March 2009 - Devel - libvirt List Archives

[libvirt] [PATCH] Use posix_fallocate() to allocate disk space
by Amit Shah 04 Mar '09

04 Mar '09

Hi, This is an untested patch to make disk allocations faster and non-fragmented. I'm using posix_fallocate() now but relying on glibc really calling fallocate() if it exists for the file system to be the fastest. - This fails build because libutil needs to be added as a dependency? ../src/.libs/libvirt_driver_storage.a(storage_backend_fs.o): In function `virStorageBackendFileSystemVolCreate': /home/amit/src/libvirt/src/storage_backend_fs.c:1023: undefined reference to `safezero' - What's vol->capacity? Why is ftruncate() needed after the call to (current) safewrite()? My assumption is that the user can specify some max. capacity and wish to allocate only a chunk off it at create-time. Is that correct? The best case to get a non-fragmented VM image is to have it allocated completely at create-time with fallocate(). Currently xfs and ext4 support the fallocate() syscall (btrfs will, too, when it's ready). Comments? Amit >From dfe4780f5990571f026e02e6187cb64505c982c1 Mon Sep 17 00:00:00 2001 From: Amit Shah <amit.shah(a)redhat.com> Date: Tue, 24 Feb 2009 16:55:58 +0530 Subject: [PATCH] Use posix_fallocate() to allocate disk space Using posix_fallocate() to allocate disk space and fill it with zeros is faster than writing the zeros block-by-block. Also, for backing file systems that support the fallocate() syscall, this operation will give us a big speed boost. The biggest advantage of using this is the file will not be fragmented for the allocated chunks. Signed-off-by: Amit Shah <amit.shah(a)redhat.com> --- src/storage_backend_fs.c | 23 ++++++++--------------- src/util.c | 5 +++++ src/util.h | 1 + 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/src/storage_backend_fs.c b/src/storage_backend_fs.c index 240de96..74b0fda 100644 --- a/src/storage_backend_fs.c +++ b/src/storage_backend_fs.c @@ -1019,21 +1019,14 @@ virStorageBackendFileSystemVolCreate(virConnectPtr conn, /* XXX slooooooooooooooooow. * Need to add in progress bars & bg thread somehow */ if (vol->allocation) { - unsigned long long remain = vol->allocation; - static char const zeros[4096]; - while (remain) { - int bytes = sizeof(zeros); - if (bytes > remain) - bytes = remain; - if ((bytes = safewrite(fd, zeros, bytes)) < 0) { - virReportSystemError(conn, errno, - _("cannot fill file '%s'"), - vol->target.path); - unlink(vol->target.path); - close(fd); - return -1; - } - remain -= bytes; + int r; + if ((r = safezero(fd, 0, 0, vol->allocation)) < 0) { + virReportSystemError(conn, r, + _("cannot fill file '%s'"), + vol->target.path); + unlink(vol->target.path); + close(fd); + return -1; } } diff --git a/src/util.c b/src/util.c index 990433a..1bee7f0 100644 --- a/src/util.c +++ b/src/util.c @@ -117,6 +117,11 @@ ssize_t safewrite(int fd, const void *buf, size_t count) return nwritten; } +int safezero(int fd, int flags, off_t offset, off_t len) +{ + return posix_fallocate(fd, offset, len); +} + #ifndef PROXY int virFileStripSuffix(char *str, diff --git a/src/util.h b/src/util.h index a79cfa7..acaabb1 100644 --- a/src/util.h +++ b/src/util.h @@ -31,6 +31,7 @@ int saferead(int fd, void *buf, size_t count); ssize_t safewrite(int fd, const void *buf, size_t count); +int safezero(int fd, int flags, off_t offset, off_t len); enum { VIR_EXEC_NONE = 0, -- 1.6.0.6

3 6

[libvirt] selinux
by Michael Kress 04 Mar '09

04 Mar '09

Hi! What do I have to do to get qemu-kvm to run with selinux running with enforcing policy? I get these messages when I enable this policy: Mar 3 20:56:23 matrix kernel: [ 8972.482746] device vnet0 entered promiscuous mode Mar 3 20:56:23 matrix kernel: [ 8972.898943] br0: port 2(vnet0) entering learning state Mar 3 20:56:23 matrix kernel: [ 8972.901957] type=1400 audit(1236110183.820:20): avc: denied { execmem } for pid=6376 comm="kvm" scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process Mar 3 20:56:23 matrix kernel: [ 8973.161318] type=1400 audit(1236110183.832:21): avc: denied { append } for pid=6379 comm="ifup" name="ifstate" dev=sda1 ino=1376380 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file Mar 3 20:56:23 matrix kernel: [ 8973.188371] br0: port 2(vnet0) entering disabled state Mar 3 20:56:23 matrix kernel: [ 8973.203666] device vnet0 left promiscuous mode Mar 3 20:56:23 matrix kernel: [ 8973.203675] br0: port 2(vnet0) entering disabled state Mar 3 20:56:23 matrix libvirtd: Received signal 17, dispatching to drivers Mar 3 20:56:23 matrix libvirtd: Received signal 17, dispatching to drivers Mar 3 20:56:23 matrix kernel: [ 8973.216362] type=1400 audit(1236110183.880:22): avc: denied { append } for pid=6387 comm="ifdown" name="ifstate" dev=sda1 ino=1376380 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file I've tried to set the type: chcon -t virt_image_t a01.img but all I got was: chcon: failed to change context of `a01.img' to `system_u:object_r:virt_image_t:s0': Invalid argument The host is a debian 5.0 machine. TIA Regards Michael

3 3

[libvirt] PATCH: Fix libvirtd test cases
by Daniel P. Berrange 04 Mar '09

04 Mar '09

The libvirtd tests have a number of bugs causing them to fail & generally do bad things. They all currently fail on RHEL5 hosts. - daemon-conf - the abs_topbuild_dir env var was not being set correctly so it failed to find config.h. It also broken by changes in stderr debug output from libvirtd. This patch fixes the env var, and changes it to it just looks for the desired error message, not doing a diff across entire of stdout/err. - libvirtd-fail - again fails because it is diffing the whole of stdout/err and coming across warning messages its not expecting. Change it to look for daemon error exit status because that reliably indicates whether it quit as expected on bogus configs - libvirtd-pool - running the QEMU driver which does not exist, just to test virsh's XML generation capabilities. This adds a --print-xml arg to virsh and uses the test:///default driver for testing, so we avoid the QEMU driver & daemon during tests - libvirt-net-persist - again trying to rnu the QEMU driver which does not exist, and its writing config files into the user's home directory. There's no easy fix for this, so I'm killing it off. It can be tested in the separate integration test suite where you can be sure to arrange for correct pre-requisites and safe working environment src/virsh.c | 51 ++++++++++++++++++++++++--------------- tests/Makefile.am | 3 -- tests/daemon-conf | 13 +++------- tests/libvirtd-fail | 9 ++---- tests/libvirtd-net-persist | 58 --------------------------------------------- tests/libvirtd-pool | 41 ++++++------------------------- 6 files changed, 48 insertions(+), 127 deletions(-) Daniel Index: src/virsh.c =================================================================== RCS file: /data/cvs/libvirt/src/virsh.c,v retrieving revision 1.195 diff -u -p -u -p -r1.195 virsh.c --- src/virsh.c 3 Mar 2009 09:59:02 -0000 1.195 +++ src/virsh.c 3 Mar 2009 19:23:01 -0000 @@ -2923,6 +2923,7 @@ cmdPoolCreate(vshControl *ctl, const vsh */ static const vshCmdOptDef opts_pool_X_as[] = { {"name", VSH_OT_DATA, VSH_OFLAG_REQ, gettext_noop("name of the pool")}, + {"print-xml", VSH_OT_BOOL, 0, gettext_noop("print XML document, but don't define/create")}, {"type", VSH_OT_DATA, VSH_OFLAG_REQ, gettext_noop("type of the pool")}, {"source-host", VSH_OT_DATA, 0, gettext_noop("source-host for underlying storage")}, {"source-path", VSH_OT_DATA, 0, gettext_noop("source path for underlying storage")}, @@ -3002,6 +3003,7 @@ cmdPoolCreateAs(vshControl *ctl, const v { virStoragePoolPtr pool; char *xml, *name; + int printXML = vshCommandOptBool(cmd, "print-xml"); if (!vshConnectionUsability(ctl, ctl->conn, TRUE)) return FALSE; @@ -3009,18 +3011,22 @@ cmdPoolCreateAs(vshControl *ctl, const v if (!buildPoolXML(cmd, &name, &xml)) return FALSE; - pool = virStoragePoolCreateXML(ctl->conn, xml, 0); - free (xml); - - if (pool != NULL) { - vshPrint(ctl, _("Pool %s created\n"), name); - virStoragePoolFree(pool); - return TRUE; + if (printXML) { + printf("%s", xml); + free (xml); } else { - vshError(ctl, FALSE, _("Failed to create pool %s"), name); - } + pool = virStoragePoolCreateXML(ctl->conn, xml, 0); + free (xml); - return FALSE; + if (pool != NULL) { + vshPrint(ctl, _("Pool %s created\n"), name); + virStoragePoolFree(pool); + } else { + vshError(ctl, FALSE, _("Failed to create pool %s"), name); + return FALSE; + } + } + return TRUE; } @@ -3085,6 +3091,7 @@ cmdPoolDefineAs(vshControl *ctl, const v { virStoragePoolPtr pool; char *xml, *name; + int printXML = vshCommandOptBool(cmd, "print-xml"); if (!vshConnectionUsability(ctl, ctl->conn, TRUE)) return FALSE; @@ -3092,18 +3099,22 @@ cmdPoolDefineAs(vshControl *ctl, const v if (!buildPoolXML(cmd, &name, &xml)) return FALSE; - pool = virStoragePoolDefineXML(ctl->conn, xml, 0); - free (xml); - - if (pool != NULL) { - vshPrint(ctl, _("Pool %s defined\n"), name); - virStoragePoolFree(pool); - return TRUE; + if (printXML) { + printf("%s", xml); + free (xml); } else { - vshError(ctl, FALSE, _("Failed to define pool %s"), name); - } + pool = virStoragePoolDefineXML(ctl->conn, xml, 0); + free (xml); - return FALSE; + if (pool != NULL) { + vshPrint(ctl, _("Pool %s defined\n"), name); + virStoragePoolFree(pool); + } else { + vshError(ctl, FALSE, _("Failed to define pool %s"), name); + return FALSE; + } + } + return TRUE; } Index: tests/Makefile.am =================================================================== RCS file: /data/cvs/libvirt/tests/Makefile.am,v retrieving revision 1.76 diff -u -p -u -p -r1.76 Makefile.am --- tests/Makefile.am 3 Mar 2009 17:00:18 -0000 1.76 +++ tests/Makefile.am 3 Mar 2009 19:23:01 -0000 @@ -82,7 +82,6 @@ test_scripts += \ define-dev-segfault \ int-overflow \ libvirtd-fail \ - libvirtd-net-persist \ libvirtd-pool \ read-bufsiz \ read-non-seekable \ @@ -127,7 +126,7 @@ TESTS_ENVIRONMENT = \ abs_top_srcdir=`cd '$(top_srcdir)'; pwd` \ abs_builddir=`cd '$(builddir)'; pwd` \ abs_srcdir=`cd '$(srcdir)'; pwd` \ - CONFIG_HEADER='$(abs_top_builddir)/config.h' \ + CONFIG_HEADER="`cd '$(top_builddir)'; pwd`/config.h" \ PATH="$(path_add)$(PATH_SEPARATOR)$$PATH" \ SHELL="$(SHELL)" \ LIBVIRT_DRIVER_DIR="$(abs_top_builddir)/src/.libs" \ Index: tests/daemon-conf =================================================================== RCS file: /data/cvs/libvirt/tests/daemon-conf,v retrieving revision 1.6 diff -u -p -u -p -r1.6 daemon-conf --- tests/daemon-conf 2 Mar 2009 20:01:26 -0000 1.6 +++ tests/daemon-conf 3 Mar 2009 19:23:01 -0000 @@ -52,15 +52,10 @@ while :; do test $i = $n && break - # Filter out some ignorable diagnostics and drop timestamps - sed \ - -e 's/.*: error : //' \ - -e '/^Cannot set group when not running as root$/d' \ - -e '/^libnuma: Warning: .sys not mounted or no numa system/d' \ - err > k && mv k err - - printf '%s\n\n' "remoteReadConfigFile: $f: $param_name: $msg" > expected-err - diff -u expected-err err || fail=1 + # Check that the diagnostic we want appears + grep "$msg" err 1>/dev/null 2>&1 + RET=$? + test "$RET" = "0" || fail=1 i=$(expr $i + 1) done Index: tests/libvirtd-fail =================================================================== RCS file: /data/cvs/libvirt/tests/libvirtd-fail,v retrieving revision 1.1 diff -u -p -u -p -r1.1 libvirtd-fail --- tests/libvirtd-fail 2 Mar 2009 20:01:05 -0000 1.1 +++ tests/libvirtd-fail 3 Mar 2009 19:23:01 -0000 @@ -12,10 +12,7 @@ test -z "$abs_top_srcdir" && abs_top_src fail=0 -libvirtd --config=no-such-file > log 2>&1 && fail=1 -cat <<\EOF > exp -Failed to open file 'no-such-file': No such file or directory -EOF +libvirtd --config=no-such-conf --timeout=5 2> log +RET=$? -compare exp log || fail=1 -exit $fail +test "$RET" != "0" && exit 0 || exit 1 Index: tests/libvirtd-net-persist =================================================================== RCS file: tests/libvirtd-net-persist diff -N tests/libvirtd-net-persist --- tests/libvirtd-net-persist 2 Mar 2009 18:41:00 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,58 +0,0 @@ -#!/bin/sh -# ensure that net-destroy doesn't make network disappear (persistence-related) - -if test "$VERBOSE" = yes; then - set -x - libvirtd --version - virsh --version -fi - -test -z "$srcdir" && srcdir=$(pwd) -test -z "$abs_top_srcdir" && abs_top_srcdir=$(pwd)/.. -. "$srcdir/test-lib.sh" - -fail=0 - -pwd=$(pwd) || fail=1 -sock_dir="$pwd" -cat > conf <<EOF || fail=1 -unix_sock_dir = "$sock_dir" -log_outputs = "3:file:$pwd/log" -EOF - -cat > net.xml <<EOF || fail=1 -<network> - <name>N</name> - <ip address="192.168.199.1" netmask="255.255.255.0"></ip> -</network> -EOF - -cat > exp <<EOF || fail=1 -Network N defined from net.xml - -Network N destroyed - -Name State Autostart ------------------------------------------ -N inactive no - -EOF - -libvirtd --config=conf > libvirtd-log 2>&1 & pid=$! -sleep 1 - -url="qemu:///session?socket=@$sock_dir/libvirt-sock" -virsh -c "$url" \ - 'net-define net.xml; net-destroy N; net-list --all' > out 2>&1 \ - || fail=1 - -# if libvird's log is empty, sleep for a second before killing it -test -s libvirtd-log || sleep 1 -kill $pid - -compare exp out || fail=1 - -printf "Shutting down network 'N'\n" > log-exp -compare log-exp libvirtd-log || fail=1 - -exit $fail Index: tests/libvirtd-pool =================================================================== RCS file: /data/cvs/libvirt/tests/libvirtd-pool,v retrieving revision 1.1 diff -u -p -u -p -r1.1 libvirtd-pool --- tests/libvirtd-pool 2 Mar 2009 20:01:05 -0000 1.1 +++ tests/libvirtd-pool 3 Mar 2009 19:23:01 -0000 @@ -1,9 +1,8 @@ #!/bin/sh -# Get coverage of libvirtd's config-parsing code. +# Get coverage of virsh pool-define-as XML formatting if test "$VERBOSE" = yes; then set -x - libvirtd --version virsh --version fi @@ -14,50 +13,28 @@ test -z "$abs_top_srcdir" && abs_top_src fail=0 pwd=$(pwd) || fail=1 -sock_dir="$pwd" -cat > conf <<EOF || fail=1 -unix_sock_dir = "$sock_dir" -log_outputs = "3:file:$pwd/log" -EOF - -libvirtd --config=conf > libvirtd-log 2>&1 & pid=$! -sleep 1 - -url="qemu:///session?socket=@$sock_dir/libvirt-sock" -virsh --connect "$url" \ - pool-define-as P dir src-host /src/path /src/dev S /target-path > out 2>&1 \ - || fail=1 -virsh --connect "$url" pool-dumpxml P >> out 2>&1 || fail=1 -# remove random uuid -sed 's/<uuid>.*/-/' out > k && mv k out || fail=1 - -kill $pid +virsh --connect test:///default \ + pool-define-as --print-xml \ + P dir src-host /src/path /src/dev S /target-path \ + 1>out 2>&1 cat <<EOF > pool-list-exp -Pool P defined - <pool type='dir'> <name>P</name> - - - <capacity>0</capacity> - <allocation>0</allocation> - <available>0</available> <source> + <host name='src-host'/> + <dir path='/src/path'/> + <device path='/src/dev'/> + <name>S</name> </source> <target> <path>/target-path</path> - <permissions> - <mode>0700</mode> - <owner>500</owner> - <group>500</group> - </permissions> </target> </pool> EOF compare pool-list-exp out || fail=1 -compare /dev/null libvirtd-log || fail=1 exit $fail -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

3 4

[libvirt] [ANNOUNCE] New release virtinst 0.400.2
by Cole Robinson 04 Mar '09

04 Mar '09

I'm happy to announce a new virtinst release, version 0.400.2. The release can be downloaded from: http://virt-manager.org/download.html The direct download link is: http://virt-manager.org/download/sources/virtinst/virtinst-0.400.2.tar.gz This release includes: - New virt-clone option --original-xml, allows cloning a guest from an xml file, rather than require an existing, defined guest. - New virt-install option --import, allows creating a guest from an existing disk image, bypassing any OS install phase. - New virt-install option --host-device, for connecting a physical host device to the guest. - Allow specifying 'cache' value via virt-install's --disk options (Ben Kochie) - New virt-install option --nonetworks (John Levon) - Lots of backend cleanups and documentation improvements. Thanks to everyone who has contributed to this release through testing, bug reporting, submitting patches, and otherwise sending in feedback! Thanks, Cole

1 0

[libvirt] [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver".
by Jim Meyering 03 Mar '09

03 Mar '09

>From 0e79e00614e8c6cd2b7fe7bcad1d52b2de1a3a58 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering(a)redhat.com> Date: Tue, 3 Mar 2009 17:42:53 +0100 Subject: [PATCH] * qemud/libvirtd_qemu.aug: Add "security_driver". --- qemud/libvirtd.conf | 4 ++-- qemud/libvirtd_qemu.aug | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/qemud/libvirtd.conf b/qemud/libvirtd.conf index 1fd5918..0e0b40c 100644 --- a/qemud/libvirtd.conf +++ b/qemud/libvirtd.conf @@ -289,7 +289,7 @@ # separated by spaces. # # e.g: -# log_filters="3:remote 4:event" +#log_filters = "3:remote 4:event" # to only get warning or errors from the remote layer and only errors from # the event layer. @@ -311,5 +311,5 @@ # # Multiple output can be defined , they just need to be separated by spaces. # e.g.: -# log_outputs="3:syslog:libvirtd" +#log_outputs = "3:syslog:libvirtd" # to log all warnings and errors to syslog under the libvirtd ident diff --git a/qemud/libvirtd_qemu.aug b/qemud/libvirtd_qemu.aug index b2e4318..e297a5f 100644 --- a/qemud/libvirtd_qemu.aug +++ b/qemud/libvirtd_qemu.aug @@ -27,6 +27,7 @@ module Libvirtd_qemu = | str_entry "vnc_tls_x509_cert_dir" | bool_entry "vnc_tls_x509_verify" | str_entry "vnc_password" + | str_entry "security_driver" (* Each enty in the config is one of the following three ... *) let entry = vnc_entry @@ -41,4 +42,3 @@ module Libvirtd_qemu = . Util.stdexcl let xfm = transform lns filter - -- 1.6.2.rc1.285.gc5f54

4 7

[libvirt] PATCH: Fix missing thread locking for new remote APIs
by Daniel P. Berrange 03 Mar '09

03 Mar '09

The remote driver additions for the sVirt APIs pre-date the time when we added thread support, and I didn't notice they were mising the lock calls. This patch adds the missing lock calls, so 'virsh dominfo' doesn't hang anymore due to an unlock without initial lock. It also fixes two return values to be -1 rather than -2 Daniel Index: src/libvirt.c =================================================================== RCS file: /data/cvs/libvirt/src/libvirt.c,v retrieving revision 1.198 diff -u -p -r1.198 libvirt.c --- src/libvirt.c 3 Mar 2009 09:14:28 -0000 1.198 +++ src/libvirt.c 3 Mar 2009 18:32:25 -0000 @@ -4206,7 +4206,7 @@ virDomainGetSecurityLabel(virDomainPtr d return conn->driver->domainGetSecurityLabel(domain, seclabel); virLibConnWarning(conn, VIR_ERR_NO_SUPPORT, __FUNCTION__); - return -2; + return -1; } /** @@ -4236,7 +4236,7 @@ virNodeGetSecurityModel(virConnectPtr co return conn->driver->nodeGetSecurityModel(conn, secmodel); virLibConnWarning(conn, VIR_ERR_NO_SUPPORT, __FUNCTION__); - return -2; + return -1; } /** Index: src/remote_internal.c =================================================================== RCS file: /data/cvs/libvirt/src/remote_internal.c,v retrieving revision 1.140 diff -u -p -r1.140 remote_internal.c --- src/remote_internal.c 3 Mar 2009 09:27:03 -0000 1.140 +++ src/remote_internal.c 3 Mar 2009 18:32:25 -0000 @@ -2302,26 +2302,33 @@ remoteDomainGetSecurityLabel (virDomainP remote_domain_get_security_label_args args; remote_domain_get_security_label_ret ret; struct private_data *priv = domain->conn->privateData; + int rv = -1; + + remoteDriverLock(priv); make_nonnull_domain (&args.dom, domain); memset (&ret, 0, sizeof ret); if (call (domain->conn, priv, 0, REMOTE_PROC_DOMAIN_GET_SECURITY_LABEL, (xdrproc_t) xdr_remote_domain_get_security_label_args, (char *)&args, (xdrproc_t) xdr_remote_domain_get_security_label_ret, (char *)&ret) == -1) { - return -1; + goto done; } if (ret.label.label_val != NULL) { if (strlen (ret.label.label_val) >= sizeof seclabel->label) { errorf (domain->conn, VIR_ERR_RPC, _("security label exceeds maximum: %zd"), sizeof seclabel->label - 1); - return -1; + goto done; } strcpy (seclabel->label, ret.label.label_val); seclabel->enforcing = ret.enforcing; } - return 0; + rv = 0; + +done: + remoteDriverUnlock(priv); + return rv; } static int @@ -2329,19 +2336,22 @@ remoteNodeGetSecurityModel (virConnectPt { remote_node_get_security_model_ret ret; struct private_data *priv = conn->privateData; + int rv = -1; + + remoteDriverLock(priv); memset (&ret, 0, sizeof ret); if (call (conn, priv, 0, REMOTE_PROC_NODE_GET_SECURITY_MODEL, (xdrproc_t) xdr_void, NULL, (xdrproc_t) xdr_remote_node_get_security_model_ret, (char *)&ret) == -1) { - return -1; + goto done; } if (ret.model.model_val != NULL) { if (strlen (ret.model.model_val) >= sizeof secmodel->model) { errorf (conn, VIR_ERR_RPC, _("security model exceeds maximum: %zd"), sizeof secmodel->model - 1); - return -1; + goto done; } strcpy (secmodel->model, ret.model.model_val); } @@ -2350,11 +2360,16 @@ remoteNodeGetSecurityModel (virConnectPt if (strlen (ret.doi.doi_val) >= sizeof secmodel->doi) { errorf (conn, VIR_ERR_RPC, _("security doi exceeds maximum: %zd"), sizeof secmodel->doi - 1); - return -1; + goto done; } strcpy (secmodel->doi, ret.doi.doi_val); } - return 0; + + rv = 0; + +done: + remoteDriverUnlock(priv); + return rv; } static char * -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

2 1

[libvirt] some questions about libvirt features and limitations
by Florian Vichot 03 Mar '09

03 Mar '09

Hello everyone, I'm working on a open source project (http://www.hynesim.org) in which we needed libvirt-like functionalities. As at the time, libvirt did not support OpenVZ, and it did not support VirtualBox, we went and implemented our own wrappers around Kvm/Qemu, VirtualBox and OpenVz (Honeyd too, but our wrapper is such an ugly hack that it doesn't really deserve mention). Now that time has passed, we'd would like to stop duplicating efforts, and use libvirt instead, and concentrate on more innovating functionalities for Hynesim. Also our wrappers are terrible hacks, and do a lot less error checking than libvirt :) But before I can replace our wrappers with libvirt, we're missing some functionalities (that I will propose a patch for if required), and there are a few questions concerning libvirt I've not managed to find an answer for, so I'd be very grateful if I could get some advice on them. Here goes: ------- Is it possible to add a device for any type of domain that would correspond to a TAP device on the host, and would be seen as a regular ethernet interface with a specific MAC address in the virtualized domain ? The "raw" commands to achieve that in OpenVZ and Qemu, for example, are: # kvm ... -net nic,macaddr=00:11:22:33:44:55 -net tap,ifname=tap0,script=no # vzctl set 100 --netif_add eth0,00:11:22:33:44:55,tap0 Is that doable in every driver supported by libvirt ? ------- Is the libvirtd daemon necessary for drivers other than Qemu ? I've been using the openvz driver alone for some tests (by connecting to "openvz:///system"), and yet I get warning messages: # sudo ./hellolibvirt openvz:///system Attempting to connect to hypervisor libvir: Remote error : unable to connect to '/var/run/libvirt/libvirt-sock': No such file or directory libvir: warning : Failed to find the network: Is the daemon running ? libvir: Remote error : unable to connect to '/var/run/libvirt/libvirt-sock': No such file or directory libvir: Remote error : unable to connect to '/var/run/libvirt/libvirt-sock': No such file or directory libvir: warning : Failed to find a node driver: Is the libvirtd daemon running ? Connected to hypervisor at "openvz:///system" Hypervisor: "OpenVZ" version: 3.0.22 There are 0 active and 1 inactive domains Inactive domains: 897 Disconnected from hypervisor The libvirtd daemon is indeed not running, as I don't see why it should be: I thought it was only useful for qemu guests. Am I right ? What is the role of the daemon exactly ? ------- Apparently the only way to start an OpenVZ domain is by specifying a template. Only problem is, when the VE is stopped, and undefined, all modifications are lost in the "private" file system of the VE (as it is deleted). The way we circumvented this in Hynesim is by specifying the --private option to "vzctl create" instead of the --ostemplate one. That way one can specify a dir that will be used directly as the filesystem for the VE. I was thinking maybe adding something along the lines of: <filesystem type='directory'> <source name='/path/to/ve/filesystem' /> <target dir='/'/> </filesystem> would do the trick. It looks simple enough to implement, so should I ? ------- Is there support in libvirt of "cloning" (duplicating a VM disk /filesystem) ? ------- Someone mentioned a VirtualBox driver. I'm highly interested in this. How is it going ? I'd be more than happy to beta test if required. Will it work with both PUEL and OSE versions ? When will it be ready for inclusion in libvirt ? How will you handle RDP access, as from what I saw only VNC is supported in libvirt currently ? ------- And last but not least, what are "node devices" ? The two pages about it are blank in the documentation. Are they the host machine, or a device of the host machine ? ------- I think that's all. Thank you for reading all this, Florian

1 0

[libvirt] PATCH: Fix build on Mingw32
by Daniel P. Berrange 03 Mar '09

03 Mar '09

pread() and pwrite() do not exist on mingw, and the nodedevxml2xmltest was adding libvirt_driver_qemu.la for some unknown reason - probably a cut & paste error. This broke the test compile when qemu was turned off as it is on mingw32. Daniel diff --git a/src/pci.c b/src/pci.c --- a/src/pci.c +++ b/src/pci.c @@ -156,7 +156,8 @@ pciRead(pciDevice *dev, unsigned pos, ui if (pciOpenConfig(dev) < 0) return -1; - if (pread(dev->fd, buf, buflen, pos) < 0) { + if (lseek(dev->fd, pos, SEEK_SET) != pos || + read(dev->fd, buf, buflen) < 0) { char ebuf[1024]; VIR_WARN(_("Failed to read from '%s' : %s"), dev->path, virStrerror(errno, ebuf, sizeof(ebuf))); @@ -195,7 +196,8 @@ pciWrite(pciDevice *dev, unsigned pos, u if (pciOpenConfig(dev) < 0) return -1; - if (pwrite(dev->fd, buf, buflen, pos) < 0) { + if (lseek(dev->fd, pos, SEEK_SET) != pos || + write(dev->fd, buf, buflen) < 0) { char ebuf[1024]; VIR_WARN(_("Failed to write to '%s' : %s"), dev->path, virStrerror(errno, ebuf, sizeof(ebuf))); diff --git a/tests/Makefile.am b/tests/Makefile.am --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -185,7 +185,7 @@ endif nodedevxml2xmltest_SOURCES = \ nodedevxml2xmltest.c \ testutils.c testutils.h -nodedevxml2xmltest_LDADD = ../src/libvirt_driver_qemu.la $(LDADDS) +nodedevxml2xmltest_LDADD = $(LDADDS) virshtest_SOURCES = \ virshtest.c \ -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

3 4

[libvirt] PATCH: Mark <seclabel> as dynamic generated, or statically pre-defined
by Daniel P. Berrange 03 Mar '09

03 Mar '09

This patch implements the behaviour I was refering to earlier, whereby the domain XML explicitly says whether the security label is a statically pre-defined one, or dynamically generated on VM boot by libvirtd So when creating a new guest, apps like virt-install have 2 options: - Leave out the <seclabel> tag completely -> If no security driver is active, just works as normal unconfined VM -> If a security driver is active, a dynamic seclabel is generated <seclabel type='dynamic' model='selinux'> <label>system_u:system_r:qemu_t:s0:c424,c719</label> <imagelabel>system_u:object_r:virt_image_t:s0:c424,c719</imagelabel> </seclabel> - Add an explicit <seclabel> tag with type='static' attribute -> Security driver uses the defined label & imagelabel <seclabel type='static' model='selinux'> <label>system_u:system_r:qemu_t:s0:c25,c100</label> <imagelabel>system_u:system_r:virt_image_t:s0:c25,c100</imagelabel> </seclabel> A static seclabel is visible in the XML, at all times, whether the VM is active or inactive. A dynamic seclabel is only visible when the VM is running, since it is auto-generated at VM boot. If you migrate the VM, or save/restore it, the dynamic seclabel will change on each boot. The seclabel isn't visible when not running, or if asking for the inactive XML dump This patch implements parsing of the 'type' attribute, and makes the seclabel generation key off this attribute. It also adds the 'imagelabel' XML element, since that was being used internally, but was not including in the XML output, or parsing routines, making it impossible to specify a pre-defined image label or see the dyanmic one domain_conf.c | 65 +++++++++++++++++++++++++++++++++++++++++++---------- domain_conf.h | 9 +++++++ qemu_driver.c | 13 ++++++++-- security_selinux.c | 1 4 files changed, 73 insertions(+), 15 deletions(-) Daniel Index: src/domain_conf.c =================================================================== RCS file: /data/cvs/libvirt/src/domain_conf.c,v retrieving revision 1.70 diff -u -p -r1.70 domain_conf.c --- src/domain_conf.c 3 Mar 2009 09:44:42 -0000 1.70 +++ src/domain_conf.c 3 Mar 2009 15:36:02 -0000 @@ -168,6 +168,10 @@ VIR_ENUM_IMPL(virDomainState, VIR_DOMAIN "shutoff", "crashed") +VIR_ENUM_IMPL(virDomainSeclabel, VIR_DOMAIN_SECLABEL_LAST, + "dynamic", + "static") + #define virDomainReportError(conn, code, fmt...) \ virReportErrorHelper(conn, VIR_FROM_DOMAIN, code, __FILE__, \ __FUNCTION__, __LINE__, fmt) @@ -1847,24 +1851,46 @@ static int virDomainLifecycleParseXML(vi static int virSecurityLabelDefParseXML(virConnectPtr conn, const virDomainDefPtr def, - xmlXPathContextPtr ctxt) + xmlXPathContextPtr ctxt, + int flags) { char *p; if (virXPathNode(conn, "./seclabel", ctxt) == NULL) return 0; - p = virXPathStringLimit(conn, "string(./seclabel/label[1])", + p = virXPathStringLimit(conn, "string(./seclabel/@type)", VIR_SECURITY_LABEL_BUFLEN-1, ctxt); if (p == NULL) goto error; - def->seclabel.label = p; - - p = virXPathStringLimit(conn, "string(./seclabel/@model)", - VIR_SECURITY_MODEL_BUFLEN-1, ctxt); - if (p == NULL) + if ((def->seclabel.type = virDomainSeclabelTypeFromString(p)) < 0) goto error; - def->seclabel.model = p; + VIR_FREE(p); + + /* Only parse details, if using static labels, or + * if the 'live' VM XML is requested + */ + if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC || + !(flags & VIR_DOMAIN_XML_INACTIVE)) { + p = virXPathStringLimit(conn, "string(./seclabel/@model)", + VIR_SECURITY_MODEL_BUFLEN-1, ctxt); + if (p == NULL) + goto error; + def->seclabel.model = p; + + p = virXPathStringLimit(conn, "string(./seclabel/label[1])", + VIR_SECURITY_LABEL_BUFLEN-1, ctxt); + if (p == NULL) + goto error; + def->seclabel.label = p; + + p = virXPathStringLimit(conn, "string(./seclabel/imagelabel[1])", + VIR_SECURITY_LABEL_BUFLEN-1, ctxt); + if (p == NULL) + goto error; + def->seclabel.imagelabel = p; + + } return 0; @@ -2458,7 +2484,7 @@ static virDomainDefPtr virDomainDefParse VIR_FREE(nodes); /* analysis of security label */ - if (virSecurityLabelDefParseXML(conn, def, ctxt) == -1) + if (virSecurityLabelDefParseXML(conn, def, ctxt, flags) == -1) goto error; return def; @@ -3480,9 +3506,24 @@ char *virDomainDefFormat(virConnectPtr c virBufferAddLit(&buf, " </devices>\n"); if (def->seclabel.model) { - virBufferEscapeString(&buf, " <seclabel model='%s'>\n", def->seclabel.model); - virBufferEscapeString(&buf, " <label>%s</label>\n", def->seclabel.label); - virBufferAddLit(&buf, " </seclabel>\n"); + const char *sectype = virDomainSeclabelTypeToString(def->seclabel.type); + if (!sectype) + goto cleanup; + if (!def->seclabel.label || + (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && + (flags & VIR_DOMAIN_XML_INACTIVE))) { + virBufferVSprintf(&buf, " <seclabel type='%s' model='%s'/>\n", + sectype, def->seclabel.model); + } else { + virBufferVSprintf(&buf, " <seclabel type='%s' model='%s'>\n", + sectype, def->seclabel.model); + virBufferEscapeString(&buf, " <label>%s</label>\n", + def->seclabel.label); + if (def->seclabel.imagelabel) + virBufferEscapeString(&buf, " <imagelabel>%s</imagelabel>\n", + def->seclabel.imagelabel); + virBufferAddLit(&buf, " </seclabel>\n"); + } } virBufferAddLit(&buf, "</domain>\n"); Index: src/domain_conf.h =================================================================== RCS file: /data/cvs/libvirt/src/domain_conf.h,v retrieving revision 1.39 diff -u -p -r1.39 domain_conf.h --- src/domain_conf.h 3 Mar 2009 09:44:42 -0000 1.39 +++ src/domain_conf.h 3 Mar 2009 15:36:02 -0000 @@ -410,6 +410,13 @@ struct _virDomainOSDef { char *bootloaderArgs; }; +enum virDomainSeclabelType { + VIR_DOMAIN_SECLABEL_DYNAMIC, + VIR_DOMAIN_SECLABEL_STATIC, + + VIR_DOMAIN_SECLABEL_LAST, +}; + /* Security configuration for domain */ typedef struct _virSecurityLabelDef virSecurityLabelDef; typedef virSecurityLabelDef *virSecurityLabelDefPtr; @@ -417,6 +424,7 @@ struct _virSecurityLabelDef { char *model; /* name of security model */ char *label; /* security label string */ char *imagelabel; /* security image label string */ + int type; }; #define VIR_DOMAIN_CPUMASK_LEN 1024 @@ -650,5 +658,6 @@ VIR_ENUM_DECL(virDomainInputBus) VIR_ENUM_DECL(virDomainGraphics) /* from libvirt.h */ VIR_ENUM_DECL(virDomainState) +VIR_ENUM_DECL(virDomainSeclabel) #endif /* __DOMAIN_CONF_H */ Index: src/qemu_driver.c =================================================================== RCS file: /data/cvs/libvirt/src/qemu_driver.c,v retrieving revision 1.213 diff -u -p -r1.213 qemu_driver.c --- src/qemu_driver.c 3 Mar 2009 15:18:24 -0000 1.213 +++ src/qemu_driver.c 3 Mar 2009 15:36:02 -0000 @@ -1314,9 +1314,9 @@ static int qemudStartVMDaemon(virConnect hookData.vm = vm; hookData.driver = driver; - /* If you are using a SecurityDriver and there was no security label in - database, then generate a security label for isolation */ - if (vm->def->seclabel.label == NULL && + /* If you are using a SecurityDriver with dynamic labelling, + then generate a security label for isolation */ + if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && driver->securityDriver && driver->securityDriver->domainGenSecurityLabel && driver->securityDriver->domainGenSecurityLabel(conn, vm) < 0) @@ -1525,6 +1525,13 @@ static void qemudShutdownVMDaemon(virCon if (driver->securityDriver) driver->securityDriver->domainRestoreSecurityLabel(conn, vm); + /* Clear out dynamically assigned labels */ + if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) { + VIR_FREE(vm->def->seclabel.model); + VIR_FREE(vm->def->seclabel.label); + VIR_FREE(vm->def->seclabel.imagelabel); + } + if (qemudRemoveDomainStatus(conn, driver, vm) < 0) { VIR_WARN(_("Failed to remove domain status for %s"), vm->def->name); Index: src/security_selinux.c =================================================================== RCS file: /data/cvs/libvirt/src/security_selinux.c,v retrieving revision 1.2 diff -u -p -r1.2 security_selinux.c --- src/security_selinux.c 3 Mar 2009 15:18:24 -0000 1.2 +++ src/security_selinux.c 3 Mar 2009 15:36:02 -0000 @@ -161,6 +161,7 @@ SELinuxGenSecurityLabel(virConnectPtr co char *scontext = NULL; int c1 = 0; int c2 = 0; + if ( ( vm->def->seclabel.label ) || ( vm->def->seclabel.model ) || ( vm->def->seclabel.imagelabel )) { -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

3 3

[libvirt] [PATCH] config: fix a typo
by Jim Meyering 03 Mar '09

03 Mar '09

>From 5cdfbefc15f81b3be7e2d60b3d173fdb2352a83c Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering(a)redhat.com> Date: Tue, 3 Mar 2009 15:58:49 +0100 Subject: [PATCH] config: fix a typo * src/qemu_conf.c (CHECK_TYPE): Fix typo: s/security_river/security_driver/ --- src/qemu_conf.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/qemu_conf.c b/src/qemu_conf.c index 71fed5a..03f710f 100644 --- a/src/qemu_conf.c +++ b/src/qemu_conf.c @@ -152,7 +152,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, } p = virConfGetValue (conf, "security_driver"); - CHECK_TYPE ("security_river", VIR_CONF_STRING); + CHECK_TYPE ("security_driver", VIR_CONF_STRING); if (p && p->str) { if (!(driver->securityDriverName = strdup(p->str))) { virReportOOMError(NULL); -- 1.6.2.rc1.285.gc5f54

2 1