsorting \ - check-drivername check-driverimpls check-aclrules + check-drivername check-driverimpls check-aclrules \ +check-aclperms TAB vs. space (probably TAB for consistency with the majority of the makefile, even though this particular line is one of the rare places where make accepts either spelling of indentation equally) +# +# This script just validates that the stringified version of +# a virAccessPerm enum matches the enum constant name. We do +# alot of auto-generation of code, so when these don't match a/alot/a lot/ ACK with those fixes. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] tests: Don't test user config file if ran as root
On 09/12/2013 06:47 AM, Daniel P. Berrange wrote: ACK if you can answer the question either way. Thanks, should I wait for ACK on 1/2 before pushing or have you seen that in the archives? Odd, I've not see any cover letter or 1/2 patch arrive. My inbox is also having dreadfully slow delivery today, where I had to look at the archives to see 1/2. But it looks okay, so ACK from me on both. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] USB: USB Passthrough Device Autoconnect Feature
Hi, all Qemu upstream had achieved USB Passthrough Device Autoconnect Feature for the guest. Such as a USB device is unplugged from the host then plugged back in to the same USB physical port. the patch was: https://lists.gnu.org/archive/html/qemu-devel/2011-05/msg02341.html However, Libvirt has not provide such an interface that identifies a USB device for pass through with physical port, rather than the device number. Do you have any ideas or plans about this problem? Thanks in advance. Best Regards, -Gonglei -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv2 2/4] net-dhcp-leases: Implement the remote protocol
Implement RPC calls for virNetworkGetDHCPLeases, virNetworkGetDHCPLeasesForMAC
daemon/remote.c
* Define remoteSerializeNetworkDHCPLeases,
remoteDispatchNetworkGetDHCPLeases
* Define remoteDispatchNetworkGetDHCPLeasesForMAC
src/remote/remote_driver.c
* Define remoteNetworkGetDHCPLeases
* Define remoteNetworkGetDHCPLeasesForMAC
src/remote/remote_protocol.x
* New RPC procedure: REMOTE_PROC_NETWORK_GET_DHCP_LEASES
* Define structs remote_network_dhcp_leases,
remote_network_get_dhcp_leases_args,
remote_network_get_dhcp_leases_ret
* New RPC procedure: REMOTE_PROC_NETWORK_GET_DHCP_LEASES_FOR_MAC
* Define structs remote_network_dhcp_leases_for_mac,
remote_network_get_dhcp_leases_for_mac_args,
remote_network_get_dhcp_leases_for_mac_ret
src/remote_protocol-structs
* New structs added
src/rpc/gendispatch.pl
* Add exception (s/Dhcp/DHCP) for auto-generating names of the remote
functions
in ./daemon/remote_dispatch.h
---
daemon/remote.c | 133 ++
src/remote/remote_driver.c | 150 +++
src/remote/remote_protocol.x | 50 ++-
src/remote_protocol-structs | 32 +
src/rpc/gendispatch.pl | 1 +
5 files changed, 365 insertions(+), 1 deletion(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 2aff7c1..de03739 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -5137,7 +5137,140 @@ cleanup:
return rv;
}
+static int
+remoteSerializeNetworkDHCPLeases(virNetworkDHCPLeasesPtr *leases,
+ int nleases,
+ remote_network_get_dhcp_leases_ret *ret)
+{
+size_t i;
+
+if (nleases REMOTE_NETWORK_DHCPLEASES_MAX) {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(Number of leases is %d, which exceeds max limit:
%d),
+ nleases, REMOTE_NETWORK_DHCPLEASES_MAX);
+return -1;
+}
+
+if (VIR_ALLOC_N(ret-leases.leases_val, nleases) 0)
+goto error;
+
+ret-leases.leases_len = nleases;
+
+for (i = 0; i nleases; i++) {
+virNetworkDHCPLeasesPtr lease = leases[i];
+remote_network_dhcp_lease *lease_ret = (ret-leases.leases_val[i]);
+lease_ret-expirytime = lease-expirytime;
+lease_ret-type = lease-type;
+lease_ret-prefix = lease-prefix;
+
+if ((VIR_STRDUP(lease_ret-mac, lease-mac) 0) ||
+(VIR_STRDUP(lease_ret-ipaddr, lease-ipaddr) 0) ||
+(VIR_STRDUP(lease_ret-hostname, lease-hostname) 0) ||
+(VIR_STRDUP(lease_ret-clientid, lease-clientid) 0))
+goto error;
+}
+
+return 0;
+
+error:
+if (ret-leases.leases_val) {
+for (i = 0; i nleases; i++) {
+remote_network_dhcp_lease *lease_ret =
(ret-leases.leases_val[i]);
+virNetworkDHCPLeaseFree((virNetworkDHCPLeasesPtr)lease_ret);
+}
+}
+return -1;
+}
+
+static int
+remoteDispatchNetworkGetDHCPLeases(virNetServerPtr server ATTRIBUTE_UNUSED,
+ virNetServerClientPtr client,
+ virNetMessagePtr msg ATTRIBUTE_UNUSED,
+ virNetMessageErrorPtr rerr,
+ remote_network_get_dhcp_leases_args *args,
+ remote_network_get_dhcp_leases_ret *ret)
+{
+int rv = -1;
+struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client);
+virNetworkDHCPLeasesPtr *leases = NULL;
+virNetworkPtr net = NULL;
+int nleases = 0;
+
+if (!priv-conn) {
+virReportError(VIR_ERR_INTERNAL_ERROR, %s, _(connection not open));
+goto cleanup;
+}
+
+if (!(net = get_nonnull_network(priv-conn, args-net)))
+goto cleanup;
+
+if ((nleases = virNetworkGetDHCPLeases(net, leases, args-flags)) 0)
+goto cleanup;
+
+if (remoteSerializeNetworkDHCPLeases(leases, nleases, ret) 0)
+goto cleanup;
+rv = nleases;
+
+cleanup:
+if (rv 0)
+virNetMessageSaveError(rerr);
+if (leases) {
+size_t i;
+for (i = 0; i nleases; i++) {
+virNetworkDHCPLeaseFree(leases[i]);
+}
+}
+VIR_FREE(leases);
+return rv;
+}
+
+static int
+remoteDispatchNetworkGetDHCPLeasesForMAC(virNetServerPtr server
ATTRIBUTE_UNUSED,
+ virNetServerClientPtr client,
+ virNetMessagePtr msg ATTRIBUTE_UNUSED,
+ virNetMessageErrorPtr rerr,
+
remote_network_get_dhcp_leases_for_mac_args *args,
+
remote_network_get_dhcp_leases_for_mac_ret *ret)
+{
+int rv = -1;
+struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client);
+
Re: [libvirt] [PATCH] rbd: Use rbd_create3 to create RBD format 2 images by default
On 09/12/2013 04:12 PM, Daniel P. Berrange wrote: On Thu, Sep 12, 2013 at 11:27:10AM +0200, Wido den Hollander wrote: This new RBD format supports snapshotting and cloning. By having libvirt create images in format 2 end-users of the created images can benefit of the new RBD format. What's the compatibility like here. If one node creates a v2 image, can a host which only knows v1 still use that v2 image for booting guests ? Only very old clients won't be able to open v2 images when they only support v1. Ceph is however a fast moving project where almost all users are on the most recent versions of Ceph due to new features and bug fixes. Wido Daniel -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix naming of permission for detecting storage pools
On 09/12/2013 07:37 AM, Daniel P. Berrange wrote:
From: Daniel P. Berrange berra...@redhat.com
The VIR_ACCESS_PERM_CONNECT_DETECT_STORAGE_POOLS enum
constant had its string format be 'detect_storage_pool',
note the missing trailing 's'. This prevent the ACL
check from ever succeeding. Fix this and add a simple
test script to validate this problem of matching names.
+foreach my $perm (keys %perms) {
+print STDERR Perm $perm had not string form\n;
You've already pushed, but I just now noticed this sounds awkward.
Maybe Perm $perm was missing a string form\n? On the other hand,
since this message only ever occurs to a developer adding a new
permission, where the developer's bug would be fixed before it is
actually committed to libvirt.git, I'm not going to be bothered if we
leave it alone.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] tools: fix a judgment of equalling zero about an array's length
There is no need to go on executing code when the array's length is zero.
---
tools/virsh-snapshot.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c
index e37a5b3..d7a4c7b 100644
--- a/tools/virsh-snapshot.c
+++ b/tools/virsh-snapshot.c
@@ -239,7 +239,7 @@ vshParseSnapshotMemspec(vshControl *ctl, virBufferPtr buf,
const char *str)
return 0;
narray = vshStringToArray(str, array);
-if (narray 0)
+if (narray = 0)
goto cleanup;
for (i = 0; i narray; i++) {
--
1.7.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] tools: fix a judgment of equalling zero about an array's length
On 09/12/2013 08:00 PM, lawrancejing wrote: There is no need to go on executing code when the array's length is zero. --- tools/virsh-snapshot.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c index e37a5b3..d7a4c7b 100644 --- a/tools/virsh-snapshot.c +++ b/tools/virsh-snapshot.c @@ -239,7 +239,7 @@ vshParseSnapshotMemspec(vshControl *ctl, virBufferPtr buf, const char *str) return 0; narray = vshStringToArray(str, array); -if (narray 0) +if (narray = 0) goto cleanup; Makes no difference. narray == 0 is not a possible return value from vshStringToArray, which always returns -1 or a positive number. Therefore, I don't see the need to apply this. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2] Add some notes about security considerations when using LXC
-Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Thursday, September 12, 2013 6:46 PM To: Chen Hanxiao Cc: libvir-list@redhat.com; 'Gao feng' Subject: Re: [PATCH v2] Add some notes about security considerations when using LXC On Thu, Sep 12, 2013 at 11:22:18AM +0800, Chen Hanxiao wrote: -Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Wednesday, September 11, 2013 6:57 PM To: libvir-list@redhat.com Cc: Gao feng; Chen Hanxiao; Daniel P. Berrange Subject: [PATCH v2] Add some notes about security considerations when using LXC From: Daniel P. Berrange berra...@redhat.com Describe some of the issues to be aware of when configuring LXC guests with security isolation as a goal. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- docs/drvlxc.html.in | 103 1 file changed, 103 insertions(+) In v2: - Clarify UNIX domain socket issues wrt filesystem network namespaces diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index 1e6aa1d..66d97e4 100644 --- a/docs/drvlxc.html.in +++ b/docs/drvlxc.html.in @@ -168,6 +168,109 @@ Further block or character devices will be made available to containers depending on their configuration. /p +h2a name=securitySecurity considerations/a/h2 + +p +The libvirt LXC driver is fairly flexible in how it can be configured, +and as such does not enforce a requirement for strict security +separation between a container and the host. This allows it to be used +in scenarios where only resource control capabilities are important, +and resource sharing is desired. Applications wishing to ensure secure +isolation between a container and the host must ensure that they are +writing a suitable configuration. +/p + +h3a name=securenetworkingNetwork isolation/a/h3 + +p +If the guest configuration does not list any network interfaces, +the codenetwork/code namespace will not be activated, and thus +the container will see all the host's network interfaces. This will +allow apps in the container to bind to/connect from TCP/UDP addresses +and ports from the host OS. It also allows applications to access +UNIX domain sockets associated with the host OS, which are in the +abstract namespace. If access to UNIX domains sockets in the abstract +namespace is not wanted, then applications should set the +codelt;privnet/gt;/code flag in the +codelt;featuresgt;lt;/featuresgt;/code element. +/p + This section is very detailed and helpful for developers, but sys admins may not aware of issues like reboot. Maybe some warnings about 'reboot issue' for sys admins are still needed. How about keep the v1 patch's description: Lacking of codenetwork/code namespace would allow coderoot/code in the container to do anything including shutting down the host OS. Gao mentioned that UNIX domain sockets in the filesystem namespace are not affected by network namespaces. Systemd uses a filesystem based socket, so it is filesystem namespaces which are important to restrict access to systemd thus reboot. I already mention this later: Thanks for the clarification. But on RHEL6.4, the upstart do use an abstract socket which is net namespace aware. We could prevent it from affecting host OS by enable net namespace. Maybe we could insert some description about 'upstart' into Network isolation section. Other parts looks great. Thanks. +p +Sharing the host filesystem tree, also allows applications to access +UNIX domains sockets associated with the host OS, which are in the +filesystem namespaces. It should be noted that a number of init +systems including at least codesystemd/code and codeupstart/code +have UNIX domain socket which are used to control their operation. +Thus, if the directory/filesystem holding their UNIX domain socket is +exposed to the container, it will be possible for a user in the container +to invoke operations on the init service in the same way it could if +outside the container. This also applies to other applications in the +host which use UNIX domain sockets in the filesystem, such as DBus, +Libvirtd, and many more. If this is not desired, then applications +should either specify the UID/GID mapping in the configuration to +enable user namespaces thus block access to the UNIX domain socket +based on permissions, or should ensure the relevant directories have +a bind mount to hide them. This is particularly important for the +code/run/code or code/var/run/code directories. +/p Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o-
Re: [libvirt] [PATCH] Allow root users to have their own configuration file
On Thu, Sep 12, 2013 at 6:30 AM, Martin Kletzander mklet...@redhat.com wrote:
On Thu 12 Sep 2013 12:12:22 PM CEST, Daniel P. Berrange wrote:
On Thu, Sep 12, 2013 at 12:07:54PM +0200, Martin Kletzander wrote:
On 09/12/2013 12:00 PM, Daniel P. Berrange wrote:
On Thu, Sep 12, 2013 at 11:53:32AM +0200, Martin Kletzander wrote:
Currently, we have two configuration file paths, one global (where
global means root-only and we're probably not changing this in near
future) and one per-user. Unfortunately root user cannot use the
second option because until now we were choosing the file path
depending only on whether the user is root or not.
This patch modifies the mentioned behavior for root only, allowing him
to set his own configuration files without changing anything in
system-wide configuration folders.
This also makes the virsh-uriprecedence test pass its first test case
when ran as root.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
Notes:
I'm playing along previously mentioned proper behavior in this
patch. However, IMNSHO, our global or system-wide configuration
file (defaulting to '/etc/libvirt/libvirt.conf') should be accessible
for all users since this has no security impact (security information
may be in files 'libvirtd.conf' or 'qemu.conf'). This file should be
also read and used for all users. After that, settings in user
configuration file (defaulting to '~/.config/libvirt/libvirt.conf')
may override some of these settings for that user.
This is how all sensible configurations are loaded and that's also
what I'd prefer. Unfortunately some developers feels this should be
done in completely different way.
src/libvirt.c | 56
1 file changed, 36 insertions(+), 20 deletions(-)
NACK to this. The root user already has their own dedicated configuration
file, /etc/libvirt/libvirt.conf. The /etc/libvirt directory permissions
prevent *any* file there being read by non-root, so the
/etc/libvirt/libvirt.conf
file could not be used by non-root.
As mentioned in the commit message, this patch doesn't change the
behavior for non-root users, that's only a nag in the notes.
The only thing that changes after applying this patch is that *iff* ran
as root, we'll *also* check ${XDG_CONFIG_HOME}/libvirt/libvirt.conf.
I don't see any point in doing that at all. Root already has a config
file exclusively for their own use. They don't need 2.
I wasn't discussing that, but it might be possible to differentiate that
configs and made it possible to for them to share /etc configs between
hosts and make his own
Don't get me wrong, I'm not arguing nor I need this to go in, it just
(still) makes way more sense to me. Take a look at git for example (or
virtually anything) and his /etc/gitconfig = ~/.gitconfig;
$XDG_CONFIG_HOME/git/config = $repository/.git/config and so on...
I've sent a v2 [1] fixing the test.
Martin
[1] http://www.redhat.com/archives/libvir-list/2013-September/msg00701.html
If we're going to move forward with this. We potentially need to do
some other things such as allowing different certificates for a root
user using qemu:///session vs qemu:///system. Otherwise there's a bit
of inconsistency with the rest of the system.
--
Doug Goldstein
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv2 1/4] net-dhcp-leases: Implement the public APIs
Introduce 3 new APIs, virNetworkGetDHCPLeases, virNetworkGetDHCPLeasesForMAC
and virNetworkDHCPLeaseFree.
* virNetworkGetDHCPLeases: returns the dhcp leases information for a given
virtual network. The information includes lease expirytime, MAC Address,
IP Address, hostname and clientid.
* virNetworkGetDHCPLeasesForMAC: returns the dhcp leases information for a
given virtual network and specified MAC Address.
* virNetworkDHCPLeaseFree: allows the upper layer application to free the
network interface object conveniently.
There is no support for flags, so user is expected to pass 0 for
both the APIs.
include/libvirt/libvirt.h.in:
* Define virNetworkGetDHCPLeases
* Define virNetworkGetDHCPLeasesForMAC
* Define virNetworkDHCPLeaseFree
python/generator.py:
* Skip the auto-generation for virNetworkGetDHCPLeases
* Skip the auto-generation for virNetworkGetDHCPLeasesForMAC
* Skip the auto-generation for virNetworkDHCPLeaseFree
src/driver.h:
* Define networkGetDHCPLeases
* Define networkGetDHCPLeasesForMAC
src/libvirt.c:
* Implement virNetworkGetDHCPLeases
* Implement virNetworkGetDHCPLeasesForMAC
* Implement virNetworkDHCPLeaseFree
src/libvirt_public.syms:
* Export the new symbols
src/libvirt_private.syms:
* Export the symbol: virSocketAddrGetNumNetmaskBits
---
include/libvirt/libvirt.h.in | 33 +
python/generator.py | 3 +
src/driver.h | 13
src/libvirt.c| 173 +++
src/libvirt_private.syms | 1 +
src/libvirt_public.syms | 7 ++
6 files changed, 230 insertions(+)
diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index a47e33c..d92a720 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -2800,6 +2800,39 @@ int virConnectNumOfDefinedInterfaces
(virConnectPtr conn);
int virConnectListDefinedInterfaces (virConnectPtr conn,
char **const names,
int maxnames);
+
+typedef enum {
+VIR_IP_ADDR_TYPE_IPV4,
+VIR_IP_ADDR_TYPE_IPV6,
+
+#ifdef VIR_ENUM_SENTINELS
+VIR_IP_ADDR_TYPE_LAST
+#endif
+} virIPAddrType;
+
+typedef struct _virNetworkDHCPLeases virNetworkDHCPLeases;
+typedef virNetworkDHCPLeases *virNetworkDHCPLeasesPtr;
+struct _virNetworkDHCPLeases {
+long long expirytime;
+char *mac; /* MAC address */
+char *ipaddr; /* IP address */
+char *hostname; /* Hostname */
+char *clientid; /* Client ID */
+int type; /* virIPAddrType */
+unsigned int prefix;/* IP address prefix */
+};
+
+void virNetworkDHCPLeaseFree(virNetworkDHCPLeasesPtr lease);
+
+int virNetworkGetDHCPLeases(virNetworkPtr network,
+virNetworkDHCPLeasesPtr **leases,
+unsigned int flags);
+
+int virNetworkGetDHCPLeasesForMAC(virNetworkPtr network,
+ const char *mac,
+ virNetworkDHCPLeasesPtr **leases,
+ unsigned int flags);
+
/*
* virConnectListAllInterfaces:
*
diff --git a/python/generator.py b/python/generator.py
index a91dde8..e76cbfc 100755
--- a/python/generator.py
+++ b/python/generator.py
@@ -460,6 +460,8 @@ skip_impl = (
'virNodeGetCPUMap',
'virDomainMigrate3',
'virDomainMigrateToURI3',
+'virNetworkGetDHCPLeases',
+'virNetworkGetDHCPLeasesForMAC',
)
lxc_skip_impl = (
@@ -560,6 +562,7 @@ skip_function = (
virTypedParamsGetString,
virTypedParamsGetUInt,
virTypedParamsGetULLong,
+'virNetworkDHCPLeaseFree',
)
lxc_skip_function = (
diff --git a/src/driver.h b/src/driver.h
index be64333..698e0ca 100644
--- a/src/driver.h
+++ b/src/driver.h
@@ -1121,6 +1121,17 @@ typedef int
int cookieinlen,
unsigned int flags,
int cancelled);
+typedef int
+(*virDrvNetworkGetDHCPLeases)(virNetworkPtr network,
+ virNetworkDHCPLeasesPtr **leases,
+ unsigned int flags);
+
+typedef int
+(*virDrvNetworkGetDHCPLeasesForMAC)(virNetworkPtr network,
+const char *mac,
+virNetworkDHCPLeasesPtr **leases,
+unsigned int flags);
+
typedef struct _virDriver virDriver;
typedef virDriver *virDriverPtr;
@@ -1451,6 +1462,8 @@ struct _virNetworkDriver {
virDrvNetworkSetAutostart networkSetAutostart;
virDrvNetworkIsActive networkIsActive;
virDrvNetworkIsPersistent networkIsPersistent;
+virDrvNetworkGetDHCPLeases networkGetDHCPLeases;
+virDrvNetworkGetDHCPLeasesForMAC networkGetDHCPLeasesForMAC;
};
[libvirt] [PATCHv2 4/4] net-dhcp-leases: Add virsh support
Use virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC in virsh.
The new feature supports the follwing methods:
1. Retrieve leases info for a given virtual network
2. Retrieve leases info for given network interface
tools/virsh-domain-monitor.c
* Introduce new command : net-dhcp-leases
Example Usage: net-dhcp-leases network [mac]
virsh # net-dhcp-leases default
Expiry Time MAC address Protocol IP address
Hostname ClientId
13-09-2013 03:45:31 52:54:00:20:70:3dipv4 192.168.105.240/24
f18 *
13-09-2013 03:32:31 52:54:00:b1:70:19ipv4 192.168.105.201/24
LDAP *
tools/virsh.pod
* Document new command
---
tools/virsh-network.c | 101 ++
tools/virsh.pod | 6 +++
2 files changed, 107 insertions(+)
diff --git a/tools/virsh-network.c b/tools/virsh-network.c
index 8ddd5ca..571bf2e 100644
--- a/tools/virsh-network.c
+++ b/tools/virsh-network.c
@@ -1129,6 +1129,101 @@ cmdNetworkEdit(vshControl *ctl, const vshCmd *cmd)
return ret;
}
+/*
+ * net-dhcp-leases command
+ */
+static const vshCmdInfo info_network_dhcp_leases[] = {
+{.name = help,
+ .data = N_(Print lease info for a given network)
+},
+{.name = desc,
+ .data = N_(Print lease info for a given network)
+},
+{.name = NULL}
+};
+
+static const vshCmdOptDef opts_network_dhcp_leases[] = {
+{.name = network,
+ .type = VSH_OT_DATA,
+ .flags = VSH_OFLAG_REQ,
+ .help = N_(network name or uuid)
+},
+{.name = mac,
+ .type = VSH_OT_DATA,
+ .flags = VSH_OFLAG_NONE,
+ .help = N_(MAC address)
+},
+{.name = NULL}
+};
+
+static bool
+cmdNetworkDHCPLeases(vshControl *ctl, const vshCmd *cmd)
+{
+const char *name = NULL;
+const char *mac = NULL;
+virNetworkDHCPLeasesPtr *leases = NULL;
+int nleases = 0;
+bool ret = false;
+size_t i;
+unsigned int flags = 0;
+virNetworkPtr network = NULL;
+
+if (vshCommandOptString(cmd, mac, mac) 0)
+goto cleanup;
+
+if (!(network = vshCommandOptNetworkBy(ctl, cmd, name,
+ VSH_BYNAME | VSH_BYUUID)))
+goto cleanup;
+
+nleases = mac ? virNetworkGetDHCPLeasesForMAC(network, mac, leases, flags)
+:virNetworkGetDHCPLeases(network, leases, flags);
+
+if (nleases 0) {
+vshError(ctl, _(Failed to get leases info for %s), name);
+goto cleanup;
+}
+
+vshPrintExtra(ctl, %-20s %-20s %-10s %-20s %-12s %s\n%s%s\n,
+ _(Expiry Time), _(MAC address), _(Protocol),
+ _(IP address), _(Hostname), _(ClientId),
+ ,
+ );
+
+for (i = 0; i nleases; i++) {
+const char *type = NULL;
+virNetworkDHCPLeasesPtr lease = leases[i];
+time_t expirytime_tmp = lease-expirytime;
+struct tm ts;
+char expirytime[32];
+ts = *localtime_r(expirytime_tmp, ts);
+strftime(expirytime, sizeof(expirytime), %d-%m-%Y %H:%M:%S, ts);
+
+switch (lease-type) {
+case VIR_IP_ADDR_TYPE_IPV4:
+type = ipv4;
+break;
+case VIR_IP_ADDR_TYPE_IPV6:
+type = ipv6;
+break;
+}
+
+vshPrintExtra(ctl, %-20s %-20s %-10s %s/%-5d %-12s %s\n,
+ expirytime, lease-mac, type, lease-ipaddr,
+ lease-prefix, lease-hostname, lease-clientid);
+}
+
+ret = true;
+
+cleanup:
+if (leases) {
+for (i = 0; i nleases; i++)
+virNetworkDHCPLeaseFree(leases[i]);
+}
+VIR_FREE(leases);
+if (network)
+virNetworkFree(network);
+return ret;
+}
const vshCmdDef networkCmds[] = {
{.name = net-autostart,
@@ -1209,5 +1304,11 @@ const vshCmdDef networkCmds[] = {
.info = info_network_uuid,
.flags = 0
},
+{.name = net-dhcp-leases,
+ .handler = cmdNetworkDHCPLeases,
+ .opts = opts_network_dhcp_leases,
+ .info = info_network_dhcp_leases,
+ .flags = 0
+},
{.name = NULL}
};
diff --git a/tools/virsh.pod b/tools/virsh.pod
index 0ae5178..b87f646 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -2325,6 +2325,12 @@ If I--current is specified, affect the current network
state.
Both I--live and I--config flags may be given, but I--current is
exclusive. Not specifying any flag is the same as specifying I--current.
+=item Bnet-dhcp-leases Inetwork Imac
+
+Get a list of dhcp leases for all network interfaces connected to the given
+virtual Inetwork or limited output just for one interface if Imac is
+specified.
+
=back
=head1 INTERFACE COMMANDS
--
1.7.11.7
--
libvir-list mailing list
[libvirt] [PATCHv2 0/4] Introduce APIs to extract DHCP leases info
This API returns the information stored in the DHCP leases file created by dnsmasq for a given virtual network. It contacts the bridge network driver, which parses the leases file. It supports two methods: 1. Return info for all network interfaces connected to a given virtual network 2. Return information for a particular network interface in a given virtual network by providing its MAC Address v2 * Since DHCPv6 is supposed to be suported in future, virNetworkGetDHCPLeasesForMAC changed, prefix and virIPAddrType added in virNetworkDHCPLeases struct. v1 * Refer: https://www.redhat.com/archives/libvir-list/2013-September/msg00620.html * The need for these APIs were result of a RFC was proposed on the list. Refer: http://www.redhat.com/archives/libvir-list/2013-July/msg01603.html Nehal J Wani (4): net-dhcp-leases: Implement the public APIs net-dhcp-leases: Implement the remote protocol net-dhcp-leases: Private implementation inside network driver net-dhcp-leases: Add virsh support daemon/remote.c | 133 + include/libvirt/libvirt.h.in | 33 python/generator.py | 3 + src/driver.h | 13 +++ src/libvirt.c| 173 ++ src/libvirt_private.syms | 1 + src/libvirt_public.syms | 7 ++ src/network/bridge_driver.c | 193 +++ src/remote/remote_driver.c | 150 + src/remote/remote_protocol.x | 50 ++- src/remote_protocol-structs | 32 +++ src/rpc/gendispatch.pl | 1 + tools/virsh-network.c| 101 ++ tools/virsh.pod | 6 ++ 14 files changed, 895 insertions(+), 1 deletion(-) -- 1.7.11.7 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] docs: mention hostname subtlety
An off-list bug report mentioned some confusion where the public documentation of libvirt.c:virConnectGetHostname did not match the private documentation of util/virutil.c:virGetHostname. * src/libvirt.c (virConnectGetHostname): Tweak docs. Signed-off-by: Eric Blake ebl...@redhat.com --- src/libvirt.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/libvirt.c b/src/libvirt.c index 20a2d4c..a6fcab0 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -1701,9 +1701,10 @@ error: * virConnectGetHostname: * @conn: pointer to a hypervisor connection * - * This returns the system hostname on which the hypervisor is - * running (the result of the gethostname system call). If - * we are connected to a remote system, then this returns the + * This returns a system hostname on which the hypervisor is + * running (based on the result of the gethostname system call, but + * possibly expanded to a fully-qualified domain name via getaddrinfo). + * If we are connected to a remote system, then this returns the * hostname of the remote system. * * Returns the hostname which must be freed by the caller, or -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [RESEND][PATCHv5 2/4] add pci passthrough to libxl driver
Add pci passthrough to libxl driver, support attach-device, detach-device and
start a vm with pci hostdev specified.
Signed-off-by: Chunyan Liu cy...@suse.com
---
po/POTFILES.in |2 +-
src/libxl/libxl_conf.c | 63 +++
src/libxl/libxl_conf.h |4 +
src/libxl/libxl_driver.c | 443 +-
4 files changed, 510 insertions(+), 2 deletions(-)
diff --git a/po/POTFILES.in b/po/POTFILES.in
index ec205c9..d01cb99 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -159,6 +159,7 @@ src/util/vireventpoll.c
src/util/virfile.c
src/util/virhash.c
src/util/virhook.c
+src/util/virhostdev.c
src/util/viridentity.c
src/util/virinitctl.c
src/util/viriptables.c
@@ -196,7 +197,6 @@ src/util/viruri.c
src/util/virusb.c
src/util/virutil.c
src/util/virxml.c
-src/util/virhostdev.c
src/vbox/vbox_MSCOMGlue.c
src/vbox/vbox_XPCOMCGlue.c
src/vbox/vbox_driver.c
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index d4226b8..31d8f8a 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1128,6 +1128,66 @@ libxlDriverConfigGet(libxlDriverPrivatePtr driver)
return cfg;
}
+int
+libxlMakePci(virDomainHostdevDefPtr hostdev, libxl_device_pci *pcidev)
+{
+if (hostdev-mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+return -1;
+if (hostdev-source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+return -1;
+
+pcidev-domain = hostdev-source.subsys.u.pci.addr.domain;
+pcidev-bus = hostdev-source.subsys.u.pci.addr.bus;
+pcidev-dev = hostdev-source.subsys.u.pci.addr.slot;
+pcidev-func = hostdev-source.subsys.u.pci.addr.function;
+
+return 0;
+}
+
+static int
+libxlMakePciList(virDomainDefPtr def, libxl_domain_config *d_config)
+{
+virDomainHostdevDefPtr *l_hostdevs = def-hostdevs;
+size_t nhostdevs = def-nhostdevs;
+size_t npcidevs = 0;
+libxl_device_pci *x_pcidevs;
+size_t i, j;
+
+if (nhostdevs == 0)
+return 0;
+
+if (VIR_ALLOC_N(x_pcidevs, nhostdevs) 0)
+return -1;
+
+for (i = 0, j = 0; i nhostdevs; i++) {
+if (l_hostdevs[i]-mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+continue;
+if (l_hostdevs[i]-source.subsys.type !=
VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+continue;
+
+libxl_device_pci_init(x_pcidevs[j]);
+
+if (libxlMakePci(l_hostdevs[i], x_pcidevs[j]) 0)
+goto error;
+
+npcidevs++;
+j++;
+}
+
+VIR_SHRINK_N(x_pcidevs, nhostdevs, nhostdevs - npcidevs);
+d_config-pcidevs = x_pcidevs;
+d_config-num_pcidevs = npcidevs;
+
+return 0;
+
+error:
+for (i = 0; i npcidevs; i++)
+libxl_device_pci_dispose(x_pcidevs[i]);
+
+VIR_FREE(x_pcidevs);
+return -1;
+}
+
virCapsPtr
libxlMakeCapabilities(libxl_ctx *ctx)
{
@@ -1176,6 +1236,9 @@ libxlBuildDomainConfig(libxlDriverPrivatePtr driver,
if (libxlMakeVfbList(driver, def, d_config) 0)
return -1;
+if (libxlMakePciList(def, d_config) 0)
+return -1;
+
d_config-on_reboot = def-onReboot;
d_config-on_poweroff = def-onPoweroff;
d_config-on_crash = def-onCrash;
diff --git a/src/libxl/libxl_conf.h b/src/libxl/libxl_conf.h
index 8ba0ee4..31a955a 100644
--- a/src/libxl/libxl_conf.h
+++ b/src/libxl/libxl_conf.h
@@ -38,6 +38,7 @@
# include virchrdev.h
+# define LIBXL_DRIVER_NAME xenlight
# define LIBXL_VNC_PORT_MIN 5900
# define LIBXL_VNC_PORT_MAX 65535
@@ -148,6 +149,9 @@ libxlMakeVfb(libxlDriverPrivatePtr driver,
virDomainGraphicsDefPtr l_vfb, libxl_device_vfb *x_vfb);
int
+libxlMakePci(virDomainHostdevDefPtr hostdev, libxl_device_pci *pcidev);
+
+int
libxlBuildDomainConfig(libxlDriverPrivatePtr driver,
virDomainObjPtr vm, libxl_domain_config *d_config);
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index e2a6d44..5bddf45 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -52,6 +52,8 @@
#include virsysinfo.h
#include viraccessapicheck.h
#include viratomic.h
+#include virhostdev.h
+#include virhostdev.h
#define VIR_FROM_THIS VIR_FROM_LIBXL
@@ -328,6 +330,7 @@ libxlVmReap(libxlDriverPrivatePtr driver,
virDomainShutoffReason reason)
{
libxlDomainObjPrivatePtr priv = vm-privateData;
+virHostdevManagerPtr hostdev_mgr;
if (libxl_domain_destroy(priv-ctx, vm-def-id, NULL) 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
@@ -335,6 +338,10 @@ libxlVmReap(libxlDriverPrivatePtr driver,
return -1;
}
+hostdev_mgr = virHostdevManagerGetDefault();
+virHostdevReAttachDomainHostdevs(hostdev_mgr, LIBXL_DRIVER_NAME,
+ vm-def, VIR_SP_PCI_HOSTDEV);
+
libxlVmCleanup(driver, vm, reason);
return 0;
}
@@ -553,6 +560,7 @@ libxlVmStart(libxlDriverPrivatePtr driver, virDomainObjPtr
vm,
int managed_save_fd = -1;
libxlDomainObjPrivatePtr priv = vm-privateData;
[libvirt] [RESEND][PATCHv5 0/4] write separate module for hostdev passthrough
[rebased to latest libvirt code for applying and reviewing the patches] These patches implements a separate module for hostdev passthrough so that it could be shared by different drivers and can maintain a global state of a host device. Plus, add passthrough to libxl driver, and change qemu driver and lxc driver to use hostdev common library instead of their own hostdev APIs. --- Changes to v4: * change the way checking hypervisor driver name to decide whether use pciback or pci-stub as stub driver, instead, using driver callback to handle that. * remove get active/inactive list APIs from hostdev common library since currently no code uses them. * add nodedev-detach/reattach/reset to libxl driver * other fixes to Daniel and Jim's comments v4 is here: https://www.redhat.com/archives/libvir-list/2013-August/msg00806.html Changes to v3: * fix Jim's comments v3 is here: https://www.redhat.com/archives/libvir-list/2013-August/msg00019.html Changes to v2: * add patches for qemu driver and lxc driver, use common library APIs instead of their own hostdev APIs. * add APIs for nodedev-detach and nodedev-reattach calling. * rename functions to use unified prefix 'virHostdev' * use VIR_ONCE_GLOBAL_INIT() as others instead of previous Init and Cleanup. * use VIR_STRDUP instead of strdup * rebase to latest code v2 is here: https://www.redhat.com/archives/libvir-list/2013-June/msg00263.html Chunyan Liu (4): add hostdev passthrough common library add pci passthrough to libxl driver change qemu driver to use hostdev common library change lxc driver to use hostdev common library docs/schemas/domaincommon.rng |1 + po/POTFILES.in|3 +- src/Makefile.am |3 +- src/conf/domain_conf.c|3 +- src/conf/domain_conf.h|1 + src/libvirt_private.syms | 15 + src/libxl/libxl_conf.c| 63 ++ src/libxl/libxl_conf.h|4 + src/libxl/libxl_domain.c |9 + src/libxl/libxl_driver.c | 443 ++- src/lxc/lxc_conf.h|4 - src/lxc/lxc_driver.c | 45 +- src/lxc/lxc_hostdev.c | 413 - src/lxc/lxc_hostdev.h | 43 -- src/lxc/lxc_process.c | 21 +- src/qemu/qemu_command.c |1 - src/qemu/qemu_conf.h |9 +- src/qemu/qemu_domain.c|9 + src/qemu/qemu_driver.c| 72 +-- src/qemu/qemu_hostdev.c | 1289 --- src/qemu/qemu_hostdev.h | 72 --- src/qemu/qemu_hotplug.c | 126 ++--- src/qemu/qemu_process.c | 34 +- src/util/virhostdev.c | 1335 + src/util/virhostdev.h | 104 src/util/virpci.c | 28 +- src/util/virpci.h |9 +- src/util/virscsi.c| 26 +- src/util/virscsi.h|8 +- src/util/virusb.c | 27 +- src/util/virusb.h |8 +- 31 files changed, 2195 insertions(+), 2033 deletions(-) delete mode 100644 src/lxc/lxc_hostdev.c delete mode 100644 src/lxc/lxc_hostdev.h delete mode 100644 src/qemu/qemu_hostdev.c delete mode 100644 src/qemu/qemu_hostdev.h create mode 100644 src/util/virhostdev.c create mode 100644 src/util/virhostdev.h -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [RESEND][PATCHv5 4/4] change lxc driver to use hostdev common library
Change lxc driver to use hostdev common library instead of its own APIs in
lxc_hostdev.[ch]
Signed-off-by: Chunyan Liu cy...@suse.com
---
po/POTFILES.in|1 -
src/Makefile.am |1 -
src/lxc/lxc_conf.h|4 -
src/lxc/lxc_driver.c | 45 +++---
src/lxc/lxc_hostdev.c | 413 -
src/lxc/lxc_hostdev.h | 43 -
src/lxc/lxc_process.c | 21 ++-
7 files changed, 43 insertions(+), 485 deletions(-)
delete mode 100644 src/lxc/lxc_hostdev.c
delete mode 100644 src/lxc/lxc_hostdev.h
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 2fc7e67..b3b7832 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -61,7 +61,6 @@ src/locking/lock_manager.c
src/locking/sanlock_helper.c
src/lxc/lxc_cgroup.c
src/lxc/lxc_fuse.c
-src/lxc/lxc_hostdev.c
src/lxc/lxc_container.c
src/lxc/lxc_conf.c
src/lxc/lxc_controller.c
diff --git a/src/Makefile.am b/src/Makefile.am
index c3a8ba0..afae0a8 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -600,7 +600,6 @@ LXC_DRIVER_SOURCES =
\
lxc/lxc_container.c lxc/lxc_container.h \
lxc/lxc_cgroup.c lxc/lxc_cgroup.h \
lxc/lxc_domain.c lxc/lxc_domain.h \
- lxc/lxc_hostdev.c lxc/lxc_hostdev.h \
lxc/lxc_monitor.c lxc/lxc_monitor.h \
lxc/lxc_process.c lxc/lxc_process.h \
lxc/lxc_fuse.c lxc/lxc_fuse.h \
diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h
index a6208a2..05f2a80 100644
--- a/src/lxc/lxc_conf.h
+++ b/src/lxc/lxc_conf.h
@@ -92,10 +92,6 @@ struct _virLXCDriver {
/* Immutable pointer, self-locking APIs */
virDomainObjListPtr domains;
-/* Immutable pointer. Requires lock to be held before
- * calling APIs. */
-virUSBDeviceListPtr activeUsbHostdevs;
-
/* Immutable pointer, self-locking APIs */
virDomainEventStatePtr domainEventState;
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index b587c22..098f2f0 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -70,6 +70,7 @@
#include virstring.h
#include viraccessapicheck.h
#include viraccessapichecklxc.h
+#include virhostdev.h
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -1418,9 +1419,6 @@ static int lxcStateInitialize(bool privileged,
if (!(lxc_driver-securityManager = lxcSecurityInit(cfg)))
goto cleanup;
-if ((lxc_driver-activeUsbHostdevs = virUSBDeviceListNew()) == NULL)
-goto cleanup;
-
if ((virLXCDriverGetCapabilities(lxc_driver, true)) == NULL)
goto cleanup;
@@ -1535,7 +1533,6 @@ static int lxcStateCleanup(void)
virSysinfoDefFree(lxc_driver-hostsysinfo);
-virObjectUnref(lxc_driver-activeUsbHostdevs);
virObjectUnref(lxc_driver-caps);
virObjectUnref(lxc_driver-securityManager);
virObjectUnref(lxc_driver-xmlopt);
@@ -3214,6 +3211,7 @@ lxcDomainAttachDeviceHostdevSubsysUSBLive(virLXCDriverPtr
driver,
mode_t mode;
bool created = false;
virUSBDevicePtr usb = NULL;
+virHostdevManagerPtr hostdev_mgr;
if (virDomainHostdevFind(vm-def, def, NULL) = 0) {
virReportError(VIR_ERR_OPERATION_FAILED, %s,
@@ -3221,6 +3219,13 @@
lxcDomainAttachDeviceHostdevSubsysUSBLive(virLXCDriverPtr driver,
return -1;
}
+hostdev_mgr = virHostdevManagerGetDefault();
+if (virHostdevPrepareUsbHostdevs(hostdev_mgr,
+ LXC_DRIVER_NAME,
+ vm-def-name,
+ def, 1, 0) 0)
+goto cleanup;
+
if (virAsprintf(vroot, /proc/%llu/root,
(unsigned long long)priv-initpid) 0)
goto cleanup;
@@ -3296,6 +3301,11 @@
lxcDomainAttachDeviceHostdevSubsysUSBLive(virLXCDriverPtr driver,
ret = 0;
cleanup:
+virHostdevReAttachUsbHostdevs(hostdev_mgr,
+ LXC_DRIVER_NAME,
+ vm-def-name,
+ def,
+ 1);
virDomainAuditHostdev(vm, def, attach, ret == 0);
if (ret 0 created)
unlink(dstfile);
@@ -3758,8 +3768,7 @@ cleanup:
static int
-lxcDomainDetachDeviceHostdevUSBLive(virLXCDriverPtr driver,
-virDomainObjPtr vm,
+lxcDomainDetachDeviceHostdevUSBLive(virDomainObjPtr vm,
virDomainDeviceDefPtr dev)
{
virLXCDomainObjPrivatePtr priv = vm-privateData;
@@ -3768,6 +3777,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virLXCDriverPtr
driver,
char *dst = NULL;
char *vroot = NULL;
virUSBDevicePtr usb = NULL;
+virHostdevManagerPtr hostdev_mgr;
if ((idx = virDomainHostdevFind(vm-def,
dev-data.hostdev,
@@ -3812,9 +3822,9 @@
Re: [libvirt] [RESEND][PATCHv5 0/4] write separate module for hostdev passthrough
2013/9/12 Eric Blake ebl...@redhat.com On 09/11/2013 09:25 PM, Chunyan Liu wrote: [rebased to latest libvirt code for applying and reviewing the patches] These patches implements a separate module for hostdev passthrough so that it could be shared by different drivers and can maintain a global state of a host device. Plus, add passthrough to libxl driver, and change qemu driver and lxc driver to use hostdev common library instead of their own hostdev APIs. This did not come through threaded, which makes it a bit harder to track your series (with each patch forming its own thread, a mail client that sorts threads by most recent activity scatters the pieces hither-and-yon as soon as any one patch has a reply). You may want to double-check your git settings for the next patch you send :) Sorry. Resend. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
