在 2018/9/17 下午8:05, Andrea Bolognani 写道:
On Mon, 2018-09-17 at 13:43 +0800, Yi Min Zhao wrote:
在 2018/9/11 下午9:59, Andrea Bolognani 写道:
+static void
+virDomainZPCIAddressReleaseUid(virHashTablePtr set,
+ virZPCIDeviceAddressPtr addr)
+{
+if
On 09/13/2018 03:11 PM, Laine Stump wrote:
> brctl is part of the bridge-utils package, which has been deprecated /
> replaced by the "ip" and "bridge" commands in the iproute package in
> all modern distros. This patch removes the few usages of brctl in
> libvirt-tck's network tests, replacing
$SUBJ
s/dac/selinux
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> Lock all the paths we want to relabel to mutually exclude other
> libvirt daemons.
>
> The only culprit here hitch here is that directories can't be
Where have I seen this before?
> locked. Therefore, when relabeling a
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> So far the whole transaction handling is done
> virSecuritySELinuxSetFileconHelper(). This needs to change for
> the sake of security label remembering and locking. Otherwise we
> would be locking a path when only appending it to transaction
>
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> Firstly, the following code pattern is harder to follow:
>
> if (func() < 0) {
> error();
> } else {
> /* success */
> }
>
> We should put 'goto cleanup' into the error branch and move the
> else branch one level up.
>
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> This label is used in both successful and error paths. Therefore
> it should be named 'cleanup' and not 'err'.
>
> Signed-off-by: Michal Privoznik
> ---
> src/security/security_selinux.c | 6 +++---
> 1 file changed, 3 insertions(+), 3
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> Lock all the paths we want to relabel to mutually exclude other
> libvirt daemons.
>
> The only culprit here hitch here is that directories can't be
reread the above and fix and fix ;-)
> locked. Therefore, when relabeling a directory do not
[...]
VIR_FROM_THIS VIR_FROM_SECURITY
>
> VIR_LOG_INIT("security.security_manager");
>
> +virMutex lockManagerMutex = VIR_MUTEX_INITIALIZER;
> +
> struct _virSecurityManager {
> virObjectLockable parent;
>
> @@ -43,6 +47,7 @@ struct _virSecurityManager {
> void *privateData;
>
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> Firstly, the message that says we're setting uid:gid shouldn't be
> called from virSecurityDACSetOwnershipInternal() because
> virSecurityDACRestoreFileLabelInternal() is calling it too.
> Secondly, there are places between us reporting label
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> So far the whole transaction handling is done
> virSecurityDACSetOwnershipInternal(). This needs to change for
> the sake of security label remembering and locking. Otherwise we
> would be locking a path when only appending it to transaction
>
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> Two new APIs are added so that security driver can lock and
> unlock paths it wishes to touch. These APIs are not for other
> drivers to call but security drivers (DAC and SELinux). That is
> the reason these APIs are not exposed through our
>
[...]
>> cleanup:
>> -if (rv != 0 && fd)
>> -VIR_FORCE_CLOSE(*fd);
>> +if (rv < 0) {
>> +int saved_errno = errno;
>> +virErrorPtr origerr;
>> +
>> +virErrorPreserveLast();
>> +if (fd)
>> +VIR_FORCE_CLOSE(*fd);
>> +
>> +if
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> Now that we know what metadata lock manager user wishes to use we
> can load it when initializing security driver. This is achieved
> by adding new argument to virSecurityManagerNewDriver() and
> subsequently to all functions that end up calling
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> At the beginning of each dispatch function we check if owner
> attributes were registered (these consist of ID, UUID, PID and
> name). The check then consists of checking if ID is not zero.
> This is not going to work with
>
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> Soon there will be a virtlockd client that wants to either lock
> all the resources or none (in order to avoid virtlockd killing
> the client on connection close). Because on the RPC layer we can
> only acquire one resource at a time, we have to
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> The fact whether domain has or doesn't have RW disks is specific
> to VIR_LOCK_MANAGER_OBJECT_TYPE_DOMAIN and therefore should
> reside in union specific to it.
>
> Signed-off-by: Michal Privoznik
> ---
> src/locking/lock_driver_lockd.c | 8
On 09/10/2018 05:36 AM, Michal Privoznik wrote:
> We will want virtlockd to lock files on behalf of libvirtd and
> not qemu process, because it is libvirtd that needs an exclusive
> access not qemu. This requires new lock context.
>
> Signed-off-by: Michal Privoznik
> ---
>
11.09.2018 14:36, Vladimir Sementsov-Ogievskiy wrote:
04.09.2018 09:59, Nikolay Shirokovskiy wrote:
Hi, Peter. I have questions to several of your comments:
On 03.09.2018 14:59, Peter Krempa wrote:
On Mon, Sep 03, 2018 at 13:58:31 +0300, Nikolay Shirokovskiy wrote:
This patch adds option to
On 9/17/18 2:59 AM, Andrea Bolognani wrote:
On Tue, 2018-09-11 at 16:38 -0600, Jim Fehlig wrote:
[...]
Since Xen 4.6 contains a pkgconfig file, drop the now unused code
that falls back to using LIBVIRT_CHECK_LIB in the absence of
pkgconfig file.
[...]
- dnl pkgconfig file not found,
On 09/13/2018 01:19 PM, Peter Krempa wrote:
> On Thu, Sep 13, 2018 at 18:47:55 +0800, Yi Wang wrote:
>> When doing some job holding state lock for a long time,
>> we may come across error:
>>
>> "Timed out during operation: cannot acquire state change lock"
>>
>> Well, sometimes it's not a problem
The directory has been renamed in 562990849a9d, but a
reference to it was not updated at the same time, causing
'make dist' to fail ever since. Fix it.
Signed-off-by: Andrea Bolognani
---
Pushed under the Pink Bunny Ears of Shame™ rule.
tests/Makefile.am | 2 +-
1 file changed, 1 insertion(+),
From: Marc-André Lureau
QEMU 3.1 should only expose the property if the host is actually
capable of creating hugetable-backed memfd. However, it may fail
at runtime depending on requested "hugetlbsize".
Reviewed-by: John Ferlan
Signed-off-by: Marc-André Lureau
Signed-off-by: John Ferlan
---
From: Marc-André Lureau
Add a new memoryBacking source type "memfd", supported by QEMU (when
the apability is available).
A memfd is a specialized anonymous memory kind. As such, an anonymous
source type could be automatically using a memfd. However, there are
some complications when migrating
From: Marc-André Lureau
Hi,
This is an alternative series from "[PATCH 0/5] Use memfd if
possible". Instead of automatically using memfd for anonymous memory
when available (as suggested by Daniel), it introduces the "memfd"
memory backing type.
Although using memfd transparently when possible
From: Marc-André Lureau
Check availability of "-object memory-backend-memfd".
Reviewed-by: John Ferlan
Signed-off-by: Marc-André Lureau
Signed-off-by: John Ferlan
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
On Mon, 2018-09-17 at 14:10 +0800, Yi Min Zhao wrote:
> 在 2018/9/11 下午11:21, Andrea Bolognani 写道:
> > > @@ -805,8 +869,13 @@ qemuDomainAttachDiskGeneric(virQEMUDriverPtr driver,
> > > if (qemuHotplugDiskSourceAttach(priv->mon, diskdata) < 0)
> > > goto exit_monitor;
> > >
> > >
On Mon, 2018-09-17 at 13:51 +0800, Yi Min Zhao wrote:
> 在 2018/9/11 下午10:31, Andrea Bolognani 写道:
> > > +{
> > > +if (!virZPCIDeviceAddressIsEmpty(>addr.pci.zpci))
> > > +return qemuAppendZPCIDevStr(cmd, dev);
> > > +
> > > +return 0;
> >
> > I'd rather see this as
> >
> >if
On Mon, Sep 17, 2018 at 13:22:59 +0200, Andrea Bolognani wrote:
> A side effect of recent changes is that we would always try
> to regenerate the capabilities cache for non-native QEMU
> binaries based on /dev/kvm availability, which is of course
> complete nonsense. Make sure that doesn't happen.
On 2018-09-17 at 19:52, Michal Privoznik wrote:
>On 09/13/2018 10:55 AM, Shi Lei wrote:
>> v1 here:
>> https://www.redhat.com/archives/libvir-list/2018-September/msg00497.html
>>
>> Diff from v1: (according to the comments from Jano)
>> - Change build-aux/check-spacing.pl rather than cfg.mk
>>
On Mon, 2018-09-17 at 13:43 +0800, Yi Min Zhao wrote:
> 在 2018/9/11 下午9:59, Andrea Bolognani 写道:
> > > +static void
> > > +virDomainZPCIAddressReleaseUid(virHashTablePtr set,
> > > + virZPCIDeviceAddressPtr addr)
> > > +{
> > > +if (virHashRemoveEntry(set, >uid) <
> On 09/13/2018 10:11 PM, wang.yechao...@zte.com.cn wrote:
> > I just code review, found there may be problem.
> >
> > The follow statement in founction qemuProcessReconnectHelper:
> >
> > "if (virThreadCreate(, false, qemuProcessReconnect, data) < 0) "
> >
> > may be failed (no one can
On 09/13/2018 10:55 AM, Shi Lei wrote:
> v1 here:
> https://www.redhat.com/archives/libvir-list/2018-September/msg00497.html
>
> Diff from v1: (according to the comments from Jano)
> - Change build-aux/check-spacing.pl rather than cfg.mk
> - Don't exempt '/' (which matches comments in
On Fri, 2018-09-14 at 16:35 +0200, Jiri Denemark wrote:
> On Fri, Sep 14, 2018 at 15:36:42 +0200, Andrea Bolognani wrote:
> > How ridiculous would it be to invalidate capabilities whenever
> > the daemon is restarted? That might strike a somewhat reasonable
> > balance between requiring the admin
A side effect of recent changes is that we would always try
to regenerate the capabilities cache for non-native QEMU
binaries based on /dev/kvm availability, which is of course
complete nonsense. Make sure that doesn't happen.
Signed-off-by: Andrea Bolognani
---
A better spot would be between
Hi
On Mon, Sep 17, 2018 at 3:07 PM, Michal Privoznik wrote:
> On 09/17/2018 11:30 AM, Marc-André Lureau wrote:
>> Hi
>>
>> On Fri, Sep 14, 2018 at 11:44 AM, Michal Prívozník
>> wrote:
>>> On 09/13/2018 11:51 PM, John Ferlan wrote:
On 09/13/2018 10:09 AM, John Ferlan wrote:
>
On 09/17/2018 11:30 AM, Marc-André Lureau wrote:
> Hi
>
> On Fri, Sep 14, 2018 at 11:44 AM, Michal Prívozník
> wrote:
>> On 09/13/2018 11:51 PM, John Ferlan wrote:
>>>
>>>
>>> On 09/13/2018 10:09 AM, John Ferlan wrote:
On 09/13/2018 03:39 AM, Marc-André Lureau wrote:
> Hi
> On Sat, Sep 15, 2018 at 04:29:24PM +0800, Yi Wang wrote:
> > Domain fails to start when its config xml including:
> > 64
> >
> > # virsh create vm.xml
> > error: Failed to create domain from vm.xml
> > error: invalid argument: Failed to parse bitmap ''
> >
> > This patch fixes this.
> >
I'm sorry about many v1 patches posted. I fix some syntax errors in all v2
patches,
and should note the changes in these patches. I will learn more about posting
patch
correctly.
Thanks John.
---
Best wishes,
Wang Yechao
原始邮件
发件人:JohnFerlan
Hi
On Fri, Sep 14, 2018 at 11:44 AM, Michal Prívozník wrote:
> On 09/13/2018 11:51 PM, John Ferlan wrote:
>>
>>
>> On 09/13/2018 10:09 AM, John Ferlan wrote:
>>>
>>>
>>> On 09/13/2018 03:39 AM, Marc-André Lureau wrote:
Hi
On Thu, Sep 13, 2018 at 2:25 AM, John Ferlan wrote:
>
On Tue, 2018-09-11 at 16:38 -0600, Jim Fehlig wrote:
[...]
> Since Xen 4.6 contains a pkgconfig file, drop the now unused code
> that falls back to using LIBVIRT_CHECK_LIB in the absence of
> pkgconfig file.
[...]
> - dnl pkgconfig file not found, fallback to lib probe
> - if test
On 09/14/2018 11:27 PM, John Ferlan wrote:
On 09/13/2018 03:54 AM, Lin Ma wrote:
When we call qemuARPGetInterfaces to get IP from the host's arp table, We
ignore VIR_DOMAIN_NET_TYPE_ETHERNET, VIR_DOMAIN_NET_TYPE_VHOSTUSER and
s/ignore/should ignore/
VIR_DOMAIN_NET_TYPE_DIRECT due to the
On 09/15/2018 07:14 AM, Laine Stump wrote:
On 09/13/2018 03:54 AM, Lin Ma wrote:
When we call qemuARPGetInterfaces to get IP from the host's arp table, We
ignore VIR_DOMAIN_NET_TYPE_ETHERNET, VIR_DOMAIN_NET_TYPE_VHOSTUSER and
VIR_DOMAIN_NET_TYPE_DIRECT due to the host's arp table won't
On Sat, Sep 15, 2018 at 04:29:24PM +0800, Yi Wang wrote:
> Domain fails to start when its config xml including:
> 64
>
> # virsh create vm.xml
> error: Failed to create domain from vm.xml
> error: invalid argument: Failed to parse bitmap ''
>
> This patch fixes this.
>
> Signed-off-by: Yi
在 2018/9/11 下午11:21, Andrea Bolognani 写道:
On Tue, 2018-09-04 at 16:39 +0800, Yi Min Zhao wrote:
[...]
+static int
+qemuDomainAttachExtensionDevice(qemuMonitorPtr mon,
+virDomainDeviceInfoPtr info)
+{
+if (!virZPCIDeviceAddressIsEmpty(>addr.pci.zpci))
+
44 matches
Mail list logo
