user namespace doesn't allow to create devices in
uninit userns. We should create devices on host side.
We first mount tmpfs on dev directroy under state dir
of container. then create devices under this dev dir.
Finally in container, mount the dev directroy created
on host to the /dev/ directroy
Make sure the mapping line contains the root user of container
is the first element of idmap array. So we can get the real
user id on host for the container easily.
This patch also check the map information, User must map
the root user of container to any user of host.
Signed-off-by: Gao feng
This patchset try to add userns support for libvirt lxc.
Since userns is nearly completed in linux-3.9, the old
kernel doesn't support userns, I add some New XML elements
to let people decide if enable userns.The userns is enabled
only when user configure the XML.
The format of user namespace
This patch introduces new helper function
virLXCControllerSetupUserns, in this function,
we set the files uid_map and gid_map of the init
task of container.
lxcContainerSetID is used for creating cred for
tasks running in container. Since after setuid/setgid,
we may be a new user. This patch
Since these tty devices will be used by container,
the owner of them should be the root user of container.
This patch also adds a new function virLXCControllerChown,
we can use this general function to change the owner of
files.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
Since these devices are created for the container.
the owner should be the root user of the container.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
src/lxc/lxc_controller.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index
These files are created for container,
the owner should be the root user of container.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
src/lxc/lxc_controller.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index dd85235..d12c4c2
container will create /dev/pts directory in /dev.
the owner of /dev should be the root user of container.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
src/lxc/lxc_controller.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index
User namespace will be enabled only when the idmap exist
in configuration.
If you want disable user namespace,just remove these
elements from XML.
If kernel doesn't support user namespace and idmap exist
in configuration file, libvirt lxc will start failed and
return Kernel doesn't support user
The owner of the /proc/meminfo in container should
be the root user of container.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
src/lxc/lxc_fuse.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/lxc/lxc_fuse.c b/src/lxc/lxc_fuse.c
index 32886cd..b98a0d9 100644
---
This patch introduces new element idmap for
user namespace. for example
idmap
uid start='0' target='1000' count='10'/
gid start='0' target='1000' count='10'/
/idmap
this new element is used for setting proc files
/proc/pid/{uid_map,gid_map}.
This patch also supports multiple uid/gid
On 05/24/2013 11:08 AM, Osier Yang wrote:
When either cpuset of vcpu is specified, or the placement of
vcpu is auto, only setting the cpuset.mems might cause the guest
starting to fail. E.g. (placement of both vcpu and numatune is
auto):
After spending a lot of time with this, I'm still not
On 05/24/2013 11:08 AM, Osier Yang wrote:
I don't see any reason to getting the numa parameters if mode is
not strict, as long as setNumaParameters doesn't allow to set
nodeset if the mode is not strict, and cpuset.mems only understand
strict mode.
NACK, this makes sense for 'interleave' as
On Thu, Jun 06, 2013 at 01:55:17PM -0400, Cole Robinson wrote:
Since this package isn't provided by any stock RH based distro. The
upstream RPMs are called VirtualBox anyways.
---
libvirt.spec.in | 1 -
1 file changed, 1 deletion(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index
On 05/30/2013 02:24 PM, John Ferlan wrote:
Since commit '632f78ca' the 'virsh schedinfo domain' command returns:
Scheduler : Unknown
error: Requested operation is not valid: cgroup CPU controller is not mounted
Prior to that change a non running domain would return:
Scheduler
On Thu, May 30, 2013 at 08:24:59AM -0400, John Ferlan wrote:
Since commit '632f78ca' the 'virsh schedinfo domain' command returns:
Scheduler : Unknown
error: Requested operation is not valid: cgroup CPU controller is not mounted
Prior to that change a non running domain would return:
Add monitor callback API domainGuestPanic, that implements
'destroy', 'restart' and 'preserve' events of the 'on_crash'
in the XML when domain crashed.
---
src/qemu/qemu_domain.h | 1 +
src/qemu/qemu_driver.c | 92
src/qemu/qemu_monitor.c
This patch introduces domain crashed types and crashed reasons which
will be used while guest panicked.
---
examples/domain-events/events-c/event-test.c | 10 ++
include/libvirt/libvirt.h.in | 16
src/conf/domain_conf.c | 12
Changes:
v5-v6: Refactor the patches, and fix the incorrect indentation and name.
v4-v5: 1. fix the incorrect indentation and explanation (of some reasons).
v3-v4: 1. Supports the dumpcore options of the oncrash element in the XML.
2. Move the previous code to
Add doDumpCoreToAutoPath to implement
'coredump-destroy' and 'coredump-restart' events of the 'on_crash'
in the XML when domain crashed.
---
src/qemu/qemu_driver.c | 65 ++
1 file changed, 65 insertions(+)
diff --git a/src/qemu/qemu_driver.c
---
src/qemu/qemu_process.c | 2 +-
src/qemu/qemu_process.h | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 7a1535e..163bd96 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -611,7 +611,7 @@
---
src/qemu/qemu_domain.h | 10 ++--
src/qemu/qemu_driver.c | 65 +++--
src/qemu/qemu_process.c | 13 +-
3 files changed, 56 insertions(+), 32 deletions(-)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index
VIR_ERROR_INT calls virLogMessage(..., const char *fmt, ...).
Call virLogVMessage(..., const char *fmt, va_list list) instead,
since libudev called us with a va_list object, not a list of arguments.
https://bugzilla.redhat.com/show_bug.cgi?id=969152
---
Without the cast, I was getting:
On Fri, Jun 07, 2013 at 03:12:18PM +0800, Gao feng wrote:
This patch introduces new element idmap for
user namespace. for example
idmap
uid start='0' target='1000' count='10'/
gid start='0' target='1000' count='10'/
/idmap
this new element is used for setting proc files
On Fri, Jun 07, 2013 at 03:12:19PM +0800, Gao feng wrote:
User namespace will be enabled only when the idmap exist
in configuration.
If you want disable user namespace,just remove these
elements from XML.
If kernel doesn't support user namespace and idmap exist
in configuration file,
On Thu, Jun 06, 2013 at 18:11:39 +0200, Michal Privoznik wrote:
This internal API checks, if passed address is ANYCAST address.
---
src/libvirt_private.syms | 1 +
src/util/virsocketaddr.c | 20
src/util/virsocketaddr.h | 1 +
tests/sockettest.c | 38
On Fri, Jun 07, 2013 at 03:12:21PM +0800, Gao feng wrote:
This patch introduces new helper function
virLXCControllerSetupUserns, in this function,
we set the files uid_map and gid_map of the init
task of container.
lxcContainerSetID is used for creating cred for
tasks running in container.
On Fri, Jun 07, 2013 at 03:12:20PM +0800, Gao feng wrote:
Make sure the mapping line contains the root user of container
is the first element of idmap array. So we can get the real
user id on host for the container easily.
This patch also check the map information, User must map
the root
On Fri, Jun 07, 2013 at 03:12:22PM +0800, Gao feng wrote:
user namespace doesn't allow to create devices in
uninit userns. We should create devices on host side.
We first mount tmpfs on dev directroy under state dir
of container. then create devices under this dev dir.
Finally in
On Fri, Jun 07, 2013 at 03:12:23PM +0800, Gao feng wrote:
Since these tty devices will be used by container,
the owner of them should be the root user of container.
This patch also adds a new function virLXCControllerChown,
we can use this general function to change the owner of
files.
On Fri, Jun 07, 2013 at 03:12:25PM +0800, Gao feng wrote:
Since these devices are created for the container.
the owner should be the root user of the container.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
src/lxc/lxc_controller.c | 4
1 file changed, 4 insertions(+)
diff
On Fri, Jun 07, 2013 at 03:12:24PM +0800, Gao feng wrote:
container will create /dev/pts directory in /dev.
the owner of /dev should be the root user of container.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
src/lxc/lxc_controller.c | 3 +++
1 file changed, 3 insertions(+)
diff
On Fri, Jun 07, 2013 at 03:12:26PM +0800, Gao feng wrote:
These files are created for container,
the owner should be the root user of container.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
src/lxc/lxc_controller.c | 4
1 file changed, 4 insertions(+)
diff --git
On Fri, Jun 07, 2013 at 03:12:27PM +0800, Gao feng wrote:
The owner of the /proc/meminfo in container should
be the root user of container.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
src/lxc/lxc_fuse.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/lxc/lxc_fuse.c
On Fri, Jun 07, 2013 at 01:42:10PM +0200, Jiri Denemark wrote:
On Thu, Jun 06, 2013 at 18:11:39 +0200, Michal Privoznik wrote:
This internal API checks, if passed address is ANYCAST address.
---
src/libvirt_private.syms | 1 +
src/util/virsocketaddr.c | 20
On Thu, Jun 06, 2013 at 05:08:12PM +0200, Ján Tomko wrote:
iscsiadm now supports specifying hostnames in the portal argument [1]
Instead of resolving the hostname to a single IPv4 address, pass the
hostname to isciadm, allowing IPv6 targets to work.
Resolves:
On Thu, Jun 06, 2013 at 06:11:40PM +0200, Michal Privoznik wrote:
Since we have the new internal API to check for wildcard address,
we can use it instead of parsing and formatting.
---
src/qemu/qemu_migration.c | 18 ++
1 file changed, 2 insertions(+), 16 deletions(-)
diff
On Thu, Jun 06, 2013 at 06:11:39PM +0200, Michal Privoznik wrote:
This internal API checks, if passed address is ANYCAST address.
---
src/libvirt_private.syms | 1 +
src/util/virsocketaddr.c | 20
src/util/virsocketaddr.h | 1 +
tests/sockettest.c | 38
On Thu, Jun 06, 2013 at 06:00:13PM -0400, Chunyan Liu wrote:
This patch series include two patches:
1/2 is the implementation of the hostdev passthrough common library.
To meet two purposes:
a. move qemu hostdev APIs to common library so that it could be used by all
hypervisor drivers.
b.
On 06/07/2013 12:19 PM, Daniel P. Berrange wrote:
On Thu, May 30, 2013 at 08:24:59AM -0400, John Ferlan wrote:
Since commit '632f78ca' the 'virsh schedinfo domain' command returns:
Scheduler : Unknown
error: Requested operation is not valid: cgroup CPU controller is not mounted
Prior
On Fri, Jun 07, 2013 at 01:55:36PM +0200, Martin Kletzander wrote:
On 06/07/2013 12:19 PM, Daniel P. Berrange wrote:
On Thu, May 30, 2013 at 08:24:59AM -0400, John Ferlan wrote:
Since commit '632f78ca' the 'virsh schedinfo domain' command returns:
Scheduler : Unknown
error:
Avoid leaking virDomainDef if Prepare phase fails before it gets to
qemuMigrationPrepareAny.
---
src/qemu/qemu_driver.c| 12
src/qemu/qemu_migration.c | 29 ++---
src/qemu/qemu_migration.h | 4 ++--
3 files changed, 20 insertions(+), 25 deletions(-)
diff
On Wed, Jun 05, 2013 at 03:43:52PM +0200, Peter Krempa wrote:
The cmd argument in cmdList is now used. Unmark it as unused.
---
tools/virsh-domain-monitor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c
index
On Wed, Jun 05, 2013 at 03:43:53PM +0200, Peter Krempa wrote:
The 'online' parameter has only two possible values. Use a bool for it.
---
src/qemu/qemu_driver.c | 4 ++--
src/qemu/qemu_monitor.c | 2 +-
src/qemu/qemu_monitor.h | 2 +-
src/qemu/qemu_monitor_json.c | 2 +-
On Wed, Jun 05, 2013 at 03:43:54PM +0200, Peter Krempa wrote:
The qemu monitor provides more information about vCPUs of a guest than
we needed currently. This patch upgrades the extraction function to
easily extract new data about the vCPUs and fixes code to cope with the
new structure. The
On Wed, Jun 05, 2013 at 03:43:55PM +0200, Peter Krempa wrote:
The qemu guest agent allows to online and offline CPUs from the
perspective of the guest. This patch adds helpers that call
'guest-get-vcpus' and 'guest-set-vcpus' guest agent functions and
convert the data for internal libvirt
On Wed, Jun 05, 2013 at 03:43:56PM +0200, Peter Krempa wrote:
This flag will allow to use qemu guest agent commands to disable
(offline) and enable (online) processors in a live guest that has the
guest agent running.
---
include/libvirt/libvirt.h.in | 1 +
src/libvirt.c|
On Wed, Jun 05, 2013 at 03:43:57PM +0200, Peter Krempa wrote:
This patch implements the VIR_DOMAIN_VCPU_AGENT flag for the
qemuDomainGetVcpusFlags() libvirt API implementation.
---
src/qemu/qemu_driver.c | 60
++
1 file changed, 56
On Wed, Jun 05, 2013 at 03:43:57PM +0200, Peter Krempa wrote:
This patch implements the VIR_DOMAIN_VCPU_AGENT flag for the
qemuDomainGetVcpusFlags() libvirt API implementation.
---
src/qemu/qemu_driver.c | 60
++
1 file changed, 56
On Wed, Jun 05, 2013 at 03:43:58PM +0200, Peter Krempa wrote:
This patch adds support for agent-based cpu disabling and enabling to
qemuDomainSetVcpusFlags() API.
---
src/qemu/qemu_driver.c | 129
-
1 file changed, 116 insertions(+), 13
On 06/07/2013 01:49 PM, Daniel P. Berrange wrote:
On Thu, Jun 06, 2013 at 05:08:12PM +0200, Ján Tomko wrote:
iscsiadm now supports specifying hostnames in the portal argument [1]
Instead of resolving the hostname to a single IPv4 address, pass the
hostname to isciadm, allowing IPv6 targets to
On Mon, Jun 03, 2013 at 11:19:15AM +0100, Daniel P. Berrange wrote:
On Wed, May 22, 2013 at 10:00:12AM +0200, Manuel VIVES wrote:
Hello,
I'm re-sending this patch for reviewing.
If necessary I'm willing to make
some changes to those patches.
I'm currently working on a better
There's no sense in using virAsprintf() just to duplicate a string.
We should use VIR_STRDUP which is designed just for that.
---
daemon/libvirtd-config.c | 2 +-
src/conf/domain_audit.c | 2 +-
src/libxl/libxl_driver.c | 30
On 05.06.2013 15:44, Peter Krempa wrote:
This patch implements support for the cpu-add QMP command that plugs
CPUs into a live guest. The cpu-add command was introduced in QEMU
1.5. For the hotplug to work machine type pc-i440fx-1.5 is required.
---
src/qemu/qemu_monitor_json.c | 37
On 06/07/13 16:15, Michal Privoznik wrote:
On 05.06.2013 15:44, Peter Krempa wrote:
This patch implements support for the cpu-add QMP command that plugs
CPUs into a live guest. The cpu-add command was introduced in QEMU
1.5. For the hotplug to work machine type pc-i440fx-1.5 is required.
---
On 06/07/13 15:02, Daniel P. Berrange wrote:
On Wed, Jun 05, 2013 at 03:43:53PM +0200, Peter Krempa wrote:
The 'online' parameter has only two possible values. Use a bool for it.
---
src/qemu/qemu_driver.c | 4 ++--
src/qemu/qemu_monitor.c | 2 +-
src/qemu/qemu_monitor.h | 2
On 06/07/13 15:01, Daniel P. Berrange wrote:
On Wed, Jun 05, 2013 at 03:43:52PM +0200, Peter Krempa wrote:
The cmd argument in cmdList is now used. Unmark it as unused.
---
tools/virsh-domain-monitor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
ACK, trivial
Pushed; Thanks.
On 06/07/13 15:06, Daniel P. Berrange wrote:
On Wed, Jun 05, 2013 at 03:43:54PM +0200, Peter Krempa wrote:
The qemu monitor provides more information about vCPUs of a guest than
we needed currently. This patch upgrades the extraction function to
easily extract new data about the vCPUs and fixes
On 06/07/13 15:10, Daniel P. Berrange wrote:
On Wed, Jun 05, 2013 at 03:43:55PM +0200, Peter Krempa wrote:
The qemu guest agent allows to online and offline CPUs from the
perspective of the guest. This patch adds helpers that call
'guest-get-vcpus' and 'guest-set-vcpus' guest agent functions
Currently, there's a path to use the ncpuinfo variable uninitialized,
which leads to a compiler warning:
qemu/qemu_driver.c: In function 'qemuDomainGetVcpusFlags':
qemu/qemu_driver.c:4573:9: error: 'ncpuinfo' may be used
uninitialized in this function [-Werror=maybe-uninitialized]
On Wed, Jun 05, 2013 at 03:43:57PM +0200, Peter Krempa wrote:
This patch implements the VIR_DOMAIN_VCPU_AGENT flag for the
qemuDomainGetVcpusFlags() libvirt API implementation.
---
src/qemu/qemu_driver.c | 60
++
1 file changed, 56
On 06/07/2013 06:14 AM, Martin Kletzander wrote:
On 05/30/2013 02:24 PM, John Ferlan wrote:
Since commit '632f78ca' the 'virsh schedinfo domain' command returns:
Scheduler : Unknown
error: Requested operation is not valid: cgroup CPU controller is not mounted
Prior to that change a non
This patch fixes changes done in commit 29c1e913e459058c12d02b3f4b767b3
that was pushed without implementing review feedback.
The flag introduced by the patch is changed to VIR_DOMAIN_VCPU_GUEST and
documentation makes the difference between regular hotplug and this new
functionality more
On 07.06.2013 17:18, Peter Krempa wrote:
This patch fixes changes done in commit 29c1e913e459058c12d02b3f4b767b3
that was pushed without implementing review feedback.
The flag introduced by the patch is changed to VIR_DOMAIN_VCPU_GUEST and
documentation makes the difference between regular
On 06/07/2013 04:06 PM, Michal Privoznik wrote:
There's no sense in using virAsprintf() just to duplicate a string.
We should use VIR_STRDUP which is designed just for that.
---
daemon/libvirtd-config.c | 2 +-
src/conf/domain_audit.c | 2 +-
On Thu, Jun 06, 2013 at 09:13:27AM +0100, Daniel P. Berrange wrote:
On Thu, Jun 06, 2013 at 10:07:26AM +0200, Richard Weinberger wrote:
I'm sure in my case setns() fails because the calling thread did not open()
the ns files itself.
Do you have user namespaces enabled by chance ?
On Thu, Jun 06, 2013 at 09:07:22AM +0200, Michal Privoznik wrote:
You've addressed all my concerns. ACK series.
Thanks, pushed.
Christophe
pgpnVIWpV9UJ9.pgp
Description: PGP signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
As the first user of virTraverseDirectory, it falls through to the 2
depth from /sys/devices, and returns the address of the PCI device
of which both vendor and device have the specified value. See the
test for an example.
---
src/libvirt_private.syms | 1 +
The string can be padded either on the left (@from_right=false) or right
(@from_right=true).
---
src/libvirt_private.syms | 1 +
src/util/virstring.c | 38 ++
src/util/virstring.h | 6 ++
tests/utiltest.c | 28
---
src/storage/storage_backend_scsi.c | 12
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/src/storage/storage_backend_scsi.c
b/src/storage/storage_backend_scsi.c
index 5635f73..da6a5dd 100644
--- a/src/storage/storage_backend_scsi.c
+++
The SCSI host number is not stable on Linux platform, the number
can be changed after a system rebooting or scsi kernel modules
reloaded. To have a stable address for the scsi_host adapter of
scsi pool, this introduces new XMLs like:
adapter type='scsi_host' parent='pci__00_1f_2'
To be more flexible, except allowing to specify 'parent' with name
produced by node device udev/HAL backends, this supports to specify
'parent' with PCI address directly (e.g. :00:1f:2). The specified
address will be padded if it's not consistent with what sysfs exposed.
(e.g 0:0:2:2 will be
Later patch will add new XML attributes for scsi_host adapter, this
is the preparation patch.
---
src/conf/storage_conf.c| 15 ---
src/conf/storage_conf.h| 4 +++-
src/phyp/phyp_driver.c | 8
src/storage/storage_backend_scsi.c | 2 +-
4
Not really guessing, it returns host name of the scsi host which has
smallest unique_id.
---
src/libvirt_private.syms | 1 +
src/util/virutil.c | 122 +++
src/util/virutil.h | 4 ++
tests/utiltest.c | 27 +++
4 files
The SCSI host number is not stable on Linux platform, the number
can be changed after a system rebooting or scsi kernel modules
reloaded. To have a stable address for the scsi_host adapter of
scsi pool, this introduces new XMLs like:
adapter type='scsi_host' parent='pci__00_1f_2'
This takes use of the two utils introduced in previous patches.
Node device HAL backend represents PCI device like PCI_8086_2922,
(I.E PCI_$vendor_$product), to get the PCI address, we have to
traverse /sys/devices/ to find it out.
And to get the current scsi host number assigned by the system
There is POSIX calls to walk through direcotry tree, nftw(3), but
there is no way to allow one to pass user data to the callback:
int nftw(const char *dirpath,
int (*fn) (const char *fpath, const struct stat *sb,
int typeflag, struct FTW *ftwbuf),
int
---
src/storage/storage_backend_scsi.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/storage/storage_backend_scsi.c
b/src/storage/storage_backend_scsi.c
index 0a79e6c..13c498d 100644
--- a/src/storage/storage_backend_scsi.c
+++
By traversing sysfs directory like /sys/bus/pci/devices/:00:1f:2/
to find out the scsi host whose unique_id has the specified value.
And returns the host number.
Address like :00:1f:2 will be retrieved from the parent of
scsi_host adapter. E.g.
adapter type='scsi_host'
On 08/06/13 01:03, Osier Yang wrote:
To be more flexible, except allowing to specify 'parent' with name
produced by node device udev/HAL backends, this supports to specify
'parent' with PCI address directly (e.g. :00:1f:2). The specified
address will be padded if it's not consistent with
Am 07.06.2013 17:34, schrieb Daniel P. Berrange:
On Thu, Jun 06, 2013 at 09:13:27AM +0100, Daniel P. Berrange wrote:
On Thu, Jun 06, 2013 at 10:07:26AM +0200, Richard Weinberger wrote:
I'm sure in my case setns() fails because the calling thread did not open() the
ns files itself.
Do you
81 matches
Mail list logo