Re: [libvirt] [PATCH] build: link virstoragetest with libxml
On Mon, Jun 23, 2014 at 04:08:42PM +0200, Martin Kletzander wrote: Signed-off-by: Martin Kletzander --- Notes: To be honest, I have no idea why this fails for me in one situation, but it prevents the following error during compilation: /usr/lib/gcc/x86_64-pc-linux-gnu/4.9.0/../../../../x86_64-pc-linux-gnu/bin/ld: ../src/.libs/libvirt_driver_storage_impl.a(libvirt_driver_storage_impl_la-storage_backend.o): undefined reference to symbol 'xmlFreeDoc@@LIBXML2_2.4.30' /usr/lib/gcc/x86_64-pc-linux-gnu/4.9.0/../../../../lib64/libxml2.so: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:4228: recipe for target 'virstoragetest' failed Therefore I'm not pushing it as a build-breaker since this might not be the root cause or the best solution. The other fix (and probably more appropriate one) would be to add LIBXML_LIBS into libvirt_conf_la_LIBADD since the xmlFreeDoc() is called in storage_conf.c. Any other preferred way is accepted as well, feel free to comment. tests/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Makefile.am b/tests/Makefile.am index 025b847..457eb99 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -899,6 +899,7 @@ virstoragetest_LDADD = $(LDADDS) \ ../src/libvirt_util.la \ ../src/libvirt_driver_storage_impl.la \ ../gnulib/lib/libgnu.la \ + $(LIBXML_LIBS) \ $(NULL) viridentitytest_SOURCES = \ -- 2.0.0 Ping? signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/6] Support for per-guest-node binding
On Thu, 2014-06-26 at 07:35 +0200, Martin Kletzander wrote: > On Thu, Jun 26, 2014 at 01:50:22AM +, chen.fan.f...@cn.fujitsu.com wrote: > >On Wed, 2014-06-04 at 16:56 +0200, Martin Kletzander wrote: > >> Currently we are only able to bind the whole domain to some host nodes > >> using the /domain/numatune/memory element. Numerous requests were > >> made to support host<->guest numa node bindings, so this series tries > >> to pinch an idea on how to do that using /domain/numatune/memnode > >> elements. > >> > >> That is incompatible with automatic numa placement (numad) since that > >> makes no sense. Also this disables any live changes to numa > >> parameters (the /domain/numatune/memory settings) since we cannot > >> change the settings given to qemu. > >Hi Martin, > > > >Sorry for that I have not observed this patch. I made a duplicated > >work about this recently. and I found this patch has not been updated > >for several days, but since the QEMU have extra supported "memory-file" > >and some flags/properties, this patches should be refactored. > >Do you plan to send a new version ? If not, Can I take over them? > > > > I'm completely re-factoring the numatune parsing code and reworking > few other things for this patch. For memory-file, that will be > automatically supported as well, but with Michal's patches. We > already have an option that says "use hugepages" and we would like to > re-use that instead of creating new device(s). > > But we will greatly value your input on these patches (both mine and > Michal's) when these hit the list. So if there's something else you > find missing or wrong, that should be added or fixed, let me know. Ok. Thanks, Chen > > Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/6] Support for per-guest-node binding
On Thu, Jun 26, 2014 at 01:50:22AM +, chen.fan.f...@cn.fujitsu.com wrote: On Wed, 2014-06-04 at 16:56 +0200, Martin Kletzander wrote: Currently we are only able to bind the whole domain to some host nodes using the /domain/numatune/memory element. Numerous requests were made to support host<->guest numa node bindings, so this series tries to pinch an idea on how to do that using /domain/numatune/memnode elements. That is incompatible with automatic numa placement (numad) since that makes no sense. Also this disables any live changes to numa parameters (the /domain/numatune/memory settings) since we cannot change the settings given to qemu. Hi Martin, Sorry for that I have not observed this patch. I made a duplicated work about this recently. and I found this patch has not been updated for several days, but since the QEMU have extra supported "memory-file" and some flags/properties, this patches should be refactored. Do you plan to send a new version ? If not, Can I take over them? I'm completely re-factoring the numatune parsing code and reworking few other things for this patch. For memory-file, that will be automatically supported as well, but with Michal's patches. We already have an option that says "use hugepages" and we would like to re-use that instead of creating new device(s). But we will greatly value your input on these patches (both mine and Michal's) when these hit the list. So if there's something else you find missing or wrong, that should be added or fixed, let me know. Martin signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 26/26] qemu: blockcopy: Don't remove existing disk mirror info
On 06/25/2014 10:55 AM, Peter Krempa wrote:
> When creating a new disk mirror the new struct is stored in a separate
> variable until everything went well. The removed hunk would actually
> remove existing mirror information for example when the api would be run
> if a mirror still exists.
> ---
> src/qemu/qemu_driver.c | 4
> 1 file changed, 4 deletions(-)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 66752f1..f6f5ace 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -15382,10 +15382,6 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
> endjob:
> if (need_unlink && unlink(dest))
> VIR_WARN("unable to unlink just-created %s", dest);
> -if (ret < 0 && disk) {
> -virStorageSourceFree(disk->mirror);
> -disk->mirror = NULL;
> -}
Oh my. This was a regression latently introduced in commit ff5f30b,
v1.2.1, then aggravated in commit 7b7bf001 (thankfully unreleased).
Thanks for catching and fixing this.
ACK.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2] nwfilter: enum cleanups in "src/nwfilter/*"
As we are doing with the enum structures, a cleanup in
"src/nwfilter/" directory was done now. All the enums that were
defined in the header files were converted to typedefs in this
directory. This patch includes all the adjustments to remove
conflicts when you do this kind of change. "Enum-to-typedef"'s
conversions were made in "src/nwfilter/nwfilter_{gentech_driver,
learnipaddr, tech_driver}.h".
Signed-off-by: Julio Faracco
---
src/nwfilter/nwfilter_gentech_driver.c | 12 ++--
src/nwfilter/nwfilter_gentech_driver.h |4 ++--
src/nwfilter/nwfilter_learnipaddr.c|8
src/nwfilter/nwfilter_learnipaddr.h|8
src/nwfilter/nwfilter_tech_driver.h|6 +++---
5 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/src/nwfilter/nwfilter_gentech_driver.c
b/src/nwfilter/nwfilter_gentech_driver.c
index 5bed106..e267cf1 100644
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -332,7 +332,7 @@ static int
virNWFilterDefToInst(virNWFilterDriverStatePtr driver,
virNWFilterDefPtr def,
virNWFilterHashTablePtr vars,
- enum instCase useNewFilter,
+ virInstCase useNewFilter,
bool *foundNewFilter,
virNWFilterInstPtr inst);
@@ -374,7 +374,7 @@ static int
virNWFilterIncludeDefToRuleInst(virNWFilterDriverStatePtr driver,
virNWFilterIncludeDefPtr inc,
virNWFilterHashTablePtr vars,
-enum instCase useNewFilter,
+virInstCase useNewFilter,
bool *foundNewFilter,
virNWFilterInstPtr inst)
{
@@ -464,7 +464,7 @@ static int
virNWFilterDefToInst(virNWFilterDriverStatePtr driver,
virNWFilterDefPtr def,
virNWFilterHashTablePtr vars,
- enum instCase useNewFilter,
+ virInstCase useNewFilter,
bool *foundNewFilter,
virNWFilterInstPtr inst)
{
@@ -630,7 +630,7 @@ virNWFilterInstantiate(const unsigned char *vmuuid
ATTRIBUTE_UNUSED,
int ifindex,
const char *linkdev,
virNWFilterHashTablePtr vars,
- enum instCase useNewFilter, bool *foundNewFilter,
+ virInstCase useNewFilter, bool *foundNewFilter,
bool teardownOld,
const virMacAddr *macaddr,
virNWFilterDriverStatePtr driver,
@@ -782,7 +782,7 @@ __virNWFilterInstantiateFilter(virNWFilterDriverStatePtr
driver,
const virMacAddr *macaddr,
const char *filtername,
virNWFilterHashTablePtr filterparams,
- enum instCase useNewFilter,
+ virInstCase useNewFilter,
bool forceWithPendingReq,
bool *foundNewFilter)
{
@@ -896,7 +896,7 @@ _virNWFilterInstantiateFilter(virNWFilterDriverStatePtr
driver,
const unsigned char *vmuuid,
const virDomainNetDef *net,
bool teardownOld,
- enum instCase useNewFilter,
+ virInstCase useNewFilter,
bool *foundNewFilter)
{
const char *linkdev = (net->type == VIR_DOMAIN_NET_TYPE_DIRECT)
diff --git a/src/nwfilter/nwfilter_gentech_driver.h
b/src/nwfilter/nwfilter_gentech_driver.h
index 8349ab4..4d14603 100644
--- a/src/nwfilter/nwfilter_gentech_driver.h
+++ b/src/nwfilter/nwfilter_gentech_driver.h
@@ -32,10 +32,10 @@ virNWFilterTechDriverPtr virNWFilterTechDriverForName(const
char *name);
int virNWFilterTechDriversInit(bool privileged);
void virNWFilterTechDriversShutdown(void);
-enum instCase {
+typedef enum {
INSTANTIATE_ALWAYS,
INSTANTIATE_FOLLOW_NEWFILTER,
-};
+} virInstCase;
int virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver,
diff --git a/src/nwfilter/nwfilter_learnipaddr.c
b/src/nwfilter/nwfilter_learnipaddr.c
index 4cea9cf..ff73515 100644
--- a/src/nwfilter/nwfilter_learnipaddr.c
+++ b/src/nwfilter/nwfilter_learnipaddr.c
@@ -326,7 +326,7 @@ virNWFilterDeregisterLearnReq(int ifindex)
static void
procDHCPOpts(struct dhcp *dhcp, int dhcp_opts_len,
uint32_t *vmaddr, uint32_t *bcastaddr,
- enum howDetect *howDetected)
+ virHowDetect *howDetected)
{
struct dhcp_option *dhcpopt = &dhcp->options[0];
@@ -395,7 +395,7 @@ learnIPAddressThread(void *arg)
char *filter = NULL;
uint16_t etherType;
bool showError = true;
-enum howDetect howDetected = 0;
+
Re: [libvirt] [PATCHv3 22/26] util: storage: Add helper to determine whether storage is local
On 06/25/2014 10:55 AM, Peter Krempa wrote: > There's a lot of places where we skip doing actions based on the > locality of given storage type. The usual pattern is to skip it if: > > virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK > > Add a simple helper to simplify the pattern to > virStorageSourceIsLocalStorage(src) > --- > src/libvirt_private.syms | 1 + > src/util/virstoragefile.c | 7 +++ > src/util/virstoragefile.h | 1 + > 3 files changed, 9 insertions(+) ACK. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] broken api.xml file
On Wed, Jun 25, 2014 at 07:36:41PM -0600, Eric Blake wrote: > On 06/25/2014 02:46 PM, Eric Blake wrote: > > Nehal discovered by accident that our libvirt-api.xml file is broken, > > which in turn leads to broken python bindings. > > > > > fix the root cause. It's not my area of expertise, so I'd appreciate a > > hand in finding the problem spot, although I'm still trying to take a > > look. We'll probably need to backport the patch to stable branches, and > > any distro that has picked up broken definitions will want to respin > > python bindings. > > The fix turned out to be a one-liner: > https://www.redhat.com/archives/libvir-list/2014-June/msg01290.html Whoops, I guess it's my fault :-) Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veill...@redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 14/26] locking: Add APIs to lock individual image files
On 06/25/2014 10:54 AM, Peter Krempa wrote: > Add helper APIs to manage individual image files rather than disks. To > simplify the addition some parts of the code were refactored in this > patch. > --- > src/libvirt_private.syms | 2 ++ > src/locking/domain_lock.c | 65 > ++- > src/locking/domain_lock.h | 8 ++ > 3 files changed, 52 insertions(+), 23 deletions(-) > > +static int virDomainLockManagerAddImage(virLockManagerPtr lock, > +virStorageSourcePtr src) > > -if (disk->src->readonly) > +if (src->readonly) > diskFlags |= VIR_LOCK_MANAGER_RESOURCE_READONLY; > -if (disk->src->shared) > +if (src->shared) > diskFlags |= VIR_LOCK_MANAGER_RESOURCE_SHARED; Don't you also need to ensure that backing files in the chain are marked readonly regardless of the setting on the active layer? Oh, I see - on the lock manager, we are currently only ever locking the active image. Hmm, I wonder if this is actually correct in the presence of snapshots - are we leaving a file locked when it becomes the backing element of a new file due to an external snapshot? We may have pre-existing bugs (while I know I got SELinux and cgroup issues sorted out in my testing, I haven't personally played much with the lease manager at the same time as playing with snapshots). But as far as I can tell, this patch makes no semantic difference, so it is no worse than what we already had. Therefore, ACK -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Entering freeze for libvirt-1.2.6
As stated yesterday, we just entered freeze for libvirt-1.2.6, I have pushed a first release candidate tarball and signed rpms at the usual place: ftp://libvirt.org/libvirt/ I gave it a try and with my limited testing it looks okay, but please have a look and test. The goal is to make the release on Tues 1st if all goes well. Also of note I will likely move the libvirt.org server Monday morning (chinese time i.e. sunday for most), it should be quick, just that if you hit the old IP untim DNS propagates you may have the old server (I will block ssh access after the move on the old to avoid split pushes) Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veill...@redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 13/26] qemu: cgroup: Setup only the top level disk image for read-write access
On 06/25/2014 10:54 AM, Peter Krempa wrote: > Only the top level gets writes, so the rest of the backing chain > requires only read-only access. > --- > src/qemu/qemu_cgroup.c | 26 -- > 1 file changed, 20 insertions(+), 6 deletions(-) > ACK -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 12/26] qemu: cgroup: Add functions to set cgroup image stuff on individual imgs
On 06/25/2014 10:54 AM, Peter Krempa wrote: > Add functions that will allow to set all the required cgroup stuff on > individual images taking a virStorageSourcePtr. Also convert functions > designed to setup whole backing chain to take advantage of the chagne. s/chagne/change/ > --- > src/qemu/qemu_cgroup.c | 104 > - > src/qemu/qemu_cgroup.h | 3 ++ > 2 files changed, 55 insertions(+), 52 deletions(-) > > +int > +qemuSetImageCgroup(virDomainObjPtr vm, > + virStorageSourcePtr src, > + bool deny) Bikeshedding: I would have named it 'bool allow' and flipped the logic (that is, passing true to turn on the cgroup, false to turn it back off). What you have works, though, so I won't insist. ACK -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/6] Support for per-guest-node binding
On Wed, 2014-06-04 at 16:56 +0200, Martin Kletzander wrote: > Currently we are only able to bind the whole domain to some host nodes > using the /domain/numatune/memory element. Numerous requests were > made to support host<->guest numa node bindings, so this series tries > to pinch an idea on how to do that using /domain/numatune/memnode > elements. > > That is incompatible with automatic numa placement (numad) since that > makes no sense. Also this disables any live changes to numa > parameters (the /domain/numatune/memory settings) since we cannot > change the settings given to qemu. Hi Martin, Sorry for that I have not observed this patch. I made a duplicated work about this recently. and I found this patch has not been updated for several days, but since the QEMU have extra supported "memory-file" and some flags/properties, this patches should be refactored. Do you plan to send a new version ? If not, Can I take over them? Thanks, Chen > > Martin Kletzander (6): > conf, schema: add 'id' field for cells > conf, schema: add support for numatune memnode element > conf: add virDomainGetMemsForGuestCpu() > qemu: purely a code movement > qemu: memory-ram capability probing > qemu: pass numa node binding preferences to qemu > > docs/formatdomain.html.in | 26 ++- > docs/schemas/domaincommon.rng | 22 ++ > src/conf/cpu_conf.c| 39 +++- > src/conf/domain_conf.c | 259 > ++--- > src/conf/domain_conf.h | 4 + > src/libvirt_private.syms | 1 + > src/qemu/qemu_capabilities.c | 2 + > src/qemu/qemu_capabilities.h | 1 + > src/qemu/qemu_cgroup.c | 18 +- > src/qemu/qemu_command.c| 160 +++-- > src/qemu/qemu_command.h| 3 +- > src/qemu/qemu_domain.c | 23 +- > src/qemu/qemu_driver.c | 23 +- > src/qemu/qemu_process.c| 3 +- > src/util/virnuma.h | 14 +- > tests/qemuxml2argvdata/qemuxml2argv-cpu-numa1.xml | 6 +- > tests/qemuxml2argvdata/qemuxml2argv-cpu-numa2.xml | 6 +- > tests/qemuxml2argvdata/qemuxml2argv-cpu-numa3.xml | 25 ++ > .../qemuxml2argv-numatune-auto-prefer.xml | 29 +++ > .../qemuxml2argv-numatune-auto.args| 6 + > .../qemuxml2argv-numatune-auto.xml | 26 +++ > .../qemuxml2argv-numatune-memnode-nocpu.xml| 25 ++ > .../qemuxml2argv-numatune-memnodes-problematic.xml | 31 +++ > .../qemuxml2argv-numatune-memnodes.args| 8 + > .../qemuxml2argv-numatune-memnodes.xml | 31 +++ > .../qemuxml2argv-numatune-prefer.args | 6 + > .../qemuxml2argv-numatune-prefer.xml | 29 +++ > tests/qemuxml2argvtest.c | 51 ++-- > .../qemuxml2xmlout-cpu-numa1.xml | 28 +++ > .../qemuxml2xmlout-cpu-numa2.xml | 28 +++ > tests/qemuxml2xmltest.c| 4 + > tests/qemuxmlnstest.c | 2 +- > 32 files changed, 845 insertions(+), 94 deletions(-) > create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-numa3.xml > create mode 100644 > tests/qemuxml2argvdata/qemuxml2argv-numatune-auto-prefer.xml > create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-auto.args > create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-auto.xml > create mode 100644 > tests/qemuxml2argvdata/qemuxml2argv-numatune-memnode-nocpu.xml > create mode 100644 > tests/qemuxml2argvdata/qemuxml2argv-numatune-memnodes-problematic.xml > create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-memnodes.args > create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-memnodes.xml > create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-prefer.args > create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-prefer.xml > create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-cpu-numa1.xml > create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-cpu-numa2.xml > > -- > 2.0.0 > > -- > libvir-list mailing list > libvir-list@redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] broken api.xml file
On 06/25/2014 02:46 PM, Eric Blake wrote: > Nehal discovered by accident that our libvirt-api.xml file is broken, > which in turn leads to broken python bindings. > > fix the root cause. It's not my area of expertise, so I'd appreciate a > hand in finding the problem spot, although I'm still trying to take a > look. We'll probably need to backport the patch to stable branches, and > any distro that has picked up broken definitions will want to respin > python bindings. The fix turned out to be a one-liner: https://www.redhat.com/archives/libvir-list/2014-June/msg01290.html -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 11/26] util: cgroup: Add helper to convert device mode to string
On 06/25/2014 10:54 AM, Peter Krempa wrote: > Cgroups code uses VIR_CGROUP_DEVICE_* flags to specify the mode but in > the end it needs to be converted to a string. Add a helper to do it and > use it in the cgroup code before introducing it into the rest of the > code. > --- > src/libvirt_private.syms | 1 + > src/util/vircgroup.c | 62 > +++- > src/util/vircgroup.h | 2 ++ > 3 files changed, 49 insertions(+), 16 deletions(-) > ACK -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] domain conf: Fix whitespace around judgement operation when parsing 'managed' attribute.
On Wed, 2014-06-25 at 12:43 -0600, Eric Blake wrote:
> On 06/25/2014 02:45 AM, Chen Fan wrote:
>
> Long subject line. Please try to fit subjects in 60 characters or less
> (look at 'git shortlog -30' for a good example).
>
> > Signed-off-by: Chen Fan
> > ---
> > src/conf/domain_conf.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> ACK and pushed, after amending the commit message slightly.
>
Thanks,
Chen
> >
> > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> > index 02c394f..b7aa4f5 100644
> > --- a/src/conf/domain_conf.c
> > +++ b/src/conf/domain_conf.c
> > @@ -4261,7 +4261,7 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
> > * element that might be (pure hostdev, or higher level device
> > * (e.g. ) with type='hostdev')
> > */
> > -if ((managed = virXMLPropString(node, "managed"))!= NULL) {
> > +if ((managed = virXMLPropString(node, "managed")) != NULL) {
> > if (STREQ(managed, "yes"))
> > def->managed = true;
> > }
> >
>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH V2] libxl: detect support for save and restore
On 06/25/2014 06:09 PM, Jim Fehlig wrote: > libxl does not support save, restore, or migrate on all architectures, > notably ARM. Detect whether libxl supports these operations using > LIBXL_HAVE_NO_SUSPEND_RESUME. If not supported, drop advertisement of > . > > Found by Ian Campbell while improving Xen's OSSTEST infrastructure > > http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html > Signed-off-by: Jim Fehlig > --- > > Another option for > > https://www.redhat.com/archives/libvir-list/2014-June/msg01276.html > > With this one, we even avoid the distasteful double negative :). > > Compile-tested on x86 only at this point. The ARM build is still > slowly grinding away... > > src/libxl/libxl_conf.c | 4 > src/libxl/libxl_driver.c | 35 +++ > 2 files changed, 39 insertions(+) Looks better; thanks for putting up with me :) ACK if it passes your testing -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Xen-devel] [PATCH] libxl: detect support for save and restore
Eric Blake wrote:
> On 06/25/2014 12:13 PM, Jim Fehlig wrote:
>
>> libxl does not support save, restore, or migrate on all architectures,
>> notably ARM. Detect whether libxl supports these operations using
>> LIBXL_HAVE_NO_SUSPEND_RESUME. If not supported, drop advertisement of
>> .
>>
>> Found by Ian Campbell while improving Xen's OSSTEST infrastructure
>>
>> http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html
>> Signed-off-by: Jim Fehlig
>> ---
>>
>> Derived from a test patch I sent to Ian Campbell
>>
>> http://lists.xen.org/archives/html/xen-devel/2014-06/msg03150.html
>>
>> Includes fixups Ian provided later in the thread.
>>
>> src/libxl/libxl_conf.c | 4
>> src/libxl/libxl_driver.c | 8
>> 2 files changed, 12 insertions(+)
>>
>
>
>>
>> +#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
>>
>
> Double negative logic is hard to read. Oh well.
>
>
>
>>
>> static virDriver libxlDriver = {
>> @@ -4594,10 +4598,12 @@ static virDriver libxlDriver = {
>> .domainSetMemoryFlags = libxlDomainSetMemoryFlags, /* 0.9.0 */
>> .domainGetInfo = libxlDomainGetInfo, /* 0.9.0 */
>> .domainGetState = libxlDomainGetState, /* 0.9.2 */
>> +#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
>> .domainSave = libxlDomainSave, /* 0.9.2 */
>> .domainSaveFlags = libxlDomainSaveFlags, /* 0.9.4 */
>> .domainRestore = libxlDomainRestore, /* 0.9.2 */
>> .domainRestoreFlags = libxlDomainRestoreFlags, /* 0.9.4 */
>> +#endif
>>
>
> Hmm - do we do conditional registration in any other driver based on
> configure-time results? I'd almost rather always provide the driver
> registration, and then use #ifdefs in the body of that function to
> either provide a sane result or else report that the compilation
> environment was too old, rather than omit the support altogether.
I sent a V2 which takes your preferred approach
https://www.redhat.com/archives/libvir-list/2014-June/msg01305.html
> Maybe get Dan's opinion on this?
>
Ok. I lean towards V2 since it avoids the double negative.
Regards,
Jim
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH V2] libxl: detect support for save and restore
libxl does not support save, restore, or migrate on all architectures,
notably ARM. Detect whether libxl supports these operations using
LIBXL_HAVE_NO_SUSPEND_RESUME. If not supported, drop advertisement of
.
Found by Ian Campbell while improving Xen's OSSTEST infrastructure
http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html
Signed-off-by: Jim Fehlig
---
Another option for
https://www.redhat.com/archives/libvir-list/2014-June/msg01276.html
With this one, we even avoid the distasteful double negative :).
Compile-tested on x86 only at this point. The ARM build is still
slowly grinding away...
src/libxl/libxl_conf.c | 4
src/libxl/libxl_driver.c | 35 +++
2 files changed, 39 insertions(+)
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 4b6b5c0..8eeaf82 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1340,7 +1340,11 @@ libxlMakeCapabilities(libxl_ctx *ctx)
{
virCapsPtr caps;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+if ((caps = virCapabilitiesNew(virArchFromHost(), 0, 0)) == NULL)
+#else
if ((caps = virCapabilitiesNew(virArchFromHost(), 1, 1)) == NULL)
+#endif
return NULL;
if (libxlCapsInitHost(ctx, caps) < 0)
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 1ea99e2..646c9b9 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -1379,6 +1379,11 @@ libxlDomainSaveFlags(virDomainPtr dom, const char *to,
const char *dxml,
int ret = -1;
bool remove_dom = false;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+virReportUnsupportedError();
+return -1;
+#endif
+
virCheckFlags(0, -1);
if (dxml) {
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
@@ -1440,6 +1445,11 @@ libxlDomainRestoreFlags(virConnectPtr conn, const char
*from,
int fd = -1;
int ret = -1;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+virReportUnsupportedError();
+return -1;
+#endif
+
virCheckFlags(VIR_DOMAIN_SAVE_PAUSED, -1);
if (dxml) {
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
@@ -4351,6 +4361,11 @@ libxlDomainMigrateBegin3Params(virDomainPtr domain,
const char *xmlin = NULL;
virDomainObjPtr vm = NULL;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+virReportUnsupportedError();
+return NULL;
+#endif
+
virCheckFlags(LIBXL_MIGRATION_FLAGS, NULL);
if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) <
0)
return NULL;
@@ -4395,6 +4410,11 @@ libxlDomainMigratePrepare3Params(virConnectPtr dconn,
const char *dname = NULL;
const char *uri_in = NULL;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+virReportUnsupportedError();
+return -1;
+#endif
+
virCheckFlags(LIBXL_MIGRATION_FLAGS, -1);
if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) <
0)
goto error;
@@ -4445,6 +4465,11 @@ libxlDomainMigratePerform3Params(virDomainPtr dom,
const char *uri = NULL;
int ret = -1;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+virReportUnsupportedError();
+return -1;
+#endif
+
virCheckFlags(LIBXL_MIGRATION_FLAGS, -1);
if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) <
0)
goto cleanup;
@@ -4497,6 +4522,11 @@ libxlDomainMigrateFinish3Params(virConnectPtr dconn,
virDomainObjPtr vm = NULL;
const char *dname = NULL;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+virReportUnsupportedError();
+return NULL;
+#endif
+
virCheckFlags(LIBXL_MIGRATION_FLAGS, NULL);
if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) <
0)
return NULL;
@@ -4545,6 +4575,11 @@ libxlDomainMigrateConfirm3Params(virDomainPtr domain,
libxlDriverPrivatePtr driver = domain->conn->privateData;
virDomainObjPtr vm = NULL;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+virReportUnsupportedError();
+return -1;
+#endif
+
virCheckFlags(LIBXL_MIGRATION_FLAGS, -1);
if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) <
0)
return -1;
--
1.8.4.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: publish correct enum values
On 06/25/2014 03:09 PM, Eric Blake wrote: > We publish libvirt-api.xml for others to use, and in fact, the > libvirt-python bindings use it to generate enum values. However, > we had an off-by-one bug that any enum that relied on C's rules > for implicit initialization of the first enum member to 0 got > listed in the xml as having a value of 1 (and all later members > of the enum were equally botched). > > Affected are: > - virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW), > since libvirt TBD commit 9fbaff0 v1.2.3 > - virDomainEventGraphicsAddressType (such as > VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4), since libvirt TBD commit 987e31e v0.8.0 > - virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4), since libvirt TBD commit 03e0e79, not yet released > > The fix is simple - since we add one to the previous value when > encountering an enum without an initializer, the previous value > must start at -1 so that the first enum member is assigned 0. > > Thanks to Nehal J Wani for reporting the problem on IRC, and > for helping me zero in on the culprit function. > > * docs/apibuild.py (CParser.parseEnumBlock): Fix implicit enum > values. > > Signed-off-by: Eric Blake > --- > > I'm going to touch up the commit message before pushing, once I > do enough research on which versions of libvirt were impacted; > but I just got interrupted, so I'm posting this now to get the > review started. Research done. Bummer that our graphics event python bindings have been broken since 0.8.0 :( -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 10/26] util: storagefile: Add deep copy for struct virStorageSource
On 06/25/2014 10:54 AM, Peter Krempa wrote: > Now that we have pointers to store disk source information and thus can > easily exchange the structs behind we need a function to copy all the > data. > --- > src/libvirt_private.syms | 1 + > src/util/virstoragefile.c | 143 > ++ > src/util/virstoragefile.h | 3 + > 3 files changed, 147 insertions(+) > > + > + > +virStorageSourcePtr > +virStorageSourceCopy(const virStorageSource *src, > + bool backingChain) Might be worth a doc comment for this function as well, mentioning that driver metadata is not copied, and backingChain controls whether the copy is shallow or deep with regards to backing files. ACK -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 09/26] util: storagesource: Add helper to copy and free storage source seclabels
On 06/25/2014 10:54 AM, Peter Krempa wrote: > They will be reused to transfer disk labels from snapshotted disks to > the new disk definitions. > --- > src/libvirt_private.syms | 1 + > src/util/virstoragefile.c | 45 ++--- > src/util/virstoragefile.h | 3 +++ > 3 files changed, 42 insertions(+), 7 deletions(-) > > +++ b/src/util/virstoragefile.c > @@ -1515,6 +1515,31 @@ > virStorageSourceGetSecurityLabelDef(virStorageSourcePtr src, > } > > > +int > +virStorageSourceSeclabelsCopy(virStorageSourcePtr to, > + const virStorageSource *from) Worth a doc comment, particularly mentioning that this version replaces any existing labels in 'to' (there are other feasible semantics, such as erroring out if there are existing labels in 'to', so adding docs makes it obvious what semantics you chose without making me have to read the code). ACK once you add that. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/2] Add support for reporting failure on incompatible CPUs
On Wed, Jun 25, 2014 at 14:34:42 +0200, Jiri Denemark wrote: > When CPU virConnectCompareCPU returns VIR_CPU_COMPARE_INCOMPATIBLE, the > caller has no clue why the CPU is considered incompatible with host CPU. > And in some cases, it would be nice to be able to get such info in a > client rather than having to look in logs. > > Jiri Denemark (2): > cpuCompare*: Add support for reporting failure on incompatible CPUs > virConnectCompareCPU: Introduce FAIL_INCOMPATIBLE flag I updated the virsh man page as requested by Peter, amended virConnectCompareCPU docs as suggested by Eric and pushed this series. Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [python PATCH] Implement new virNetworkGetDHCPLeases{ForMAC} APIs
These APIs return a list of dhcp leases for all network interfaces connected
to the given virtual network or limited output just for one interface if mac
is specified.
Example Output:
[{'iface': 'virbr3', 'ipaddr': '192.168.150.181', 'hostname': 'ubuntu14',
'expirytime': 1403737495L, 'prefix': 24, 'clientid': None,
'mac': '52:54:00:e8:73:eb', 'iaid': None, 'type': 0},
{'iface': 'virbr3', 'ipaddr': '2001:db8:ca2:2:1::bd', 'hostname':
'fedora20-test',
'expirytime': 1403738587L, 'prefix': 64, 'clientid':
'00:04:b1:d8:86:42:e1:6a:aa:cf:d5:86:94:23:6f:94:04:cd',
'mac': '52:54:00:5b:40:98', 'iaid': '5980312', 'type': 1}]
---
examples/README | 1 +
examples/dhcpleases.py | 53 +++
generator.py | 5 ++
libvirt-override-api.xml | 14
libvirt-override.c | 166 +++
sanitytest.py| 6 ++
6 files changed, 245 insertions(+)
create mode 100755 examples/dhcpleases.py
diff --git a/examples/README b/examples/README
index f4db76c..5b5d405 100644
--- a/examples/README
+++ b/examples/README
@@ -10,6 +10,7 @@ domsave.py - save all running domU's into a directory
domrestore.py - restore domU's from their saved files in a directory
esxlist.py - list active domains of an VMware ESX host and print some info.
also demonstrates how to use the libvirt.openAuth() method
+dhcpleases.py - list dhcp leases for a given virtual network
The XML files in this directory are examples of the XML format that libvirt
expects, and will have to be adapted for your setup. They are only needed
diff --git a/examples/dhcpleases.py b/examples/dhcpleases.py
new file mode 100755
index 000..c172dc2
--- /dev/null
+++ b/examples/dhcpleases.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python
+# netdhcpleases - print leases info for given virtual network
+
+import libvirt
+import sys
+import time
+
+def usage():
+print "Usage: %s [URI] NETWORK" % sys.argv[0]
+print "Print leases info for a given virtual network"
+
+uri = None
+network = None
+args = len(sys.argv)
+
+if args == 2:
+network = sys.argv[1]
+elif args == 3:
+uri = sys.argv[1]
+network = sys.argv[2]
+else:
+usage()
+sys.exit(2)
+
+conn = libvirt.open(uri)
+if conn == None:
+print "Unable to open connection to libvirt"
+sys.exit(1)
+
+try:
+net = conn.networkLookupByName(network)
+except libvirt.libvirtError:
+print "Network %s not found" % network
+sys.exit(0)
+
+leases = net.DHCPLeases();
+if (leases == None):
+print "Failed to get leases for %s" % net.name()
+sys.exit(0)
+
+def toIPAddrType(addrType):
+if addrType == libvirt.VIR_IP_ADDR_TYPE_IPV4:
+return "ipv4"
+elif addrType == libvirt.VIR_IP_ADDR_TYPE_IPV6:
+return "ipv6"
+
+print " {0:20} {1:18} {2:9} {3:25} {4:15} {5}".format("Expiry Time", "MAC
address", "Protocol", "IP address", "Hostname", "Client ID or DUID")
+print "-"*115
+
+for lease in leases:
+print " {0:20}".format(time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(lease['expirytime']))),
+print "{0:18} {1:9}".format(lease['mac'], toIPAddrType(lease['type'])),
+print "{0:<25} {1:15} {2}".format("{}/{}".format(lease['ipaddr'],
lease['prefix']), lease['hostname'], lease['clientid'])
diff --git a/generator.py b/generator.py
index 03027c6..a053022 100755
--- a/generator.py
+++ b/generator.py
@@ -463,6 +463,8 @@ skip_impl = (
'virDomainMigrateToURI3',
'virConnectGetCPUModelNames',
'virNodeGetFreePages',
+'virNetworkGetDHCPLeases',
+'virNetworkGetDHCPLeasesForMAC',
)
lxc_skip_impl = (
@@ -568,6 +570,8 @@ skip_function = (
"virTypedParamsGetString",
"virTypedParamsGetUInt",
"virTypedParamsGetULLong",
+
+'virNetworkDHCPLeaseFree', # only useful in C, python code uses list
)
lxc_skip_function = (
@@ -1115,6 +1119,7 @@ def nameFixup(name, classe, type, file):
elif name[0:13] == "virNetworkGet":
func = name[13:]
func = func[0:1].lower() + func[1:]
+func = func.replace("dHCP", "DHCP")
elif name[0:10] == "virNetwork":
func = name[10:]
func = func[0:1].lower() + func[1:]
diff --git a/libvirt-override-api.xml b/libvirt-override-api.xml
index bbf0ab1..a1d7c03 100644
--- a/libvirt-override-api.xml
+++ b/libvirt-override-api.xml
@@ -633,5 +633,19 @@
+
+ Returns a list of dhcp leases for interfaces connected to the
given virtual network
+
+
+
+
+
+ Returns a list of dhcp leases for a particular interface
+(specified by mac) connected to the given virtual network
+
+
+
+
+
diff --git a/libvirt-override.c b/libvirt-override.c
index 40aefcc..b345b21 100644
--- a/libvirt-override.c
+++ b/libvirt-override.c
@@ -7866,6 +7866,170 @@ libvirt_virNodeGetFreePages(PyObject *self
ATTRIBUTE_UNUSED,
VIR_FREE(counts);
return py_retval;
}
+
+static
Re: [libvirt] [PATCH] cpu: Cleanup coding style in generic CPU driver
On Wed, Jun 25, 2014 at 14:21:18 +0200, Peter Krempa wrote: > On 06/25/14 14:15, Jiri Denemark wrote: > > Signed-off-by: Jiri Denemark > > --- > > src/cpu/cpu_generic.c | 19 --- > > 1 file changed, 8 insertions(+), 11 deletions(-) > > > > ACK, Thanks, pushed. Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] virsh: Remove bogus stat on log file
On Wed, Jun 25, 2014 at 14:25:27 +0200, Peter Krempa wrote: > On 06/25/14 14:14, Jiri Denemark wrote: > > Let's just open the file right away and deal with errors. Moreover, > > there's no reason to forbid logging to, e.g., a pipe. > > > > Signed-off-by: Jiri Denemark > > --- > > tools/virsh.c | 20 > > 1 file changed, 20 deletions(-) > > > > ACK, Pushed, thanks. Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Remove redundant docs from libvirt.h
On Wed, Jun 25, 2014 at 14:19:19 +0200, Peter Krempa wrote: > On 06/25/14 14:15, Jiri Denemark wrote: > > Only types and macros are documented in libvirt.h, APIs are documented > > in the *.c file they are implemented in. > > > > Signed-off-by: Jiri Denemark > > --- > > include/libvirt/libvirt.h.in | 24 > > 1 file changed, 24 deletions(-) > > ACK Pushed, thanks. Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 08/26] storage: Move readonly and shared flags to disk source from disk def
On 06/25/2014 10:54 AM, Peter Krempa wrote:
> In the future we might need to track state of individual images. Move
> the readonly and shared flags to the virStorageSource struct so that we
> can keep them in a per-image basis.
> ---
My immediate reaction is that all backing files are generally readonly,
so when would we ever label them differently? Then again, we
temporarily mark files readwrite during commit.
For shared, this move makes total sense. (Shared is a host-only concept
- the file is read-only but must not be relabeled by libvirt because it
may be shared by other domains). And for how we are using readonly
(label the host image differently than if it were read-write), it also
seems to make sense. If we implemented reference-counted storage source
objects, the difference between shared and readonly is whether a second
reference can be obtained on a file already in use.
One thing is sitting a little uneasy on my mind - do we have (or need,
or want) a way to affect guest ABI by the readonly designation? That
is, does it ever make sense to advertise to the guest that a disk is
readonly (maybe if presenting the guest a virtual DVD drive, the guest
will act differently if it is emulated as a DVD-ROM vs. if it is
emulated as a DVD-RW that can be burned)? And if so, I could see a case
where we might want an image to be marked readonly to the guest
perspective, regardless of whether the host files are labeled for
readonly use.
But I've spend some time thinking about it, and can't come up with any
cases where having a readonly disk (guest point of view) would still
require a readwrite image from the host; and that tracking whether the
guest disk is readonly by deferring to whether the host source is
readonly seems to be reliable.
I also don't know if we will ever want to update our live
xml to expose whether backing chain elements are temporarily using a
read-write label, even though they default to readonly; or even letting
the user choose between vs. for backing chain
elements. This patch opens up some possibilities to think about for
future changes.
Okay, for all my ramblings above, I still can't articulate a firm reason
why this might be a bad idea, so I can live with it going in.
> src/conf/domain_conf.c | 18 ++
> src/conf/domain_conf.h | 2 --
> src/libxl/libxl_conf.c | 2 +-
> src/locking/domain_lock.c | 4 ++--
> src/lxc/lxc_cgroup.c| 2 +-
> src/lxc/lxc_controller.c| 2 +-
> src/lxc/lxc_driver.c| 2 +-
> src/qemu/qemu_cgroup.c | 4 ++--
> src/qemu/qemu_command.c | 14 +++---
> src/qemu/qemu_conf.c| 4 ++--
> src/qemu/qemu_driver.c | 8
> src/qemu/qemu_migration.c | 16 ++--
> src/security/security_dac.c | 2 +-
> src/security/security_selinux.c | 6 +++---
> src/security/virt-aa-helper.c | 2 +-
> src/util/virstoragefile.h | 6 ++
> src/vbox/vbox_tmpl.c| 30 +++---
> src/xenxs/xen_sxpr.c| 10 +-
> src/xenxs/xen_xm.c | 10 +-
> 19 files changed, 77 insertions(+), 67 deletions(-)
>
> +++ b/src/conf/domain_conf.c
> @@ -5549,9 +5549,9 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
> goto error;
> }
> } else if (xmlStrEqual(cur->name, BAD_CAST "readonly")) {
> -def->readonly = true;
> +def->src->readonly = true;
> } else if (xmlStrEqual(cur->name, BAD_CAST "shareable")) {
> -def->shared = true;
> +def->src->shared = true;
> } else if (xmlStrEqual(cur->name, BAD_CAST "transient")) {
> def->transient = true;
Note that transient remains a per-guest disk item, not a per-host image
item.
> @@ -13390,7 +13390,8 @@ virDomainDiskDefCheckABIStability(virDomainDiskDefPtr
> src,
> return false;
> }
>
> -if (src->readonly != dst->readonly || src->shared != dst->shared) {
> +if (src->src->readonly != dst->src->readonly ||
> +src->src->shared != dst->src->shared) {
> virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> _("Target disk access mode does not match source"));
You know, I think this ABI check is overly strict - a guest can't tell
the difference between whether a host image is or
(the only difference between those two exclusive flags is whether other
domains may use the file at the same time). But if we relax it, it
should be a separate patch.
ACK.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 07/26] security: nop: Avoid very long lines
On 06/25/2014 10:54 AM, Peter Krempa wrote: > The function headers contain type on the same line as the name. When > combined with usage of ATTRIBUTE_UNUSED, the function headers were very > long. Shorten them by breaking the line after the type. > --- > src/security/security_nop.c | 147 > ++-- > 1 file changed, 87 insertions(+), 60 deletions(-) ACK. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 06/26] security: Fix header formatting of a few functions
On 06/25/2014 10:54 AM, Peter Krempa wrote: > Some of the functions in the storage driver had their headers formatted > incorrectly. > --- > src/security/security_driver.h | 6 +++--- > src/security/security_manager.h | 9 - > src/security/security_stack.c | 4 ++-- > 3 files changed, 9 insertions(+), 10 deletions(-) ACK. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 05/26] security: manager: Document behavior of disk label manipulation funcs
On 06/25/2014 10:54 AM, Peter Krempa wrote: > virSecurityManagerSetDiskLabel and virSecurityManagerRestoreDiskLabel > don't have complementary semantics. Document the semantics to avoid > possible problems. > --- > src/security/security_manager.c | 22 ++ > 1 file changed, 22 insertions(+) > > diff --git a/src/security/security_manager.c b/src/security/security_manager.c > index bb12e8e..06e5123 100644 > --- a/src/security/security_manager.c > +++ b/src/security/security_manager.c > @@ -331,6 +331,17 @@ > virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr) > } > > > +/** > + * virSecurityManagerRestoreDiskLabel: > + * @mgr: security manager object > + * @vm: domain definition object > + * @disk: disk definition to operate on > + * > + * Removes security label from the source image of the disk. Note that this > + * function doesn't restore labels on backing chain elements of @disk. which probably ought to be considered a bug, and something that we might change in the future - but accurate documentation of what it does now. Restoring labels on backing chains is tricky - we need to start keeping a reference count of all places that are using a backing file (as it can be in use by more than one chain, even by more than one domain), and really the label restore ought to be part of releasing the last use of a storage volume after all domains are done sharing the same backing file. The disk lease manager may be helpful, as backing files are shared (readonly) leases. ACK. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 04/26] security: manager: Unify function header format
On 06/25/2014 10:54 AM, Peter Krempa wrote: > --- > src/security/security_manager.c | 248 > +--- > 1 file changed, 157 insertions(+), 91 deletions(-) > ACK -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 03/26] security: manager: Avoid forward decl of virSecurityManagerDispose
On 06/25/2014 10:54 AM, Peter Krempa wrote: > --- > src/security/security_manager.c | 21 +++-- > 1 file changed, 11 insertions(+), 10 deletions(-) > ACK. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] docs: publish correct enum values
We publish libvirt-api.xml for others to use, and in fact, the
libvirt-python bindings use it to generate enum values. However,
we had an off-by-one bug that any enum that relied on C's rules
for implicit initialization of the first enum member to 0 got
listed in the xml as having a value of 1 (and all later members
of the enum were equally botched).
Affected are:
- virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW),
since libvirt TBD
- virDomainEventGraphicsAddressType (such as
VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4), since libvirt TBD
- virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4), since libvirt TBD
The fix is simple - since we add one to the previous value when
encountering an enum without an initializer, the previous value
must start at -1 so that the first enum member is assigned 0.
Thanks to Nehal J Wani for reporting the problem on IRC, and
for helping me zero in on the culprit function.
* docs/apibuild.py (CParser.parseEnumBlock): Fix implicit enum
values.
Signed-off-by: Eric Blake
---
I'm going to touch up the commit message before pushing, once I
do enough research on which versions of libvirt were impacted;
but I just got interrupted, so I'm posting this now to get the
review started.
docs/apibuild.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/apibuild.py b/docs/apibuild.py
index 5250c5a..30e224d 100755
--- a/docs/apibuild.py
+++ b/docs/apibuild.py
@@ -1312,7 +1312,7 @@ class CParser:
name = None
self.comment = None
comment = ""
-value = "0"
+value = "-1"
while token is not None:
if token[0] == "sep" and token[1] == "{":
token = self.token()
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] broken api.xml file
Nehal discovered by accident that our libvirt-api.xml file is broken,
which in turn leads to broken python bindings.
Right now, if you look at docs/libvirt-api.xml, you'll find:
but if you look at the libvirt.h.in file, you see:
typedef enum {
VIR_IP_ADDR_TYPE_IPV4,
VIR_IP_ADDR_TYPE_IPV6,
which, by C rules, means that the enum is value 0, not 1. We need to
fix whatever in libvirt is generating the api.xml file, because that in
turn is leading to incorrect code in the python bindings.
We could, of course, work around the bug by adding explicit
'VIR_IP_ADDR_TYPE_IPV4 = 0,' in our libvirt.h.in file, but I'd rather
fix the root cause. It's not my area of expertise, so I'd appreciate a
hand in finding the problem spot, although I'm still trying to take a
look. We'll probably need to backport the patch to stable branches, and
any distro that has picked up broken definitions will want to respin
python bindings. In a quick audit, I found three impacted enums:
virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW)
virDomainEventGraphicsAddressType (such as
VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4)
virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4)
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 02/26] security: Rename virSecurityManagerRestoreImageLabel to *Disk*
On 06/25/2014 10:54 AM, Peter Krempa wrote: > I'm going to add functions that will deal with individual image files > rather than whole disks. Rename the security function to make room for > the new one. > --- > src/libvirt_private.syms | 2 +- > src/qemu/qemu_driver.c | 4 ++-- > src/qemu/qemu_hotplug.c | 24 > src/security/security_apparmor.c | 8 > src/security/security_dac.c | 8 > src/security/security_driver.h | 8 > src/security/security_manager.c | 10 +- > src/security/security_manager.h | 6 +++--- > src/security/security_nop.c | 8 > src/security/security_selinux.c | 8 > src/security/security_stack.c| 10 +- > 11 files changed, 48 insertions(+), 48 deletions(-) ACK. Mechanical. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] libxl: detect support for save and restore
On Wed, 2014-06-25 at 13:10 -0600, Eric Blake wrote:
> On 06/25/2014 12:13 PM, Jim Fehlig wrote:
> > libxl does not support save, restore, or migrate on all architectures,
> > notably ARM. Detect whether libxl supports these operations using
> > LIBXL_HAVE_NO_SUSPEND_RESUME. If not supported, drop advertisement of
> > .
> >
> > Found by Ian Campbell while improving Xen's OSSTEST infrastructure
> >
> > http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html
> > Signed-off-by: Jim Fehlig
> > ---
> >
> > Derived from a test patch I sent to Ian Campbell
> >
> > http://lists.xen.org/archives/html/xen-devel/2014-06/msg03150.html
> >
> > Includes fixups Ian provided later in the thread.
I think it looks identical to that combination, in which case you can
add my Tested-by: Ian Campbell if you want.
> >
> > src/libxl/libxl_conf.c | 4
> > src/libxl/libxl_driver.c | 8
> > 2 files changed, 12 insertions(+)
>
> >
> > +#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
>
> Double negative logic is hard to read. Oh well.
libxl didn't initially supply a #define (because it only supported x86
which always did migration) and when ARM came along we could only add
something to new versions since obviously we can't change already
released stuff, so it had to be this way, sadly.
> > static virDriver libxlDriver = {
> > @@ -4594,10 +4598,12 @@ static virDriver libxlDriver = {
> > .domainSetMemoryFlags = libxlDomainSetMemoryFlags, /* 0.9.0 */
> > .domainGetInfo = libxlDomainGetInfo, /* 0.9.0 */
> > .domainGetState = libxlDomainGetState, /* 0.9.2 */
> > +#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
> > .domainSave = libxlDomainSave, /* 0.9.2 */
> > .domainSaveFlags = libxlDomainSaveFlags, /* 0.9.4 */
> > .domainRestore = libxlDomainRestore, /* 0.9.2 */
> > .domainRestoreFlags = libxlDomainRestoreFlags, /* 0.9.4 */
> > +#endif
>
> Hmm - do we do conditional registration in any other driver based on
> configure-time results? I'd almost rather always provide the driver
> registration, and then use #ifdefs in the body of that function to
> either provide a sane result or else report that the compilation
> environment was too old, rather than omit the support altogether. Maybe
> get Dan's opinion on this?
>From the Xen test harness' point of view we'd like virsh capabilities to
be accurate, FWIW.
Ian.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv5 18/19] qemu: Add support for networked disks for block commit
On 06/25/2014 12:13 PM, Adam Litke wrote: > On 25/06/14 10:27 -0600, Eric Blake wrote: >> On 06/19/2014 07:59 AM, Peter Krempa wrote: >>> Now that we are able to select images from the backing chain via indexed >>> access we should also convert possible network sources to >>> qemu-compatible strings before passing them to qemu. >> >> Eventually, we'll want to use qemu's node-name functionality, also being >> added (but possibly in qemu 2.2 instead of 2.1, depends on how Jeff's >> series goes). But for the simpler case of all files being local or all >> files being network from the same pool (that is, no mixed-mode chains), >> then this does appear to work at getting a decent name into qemu, at >> which point qemu can indeed commit to the right target. >> >> Wait - the earlier patches said that relative names would be preserved >> if possible, implying that an absolute name would still be used if a >> relative name was not possible. But this errors out if a relative name >> was not possible. Which is nicer to the end user, treating the flag as >> advisory or mandatory? I'm hoping Adam can answer which he'd prefer, as >> one of the first clients of this new feature. > > Thanks Eric. If the flag was specified we need it to fail if a > relative backing path is not possible. Otherwise the backing chain > could be rewritten such that the VM can not be started on a different > host in the future. For us, not honoring the flag is a corruption. > Okay, let's go with mandatory semantics on the respin of this series. If the flag is present, we fail unless we were able to write a relative name into the affected file (which implies that using the flag while the chain already had absolute names is a guaranteed failure). > For those applications that don't mind (or might handle abs paths > differently than relative ones, they could retry the operation without > the flag. Perhaps we'll want a specific error code for this scenario > to make it easy to handle? I wouldn't bother with a special error code unless someone specifically asks for it in their use case. We can always add it later, if needed. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] libxl: detect support for save and restore
On 06/25/2014 12:13 PM, Jim Fehlig wrote:
> libxl does not support save, restore, or migrate on all architectures,
> notably ARM. Detect whether libxl supports these operations using
> LIBXL_HAVE_NO_SUSPEND_RESUME. If not supported, drop advertisement of
> .
>
> Found by Ian Campbell while improving Xen's OSSTEST infrastructure
>
> http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html
> Signed-off-by: Jim Fehlig
> ---
>
> Derived from a test patch I sent to Ian Campbell
>
> http://lists.xen.org/archives/html/xen-devel/2014-06/msg03150.html
>
> Includes fixups Ian provided later in the thread.
>
> src/libxl/libxl_conf.c | 4
> src/libxl/libxl_driver.c | 8
> 2 files changed, 12 insertions(+)
>
> +#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
Double negative logic is hard to read. Oh well.
>
> static virDriver libxlDriver = {
> @@ -4594,10 +4598,12 @@ static virDriver libxlDriver = {
> .domainSetMemoryFlags = libxlDomainSetMemoryFlags, /* 0.9.0 */
> .domainGetInfo = libxlDomainGetInfo, /* 0.9.0 */
> .domainGetState = libxlDomainGetState, /* 0.9.2 */
> +#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
> .domainSave = libxlDomainSave, /* 0.9.2 */
> .domainSaveFlags = libxlDomainSaveFlags, /* 0.9.4 */
> .domainRestore = libxlDomainRestore, /* 0.9.2 */
> .domainRestoreFlags = libxlDomainRestoreFlags, /* 0.9.4 */
> +#endif
Hmm - do we do conditional registration in any other driver based on
configure-time results? I'd almost rather always provide the driver
registration, and then use #ifdefs in the body of that function to
either provide a sane result or else report that the compilation
environment was too old, rather than omit the support altogether. Maybe
get Dan's opinion on this?
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 01/26] utils: s/virStorageSourceClearBackingStore/virStorageSourceBackingStoreClear
On 06/25/2014 10:54 AM, Peter Krempa wrote: > Rename them to comply with the naming policy. > --- > src/libvirt_private.syms | 2 +- > src/qemu/qemu_domain.c| 2 +- > src/qemu/qemu_driver.c| 2 +- > src/util/virstoragefile.c | 6 +++--- > src/util/virstoragefile.h | 2 +- > 5 files changed, 7 insertions(+), 7 deletions(-) ACK. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] virConnectCompareCPU: Introduce FAIL_INCOMPATIBLE flag
On 06/25/2014 06:34 AM, Jiri Denemark wrote: > The new VIR_CONNECT_COMPARE_CPU_FAIL_INCOMPATIBLE flag for > virConnectCompareCPU can be used to get an error > (VIR_ERR_CPU_INCOMPATIBLE) describing the incompatibility instead of the > usual VIR_CPU_COMPARE_INCOMPATIBLE return code. > > Signed-off-by: Jiri Denemark > --- > * > - * Returns comparison result according to enum virCPUCompareResult > + * Returns comparison result according to enum virCPUCompareResult. If > + * VIR_CONNECT_COMPARE_CPU_FAIL_INCOMPATIBLE is used and @xmlDesc CPU is > + * incompatible with host CPU, this function will return > VIR_CPU_COMPARE_ERROR > + * (instead of VIR_CPU_COMPARE_INCOMPATIBLE) and the error will use > + * VIR_ERR_CPU_INCOMPATIBLE code the error message will provide more details > + * about the incompatibility. Reads better if you change the tail to: the error will use the VIR_ERR_CPU_INCOMPATIBLE code with a message providing more details about the incompatibility -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] cpu: Add new Broadwell CPU model
On 06/25/2014 06:41 AM, Jiri Denemark wrote: > Signed-off-by: Jiri Denemark > --- > > Notes: > The corresponding patch [1] for QEMU is not usptream yet but nobody > seems to be complaining about that model. And chances are the patch gets > in before QEMU enters hard freeze for 2.1. So please review this patch > but I won't push it until the model gets pushed to QEMU. We seem to be piling up a number of these gated patches :) > > [1] https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg04025.html > > src/cpu/cpu_map.xml | 8 > 1 file changed, 8 insertions(+) > ACK. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/5] conf: Introduce viremulator_capabilities
On 06/25/2014 12:42 AM, Michal Privoznik wrote: > On 24.06.2014 21:34, Eric Blake wrote: >> On 06/24/2014 03:39 AM, Daniel P. Berrange wrote: >> We also have a subelement of in the XML which is used for a similar thing although it doesn't support a per-machine-type output, only per-binary capabilities. Should we add this more granular approach and abandon the old one? >>> >>> Yes, we should stop adding stuff related to the guest to the main >>> XML since it doesn't scale. >> >> Oh phooey - I just proposed yet another feature there: >> https://www.redhat.com/archives/libvir-list/2014-June/msg01097.html >> >> I'd like to turn on a witness for active commit support in the same >> release as we turn on the qemu implementation (and I'm hoping it still >> makes libvirt 1.2.6 - we haven't frozen yet, but it's near the end of >> the month, and we're still waiting on some patches to make it into >> qemu.git). If is not the right place, then where should I >> advertise it? >> > > I'm working on another version, but I'm not sure if I'll prepare patches > prior to freeze. How critical is the active commit? I mean, can it wait > a while (with possibility of slipping upcoming release)? Well, active commit implementation is also stalled waiting on qemu; although the API has been pushed already. I'm still playing it by ear for a couple more days, even if it means some of my patches go in (possibly with tweaks) after we freeze. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] domain conf: Fix whitespace around judgement operation when parsing 'managed' attribute.
On 06/25/2014 02:45 AM, Chen Fan wrote:
Long subject line. Please try to fit subjects in 60 characters or less
(look at 'git shortlog -30' for a good example).
> Signed-off-by: Chen Fan
> ---
> src/conf/domain_conf.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
ACK and pushed, after amending the commit message slightly.
>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 02c394f..b7aa4f5 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -4261,7 +4261,7 @@ virDomainHostdevDefParseXMLSubsys(xmlNodePtr node,
> * element that might be (pure hostdev, or higher level device
> * (e.g. ) with type='hostdev')
> */
> -if ((managed = virXMLPropString(node, "managed"))!= NULL) {
> +if ((managed = virXMLPropString(node, "managed")) != NULL) {
> if (STREQ(managed, "yes"))
> def->managed = true;
> }
>
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Xen-devel] [PATCH RFC OSSTEST 7/9] Toolstack: Abstract away migration support check.
Ian Campbell wrote: > On Wed, 2014-06-25 at 09:25 -0600, Jim Fehlig wrote: > >> With the fixup, does this work for you? Is omitted >> from the capabilities? >> > > Yes, it is omitted. On ARM: > > # virsh capabilities > > > > > armv7l > > > > > > 4186112 > > > > > > > > > > > > > xen > > 32 > /usr/lib/xen/bin/qemu-dm > xenpv > > > > > > > Cool. I've squashed in your changes and sent a "v2" (forgot to note that with --subject-prefix). Regards, Jim -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv5 19/19] qemu: Add support for networked disks for block pull/block rebase
On 25/06/14 10:34 -0600, Eric Blake wrote:
On 06/19/2014 07:59 AM, Peter Krempa wrote:
Now that we are able to select images from the backing chain via indexed
access we should also convert possible network sources to
qemu-compatible strings before passing them to qemu.
---
src/qemu/qemu_driver.c | 45 +
1 file changed, 41 insertions(+), 4 deletions(-)
Same caveats as in 18/19 about not necessarily working in mixed-source
chains (for that, we'd need to use node-names); but as it is definitely
more powerful than what libvirt previously supported, it's still worth
including under the incremental improvement umbrella.
@@ -15040,6 +15042,13 @@ qemuDomainBlockJobImpl(virDomainObjPtr vm,
goto cleanup;
}
+if (flags & VIR_DOMAIN_BLOCK_REBASE_RELATIVE && !base) {
+virReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("flag VIR_DOMAIN_BLOCK_REBASE_RELATIVE is valid only "
+ " with non-null base "));
Trailing space in the error message. This treats relative name with no
base as a hard error, which is okay but should be documented.
+
+if (!backingPath) {
+virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("Can't keep relative backing relationship."));
No trailing '.'. Once again, back to the question of whether it is
nicer for the flag to be advisory (best effort to use relative, but
absolute fallback is okay) or mandatory (fail if the request cannot be
honored).
At this point, I'm leaning towards mandatory (it's easier to relax
mandatory to advisory later than it is to give advisory now and tighten
it up later; and I like to know if my explicit request cannot be
honored). But the documentation needs to match what we choose, and it
would help to have Adam's insight as a client of this flag.
See response to 18... Mandatory is our strict requirement.
--
Adam Litke
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv5 18/19] qemu: Add support for networked disks for block commit
On 25/06/14 10:27 -0600, Eric Blake wrote:
On 06/19/2014 07:59 AM, Peter Krempa wrote:
Now that we are able to select images from the backing chain via indexed
access we should also convert possible network sources to
qemu-compatible strings before passing them to qemu.
Eventually, we'll want to use qemu's node-name functionality, also being
added (but possibly in qemu 2.2 instead of 2.1, depends on how Jeff's
series goes). But for the simpler case of all files being local or all
files being network from the same pool (that is, no mixed-mode chains),
then this does appear to work at getting a decent name into qemu, at
which point qemu can indeed commit to the right target.
---
src/qemu/qemu_driver.c | 39 ++-
1 file changed, 34 insertions(+), 5 deletions(-)
+
+if (flags & VIR_DOMAIN_BLOCK_COMMIT_RELATIVE &&
+topSource != disk->src) {
So you are silently ignoring the flag if topSource is the active layer?
That's okay, but reflect it in the documentation earlier in the series.
+if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_CHANGE_BACKING_FILE)) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("this qemu doesn't support relative blockpull"));
+goto endjob;
+}
+
+if (virStorageFileGetRelativeBackingPath(topSource, baseSource,
+ &backingPath) < 0)
+goto endjob;
+
+if (!backingPath) {
+virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("Can't keep relative backing relationship."));
No '.' at end of the message.
Wait - the earlier patches said that relative names would be preserved
if possible, implying that an absolute name would still be used if a
relative name was not possible. But this errors out if a relative name
was not possible. Which is nicer to the end user, treating the flag as
advisory or mandatory? I'm hoping Adam can answer which he'd prefer, as
one of the first clients of this new feature.
Thanks Eric. If the flag was specified we need it to fail if a
relative backing path is not possible. Otherwise the backing chain
could be rewritten such that the VM can not be started on a different
host in the future. For us, not honoring the flag is a corruption.
For those applications that don't mind (or might handle abs paths
differently than relative ones, they could retry the operation without
the flag. Perhaps we'll want a specific error code for this scenario
to make it easy to handle?
--
Adam Litke
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] libxl: detect support for save and restore
libxl does not support save, restore, or migrate on all architectures,
notably ARM. Detect whether libxl supports these operations using
LIBXL_HAVE_NO_SUSPEND_RESUME. If not supported, drop advertisement of
.
Found by Ian Campbell while improving Xen's OSSTEST infrastructure
http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html
Signed-off-by: Jim Fehlig
---
Derived from a test patch I sent to Ian Campbell
http://lists.xen.org/archives/html/xen-devel/2014-06/msg03150.html
Includes fixups Ian provided later in the thread.
src/libxl/libxl_conf.c | 4
src/libxl/libxl_driver.c | 8
2 files changed, 12 insertions(+)
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 4b6b5c0..8eeaf82 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1340,7 +1340,11 @@ libxlMakeCapabilities(libxl_ctx *ctx)
{
virCapsPtr caps;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+if ((caps = virCapabilitiesNew(virArchFromHost(), 0, 0)) == NULL)
+#else
if ((caps = virCapabilitiesNew(virArchFromHost(), 1, 1)) == NULL)
+#endif
return NULL;
if (libxlCapsInitHost(ctx, caps) < 0)
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 1ea99e2..ac440d2 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -1370,6 +1370,7 @@ libxlDoDomainSave(libxlDriverPrivatePtr driver,
virDomainObjPtr vm,
return ret;
}
+#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
static int
libxlDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml,
unsigned int flags)
@@ -1488,6 +1489,7 @@ libxlDomainRestore(virConnectPtr conn, const char *from)
{
return libxlDomainRestoreFlags(conn, from, NULL, 0);
}
+#endif /* ifndef LIBXL_HAVE_NO_SUSPEND_RESUME */
static int
libxlDomainCoreDump(virDomainPtr dom, const char *to, unsigned int flags)
@@ -4340,6 +4342,7 @@ libxlNodeDeviceReset(virNodeDevicePtr dev)
return ret;
}
+#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
static char *
libxlDomainMigrateBegin3Params(virDomainPtr domain,
virTypedParameterPtr params,
@@ -4559,6 +4562,7 @@ libxlDomainMigrateConfirm3Params(virDomainPtr domain,
return libxlDomainMigrationConfirm(driver, vm, flags, cancelled);
}
+#endif /* ifndef LIBXL_HAVE_NO_SUSPEND_RESUME */
static virDriver libxlDriver = {
@@ -4594,10 +4598,12 @@ static virDriver libxlDriver = {
.domainSetMemoryFlags = libxlDomainSetMemoryFlags, /* 0.9.0 */
.domainGetInfo = libxlDomainGetInfo, /* 0.9.0 */
.domainGetState = libxlDomainGetState, /* 0.9.2 */
+#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
.domainSave = libxlDomainSave, /* 0.9.2 */
.domainSaveFlags = libxlDomainSaveFlags, /* 0.9.4 */
.domainRestore = libxlDomainRestore, /* 0.9.2 */
.domainRestoreFlags = libxlDomainRestoreFlags, /* 0.9.4 */
+#endif
.domainCoreDump = libxlDomainCoreDump, /* 0.9.2 */
.domainSetVcpus = libxlDomainSetVcpus, /* 0.9.0 */
.domainSetVcpusFlags = libxlDomainSetVcpusFlags, /* 0.9.0 */
@@ -4650,11 +4656,13 @@ static virDriver libxlDriver = {
.nodeDeviceDetachFlags = libxlNodeDeviceDetachFlags, /* 1.2.3 */
.nodeDeviceReAttach = libxlNodeDeviceReAttach, /* 1.2.3 */
.nodeDeviceReset = libxlNodeDeviceReset, /* 1.2.3 */
+#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
.domainMigrateBegin3Params = libxlDomainMigrateBegin3Params, /* 1.2.6 */
.domainMigratePrepare3Params = libxlDomainMigratePrepare3Params, /* 1.2.6
*/
.domainMigratePerform3Params = libxlDomainMigratePerform3Params, /* 1.2.6
*/
.domainMigrateFinish3Params = libxlDomainMigrateFinish3Params, /* 1.2.6 */
.domainMigrateConfirm3Params = libxlDomainMigrateConfirm3Params, /* 1.2.6
*/
+#endif
};
static virStateDriver libxlStateDriver = {
--
1.8.4.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 0/2] virtio serial address allocation
Ján Tomko (2): Add test for virtio serial port assignment Implement virtio serial address allocation src/conf/domain_addr.c | 426 + src/conf/domain_addr.h | 49 +++ src/conf/domain_conf.c | 30 -- src/libvirt_private.syms | 9 + src/qemu/qemu_command.c| 61 +++ src/qemu/qemu_domain.c | 1 + src/qemu/qemu_domain.h | 1 + src/qemu/qemu_hotplug.c| 31 +- tests/qemuhotplugtest.c| 2 +- .../qemuxml2argv-channel-virtio-auto.args | 8 +- .../qemuxml2argv-channel-virtio-autoassign.args| 20 + .../qemuxml2argv-channel-virtio-autoassign.xml | 50 +++ tests/qemuxml2argvtest.c | 2 + .../qemuxml2xmlout-channel-virtio-auto.xml | 10 +- 14 files changed, 658 insertions(+), 42 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-autoassign.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-autoassign.xml -- 1.8.5.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/2] Add test for virtio serial port assignment
Add a test to demonstrate the effect of the next patch.
---
.../qemuxml2argv-channel-virtio-autoassign.args| 20 +
.../qemuxml2argv-channel-virtio-autoassign.xml | 50 ++
tests/qemuxml2argvtest.c | 2 +
3 files changed, 72 insertions(+)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-autoassign.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-autoassign.xml
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-autoassign.args
b/tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-autoassign.args
new file mode 100644
index 000..d64a228
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-autoassign.args
@@ -0,0 +1,20 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
+/usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults \
+-chardev socket,id=charmonitor,path=/tmp/test-monitor,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=readline -no-acpi -boot c \
+-device virtio-serial-pci,id=virtio-serial0,max_ports=4,vectors=4,bus=pci.0\
+,addr=0x3 -device virtio-serial-pci,id=virtio-serial1,bus=pci.0,addr=0xa \
+-usb -hda /dev/HostVG/QEMUGuest1 \
+-chardev pty,id=charchannel0 -device virtserialport,bus=virtio-serial0.0,nr=1,\
+chardev=charchannel0,id=channel0,name=org.linux-kvm.port.0 \
+-chardev pty,id=charchannel1 -device virtserialport,bus=virtio-serial0.0,nr=2,\
+chardev=charchannel1,id=channel1,name=org.linux-kvm.port.foo \
+-chardev pty,id=charchannel2 -device virtserialport,bus=virtio-serial0.0,nr=1,\
+chardev=charchannel2,id=channel2,name=org.linux-kvm.port.bar \
+-chardev pty,id=charchannel3 -device virtserialport,bus=virtio-serial0.2,nr=1,\
+chardev=charchannel3,id=channel3,name=org.linux-kvm.port.wizz \
+-chardev pty,id=charchannel4 -device virtserialport,bus=virtio-serial0.0,nr=3,\
+chardev=charchannel4,id=channel4,name=org.linux-kvm.port.ooh \
+-chardev pty,id=charchannel5 -device virtserialport,bus=virtio-serial0.0,nr=4,\
+chardev=charchannel5,id=channel5,name=org.linux-kvm.port.lla \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-autoassign.xml
b/tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-autoassign.xml
new file mode 100644
index 000..ac0744e
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-autoassign.xml
@@ -0,0 +1,50 @@
+
+ QEMUGuest1
+ c7a5fdbd-edaf-9455-926a-d65c16db1809
+ 219100
+ 219100
+ 1
+
+hvm
+
+
+
+ destroy
+ restart
+ destroy
+
+/usr/bin/qemu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 4288d7c..3f2b284 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1012,6 +1012,8 @@ mymain(void)
QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG);
DO_TEST("channel-virtio-auto",
QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG);
+DO_TEST("channel-virtio-autoassign",
+QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG);
DO_TEST("console-virtio",
QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG);
DO_TEST("console-virtio-many",
--
1.8.5.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [RFC PATCH 2/2] Implement virtio serial address allocation
Over-engineered to allow non-contiguous indexes.
Free ports of a controller are stored in a virBitmap.
These bitmaps are stored in a hash table, indexed by
the controller index formatted as a string.
Buses are ignored for now, QEMU doesn't seem
to support anything else than .0
For virtconsoles, addresses are reserved silently,
since we don't put those in the XML, but they occupy
virtio-serial ports.
Missing:
auto-adding controllers when all ports are occupied
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=890606
Paritally fixes https://bugzilla.redhat.com/show_bug.cgi?id=1076708
---
RFC, since it hashes the string of an integer.
src/conf/domain_addr.c | 426 +
src/conf/domain_addr.h | 49 +++
src/conf/domain_conf.c | 30 --
src/libvirt_private.syms | 9 +
src/qemu/qemu_command.c| 61 +++
src/qemu/qemu_domain.c | 1 +
src/qemu/qemu_domain.h | 1 +
src/qemu/qemu_hotplug.c| 31 +-
tests/qemuhotplugtest.c| 2 +-
.../qemuxml2argv-channel-virtio-auto.args | 8 +-
.../qemuxml2argv-channel-virtio-autoassign.args| 10 +-
.../qemuxml2xmlout-channel-virtio-auto.xml | 10 +-
12 files changed, 591 insertions(+), 47 deletions(-)
diff --git a/src/conf/domain_addr.c b/src/conf/domain_addr.c
index fb4a76f..c1c442a 100644
--- a/src/conf/domain_addr.c
+++ b/src/conf/domain_addr.c
@@ -718,3 +718,429 @@ virDomainCCWAddressSetCreate(void)
virDomainCCWAddressSetFree(addrs);
return NULL;
}
+
+
+static void
+virDomainVirtioSerialAddrHashValueFree(void *value,
+ const void *name ATTRIBUTE_UNUSED)
+{
+virBitmapPtr map = value;
+
+virBitmapFree(map);
+}
+
+/* virDomainVirtioSerialAddrSetCreate
+ *
+ * Allocates an address set for virtio serial addresses
+ */
+virDomainVirtioSerialAddrSetPtr
+virDomainVirtioSerialAddrSetCreate(void)
+{
+virDomainVirtioSerialAddrSetPtr ret = NULL;
+
+if (VIR_ALLOC(ret) < 0)
+goto error;
+
+if (!(ret->used = virHashCreate(9,
virDomainVirtioSerialAddrHashValueFree)))
+goto error;
+
+return ret;
+
+ error:
+virDomainVirtioSerialAddrSetFree(ret);
+return NULL;
+}
+
+/* virDomainVirtioSerialAddrSetAddController
+ *
+ * Adds virtio serial ports of the existing controllers
+ * to the address set.
+ */
+int
+virDomainVirtioSerialAddrSetAddController(virDomainVirtioSerialAddrSetPtr
addrs,
+ virDomainControllerDefPtr cont)
+{
+virBitmapPtr map = NULL;
+char *str = NULL;
+int ret = -1;
+int ports;
+
+if (cont->type != VIR_DOMAIN_CONTROLLER_TYPE_VIRTIO_SERIAL)
+return 0;
+
+ports = cont->opts.vioserial.ports;
+if (ports == -1)
+ports = 31;
+
+VIR_DEBUG("Adding virtio serial controller index %u with %d"
+ " ports to the address set", cont->idx, ports);
+
+if (!(map = virBitmapNew(ports)))
+goto cleanup;
+
+/* port 0 is reserved for virtconsoles only */
+if (virBitmapSetBit(map, 0) < 0) {
+virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Failed to reserve virtio serial port 0"));
+goto cleanup;
+}
+
+if (virAsprintf(&str, "%u", cont->idx) < 0)
+goto cleanup;
+
+if (virHashLookup(addrs->used, str)) {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("virtio serial controller with index %u "
+ " is already in the address set"), cont->idx);
+goto cleanup;
+}
+if (virHashAddEntry(addrs->used, str, map) < 0)
+goto cleanup;
+map = NULL;
+
+if (!addrs->nextInit) {
+addrs->next.controller = cont->idx;
+addrs->nextInit = true;
+}
+
+ret = 0;
+
+ cleanup:
+VIR_FREE(str);
+virBitmapFree(map);
+return ret;
+}
+
+/* virDomainVirtioSerialAddrSetAddControllers
+ *
+ * Adds virtio serial ports of the existing controllers
+ * to the address set.
+ */
+int
+virDomainVirtioSerialAddrSetAddControllers(virDomainVirtioSerialAddrSetPtr
addrs,
+ virDomainDefPtr def)
+{
+size_t i;
+
+for (i = 0; i < def->ncontrollers; i++) {
+if (virDomainVirtioSerialAddrSetAddController(addrs,
+ def->controllers[i]) < 0)
+return -1;
+}
+
+return 0;
+}
+
+/* virDomainVirtioSerialAddrSetRemoveController
+ *
+ * Removes a virtio serial controller from the address set.
+ * Useful for cleaning up after a failed hotunplug.
+ */
+int
+virDomainVirtioSerialAddrSetRemoveController(virDomainVirtioSerialAddrSetPtr
addrs,
+ virDomainControllerDefPtr cont)
+{
+char *str = NULL;
+int ret
Re: [libvirt] securityselinuxlabeltest test fails on v1.2.5
On 06/25/2014 11:08 AM, Scott Sullivan wrote: > I am trying to build v1.2.5-maint, however I have one test failing > causing the build to fail: > > > TEST: securityselinuxlabeltest > !!!. 4 FAIL > Can you rerun this to give more details on the failure: make -C tests check TESTS=securityselinuxlabeltest VIR_TEST_DEBUG=1 > > Is anyone else having this problem? Im building on CentOS 6.5. Im happy > to provide any further information as needed. It's passing for me on my RHEL 6.5 box from libvirt.git master branch, so I'm not sure what is different between our environments. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [python PATCH] maint: document development against uninstalled libvirt
On 06/25/2014 10:59 AM, Peter Krempa wrote: > On 06/25/14 18:53, Eric Blake wrote: >> Thanks to Dan's recent work in libvirt.git, it is much easier to >> develop against uninstalled libvirt. Mention how. >> >> * README: More details. >> >> Signed-off-by: Eric Blake >> --- >> README | 15 +++ >> 1 file changed, 15 insertions(+) >> > > ACK, Thanks; pushed. FYI: I'm also using this (but considered it hackish enough to not publish as a formal patch): $ echo /GNUmakefile >> .git/info/exclude $ cat GNUmakefile # My hidden wrapper to preset things that I like... include Makefile export LD_LIBRARY_PATH=/home/eblake/libvirt/src/.libs/ export PKG_CONFIG_PATH=/home/eblake/libvirt/src/ $ Now all I have to do is run 'python setup.py build' to build against installed libvirt, vs. 'make' to build against development libvirt, at least for my machine. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] securityselinuxlabeltest test fails on v1.2.5
I am trying to build v1.2.5-maint, however I have one test failing causing the build to fail: TEST: securityselinuxlabeltest !!!. 4 FAIL PASS: virsh-undefine === 1 of 112 tests failed Please report to libvir-list@redhat.com === make[2]: *** [check-TESTS] Error 1 make[2]: Leaving directory `/home/rpmbuild/packages/libvirt/tests' make[1]: *** [check-am] Error 2 make[1]: Leaving directory `/home/rpmbuild/packages/libvirt/tests' make: *** [check-recursive] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.UGNUaq (%build) Is anyone else having this problem? Im building on CentOS 6.5. Im happy to provide any further information as needed. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH V4] enhance hostdev mode 'capabilities' process
On 25.6.2014 08:45, Jincheng Miao wrote:
> Currently, only LXC has hostdev mode 'capabilities' support,
> so the other drivers should forbid to define it in XML.
> The hostdev mode check is added to devicesPostParseCallback()
> for each hypervisor driver.
>
> But there are some drivers lack function devicesPostParseCallback(),
> so only add check for qemu, libxl, openvz, uml, xen, xenapi.
>
> Signed-off-by: Jincheng Miao
> ---
> src/libxl/libxl_domain.c |9 +
> src/openvz/openvz_driver.c | 10 ++
> src/qemu/qemu_domain.c | 10 ++
> src/uml/uml_driver.c | 10 ++
> src/xen/xen_driver.c | 10 ++
> src/xenapi/xenapi_driver.c | 10 ++
> 6 files changed, 59 insertions(+), 0 deletions(-)
>
> diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
> index 73242ac..3bcbd3d 100644
> --- a/src/libxl/libxl_domain.c
> +++ b/src/libxl/libxl_domain.c
> @@ -485,6 +485,15 @@ libxlDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
> if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
> virDomainHostdevDefPtr hostdev = dev->data.hostdev;
>
> +/* forbid capabilities mode hostdev in this kind of hypervisor */
> +if (hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES) {
> +virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> + _("hostdev mode 'capabilities' mode is not "
> + "supported in %s"),
> + virDomainVirtTypeToString(def->virtType));
I've fixed the error message with s/mode is not/is not/ and pushed it.
Thanks, Pavel.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [python PATCH] maint: document development against uninstalled libvirt
On 06/25/14 18:53, Eric Blake wrote: > Thanks to Dan's recent work in libvirt.git, it is much easier to > develop against uninstalled libvirt. Mention how. > > * README: More details. > > Signed-off-by: Eric Blake > --- > README | 15 +++ > 1 file changed, 15 insertions(+) > ACK, Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 25/26] qemu: blockcopy: Use the mirror disk source to label the files
Use the source struct and the corresponding function so that we can
avoid using the path separately. Now that
qemuDomainPrepareDiskChainElementPath isn't use anywhere, we can safely
remove it.
Additionally, the removal fixes a misaligned comment as the removed
function was added under a comment for a different function.
---
src/qemu/qemu_driver.c | 31 ++-
1 file changed, 6 insertions(+), 25 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 4546862..66752f1 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -12117,25 +12117,6 @@ qemuDomainPrepareDiskChainElement(virQEMUDriverPtr
driver,
* is sent but failed, and number of frozen filesystems on success. If -2 is
* returned, FSThaw should be called revert the quiesced status. */
static int
-qemuDomainPrepareDiskChainElementPath(virQEMUDriverPtr driver,
- virDomainObjPtr vm,
- virDomainDiskDefPtr disk,
- const char *file,
- qemuDomainDiskChainMode mode)
-{
-virStorageSource src;
-
-memset(&src, 0, sizeof(src));
-
-src.type = VIR_STORAGE_TYPE_FILE;
-src.format = VIR_STORAGE_FILE_RAW;
-src.path = (char *) file; /* casting away const is safe here */
-
-return qemuDomainPrepareDiskChainElement(driver, vm, disk, &src, mode);
-}
-
-
-static int
qemuDomainSnapshotFSFreeze(virQEMUDriverPtr driver,
virDomainObjPtr vm,
const char **mountpoints,
@@ -15374,10 +15355,10 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
if (VIR_STRDUP(mirror->path, dest) < 0)
goto endjob;
-if (qemuDomainPrepareDiskChainElementPath(driver, vm, disk, dest,
- VIR_DISK_CHAIN_READ_WRITE) < 0) {
-qemuDomainPrepareDiskChainElementPath(driver, vm, disk, dest,
- VIR_DISK_CHAIN_NO_ACCESS);
+if (qemuDomainPrepareDiskChainElement(driver, vm, disk, mirror,
+ VIR_DISK_CHAIN_READ_WRITE) < 0) {
+qemuDomainPrepareDiskChainElement(driver, vm, disk, mirror,
+ VIR_DISK_CHAIN_NO_ACCESS);
goto endjob;
}
@@ -15388,8 +15369,8 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
virDomainAuditDisk(vm, NULL, dest, "mirror", ret >= 0);
qemuDomainObjExitMonitor(driver, vm);
if (ret < 0) {
-qemuDomainPrepareDiskChainElementPath(driver, vm, disk, dest,
- VIR_DISK_CHAIN_NO_ACCESS);
+qemuDomainPrepareDiskChainElement(driver, vm, disk, mirror,
+ VIR_DISK_CHAIN_NO_ACCESS);
goto endjob;
}
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 20/26] security: AppArmor: Implement per-image seclabel restore
Refactor the existing code to allow re-using it for the per-image label
restore too.
---
src/security/security_apparmor.c | 18 ++
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index b4cbc61..72d1e16 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -684,16 +684,24 @@ AppArmorClearSecuritySocketLabel(virSecurityManagerPtr
mgr ATTRIBUTE_UNUSED,
/* Called when hotplugging */
static int
-AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk)
+AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virStorageSourcePtr src)
{
-if (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_NETWORK)
+if (virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK)
return 0;
return reload_profile(mgr, def, NULL, false);
}
+static int
+AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainDiskDefPtr disk)
+{
+return AppArmorRestoreSecurityImageLabel(mgr, def, disk->src);
+}
+
/* Called when hotplugging */
static int
AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr,
@@ -975,6 +983,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
.domainSetSecurityDiskLabel = AppArmorSetSecurityDiskLabel,
.domainRestoreSecurityDiskLabel = AppArmorRestoreSecurityDiskLabel,
+.domainRestoreSecurityImageLabel= AppArmorRestoreSecurityImageLabel,
+
.domainSetSecurityDaemonSocketLabel = AppArmorSetSecurityDaemonSocketLabel,
.domainSetSecuritySocketLabel = AppArmorSetSecuritySocketLabel,
.domainClearSecuritySocketLabel = AppArmorClearSecuritySocketLabel,
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 24/26] util: storage: Return complete parent info from virStorageFileChainLookup
Instead of just returning the parent path, return the complete parent
source structure.
---
src/qemu/qemu_driver.c| 16 -
src/util/virstoragefile.c | 17 --
src/util/virstoragefile.h | 2 +-
tests/virstoragetest.c| 86 ++-
4 files changed, 56 insertions(+), 65 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 552e595..4546862 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -15488,7 +15488,7 @@ qemuDomainBlockCommit(virDomainPtr dom,
unsigned int topIndex = 0;
virStorageSourcePtr baseSource;
unsigned int baseIndex = 0;
-const char *top_parent = NULL;
+virStorageSourcePtr top_parent = NULL;
bool clean_access = false;
/* XXX Add support for COMMIT_ACTIVE, COMMIT_DELETE */
@@ -15596,10 +15596,9 @@ qemuDomainBlockCommit(virDomainPtr dom,
clean_access = true;
if (qemuDomainPrepareDiskChainElement(driver, vm, disk, baseSource,
VIR_DISK_CHAIN_READ_WRITE) < 0 ||
-(top_parent && top_parent != disk->src->path &&
- qemuDomainPrepareDiskChainElementPath(driver, vm, disk,
- top_parent,
- VIR_DISK_CHAIN_READ_WRITE) < 0))
+(top_parent != disk->src &&
+ qemuDomainPrepareDiskChainElement(driver, vm, disk, top_parent,
+ VIR_DISK_CHAIN_READ_WRITE) < 0))
goto endjob;
/* Start the commit operation. Pass the user's original spelling,
@@ -15619,10 +15618,9 @@ qemuDomainBlockCommit(virDomainPtr dom,
/* Revert access to read-only, if possible. */
qemuDomainPrepareDiskChainElement(driver, vm, disk, baseSource,
VIR_DISK_CHAIN_READ_ONLY);
-if (top_parent && top_parent != disk->src->path)
-qemuDomainPrepareDiskChainElementPath(driver, vm, disk,
- top_parent,
- VIR_DISK_CHAIN_READ_ONLY);
+if (top_parent != disk->src)
+qemuDomainPrepareDiskChainElement(driver, vm, disk, top_parent,
+ VIR_DISK_CHAIN_READ_ONLY);
}
if (!qemuDomainObjEndJob(driver, vm))
vm = NULL;
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index e154f92..9a7f997 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -1337,17 +1337,16 @@ virStorageFileChainLookup(virStorageSourcePtr chain,
virStorageSourcePtr startFrom,
const char *name,
unsigned int idx,
- const char **parent)
+ virStorageSourcePtr *parent)
{
-virStorageSourcePtr prev = NULL;
+virStorageSourcePtr prev;
const char *start = chain->path;
-const char *tmp;
char *parentDir = NULL;
bool nameIsFile = virStorageIsFile(name);
size_t i = 0;
if (!parent)
-parent = &tmp;
+parent = &prev;
*parent = NULL;
if (startFrom) {
@@ -1355,7 +1354,7 @@ virStorageFileChainLookup(virStorageSourcePtr chain,
chain = chain->backingStore;
i++;
}
-*parent = startFrom->path;
+*parent = startFrom;
}
while (chain) {
@@ -1372,8 +1371,8 @@ virStorageFileChainLookup(virStorageSourcePtr chain,
break;
if (nameIsFile && virStorageSourceIsLocalStorage(chain)) {
-if (prev && virStorageSourceIsLocalStorage(prev))
-parentDir = mdir_name(prev->path);
+if (*parent && virStorageSourceIsLocalStorage(*parent))
+parentDir = mdir_name((*parent)->path);
else
ignore_value(VIR_STRDUP(parentDir, "."));
@@ -1382,7 +1381,6 @@ virStorageFileChainLookup(virStorageSourcePtr chain,
goto error;
}
-
int result = virFileRelLinkPointsTo(parentDir, name,
chain->path);
@@ -1395,8 +1393,7 @@ virStorageFileChainLookup(virStorageSourcePtr chain,
break;
}
}
-*parent = chain->path;
-prev = chain;
+*parent = chain;
chain = chain->backingStore;
i++;
}
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index ee85ca5..6cbcd6b 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -297,7 +297,7 @@ virStorageSourcePtr
virStorageFileChainLookup(virStorageSourcePtr chain,
virStorageSourcePtr startFrom,
const char *name,
unsigned int idx,
-
[libvirt] [PATCHv3 21/26] security: AppArmor: Implement per-image seclabel set
Refactor the code and reuse it to implement the functionality.
---
src/security/security_apparmor.c | 38 +++---
1 file changed, 23 insertions(+), 15 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 72d1e16..fb41c5a 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -704,41 +704,40 @@ AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr
mgr,
/* Called when hotplugging */
static int
-AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def, virDomainDiskDefPtr disk)
+AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virStorageSourcePtr src)
{
int rc = -1;
char *profile_name = NULL;
-virSecurityLabelDefPtr secdef =
-virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME);
+virSecurityLabelDefPtr secdef;
-if (!secdef)
+if (!src->path ||
+virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK)
+return 0;
+
+if (!(secdef = virDomainDefGetSecurityLabelDef(def,
SECURITY_APPARMOR_NAME)))
return -1;
if (secdef->norelabel)
return 0;
-if (!virDomainDiskGetSource(disk) ||
-virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_NETWORK)
-return 0;
-
if (secdef->imagelabel) {
/* if the device doesn't exist, error out */
-if (!virFileExists(virDomainDiskGetSource(disk))) {
+if (!virFileExists(src->path)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("\'%s\' does not exist"),
- virDomainDiskGetSource(disk));
-return rc;
+ src->path);
+return -1;
}
if ((profile_name = get_profile_name(def)) == NULL)
-return rc;
+return -1;
/* update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
if (load_profile(mgr, secdef->imagelabel, def,
- virDomainDiskGetSource(disk),
- false) < 0) {
+ src->path, false) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
@@ -756,6 +755,14 @@ AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr,
}
static int
+AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainDiskDefPtr disk)
+{
+return AppArmorSetSecurityImageLabel(mgr, def, disk->src);
+}
+
+static int
AppArmorSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def)
{
@@ -983,6 +990,7 @@ virSecurityDriver virAppArmorSecurityDriver = {
.domainSetSecurityDiskLabel = AppArmorSetSecurityDiskLabel,
.domainRestoreSecurityDiskLabel = AppArmorRestoreSecurityDiskLabel,
+.domainSetSecurityImageLabel= AppArmorSetSecurityImageLabel,
.domainRestoreSecurityImageLabel= AppArmorRestoreSecurityImageLabel,
.domainSetSecurityDaemonSocketLabel = AppArmorSetSecurityDaemonSocketLabel,
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 15/26] security: Introduce APIs to label single images
Add security driver functions to label separate storage images using the
virStorageSource definition. This will help to avoid the need to do ugly
changes to the disk struct and use the source directly.
---
src/libvirt_private.syms| 2 ++
src/security/security_driver.h | 10
src/security/security_manager.c | 56 +
src/security/security_manager.h | 7 ++
src/security/security_nop.c | 19 ++
src/security/security_stack.c | 38
6 files changed, 132 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 78d6e3c..98595e1 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -915,6 +915,7 @@ virSecurityManagerReserveLabel;
virSecurityManagerRestoreAllLabel;
virSecurityManagerRestoreDiskLabel;
virSecurityManagerRestoreHostdevLabel;
+virSecurityManagerRestoreImageLabel;
virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerSetAllLabel;
virSecurityManagerSetChildProcessLabel;
@@ -923,6 +924,7 @@ virSecurityManagerSetDiskLabel;
virSecurityManagerSetHostdevLabel;
virSecurityManagerSetHugepages;
virSecurityManagerSetImageFDLabel;
+virSecurityManagerSetImageLabel;
virSecurityManagerSetProcessLabel;
virSecurityManagerSetSavedStateLabel;
virSecurityManagerSetSocketLabel;
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 062dc8f..f0dca09 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -112,6 +112,13 @@ typedef char *(*virSecurityDomainGetMountOptions)
(virSecurityManagerPtr mgr,
typedef int (*virSecurityDomainSetHugepages) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
+typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virStorageSourcePtr src);
+typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virStorageSourcePtr src);
+
struct _virSecurityDriver {
size_t privateDataLen;
@@ -130,6 +137,9 @@ struct _virSecurityDriver {
virSecurityDomainSetDiskLabel domainSetSecurityDiskLabel;
virSecurityDomainRestoreDiskLabel domainRestoreSecurityDiskLabel;
+virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
+virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
+
virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 06e5123..16bec5c 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -360,6 +360,34 @@ virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr
mgr,
}
+/**
+ * virSecurityManagerRestoreImageLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @src: disk source definition to operate on
+ *
+ * Removes security label from a single storage image.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virStorageSourcePtr src)
+{
+if (mgr->drv->domainRestoreSecurityImageLabel) {
+int ret;
+virObjectLock(mgr);
+ret = mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src);
+virObjectUnlock(mgr);
+return ret;
+}
+
+virReportUnsupportedError();
+return -1;
+}
+
+
int
virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
@@ -440,6 +468,34 @@ virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr,
}
+/**
+ * virSecurityManagerSetImageLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @src: disk source definition to operate on
+ *
+ * Labels a single storage image with the configured security label.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
+virDomainDefPtr vm,
+virStorageSourcePtr src)
+{
+if (mgr->drv->domainSetSecurityImageLabel) {
+int ret;
+virObjectLock(mgr);
+ret = mgr->drv->domainSetSecurityImageLabel(mgr, vm, src);
+virObjectUnlock(mgr);
+return ret;
+}
+
+virReportUnsupportedError();
+return -1;
+}
+
+
int
virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr v
[libvirt] [PATCHv3 07/26] security: nop: Avoid very long lines
The function headers contain type on the same line as the name. When
combined with usage of ATTRIBUTE_UNUSED, the function headers were very
long. Shorten them by breaking the line after the type.
---
src/security/security_nop.c | 147 ++--
1 file changed, 87 insertions(+), 60 deletions(-)
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index ac9ceae..b57bf05 100644
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -25,160 +25,187 @@
#define VIR_FROM_THIS VIR_FROM_SECURITY
-static virSecurityDriverStatus virSecurityDriverProbeNop(const char
*virtDriver ATTRIBUTE_UNUSED)
+static virSecurityDriverStatus
+virSecurityDriverProbeNop(const char *virtDriver ATTRIBUTE_UNUSED)
{
return SECURITY_DRIVER_ENABLE;
}
-static int virSecurityDriverOpenNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+static int
+virSecurityDriverOpenNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
return 0;
}
-static int virSecurityDriverCloseNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED)
+static int
+virSecurityDriverCloseNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
return 0;
}
-static const char * virSecurityDriverGetModelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED)
+static const char *
+virSecurityDriverGetModelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
return "none";
}
-static const char * virSecurityDriverGetDOINop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED)
+static const char *
+virSecurityDriverGetDOINop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
return "0";
}
-static int virSecurityDomainRestoreDiskLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
-virDomainDefPtr vm
ATTRIBUTE_UNUSED,
-virDomainDiskDefPtr disk
ATTRIBUTE_UNUSED)
+static int
+virSecurityDomainRestoreDiskLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
+ virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
return 0;
}
-static int virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
-virDomainDefPtr vm
ATTRIBUTE_UNUSED)
+static int
+virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
-static int virSecurityDomainSetSocketLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
- virDomainDefPtr vm
ATTRIBUTE_UNUSED)
+static int
+virSecurityDomainSetSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
-static int virSecurityDomainClearSocketLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
-virDomainDefPtr vm
ATTRIBUTE_UNUSED)
+static int
+virSecurityDomainClearSocketLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
return 0;
}
-static int virSecurityDomainSetDiskLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
-virDomainDefPtr vm
ATTRIBUTE_UNUSED,
-virDomainDiskDefPtr disk
ATTRIBUTE_UNUSED)
+static int
+virSecurityDomainSetDiskLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
+ virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
return 0;
}
-static int virSecurityDomainRestoreHostdevLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
- virDomainDefPtr vm
ATTRIBUTE_UNUSED,
- virDomainHostdevDefPtr dev
ATTRIBUTE_UNUSED,
- const char *vroot
ATTRIBUTE_UNUSED)
+static int
+virSecurityDomainRestoreHostdevLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
+virDomainDefPtr vm ATTRIBUTE_UNUSED,
+virDomainHostdevDefPtr dev
ATTRIBUTE_UNUSED,
+const char *vroot ATTRIBUTE_UNUSED)
{
return 0;
}
-static int virSecurityDomainSetHostdevLabelNop(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
- virDomainDefPtr vm
ATTRIBUTE_UNUSED,
- virDomainHostdevDefPtr dev
ATTRIBUTE_UNUSED,
- const char *vroot
ATTRIBUTE_UNUSED)
+static int
+virSecurityDomainSetHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+
[libvirt] [PATCHv3 14/26] locking: Add APIs to lock individual image files
Add helper APIs to manage individual image files rather than disks. To
simplify the addition some parts of the code were refactored in this
patch.
---
src/libvirt_private.syms | 2 ++
src/locking/domain_lock.c | 65 ++-
src/locking/domain_lock.h | 8 ++
3 files changed, 52 insertions(+), 23 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 99e9d52..78d6e3c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -853,6 +853,8 @@ virRegisterStorageDriver;
# locking/domain_lock.h
virDomainLockDiskAttach;
virDomainLockDiskDetach;
+virDomainLockImageAttach;
+virDomainLockImageDetach;
virDomainLockLeaseAttach;
virDomainLockLeaseDetach;
virDomainLockProcessInquire;
diff --git a/src/locking/domain_lock.c b/src/locking/domain_lock.c
index 78acaa6..d7b681e 100644
--- a/src/locking/domain_lock.c
+++ b/src/locking/domain_lock.c
@@ -68,14 +68,13 @@ static int virDomainLockManagerAddLease(virLockManagerPtr
lock,
}
-static int virDomainLockManagerAddDisk(virLockManagerPtr lock,
- virDomainDiskDefPtr disk)
+static int virDomainLockManagerAddImage(virLockManagerPtr lock,
+virStorageSourcePtr src)
{
unsigned int diskFlags = 0;
-const char *src = virDomainDiskGetSource(disk);
-int type = virDomainDiskGetType(disk);
+int type = virStorageSourceGetActualType(src);
-if (!src)
+if (!src->path)
return 0;
if (!(type == VIR_STORAGE_TYPE_BLOCK ||
@@ -83,24 +82,25 @@ static int virDomainLockManagerAddDisk(virLockManagerPtr
lock,
type == VIR_STORAGE_TYPE_DIR))
return 0;
-if (disk->src->readonly)
+if (src->readonly)
diskFlags |= VIR_LOCK_MANAGER_RESOURCE_READONLY;
-if (disk->src->shared)
+if (src->shared)
diskFlags |= VIR_LOCK_MANAGER_RESOURCE_SHARED;
-VIR_DEBUG("Add disk %s", src);
+VIR_DEBUG("Add disk %s", src->path);
if (virLockManagerAddResource(lock,
VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK,
- src,
+ src->path,
0,
NULL,
diskFlags) < 0) {
-VIR_DEBUG("Failed add disk %s", src);
+VIR_DEBUG("Failed add disk %s", src->path);
return -1;
}
return 0;
}
+
static virLockManagerPtr virDomainLockManagerNew(virLockManagerPluginPtr
plugin,
const char *uri,
virDomainObjPtr dom,
@@ -148,9 +148,12 @@ static virLockManagerPtr
virDomainLockManagerNew(virLockManagerPluginPtr plugin,
goto error;
VIR_DEBUG("Adding disks");
-for (i = 0; i < dom->def->ndisks; i++)
-if (virDomainLockManagerAddDisk(lock, dom->def->disks[i]) < 0)
+for (i = 0; i < dom->def->ndisks; i++) {
+virDomainDiskDefPtr disk = dom->def->disks[i];
+
+if (virDomainLockManagerAddImage(lock, disk->src) < 0)
goto error;
+}
}
return lock;
@@ -247,21 +250,20 @@ int virDomainLockProcessInquire(virLockManagerPluginPtr
plugin,
}
-int virDomainLockDiskAttach(virLockManagerPluginPtr plugin,
-const char *uri,
-virDomainObjPtr dom,
-virDomainDiskDefPtr disk)
+int virDomainLockImageAttach(virLockManagerPluginPtr plugin,
+ const char *uri,
+ virDomainObjPtr dom,
+ virStorageSourcePtr src)
{
virLockManagerPtr lock;
int ret = -1;
-VIR_DEBUG("plugin=%p dom=%p disk=%p",
- plugin, dom, disk);
+VIR_DEBUG("plugin=%p dom=%p src=%p", plugin, dom, src);
if (!(lock = virDomainLockManagerNew(plugin, uri, dom, false)))
return -1;
-if (virDomainLockManagerAddDisk(lock, disk) < 0)
+if (virDomainLockManagerAddImage(lock, src) < 0)
goto cleanup;
if (virLockManagerAcquire(lock, NULL, 0,
@@ -276,20 +278,29 @@ int virDomainLockDiskAttach(virLockManagerPluginPtr
plugin,
return ret;
}
-int virDomainLockDiskDetach(virLockManagerPluginPtr plugin,
+
+int virDomainLockDiskAttach(virLockManagerPluginPtr plugin,
+const char *uri,
virDomainObjPtr dom,
virDomainDiskDefPtr disk)
{
+return virDomainLockImageAttach(plugin, uri, dom, disk->src);
+}
+
+
+int virDomainLockImageDetach(virLockManagerPluginPtr plugin,
+ virDomainObjPtr dom,
+ virStorageSourcePtr src)
+{
virLockManagerPtr lock;
int ret = -1;
-VIR_DEBUG("plugin=%p dom=%p disk=%p",
- plugin, dom, disk);
+VIR_
[libvirt] [PATCHv3 09/26] util: storagesource: Add helper to copy and free storage source seclabels
They will be reused to transfer disk labels from snapshotted disks to
the new disk definitions.
---
src/libvirt_private.syms | 1 +
src/util/virstoragefile.c | 45 ++---
src/util/virstoragefile.h | 3 +++
3 files changed, 42 insertions(+), 7 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 1e1dd84..792754f 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1913,6 +1913,7 @@ virStorageSourceNewFromBacking;
virStorageSourcePoolDefFree;
virStorageSourcePoolModeTypeFromString;
virStorageSourcePoolModeTypeToString;
+virStorageSourceSeclabelsCopy;
virStorageTypeFromString;
virStorageTypeToString;
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 0c50de1..c52206c 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -1515,6 +1515,31 @@ virStorageSourceGetSecurityLabelDef(virStorageSourcePtr
src,
}
+int
+virStorageSourceSeclabelsCopy(virStorageSourcePtr to,
+ const virStorageSource *from)
+{
+size_t i;
+
+virStorageSourceSeclabelsClear(to);
+
+if (VIR_ALLOC_N(to->seclabels, from->nseclabels) < 0)
+return -1;
+to->nseclabels = from->nseclabels;
+
+for (i = 0; i < to->nseclabels; i++) {
+if (!(to->seclabels[i] =
virSecurityDeviceLabelDefCopy(from->seclabels[i])))
+goto error;
+}
+
+return 0;
+
+ error:
+virStorageSourceSeclabelsClear(to);
+return -1;
+}
+
+
void
virStorageSourcePoolDefFree(virStorageSourcePoolDefPtr def)
{
@@ -1573,10 +1598,21 @@ virStorageSourceBackingStoreClear(virStorageSourcePtr
def)
void
-virStorageSourceClear(virStorageSourcePtr def)
+virStorageSourceSeclabelsClear(virStorageSourcePtr def)
{
size_t i;
+if (def->seclabels) {
+for (i = 0; i < def->nseclabels; i++)
+virSecurityDeviceLabelDefFree(def->seclabels[i]);
+VIR_FREE(def->seclabels);
+}
+}
+
+
+void
+virStorageSourceClear(virStorageSourcePtr def)
+{
if (!def)
return;
@@ -1587,12 +1623,7 @@ virStorageSourceClear(virStorageSourcePtr def)
virBitmapFree(def->features);
VIR_FREE(def->compat);
virStorageEncryptionFree(def->encryption);
-
-if (def->seclabels) {
-for (i = 0; i < def->nseclabels; i++)
-virSecurityDeviceLabelDefFree(def->seclabels[i]);
-VIR_FREE(def->seclabels);
-}
+virStorageSourceSeclabelsClear(def);
virStoragePermsFree(def->perms);
VIR_FREE(def->timestamps);
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index fe17b0b..176661e 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -322,6 +322,9 @@ void virStorageNetHostDefFree(size_t nhosts,
virStorageNetHostDefPtr hosts);
virStorageNetHostDefPtr virStorageNetHostDefCopy(size_t nhosts,
virStorageNetHostDefPtr
hosts);
+void virStorageSourceSeclabelsClear(virStorageSourcePtr def);
+int virStorageSourceSeclabelsCopy(virStorageSourcePtr to,
+ const virStorageSource *from);
void virStorageSourceAuthClear(virStorageSourcePtr def);
void virStorageSourcePoolDefFree(virStorageSourcePoolDefPtr def);
void virStorageSourceClear(virStorageSourcePtr def);
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 05/26] security: manager: Document behavior of disk label manipulation funcs
virSecurityManagerSetDiskLabel and virSecurityManagerRestoreDiskLabel don't have complementary semantics. Document the semantics to avoid possible problems. --- src/security/security_manager.c | 22 ++ 1 file changed, 22 insertions(+) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index bb12e8e..06e5123 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -331,6 +331,17 @@ virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr) } +/** + * virSecurityManagerRestoreDiskLabel: + * @mgr: security manager object + * @vm: domain definition object + * @disk: disk definition to operate on + * + * Removes security label from the source image of the disk. Note that this + * function doesn't restore labels on backing chain elements of @disk. + * + * Returns: 0 on success, -1 on error. + */ int virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, @@ -400,6 +411,17 @@ virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr, } +/** + * virSecurityManagerSetDiskLabel: + * @mgr: security manager object + * @vm: domain definition object + * @disk: disk definition to operate on + * + * Labels the disk image and all images in the backing chain with the configured + * security label. + * + * Returns: 0 on success, -1 on error. + */ int virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 08/26] storage: Move readonly and shared flags to disk source from disk def
In the future we might need to track state of individual images. Move
the readonly and shared flags to the virStorageSource struct so that we
can keep them in a per-image basis.
---
src/conf/domain_conf.c | 18 ++
src/conf/domain_conf.h | 2 --
src/libxl/libxl_conf.c | 2 +-
src/locking/domain_lock.c | 4 ++--
src/lxc/lxc_cgroup.c| 2 +-
src/lxc/lxc_controller.c| 2 +-
src/lxc/lxc_driver.c| 2 +-
src/qemu/qemu_cgroup.c | 4 ++--
src/qemu/qemu_command.c | 14 +++---
src/qemu/qemu_conf.c| 4 ++--
src/qemu/qemu_driver.c | 8
src/qemu/qemu_migration.c | 16 ++--
src/security/security_dac.c | 2 +-
src/security/security_selinux.c | 6 +++---
src/security/virt-aa-helper.c | 2 +-
src/util/virstoragefile.h | 6 ++
src/vbox/vbox_tmpl.c| 30 +++---
src/xenxs/xen_sxpr.c| 10 +-
src/xenxs/xen_xm.c | 10 +-
19 files changed, 77 insertions(+), 67 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 02c394f..44903b0 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -5549,9 +5549,9 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
goto error;
}
} else if (xmlStrEqual(cur->name, BAD_CAST "readonly")) {
-def->readonly = true;
+def->src->readonly = true;
} else if (xmlStrEqual(cur->name, BAD_CAST "shareable")) {
-def->shared = true;
+def->src->shared = true;
} else if (xmlStrEqual(cur->name, BAD_CAST "transient")) {
def->transient = true;
} else if ((flags & VIR_DOMAIN_XML_INTERNAL_STATUS) &&
@@ -5678,7 +5678,7 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
/* Force CDROM to be listed as read only */
if (def->device == VIR_DOMAIN_DISK_DEVICE_CDROM)
-def->readonly = true;
+def->src->readonly = true;
if ((def->device == VIR_DOMAIN_DISK_DEVICE_DISK ||
def->device == VIR_DOMAIN_DISK_DEVICE_LUN) &&
@@ -5700,7 +5700,7 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
snapshot);
goto error;
}
-} else if (def->readonly) {
+} else if (def->src->readonly) {
def->snapshot = VIR_DOMAIN_SNAPSHOT_LOCATION_NONE;
}
@@ -13390,7 +13390,8 @@ virDomainDiskDefCheckABIStability(virDomainDiskDefPtr
src,
return false;
}
-if (src->readonly != dst->readonly || src->shared != dst->shared) {
+if (src->src->readonly != dst->src->readonly ||
+src->src->shared != dst->src->shared) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Target disk access mode does not match source"));
return false;
@@ -15114,7 +15115,8 @@ virDomainDiskDefFormat(virBufferPtr buf,
virBufferAsprintf(buf, " sgio='%s'", sgio);
if (def->snapshot &&
-!(def->snapshot == VIR_DOMAIN_SNAPSHOT_LOCATION_NONE && def->readonly))
+!(def->snapshot == VIR_DOMAIN_SNAPSHOT_LOCATION_NONE &&
+ def->src->readonly))
virBufferAsprintf(buf, " snapshot='%s'",
virDomainSnapshotLocationTypeToString(def->snapshot));
virBufferAddLit(buf, ">\n");
@@ -15270,9 +15272,9 @@ virDomainDiskDefFormat(virBufferPtr buf,
virBufferAddLit(buf, "\n");
}
-if (def->readonly)
+if (def->src->readonly)
virBufferAddLit(buf, "\n");
-if (def->shared)
+if (def->src->shared)
virBufferAddLit(buf, "\n");
if (def->transient)
virBufferAddLit(buf, "\n");
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 1122eb2..bd85514 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -636,8 +636,6 @@ struct _virDomainDiskDef {
int copy_on_read; /* enum virDomainDiskCopyOnRead */
int snapshot; /* virDomainSnapshotLocation, snapshot_conf.h */
int startupPolicy; /* enum virDomainStartupPolicy */
-bool readonly;
-bool shared;
bool transient;
virDomainDeviceInfo info;
bool rawio_specified;
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 4b6b5c0..ea2b21b 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -827,7 +827,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk, libxl_device_disk
*x_disk)
/* XXX is this right? */
x_disk->removable = 1;
-x_disk->readwrite = !l_disk->readonly;
+x_disk->readwrite = !l_disk->src->readonly;
x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0;
/* An empty CDROM must have the empty format, otherwise libxl fails. */
if (x_disk->is_cdrom && !x_disk->pdev_path)
diff --git a/src/locking/domain_lock.c b/src/locking/domain_lock.c
index 4b3f4d4..7
[libvirt] [PATCHv3 26/26] qemu: blockcopy: Don't remove existing disk mirror info
When creating a new disk mirror the new struct is stored in a separate
variable until everything went well. The removed hunk would actually
remove existing mirror information for example when the api would be run
if a mirror still exists.
---
src/qemu/qemu_driver.c | 4
1 file changed, 4 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 66752f1..f6f5ace 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -15382,10 +15382,6 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
endjob:
if (need_unlink && unlink(dest))
VIR_WARN("unable to unlink just-created %s", dest);
-if (ret < 0 && disk) {
-virStorageSourceFree(disk->mirror);
-disk->mirror = NULL;
-}
virStorageSourceFree(mirror);
if (!qemuDomainObjEndJob(driver, vm))
vm = NULL;
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 22/26] util: storage: Add helper to determine whether storage is local
There's a lot of places where we skip doing actions based on the
locality of given storage type. The usual pattern is to skip it if:
virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK
Add a simple helper to simplify the pattern to
virStorageSourceIsLocalStorage(src)
---
src/libvirt_private.syms | 1 +
src/util/virstoragefile.c | 7 +++
src/util/virstoragefile.h | 1 +
3 files changed, 9 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 98595e1..889ae04 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1915,6 +1915,7 @@ virStorageSourceCopy;
virStorageSourceFree;
virStorageSourceGetActualType;
virStorageSourceGetSecurityLabelDef;
+virStorageSourceIsLocalStorage;
virStorageSourceNewFromBacking;
virStorageSourcePoolDefFree;
virStorageSourcePoolModeTypeFromString;
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 5f8e02d..965c3ea 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -1718,6 +1718,13 @@ virStorageSourceGetActualType(virStorageSourcePtr def)
}
+bool
+virStorageSourceIsLocalStorage(virStorageSourcePtr src)
+{
+return virStorageSourceGetActualType(src) != VIR_STORAGE_TYPE_NETWORK;
+}
+
+
/**
* virStorageSourceBackingStoreClear:
*
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index 3e13071..ee85ca5 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -329,6 +329,7 @@ void virStorageSourceAuthClear(virStorageSourcePtr def);
void virStorageSourcePoolDefFree(virStorageSourcePoolDefPtr def);
void virStorageSourceClear(virStorageSourcePtr def);
int virStorageSourceGetActualType(virStorageSourcePtr def);
+bool virStorageSourceIsLocalStorage(virStorageSourcePtr src);
void virStorageSourceFree(virStorageSourcePtr def);
void virStorageSourceBackingStoreClear(virStorageSourcePtr def);
virStorageSourcePtr virStorageSourceNewFromBacking(virStorageSourcePtr parent);
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 18/26] security: DAC: Implement per-image seclabel restore
Refactor the existing code to allow re-using it for the per-image label
restore too.
---
src/security/security_dac.c | 60 -
1 file changed, 32 insertions(+), 28 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 38cb47f..69b51c1 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -350,62 +350,64 @@ virSecurityDACSetSecurityDiskLabel(virSecurityManagerPtr
mgr,
static int
virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virDomainDiskDefPtr disk,
+ virStorageSourcePtr src,
bool migrated)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityLabelDefPtr secdef;
virSecurityDeviceLabelDefPtr disk_seclabel;
-const char *src = virDomainDiskGetSource(disk);
if (!priv->dynamicOwnership)
return 0;
-if (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_NETWORK)
+if (!src->path ||
+virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK)
return 0;
-secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+/* Don't restore labels on readoly/shared disks, because other VMs may
+ * still be accessing these Alternatively we could iterate over all running
+ * domains and try to figure out if it is in use, but this would not work
+ * for clustered filesystems, since we can't see running VMs using the file
+ * on other nodes Safest bet is thus to skip the restore step.
+ */
+if (src->readonly || src->shared)
+return 0;
+secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
if (secdef && secdef->norelabel)
return 0;
-disk_seclabel = virStorageSourceGetSecurityLabelDef(disk->src,
+disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
SECURITY_DAC_NAME);
-
if (disk_seclabel && disk_seclabel->norelabel)
return 0;
-/* Don't restore labels on readoly/shared disks, because
- * other VMs may still be accessing these
- * Alternatively we could iterate over all running
- * domains and try to figure out if it is in use, but
- * this would not work for clustered filesystems, since
- * we can't see running VMs using the file on other nodes
- * Safest bet is thus to skip the restore step.
- */
-if (disk->src->readonly || disk->src->shared)
-return 0;
-
-if (!src)
-return 0;
-/* If we have a shared FS & doing migrated, we must not
- * change ownership, because that kills access on the
- * destination host which is sub-optimal for the guest
- * VM's I/O attempts :-)
+/* If we have a shared FS & doing migrated, we must not change ownership,
+ * because that kills access on the destination host which is sub-optimal
+ * for the guest VM's I/O attempts :-)
*/
if (migrated) {
-int rc = virFileIsSharedFS(src);
+int rc = virFileIsSharedFS(src->path);
if (rc < 0)
return -1;
if (rc == 1) {
VIR_DEBUG("Skipping image label restore on %s because FS is
shared",
- src);
+ src->path);
return 0;
}
}
-return virSecurityDACRestoreSecurityFileLabel(src);
+return virSecurityDACRestoreSecurityFileLabel(src->path);
+}
+
+
+static int
+virSecurityDACRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+virDomainDefPtr def,
+virStorageSourcePtr src)
+{
+return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, src, false);
}
@@ -414,7 +416,7 @@
virSecurityDACRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainDiskDefPtr disk)
{
-return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, disk, false);
+return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, disk->src,
false);
}
@@ -902,7 +904,7 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr
mgr,
for (i = 0; i < def->ndisks; i++) {
if (virSecurityDACRestoreSecurityImageLabelInt(mgr,
def,
- def->disks[i],
+ def->disks[i]->src,
migrated) < 0)
rc = -1;
}
@@ -1276,6 +1278,8 @@ virSecurityDriver virSecurityDriverDAC = {
.domainSetSecurityDiskLabel = virSecurityDACSetSecurityDiskLabel,
.domainRestoreSecurityDiskLabel
[libvirt] [PATCHv3 23/26] util: storage: Make virStorageFileChainLookup more network storage aware
Add a few checks and avoid resolving relative links on networked
storage.
---
src/util/virstoragefile.c | 27 +++
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 965c3ea..e154f92 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -1344,13 +1344,12 @@ virStorageFileChainLookup(virStorageSourcePtr chain,
const char *tmp;
char *parentDir = NULL;
bool nameIsFile = virStorageIsFile(name);
-size_t i;
+size_t i = 0;
if (!parent)
parent = &tmp;
*parent = NULL;
-i = 0;
if (startFrom) {
while (chain && chain != startFrom->backingStore) {
chain = chain->backingStore;
@@ -1371,24 +1370,27 @@ virStorageFileChainLookup(virStorageSourcePtr chain,
if (STREQ_NULLABLE(name, chain->relPath) ||
STREQ(name, chain->path))
break;
-if (nameIsFile && (chain->type == VIR_STORAGE_TYPE_FILE ||
- chain->type == VIR_STORAGE_TYPE_BLOCK)) {
-if (prev) {
-if (!(parentDir = mdir_name(prev->path))) {
-virReportOOMError();
-goto error;
-}
-} else {
-if (VIR_STRDUP(parentDir, ".") < 0)
-goto error;
+
+if (nameIsFile && virStorageSourceIsLocalStorage(chain)) {
+if (prev && virStorageSourceIsLocalStorage(prev))
+parentDir = mdir_name(prev->path);
+else
+ignore_value(VIR_STRDUP(parentDir, "."));
+
+if (!parentDir) {
+virReportOOMError();
+goto error;
}
+
int result = virFileRelLinkPointsTo(parentDir, name,
chain->path);
VIR_FREE(parentDir);
+
if (result < 0)
goto error;
+
if (result > 0)
break;
}
@@ -1401,6 +1403,7 @@ virStorageFileChainLookup(virStorageSourcePtr chain,
if (!chain)
goto error;
+
return chain;
error:
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 03/26] security: manager: Avoid forward decl of virSecurityManagerDispose
---
src/security/security_manager.c | 21 +++--
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index d57bab9..84d90ac 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -48,7 +48,17 @@ struct _virSecurityManager {
static virClassPtr virSecurityManagerClass;
-static void virSecurityManagerDispose(void *obj);
+
+static
+void virSecurityManagerDispose(void *obj)
+{
+virSecurityManagerPtr mgr = obj;
+
+if (mgr->drv->close)
+mgr->drv->close(mgr);
+VIR_FREE(mgr->privateData);
+}
+
static int virSecurityManagerOnceInit(void)
{
@@ -231,15 +241,6 @@ void
*virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
}
-static void virSecurityManagerDispose(void *obj)
-{
-virSecurityManagerPtr mgr = obj;
-
-if (mgr->drv->close)
-mgr->drv->close(mgr);
-VIR_FREE(mgr->privateData);
-}
-
const char *
virSecurityManagerGetDriver(virSecurityManagerPtr mgr)
{
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 16/26] security: selinux: Implement per-image seclabel restore
Refactor the existing code to allow re-using it for the per-image label
restore too.
---
src/security/security_selinux.c | 60 -
1 file changed, 35 insertions(+), 25 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 7740e69..7b534b2 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1123,18 +1123,21 @@
virSecuritySELinuxRestoreSecurityTPMFileLabelInt(virSecurityManagerPtr mgr,
static int
virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virDomainDiskDefPtr disk,
+ virStorageSourcePtr src,
bool migrated)
{
virSecurityLabelDefPtr seclabel;
virSecurityDeviceLabelDefPtr disk_seclabel;
-const char *src = virDomainDiskGetSource(disk);
+
+if (!src->path ||
+virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK)
+return 0;
seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
if (seclabel == NULL)
return 0;
-disk_seclabel = virStorageSourceGetSecurityLabelDef(disk->src,
+disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
SECURITY_SELINUX_NAME);
if (seclabel->norelabel || (disk_seclabel && disk_seclabel->norelabel))
return 0;
@@ -1144,40 +1147,35 @@
virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
* be tracked in domain XML, at which point labelskip should be a
* per-file attribute instead of a disk attribute. */
if (disk_seclabel && disk_seclabel->labelskip &&
-!disk->src->backingStore)
+!src->backingStore)
return 0;
-/* Don't restore labels on readoly/shared disks, because
- * other VMs may still be accessing these
- * Alternatively we could iterate over all running
- * domains and try to figure out if it is in use, but
- * this would not work for clustered filesystems, since
- * we can't see running VMs using the file on other nodes
- * Safest bet is thus to skip the restore step.
+/* Don't restore labels on readoly/shared disks, because other VMs may
+ * still be accessing these Alternatively we could iterate over all running
+ * domains and try to figure out if it is in use, but this would not work
+ * for clustered filesystems, since we can't see running VMs using the file
+ * on other nodes Safest bet is thus to skip the restore step.
*/
-if (disk->src->readonly || disk->src->shared)
+if (src->readonly || src->shared)
return 0;
-if (!src || virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_NETWORK)
-return 0;
-/* If we have a shared FS & doing migrated, we must not
- * change ownership, because that kills access on the
- * destination host which is sub-optimal for the guest
- * VM's I/O attempts :-)
+/* If we have a shared FS & doing migrated, we must not change ownership,
+ * because that kills access on the destination host which is sub-optimal
+ * for the guest VM's I/O attempts :-)
*/
if (migrated) {
-int rc = virFileIsSharedFS(src);
+int rc = virFileIsSharedFS(src->path);
if (rc < 0)
return -1;
if (rc == 1) {
VIR_DEBUG("Skipping image label restore on %s because FS is
shared",
- src);
+ src->path);
return 0;
}
}
-return virSecuritySELinuxRestoreSecurityFileLabel(mgr, src);
+return virSecuritySELinuxRestoreSecurityFileLabel(mgr, src->path);
}
@@ -1186,7 +1184,17 @@
virSecuritySELinuxRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainDiskDefPtr disk)
{
-return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, disk,
false);
+return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, disk->src,
+ false);
+}
+
+
+static int
+virSecuritySELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+virDomainDefPtr def,
+virStorageSourcePtr src)
+{
+return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, src,
false);
}
@@ -1867,9 +1875,9 @@
virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
rc = -1;
}
for (i = 0; i < def->ndisks; i++) {
-if (virSecuritySELinuxRestoreSecurityImageLabelInt(mgr,
- def,
- de
[libvirt] [PATCHv3 13/26] qemu: cgroup: Setup only the top level disk image for read-write access
Only the top level gets writes, so the rest of the backing chain
requires only read-only access.
---
src/qemu/qemu_cgroup.c | 26 --
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 1deafb7..97229c4 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -49,10 +49,11 @@ static const char *const defaultDeviceACL[] = {
#define DEVICE_PTY_MAJOR 136
#define DEVICE_SND_MAJOR 116
-int
-qemuSetImageCgroup(virDomainObjPtr vm,
- virStorageSourcePtr src,
- bool deny)
+static int
+qemuSetImageCgroupInternal(virDomainObjPtr vm,
+ virStorageSourcePtr src,
+ bool deny,
+ bool forceReadonly)
{
qemuDomainObjPrivatePtr priv = vm->privateData;
int perms = VIR_CGROUP_DEVICE_READ;
@@ -76,7 +77,7 @@ qemuSetImageCgroup(virDomainObjPtr vm,
ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms);
} else {
-if (!src->readonly)
+if (!src->readonly && !forceReadonly)
perms |= VIR_CGROUP_DEVICE_WRITE;
VIR_DEBUG("Allow path %s, perms: %s",
@@ -104,14 +105,27 @@ qemuSetImageCgroup(virDomainObjPtr vm,
int
+qemuSetImageCgroup(virDomainObjPtr vm,
+ virStorageSourcePtr src,
+ bool deny)
+{
+return qemuSetImageCgroupInternal(vm, src, deny, false);
+}
+
+
+int
qemuSetupDiskCgroup(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
virStorageSourcePtr next;
+bool forceReadonly = false;
for (next = disk->src; next; next = next->backingStore) {
-if (qemuSetImageCgroup(vm, next, false) < 0)
+if (qemuSetImageCgroupInternal(vm, next, false, forceReadonly) < 0)
return -1;
+
+/* setup only the top level image for read-write */
+forceReadonly = true;
}
return 0;
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 06/26] security: Fix header formatting of a few functions
Some of the functions in the storage driver had their headers formatted
incorrectly.
---
src/security/security_driver.h | 6 +++---
src/security/security_manager.h | 9 -
src/security/security_stack.c | 4 ++--
3 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 05d612a..062dc8f 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -108,10 +108,10 @@ typedef int (*virSecurityDomainSetTapFDLabel)
(virSecurityManagerPtr mgr,
virDomainDefPtr def,
int fd);
typedef char *(*virSecurityDomainGetMountOptions) (virSecurityManagerPtr mgr,
- virDomainDefPtr def);
+ virDomainDefPtr def);
typedef int (*virSecurityDomainSetHugepages) (virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- const char *path);
+ virDomainDefPtr def,
+ const char *path);
struct _virSecurityDriver {
size_t privateDataLen;
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 307e1c2..8a5fcfb 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -118,11 +118,10 @@ int virSecurityManagerSetTapFDLabel(virSecurityManagerPtr
mgr,
virDomainDefPtr vm,
int fd);
char *virSecurityManagerGetMountOptions(virSecurityManagerPtr mgr,
- virDomainDefPtr vm);
-virSecurityManagerPtr*
-virSecurityManagerGetNested(virSecurityManagerPtr mgr);
+virDomainDefPtr vm);
+virSecurityManagerPtr* virSecurityManagerGetNested(virSecurityManagerPtr mgr);
int virSecurityManagerSetHugepages(virSecurityManagerPtr mgr,
- virDomainDefPtr sec,
- const char *hugepages_path);
+ virDomainDefPtr sec,
+ const char *hugepages_path);
#endif /* VIR_SECURITY_MANAGER_H__ */
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 7f210b2..e3e9c85 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -513,8 +513,8 @@ virSecurityStackSetTapFDLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetHugepages(virSecurityManagerPtr mgr,
- virDomainDefPtr vm,
- const char *path)
+ virDomainDefPtr vm,
+ const char *path)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 19/26] security: DAC: Implement per-image seclabel set
Refactor the code and reuse it to implement the functionality.
---
src/security/security_dac.c | 53 ++---
1 file changed, 26 insertions(+), 27 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 69b51c1..3ff7817 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -289,22 +289,30 @@ virSecurityDACRestoreSecurityFileLabel(const char *path)
static int
-virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk,
- const char *path,
- size_t depth ATTRIBUTE_UNUSED,
- void *opaque)
+virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
+virDomainDefPtr def,
+virStorageSourcePtr src)
{
-virSecurityDACCallbackDataPtr cbdata = opaque;
-virSecurityManagerPtr mgr = cbdata->manager;
-virSecurityLabelDefPtr secdef = cbdata->secdef;
-virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+virSecurityLabelDefPtr secdef;
virSecurityDeviceLabelDefPtr disk_seclabel;
+virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
uid_t user;
gid_t group;
-disk_seclabel = virStorageSourceGetSecurityLabelDef(disk->src,
-SECURITY_DAC_NAME);
+if (!priv->dynamicOwnership)
+return 0;
+
+/* XXX: Add support for gluster DAC permissions */
+if (!src->path ||
+virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK)
+return 0;
+
+secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+if (secdef && secdef->norelabel)
+return 0;
+disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
+SECURITY_DAC_NAME);
if (disk_seclabel && disk_seclabel->norelabel)
return 0;
@@ -316,7 +324,7 @@ virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk,
return -1;
}
-return virSecurityDACSetOwnership(path, user, group);
+return virSecurityDACSetOwnership(src->path, user, group);
}
@@ -326,24 +334,14 @@ virSecurityDACSetSecurityDiskLabel(virSecurityManagerPtr
mgr,
virDomainDiskDefPtr disk)
{
-virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
-virSecurityDACCallbackData cbdata;
-virSecurityLabelDefPtr secdef;
+virStorageSourcePtr next;
-if (!priv->dynamicOwnership)
-return 0;
-
-secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
-
-if (secdef && secdef->norelabel)
-return 0;
+for (next = disk->src; next; next = next->backingStore) {
+if (virSecurityDACSetSecurityImageLabel(mgr, def, next) < 0)
+return -1;
+}
-cbdata.manager = mgr;
-cbdata.secdef = secdef;
-return virDomainDiskDefForeachPath(disk,
- false,
- virSecurityDACSetSecurityFileLabel,
- &cbdata);
+return 0;
}
@@ -1278,6 +1276,7 @@ virSecurityDriver virSecurityDriverDAC = {
.domainSetSecurityDiskLabel = virSecurityDACSetSecurityDiskLabel,
.domainRestoreSecurityDiskLabel =
virSecurityDACRestoreSecurityDiskLabel,
+.domainSetSecurityImageLabel= virSecurityDACSetSecurityImageLabel,
.domainRestoreSecurityImageLabel=
virSecurityDACRestoreSecurityImageLabel,
.domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel,
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 00/26] Work In Progress: Refactor handling of disk image metadata
In my quest to fix various issues with image chain handling I've set out to fix labelling of the image files. While I'm not far enough yet, the series has grown rather large and contains a few fixes of other stuff. I'm posting it incomplete to star review on the trivial parts. Peter Krempa (26): utils: s/virStorageSourceClearBackingStore/virStorageSourceBackingStoreClear security: Rename virSecurityManagerRestoreImageLabel to *Disk* security: manager: Avoid forward decl of virSecurityManagerDispose security: manager: Unify function header format security: manager: Document behavior of disk label manipulation funcs security: Fix header formatting of a few functions security: nop: Avoid very long lines storage: Move readonly and shared flags to disk source from disk def util: storagesource: Add helper to copy and free storage source seclabels util: storagefile: Add deep copy for struct virStorageSource util: cgroup: Add helper to convert device mode to string qemu: cgroup: Add functions to set cgroup image stuff on individual imgs qemu: cgroup: Setup only the top level disk image for read-write access locking: Add APIs to lock individual image files security: Introduce APIs to label single images security: selinux: Implement per-image seclabel restore security: selinux: Implement per-image seclabel set security: DAC: Implement per-image seclabel restore security: DAC: Implement per-image seclabel set security: AppArmor: Implement per-image seclabel restore security: AppArmor: Implement per-image seclabel set util: storage: Add helper to determine whether storage is local util: storage: Make virStorageFileChainLookup more network storage aware util: storage: Return complete parent info from virStorageFileChainLookup qemu: blockcopy: Use the mirror disk source to label the files qemu: blockcopy: Don't remove existing disk mirror info src/conf/domain_conf.c | 18 +- src/conf/domain_conf.h | 2 - src/libvirt_private.syms | 10 +- src/libxl/libxl_conf.c | 2 +- src/locking/domain_lock.c| 65 +--- src/locking/domain_lock.h| 8 + src/lxc/lxc_cgroup.c | 2 +- src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 2 +- src/qemu/qemu_cgroup.c | 110 +++-- src/qemu/qemu_cgroup.h | 3 + src/qemu/qemu_command.c | 14 +- src/qemu/qemu_conf.c | 4 +- src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_driver.c | 65 +++- src/qemu/qemu_hotplug.c | 24 +-- src/qemu/qemu_migration.c| 16 +- src/security/security_apparmor.c | 52 -- src/security/security_dac.c | 115 ++--- src/security/security_driver.h | 22 ++- src/security/security_manager.c | 347 +++ src/security/security_manager.h | 22 ++- src/security/security_nop.c | 166 --- src/security/security_selinux.c | 154 + src/security/security_stack.c| 50 +- src/security/virt-aa-helper.c| 2 +- src/util/vircgroup.c | 62 +-- src/util/vircgroup.h | 2 + src/util/virstoragefile.c| 239 +++ src/util/virstoragefile.h| 17 +- src/vbox/vbox_tmpl.c | 30 ++-- src/xenxs/xen_sxpr.c | 10 +- src/xenxs/xen_xm.c | 10 +- tests/virstoragetest.c | 86 +- 34 files changed, 1140 insertions(+), 595 deletions(-) -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 12/26] qemu: cgroup: Add functions to set cgroup image stuff on individual imgs
Add functions that will allow to set all the required cgroup stuff on
individual images taking a virStorageSourcePtr. Also convert functions
designed to setup whole backing chain to take advantage of the chagne.
---
src/qemu/qemu_cgroup.c | 104 -
src/qemu/qemu_cgroup.h | 3 ++
2 files changed, 55 insertions(+), 52 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 3394c68..1deafb7 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -49,30 +49,56 @@ static const char *const defaultDeviceACL[] = {
#define DEVICE_PTY_MAJOR 136
#define DEVICE_SND_MAJOR 116
-static int
-qemuSetupDiskPathAllow(virDomainDiskDefPtr disk,
- const char *path,
- size_t depth ATTRIBUTE_UNUSED,
- void *opaque)
+int
+qemuSetImageCgroup(virDomainObjPtr vm,
+ virStorageSourcePtr src,
+ bool deny)
{
-virDomainObjPtr vm = opaque;
qemuDomainObjPrivatePtr priv = vm->privateData;
+int perms = VIR_CGROUP_DEVICE_READ;
int ret;
-VIR_DEBUG("Process path %s for disk", path);
-ret = virCgroupAllowDevicePath(priv->cgroup, path,
- (disk->src->readonly ?
VIR_CGROUP_DEVICE_READ
-: VIR_CGROUP_DEVICE_RW));
-virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path,
- disk->src->readonly ? "r" : "rw", ret == 0);
+if (!virCgroupHasController(priv->cgroup,
+VIR_CGROUP_CONTROLLER_DEVICES))
+return 0;
+
+if (!src->path ||
+virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK) {
+VIR_DEBUG("Not updating cgroups for disk path '%s', type: %s",
+ NULLSTR(src->path), virStorageTypeToString(src->type));
+return 0;
+}
+
+if (deny) {
+perms |= VIR_CGROUP_DEVICE_WRITE | VIR_CGROUP_DEVICE_MKNOD;
+
+VIR_DEBUG("Deny path %s", src->path);
+
+ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms);
+} else {
+if (!src->readonly)
+perms |= VIR_CGROUP_DEVICE_WRITE;
+
+VIR_DEBUG("Allow path %s, perms: %s",
+ src->path, virCgroupGetDevicePermsString(perms));
+
+ret = virCgroupAllowDevicePath(priv->cgroup, src->path, perms);
+}
+
+virDomainAuditCgroupPath(vm, priv->cgroup,
+ deny ? "deny" : "allow",
+ src->path,
+ virCgroupGetDevicePermsString(perms),
+ ret == 0);
/* Get this for root squash NFS */
if (ret < 0 &&
virLastErrorIsSystemErrno(EACCES)) {
-VIR_DEBUG("Ignoring EACCES for %s", path);
+VIR_DEBUG("Ignoring EACCES for %s", src->path);
virResetLastError();
ret = 0;
}
+
return ret;
}
@@ -81,39 +107,14 @@ int
qemuSetupDiskCgroup(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
-qemuDomainObjPrivatePtr priv = vm->privateData;
-
-if (!virCgroupHasController(priv->cgroup,
-VIR_CGROUP_CONTROLLER_DEVICES))
-return 0;
-
-return virDomainDiskDefForeachPath(disk, true, qemuSetupDiskPathAllow, vm);
-}
+virStorageSourcePtr next;
-
-static int
-qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
- const char *path,
- size_t depth ATTRIBUTE_UNUSED,
- void *opaque)
-{
-virDomainObjPtr vm = opaque;
-qemuDomainObjPrivatePtr priv = vm->privateData;
-int ret;
-
-VIR_DEBUG("Process path %s for disk", path);
-ret = virCgroupDenyDevicePath(priv->cgroup, path,
- VIR_CGROUP_DEVICE_RWM);
-virDomainAuditCgroupPath(vm, priv->cgroup, "deny", path, "rwm", ret == 0);
-
-/* Get this for root squash NFS */
-if (ret < 0 &&
-virLastErrorIsSystemErrno(EACCES)) {
-VIR_DEBUG("Ignoring EACCES for %s", path);
-virResetLastError();
-ret = 0;
+for (next = disk->src; next; next = next->backingStore) {
+if (qemuSetImageCgroup(vm, next, false) < 0)
+return -1;
}
-return ret;
+
+return 0;
}
@@ -121,18 +122,17 @@ int
qemuTeardownDiskCgroup(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
-qemuDomainObjPrivatePtr priv = vm->privateData;
+virStorageSourcePtr next;
-if (!virCgroupHasController(priv->cgroup,
-VIR_CGROUP_CONTROLLER_DEVICES))
-return 0;
+for (next = disk->src; next; next = next->backingStore) {
+if (qemuSetImageCgroup(vm, next, true) < 0)
+return -1;
+}
-return virDomainDiskDefForeachPath(disk,
- true,
- qemuTeardownDiskPathDen
[libvirt] [PATCHv3 02/26] security: Rename virSecurityManagerRestoreImageLabel to *Disk*
I'm going to add functions that will deal with individual image files
rather than whole disks. Rename the security function to make room for
the new one.
---
src/libvirt_private.syms | 2 +-
src/qemu/qemu_driver.c | 4 ++--
src/qemu/qemu_hotplug.c | 24
src/security/security_apparmor.c | 8
src/security/security_dac.c | 8
src/security/security_driver.h | 8
src/security/security_manager.c | 10 +-
src/security/security_manager.h | 6 +++---
src/security/security_nop.c | 8
src/security/security_selinux.c | 8
src/security/security_stack.c| 10 +-
11 files changed, 48 insertions(+), 48 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index b3f73f9..1e1dd84 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -911,8 +911,8 @@ virSecurityManagerPreFork;
virSecurityManagerReleaseLabel;
virSecurityManagerReserveLabel;
virSecurityManagerRestoreAllLabel;
+virSecurityManagerRestoreDiskLabel;
virSecurityManagerRestoreHostdevLabel;
-virSecurityManagerRestoreImageLabel;
virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerSetAllLabel;
virSecurityManagerSetChildProcessLabel;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 41d7bb6..ce57542 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -12087,8 +12087,8 @@ qemuDomainPrepareDiskChainElement(virQEMUDriverPtr
driver,
disk->readonly = mode == VIR_DISK_CHAIN_READ_ONLY;
if (mode == VIR_DISK_CHAIN_NO_ACCESS) {
-if (virSecurityManagerRestoreImageLabel(driver->securityManager,
-vm->def, disk) < 0)
+if (virSecurityManagerRestoreDiskLabel(driver->securityManager,
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s",
disk->src->path);
if (qemuTeardownDiskCgroup(vm, disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 9cd6a3e..5e8aa4e 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -161,8 +161,8 @@ int qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver,
if (ret < 0)
goto error;
-if (virSecurityManagerRestoreImageLabel(driver->securityManager,
-vm->def, origdisk) < 0)
+if (virSecurityManagerRestoreDiskLabel(driver->securityManager,
+ vm->def, origdisk) < 0)
VIR_WARN("Unable to restore security label on ejected image %s",
virDomainDiskGetSource(origdisk));
@@ -182,8 +182,8 @@ int qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver,
return ret;
error:
-if (virSecurityManagerRestoreImageLabel(driver->securityManager,
-vm->def, disk) < 0)
+if (virSecurityManagerRestoreDiskLabel(driver->securityManager,
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on new media %s", src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -347,8 +347,8 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
if (releaseaddr)
qemuDomainReleaseDeviceAddress(vm, &disk->info, src);
-if (virSecurityManagerRestoreImageLabel(driver->securityManager,
-vm->def, disk) < 0)
+if (virSecurityManagerRestoreDiskLabel(driver->securityManager,
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -597,8 +597,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
return ret;
error:
-if (virSecurityManagerRestoreImageLabel(driver->securityManager,
-vm->def, disk) < 0)
+if (virSecurityManagerRestoreDiskLabel(driver->securityManager,
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -691,8 +691,8 @@ qemuDomainAttachUSBMassstorageDevice(virConnectPtr conn,
return ret;
error:
-if (virSecurityManagerRestoreImageLabel(driver->securityManager,
-vm->def, disk) < 0)
+if (virSecurityManagerRestoreDiskLabel(driver->securityManager,
+ vm->def, disk) < 0)
VIR_WARN("Unable to restore security label on %s", src);
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
@@ -2504,8 +2504,8 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
qemuDomainReleaseDeviceAddress(vm, &disk->info,
[libvirt] [PATCHv3 10/26] util: storagefile: Add deep copy for struct virStorageSource
Now that we have pointers to store disk source information and thus can
easily exchange the structs behind we need a function to copy all the
data.
---
src/libvirt_private.syms | 1 +
src/util/virstoragefile.c | 143 ++
src/util/virstoragefile.h | 3 +
3 files changed, 147 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 792754f..bf3a45b 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1906,6 +1906,7 @@ virStorageNetProtocolTypeToString;
virStorageSourceAuthClear;
virStorageSourceBackingStoreClear;
virStorageSourceClear;
+virStorageSourceCopy;
virStorageSourceFree;
virStorageSourceGetActualType;
virStorageSourceGetSecurityLabelDef;
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index c52206c..5f8e02d 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -1540,6 +1540,149 @@ virStorageSourceSeclabelsCopy(virStorageSourcePtr to,
}
+static virStorageTimestampsPtr
+virStorageTimestampsCopy(const virStorageTimestamps *src)
+{
+virStorageTimestampsPtr ret;
+
+if (VIR_ALLOC(ret) < 0)
+return NULL;
+
+memcpy(ret, src, sizeof(*src));
+
+return ret;
+}
+
+
+static virStoragePermsPtr
+virStoragePermsCopy(const virStoragePerms *src)
+{
+virStoragePermsPtr ret;
+
+if (VIR_ALLOC(ret) < 0)
+return NULL;
+
+ret->mode = src->mode;
+ret->uid = src->uid;
+ret->gid = src->gid;
+
+if (VIR_STRDUP(ret->label, src->label))
+goto error;
+
+return ret;
+
+ error:
+virStoragePermsFree(ret);
+return NULL;
+}
+
+
+static virStorageSourcePoolDefPtr
+virStorageSourcePoolDefCopy(const virStorageSourcePoolDef *src)
+{
+virStorageSourcePoolDefPtr ret;
+
+if (VIR_ALLOC(ret) < 0)
+return NULL;
+
+ret->voltype = src->voltype;
+ret->pooltype = src->pooltype;
+ret->actualtype = src->actualtype;
+ret->mode = src->mode;
+
+if (VIR_STRDUP(ret->pool, src->pool) < 0 ||
+VIR_STRDUP(ret->volume, src->volume) < 0)
+goto error;
+
+return ret;
+
+ error:
+virStorageSourcePoolDefFree(ret);
+return NULL;
+}
+
+
+virStorageSourcePtr
+virStorageSourceCopy(const virStorageSource *src,
+ bool backingChain)
+{
+virStorageSourcePtr ret = NULL;
+
+if (VIR_ALLOC(ret) < 0)
+return NULL;
+
+ret->type = src->type;
+ret->protocol = src->protocol;
+ret->format = src->format;
+ret->allocation = src->allocation;
+ret->capacity = src->capacity;
+ret->readonly = src->readonly;
+ret->shared = src->shared;
+
+/* storage driver metadata are not copied */
+ret->drv = NULL;
+
+if (VIR_STRDUP(ret->path, src->path) < 0 ||
+VIR_STRDUP(ret->volume, src->volume) < 0 ||
+VIR_STRDUP(ret->driverName, src->driverName) < 0 ||
+VIR_STRDUP(ret->relPath, src->relPath) < 0 ||
+VIR_STRDUP(ret->backingStoreRaw, src->backingStoreRaw) < 0 ||
+VIR_STRDUP(ret->compat, src->compat) < 0 ||
+VIR_STRDUP(ret->auth.username, src->auth.username) < 0)
+goto error;
+
+if (!(ret->hosts = virStorageNetHostDefCopy(src->nhosts, src->hosts)))
+goto error;
+ret->nhosts = src->nhosts;
+
+if (!(ret->srcpool = virStorageSourcePoolDefCopy(src->srcpool)))
+goto error;
+
+if (!(ret->features = virBitmapNewCopy(src->features)))
+goto error;
+
+if (!(ret->encryption = virStorageEncryptionCopy(src->encryption)))
+goto error;
+
+if (!(ret->perms = virStoragePermsCopy(src->perms)))
+goto error;
+
+if (!(ret->timestamps = virStorageTimestampsCopy(src->timestamps)))
+goto error;
+
+if (virStorageSourceSeclabelsCopy(ret, src) < 0)
+goto error;
+
+ret->auth.secretType = src->auth.secretType;
+switch ((virStorageSecretType) src->auth.secretType) {
+case VIR_STORAGE_SECRET_TYPE_NONE:
+case VIR_STORAGE_SECRET_TYPE_LAST:
+break;
+
+case VIR_STORAGE_SECRET_TYPE_UUID:
+memcpy(ret->auth.secret.uuid, src->auth.secret.uuid,
VIR_UUID_BUFLEN);
+break;
+
+case VIR_STORAGE_SECRET_TYPE_USAGE:
+if (VIR_STRDUP(ret->auth.secret.usage, src->auth.secret.usage) < 0)
+goto error;
+break;
+}
+
+if (backingChain && src->backingStore) {
+if (!(ret->backingStore = virStorageSourceCopy(src->backingStore,
+ true)))
+goto error;
+}
+
+return ret;
+
+ error:
+virStorageSourceFree(ret);
+return NULL;
+}
+
+
void
virStorageSourcePoolDefFree(virStorageSourcePoolDefPtr def)
{
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index 176661e..3e13071 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -332,6 +332,9 @@ int virStorageSourceGetActualType(virStorageSourcePtr def);
void virStorageSourceF
[libvirt] [PATCHv3 01/26] utils: s/virStorageSourceClearBackingStore/virStorageSourceBackingStoreClear
Rename them to comply with the naming policy.
---
src/libvirt_private.syms | 2 +-
src/qemu/qemu_domain.c| 2 +-
src/qemu/qemu_driver.c| 2 +-
src/util/virstoragefile.c | 6 +++---
src/util/virstoragefile.h | 2 +-
5 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index a793b4c..b3f73f9 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1904,8 +1904,8 @@ virStorageNetHostTransportTypeFromString;
virStorageNetHostTransportTypeToString;
virStorageNetProtocolTypeToString;
virStorageSourceAuthClear;
+virStorageSourceBackingStoreClear;
virStorageSourceClear;
-virStorageSourceClearBackingStore;
virStorageSourceFree;
virStorageSourceGetActualType;
virStorageSourceGetSecurityLabelDef;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 2e55c99..f3f42be 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2437,7 +2437,7 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr driver,
if (disk->src->backingStore) {
if (force)
-virStorageSourceClearBackingStore(disk->src);
+virStorageSourceBackingStoreClear(disk->src);
else
goto cleanup;
}
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 22699c1..41d7bb6 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -12868,7 +12868,7 @@
qemuDomainSnapshotCreateSingleDiskActive(virQEMUDriverPtr driver,
* recompute it. Better would be storing the chain ourselves rather than
* reprobing, but this requires modifying domain_conf and our XML to fully
* track the chain across libvirtd restarts. */
-virStorageSourceClearBackingStore(disk->src);
+virStorageSourceBackingStoreClear(disk->src);
if (virStorageFileInit(snap->src) < 0)
goto cleanup;
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 6a57327..0c50de1 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -1551,14 +1551,14 @@ virStorageSourceGetActualType(virStorageSourcePtr def)
/**
- * virStorageSourceClearBackingStore:
+ * virStorageSourceBackingStoreClear:
*
* @src: disk source to clear
*
* Clears information about backing store of the current storage file.
*/
void
-virStorageSourceClearBackingStore(virStorageSourcePtr def)
+virStorageSourceBackingStoreClear(virStorageSourcePtr def)
{
if (!def)
return;
@@ -1599,7 +1599,7 @@ virStorageSourceClear(virStorageSourcePtr def)
virStorageNetHostDefFree(def->nhosts, def->hosts);
virStorageSourceAuthClear(def);
-virStorageSourceClearBackingStore(def);
+virStorageSourceBackingStoreClear(def);
}
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index f98a763..48c7e02 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -321,7 +321,7 @@ void virStorageSourcePoolDefFree(virStorageSourcePoolDefPtr
def);
void virStorageSourceClear(virStorageSourcePtr def);
int virStorageSourceGetActualType(virStorageSourcePtr def);
void virStorageSourceFree(virStorageSourcePtr def);
-void virStorageSourceClearBackingStore(virStorageSourcePtr def);
+void virStorageSourceBackingStoreClear(virStorageSourcePtr def);
virStorageSourcePtr virStorageSourceNewFromBacking(virStorageSourcePtr parent);
typedef int
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 04/26] security: manager: Unify function header format
---
src/security/security_manager.c | 248 +---
1 file changed, 157 insertions(+), 91 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 84d90ac..bb12e8e 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -19,10 +19,8 @@
*
* Author: Daniel P. Berrange
*/
-
#include
-
#include "security_driver.h"
#include "security_stack.h"
#include "security_dac.h"
@@ -60,7 +58,8 @@ void virSecurityManagerDispose(void *obj)
}
-static int virSecurityManagerOnceInit(void)
+static int
+virSecurityManagerOnceInit(void)
{
if (!(virSecurityManagerClass = virClassNew(virClassForObjectLockable(),
"virSecurityManagerClass",
@@ -73,11 +72,13 @@ static int virSecurityManagerOnceInit(void)
VIR_ONCE_GLOBAL_INIT(virSecurityManager);
-static virSecurityManagerPtr virSecurityManagerNewDriver(virSecurityDriverPtr
drv,
- const char
*virtDriver,
- bool
allowDiskFormatProbing,
- bool defaultConfined,
- bool requireConfined)
+
+static virSecurityManagerPtr
+virSecurityManagerNewDriver(virSecurityDriverPtr drv,
+const char *virtDriver,
+bool allowDiskFormatProbing,
+bool defaultConfined,
+bool requireConfined)
{
virSecurityManagerPtr mgr;
char *privateData;
@@ -114,7 +115,9 @@ static virSecurityManagerPtr
virSecurityManagerNewDriver(virSecurityDriverPtr dr
return mgr;
}
-virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary)
+
+virSecurityManagerPtr
+virSecurityManagerNewStack(virSecurityManagerPtr primary)
{
virSecurityManagerPtr mgr =
virSecurityManagerNewDriver(&virSecurityDriverStack,
@@ -131,21 +134,25 @@ virSecurityManagerPtr
virSecurityManagerNewStack(virSecurityManagerPtr primary)
return mgr;
}
-int virSecurityManagerStackAddNested(virSecurityManagerPtr stack,
- virSecurityManagerPtr nested)
+
+int
+virSecurityManagerStackAddNested(virSecurityManagerPtr stack,
+ virSecurityManagerPtr nested)
{
if (!STREQ("stack", stack->drv->name))
return -1;
return virSecurityStackAddNested(stack, nested);
}
-virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
- uid_t user,
- gid_t group,
- bool allowDiskFormatProbing,
- bool defaultConfined,
- bool requireConfined,
- bool dynamicOwnership)
+
+virSecurityManagerPtr
+virSecurityManagerNewDAC(const char *virtDriver,
+ uid_t user,
+ gid_t group,
+ bool allowDiskFormatProbing,
+ bool defaultConfined,
+ bool requireConfined,
+ bool dynamicOwnership)
{
virSecurityManagerPtr mgr =
virSecurityManagerNewDriver(&virSecurityDriverDAC,
@@ -161,16 +168,19 @@ virSecurityManagerPtr virSecurityManagerNewDAC(const char
*virtDriver,
virSecurityManagerDispose(mgr);
return NULL;
}
+
virSecurityDACSetDynamicOwnership(mgr, dynamicOwnership);
return mgr;
}
-virSecurityManagerPtr virSecurityManagerNew(const char *name,
-const char *virtDriver,
-bool allowDiskFormatProbing,
-bool defaultConfined,
-bool requireConfined)
+
+virSecurityManagerPtr
+virSecurityManagerNew(const char *name,
+ const char *virtDriver,
+ bool allowDiskFormatProbing,
+ bool defaultConfined,
+ bool requireConfined)
{
virSecurityDriverPtr drv = virSecurityDriverLookup(name, virtDriver);
if (!drv)
@@ -211,7 +221,8 @@ virSecurityManagerPtr virSecurityManagerNew(const char
*name,
* followed by a call to virSecurityManagerPostFork() in both
* parent and child.
*/
-int virSecurityManagerPreFork(virSecurityManagerPtr mgr)
+int
+virSecurityManagerPreFork(virSecurityManagerPtr mgr)
{
int ret = 0;
@@ -230,12 +241,14 @@ int virSecurityManagerPreFork(virSecurityManagerPtr mgr)
* Must be called after fork()'ing in both parent and child
* to ensure mutex state is sane for the child to use
*/
-void virSecurityManagerPostFork(v
[libvirt] [PATCHv3 11/26] util: cgroup: Add helper to convert device mode to string
Cgroups code uses VIR_CGROUP_DEVICE_* flags to specify the mode but in
the end it needs to be converted to a string. Add a helper to do it and
use it in the cgroup code before introducing it into the rest of the
code.
---
src/libvirt_private.syms | 1 +
src/util/vircgroup.c | 62 +++-
src/util/vircgroup.h | 2 ++
3 files changed, 49 insertions(+), 16 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index bf3a45b..99e9d52 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1049,6 +1049,7 @@ virCgroupGetCpuCfsQuota;
virCgroupGetCpusetCpus;
virCgroupGetCpusetMems;
virCgroupGetCpuShares;
+virCgroupGetDevicePermsString;
virCgroupGetDomainTotalCpuStats;
virCgroupGetFreezerState;
virCgroupGetMemoryHardLimit;
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index c578bd0..2eaf265 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -2624,6 +2624,44 @@ virCgroupDenyAllDevices(virCgroupPtr group)
/**
+ * virCgroupGetDevicePermsString:
+ *
+ * @perms: Bitwise or of VIR_CGROUP_DEVICE permission bits
+ *
+ * Returns string corresponding to the appropriate bits set.
+ */
+const char *
+virCgroupGetDevicePermsString(int perms)
+{
+if (perms & VIR_CGROUP_DEVICE_READ) {
+if (perms & VIR_CGROUP_DEVICE_WRITE) {
+if (perms & VIR_CGROUP_DEVICE_MKNOD)
+return "rwm";
+else
+return "rw";
+} else {
+if (perms & VIR_CGROUP_DEVICE_MKNOD)
+return "rm";
+else
+return "r";
+}
+} else {
+if (perms & VIR_CGROUP_DEVICE_WRITE) {
+if (perms & VIR_CGROUP_DEVICE_MKNOD)
+return "wm";
+else
+return "w";
+} else {
+if (perms & VIR_CGROUP_DEVICE_MKNOD)
+return "m";
+else
+return "";
+}
+}
+}
+
+
+/**
* virCgroupAllowDevice:
*
* @group: The cgroup to allow a device for
@@ -2641,10 +2679,8 @@ virCgroupAllowDevice(virCgroupPtr group, char type, int
major, int minor,
int ret = -1;
char *devstr = NULL;
-if (virAsprintf(&devstr, "%c %i:%i %s%s%s", type, major, minor,
-perms & VIR_CGROUP_DEVICE_READ ? "r" : "",
-perms & VIR_CGROUP_DEVICE_WRITE ? "w" : "",
-perms & VIR_CGROUP_DEVICE_MKNOD ? "m" : "") < 0)
+if (virAsprintf(&devstr, "%c %i:%i %s", type, major, minor,
+virCgroupGetDevicePermsString(perms)) < 0)
goto cleanup;
if (virCgroupSetValueStr(group,
@@ -2678,10 +2714,8 @@ virCgroupAllowDeviceMajor(virCgroupPtr group, char type,
int major,
int ret = -1;
char *devstr = NULL;
-if (virAsprintf(&devstr, "%c %i:* %s%s%s", type, major,
-perms & VIR_CGROUP_DEVICE_READ ? "r" : "",
-perms & VIR_CGROUP_DEVICE_WRITE ? "w" : "",
-perms & VIR_CGROUP_DEVICE_MKNOD ? "m" : "") < 0)
+if (virAsprintf(&devstr, "%c %i:* %s", type, major,
+virCgroupGetDevicePermsString(perms)) < 0)
goto cleanup;
if (virCgroupSetValueStr(group,
@@ -2752,10 +2786,8 @@ virCgroupDenyDevice(virCgroupPtr group, char type, int
major, int minor,
int ret = -1;
char *devstr = NULL;
-if (virAsprintf(&devstr, "%c %i:%i %s%s%s", type, major, minor,
-perms & VIR_CGROUP_DEVICE_READ ? "r" : "",
-perms & VIR_CGROUP_DEVICE_WRITE ? "w" : "",
-perms & VIR_CGROUP_DEVICE_MKNOD ? "m" : "") < 0)
+if (virAsprintf(&devstr, "%c %i:%i %s", type, major, minor,
+virCgroupGetDevicePermsString(perms)) < 0)
goto cleanup;
if (virCgroupSetValueStr(group,
@@ -2789,10 +2821,8 @@ virCgroupDenyDeviceMajor(virCgroupPtr group, char type,
int major,
int ret = -1;
char *devstr = NULL;
-if (virAsprintf(&devstr, "%c %i:* %s%s%s", type, major,
-perms & VIR_CGROUP_DEVICE_READ ? "r" : "",
-perms & VIR_CGROUP_DEVICE_WRITE ? "w" : "",
-perms & VIR_CGROUP_DEVICE_MKNOD ? "m" : "") < 0)
+if (virAsprintf(&devstr, "%c %i:* %s", type, major,
+virCgroupGetDevicePermsString(perms)) < 0)
goto cleanup;
if (virCgroupSetValueStr(group,
diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
index 7bb46bf..3ab9f1c 100644
--- a/src/util/vircgroup.h
+++ b/src/util/vircgroup.h
@@ -173,6 +173,8 @@ enum {
VIR_CGROUP_DEVICE_RWM = VIR_CGROUP_DEVICE_RW | VIR_CGROUP_DEVICE_MKNOD,
};
+const char *virCgroupGetDevicePermsString(int perms);
+
int virCgroupDenyAllDevices(virCgroupPtr group);
int virCgroupAllowDevice(virCgroupPtr group,
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv3 17/26] security: selinux: Implement per-image seclabel set
Refactor the code and reuse it to implement the functionality.
---
src/security/security_selinux.c | 92 -
1 file changed, 54 insertions(+), 38 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 7b534b2..97f91f7 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -56,9 +56,6 @@ VIR_LOG_INIT("security.security_selinux");
typedef struct _virSecuritySELinuxData virSecuritySELinuxData;
typedef virSecuritySELinuxData *virSecuritySELinuxDataPtr;
-typedef struct _virSecuritySELinuxCallbackData virSecuritySELinuxCallbackData;
-typedef virSecuritySELinuxCallbackData *virSecuritySELinuxCallbackDataPtr;
-
struct _virSecuritySELinuxData {
char *domain_context;
char *alt_domain_context;
@@ -71,11 +68,6 @@ struct _virSecuritySELinuxData {
#endif
};
-struct _virSecuritySELinuxCallbackData {
-virSecurityManagerPtr manager;
-virSecurityLabelDefPtr secdef;
-};
-
#define SECURITY_SELINUX_VOID_DOI "0"
#define SECURITY_SELINUX_NAME "selinux"
@@ -1199,40 +1191,50 @@
virSecuritySELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
static int
-virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
- const char *path,
- size_t depth,
- void *opaque)
+virSecuritySELinuxSetSecurityImageLabelInternal(virSecurityManagerPtr mgr,
+virDomainDefPtr def,
+virStorageSourcePtr src,
+bool first)
{
-int ret;
+virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
+virSecurityLabelDefPtr secdef;
virSecurityDeviceLabelDefPtr disk_seclabel;
-virSecuritySELinuxCallbackDataPtr cbdata = opaque;
-virSecurityLabelDefPtr secdef = cbdata->secdef;
-virSecuritySELinuxDataPtr data =
virSecurityManagerGetPrivateData(cbdata->manager);
+int ret;
+
+if (!src->path ||
+virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK)
+return 0;
+
+secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+if (!secdef || secdef->norelabel)
+return 0;
-disk_seclabel = virStorageSourceGetSecurityLabelDef(disk->src,
+disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
SECURITY_SELINUX_NAME);
if (disk_seclabel && disk_seclabel->norelabel)
return 0;
-if (disk_seclabel && !disk_seclabel->norelabel &&
-disk_seclabel->label) {
-ret = virSecuritySELinuxSetFilecon(path, disk_seclabel->label);
-} else if (depth == 0) {
-
-if (disk->src->shared) {
-ret = virSecuritySELinuxSetFileconOptional(path,
data->file_context);
-} else if (disk->src->readonly) {
-ret = virSecuritySELinuxSetFileconOptional(path,
data->content_context);
+if (disk_seclabel && !disk_seclabel->norelabel && disk_seclabel->label) {
+ret = virSecuritySELinuxSetFilecon(src->path, disk_seclabel->label);
+} else if (first) {
+if (src->shared) {
+ret = virSecuritySELinuxSetFileconOptional(src->path,
+ data->file_context);
+} else if (src->readonly) {
+ret = virSecuritySELinuxSetFileconOptional(src->path,
+ data->content_context);
} else if (secdef->imagelabel) {
-ret = virSecuritySELinuxSetFileconOptional(path,
secdef->imagelabel);
+ret = virSecuritySELinuxSetFileconOptional(src->path,
+ secdef->imagelabel);
} else {
ret = 0;
}
} else {
-ret = virSecuritySELinuxSetFileconOptional(path,
data->content_context);
+ret = virSecuritySELinuxSetFileconOptional(src->path,
+ data->content_context);
}
+
if (ret == 1 && !disk_seclabel) {
/* If we failed to set a label, but virt_use_nfs let us
* proceed anyway, then we don't need to relabel later. */
@@ -1240,35 +1242,48 @@
virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
if (!disk_seclabel)
return -1;
disk_seclabel->labelskip = true;
-if (VIR_APPEND_ELEMENT(disk->src->seclabels, disk->src->nseclabels,
+if (VIR_APPEND_ELEMENT(src->seclabels, src->nseclabels,
disk_seclabel) < 0) {
virSecurityDeviceLabelDefFree(disk_seclabel);
return -1;
}
ret = 0;
}
+
return ret;
}
+
+static int
+virSecuritySELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
+
[libvirt] [python PATCH] maint: document development against uninstalled libvirt
Thanks to Dan's recent work in libvirt.git, it is much easier to develop against uninstalled libvirt. Mention how. * README: More details. Signed-off-by: Eric Blake --- README | 15 +++ 1 file changed, 15 insertions(+) diff --git a/README b/README index ad50828..df1de59 100644 --- a/README +++ b/README @@ -21,6 +21,21 @@ or to install as non-root python setup.py build python setup.py install --user +If python-nose is installed, you can test the package with + + python setup.py test + +A makefile shim is provided so that you can do + + make && make check + +rather than directly invoking setup.py. + +As of libvirt 1.2.6, it is possible to develop against an uninstalled +libvirt.git checkout, by setting some environment variables: + + export PKG_CONFIG_PATH=/path/to/libvirt/git/src/ + export LD_LIBRARY_PATH=/path/to/libvirt/git/src/.libs/ Patches for this code should be sent to the main libvirt development mailing list -- 1.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix compiler warning while un-wraping python object to uint in libvirt_virNodeGetFreePages
On 06/25/2014 10:18 AM, Nehal J Wani wrote: Long subject line, and a typo. Better is: build: use correct int conversion in GetFreePages then exposing the longer details in the commit body. > Introduced by commit c8ba859bc78f5e3b0ed2590f4e8a7fa6c26ac08f > > On compiling libvirt-python against libvirt 1.2.6, we get: > > libvirt-override.c: In function ‘libvirt_virNodeGetFreePages’: > libvirt-override.c:7811:9: warning: pointer targets in passing argument 2 of > ‘libvirt_intUnwrap’ differ in signedness [-Wpointer-sign] > if (libvirt_intUnwrap(tmp, &pages[i]) < 0) > ^ > In file included from libvirt-override.c:24:0: > typewrappers.h:169:5: note: expected ‘int *’ but argument is of type > ‘unsigned int *’ > int libvirt_intUnwrap(PyObject *obj, int *val); > ^ > --- > libvirt-override.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) ACK and will push shortly. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Xen-devel] [PATCH RFC OSSTEST 7/9] Toolstack: Abstract away migration support check.
On Wed, 2014-06-25 at 09:25 -0600, Jim Fehlig wrote: > Ian Campbell wrote: > > On Tue, 2014-06-24 at 21:18 -0600, Jim Fehlig wrote: > > > > > >> Something like the attached patch (compile-tested only). You'll need an > >> updated libvirt.git master to apply cleanly. > >> > > > > Thanks. Building on ARM I get: > > > > libxl/libxl_driver.c:4346:1: error: 'libxlDomainMigrateBegin3Params' > > defined but not used [-Werror=unused-function] > > libxl/libxl_driver.c:4384:1: error: 'libxlDomainMigratePrepare3Params' > > defined but not used [-Werror=unused-function] > > libxl/libxl_driver.c:4433:1: error: 'libxlDomainMigratePerform3Params' > > defined but not used [-Werror=unused-function] > > libxl/libxl_driver.c:4488:1: error: 'libxlDomainMigrateFinish3Params' > > defined but not used [-Werror=unused-function] > > libxl/libxl_driver.c:4539:1: error: 'libxlDomainMigrateConfirm3Params' > > defined but not used [-Werror=unused-function] > > > > Yeah, compile-tested on x86 only as it turned out. I was building > packages in the build service, where I had the libxl driver disabled for > aarch64 :-/. Whoops! > With the fixup, does this work for you? Is omitted > from the capabilities? Yes, it is omitted. On ARM: # virsh capabilities armv7l 4186112 xen 32 /usr/lib/xen/bin/qemu-dm xenpv Thanks, Ian. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv5 19/19] qemu: Add support for networked disks for block pull/block rebase
On 06/19/2014 07:59 AM, Peter Krempa wrote:
> Now that we are able to select images from the backing chain via indexed
> access we should also convert possible network sources to
> qemu-compatible strings before passing them to qemu.
> ---
> src/qemu/qemu_driver.c | 45 +
> 1 file changed, 41 insertions(+), 4 deletions(-)
Same caveats as in 18/19 about not necessarily working in mixed-source
chains (for that, we'd need to use node-names); but as it is definitely
more powerful than what libvirt previously supported, it's still worth
including under the incremental improvement umbrella.
> @@ -15040,6 +15042,13 @@ qemuDomainBlockJobImpl(virDomainObjPtr vm,
> goto cleanup;
> }
>
> +if (flags & VIR_DOMAIN_BLOCK_REBASE_RELATIVE && !base) {
> +virReportError(VIR_ERR_INVALID_ARG, "%s",
> + _("flag VIR_DOMAIN_BLOCK_REBASE_RELATIVE is valid
> only "
> + " with non-null base "));
Trailing space in the error message. This treats relative name with no
base as a hard error, which is okay but should be documented.
> +
> +if (!backingPath) {
> +virReportError(VIR_ERR_OPERATION_INVALID, "%s",
> + _("Can't keep relative backing
> relationship."));
No trailing '.'. Once again, back to the question of whether it is
nicer for the flag to be advisory (best effort to use relative, but
absolute fallback is okay) or mandatory (fail if the request cannot be
honored).
At this point, I'm leaning towards mandatory (it's easier to relax
mandatory to advisory later than it is to give advisory now and tighten
it up later; and I like to know if my explicit request cannot be
honored). But the documentation needs to match what we choose, and it
would help to have Adam's insight as a client of this flag.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv5 18/19] qemu: Add support for networked disks for block commit
On 06/19/2014 07:59 AM, Peter Krempa wrote:
> Now that we are able to select images from the backing chain via indexed
> access we should also convert possible network sources to
> qemu-compatible strings before passing them to qemu.
Eventually, we'll want to use qemu's node-name functionality, also being
added (but possibly in qemu 2.2 instead of 2.1, depends on how Jeff's
series goes). But for the simpler case of all files being local or all
files being network from the same pool (that is, no mixed-mode chains),
then this does appear to work at getting a decent name into qemu, at
which point qemu can indeed commit to the right target.
> ---
> src/qemu/qemu_driver.c | 39 ++-
> 1 file changed, 34 insertions(+), 5 deletions(-)
>
> +
> +if (flags & VIR_DOMAIN_BLOCK_COMMIT_RELATIVE &&
> +topSource != disk->src) {
So you are silently ignoring the flag if topSource is the active layer?
That's okay, but reflect it in the documentation earlier in the series.
> +if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_CHANGE_BACKING_FILE)) {
> +virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("this qemu doesn't support relative
> blockpull"));
> +goto endjob;
> +}
> +
> +if (virStorageFileGetRelativeBackingPath(topSource, baseSource,
> + &backingPath) < 0)
> +goto endjob;
> +
> +if (!backingPath) {
> +virReportError(VIR_ERR_OPERATION_INVALID, "%s",
> + _("Can't keep relative backing relationship."));
No '.' at end of the message.
Wait - the earlier patches said that relative names would be preserved
if possible, implying that an absolute name would still be used if a
relative name was not possible. But this errors out if a relative name
was not possible. Which is nicer to the end user, treating the flag as
advisory or mandatory? I'm hoping Adam can answer which he'd prefer, as
one of the first clients of this new feature.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Fix compiler warning while un-wraping python object to uint in libvirt_virNodeGetFreePages
Introduced by commit c8ba859bc78f5e3b0ed2590f4e8a7fa6c26ac08f
On compiling libvirt-python against libvirt 1.2.6, we get:
libvirt-override.c: In function ‘libvirt_virNodeGetFreePages’:
libvirt-override.c:7811:9: warning: pointer targets in passing argument 2 of
‘libvirt_intUnwrap’ differ in signedness [-Wpointer-sign]
if (libvirt_intUnwrap(tmp, &pages[i]) < 0)
^
In file included from libvirt-override.c:24:0:
typewrappers.h:169:5: note: expected ‘int *’ but argument is of type ‘unsigned
int *’
int libvirt_intUnwrap(PyObject *obj, int *val);
^
---
libvirt-override.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt-override.c b/libvirt-override.c
index 04fb4cd..40aefcc 100644
--- a/libvirt-override.c
+++ b/libvirt-override.c
@@ -7808,7 +7808,7 @@ libvirt_virNodeGetFreePages(PyObject *self
ATTRIBUTE_UNUSED,
for (i = 0; i < pyobj_pagesize_size; i++) {
PyObject *tmp = PyList_GetItem(pyobj_pagesize, i);
-if (libvirt_intUnwrap(tmp, &pages[i]) < 0)
+if (libvirt_uintUnwrap(tmp, &pages[i]) < 0)
goto cleanup;
}
--
1.9.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv5 17/19] lib: Introduce flag VIR_DOMAIN_BLOCK_REBASE_RELATIVE
On 06/19/2014 07:59 AM, Peter Krempa wrote:
> Introduce flag for the block rebase API to allow the rebase operation to
> leave the chain relatively addressed. Also adds a virsh switch to enable
> this behavior.
> ---
> include/libvirt/libvirt.h.in | 2 ++
> src/libvirt.c| 5 +
> tools/virsh-domain.c | 22 +++---
> tools/virsh.pod | 4
> 4 files changed, 30 insertions(+), 3 deletions(-)
Similar comments to 16/19 about being gated on qemu.git.
> +++ b/src/libvirt.c
> @@ -19716,6 +19716,11 @@ virDomainBlockPull(virDomainPtr dom, const char
> *disk,
> * exists. If the job is aborted, a new one can be started later to
> * resume from the same point.
> *
> + * If @flags contains VIR_DOMAIN_BLOCK_REBASE_RELATIVE, the name recorded
> + * into the overlay of the @base image as path to the new backing file
> + * will be kept relative to other images in case the backing chain was
> + * using relative names.
Quite wordy since the overlay of @base is always the active layer (given
the current limitations of blockpull); how about:
If @flags contains VIR_DOMAIN_BLOCK_REBASE_RELATIVE, the name recorded
into the active disk as the location for @base will be kept relative, if
the backing chain was using relative names.
Also needs to mention what happens if this flag is set bug @base is
omitted (silently ignored, or explicit error?)
> +++ b/tools/virsh-domain.c
> @@ -1479,10 +1479,14 @@ blockJobImpl(vshControl *ctl, const vshCmd *cmd,
> case VSH_CMD_BLOCK_JOB_PULL:
> if (vshCommandOptStringReq(ctl, cmd, "base", &base) < 0)
> goto cleanup;
> -if (base)
> -ret = virDomainBlockRebase(dom, path, base, bandwidth, 0);
> -else
> +if (base) {
> + if (vshCommandOptBool(cmd, "keep-relative"))
> + flags |= VIR_DOMAIN_BLOCK_REBASE_RELATIVE;
Here, you silently ignore the flag if base is omitted. Is it worth
calling the new API when the flag is specified but base is NULL, in
order to let virsh serve as a test for what happens if the flag is set
in error?
> +
> +ret = virDomainBlockRebase(dom, path, base, bandwidth, flags);
> +} else {
> ret = virDomainBlockPull(dom, path, bandwidth, 0);
> +}
In fact, I think you want to modify flags in advance, and then do if
(base || flags) virDomainBlockRebase(); else virDomainBlockPull()
> +{.name = "keep-relative",
> + .type = VSH_OT_BOOL,
> + .help = N_("keep the backing chain relative if it was relatively "
> +"referenced if it was before")
s/if it was before/before/
> @@ -2139,6 +2148,13 @@ cmdBlockPull(vshControl *ctl, const vshCmd *cmd)
> bool quit = false;
> int abort_flags = 0;
>
> +if (vshCommandOptBool(cmd, "keep-relative") &&
> +!vshCommandOptBool(cmd, "base")) {
> +vshError(ctl, "%s", _("--keep-relative is supported only with
> partial "
> + "pull operations with --base specified"));
> +return false;
> +}
Again, if virsh does less validation up front, then we can ensure that
lower in the stack behaves sanely with unusual requests. I'm not sure
this condition is worth having in virsh.
> +++ b/tools/virsh.pod
>
> +Using the I<--keep-relative> flag will try to keep the backing chain names
> +relative (if they were relative before).
Hmm, this wording is a bit nicer compared to the sentence you added in
16/19; might be worth trying to make them similar.
Looking forward to v6.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv5 15/19] qemu: monitor: Add support for backing name specification for block-stream
On 06/19/2014 07:59 AM, Peter Krempa wrote: > To allow changing the name that is recorded in the top of the current > image chain used in a block pull/rebase operation, we need to specify > the backing name to qemu. This is done via the "backing-file" attribute > to the block-stream commad. s/commad/command/ Gated by acceptance of Jeff's patches into qemu.git. > --- > src/qemu/qemu_driver.c | 8 > src/qemu/qemu_migration.c| 6 +++--- > src/qemu/qemu_monitor.c | 12 +++- > src/qemu/qemu_monitor.h | 3 ++- > src/qemu/qemu_monitor_json.c | 15 +++ > src/qemu/qemu_monitor_json.h | 1 + > 6 files changed, 32 insertions(+), 13 deletions(-) > ACK. This patch just wires up the parameter, but doesn't use it, so it's safe. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv5 16/19] lib: Introduce flag VIR_DOMAIN_BLOCK_COMMIT_RELATIVE
On 06/19/2014 07:59 AM, Peter Krempa wrote:
> Introduce flag for the block commit API to allow the commit operation to
> leave the chain relatively addressed. Also adds a virsh switch to enable
> this behavior.
> ---
> include/libvirt/libvirt.h.in | 4
> src/libvirt.c| 5 +
> tools/virsh-domain.c | 7 +++
> tools/virsh.pod | 5 +++--
> 4 files changed, 19 insertions(+), 2 deletions(-)
This patch can go in now, in order to make the freeze for 1.2.6. That
is, we can commit to this API even if we can't implement it in qemu
until Jeff's patches are in.
> +++ b/src/libvirt.c
> @@ -19879,6 +19879,11 @@ virDomainBlockRebase(virDomainPtr dom, const char
> *disk,
> * VIR_DOMAIN_BLOCK_COMMIT_DELETE, then this command will unlink all files
> * that were invalidated, after the commit successfully completes.
> *
> + * If @flags contains VIR_DOMAIN_BLOCK_COMMIT_RELATIVE, the name recorded
> + * into the overlay of the @top image as path to the new backing file
s/as path/as the path/
> + * will be kept relative to other images in case the backing chain was
> + * using relative names.
Should we also mention what happens if there is no overlay of @top (that
is, when @top is NULL or explicitly mentions the active layer)? Is this
flag then silently ignored, or an explicit error?
> +{.name = "keep-relative",
> + .type = VSH_OT_BOOL,
> + .help = N_("keep the backing chain relative if it was relatively "
> +"referenced if it was before")
s/if it was before/before/
> +files at the successful completion of the commit operation. When the
> +I<--keep-relative> flag is used, the backing file paths will be kept
> relative.
s/relative./relative, if possible./
So even though I'd like to commit to this API, it's probably enough
changes to post a v6 to make sure the grammar still reads well.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Xen-devel] [PATCH RFC OSSTEST 7/9] Toolstack: Abstract away migration support check.
Ian Campbell wrote:
> On Tue, 2014-06-24 at 21:18 -0600, Jim Fehlig wrote:
>
>
>> Something like the attached patch (compile-tested only). You'll need an
>> updated libvirt.git master to apply cleanly.
>>
>
> Thanks. Building on ARM I get:
>
> libxl/libxl_driver.c:4346:1: error: 'libxlDomainMigrateBegin3Params' defined
> but not used [-Werror=unused-function]
> libxl/libxl_driver.c:4384:1: error: 'libxlDomainMigratePrepare3Params'
> defined but not used [-Werror=unused-function]
> libxl/libxl_driver.c:4433:1: error: 'libxlDomainMigratePerform3Params'
> defined but not used [-Werror=unused-function]
> libxl/libxl_driver.c:4488:1: error: 'libxlDomainMigrateFinish3Params' defined
> but not used [-Werror=unused-function]
> libxl/libxl_driver.c:4539:1: error: 'libxlDomainMigrateConfirm3Params'
> defined but not used [-Werror=unused-function]
>
Yeah, compile-tested on x86 only as it turned out. I was building
packages in the build service, where I had the libxl driver disabled for
aarch64 :-/.
With the fixup, does this work for you? Is omitted
from the capabilities?
Regards,
Jim
> The fixup is obvious (I didn't bother with commit message etc since I
> expect you'll want to fold it in):
>
> commit 69606cdba69afdd5e2eea0096596ae3beaa34890
> Author: Ian Campbell
> Date: Wed Jun 25 11:48:45 2014 +0100
>
> fixup
>
> diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
> index f90bf64..03d397e 100644
> --- a/src/libxl/libxl_driver.c
> +++ b/src/libxl/libxl_driver.c
> @@ -4342,6 +4342,7 @@ libxlNodeDeviceReset(virNodeDevicePtr dev)
> return ret;
> }
>
> +#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
> static char *
> libxlDomainMigrateBegin3Params(virDomainPtr domain,
> virTypedParameterPtr params,
> @@ -4561,7 +4562,7 @@ libxlDomainMigrateConfirm3Params(virDomainPtr domain,
>
> return libxlDomainMigrationConfirm(driver, vm, flags, cancelled);
> }
> -
> +#endif /* ifndef LIBXL_HAVE_NO_SUSPEND_RESUME */
>
> static virDriver libxlDriver = {
> .no = VIR_DRV_LIBXL,
>
>
>
>
>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/2] cpuCompare*: Add support for reporting failure on incompatible CPUs
On 06/25/14 14:34, Jiri Denemark wrote: > When CPU comparison APIs return VIR_CPU_COMPARE_INCOMPATIBLE, the caller > has no clue why the CPU is considered incompatible with host CPU. And in > some cases, it would be nice to be able to get such info in a client > rather than having to look in logs. > > To achieve this, the APIs can be told to return VIR_ERR_CPU_INCOMPATIBLE > error for incompatible CPUs and the reason will be described in the > associated error message. > > Signed-off-by: Jiri Denemark > --- > include/libvirt/virterror.h | 2 ++ > src/bhyve/bhyve_driver.c| 2 +- > src/cpu/cpu.c | 10 ++ > src/cpu/cpu.h | 9 ++--- > src/cpu/cpu_aarch64.c | 3 ++- > src/cpu/cpu_arm.c | 3 ++- > src/cpu/cpu_generic.c | 15 +++ > src/cpu/cpu_powerpc.c | 10 -- > src/cpu/cpu_x86.c | 20 ++-- > src/qemu/qemu_driver.c | 2 +- > src/util/virerror.c | 6 ++ > tests/cputest.c | 4 ++-- > 12 files changed, 65 insertions(+), 21 deletions(-) > ACK, Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv2 1/3] lxc: allow to keep or drop capabilities
Added in the section of LXC domains configuration. This section can contain elements named after the capabilities like: , keep CAP_MKNOD capability drop CAP_SYS_CHROOT capability Users can restrict or give more capabilities than the default using this mechanism. --- docs/schemas/domaincommon.rng | 207 src/conf/domain_conf.c | 126 ++- src/conf/domain_conf.h | 56 +++ src/libvirt_private.syms| 3 + src/lxc/lxc_cgroup.c| 8 + src/lxc/lxc_container.c | 123 -- src/util/vircgroup.c| 74 - src/util/vircgroup.h| 2 + tests/domainschemadata/domain-caps-features.xml | 28 9 files changed, 602 insertions(+), 25 deletions(-) create mode 100644 tests/domainschemadata/domain-caps-features.xml diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 33d0308..22eb098 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3744,6 +3744,9 @@ + + + @@ -4311,6 +4314,200 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -4320,6 +4517,16 @@ + + + +default +allow +deny + + + +
[libvirt] [PATCHv2 0/3] LXC drop/keep capabilities feature
Changes since the previous version are: * add 'b *:* m' and 'c *:* m' to the device white list is CAP_MKNOD is requested instead of setting 'a *:* rwm'. * Add a policy='default|allow|deny' for the features/capabilities element. Cédric Bosdonnat (3): lxc: allow to keep or drop capabilities lxc domain from xml: convert lxc.cap.drop lxc: update doc to mention features/capabilities/* domain configuration docs/drvlxc.html.in| 47 + docs/schemas/domaincommon.rng | 207 + src/conf/domain_conf.c | 126 - src/conf/domain_conf.h | 56 ++ src/libvirt_private.syms | 3 + src/lxc/lxc_cgroup.c | 8 + src/lxc/lxc_container.c| 123 ++-- src/lxc/lxc_native.c | 25 +++ src/util/vircgroup.c | 74 +++- src/util/vircgroup.h | 2 + tests/domainschemadata/domain-caps-features.xml| 28 +++ tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml| 2 + tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-idmap.xml| 2 + .../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 4 + tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 4 + tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml| 2 + tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 4 + tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 8 + tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 4 + 22 files changed, 710 insertions(+), 25 deletions(-) create mode 100644 tests/domainschemadata/domain-caps-features.xml -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv2 3/3] lxc: update doc to mention features/capabilities/* domain configuration
--- docs/drvlxc.html.in | 47 +++ 1 file changed, 47 insertions(+) diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index fc4bc20..403ce24 100644 --- a/docs/drvlxc.html.in +++ b/docs/drvlxc.html.in @@ -540,6 +540,53 @@ debootstrap, whatever) under /opt/vm-1-root: +Altering the available capabilities + + +By default the libvirt LXC driver drops some capabilities among which CAP_MKNOD. +However since 1.2.6 libvirt can be told to keep or +drop some capabilities using a domain configuration like the following: + + +... ++ +... + + +The capabilities children elements are named after the capabilities as defined in +man 7 capabilities. An off state tells libvirt to drop the +capability, while an on state will force to keep the capability even though +this one is dropped by default. + + +The policy attribute can be one of default, allow +or deny. It defines the default rules for capabilities: either keep the +default behavior that is dropping a few selected capabilities, or keep all capabilities +or drop all capabilities. The interest of allow and deny is that +they guarantee that all capabilities will be kept (or removed) even if new ones are added +later. + + +The following example, drops all capabilities but CAP_MKNOD: + + +... ++ ++ + + +... + + +Note that allowing capabilities that are normally dropped by default can seriously +affect the security of the container and the host. + Container usage / management -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list+ ++
[libvirt] [PATCHv2 2/3] lxc domain from xml: convert lxc.cap.drop
---
src/lxc/lxc_native.c | 25 ++
tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml| 2 ++
tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 2 ++
tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 2 ++
tests/lxcconf2xmldata/lxcconf2xml-idmap.xml| 2 ++
.../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 4
tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 2 ++
tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 4
tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml| 2 ++
tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 4
tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 8 +++
tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 4
12 files changed, 61 insertions(+)
diff --git a/src/lxc/lxc_native.c b/src/lxc/lxc_native.c
index f4c4556..29ec188 100644
--- a/src/lxc/lxc_native.c
+++ b/src/lxc/lxc_native.c
@@ -838,6 +838,28 @@ lxcSetBlkioTune(virDomainDefPtr def, virConfPtr properties)
return 0;
}
+static void
+lxcSetCapDrop(virDomainDefPtr def, virConfPtr properties)
+{
+virConfValuePtr value;
+char **toDrop = NULL;
+const char *capString;
+size_t i;
+
+if ((value = virConfGetValue(properties, "lxc.cap.drop")) && value->str)
+toDrop = virStringSplit(value->str, " ", 0);
+
+for (i = 0; i < VIR_DOMAIN_CAPS_FEATURE_LAST; i++) {
+capString = virDomainCapsFeatureTypeToString(i);
+if (toDrop != NULL && virStringArrayHasString(toDrop, capString))
+def->caps_features[i] = VIR_DOMAIN_FEATURE_STATE_OFF;
+}
+
+def->features[VIR_DOMAIN_FEATURE_CAPABILITIES] =
VIR_DOMAIN_CAPABILITIES_POLICY_ALLOW;
+
+virStringFreeList(toDrop);
+}
+
virDomainDefPtr
lxcParseConfigString(const char *config)
{
@@ -935,6 +957,9 @@ lxcParseConfigString(const char *config)
if (lxcSetBlkioTune(vmdef, properties) < 0)
goto error;
+/* lxc.cap.drop */
+lxcSetCapDrop(vmdef, properties);
+
goto cleanup;
error:
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
index 36b8e52..c9c0469 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
@@ -25,6 +25,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
index 932ab61..e7863fa 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
@@ -13,6 +13,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
index 1bab1c6..50c5358 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
@@ -15,6 +15,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
index 050ccd6..80a83ff 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
@@ -14,6 +14,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
index 996c0f7..3105b8c 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
@@ -8,6 +8,10 @@
exe
/sbin/init
+
+
+
+
destroy
restart
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
index b7c919e..7df1ef0 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
@@ -15,6 +15,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
index 6d9e16d..e002b99 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
@@ -8,6 +8,10 @@
exe
/sbin/init
+
+
+
+
destroy
restart
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
index 101324a..dc9d635 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
@@ -10,6 +10,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
index 5fe1b03..cfaceb5 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
@@ -8,6 +8,10 @@
exe
/sbin/init
+
+
+
+
destroy
restart
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-simple
Re: [libvirt] [PATCH 2/2] virConnectCompareCPU: Introduce FAIL_INCOMPATIBLE flag
On 06/25/14 14:34, Jiri Denemark wrote: > The new VIR_CONNECT_COMPARE_CPU_FAIL_INCOMPATIBLE flag for > virConnectCompareCPU can be used to get an error > (VIR_ERR_CPU_INCOMPATIBLE) describing the incompatibility instead of the > usual VIR_CPU_COMPARE_INCOMPATIBLE return code. > > Signed-off-by: Jiri Denemark > --- > include/libvirt/libvirt.h.in | 5 + > src/bhyve/bhyve_driver.c | 17 + > src/libvirt.c| 9 +++-- > src/qemu/qemu_driver.c | 17 + > tools/virsh-domain.c | 11 +-- > 5 files changed, 47 insertions(+), 12 deletions(-) > virsh man page change is missing. Otherwise looks good to me. ACK if you add the man page section Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] cpu: Add new Broadwell CPU model
Signed-off-by: Jiri Denemark --- Notes: The corresponding patch [1] for QEMU is not usptream yet but nobody seems to be complaining about that model. And chances are the patch gets in before QEMU enters hard freeze for 2.1. So please review this patch but I won't push it until the model gets pushed to QEMU. [1] https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg04025.html src/cpu/cpu_map.xml | 8 1 file changed, 8 insertions(+) diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml index 7d34d40..d704e59 100644 --- a/src/cpu/cpu_map.xml +++ b/src/cpu/cpu_map.xml @@ -511,6 +511,14 @@ + + + + + + + + -- 2.0.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Xen-devel] [PATCH RFC OSSTEST 7/9] Toolstack: Abstract away migration support check.
On Tue, 2014-06-24 at 21:18 -0600, Jim Fehlig wrote:
> Something like the attached patch (compile-tested only). You'll need an
> updated libvirt.git master to apply cleanly.
Thanks. Building on ARM I get:
libxl/libxl_driver.c:4346:1: error: 'libxlDomainMigrateBegin3Params' defined
but not used [-Werror=unused-function]
libxl/libxl_driver.c:4384:1: error: 'libxlDomainMigratePrepare3Params' defined
but not used [-Werror=unused-function]
libxl/libxl_driver.c:4433:1: error: 'libxlDomainMigratePerform3Params' defined
but not used [-Werror=unused-function]
libxl/libxl_driver.c:4488:1: error: 'libxlDomainMigrateFinish3Params' defined
but not used [-Werror=unused-function]
libxl/libxl_driver.c:4539:1: error: 'libxlDomainMigrateConfirm3Params' defined
but not used [-Werror=unused-function]
The fixup is obvious (I didn't bother with commit message etc since I
expect you'll want to fold it in):
commit 69606cdba69afdd5e2eea0096596ae3beaa34890
Author: Ian Campbell
Date: Wed Jun 25 11:48:45 2014 +0100
fixup
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index f90bf64..03d397e 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -4342,6 +4342,7 @@ libxlNodeDeviceReset(virNodeDevicePtr dev)
return ret;
}
+#ifndef LIBXL_HAVE_NO_SUSPEND_RESUME
static char *
libxlDomainMigrateBegin3Params(virDomainPtr domain,
virTypedParameterPtr params,
@@ -4561,7 +4562,7 @@ libxlDomainMigrateConfirm3Params(virDomainPtr domain,
return libxlDomainMigrationConfirm(driver, vm, flags, cancelled);
}
-
+#endif /* ifndef LIBXL_HAVE_NO_SUSPEND_RESUME */
static virDriver libxlDriver = {
.no = VIR_DRV_LIBXL,
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
