From: Laine Stump
(I don't know whether or not we want to commit this upstream yet - the
proposed iptables and kernel module backend for the changes have been
posted but not yet committed upstream. On the other hand, the new
libvirt code ends up simply printing a warning message if the
necessary
From: Laine Stump
I just pushed this trivial fix, since it breaks the build for anyone
who uses -Wformat-security -Werror.
---
tools/virsh.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index 8e6e2b4..38ecc0f 100644
--- a/tools/virsh.c
Jiri,
I have an unrelated concern regarding the semantics of comparison of
host and guest CPUs.
I do not compare CPUs for fun, but rather to know if a guest can be run
on a specific host. However, this is not exactly what
virConnectCompareCPU gives me: A vmx-enabled host cpu is a superset of
itse
Hi Daniel,
I added some more info to this. I added a call to try to get the max number of
vcpus as well. For starters, here is the output of my 3 tests:
$ info1
-bash: info1: command not found
[perf...@pun-rlnx55-bpa01 tavares]$ ./info1
Failed to bind to socket /tmp/livirt_proxy_conn
Domains 0
On 07/12/2010 11:06 PM, Daniel Veillard wrote:
On Sat, Jul 10, 2010 at 10:52:56PM +1000, Justin Clift wrote:
- rm -f *~ *.bak *.hierarchy *.signals *-unused.txt
+ rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.html
maintainer-clean-local: clean-local
rm -rf libvirt-
---
This patch removes the individual author names from the libvirtd and virsh
man pages, instead referring to the main AUTHORS file distributed with
libvirt. This approach is needed, as we can't guarantee unicode support
across all versions of pod2man used with libvirt.
Additionally, this patch
On Fri, Jul 09, 2010 at 11:30:59AM -0400, Dave Allan wrote:
> On Fri, Jul 09, 2010 at 02:15:58PM +0200, Harald Dunkel wrote:
> > Hi folks,
> >
> > I would like to try out iscsi for virtual block
> > devices. This would be very interesting especially
> > for a migration at run time.
> >
> > Proble
> > though that could have been checked one level down in cpuCompare() which
> > could also make some checking about host and host->arch before
> > dereferencing.
> > Either it's an internal API where we trust the args or it's not
> > but it's important to fix the crash either there or in cpuCompar
> > When comparing a CPU without element, such as
> >
> >
> >
> >
> >
> > libvirt would happily crash without warning.
> > ---
> > src/cpu/cpu.c |6 ++
> > 1 files changed, 6 insertions(+), 0 deletions(-)
> >
> > diff --git a/src/cpu/cpu.c b/src/cpu/cpu.c
> > index 2
> > diff --git a/src/conf/cpu_conf.c b/src/conf/cpu_conf.c
> > index d9aa69c..35bcce8 100644
> > --- a/src/conf/cpu_conf.c
> > +++ b/src/conf/cpu_conf.c
> > @@ -130,9 +130,15 @@ virCPUDefParseXML(const xmlNodePtr node,
> > }
> >
> > if (mode == VIR_CPU_TYPE_AUTO) {
> > -if (virX
> > In case qemu supports -nodefconfig, libvirt adds uses it when launching
> > new guests. Since this option may affect CPU models supported by qemu,
> > we need to use it when probing for available models.
> > ---
> > src/qemu/qemu_conf.c | 16
> > src/qemu/qemu_conf.h |1
> > When a CPU to be compared with host CPU describes a host CPU instead of
> > a guest CPU, the result is incorrect. This is because instead of
> > treating additional features in host CPU description as required, they
> > were treated as if they were mentioned with all possible policies at the
>
> > diff --git a/tools/virsh.pod b/tools/virsh.pod
> > index 64cd0d0..e03dbe8 100644
> > --- a/tools/virsh.pod
> > +++ b/tools/virsh.pod
> > @@ -781,6 +781,8 @@ Returns the UUID of the named I.
> >
> > =head1 VOLUME COMMANDS
> >
> > +=over 4
> > +
> > =item B I I
> >
> > Create a volume fr
On Mon, Jul 12, 2010 at 05:48:44PM +0200, Jiri Denemark wrote:
> pod2man prints the following warning when generating virsh.1:
>
> tools/virsh.pod:890: Unmatched =back
> ---
> tools/virsh.pod |2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/tools/virsh.pod b/too
On Mon, Jul 12, 2010 at 05:50:24PM +0200, Jiri Denemark wrote:
> When comparing a CPU without element, such as
>
>
>
>
>
> libvirt would happily crash without warning.
> ---
> src/cpu/cpu.c |6 ++
> 1 files changed, 6 insertions(+), 0 deletions(-)
>
> diff --git a/sr
On Mon, Jul 12, 2010 at 05:49:16PM +0200, Jiri Denemark wrote:
> In case qemu supports -nodefconfig, libvirt adds uses it when launching
> new guests. Since this option may affect CPU models supported by qemu,
> we need to use it when probing for available models.
> ---
> src/qemu/qemu_conf.c |
On Mon, Jul 12, 2010 at 05:49:36PM +0200, Jiri Denemark wrote:
> When a CPU to be compared with host CPU describes a host CPU instead of
> a guest CPU, the result is incorrect. This is because instead of
> treating additional features in host CPU description as required, they
> were treated as if t
On Mon, Jul 12, 2010 at 05:49:53PM +0200, Jiri Denemark wrote:
> When autodetecting whether XML describes guest or host CPU, the presence
> of element is checked. If it's present, we treat the XML as host
> CPU definition. Which is right, since guest CPU definitions do not
> contain element. Howe
When a CPU to be compared with host CPU describes a host CPU instead of
a guest CPU, the result is incorrect. This is because instead of
treating additional features in host CPU description as required, they
were treated as if they were mentioned with all possible policies at the
same time.
---
sr
When autodetecting whether XML describes guest or host CPU, the presence
of element is checked. If it's present, we treat the XML as host
CPU definition. Which is right, since guest CPU definitions do not
contain element. However, if at the same time the root
element contains `match' attribute,
When comparing a CPU without element, such as
libvirt would happily crash without warning.
---
src/cpu/cpu.c |6 ++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/cpu/cpu.c b/src/cpu/cpu.c
index 279eee7..def6974 100644
--- a/src/cpu/cpu.c
+++ b/src
In case qemu supports -nodefconfig, libvirt adds uses it when launching
new guests. Since this option may affect CPU models supported by qemu,
we need to use it when probing for available models.
---
src/qemu/qemu_conf.c | 16
src/qemu/qemu_conf.h |1 +
2 files changed, 13 i
pod2man prints the following warning when generating virsh.1:
tools/virsh.pod:890: Unmatched =back
---
tools/virsh.pod |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/tools/virsh.pod b/tools/virsh.pod
index 64cd0d0..e03dbe8 100644
--- a/tools/virsh.pod
+++ b/tools/vi
I just logged onto the first X64 based machine with libvirt (0.3.3-18.5)
installed on it and I am only seeing the X64 based version of the shared
library. Here is what I am seeing:
$ rpm -qal libvirt | grep libvirt.so
/usr/lib64/libvirt.so.0
/usr/lib64/libvirt.so.0.3.3
Is there any reason why
When creating qcow2 files with a backing store, it is important
to set an explicit format to prevent QEMU probing. The storage
backend was only doing this if it found a 'kvm-img' binary. This
is wrong because plenty of kvm-img binaries don't support an
explicit format, and plenty of 'qemu-img' bina
Record a default driver name/type in capabilities struct. Use this
when parsing disks if value is not set in XML config.
* src/conf/capabilities.h: Record default driver name/type for disks
* src/conf/domain_conf.c: Fallback to default driver name/type
when parsing disks
* src/qemu/qemu_driver.c
Disk format probing is now disabled by default. A new config
option in /etc/qemu/qemu.conf will re-enable it for existing
deployments where this causes trouble
---
src/qemu/libvirtd_qemu.aug |1 +
src/qemu/qemu.conf | 12
src/qemu/qemu_conf.c |
The implementation of security driver callbacks often needs
to access the security driver object. Currently only a handful
of callbacks include the driver object as a parameter. Later
patches require this is many more places.
* src/qemu/qemu_driver.c: Pass in the security driver object
to all ca
There is duplicated code which iterates over disk backing stores
performing some action. Provide a convenient helper for doing
this to eliminate duplication & risk of mistakes with disk format
probing
* src/conf/domain_conf.c, src/conf/domain_conf.h,
src/libvirt_private.syms: Add virDomainDiskDe
Update the QEMU cgroups code, QEMU DAC security driver, SELinux
and AppArmour security drivers over to use the shared helper API
virDomainDiskDefForeachPath().
* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
src/security/security_selinux.c, src/security/virt-aa-helper.c:
Convert over t
The virStorageFileGetMetadataFromFD did two jobs in one. First
it probed for storage type, then it extracted metadata for the
type. It is desirable to be able to separate these jobs, allowing
probing without querying metadata, and querying metadata without
probing.
To prepare for this, split out p
Instead of including a field in FileTypeInfo struct for the
disk format, rely on the array index matching the format.
Use verify() to assert the correct number of elements in the
array.
* src/util/storage_file.c: remove type field from FileTypeInfo
---
src/util/storage_file.c | 108 +
The storage volume lookup code was probing for the backing store
format, instead of using the format extracted from the file
itself. This meant it could report in accurate information. If
a format is included in the file, then use that in preference,
with probing as a fallback.
* src/storage/stora
Require the disk image to be passed into virStorageFileGetMetadata.
If this is set to VIR_STORAGE_FILE_AUTO, then the format will be
resolved using probing. This makes it easier to control when
probing will be used
* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
src/security/security_sel
This patch series attempts to fix 3 security flaws in the handling
of virtual disk formats. This is just another occurrance of the
problem previously identified in Xen
https://www.redhat.com/security/data/cve/CVE-2008-2004.html
In essence, if a guest is configured with a disk, hda, backed in
th
When QEMU opens a backing store for a QCow2 file, it will
normally auto-probe for the format of the backing store,
rather than assuming it has the same format as the referencing
file. There is a QCow2 extension that allows an explicit format
for the backing store to be embedded in the referencing f
On Mon, Jul 12, 2010 at 02:08:18PM +0100, Daniel P. Berrange wrote:
> An indentation mistake meant that a check for return status
> was not properly performed in all cases. This could result
> in a crash on NULL pointer in a following line.
>
> * src/qemu/qemu_monitor_json.c: Fix check for return
For
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2242
IPtables will seek to preserve the source port unchanged when
doing masquerading, if possible. NFS has a pseudo-security
option where it checks for the source port <= 1023 before
allowing a mount request. If an admin has used this to
On 07/12/2010 11:11 PM, Daniel P. Berrange wrote:
This breaks the build on at least Fedora 12 due to unknown
-u flag, so I've removed this flag.
Thanks. Working on a workaround now, as it turns out that older
versions of perl can't handle unicode in their .pod pages. :/
Your F12 system may
On Thu, Jul 08, 2010 at 07:37:03PM -0400, David Allan wrote:
> There are many naming conventions for partitions associated with a
> block device. Some of the major ones are:
>
> /dev/foo -> /dev/foo1
> /dev/foo1 -> /dev/foo1p1
> /dev/mapper/foo -> /dev/mapper/foop1
> /dev/disk/by-path/foo -> /dev
On Sat, Jul 10, 2010 at 04:23:32PM -0600, Eric Blake wrote:
> On 07/10/2010 03:27 PM, Justin Clift wrote:
> > Looking at our present API docs though, they seem to be autogenerated,
> > so I'm no sure how to approach this.
> >
> > My initial thinking is maybe having the list of each function per
>
On Fri, Jul 09, 2010 at 08:26:31PM +1000, Justin Clift wrote:
> With gracious thanks to Chris Lalancette for helping knock the
> description section into shape.
>
> This addresses BZ #595350
>
> https://bugzilla.redhat.com/show_bug.cgi?id=595350
>
> ---
>
> This 2nd version of the patch inclu
An indentation mistake meant that a check for return status
was not properly performed in all cases. This could result
in a crash on NULL pointer in a following line.
* src/qemu/qemu_monitor_json.c: Fix check for return status
when processing JSON for blockstats
---
src/qemu/qemu_monitor_json.c
On Sat, Jul 10, 2010 at 10:52:56PM +1000, Justin Clift wrote:
> ---
>
> This is a simple fix so generated .html files in the docs directory
> are removed when make clean is run. Otherwise they're left in place.
>
> docs/Makefile.am |2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
Hi Daniel,
Sorry it took so long to back to this. I just recently ran into the same
problem on RHEL 5.5 where I am running into problems using the root owned
setuid executable to get domain information. Basically all that I needed to do
to show this was to modify the example program dominfo/i
45 matches
Mail list logo