From 4a3765d97c3f5049aa294a4b7b629eabfd9cf04d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= a...@sigxcpu.org
Date: Mon, 7 Mar 2011 22:22:36 +0100
Subject: [PATCH 1/2] Move rundir creation into separate function
---
daemon/libvirtd.c | 31 ---
1
On Mon, 07 Mar 2011 15:11:12 +0530
Nikunj A. Dadhania nik...@linux.vnet.ibm.com wrote:
Argh, thats me... :(
Thanks for the patch Kame.
Reviewed-by: Nikunj A. Dadhania nik...@linux.vnet.ibm.com
Thanks, rebased onto the latest git tree.
==
From 421a27337458648b808f0e45cdfd83192313d7cc Mon
otherwise the user might not have enough permissions to access the
socket if roots umask is 077.
http://bugs.debian.org/614210
---
daemon/libvirtd.c |3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 610e7fd..a968e05 100644
---
As perhaps other hypervisor drivers use different capacity units,
do the checking in qemu driver instead of in conf/domain_conf.c.
---
src/qemu/qemu_command.c |7 +++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index
As perhaps other hypervisor drivers use different capacity units,
do the checking in qemu driver instead of in conf/domain_conf.c.
---
src/qemu/qemu_command.c | 14 ++
1 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
Which blocks the domain booting up if one of the disks
can't be opened (e.g. doesn't exist).
---
src/security/security_dac.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index fba2d1d..8bb5bc9 100644
---
Am Dienstag 08 März 2011 03:48:55 schrieb Jim Fehlig:
Add a new xen driver based on libxenlight [1], which is the primary
toolstack starting with Xen 4.1.0. The driver is stateful, runs
privileged only, and is accessed with libxl:/// URI.
V4:
- Handle restart of libvirtd, reconnecting to
[ sending this by hand as git-send-email seems to have failed to send
the patch ... weird
Result: 250 2.0.0 p2979dJi005806 Message accepted for delivery
(mbox) Adding cc: Daniel Veillard veill...@redhat.com from line
'From: Daniel Veillard veill...@redhat.com'
(mbox) Adding to:
2011/3/9 Eric Blake ebl...@redhat.com:
I noticed these while testing 'make dist'.
Parsing ./../src/util/event.c
Function comment for virEventRegisterDefaultImpl lacks description of return
value
Function comment for virEventRunDefaultImpl lacks description of return value
Parsing
2011/3/8 john alexander sanabria ordonez john.sanab...@correounivalle.edu.co:
Hi,
I'm wondering how, when libvirt is installed from sources, to also install
the 'development' files?
I installed libvirt-0.8.8 with no problems and 'virsh' works OK. However,
when I try to install, for instance
I found this one while trying to compile ruby-libvirt.
Matthias
From 6858713a7ea7fad961acbc4d4f3c0c53ede2302d Mon Sep 17 00:00:00 2001
From: Matthias Bolte matthias.bo...@googlemail.com
Date: Wed, 9 Mar 2011 10:42:49 +0100
Subject: [PATCH] Include stdint.h in libvirt.h for INT64_MAX
I pushed this under the trivial build breaker rule.
Matthias
From fd48bb491477843d520a14f226e79fde3e053da7 Mon Sep 17 00:00:00 2001
From: Matthias Bolte matthias.bo...@googlemail.com
Date: Wed, 9 Mar 2011 11:17:34 +0100
Subject: [ruby-libvirt PATCH] Fix compile error due to missing semicolon
---
Am Freitag, 4. März 2011, um 17:35:03 schrieb Daniel P. Berrange:
Hi Daniel,
On Fri, Mar 04, 2011 at 04:53:20PM +0100, Stephan Mueller wrote:
Hi,
I would like to propose the following patch for the libvirtd.conf file to
document sVirt and its usage. If you have suggestions to add
On Wed, Mar 09, 2011 at 11:38:23AM +0100, Stephan Mueller wrote:
Am Freitag, 4. März 2011, um 17:35:03 schrieb Daniel P. Berrange:
+# A static assignment of SELinux labels imply that the administrator
+# manually configures the SELinux label of the virtual machine in
+#
On Tue, Mar 08, 2011 at 10:19:16PM +0100, Guido Günther wrote:
On Tue, Mar 08, 2011 at 06:57:02PM +, Daniel P. Berrange wrote:
[..snip..]
-libvirtd_LDADD += ../src/libvirt.la
+if WITH_SECDRIVER_SELINUX
+libvirtd_LDADD += $(SELINUX_LIBS)
+endif
+if WITH_SECDRIVER_APPARMOR
On Wed, Mar 09, 2011 at 09:17:56AM +0100, Guido Günther wrote:
From 4a3765d97c3f5049aa294a4b7b629eabfd9cf04d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= a...@sigxcpu.org
Date: Mon, 7 Mar 2011 22:22:36 +0100
Subject: [PATCH 1/2] Move rundir creation into separate function
On Wed, Mar 09, 2011 at 04:39:01PM +0800, Osier Yang wrote:
Which blocks the domain booting up if one of the disks
can't be opened (e.g. doesn't exist).
---
src/security/security_dac.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/security/security_dac.c
On Wed, Mar 09, 2011 at 03:43:44PM +0800, Hu Tao wrote:
---
src/qemu/qemu_driver.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 0f7cbad..f26b1ef 100644
--- a/src/qemu/qemu_driver.c
+++
On Wed, Mar 09, 2011 at 12:12:22PM +, Daniel P. Berrange wrote:
On Wed, Mar 09, 2011 at 09:17:56AM +0100, Guido Günther wrote:
From 4a3765d97c3f5049aa294a4b7b629eabfd9cf04d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= a...@sigxcpu.org
Date: Mon, 7 Mar 2011 22:22:36
qemu-img silently disable -e, so we can't use it for volume
encryption anymore, change it into -o encryption=on.
I'm afraid of it will inroduce compatibility problem for older
qemu without -o option, but -o option is already used in the
codes, seems it's fine.
* src/storage/storage_backend.c
---
On Wed, Mar 09, 2011 at 08:27:41PM +0800, Osier Yang wrote:
qemu-img silently disable -e, so we can't use it for volume
encryption anymore, change it into -o encryption=on.
I'm afraid of it will inroduce compatibility problem for older
qemu without -o option, but -o option is already used in
On Wed, Mar 09, 2011 at 12:18:44PM +, Daniel P. Berrange wrote:
On Wed, Mar 09, 2011 at 10:49:34AM +0100, Matthias Bolte wrote:
I found this one while trying to compile ruby-libvirt.
Matthias
From 6858713a7ea7fad961acbc4d4f3c0c53ede2302d Mon Sep 17 00:00:00 2001
From: Matthias
于 2011年03月09日 20:31, Daniel P. Berrange 写道:
On Wed, Mar 09, 2011 at 08:27:41PM +0800, Osier Yang wrote:
qemu-img silently disable -e, so we can't use it for volume
encryption anymore, change it into -o encryption=on.
I'm afraid of it will inroduce compatibility problem for older
qemu without
On Tue, Mar 08, 2011 at 06:11:53PM +0100, Michal Privoznik wrote:
so we can build even on rhel 5.6 where the original version is not yet.
---
configure.ac |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/configure.ac b/configure.ac
index 468fb07..dcab0ae 100644
On 03/09/2011 05:41 AM, Daniel P. Berrange wrote:
On Tue, Mar 08, 2011 at 06:11:53PM +0100, Michal Privoznik wrote:
so we can build even on rhel 5.6 where the original version is not yet.
---
configure.ac |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git
On Wed, Mar 09, 2011 at 20:27:41 +0800, Osier Yang wrote:
qemu-img silently disable -e, so we can't use it for volume
encryption anymore, change it into -o encryption=on.
I'm afraid of it will inroduce compatibility problem for older
qemu without -o option, but -o option is already used in
2011/3/9 Daniel Veillard veill...@redhat.com:
On Wed, Mar 09, 2011 at 12:18:44PM +, Daniel P. Berrange wrote:
On Wed, Mar 09, 2011 at 10:49:34AM +0100, Matthias Bolte wrote:
I found this one while trying to compile ruby-libvirt.
Matthias
From 6858713a7ea7fad961acbc4d4f3c0c53ede2302d
On Wed, Mar 09, 2011 at 12:03:37PM +, Daniel P. Berrange wrote:
[..snip..]
libvirt_driver_lxc_la_SOURCES = $(LXC_DRIVER_SOURCES)
@@ -870,6 +878,12 @@ libvirt_driver_storage_la_CFLAGS = \
-I@top_srcdir@/src/conf $(AM_CFLAGS)
libvirt_driver_storage_la_LDFLAGS =
The daemon/libvirtd.limits file (which is supposed to be copied to
/etc/security/limits.d/libvirtd.conf) is generated based on --qemu-user
option passed at configure time.
The file is intentionally not installed by make install since installing
it on distributions with higher or no limit on
On Wed, Mar 09, 2011 at 09:20:50AM +0100, Guido Günther wrote:
otherwise the user might not have enough permissions to access the
socket if roots umask is 077.
This version of the patch fixes the dependency on a sane umask without
introducing a new function.
O.k. to apply?
Cheers,
-- Guido
From
Hi,
Attached patch makes sure we reset the umask in qemudListenUnix on the
error path.
O.k. to apply?
-- Guido
From 10c0088ca1ee55a2e44802f1f0185d7a8be907ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= a...@sigxcpu.org
Date: Wed, 9 Mar 2011 14:19:56 +0100
Subject: [PATCH] Fix
Calling most hash APIs is not safe from inside of an iterator callback.
Exceptions are APIs that do not modify the hash table and removing
current hash entry from virHashFroEach callback.
This patch make all APIs which are not safe fail instead of just relying
on the callback being nice not
On 03/08/2011 06:24 PM, Eric Blake wrote:
* docs/formatdomain.html.in: Fix typo.
---
Pushing under the trivial rule.
docs/formatdomain.html.in |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index
On 03/08/2011 06:38 PM, Eric Blake wrote:
* docs/formatdomain.html.in: Document virtio backend selection.
---
How about I help out? :)
docs/formatdomain.html.in | 14 +-
1 files changed, 13 insertions(+), 1 deletions(-)
diff --git a/docs/formatdomain.html.in
On Wed, Mar 09, 2011 at 02:01:06PM +0100, Matthias Bolte wrote:
2011/3/9 Daniel Veillard veill...@redhat.com:
On Wed, Mar 09, 2011 at 12:18:44PM +, Daniel P. Berrange wrote:
On Wed, Mar 09, 2011 at 10:49:34AM +0100, Matthias Bolte wrote:
I found this one while trying to compile
On 03/09/2011 08:20 AM, Jiri Denemark wrote:
Some qemu monitor event handlers were issuing inadequate warning when
virDomainSaveStatus() failed. They copied the message from I/O error
handler without customizing it to provide better information on why
virDomainSaveStatus() was called.
---
qemu-img silently disable -e, so we can't use it for volume
encryption anymore, change it into -o encryption=on if qemu
supports -o option.
---
src/storage/storage_backend.c | 47 +---
1 files changed, 38 insertions(+), 9 deletions(-)
diff --git
于 2011年03月09日 20:50, Jiri Denemark 写道:
On Wed, Mar 09, 2011 at 20:27:41 +0800, Osier Yang wrote:
qemu-img silently disable -e, so we can't use it for volume
encryption anymore, change it into -o encryption=on.
I'm afraid of it will inroduce compatibility problem for older
qemu without -o
On Wed, Mar 09, 2011 at 02:16:47PM +, Daniel P. Berrange wrote:
On Wed, Mar 09, 2011 at 02:19:18PM +0100, Guido Günther wrote:
On Wed, Mar 09, 2011 at 09:20:50AM +0100, Guido Günther wrote:
otherwise the user might not have enough permissions to access the
socket if roots umask is
On Tue, Mar 08, 2011 at 10:13:43PM -0700, Eric Blake wrote:
* src/qemu/qemu_audit.c (qemuDomainHostdevAudit): Avoid use of
type, which has a pre-defined meaning.
(qemuDomainCgroupAudit): Likewise, as well as item.
---
v2: no real change
src/qemu/qemu_audit.c |6 +++---
1 files
On 03/09/2011 06:20 AM, Jiri Denemark wrote:
Calling most hash APIs is not safe from inside of an iterator callback.
Exceptions are APIs that do not modify the hash table and removing
current hash entry from virHashFroEach callback.
s/Fro/For/
ACK.
--
Eric Blake ebl...@redhat.com
On Tue, Mar 08, 2011 at 10:13:44PM -0700, Eric Blake wrote:
Device names can be manipulated, so it is better to also log
the major/minor device number corresponding to the cgroup ACL
changes that libvirt made. This required some refactoring
of the relatively new qemu cgroup audit code.
On Tue, Mar 08, 2011 at 10:13:45PM -0700, Eric Blake wrote:
Although the cgroup device ACL controller path can be worked out
by researching the code, it is more efficient to include that
information directly in the audit message.
* src/util/cgroup.h (virCgroupPathOfController): New
On 03/09/2011 06:48 AM, Cole Robinson wrote:
On 03/08/2011 06:38 PM, Eric Blake wrote:
* docs/formatdomain.html.in: Document virtio backend selection.
---
@@ -1401,6 +1401,18 @@ qemu-kvm -net nic,model=? /dev/null
/p
dl
+ dtcodename/code/dt
+ dd
+The optional
On 03/09/2011 02:21 AM, Matthias Bolte wrote:
2011/3/9 Eric Blake ebl...@redhat.com:
I noticed these while testing 'make dist'.
Parsing ./../src/util/event.c
Function comment for virEventRegisterDefaultImpl lacks description of return
value
Function comment for virEventRunDefaultImpl lacks
On 03/08/2011 10:27 PM, Eric Blake wrote:
On 03/08/2011 11:50 AM, Cole Robinson wrote:
virRun gives pretty useful error output, let's not overwrite it unless there
is a good reason. Some places were providing more information about what
the commands were _attempting_ to do, however that's
On Tue, Mar 08, 2011 at 10:13:46PM -0700, Eric Blake wrote:
Passing the vhost net device fd to qemu is worth an audit point,
since it is a kernel-managed device.
This patch points out that qemu still can't hot-plug and hot-unplug
vhost-net interfaces.
* src/qemu/qemu_audit.h
On Tue, Mar 08, 2011 at 10:13:47PM -0700, Eric Blake wrote:
* src/qemu/qemu_audit.h: The pattern qemuDomainXXXAudit is
inconsistent; prefer qemuAuditXXX instead.
* src/qemu/qemu_audit.c: Reflect the renames.
* src/qemu/qemu_driver.c: Likewise.
* src/qemu/qemu_hotplug.c: Likewise.
*
On Tue, Mar 08, 2011 at 10:13:48PM -0700, Eric Blake wrote:
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index ebf9ad5..83063a9 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -226,7 +229,8 @@ int qemuSetupCgroup(struct qemud_driver *driver,
On Tue, Mar 08, 2011 at 10:13:49PM -0700, Eric Blake wrote:
* src/qemu/qemu_audit.h (qemuAuditCgroupMajor)
(qemuAuditCgroupPath): Add parameter.
* src/qemu/qemu_audit.c (qemuAuditCgroupMajor)
(qemuAuditCgroupPath): Add 'acl=rwm' to cgroup audit entries.
* src/qemu/qemu_cgroup.c: Update
On Tue, Mar 08, 2011 at 10:13:50PM -0700, Eric Blake wrote:
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Honor vhost
designations, similar to qemu_command code paths.
* src/qemu/qemu_command.h (qemuOpenVhostNet): New prototype.
* src/qemu/qemu_command.c (qemuOpenVhostNet): Export.
On Thu, Mar 03, 2011 at 03:04:58PM +, Daniel P. Berrange wrote:
On Fri, Feb 25, 2011 at 07:04:07PM +0100, Jiri Denemark wrote:
This is quite hacky since it involves falling back to HMP when savevm
command is not found in QMP, which is something qemu monitor code was
not designed to
and add unified header to source files. Also remove LIBVIRT-MIB.txt
from %doc dir.
---
README |4 +++-
libvirt-snmp.spec.in| 10 +++---
src/libvirtGuestTable.c | 24 +---
src/libvirtGuestTable.h |
On 03/09/2011 08:43 AM, Michal Privoznik wrote:
and add unified header to source files. Also remove LIBVIRT-MIB.txt
from %doc dir.
+++ b/README
@@ -6,4 +6,6 @@ it is now possible to gather and set domain status over SNMP
from
one place. This allows to create views of entire platforms end
On Wed, Mar 02, 2011 at 05:07:48PM +0900, Taku Izumi wrote:
This patch introduces a new libvirt API (virDomainSetMemoryFlags) and
a flag (virDomainMemoryModFlags).
Signed-off-by: Taku Izumi izumi.t...@jp.fujitsu.com
---
include/libvirt/libvirt.h.in | 10 ++
src/libvirt.c
On Wed, Mar 02, 2011 at 05:08:48PM +0900, Taku Izumi wrote:
This patch implemetns the call back member for new API
on each driver.
Signed-off-by: Taku Izumi izumi.t...@jp.fujitsu.com
---
src/driver.h|5 +
src/esx/esx_driver.c|1 +
On Wed, Mar 02, 2011 at 05:13:09PM +0900, Taku Izumi wrote:
This patch implements the code to address the new API
in the qemu driver.
Signed-off-by: Taku Izumi izumi.t...@jp.fujitsu.com
---
src/qemu/qemu_driver.c | 64
+++--
1 file
On 03/09/2011 08:07 AM, Daniel P. Berrange wrote:
Rather than have the two strdup(rdev=?) calls, I reckon it
would be better to just return NULL. Then the caller can just
check for NULL itself fallback to a static rdev=?.
In fact, perhaps this should just do
virAsprintf(ret,
On 03/09/2011 08:57 AM, Daniel P. Berrange wrote:
+switch (flags) {
+case VIR_DOMAIN_MEM_CONFIG:
+persistentDef-mem.cur_balloon = newmem;
+ret = 0;
+break;
+
+case VIR_DOMAIN_MEM_LIVE:
+case VIR_DOMAIN_MEM_LIVE | VIR_DOMAIN_MEM_CONFIG:
I think it
On Wed, Mar 02, 2011 at 05:13:39PM +0900, Taku Izumi wrote:
This patch adds the new options (--live and --config) to virsh setmem
command.
The behavior of above options is the same as that of virsh setvcpus and so
on.
That is, when the --config option is specified, a modification is
On Thu, Mar 03, 2011 at 09:06:25PM -0600, Jesse Cook wrote:
This patch enables the relative backing file path support provided by
qemu-img create.
If the storage pool is not found with the specified path, check if the
file exists relative to the pool where the new image will be created by
On Thu, Feb 24, 2011 at 13:42:18 +, Daniel P. Berrange wrote:
The current LXC I/O controller looks for HUP to detect
when a guest has quit. This isn't reliable as during
initial bootup it is possible that 'init' will close
the console and let mingetty re-open it. The shutdown
of
On 03/03/2011 08:06 PM, Jesse Cook wrote:
This patch enables the relative backing file path support provided by
qemu-img create.
If the storage pool is not found with the specified path, check if the
file exists relative to the pool where the new image will be created by
prepending the
On Wed, Mar 09, 2011 at 09:23:11AM -0700, Eric Blake wrote:
On 03/03/2011 08:06 PM, Jesse Cook wrote:
This patch enables the relative backing file path support provided by
qemu-img create.
If the storage pool is not found with the specified path, check if the
file exists relative to
On 03/09/2011 08:10 AM, Daniel P. Berrange wrote:
+virCgroupPathOfController(cgroup, VIR_CGROUP_CONTROLLER_DEVICES,
+ NULL, controller);
+
+if (!(detail = virAuditEncode(cgroup, VIR_AUDIT_STR(controller {
+VIR_WARN0(OOM while encoding audit
Hi,
I don't know who's the right person to ask so I'm posting this into the
libvir-list. We're going to have the libvirt-php package in Fedora (but
renamed to php-libvirt only) but I don't know about the licencing. The
licence in the SPEC file (by Lyre) is set to PHP however the licence
file
On Wed, Mar 09, 2011 at 06:05:22PM +0100, Michal Novotny wrote:
Hi,
I don't know who's the right person to ask so I'm posting this into
the libvir-list. We're going to have the libvirt-php package in
Fedora (but renamed to php-libvirt only) but I don't know about the
licencing. The licence in
On 03/09/2011 06:17 PM, Daniel P. Berrange wrote:
On Wed, Mar 09, 2011 at 06:05:22PM +0100, Michal Novotny wrote:
Hi,
I don't know who's the right person to ask so I'm posting this into
the libvir-list. We're going to have the libvirt-php package in
Fedora (but renamed to php-libvirt only) but
On 03/09/2011 08:24 AM, Daniel P. Berrange wrote:
On Tue, Mar 08, 2011 at 10:13:48PM -0700, Eric Blake wrote:
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index ebf9ad5..83063a9 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -226,7 +229,8 @@ int
On 03/09/2011 06:17 PM, Daniel P. Berrange wrote:
On Wed, Mar 09, 2011 at 06:05:22PM +0100, Michal Novotny wrote:
Hi,
I don't know who's the right person to ask so I'm posting this into
the libvir-list. We're going to have the libvirt-php package in
Fedora (but renamed to php-libvirt only) but
On Wed, 2011-03-09 at 09:23 -0700, Eric Blake wrote:
On 03/03/2011 08:06 PM, Jesse Cook wrote:
This patch enables the relative backing file path support provided by
qemu-img create.
If the storage pool is not found with the specified path, check if the
file exists relative to the pool
On Wed, 2011-03-09 at 16:07 +, Daniel P. Berrange wrote:
On Thu, Mar 03, 2011 at 09:06:25PM -0600, Jesse Cook wrote:
This patch enables the relative backing file path support provided by
qemu-img create.
If the storage pool is not found with the specified path, check if the
file
On 03/09/2011 11:34 AM, Michal Novotny wrote:
http://www.gnu.org/licenses/license-list.html#GPLIncompatibleLicenses
So, the libvirt-php module would have to be under either the PHP license,
or something less restrictive.
Regards,
Daniel
Well, I've been reading PHP-LICENSE-3.01 file of
On 03/09/2011 07:45 PM, Eric Blake wrote:
On 03/09/2011 11:34 AM, Michal Novotny wrote:
http://www.gnu.org/licenses/license-list.html#GPLIncompatibleLicenses
So, the libvirt-php module would have to be under either the PHP license,
or something less restrictive.
Regards,
Daniel
Well,
On 03/09/2011 08:26 AM, Daniel P. Berrange wrote:
On Tue, Mar 08, 2011 at 10:13:49PM -0700, Eric Blake wrote:
* src/qemu/qemu_audit.h (qemuAuditCgroupMajor)
(qemuAuditCgroupPath): Add parameter.
* src/qemu/qemu_audit.c (qemuAuditCgroupMajor)
(qemuAuditCgroupPath): Add 'acl=rwm' to cgroup
I hope this closes out my audit series. As promised in
https://www.redhat.com/archives/libvir-list/2011-March/msg00415.html,
here's the updated and tested network device auditing patches. This
time, I've completed testing: in virt-manager, I attached a hypervisor
default (non-virtio, so no
Opening raw network devices with the intent of passing those fds to
qemu is worth an audit point. This makes a multi-part audit: first,
we audit the device(s) that libvirt opens on behalf of the MAC address
of a to-be-created interface (which can independently succeed or
fail), then we audit
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Honor vhost
designations, similar to qemu_command code paths.
* src/qemu/qemu_command.h (qemuOpenVhostNet): New prototype.
* src/qemu/qemu_command.c (qemuOpenVhostNet): Export.
---
Hmm, I just realized that it might be nice to have a
On 03/09/2011 08:19 AM, Daniel P. Berrange wrote:
There are several devices for networking
- With type=bridge or type=network, /dev/net/tun is opened to
get a FD for a tap device instance
- With type=direct, /dev/tap%d is opened to get an FD for
a macvtap device instance
In
Since libvirt always passes /dev/net/tun to qemu via fd, we should
never trigger the cases where qemu tries to directly open the
device. Therefore, it is safer to deny the cgroup device ACL.
* src/qemu/qemu_cgroup.c (defaultDeviceACL): Remove /dev/net/tun.
* src/qemu/qemu.conf
Outgoing migration still uses a Unix socket and or exec netcat until
the next patch.
* src/qemu/qemu_migration.c (qemuMigrationPrepareTunnel):
Replace Unix socket with simpler pipe.
Suggested by Paolo Bonzini.
---
src/qemu/qemu_migration.c | 45 +
1
* src/qemu/qemu_monitor_text.h (qemuMonitorTextMigrate): Declare
in place of individual monitor commands.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONMigrate): Likewise.
* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToHost)
(qemuMonitorTextMigrateToCommand, qemuMonitorTextMigrateToFile)
This allows direct saves (no compression, no root-squash NFS) to use
the more efficient fd: migration, which in turn avoids a race where
qemu exec: migration can sometimes fail because qemu does a generic
waitpid() that conflicts with the pclose() used by exec:. Further
patches will solve
* src/qemu/qemu_monitor.h (qemuMonitorMigrateToFd): New
prototype.
* src/qemu/qemu_monitor.c (qemuMonitorMigrateToFd): New function.
---
src/qemu/qemu_monitor.c | 31 +++
src/qemu/qemu_monitor.h |4
2 files changed, 35 insertions(+), 0 deletions(-)
diff
This makes root-squash NFS saves more efficient.
* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Use new
virFileOperation flag to open fd only once.
---
src/qemu/qemu_driver.c | 75 +---
1 files changed, 39 insertions(+), 36 deletions(-)
diff --git
This patch intentionally doesn't change indentation, in order to
make it easier to review the real changes.
* src/util/util.h (VIR_FILE_OP_RETURN_FD, virFileOperationHook):
Delete.
(virFileOperation): Rename...
(virFileOpenAs): ...and reduce parameters.
* src/util/util.c (virFileOperationNoFork,
Currently, the hook function in virFileOperation is extremely limited:
it must be async-signal-safe, and cannot modify any memory in the
parent process. It is much handier to return a valid fd and operate
on it in the parent than to deal with hook restrictions.
* src/util/util.h
* src/storage/storage_backend.c (virStorageBackendCreateRaw): Use
new virFileOperation flag.
---
src/storage/storage_backend.c | 48 +---
1 files changed, 30 insertions(+), 18 deletions(-)
diff --git a/src/storage/storage_backend.c
Separating the indentation from the real patch made review easier.
* src/util/util.c (virFileOpenAs): Whitespace changes.
---
src/util/util.c | 101 +-
1 files changed, 47 insertions(+), 54 deletions(-)
diff --git a/src/util/util.c
于 2011年03月10日 00:44, Daniel P. Berrange 写道:
qemu-img silently disable -e, so we can't use it for volume
encryption anymore, change it into -o encryption=on if qemu
supports -o option.
Thanks, pushed.
Regards
Osier
--
libvir-list mailing list
libvir-list@redhat.com
SELinux labeling and cgroup ACLs aren't required if we hand a
pre-opened fd to qemu. All the more reason to love fd: migration.
* src/qemu/qemu_driver.c (qemuDomainMigrateToFile): Skip steps
that are irrelevant in fd migration.
---
src/qemu/qemu_driver.c | 65
* src/storage/storage_backend.c (createRawFileOpHook): Change
signature.
(struct createRawFileOpHookData): Delete unused struct.
(virStorageBackendCreateRaw): Adjust caller.
* src/qemu/qemu_driver.c (struct fileOpHookData): Delete unused
struct.
(qemudDomainSaveFileOpHook): Rename...
Direct access to an open file is so much simpler than passing
everything through a pipe!
* src/qemu/qemu_driver.c (qemudOpenAsUID)
(qemudDomainSaveImageClose): Delete.
(qemudDomainSaveImageOpen): Rename...
(qemuDomainSaveImageOpen): ...and drop read_pid argument. Use
virFileOpenAs instead of
Spawn the compressor ourselves, instead of requiring the shell.
* src/qemu/qemu_driver.c (qemuDomainMigrateToFile): Spawn
compression helper process when needed.
---
src/qemu/qemu_driver.c | 37 -
1 files changed, 32 insertions(+), 5 deletions(-)
diff --git
This points out that core dumps (still) don't work for root-squash
NFS, since the fd is not opened correctly. This patch should not
introduce any functionality change, it is just a refactoring to
avoid duplicated code.
* src/qemu/qemu_driver.c (qemuDomainMigrateToFile): New function.
On 03/09/2011 03:42 PM, Eric Blake wrote:
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Honor vhost
designations, similar to qemu_command code paths.
* src/qemu/qemu_command.h (qemuOpenVhostNet): New prototype.
* src/qemu/qemu_command.c (qemuOpenVhostNet): Export.
---
Hmm, I just
On 03/09/2011 08:45 PM, Eric Blake wrote:
Needs more testing - especially on root-squash NFS
Starting up a domain with backing store on root-squash NFS works fine.
When I try to save the domain to a directory on a root-squash NFS,
though, the save hangs forever with a zombified child process
Markus Gross wrote:
Am Dienstag 08 März 2011 03:48:55 schrieb Jim Fehlig:
Add a new xen driver based on libxenlight [1], which is the primary
toolstack starting with Xen 4.1.0. The driver is stateful, runs
privileged only, and is accessed with libxl:/// URI.
V4:
- Handle restart of
For newer qemu-img, the help string for backing file format is
[-F backing_fmt].
Fix the wrong logic error by commit e997c268.
* src/storage/storage_backend.c
---
src/storage/storage_backend.c |7 ---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git
于 2011年03月10日 15:29, Daniel Veillard 写道:
On Thu, Mar 10, 2011 at 03:08:28PM +0800, Osier Yang wrote:
For newer qemu-img, the help string for backing file format is
[-F backing_fmt].
Fix the wrong logic error by commit e997c268.
* src/storage/storage_backend.c
---
1 - 100 of 102 matches
Mail list logo
