Eric Blake wrote:
On 01/08/2015 06:20 AM, Pavel Hrdina wrote:
Signed-off-by: Pavel Hrdina phrd...@redhat.com
---
src/Makefile.am | 34 +-
1 file changed, 17 insertions(+), 17 deletions(-)
if WITH_XENCONFIG
+AM_LFLAGS = -Pxl_disk_
-Original Message-
From: Daniel P. Berrange [mailto:berra...@redhat.com]
Sent: Thursday, January 08, 2015 9:03 PM
To: libvir-list@redhat.com
Cc: Richard Weinberger; Chen, Hanxiao/陈 晗霄; Daniel P. Berrange
Subject: [PATCH] lxc: Stop mouning /proc and /sys read only
Mounting parts
On 01/08/2015 02:25 AM, Michal Privoznik wrote:
On 08.01.2015 01:07, Eric Blake wrote:
I noticed this while working on the previous commit. Why should
we be calling out '../src/' when it is sufficient to refer to just
'./'? Blind copy-and-paste runs rampant in this file :)
*
On 01/08/2015 06:46 AM, Pavel Hrdina wrote:
On 01/08/2015 02:31 PM, Daniel P. Berrange wrote:
On Thu, Jan 08, 2015 at 02:20:25PM +0100, Pavel Hrdina wrote:
Well, the parallel build doesn't work as there are not dependencies
set correctly. When running 'make -j' I see this error:
make[2]:
On 01/08/2015 06:20 AM, Pavel Hrdina wrote:
Signed-off-by: Pavel Hrdina phrd...@redhat.com
---
src/Makefile.am | 34 +-
1 file changed, 17 insertions(+), 17 deletions(-)
if WITH_XENCONFIG
+AM_LFLAGS = -Pxl_disk_ --header-file=../$*.h
Uggh. Not your
We have historically done a number of things with LXC that are
somewhat questionable in retrospect
1. Mounted /proc/sys read-only, but then mounted
/proc/sys/net/ipv* read-write again
2. Mounted /sys read only
3. Mount /sys/fs/cgroup/NNN/the/guest/dir to /sys/fs/cgroup/NNN
4. FUSE mount
Mounting parts of /proc and /sys read only provides no security
without user namespaces, since root has privilege to remount
them writable again. When user namepaces are enable, if offers
no security benefit, since the UID remapping already prevents
write access to the correct areas.
---
On 08.01.2015 01:07, Eric Blake wrote:
I noticed this while working on the previous commit. Why should
we be calling out '../src/' when it is sufficient to refer to just
'./'? Blind copy-and-paste runs rampant in this file :)
* src/Makefile.am (INCLUDES, *_CFLAGS): Shorten to $(srcdir).
Hi Laine,
Sorry to disturb you.
It seemed this issue had been fixed in libvirt-1.2.2/libnl-3.2.22/linux-3.12.
But we still got the error on PowerPC platform.
I'll appreciate if you could give any suggestion. We are not sure if any
netlink implementation in kernel space is missed.
The scenario
Signed-off-by: Pavel Hrdina phrd...@redhat.com
---
src/Makefile.am | 34 +-
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index f970d60..97253e0 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1000,23
Well, the parallel build doesn't work as there are not dependencies
set correctly. When running 'make -j' I see this error:
make[2]: Entering directory '/home/zippy/work/libvirt/libvirt.git/src'
GEN util/virkeymaps.h
GEN locking/lock_protocol.h
make[2]: *** No rule to make target
Pavel Hrdina (2):
src/Makefile: move the new xen_xl_disk parser code at the correct
place
src/Makefile: Fix parallel build after xen_xl_disk parser introduction
src/Makefile.am | 45 -
1 file changed, 28 insertions(+), 17 deletions(-)
--
On Thu, Jan 08, 2015 at 02:20:24PM +0100, Pavel Hrdina wrote:
Signed-off-by: Pavel Hrdina phrd...@redhat.com
---
src/Makefile.am | 34 +-
1 file changed, 17 insertions(+), 17 deletions(-)
ACK, trivial
Regards,
Daniel
--
|: http://berrange.com -o-
On Thu, Jan 08, 2015 at 02:20:25PM +0100, Pavel Hrdina wrote:
Well, the parallel build doesn't work as there are not dependencies
set correctly. When running 'make -j' I see this error:
make[2]: Entering directory '/home/zippy/work/libvirt/libvirt.git/src'
GEN util/virkeymaps.h
GEN
Am 08.01.2015 um 14:02 schrieb Daniel P. Berrange:
We have historically done a number of things with LXC that are
somewhat questionable in retrospect
1. Mounted /proc/sys read-only, but then mounted
/proc/sys/net/ipv* read-write again
2. Mounted /sys read only
3. Mount
On 01/08/2015 02:20 PM, Pavel Hrdina wrote:
Pavel Hrdina (2):
src/Makefile: move the new xen_xl_disk parser code at the correct
place
src/Makefile: Fix parallel build after xen_xl_disk parser introduction
src/Makefile.am | 45 -
1 file
On Thu, Jan 08, 2015 at 02:36:36PM +0100, Richard Weinberger wrote:
Am 08.01.2015 um 14:02 schrieb Daniel P. Berrange:
We have historically done a number of things with LXC that are
somewhat questionable in retrospect
1. Mounted /proc/sys read-only, but then mounted
On 01/08/2015 02:31 PM, Daniel P. Berrange wrote:
On Thu, Jan 08, 2015 at 02:20:25PM +0100, Pavel Hrdina wrote:
Well, the parallel build doesn't work as there are not dependencies
set correctly. When running 'make -j' I see this error:
make[2]: Entering directory
Am 08.01.2015 um 14:45 schrieb Daniel P. Berrange:
On Thu, Jan 08, 2015 at 02:36:36PM +0100, Richard Weinberger wrote:
Am 08.01.2015 um 14:02 schrieb Daniel P. Berrange:
We have historically done a number of things with LXC that are
somewhat questionable in retrospect
1. Mounted /proc/sys
On Thu, Jan 08, 2015 at 03:02:59PM +0100, Richard Weinberger wrote:
Am 08.01.2015 um 14:45 schrieb Daniel P. Berrange:
On Thu, Jan 08, 2015 at 02:36:36PM +0100, Richard Weinberger wrote:
Am 08.01.2015 um 14:02 schrieb Daniel P. Berrange:
We have historically done a number of things with LXC
Am 08.01.2015 um 15:06 schrieb Daniel P. Berrange:
On Thu, Jan 08, 2015 at 03:02:59PM +0100, Richard Weinberger wrote:
Am 08.01.2015 um 14:45 schrieb Daniel P. Berrange:
On Thu, Jan 08, 2015 at 02:36:36PM +0100, Richard Weinberger wrote:
Am 08.01.2015 um 14:02 schrieb Daniel P. Berrange:
We
Hi Daniel,
... first ... a happy new year 2015 to all of you.
I have seen that you have suggested at Openstack review of the s390x cpu model
issue (link: https://review.openstack.org/#/c/137424/) to post a link to this
Openstack review. Completed now. :-)
It would be nice if my intermediate
On 01/08/2015 12:56 AM, Eric Blake wrote:
On 01/07/2015 02:43 PM, Eric Blake wrote:
CC xenconfig/libvirt_xenconfig_la-xen_xl.lo
../../src/xenconfig/xen_xl.c:29:25: fatal error: xen_xl_disk.h: No such
file or directory
#include xen_xl_disk.h
^
compilation
Using actual python API to validate test case, rather than use
virsh iface-* command lines.
---
cases/basic_interface.conf| 12 ++
repos/interface/iface_list.py | 299 --
2 files changed, 99 insertions(+), 212 deletions(-)
diff --git
On 01/08/2015 04:40 AM, hong-hua@freescale.com wrote:
Hi Laine,
Sorry to disturb you.
It seemed this issue had been fixed in libvirt-1.2.2/libnl-3.2.22/linux-3.12.
But we still got the error on PowerPC platform.
I'll appreciate if you could give any suggestion. We are not sure if any
The virDomainDefineXMLFlags and virDomainCreateXML APIs both
gain new flags allowing them to be told to validate XML.
This updates all the drivers to turn on validation in the
XML parser when the flags are set
---
include/libvirt/libvirt-domain.h | 5 +
src/bhyve/bhyve_driver.c | 16
The 'virsh define', 'virsh create' and 'virsh edit' commands
get XML validation enabled by default, with a --skip-validate
option to disable it.
The quality of error reporting from libxml2 varies depending
on the type of XML error made. Sometimes it is quite clear
and useful, other times it is
A followup to
https://www.redhat.com/archives/libvir-list/2014-November/msg00607.html
In this posting
- Finished virsh integration for define, create edit commands
- Support validation in all virt drivers
- Fix misc bugs in changes to domain_conf flag handling
The situation with libxml
The virCPUDefFormat* methods were relying on the VIR_DOMAIN_XML_*
flag definitions. It is not desirable for low level internal
functions to be coupled to flags for the public API, since they
may need to be called from several different contexts where the
flags would not be appropriate.
---
The virDomainDefineXML method is one of the few that still lacks
an 'unsigned int flags' parameter. This will be needed for adding
XML validation to this API. virDomainCreateXML fortunately already
has flags.
---
include/libvirt/libvirt-domain.h | 4
src/driver-hypervisor.h | 5
The XenAPI driver was passing the flags for
virDomainCreateXML straight into the virDomainDefParseString
method, even though they expect totally different sets of
flags. It should have been using VIR_DOMAIN_XML_INACTIVE
---
src/xenapi/xenapi_driver.c | 4 ++--
1 file changed, 2 insertions(+), 2
The VIR_DOMAIN_XML_SECURE flag only has effect on the formatting
of XML so should not be passed to virDomainDefParseNode
---
src/conf/snapshot_conf.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/conf/snapshot_conf.c b/src/conf/snapshot_conf.c
index 79cf124..d9339c3
Add a helper method that can validate an XML document against
an RNG schema
---
include/libvirt/virterror.h | 1 +
src/internal.h | 4 +++
src/libvirt_private.syms| 1 +
src/util/virerror.c | 6
src/util/virxml.c | 74
The phyp driver is passing the VIR_DOMAIN_XML_SECURE flag to
virDomainDefParseString which is wrong, because that flag only
has effect when formatting XML.
---
src/phyp/phyp_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/phyp/phyp_driver.c
Make sure every virt driver implements virDomainDefineXMLFlags
by adding a trivial passthrough from the existing impl with
no flags set.
---
src/bhyve/bhyve_driver.c | 12 ++--
src/esx/esx_driver.c | 10 --
src/libxl/libxl_driver.c | 12 ++--
The virDomainDefParse* and virDomainDefFormat* methods both
accept the VIR_DOMAIN_XML_* flags defined in the public API,
along with a set of other VIR_DOMAIN_XML_INTERNAL_* flags
defined in domain_conf.c.
This is seriously confusing error prone for a number of
reasons:
- VIR_DOMAIN_XML_SECURE,
The virDomainDefParseString method will report a suitable error
on parsing fail, so don't replace that.
---
src/parallels/parallels_driver.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/parallels/parallels_driver.c b/src/parallels/parallels_driver.c
index
We need the flex to generate new xen_xl_disk parser.
Signed-off-by: Pavel Hrdina phrd...@redhat.com
---
Pushed under trivial rule.
bootstrap.conf | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bootstrap.conf b/bootstrap.conf
index c06ee4c..22c1c06 100644
---
38 matches
Mail list logo
