On 5/14/19 11:48 AM, Daniel P. Berrangé wrote:
Helper APIs are needed to
- Populate basic virNetworkPortDef from virDomainNetDef
- Set a virDomainActualNetDef from virNetworkPortDef
- Populate a full virNetworkPortDef from virDomainActualNetDef
Signed-off-by: Daniel P. Berrangé
Review
[please don't send HTML e-mails to technical mailing lists]
On Tue, May 21, 2019 at 01:42:08PM +, Tal Attaly wrote:
Hi,
Hi,
I think there is a bug when running virsh domxml-to-native qemu-argv with
VM with long name, it getting cut -
.. -name guest=l-dev-vrt-140-022-RH-7.0-Tal,
On 5/20/19 9:44 PM, Laine Stump wrote:
On 5/14/19 11:48 AM, Daniel P. Berrangé wrote:
Introduce a virNetworkPortDefPtr struct to represent the data associated
with a virtual network port. Add APIs for parsing/formatting XML docs
with the data.
Oops. This fails virschematest #1974:
1974) Che
On Mon, May 20, 2019 at 03:24:06PM +0200, Andrea Bolognani wrote:
On Mon, 2019-05-20 at 14:59 +0200, Ján Tomko wrote:
On Mon, May 20, 2019 at 01:37:49PM +0200, Andrea Bolognani wrote:
> The virDomainDeviceInfoIterate() function was initially
> written with the expectation that all devices would
A counterpart to virDomainDeviceInfoIterate that will iterate over all
devices, not just those with an info.
Use it in places where we intend to process all devices with callbacks
that do not depend on DeviceInfo being present:
* virDomainDefPostParse
* virDomainDefValidate
Signed-off-by: Ján Tom
A function for iterating over all devices [0] instead of just the ones
with DeviceInfo.
[0] Terms and conditions apply. Leases might be included as well.
Ján Tomko (2):
Introduce virDomainDeviceIterate
Introduce DOMAIN_DEVICE_ITERATE_MISSING_INFO
src/conf/domain_conf.c | 47
Rename the DOMAIN_DEVICE_ITERATE_GRAPHICS flag.
It was introduced by commit dd45c2710f6fd2d4f8a47f97960532d0e0091e7d
with the intention to run the Validate callback even on the graphics
device.
However, enumerating every single device in virDomainDeviceIterateFlags
is unsustainable and what really
On Mon, May 20, 2019 at 01:37:53PM +0200, Andrea Bolognani wrote:
Mostly add comments explaining why there are two capabilites
for the same feature and how they interact.
Signed-off-by: Andrea Bolognani
---
src/qemu/qemu_command.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions
On Mon, May 20, 2019 at 01:37:52PM +0200, Andrea Bolognani wrote:
Device validation should not have to wait until command line
generation time. Moving the code to a separate function also
allows us to avoid some unnecessary repetition.
Signed-off-by: Andrea Bolognani
---
src/qemu/qemu_command.c
On Mon, May 20, 2019 at 01:37:47PM +0200, Andrea Bolognani wrote:
Signed-off-by: Andrea Bolognani
---
...tel-iommu-caching-mode.x86_64-latest.args} | 15 ++---
...tel-iommu-device-iotlb.x86_64-latest.args} | 15 ++---
...rgs => intel-iommu-eim.x86_64-latest.args} | 15 ++---
.../qemuxml
On Mon, May 20, 2019 at 01:37:48PM +0200, Andrea Bolognani wrote:
Make sure validation is working as intended by trying to use
Intel IOMMU with the i440fx machine type, though we know it's
q35 only, and expecting an error to be returned.
Signed-off-by: Andrea Bolognani
---
.../intel-iommu-wrong
On Mon, May 20, 2019 at 01:37:46PM +0200, Andrea Bolognani wrote:
Remove a bunch of irrelevant devices and make sure all input
files explicitly opt out of USB controllers: the latter change
will help later, when we start using DO_TEST_CAPS_LATEST().
Signed-off-by: Andrea Bolognani
---
.../intel
Hi,
I think there is a bug when running virsh domxml-to-native qemu-argv with
VM with long name, it getting cut -
.. -name guest=l-dev-vrt-140-022-RH-7.0-Tal,debug-threads=on -object
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain--1-l-dev-vrt-140-022-RH/master-key.aes
On 5/21/19 7:52 AM, Peter Krempa wrote:
> On Thu, May 09, 2019 at 12:43:31 +0200, Peter Krempa wrote:
>> Peter Krempa (3):
>> docs: hacking: Document few practices for creating error messages
>> docs: hacking: Add good practices for shortening conditional
>> expressions
>> docs: hacking:
On Thu, May 09, 2019 at 12:43:31 +0200, Peter Krempa wrote:
> Peter Krempa (3):
> docs: hacking: Document few practices for creating error messages
> docs: hacking: Add good practices for shortening conditional
> expressions
> docs: hacking: Discourage use of the ternary operator and ban
The virtlogd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket per
This series fixes CVE-2019-10132
It is pushed to master as it was reviewed on the security list
ahead of time.
Daniel P. Berrangé (3):
admin: reject clients unless their UID matches the current UID
locking: restrict sockets to mode 0600
logging: restrict sockets to mode 0600
src/admin/adm
The admin protocol RPC messages are only intended for use by the user
running the daemon. As such they should not be allowed for any client
UID that does not match the server UID.
Fixes CVE-2019-10132
Reviewed-by: Ján Tomko
Signed-off-by: Daniel P. Berrangé
---
src/admin/admin_server_dispatch.
The virtlockd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket pe
On Mon, Apr 29, 2019 at 04:39:40PM +0200, Michal Privoznik wrote:
When cloning an RBD volume we try to find a snapshot which is
not different to the image we're trying to clone. This boils down
to calling rbd_diff_iterate() or rbd_diff_iterate2() on systems
with newer ceph. These two are passed a
The libvirt-lock-sanlock subpackage requires sanlock to be installed
first and the sanlock package creates the sanlock group on all distros
we care about in the spec file (Fedora and RHEL >= 7). Thus instead of
setting the ownership and permissions in a post scriptlet only when the
sanlock group ex
On Mon, May 20, 2019 at 04:16:31PM +0200, Peter Krempa wrote:
Split out the 'shallow' flag as a boolean argument rather than passing
in flags and constructing them in irrelevant APIs.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_migration.c| 6 +-
src/qemu/qemu_monitor.c | 8 --
On Mon, May 20, 2019 at 04:16:33PM +0200, Peter Krempa wrote:
Signed-off-by: Peter Krempa
---
src/qemu/qemu_monitor_json.c | 71 ++--
1 file changed, 28 insertions(+), 43 deletions(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 4
On Mon, May 20, 2019 at 04:16:32PM +0200, Peter Krempa wrote:
Split out the 'shallow' and 'reuse' flags as booleans rather than passing
in flags and constructing them in irrelevant APIs.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_driver.c | 4 +++-
src/qemu/qemu_migration.c| 6 +
On Mon, May 20, 2019 at 04:16:30PM +0200, Peter Krempa wrote:
The NBD migration code uses drive/blockdev-mirror internally. In those
APIs we pass around flags for the monitor commands which are based on
the flags for the virDomainBlockRebase API. Since there's only one flag
which changes, pass it
On Fri, May 17, 2019 at 01:19:58PM +0200, Peter Krempa wrote:
At the point when we want to modify the permissions for the 'mirror' we
know whether it is supposed to have a backing chain or no. Given that
mirror->backingStore is populated only when we'd need to touch it ayways
we can use qemuDomai
On Fri, May 17, 2019 at 01:19:56PM +0200, Peter Krempa wrote:
Since 4e797f1a we parse backingStore of mirror which will later be used
with blockdev. Add some validation for the user passed mirror at the
current point to make sure it's not used improperly.
Validate that it's not used without bloc
On Fri, May 17, 2019 at 01:19:57PM +0200, Peter Krempa wrote:
One code path open-coded qemuDomainStorageSourceChainAccessAllow badly
and also did not integrate with the locking code.
Replace the separate calls with qemuDomainStorageSourceChainAccessAllow
which does everything internally.
Signed
On Mon, May 20, 2019 at 02:59:27PM -0500, Marty E. Plummer wrote:
> On Mon, May 20, 2019 at 10:14:32AM +0100, Daniel P. Berrangé wrote:
> > On Sat, May 18, 2019 at 10:56:01AM -0500, Marty E. Plummer wrote:
> > > If you pass --for-msgfmt to msgmerge it will automatically do most of
> > > what you ha
Signed-off-by: Johannes Holmberg
---
Changes from v1:
- Quotes around $TMPFILE everywhere.
- Explicit -n checks in if statements
- Fixed one instance of incorrect indentation
- Signed-off-by line in commit message
tools/virt-xml-validate.in | 46 --
1 f
On Fri, May 17, 2019 at 01:19:54PM +0200, Peter Krempa wrote:
Since 3decae00e90 qemuDomainStorageSourceAccessRevoke keeps the libvirt
error which was set prior to the call around even after the call, thus
we don't need to do the same when reverting access in the block copy
code.
Signed-off-by: P
On Fri, May 17, 2019 at 01:19:55PM +0200, Peter Krempa wrote:
Since 3decae00e90 qemuDomainStorageSourceAccessAllow revokes the
permissions it granted if it fails halfway, thus we can remove some
calls to qemuDomainStorageSourceAccessRevoke which tried to undo this
situation.
Signed-off-by: Peter
On Fri, May 17, 2019 at 01:19:53PM +0200, Peter Krempa wrote:
Use VIR_AUTOFREE and VIR_AUTOUNREF.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_driver.c | 15 +--
1 file changed, 5 insertions(+), 10 deletions(-)
Reviewed-by: Ján Tomko
Jano
signature.asc
Description: PGP signat
On Fri, May 17, 2019 at 01:19:52PM +0200, Peter Krempa wrote:
Use VIR_AUTOFREE and VIR_AUTOUNREF.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_driver.c | 12
1 file changed, 4 insertions(+), 8 deletions(-)
Reviewed-by: Ján Tomko
Jano
signature.asc
Description: PGP signature
On Fri, May 17, 2019 at 01:19:51PM +0200, Peter Krempa wrote:
Use VIR_AUTOFREE, VIR_AUTOUNREF, and VIR_STEAL_PTR.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_driver.c | 21 -
1 file changed, 8 insertions(+), 13 deletions(-)
Reviewed-by: Ján Tomko
Jano
signature.asc
D
On Fri, May 17, 2019 at 01:19:50PM +0200, Peter Krempa wrote:
When aborting or pivoting a block job we record which operation we do
for the mirror in the virDomainDiskDef structure. As everything is
synchronized by a job it's not necessary to modify the state prior to
calling the monitor and rese
On Fri, May 17, 2019 at 01:19:49PM +0200, Peter Krempa wrote:
All blockjobs get their status updated by events from qemu, so this code
no longer makes sense.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_driver.c | 14 --
1 file changed, 14 deletions(-)
Reviewed-by: Ján Tomko
Ja
Hello,
Am 21.05.19 um 09:35 schrieb Johannes Holmberg:
> On Tue, 2019-05-21 at 07:36 +0200, Philipp Hahn wrote:
>> Am 20.05.19 um 13:57 schrieb Johannes Holmberg:
>>> diff --git a/tools/virt-xml-validate.in b/tools/virt-xml-validate.in
...
>>> +if [ "$XMLFILE" = "-" ]; then
>>> +TMPFILE=`mktem
On Tue, 2019-05-21 at 07:36 +0200, Philipp Hahn wrote:
> Hello,
>
> Some nits:
>
> Am 20.05.19 um 13:57 schrieb Johannes Holmberg:
> > diff --git a/tools/virt-xml-validate.in b/tools/virt-xml-
> > validate.in
> > index 64ae33..2d2afb74ec 100644
> > --- a/tools/virt-xml-validate.in
> > +++ b/t
On Mon, May 20, 2019 at 02:37:56PM +0200, Michal Privoznik wrote:
> *** BLURB HERE ***
BLURB THERE, BLURB EVERYWHERE,
BLURB Reviewed-by: Erik Skultety
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Mon, May 20, 2019 at 01:37:50PM +0200, Andrea Bolognani wrote:
> This was a hack needed because virDomainGraphicsDef doesn't
> embed a virDomainDeviceInfo, but now that we have clarified
> the corresponding pointer can be NULL we no longer need to
> special-case graphics and can drop the flag.
>
41 matches
Mail list logo