[libvirt] [PATCH] configure.ac SELinux fixes
by spencer@beyondabstraction.net
* Fix a logic error in configure.ac that prevented --with-selinux=no from being used with --with-secdriver-selinux=no.
* Fix some strings to clarify the difference between --with-selinux and --with-secdriver-selinux.
Signed-off-by: Spencer Shimko <sshimko(a)tresys.com>
---
configure.ac | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index 42c09b4..68dca54 100644
--- a/configure.ac
+++ b/configure.ac
@@ -869,14 +869,14 @@ if test "$with_selinux" != "no"; then
AC_CHECK_HEADER([selinux/selinux.h],[],[fail=1])
AC_CHECK_LIB([selinux], [fgetfilecon],[],[fail=1])
test $fail = 1 &&
- AC_MSG_ERROR([You must install the SELinux development package in order to compile libvirt])
+ AC_MSG_ERROR([You must install the libselinux development package in order to compile libvirt with basic SELinux support])
fi
CFLAGS="$old_cflags"
LIBS="$old_libs"
fi
if test "$with_selinux" = "yes"; then
SELINUX_LIBS="-lselinux"
- AC_DEFINE_UNQUOTED([HAVE_SELINUX], 1, [whether SELinux is available for security])
+ AC_DEFINE_UNQUOTED([HAVE_SELINUX], 1, [whether basic SELinux functionality is available])
fi
AM_CONDITIONAL([HAVE_SELINUX], [test "$with_selinux" != "no"])
AC_SUBST([SELINUX_CFLAGS])
@@ -891,9 +891,9 @@ AC_ARG_WITH([secdriver-selinux],
if test "$with_selinux" != "yes" ; then
if test "$with_secdriver_selinux" = "check" ; then
with_secdriver_selinux=no
- else
- AC_MSG_ERROR([You must install the SELinux development package in order to compile libvirt])
- fi
+ elif test "$with_secdriver_selinux" = "yes"; then
+ AC_MSG_ERROR([You must install the libselinux development package and enable SELinux with the --with-selinux=yes in order to compile libvirt --with-secdriver-selinux=yes])
+ fi
else
old_cflags="$CFLAGS"
old_libs="$LIBS"
@@ -910,7 +910,7 @@ else
if test "$with_secdriver_selinux" = "check" ; then
with_secdriver_selinux=no
else
- AC_MSG_ERROR([You must install the SELinux development package in order to compile libvirt])
+ AC_MSG_ERROR([You must install libselinux development package >= 2.0.82 in order to compile libvirt --with-secdriver-selinux=yes])
fi
else
with_secdriver_selinux=yes
--
1.6.6.1
14 years, 7 months
[libvirt] seg fault when running snapshot-create
by Stephen Shaw
I'm getting a seg fault when running virsh snapshot-create 1, but only
when virt-manager is open and connected.
Here is some of the debug info I was able to come up with -
http://fpaste.org/9GO6/ (bt)
http://fpaste.org/7gkH/ ('thread apply all bt)
* After the crash
(gdb) p mon->msg
$1 = (qemuMonitorMessagePtr) 0x0
nibbler:~ # libvirtd --version
libvirtd (libvirt) 0.8.0
Please let me know if there is any other information you need.
Stephen
14 years, 7 months
[libvirt] [PATCH] Fix handling of security driver restore failures in QEMU domain save
by Daniel P. Berrange
In cases where the security driver failed to restore a label after a
guest has saved, we mistakenly jumped to the error cleanup paths.
This is not good, because the operation has in fact completed and
cannot be rolled back completely. Label restore is non-critical, so
just log the problem instead. Also add a missing restore call in
the error cleanup path
* src/qemu/qemu_driver.c: Fix handling of security driver
restore failures in QEMU domain save
---
src/qemu/qemu_driver.c | 48 +++++++++++++++++++++++++-----------------------
1 files changed, 25 insertions(+), 23 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3bea7e7..7b92965 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5050,16 +5050,13 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
- goto endjob;
+ VIR_WARN("failed to restore save state label on %s", path);
if (cgroup != NULL) {
rc = virCgroupDenyDevicePath(cgroup, path);
- if (rc != 0) {
- virReportSystemError(-rc,
- _("Unable to deny device %s for %s"),
- path, vm->def->name);
- goto endjob;
- }
+ if (rc != 0)
+ VIR_WARN("Unable to deny device %s for %s %d",
+ path, vm->def->name, rc);
}
ret = 0;
@@ -5078,24 +5075,29 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
endjob:
if (vm) {
- if (ret != 0 && header.was_running && priv->mon) {
- qemuDomainObjEnterMonitorWithDriver(driver, vm);
- rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
- qemuDomainObjExitMonitorWithDriver(driver, vm);
- if (rc < 0)
- VIR_WARN0("Unable to resume guest CPUs after save failure");
- else
- vm->state = VIR_DOMAIN_RUNNING;
- }
+ if (ret != 0) {
+ if (header.was_running && priv->mon) {
+ qemuDomainObjEnterMonitorWithDriver(driver, vm);
+ rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
+ qemuDomainObjExitMonitorWithDriver(driver, vm);
+ if (rc < 0)
+ VIR_WARN0("Unable to resume guest CPUs after save failure");
+ else
+ vm->state = VIR_DOMAIN_RUNNING;
+ }
- if (ret != 0 && cgroup != NULL) {
- rc = virCgroupDenyDevicePath(cgroup, path);
- if (rc != 0) {
- virReportSystemError(-rc,
- _("Unable to deny device %s for %s"),
- path, vm->def->name);
- goto endjob;
+ if (cgroup != NULL) {
+ rc = virCgroupDenyDevicePath(cgroup, path);
+ if (rc != 0)
+ VIR_WARN("Unable to deny device %s for %s: %d",
+ path, vm->def->name, rc);
}
+
+ if ((!bypassSecurityDriver) &&
+ driver->securityDriver &&
+ driver->securityDriver->domainRestoreSavedStateLabel &&
+ driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
+ VIR_WARN("failed to restore save state label on %s", path);
}
if (qemuDomainObjEndJob(vm) == 0)
--
1.6.5.2
14 years, 7 months
[libvirt] [PATCH] Fix printing of event detail in python events demo program
by Daniel P. Berrange
The events demo program is slightly misleading printing
myDomainEventCallback1 EVENT: Domain f14i686(-1) Added
which is not distinguishing Add vs Update events. It should have
been doing
myDomainEventCallback1 EVENT: Domain f14i686(-1) Defined Updated
* examples/domain-events/events-python/event-test.py: Fully print
event detail info string
---
examples/domain-events/events-python/event-test.py | 27 ++++++++++++++-----
1 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/examples/domain-events/events-python/event-test.py b/examples/domain-events/events-python/event-test.py
index 0c6e2f0..7c5af68 100644
--- a/examples/domain-events/events-python/event-test.py
+++ b/examples/domain-events/events-python/event-test.py
@@ -396,21 +396,34 @@ def virEventLoopPureStart():
# Everything that now follows is a simple demo of domain lifecycle events
##########################################################################
def eventToString(event):
- eventStrings = ( "Added",
- "Removed",
+ eventStrings = ( "Defined",
+ "Undefined",
"Started",
"Suspended",
"Resumed",
- "Stopped",
- "Saved",
- "Restored" );
+ "Stopped" );
return eventStrings[event];
+def detailToString(event, detail):
+ eventStrings = (
+ ( "Added", "Updated" ),
+ ( "Removed" ),
+ ( "Booted", "Migrated", "Restored", "Snapshot" ),
+ ( "Paused", "Migrated", "IOError", "Watchdog" ),
+ ( "Unpaused", "Migrated"),
+ ( "Shutdown", "Destroyed", "Crashed", "Migrated", "Saved", "Failed", "Snapshot")
+ )
+ return eventStrings[event][detail]
+
def myDomainEventCallback1 (conn, dom, event, detail, opaque):
- print "myDomainEventCallback1 EVENT: Domain %s(%s) %s %d" % (dom.name(), dom.ID(), eventToString(event), detail)
+ print "myDomainEventCallback1 EVENT: Domain %s(%s) %s %s" % (dom.name(), dom.ID(),
+ eventToString(event),
+ detailToString(event, detail))
def myDomainEventCallback2 (conn, dom, event, detail, opaque):
- print "myDomainEventCallback2 EVENT: Domain %s(%s) %s %d" % (dom.name(), dom.ID(), eventToString(event), detail)
+ print "myDomainEventCallback2 EVENT: Domain %s(%s) %s %s" % (dom.name(), dom.ID(),
+ eventToString(event),
+ detailToString(event, detail))
def myDomainEventRebootCallback(conn, dom, opaque):
print "myDomainEventRebootCallback: Domain %s(%s)" % (dom.name(), dom.ID())
--
1.6.6.1
14 years, 7 months
[libvirt] [PATCH 1/2] Fix CPU hotplug command names
by Daniel P. Berrange
Probably as a result of a merge error, the CPU hotplug command
names were completely wrong.
* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
the CPU hotplug command names
---
src/qemu/qemu_monitor_json.c | 2 +-
src/qemu/qemu_monitor_text.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index cde9899..96f246f 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -1181,7 +1181,7 @@ int qemuMonitorJSONSetCPU(qemuMonitorPtr mon,
int cpu, int online)
{
int ret;
- virJSONValuePtr cmd = qemuMonitorJSONMakeCommand("balloon",
+ virJSONValuePtr cmd = qemuMonitorJSONMakeCommand("cpu_set",
"U:cpu", (unsigned long long)cpu,
"s:state", online ? "online" : "offline",
NULL);
diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
index 6ad07b1..db3806d 100644
--- a/src/qemu/qemu_monitor_text.c
+++ b/src/qemu/qemu_monitor_text.c
@@ -800,7 +800,7 @@ int qemuMonitorTextSetBalloon(qemuMonitorPtr mon,
/*
- * Returns: 0 if balloon not supported, +1 if balloon adjust worked
+ * Returns: 0 if CPU hotplug not supported, +1 if CPU hotplug worked
* or -1 on failure
*/
int qemuMonitorTextSetCPU(qemuMonitorPtr mon, int cpu, int online)
@@ -809,7 +809,7 @@ int qemuMonitorTextSetCPU(qemuMonitorPtr mon, int cpu, int online)
char *reply = NULL;
int ret = -1;
- if (virAsprintf(&cmd, "set_cpu %d %s", cpu, online ? "online" : "offline") < 0) {
+ if (virAsprintf(&cmd, "cpu_set %d %s", cpu, online ? "online" : "offline") < 0) {
virReportOOMError();
return -1;
}
--
1.6.6.1
14 years, 7 months
[libvirt] Plan for a 0.8.1 by end of next week
by Daniel Veillard
Checking git history since the release of 0.8.0, I'm seeing an
impressive set of bug fixes and cleanups, and relatively few actual
features changes. So I think it's sensible to try to make a new release
0.8.1 basically a 0.8.0 fixed version, and in a relatively short
timeframe. To try to realign with our initial goal of releasing on
Friday at the end of the month, I suggest we plan to make 0.8.1 by
next Friday, the 30th April. Having a release with the snapshot feature
fixed would IMHO suffice to justify this release, but git history
right now makes a good case for such an early push.
So unless we get serious objections, I suggest to continue
the bug fixing trend, limit features commit next week and, have
a cleaned up 0.8.1 available end of next week.
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
14 years, 7 months
[libvirt] [PATCH] portability fixes to tools/virt-pki-validate.in
by Dustin Kirkland
portability fixes to tools/virt-pki-validate.in
A few fixes will help make tools/virt-pki-validate.in useful on Debian
and Ubuntu. And one fix should be useful to everyone (see #4).
1) note our gnutls-bin package (in addition to your gnutls-utils
package) in the no-certtool error text
2) adjust the ORG-setting sed regular expressions to work with both Red
Hat and Ubuntu style cacert.pem Issuer format
3) fix a bashism, == should be = in the case where /bin/sh is a symlink
to dash
4) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR
variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR
everywhere
This was tested against gnutls 2.8.5. And against both Red Hat and
Ubuntu cacert.pem files. Credit Jamie Strandboge with the regular
expression changes.
Bug report:
* https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266
Signed-off-by: Dustin Kirkland <kirkland(a)canonical.com>
diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
index ee7b79d..d335997 100755
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -16,8 +16,8 @@ PORT=16514
CERTOOL=`which certtool 2>/dev/null`
if [ ! -x $CERTOOL ]
then
- echo Could not locate the certtool program
- echo make sure the gnutls-utils package is installed
+ echo "Could not locate the certtool program"
+ echo "make sure the gnutls-utils (or gnutls-bin) package is installed"
exit 1
fi
echo Found $CERTOOL
@@ -25,7 +25,8 @@ echo Found $CERTOOL
#
# Check the directory structure
#
-PKI="@SYSCONFDIR@/pki"
+SYSCONFDIR="@SYSCONFDIR@"
+PKI="$SYSCONFDIR/pki"
if [ ! -d $PKI ]
then
echo the $PKI directory is missing, it is usually
@@ -129,8 +130,8 @@ then
echo "as root do: chmod 644 $CA/cacert.pem"
exit 1
fi
-ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'`
-if [ "$ORG" == "" ]
+ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'`
+if [ "$ORG" = "" ]
then
echo the CA certificate $CA/cacert.pem does not define the organization
echo it should probably regenerated
@@ -240,19 +241,19 @@ fi
if [ "$SERVER" = "1" ]
then
- if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ]
+ if [ -r $SYSCONFDIR/sysconfig/libvirtd ]
then
- if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
+ if [ "`grep '^LIBVIRTD_ARGS' $SYSCONFDIR/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
then
- echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to
+ echo Make sure $SYSCONFDIR/sysconfig/libvirtd is setup to listen to
echo TCP/IP connections and restart the libvirtd service
fi
fi
- if [ -r $(SYSCONFDIR)/sysconfig/iptables ]
+ if [ -r $SYSCONFDIR/sysconfig/iptables ]
then
- if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ]
+ if [ "`grep $PORT $SYSCONFDIR/sysconfig/iptables`" = "" ]
then
- echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow
+ echo Make sure $SYSCONFDIR/sysconfig/iptables is setup to allow
echo incoming TCP/IP connections on port $PORT and
echo restart the iptables service
fi
14 years, 7 months
Re: [libvirt] Failed to insert a cd in a virtual machine running
by Jorge Alejandro Rodríguez
the problem is because of new version of qemu, the name of devices isn't
ide0-0-, is drive-ide0-0-1.
2010/4/22 Jorge Alejandro Rodríguez <jrodriguez(a)dit.upm.es>
> I can't attach a cd when a vm is running with qemu 0.12.3 (ubuntu 10.04),
> the problem is not with qemu because when I start the vm with kvm command
> (without libvirt) I can change the cd with qemu-monitor without any problem
> and eject it too (libvirt say me that it isn't supported by hypervisor).
>
> the versions of libvirt that I have tried are 0.7.7 and 0.8.0.
>
> Any ideas?
>
> Thanks.
> Jorge
>
14 years, 7 months
Re: [libvirt] unable to set security context (NFSv4 problem?)
by Harald Dunkel
Hi Spencer,
I could reproduce the EINVAL on the command line:
srvl022:/storage# touch /storage/x
srvl022:/storage# chown 110:140 /storage/x
chown: changing ownership of `/storage/x': Invalid argument
110 and 140 are not valid UIDs and GIDs on the NFS
server. They are defined in the local passwd/group files
on the libvirt server only. After defining the user and
group on the NFS server the error message is gone.
Obviously NFSv4 is a little bit picky about remote root
users trying to change the ownership of files. This seems
to break qemuSecurityDACSetOwnership() in qemu_security_dac.c,
giving me the "unable to set security context" message.
Do you think it would be possible to introduce a configure
option '--with-dac=no'?
Regards
Harri
14 years, 7 months
