On Mon, Oct 18, 2021 at 02:08:41PM +0200, Peter Krempa wrote:
> When parsing of the node device XML fails we'd still call the post-parse
> and validation callbacks which makes no sense. Additionally the
> callbacks were expecting a non-NULL pointer which leads to a crash.
>
> Resolves:
The repo-lockdown service used to run as a bot outside GitHub, but has
now switched to using the GitHub Actions workflow framework. This
requires use of a new configuration file.
Signed-off-by: Daniel P. Berrangé
---
.github/lockdown.yml | 38 -
On Fri, Sep 17, 2021 at 03:34:56PM +0200, Peter Krempa wrote:
> Issuing simple QMP commands is pain as they need to be wrapped by the
> JSON wrapper:
>
> { "execute": "COMMAND" }
>
> and optionally also:
>
> { "execute": "COMMAND", "arguments":...}
>
> For simple commands without arguments
When parsing of the node device XML fails we'd still call the post-parse
and validation callbacks which makes no sense. Additionally the
callbacks were expecting a non-NULL pointer which leads to a crash.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2014139
Fixes: d5ae634ba28
In selinux driver there's virSecuritySELinuxSetFileconImpl()
which is responsible for actual setting of SELinux label on given
file and handling possible failures. In fhe failure handling code
we decide whether failure is fatal or not. But there is a bug:
depending on SELinux mode (Permissive vs.
v2 of:
https://listman.redhat.com/archives/libvir-list/2021-September/msg00553.html
diff to v1:
- Reworded commit message in 2/2.
Michal Prívozník (2):
selinux: Swap two blocks handling setfilecon_raw() failure
selinux: Don't ignore ENOENT in Permissive mode
In virSecuritySELinuxSetFileconImpl() we have code that handles
setfilecon_raw() failure. The code consists of two blocks: one
for dealing with shared filesystem like NFS (errno is ENOTSUP or
EROFS) and the other block that's dealing with EPERM for
privileged daemon. Well, the order of these two
On a Monday in 2021, Peter Krempa wrote:
Kevin's patches were committed upstream, so libvirt can start using the
JSON syntax now.
This patch adds also validation of the parameters against the
QMP schema, but the schema is incomplete for now.
Peter Krempa (6):
qemucapabilitiestest: Update
On Mon, Oct 18, 2021 at 09:28:00 +, Or Ozeri wrote:
>Any comments? :)
Oops, I meant to get to this last week but somehow it fell under my
radar. I'll try to get to this today or tomorrow.
On Mon, Oct 18, 2021 at 10:54:55AM +0200, Michal Privoznik wrote:
> There are two variables (@vm and @domflags) in qemuConnectGetAllDomainStats()
> that are used only within the for() loop but declared for entire function.
> Bring them into the loop to make it obvious they are not used outside of
On Fri, Oct 15, 2021 at 04:26:42PM +0200, Michal Privoznik wrote:
> *** BLURB HERE ***
>
> Michal Prívozník (2):
> objecteventtest: Drop lifecycleEventCounter_reset()
> objecteventtest: Don't overwrite @ret on failure
>
> tests/objecteventtest.c | 129
Any comments? :)-"Or Ozeri" wrote: -To: libvir-list@redhat.comFrom: "Or Ozeri" Date: 10/07/2021 10:21PMCc: to.my.troc...@gmail.com, dan...@il.ibm.com, idryo...@gmail.com, "Or Ozeri" Subject: [PATCH v4 0/5] Add support for librbd
This is v2 of:
https://listman.redhat.com/archives/libvir-list/2021-October/msg00535.html
v1 -> v2:
- Fix compatibility with old version libvirt [Michal]
Peng Liang (2):
qemu: Move pid file of pr-helper to stateDir
qemu: Move pid file of virtiofsd to stateDir
src/qemu/qemu_process.c | 22
Libvirt will put the pid file of virtiofsd to per-domain directory.
However, the ownership of the per-domain directory is the user to run
the QEMU process and the user has the write permission of the directory.
If VM escape occurs, the attacker can
1. write arbitrary content to the pid file (if
Libvirt will put the pid file of pr-helper to per-domain directory.
However, the ownership of the per-domain directory is the user to run
the QEMU process and the user has the write permission of the directory.
If VM escape occurs, the attacker can
1. write arbitrary content to the pid file (if
On 10/18/21 9:58 AM, Peter Krempa wrote:
> When parsing of the node device XML we'd still call the post-parse and
> validation callbacks which makes no sense. Additionally the callbacks
> were expecting a non-NULL pointer which leads to a crash.
>
> Resolves:
There are two variables (@vm and @domflags) in qemuConnectGetAllDomainStats()
that are used only within the for() loop but declared for entire function.
Bring them into the loop to make it obvious they are not used outside of it.
Signed-off-by: Michal Privoznik
---
src/qemu/qemu_driver.c | 7
On 10/18/21 4:16 AM, Hiroki Narukawa wrote:
> Thank you for your review, I checked your suggestions in each patch, and I
> agree to all the suggested changes.
>
Awesome! I've merged these. Thanks!
Michal
When parsing of the node device XML we'd still call the post-parse and
validation callbacks which makes no sense. Additionally the callbacks
were expecting a non-NULL pointer which leads to a crash.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2014139
Fixes: d5ae634ba28
Signed-off-by:
Kevin's patches were committed upstream, so libvirt can start using the
JSON syntax now.
This patch adds also validation of the parameters against the
QMP schema, but the schema is incomplete for now.
Peter Krempa (6):
qemucapabilitiestest: Update qemu-6.2 cycle capability test data
Now that we use JSON with -device we can validate it at least partially
(since the schema for 'device_add' is for now incomplete) against the
QMP schema.
Signed-off-by: Peter Krempa
---
tests/qemuxml2argvtest.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git
The QMP schema for 'device_add' is not complete yet. Allow validation of
incomplete schema so that we can enable at least some validation. Once
there's more schema in the future all present members are still
validated.
Signed-off-by: Peter Krempa
---
tests/qemumigparamstest.c | 1 +
Normally this would be considered an internal detail which we don't
document in the news, but in this case I'd like to make people aware of
the change so that they preferrably report them ASAP.
Signed-off-by: Peter Krempa
---
NEWS.rst | 7 +++
1 file changed, 7 insertions(+)
diff --git
Use the 'allowIncomplete' argument of testQEMUSchemaValidateCommand to
validate at least properties which are already described by the schema.
Signed-off-by: Peter Krempa
---
tests/qemumonitortestutils.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git
Update to v6.1.0-1510-gc148a05721 which most notably adds the 'json-cli'
feature for 'device_add' QMP command meaning that -device accepts JSON.
Signed-off-by: Peter Krempa
---
.../caps_6.2.0.x86_64.replies | 99 ++-
.../caps_6.2.0.x86_64.xml
'acpi-bridge-hotplug' global config only supports 'state=off|on' attribute. Any
other attributes are invalid. Added a unit test to make sure we fail in case an
invalid config option is specified.
Signed-off-by: Ani Sinha
---
...i-bridge-hotplug-invalid.x86_64-latest.err | 1 +
This change adds a negative unit test to make sure that invalid or unknown pci
related features specified in the input domain xml file will result in an
error.
Signed-off-by: Ani Sinha
---
.../pci-feature-invalid.x86_64-latest.err | 1 +
.../qemuxml2argvdata/pci-feature-invalid.xml | 25
This patch series adds a couple of negative unit tests in order to make sure
we fail in case of invalid conf options.
* [PATCH 1/2] conf/test: add a negative unit test for invalid pci
Above patch makes sure we fail if invalid pci specific global feature is
specified.
* [PATCH 2/2] conf/test:
28 matches
Mail list logo