On Tue, 12 Feb 2019, Christian Ehrhardt wrote:
> Change fb01e1a44 "virt-aa-helper: generate rules for gl enabled
> graphics devices" implemented the detection for gl enabled
> devices in virt-aa-helper. But further testing showed
> that it will need much more access for the full gl stack
> to
On Tue, 12 Feb 2019, Christian Ehrhardt wrote:
> Change fb01e1a44 "virt-aa-helper: generate rules for gl enabled
> graphics devices" implemented the detection for gl enabled
> devices in virt-aa-helper. But it will in certain cases e.g. if
> no rendernode was explicitly specified need to read
On 2/15/19 12:46 PM, Daniel P. Berrangé wrote:
Only one of the three callers of virPCIDeviceAddressFormat correctly
handles an error return status. Fortunately it can't fail so can be
made void.
Signed-off-by: Daniel P. Berrangé
Reviewed-by: Laine Stump
--
libvir-list mailing list
The iptables-ebtables package is meant as a drop-in replacement for
the native ebtables package, but it formats some items in the -L
output differently, leading to failure of scripts that depend on the
output of ebtables -L. In particular:
with old ebtables IPv6 prefixes are output as a netmask
Only one of the three callers of virPCIDeviceAddressFormat correctly
handles an error return status. Fortunately it can't fail so can be
made void.
Signed-off-by: Daniel P. Berrangé
---
src/conf/device_conf.c | 3 +--
src/conf/device_conf.h | 6 +++---
src/conf/domain_conf.c
On 2/15/19 10:51 AM, Daniel P. Berrangé wrote:
On Mon, Feb 11, 2019 at 02:56:31PM +, Daniel P. Berrangé wrote:
On Mon, Feb 11, 2019 at 09:51:09AM -0500, Laine Stump wrote:
On 2/11/19 6:11 AM, Daniel P. Berrangé wrote:
On Mon, Feb 11, 2019 at 06:07:40AM -0500, Laine Stump wrote:
On Mon,
mis-fire.
Ignore this one, I used the wrong base branch to git-publish and didn't
interrupt it quickly enough
Re-posted v4 with correct base.
On Fri, Feb 15, 2019 at 05:13:28PM +, Daniel P. Berrangé wrote:
> v1: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04482.html
> v2:
From: "Daniel P. Berrange"
The VNC server has historically had support for ACLs to check both the
SASL username and the TLS x509 distinguished name. The VNC server was
responsible for creating the initial ACL, and the client app was then
responsible for populating it with rules using the HMP
The various ACL related commands are obsolete now that the QAuthZ
framework for authorization is fully integrated throughout QEMU network
services. Mark it as deprecated with no replacement to be provided.
Authorization is now provided by using 'object_add' together with
the 'tls-authz' or
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
the NBD server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509 certificate.
This means the client will have to acquire a
From: "Daniel P. Berrange"
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute':
From: "Daniel P. Berrange"
The QEMU instance that runs as the server for the migration data
transport (ie the target QEMU) needs to be able to configure access
control so it can prevent unauthorized clients initiating an incoming
migration. This adds a new 'tls-authz' migration parameter that is
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a
v1: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04482.html
v2: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg05727.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg01639.html
This series builds on the core authorization framework:
v8:
v1: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04482.html
v2: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg05727.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg01639.html
This series builds on the core authorization framework:
v8:
The inotify userspace API for reading events is quite horrible, so it is
useful to wrap it in a more friendly API to avoid duplicating code
across many users in QEMU. Wrapping it also allows introduction of a
platform portability layer, so that we can add impls for non-Linux based
equivalents in
On Mon, Feb 11, 2019 at 02:56:31PM +, Daniel P. Berrangé wrote:
> On Mon, Feb 11, 2019 at 09:51:09AM -0500, Laine Stump wrote:
> > On 2/11/19 6:11 AM, Daniel P. Berrangé wrote:
> > > On Mon, Feb 11, 2019 at 06:07:40AM -0500, Laine Stump wrote:
> > > > On Mon, Feb 11, 2019, 5:50 AM Daniel P.
Below is patch that simulates race behaviour.
Let's add delay on replying to virDomainOpenConsole and
report error for console stream immediately. For this
let's use IO helper thread for console fd stream.
With this patch you'll get next error in interactive virsh session:
(note that a generated
If console disconnected due to connection problem or problem on server
side for example it is convinient to provide the cause to the user.
If error comes from API then error is saved in virsh global variable
but as we return success from virshRunConsole if we reach waiting
stage then error is
Nikolay Shirokovskiy (2):
tools: console: cleanup console on errors in main thread
tools: console: pass stream/fd errors to user
tools/virsh-console.c | 220 ++
1 file changed, 169 insertions(+), 51 deletions(-)
--
1.8.3.1
--
libvir-list
We only check now for virObjectWait failures in virshRunConsole but
we'd better check and for other failures too. Anyway if failure
happened we need to shutdown console to stop delivering events
from event loop thread or we are in trouble as console is freed
on virshRunConsole exit.
And we need
Message of API call that creates stream and stream itself have
same rpc serial. This can lead to issues. If stream got error
immediately after creation then notification can be delivered
before API call reply arrived. This is possible because the
reply and the error message are sent from different
It not done yet. As a result if we doing 'virsh console' and
libvirtd is killed we get [1] message as virsh tracks connection
status but virsh itself won't exit because it won't get notification
that stream is broken. Only after we press a key and virsh
tries to write that key code to stream we
Nikolay Shirokovskiy (2):
rpc: client: fix race on stream error and stream creation
rpc: client: stream: notify streams of closing connection
src/rpc/virnetclient.c | 13 ++---
src/rpc/virnetclientstream.c | 30 --
src/rpc/virnetclientstream.h | 2
On Fri, 2019-02-15 at 14:25 +0100, Ján Tomko wrote:
> On Fri, Feb 15, 2019 at 12:55:48PM +0100, Andrea Bolognani wrote:
> > @@ -4855,6 +4855,51 @@ virDomainRNGDefPostParse(virDomainRNGDefPtr rng)
> > return 0;
> > }
> >
> > +
>
> ^ Whitespace Watch would worry.
That's because I added one
On Fri, Feb 15, 2019 at 12:55:52PM +0100, Andrea Bolognani wrote:
Now that we've moved all the actual code into helper
functions, we can turn it into a switch statement.
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 77 +++---
1 file changed,
On Fri, Feb 15, 2019 at 12:55:50PM +0100, Andrea Bolognani wrote:
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 30 ++
1 file changed, 18 insertions(+), 12 deletions(-)
Reviewed-by: Ján Tomko
Jano
signature.asc
Description: PGP signature
--
On Fri, Feb 15, 2019 at 12:55:51PM +0100, Andrea Bolognani wrote:
Minor tweaks to ensure compliance with our coding style.
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 20 ++--
1 file changed, 14 insertions(+), 6 deletions(-)
Reviewed-by: Ján Tomko
Jano
On Fri, Feb 15, 2019 at 12:55:49PM +0100, Andrea Bolognani wrote:
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 30 +++---
1 file changed, 19 insertions(+), 11 deletions(-)
Reviewed-by: Ján Tomko
Jano
signature.asc
Description: PGP signature
--
On Fri, Feb 15, 2019 at 12:55:48PM +0100, Andrea Bolognani wrote:
Minor tweaks to ensure compliance with our coding style.
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 83 --
1 file changed, 47 insertions(+), 36 deletions(-)
diff --git
On Fri, Feb 15, 2019 at 12:55:47PM +0100, Andrea Bolognani wrote:
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 22 +++---
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 74bb18d726..99319578f7
On Fri, Feb 15, 2019 at 12:55:46PM +0100, Andrea Bolognani wrote:
Minor tweaks to ensure compliance with our coding style.
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 59 --
1 file changed, 34 insertions(+), 25 deletions(-)
diff --git
Since virStorageSource is now a subclass of virObject, we can use
VIR_AUTOUNREF instead.
Signed-off-by: Peter Krempa
---
src/conf/domain_conf.c| 2 +-
src/qemu/qemu_domain.c| 2 +-
src/qemu/qemu_driver.c| 6 +++---
src/qemu/qemu_migration.c
To allow tracking a single virStorageSource in multiple structures
without extra hassle allow refcounting by turining it into an object.
Signed-off-by: Peter Krempa
---
src/util/virstoragefile.c | 40 +--
src/util/virstoragefile.h | 2 ++
2 files changed, 32
Add virStorageSourceNew and refactor places allocating that structure to
use the helper.
Signed-off-by: Peter Krempa
---
src/conf/domain_conf.c| 10 +-
src/conf/snapshot_conf.c | 4 ++--
src/conf/storage_conf.c | 2 +-
Now that virStorageSource is a subclass of virObject we can use
virObjectUnref and remove virStorageSourceFree which was a thin wrapper.
Signed-off-by: Peter Krempa
---
src/conf/domain_conf.c | 8
src/conf/snapshot_conf.c | 2 +-
src/libvirt_private.syms | 1 -
Add helper for utilizing __attribute__(cleanup())) for unref-ing
instances of sublasses of virObject.
Signed-off-by: Peter Krempa
---
src/libvirt_private.syms | 1 +
src/util/viralloc.h | 10 ++
src/util/virobject.c | 13 +
src/util/virobject.h | 3 +++
4
In todays side story we witness the transmutation of virStorageSource
into a virObject.
Peter Krempa (5):
util: Introduce function for allocating virStorageSource
util: storage: Turn virStorageSource into a virObject
util: alloc: Introduce VIR_AUTOUNREF macro
util: Remove the AUTOPTR func
Minor tweaks to ensure compliance with our coding style.
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 83 --
1 file changed, 47 insertions(+), 36 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 30 ++
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 4cfdfb230e..872cb3352b 100644
--- a/src/conf/domain_conf.c
+++
Now that we've moved all the actual code into helper
functions, we can turn it into a switch statement.
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 77 +++---
1 file changed, 58 insertions(+), 19 deletions(-)
diff --git
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 30 +++---
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b794200e47..4cfdfb230e 100644
--- a/src/conf/domain_conf.c
+++
Minor tweaks to ensure compliance with our coding style.
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 20 ++--
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 872cb3352b..7f66fa27ff 100644
---
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 22 +++---
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 74bb18d726..99319578f7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@
Split actual functionality into a series of small helpers and
turn it into a dispatcher.
Andrea Bolognani (7):
conf: Introduce virDomainChrDefPostParse()
conf: Introduce virDomainRNGDefPostParse()
conf: Introduce virDomainDiskDefPostParse()
conf: Introduce virDomainVideoDefPostParse()
Minor tweaks to ensure compliance with our coding style.
Signed-off-by: Andrea Bolognani
---
src/conf/domain_conf.c | 59 --
1 file changed, 34 insertions(+), 25 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index
On Thu, Feb 14, 2019 at 02:46:22PM -0500, Laine Stump wrote:
> The libvirt zonefile for firewalld (added in commit 3b71f2e4) does the
> following:
>
> 1) lists specific services it wants to allow, then
>
> 2) uses a lower priority rule to block all other services to
>the host, and then
47 matches
Mail list logo
