[libvirt] nwfilter: Don't compile nwfilter driver on other systems than Linux
by Stefan Berger
Don't compile the nwfilter driver (instantiating the rules) on other
systems than Linux.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
diff --git a/configure.ac b/configure.ac
index 23181dd..4cb0f50 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1361,7 +1361,7 @@ fi
AM_CONDITIONAL([WITH_SECRETS], [test "$with_secrets" = "yes"])
with_nwfilter=yes
-if test "$with_libvirtd" = "no"; then
+if test "$with_libvirtd" = "no" || test `uname -s` != "Linux"; then
with_nwfilter=no
fi
if test "$with_nwfilter" = "yes" ; then
14 years, 1 month
[libvirt] [PATCH] python: drop unneccesary conn assignment
by Dan Kenigsberg
Since 554d82a200289938d5639a782a9f12e3e2e968f0, conn is unused. Let's
drop it - but keep the signature of the constructor for backward
compatibility.
---
python/libvirt-override.py | 9 ---------
1 files changed, 0 insertions(+), 9 deletions(-)
diff --git a/python/libvirt-override.py b/python/libvirt-override.py
index de1af2d..d544a0e 100644
--- a/python/libvirt-override.py
+++ b/python/libvirt-override.py
@@ -18,15 +18,6 @@ import types
class libvirtError(Exception):
def __init__(self, defmsg, conn=None, dom=None, net=None, pool=None, vol=None):
- if dom is not None:
- conn = dom._conn
- elif net is not None:
- conn = net._conn
- elif pool is not None:
- conn = pool._conn
- elif vol is not None:
- conn = vol._conn
-
# Never call virConnGetLastError().
# virGetLastError() is now thread local
err = virGetLastError()
--
1.7.2.1
14 years, 1 month
[libvirt] [PATCH] nwfilter: add a missing define, so libvirtd builds on macos x
by Justin Clift
The nwfilter code uses ETH_ALEN, which isn't defined on MacOS X.
This is a simple workaround, to add it when missing.
---
src/nwfilter/nwfilter_learnipaddr.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c
index 7c94fc2..554422b 100644
--- a/src/nwfilter/nwfilter_learnipaddr.c
+++ b/src/nwfilter/nwfilter_learnipaddr.c
@@ -38,6 +38,11 @@
#include <net/if_arp.h>
#include <intprops.h>
+// Add Linux define missing from OSX
+#ifndef ETH_ALEN
+#define ETH_ALEN 6 /* Octets in one ethernet addr */
+#endif
+
#include "internal.h"
#include "buf.h"
--
1.7.2.3
14 years, 1 month
[libvirt] [patch 0/5] nwfilter: Support comment attribute in filter rule descriptions
by Stefan Berger
The following patch series adds support for a comment node to the XML
attributes of all protocols. If possible, as for example in case of iptables,
the comments are instantiated (iptables ... -m comment --comment ...).
The patches do the following:
- extend the parser and XML generator to parse and create XML with the
comment attribute
- instantiate the comment in case of ip(6)tables
- extend the nwfilter.rng schema with the comment attribute
- add the information to the web docs
- add a test case for the XML parser/generator to be run during 'make check'
Regards,
Stefan
14 years, 1 month
[libvirt] [PATCH] [TCK] nwfilter: test case for comment attribute
by Stefan Berger
This patch adds data for a test case for the comment attribute in the
nwfilter XML.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 71
+++++++++++++++
scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml | 68
++++++++++++++
2 files changed, 139 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml
@@ -0,0 +1,68 @@
+<filter name='tck-testcase'>
+ <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
+
+ <rule action='accept' direction='in'>
+ <mac protocolid='0x1234' comment='mac rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <ip srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
+ srcipaddr='10.1.2.3' srcipmask='255.255.255.255'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ protocol='udp'
+ srcportstart='0x123' srcportend='0x234'
+ dstportstart='0x3456' dstportend='0x4567'
+ dscp='0x32' comment='ip rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80'
+ srcipaddr='::10.1.2.3' srcipmask='22'
+ dstipaddr='::10.1.2.3'
+ dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000'
+ protocol='tcp'
+ srcportstart='0x111' srcportend='400'
+ dstportstart='0x3333' dstportend='65535' comment='ipv6 rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
+ hwtype='0x12'
+ protocoltype='0x56'
+ opcode='Request'
+ arpsrcmacaddr='1:2:3:4:5:6'
+ arpdstmacaddr='a:b:c:d:e:f'
+ comment='arp rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <udp srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='0x22'
+ srcportstart='0x123' srcportend='400'
+ dstportstart='0x234' dstportend='0x444'
+ comment='udp rule'/>
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <tcp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='0x40'
+ srcportstart='0x20' srcportend='0x21'
+ dstportstart='0x100' dstportend='0x1111'
+ comment='tcp/ipv6 rule'/>
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <udp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='0x40'
+ srcportstart='0x20' srcportend='0x21'
+ dstportstart='0x100' dstportend='0x1111'
+ comment='`ls`;${COLUMNS};$(ls);"test";&'/>
+ </rule>
+
+</filter>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -0,0 +1,71 @@
+#ebtables -t nat -L PREROUTING | grep vnet0 | grep -v "^Bridge" | grep
-v "^$"
+-i vnet0 -j libvirt-I-vnet0
+#ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep
-v "^$"
+-o vnet0 -j libvirt-O-vnet0
+#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
+-p IPv4 -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --ip-src 10.1.2.3 --ip-dst
10.1.2.3 --ip-tos 0x32 --ip-proto udp --ip-sport 291:564 --ip-dport
13398:17767 -j ACCEPT
+-p IPv6 -s 1:2:3:4:5:6/ff:ff:ff:ff:ff:fe -d
aa:bb:cc:dd:ee:80/ff:ff:ff:ff:ff:80 --ip6-src ::/ffff:fc00:: --ip6-dst
::10.1.0.0/ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000 --ip6-proto tcp
--ip6-sport 273:400 --ip6-dport 13107:65535 -j ACCEPT
+-p ARP -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --arp-op Request --arp-htype
18 --arp-ptype 0x56 --arp-mac-src 1:2:3:4:5:6 --arp-mac-dst a:b:c:d:e:f
-j ACCEPT
+#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
+-p 0x1234 -j ACCEPT
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092
+#iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV
match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out
vnet0
+#ip6tables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED
+RETURN udp ::/0 a:b:c::/128 /*
`ls`;${COLUMNS};$(ls);"test";& */ udp spts:256:4369 dpts:32:33 state
ESTABLISHED
+#ip6tables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state
NEW,ESTABLISHED
+ACCEPT udp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 /* `ls`;${COLUMNS};$(ls);"test";& */ udp spts:32:33
dpts:256:4369 state NEW,ESTABLISHED
+#ip6tables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33
+ACCEPT udp ::/0 a:b:c::/128 /*
`ls`;${COLUMNS};$(ls);"test";& */ udp spts:256:4369 dpts:32:33
+#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in-post -n | grep vnet0
+ACCEPT all ::/0 ::/0 PHYSDEV
match --physdev-in vnet0
+#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV
match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out
vnet0
+#ip6tables -L INPUT -n --line-numbers | grep libvirt
+1 libvirt-host-in all ::/0 ::/0
+#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in-post -n | grep vnet0
+ACCEPT all ::/0 ::/0 PHYSDEV
match --physdev-in vnet0
+#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
14 years, 1 month
[libvirt] [PATCH] nwfilter: report if ip(6)tables rules would not be effective
by Stefan Berger
The patch below reports a warning in the log if the generated
ip(6)tables rules would not be effective due to the proc filesystem entries
/proc/sys/net/bridge/bridge-nf-call-iptables
/proc/sys/net/bridge/bridge-nf-call-ip6tables
containing a '0'. The warning tells the user what to do. I am
rate-limiting the warning message to appear only every 10 seconds.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
src/nwfilter/nwfilter_ebiptables_driver.c | 51
++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -24,6 +24,7 @@
#include <config.h>
#include <sys/stat.h>
+#include <fcntl.h>
#include "internal.h"
@@ -63,6 +64,13 @@
: ""
+#define PROC_BRIDGE_NF_CALL_IPTABLES \
+ "/proc/sys/net/bridge/bridge-nf-call-iptables"
+#define PROC_BRIDGE_NF_CALL_IP6TABLES \
+ "/proc/sys/net/bridge/bridge-nf-call-ip6tables"
+
+#define BRIDGE_NF_CALL_ALERT_INTERVAL 10 /* seconds */
+
static char *ebtables_cmd_path;
static char *iptables_cmd_path;
static char *ip6tables_cmd_path;
@@ -2986,6 +2994,45 @@ ebiptablesRuleOrderSort(const void *a, c
}
+static void
+iptablesCheckBridgeNFCallEnabled(bool isIPv6)
+{
+ static time_t lastReport, lastReportIPv6;
+ const char *pathname = NULL;
+ char buffer[1];
+ time_t now = time(NULL);
+
+ if (isIPv6 &&
+ (now - lastReportIPv6) > BRIDGE_NF_CALL_ALERT_INTERVAL ) {
+ pathname = PROC_BRIDGE_NF_CALL_IP6TABLES;
+ } else if (now - lastReport > BRIDGE_NF_CALL_ALERT_INTERVAL) {
+ pathname = PROC_BRIDGE_NF_CALL_IPTABLES;
+ }
+
+ if (pathname) {
+ int fd = open(pathname, O_RDONLY);
+ if (fd >= 0) {
+ if (read(fd, buffer, 1) == 1) {
+ if (buffer[0] == '0') {
+ char msg[256];
+ snprintf(msg, sizeof(msg),
+ _("To enable ip%stables filtering for the
VM do "
+ "'echo 1 > %s'\n"),
+ isIPv6 ? "6" : "",
+ pathname);
+ VIR_WARN0(msg);
+ if (isIPv6)
+ lastReportIPv6 = now;
+ else
+ lastReport = now;
+ }
+ }
+ close(fd);
+ }
+ }
+}
+
+
static int
ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
const char *ifname,
@@ -3099,6 +3146,8 @@ ebiptablesApplyNewRules(virConnectPtr co
if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0)
goto tear_down_tmpiptchains;
+
+ iptablesCheckBridgeNFCallEnabled(false);
}
if (haveIp6tables) {
@@ -3129,6 +3178,8 @@ ebiptablesApplyNewRules(virConnectPtr co
if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0)
goto tear_down_tmpip6tchains;
+
+ iptablesCheckBridgeNFCallEnabled(true);
}
if (chains_in != 0)
14 years, 1 month
[libvirt] [PATCH] qemu: patch to support security model for filesystem type
by Harsh Prateek Bora
This patch introduces a new attribute security_model to <filesystem>
tag, which can have any of the following three values: passthrough,
mapped or none. This patch is based on Daniel's patch to support 9pfs
qemu commandline options.
Usage:
<filesystem type='mount' security_model='passthrough'>
<source dir='/export/to/guest'/>
<target dir='mount_tag'/>
</filesystem>
---
docs/schemas/domain.rng | 7 +++
src/conf/domain_conf.c | 30 +++++++++++++-
src/conf/domain_conf.h | 10 +++++
src/qemu/qemu_conf.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_conf.h | 5 ++
5 files changed, 153 insertions(+), 2 deletions(-)
diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng
index ccb8cf3..43a292d 100644
--- a/docs/schemas/domain.rng
+++ b/docs/schemas/domain.rng
@@ -761,6 +761,13 @@
</choice>
<optional>
<ref name="address"/>
+ <attribute name="security_model">
+ <choice>
+ <value>passthrough</value>
+ <value>mapped</value>
+ <value>none</value>
+ </choice>
+ </attribute>
</optional>
</element>
</define>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index e05d5d7..a9881d1 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -161,6 +161,12 @@ VIR_ENUM_IMPL(virDomainFS, VIR_DOMAIN_FS_TYPE_LAST,
"file",
"template")
+VIR_ENUM_IMPL(virDomainFSSecurityModel, VIR_DOMAIN_FS_SECURITY_LAST,
+ "passthrough",
+ "mapped",
+ "none")
+
+
VIR_ENUM_IMPL(virDomainNet, VIR_DOMAIN_NET_TYPE_LAST,
"user",
"ethernet",
@@ -1847,6 +1853,7 @@ virDomainFSDefParseXML(xmlNodePtr node,
char *type = NULL;
char *source = NULL;
char *target = NULL;
+ char *security_model;
if (VIR_ALLOC(def) < 0) {
virReportOOMError();
@@ -1864,6 +1871,17 @@ virDomainFSDefParseXML(xmlNodePtr node,
def->type = VIR_DOMAIN_FS_TYPE_MOUNT;
}
+ security_model = virXMLPropString(node, "security_model");
+ if (security_model) {
+ if ((def->security_model = virDomainFSSecurityModelTypeFromString(security_model)) < 0) {
+ virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unknown security model '%s'"), security_model);
+ goto error;
+ }
+ } else {
+ def->security_model = VIR_DOMAIN_FS_SECURITY_PASSTHROUGH;
+ }
+
cur = node->children;
while (cur != NULL) {
if (cur->type == XML_ELEMENT_NODE) {
@@ -5602,6 +5620,7 @@ virDomainFSDefFormat(virBufferPtr buf,
int flags)
{
const char *type = virDomainFSTypeToString(def->type);
+ const char *sec_model = virDomainFSSecurityModelTypeToString(def->security_model);
if (!type) {
virDomainReportError(VIR_ERR_INTERNAL_ERROR,
@@ -5609,9 +5628,16 @@ virDomainFSDefFormat(virBufferPtr buf,
return -1;
}
+ if (!sec_model) {
+ virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unexpected security model %d"), def->security_model);
+ return -1;
+ }
+
+
virBufferVSprintf(buf,
- " <filesystem type='%s'>\n",
- type);
+ " <filesystem type='%s' security_model='%s'>\n",
+ type, sec_model);
if (def->src) {
switch (def->type) {
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 7195c04..6adf027 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -236,10 +236,20 @@ enum virDomainFSType {
VIR_DOMAIN_FS_TYPE_LAST
};
+/* Filesystem mount security model */
+enum virDomainFSSecurityModel {
+ VIR_DOMAIN_FS_SECURITY_PASSTHROUGH,
+ VIR_DOMAIN_FS_SECURITY_MAPPED,
+ VIR_DOMAIN_FS_SECURITY_NONE,
+
+ VIR_DOMAIN_FS_SECURITY_LAST
+};
+
typedef struct _virDomainFSDef virDomainFSDef;
typedef virDomainFSDef *virDomainFSDefPtr;
struct _virDomainFSDef {
int type;
+ int security_model;
char *src;
char *dst;
unsigned int readonly : 1;
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 7a37c70..a637dee 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1212,6 +1212,8 @@ static unsigned long long qemudComputeCmdFlags(const char *help,
flags |= QEMUD_CMD_FLAG_TDF;
if (strstr(help, ",menu=on"))
flags |= QEMUD_CMD_FLAG_BOOT_MENU;
+ if (strstr(help, "-fsdev"))
+ flags |= QEMUD_CMD_FLAG_FSDEV;
/* Keep disabled till we're actually ready to turn on netdev mode
* The plan is todo it in 0.13.0 QEMU, but lets wait & see... */
@@ -2008,6 +2010,11 @@ qemuAssignDeviceAliases(virDomainDefPtr def, unsigned long long qemuCmdFlags)
if (!(qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE))
return 0;
+ for (i=0; i < def->nfss ; i++) {
+ if (virAsprintf(&def->fss[i]->info.alias, "fs%d", i) < 0)
+ goto no_memory;
+ }
+
for (i = 0; i < def->nsounds ; i++) {
if (virAsprintf(&def->sounds[i]->info.alias, "sound%d", i) < 0)
goto no_memory;
@@ -2371,6 +2378,15 @@ qemuAssignDevicePCISlots(virDomainDefPtr def, qemuDomainPCIAddressSetPtr addrs)
goto error;
}
}
+ for (i = 0; i < def->nfss ; i++) {
+ if (def->fss[i]->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE)
+ continue;
+
+ /* Only support VirtIO-9p-pci so far. If that changes,
+ * we might need to skip devices here */
+ if (qemuDomainPCIAddressSetNextAddr(addrs, &def->fss[i]->info) < 0)
+ goto error;
+ }
/* Network interfaces */
for (i = 0; i < def->nnets ; i++) {
@@ -2761,6 +2777,70 @@ error:
}
+char *qemuBuildFSStr(virDomainFSDefPtr fs,
+ unsigned long long qemuCmdFlags ATTRIBUTE_UNUSED)
+{
+ virBuffer opt = VIR_BUFFER_INITIALIZER;
+
+ if (fs->type != VIR_DOMAIN_FS_TYPE_MOUNT) {
+ qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("only supports mount filesystem type"));
+ goto error;
+ }
+
+ virBufferAddLit(&opt, "local");
+ if (fs->security_model == VIR_DOMAIN_FS_SECURITY_PASSTHROUGH)
+ virBufferAddLit(&opt, ",security_model=passthrough");
+ else if (fs->security_model == VIR_DOMAIN_FS_SECURITY_MAPPED)
+ virBufferAddLit(&opt, ",security_model=mapped");
+ else if (fs->security_model == VIR_DOMAIN_FS_SECURITY_NONE)
+ virBufferAddLit(&opt, ",security_model=none");
+ virBufferVSprintf(&opt, ",id=%s%s", QEMU_FSDEV_HOST_PREFIX, fs->info.alias);
+ virBufferVSprintf(&opt, ",path=%s", fs->src);
+
+ if (virBufferError(&opt)) {
+ virReportOOMError();
+ goto error;
+ }
+
+ return virBufferContentAndReset(&opt);
+
+error:
+ virBufferFreeAndReset(&opt);
+ return NULL;
+}
+
+
+char *
+qemuBuildFSDevStr(virDomainFSDefPtr fs)
+{
+ virBuffer opt = VIR_BUFFER_INITIALIZER;
+
+ if (fs->type != VIR_DOMAIN_FS_TYPE_MOUNT) {
+ qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("can only passthrough directories"));
+ goto error;
+ }
+
+ virBufferAddLit(&opt, "virtio-9p-pci");
+ virBufferVSprintf(&opt, ",id=%s", fs->info.alias);
+ virBufferVSprintf(&opt, ",fsdev=%s%s", QEMU_FSDEV_HOST_PREFIX, fs->info.alias);
+ virBufferVSprintf(&opt, ",mount_tag=%s", fs->dst);
+ qemuBuildDeviceAddressStr(&opt, &fs->info);
+
+ if (virBufferError(&opt)) {
+ virReportOOMError();
+ goto error;
+ }
+
+ return virBufferContentAndReset(&opt);
+
+error:
+ virBufferFreeAndReset(&opt);
+ return NULL;
+}
+
+
char *
qemuBuildControllerDevStr(virDomainControllerDefPtr def)
{
@@ -4377,6 +4457,29 @@ int qemudBuildCommandLine(virConnectPtr conn,
}
}
+ if (qemuCmdFlags & QEMUD_CMD_FLAG_FSDEV) {
+ for (i = 0 ; i < def->nfss ; i++) {
+ char *optstr;
+ virDomainFSDefPtr fs = def->fss[i];
+
+ ADD_ARG_LIT("-fsdev");
+ if (!(optstr = qemuBuildFSStr(fs, qemuCmdFlags)))
+ goto error;
+ ADD_ARG(optstr);
+
+ ADD_ARG_LIT("-device");
+ if (!(optstr = qemuBuildFSDevStr(fs)))
+ goto error;
+ ADD_ARG(optstr);
+ }
+ } else {
+ if (def->nfss) {
+ qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("filesystem passthrough not supported by this QEMU"));
+ goto error;
+ }
+ }
+
if (!def->nnets) {
/* If we have -device, then we set -nodefault already */
if (!(qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)) {
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 2c9e608..7005466 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -93,6 +93,7 @@ enum qemud_cmd_flags {
QEMUD_CMD_FLAG_NODEFCONFIG = (1LL << 37), /* -nodefconfig */
QEMUD_CMD_FLAG_BOOT_MENU = (1LL << 38), /* -boot menu=on support */
QEMUD_CMD_FLAG_ENABLE_KQEMU = (1LL << 39), /* -enable-kqemu flag */
+ QEMUD_CMD_FLAG_FSDEV = (1LL << 40) /* -fstype filesystem passthrough */
};
/* Main driver state */
@@ -188,6 +189,7 @@ struct _qemuDomainCmdlineDef {
# define QEMU_DRIVE_HOST_PREFIX "drive-"
# define QEMU_VIRTIO_SERIAL_PREFIX "virtio-serial"
+# define QEMU_FSDEV_HOST_PREFIX "fsdev-"
# define qemuReportError(code, ...) \
virReportErrorHelper(NULL, VIR_FROM_QEMU, code, __FILE__, \
@@ -248,9 +250,12 @@ char *qemuDeviceDriveHostAlias(virDomainDiskDefPtr disk,
char *qemuBuildDriveStr(virDomainDiskDefPtr disk,
int bootable,
unsigned long long qemuCmdFlags);
+char *qemuBuildFSStr(virDomainFSDefPtr fs,
+ unsigned long long qemuCmdFlags);
/* Current, best practice */
char * qemuBuildDriveDevStr(virDomainDiskDefPtr disk);
+char * qemuBuildFSDevStr(virDomainFSDefPtr fs);
/* Current, best practice */
char * qemuBuildControllerDevStr(virDomainControllerDefPtr def);
--
1.7.1.1
14 years, 1 month
[libvirt] Error starting VM as a root user, but works fine as a normal (non-root) user
by Harsh Bora
[harsh@harshbora libvirt]$ sudo virsh create ~/testVMs/my_vm.xml
error: Failed to create domain from /home/harsh/testVMs/my_vm.xml
error: internal error cannot parse
/home/harsh/local/qemu/bin/qemu-system-x86_64 version number in ''
[harsh@harshbora libvirt]$ virsh create ~/testVMs/my_vm.xml
Domain my_vm created from /home/harsh/testVMs/my_vm.xml
Anyone, help?
14 years, 1 month
[libvirt] [PATCH] esx: Allow '-' in VMX entry names
by Matthias Bolte
Add a test for this.
Reported by Frank Dirks.
---
src/util/conf.c | 2 +-
src/util/conf.h | 4 +-
tests/vmx2xmldata/vmx2xml-esx-in-the-wild-5.vmx | 97 +++++++++++++++++++++++
tests/vmx2xmldata/vmx2xml-esx-in-the-wild-5.xml | 34 ++++++++
tests/vmx2xmltest.c | 1 +
5 files changed, 135 insertions(+), 3 deletions(-)
create mode 100644 tests/vmx2xmldata/vmx2xml-esx-in-the-wild-5.vmx
create mode 100644 tests/vmx2xmldata/vmx2xml-esx-in-the-wild-5.xml
diff --git a/src/util/conf.c b/src/util/conf.c
index 8682f7b..0aef2c2 100644
--- a/src/util/conf.c
+++ b/src/util/conf.c
@@ -561,7 +561,7 @@ virConfParseName(virConfParserCtxtPtr ctxt)
while ((ctxt->cur < ctxt->end) &&
(c_isalnum(CUR) || (CUR == '_') ||
((ctxt->conf->flags & VIR_CONF_FLAG_VMX_FORMAT) &&
- ((CUR == ':') || (CUR == '.')))))
+ ((CUR == ':') || (CUR == '.') || (CUR == '-')))))
NEXT;
ret = strndup(base, ctxt->cur - base);
if (ret == NULL) {
diff --git a/src/util/conf.h b/src/util/conf.h
index 8282bd4..e7d470d 100644
--- a/src/util/conf.h
+++ b/src/util/conf.h
@@ -25,8 +25,8 @@ typedef enum {
} virConfType;
typedef enum {
- VIR_CONF_FLAG_VMX_FORMAT = 1, /* allow : and . in names for compatibility with
- VMware VMX configuration file, but restrict
+ VIR_CONF_FLAG_VMX_FORMAT = 1, /* allow ':', '.' and '-' in names for compatibility
+ with VMware VMX configuration file, but restrict
allowed value types to string only */
} virConfFlags;
diff --git a/tests/vmx2xmldata/vmx2xml-esx-in-the-wild-5.vmx b/tests/vmx2xmldata/vmx2xml-esx-in-the-wild-5.vmx
new file mode 100644
index 0000000..6b11cc2
--- /dev/null
+++ b/tests/vmx2xmldata/vmx2xml-esx-in-the-wild-5.vmx
@@ -0,0 +1,97 @@
+.encoding = "UTF-8"
+config.version = "8"
+virtualHW.version = "7"
+pciBridge0.present = "true"
+pciBridge4.present = "true"
+pciBridge4.virtualDev = "pcieRootPort"
+pciBridge4.functions = "8"
+pciBridge5.present = "true"
+pciBridge5.virtualDev = "pcieRootPort"
+pciBridge5.functions = "8"
+pciBridge6.present = "true"
+pciBridge6.virtualDev = "pcieRootPort"
+pciBridge6.functions = "8"
+pciBridge7.present = "true"
+pciBridge7.virtualDev = "pcieRootPort"
+pciBridge7.functions = "8"
+vmci0.present = "true"
+nvram = "vmtest.nvram"
+virtualHW.productCompatibility = "hosted"
+powerType.powerOff = "soft"
+powerType.powerOn = "hard"
+powerType.suspend = "hard"
+powerType.reset = "soft"
+displayName = "vmtest.local"
+extendedConfigFile = "vmtest.vmxf"
+numvcpus = "2"
+scsi0.present = "true"
+scsi0.sharedBus = "none"
+scsi0.virtualDev = "lsilogic"
+memsize = "2048"
+scsi0:0.present = "true"
+scsi0:0.fileName = "vmtest-000001.vmdk"
+scsi0:0.deviceType = "scsi-hardDisk"
+sched.scsi0:0.shares = "normal"
+ide0:0.present = "true"
+ide0:0.fileName = "/vmfs/volumes/4af0231d-1eff559a-6369-0024e84773b6/isos/CentOS-5.5-x86_64-bin-DVD-1of2.iso"
+ide0:0.deviceType = "cdrom-image"
+ide1:0.present = "true"
+ide1:0.clientDevice = "true"
+ide1:0.deviceType = "atapi-cdrom"
+ide1:0.startConnected = "false"
+ethernet0.present = "true"
+ethernet0.virtualDev = "e1000"
+ethernet0.networkName = "VM-LAN"
+ethernet0.addressType = "vpx"
+ethernet0.generatedAddress = "00:50:56:be:00:15"
+guestOS = "centos-64"
+uuid.bios = "42 3e 94 a9 a1 c7 b3 1d-71 61 76 c7 58 6c 83 0e"
+vc.uuid = "50 3e 06 db f8 d5 45 8e-a2 fb f9 82 02 53 a7 be"
+log.fileName = "vmware.log"
+snapshot.action = "keep"
+sched.cpu.min = "0"
+sched.cpu.units = "mhz"
+sched.cpu.shares = "normal"
+sched.mem.minsize = "0"
+sched.mem.shares = "normal"
+tools.upgrade.policy = "manual"
+cpuid.80000001.eax = "--------------------------------"
+cpuid.80000001.eax.amd = "--------------------------------"
+cpuid.80000001.ebx = "--------------------------------"
+cpuid.80000001.ebx.amd = "--------------------------------"
+cpuid.80000001.ecx = "--------------------------------"
+cpuid.80000001.ecx.amd = "--------------------------------"
+cpuid.80000001.edx = "-----------H--------------------"
+cpuid.80000001.edx.amd = "-----------H--------------------"
+replay.supported = "FALSE"
+replay.filename = ""
+scsi0:0.redo = ""
+pciBridge0.pciSlotNumber = "17"
+pciBridge4.pciSlotNumber = "21"
+pciBridge5.pciSlotNumber = "22"
+pciBridge6.pciSlotNumber = "23"
+pciBridge7.pciSlotNumber = "24"
+scsi0.pciSlotNumber = "16"
+ethernet0.pciSlotNumber = "33"
+vmci0.pciSlotNumber = "32"
+scsi0.sasWWID = "50 05 05 6b 91 ac 28 90"
+vmotion.checkpointFBSize = "4194304"
+hostCPUID.0 = "0000000568747541444d416369746e65"
+hostCPUID.1 = "00100f420004080000802009178bfbff"
+hostCPUID.80000001 = "00100f42000004ef000037ffefd3fbff"
+guestCPUID.0 = "0000000568747541444d416369746e65"
+guestCPUID.1 = "00100f420000080080802001078bfbff"
+guestCPUID.80000001 = "00100f42000004ef000001e9ebd3fbff"
+userCPUID.0 = "0000000568747541444d416369746e65"
+userCPUID.1 = "00100f420004080080802001078bfbff"
+userCPUID.80000001 = "00100f42000004ef000001e9ebd3fbff"
+evcCompatibilityMode = "FALSE"
+sched.scsi0:0.throughputCap = "off"
+guest.commands.sharedSecretLogin.hostd-quiescedsnap = "9ARGZmWQPtsUVrAVi/XviNUSQUF0td426itHw2cqHwg="
+floppy0.present = "FALSE"
+vmci0.id = "1483506446"
+tools.syncTime = "FALSE"
+annotation = "Centos 5.5 64bit Server"
+uuid.location = "56 4d 58 2e 12 3c 07 e4-0b 84 af d9 ea 5d 83 0a"
+cleanShutdown = "FALSE"
+sched.swap.derivedName = "/vmfs/volumes/4bd1a428-b723f5bb-d406-0024e84773db/vmtest/vmtest-56acee0d.vswp"
diff --git a/tests/vmx2xmldata/vmx2xml-esx-in-the-wild-5.xml b/tests/vmx2xmldata/vmx2xml-esx-in-the-wild-5.xml
new file mode 100644
index 0000000..c324673
--- /dev/null
+++ b/tests/vmx2xmldata/vmx2xml-esx-in-the-wild-5.xml
@@ -0,0 +1,34 @@
+<domain type='vmware'>
+ <name>vmtest.local</name>
+ <uuid>423e94a9-a1c7-b31d-7161-76c7586c830e</uuid>
+ <description>Centos 5.5 64bit Server</description>
+ <memory>2097152</memory>
+ <currentMemory>2097152</currentMemory>
+ <vcpu>2</vcpu>
+ <os>
+ <type arch='x86_64'>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <disk type='file' device='disk'>
+ <source file='[datastore] directory/vmtest-000001.vmdk'/>
+ <target dev='sda' bus='scsi'/>
+ <address type='drive' controller='0' bus='0' unit='0'/>
+ </disk>
+ <disk type='file' device='cdrom'>
+ <source file='[4af0231d-1eff559a-6369-0024e84773b6] isos/CentOS-5.5-x86_64-bin-DVD-1of2.iso'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' unit='0'/>
+ </disk>
+ <controller type='scsi' index='0' model='lsilogic'/>
+ <controller type='ide' index='0'/>
+ <interface type='bridge'>
+ <mac address='00:50:56:be:00:15'/>
+ <source bridge='VM-LAN'/>
+ <model type='e1000'/>
+ </interface>
+ </devices>
+</domain>
diff --git a/tests/vmx2xmltest.c b/tests/vmx2xmltest.c
index 67296d6..c71f536 100644
--- a/tests/vmx2xmltest.c
+++ b/tests/vmx2xmltest.c
@@ -274,6 +274,7 @@ mymain(int argc, char **argv)
DO_TEST("esx-in-the-wild-2", "esx-in-the-wild-2", esxVI_ProductVersion_ESX35);
DO_TEST("esx-in-the-wild-3", "esx-in-the-wild-3", esxVI_ProductVersion_ESX35);
DO_TEST("esx-in-the-wild-4", "esx-in-the-wild-4", esxVI_ProductVersion_ESX35);
+ DO_TEST("esx-in-the-wild-5", "esx-in-the-wild-5", esxVI_ProductVersion_ESX40);
DO_TEST("gsx-in-the-wild-1", "gsx-in-the-wild-1", esxVI_ProductVersion_ESX35);
DO_TEST("gsx-in-the-wild-2", "gsx-in-the-wild-2", esxVI_ProductVersion_ESX35);
--
1.7.0.4
14 years, 1 month