May 2012 - Devel - libvirt List Archives

[libvirt] lxc: Create /dev/tty automatically ?
by Sukadev Bhattiprolu 16 May '12

16 May '12

Hi, (I posted this on libvirt-users but its more a development question) src/lxc/lxc_container.c:lxcContainerPopulateDevices() has this table of devices that are automatically created when an lxc container is started. const struct { int maj; int min; mode_t mode; const char *path; } devs[] = { { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL, 0666, "/dev/null" }, { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO, 0666, "/dev/zero" }, { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL, 0666, "/dev/full" }, { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM, 0666, "/dev/random" }, { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM, 0666, "/dev/urandom" }, }; Can we add '/dev/tty' to this list ? We were trying to run 'smbpasswd -a user' inside a container without /dev/tty and the fopen("/dev/tty", "w+") in smbpasswd made /dev/tty a regular file, breaking man(1), less(1), and ofcourse smbpasswd :-) Sure we can add /dev/tty to container's rc.local or something, but wouldn't it be in the same category as say, /dev/null or /dev/zero ? Sukadev

1 0

[libvirt] [PATCH 0/2] Avoid touching monitor when fetching guest XML or info
by Daniel P. Berrange 16 May '12

16 May '12

The virDomainGetXMLDesc and virDomainGetInfo APIs for QEMU suffer from needing to run 'query-balloon' to update the balloon level. This has caused us performance problems and even worse caused us to lock up on a dead QEMU. The following two patches to QEMU add a BALLOON_EVENT and a query-events command to QMP. With those two parts, we can avoiding running the query-balloon command at all. https://lists.gnu.org/archive/html/qemu-devel/2012-05/msg02215.html https://lists.gnu.org/archive/html/qemu-devel/2012-05/msg02255.html

2 5

[libvirt] libvirt chowning my kernel/initrd files
by Seth Jennings 16 May '12

16 May '12

libvirt dev team, I'm running libvirtd 0.9.8 and I notice than when I provide a kernel path for my VM, libvirt chowns the kernel file I provide to root:root. I see this was done in 0.7.1 http://libvirt.org/git/?p=libvirt.git;a=commit;h=c42b39784534930791d1feb3de… Why was this done? It seems to me that the kernel and initrd file would be completely read-only from the qemu perspective, and qemu would only need read access to the files. For unprivileged users without sudo access, this chowning results in kernel files that can not be removed or modified. Thanks, Seth

2 1

[libvirt] [PATCH libvirt 1/2] domain: add <forward> element for user mode networking
by Marc-André Lureau 16 May '12

16 May '12

Add element <forward> to add TCP or UDP port redirection from host to guest in user mode networking. --- docs/formatdomain.html.in | 21 ++++ docs/schemas/domaincommon.rng | 29 +++++ src/conf/domain_conf.c | 140 ++++++++++++++++++++++ src/conf/domain_conf.h | 23 ++++ tests/qemuargv2xmltest.c | 3 +- tests/qemuxml2argvdata/qemuxml2argv-net-user.xml | 2 + 6 files changed, 217 insertions(+), 1 deletion(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index d6e90f1..9c9bbf5 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2268,6 +2268,27 @@ VMs to have outgoing access. </p> + <p> + Port redirections from host to guest can be added by + providing <code>forward</code> elements that takes the + following attributes: + </p> + + <dl> + <dt><code>type</code></dt> + <dd>Either <code>tcp</code> (default) or <code>udp</code>.</dd> + + <dt><code>host_port</code></dt> + <dd>Host port to redirect.</dd> + + <dt><code>guest_port</code></dt> + <dd>Guest port to redirect to.</dd> + + <dt><code>host</code></dt> + <dd>IPv4 address to bound the redirection to a specific host + interface.</dd> + </dl> + <pre> ... <devices> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 34f63c3..740f5af 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1408,6 +1408,35 @@ <value>user</value> </attribute> <interleave> + <zeroOrMore> + <element name="forward"> + <attribute name="host_port"> + <ref name="PortNumber"/> + </attribute> + <attribute name="guest_port"> + <ref name="PortNumber"/> + </attribute> + <optional> + <attribute name="type"> + <choice> + <value>tcp</value> + <value>udp</value> + </choice> + </attribute> + </optional> + <optional> + <attribute name="host"> + <ref name="ipv4Addr"/> + </attribute> + </optional> + <optional> + <attribute name="guest"> + <ref name="ipv4Addr"/> + </attribute> + </optional> + <empty/> + </element> + </zeroOrMore> <ref name="interface-options"/> </interleave> </group> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 51d6cb9..4b9b644 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -650,6 +650,10 @@ VIR_ENUM_IMPL(virDomainNumatuneMemPlacementMode, "static", "auto"); +VIR_ENUM_IMPL(virDomainNetForward, VIR_DOMAIN_NET_FORWARD_TYPE_LAST, + "tcp", + "udp") + #define virDomainReportError(code, ...) \ virReportErrorHelper(VIR_FROM_DOMAIN, code, __FILE__, \ __FUNCTION__, __LINE__, __VA_ARGS__) @@ -1019,8 +1023,22 @@ virDomainActualNetDefFree(virDomainActualNetDefPtr def) VIR_FREE(def); } +void +virDomainNetForwardDefFree(virDomainNetForwardDefPtr def) +{ + if (!def) + return; + + VIR_FREE(def->host_addr); + VIR_FREE(def->guest_addr); + + VIR_FREE(def); +} + void virDomainNetDefFree(virDomainNetDefPtr def) { + int i; + if (!def) return; @@ -1066,6 +1084,11 @@ void virDomainNetDefFree(virDomainNetDefPtr def) break; case VIR_DOMAIN_NET_TYPE_USER: + for (i = 0; i < def->data.user.nforward; i++) + virDomainNetForwardDefFree(def->data.user.forwards[i]); + VIR_FREE(def->data.user.forwards); + break; + case VIR_DOMAIN_NET_TYPE_LAST: break; } @@ -4351,6 +4374,60 @@ error: return ret; } +static virDomainNetForwardDefPtr +virDomainNetForwardDefParseXML(const xmlNodePtr node) +{ + char *type = NULL; + char *host_port = NULL; + char *guest_port = NULL; + virDomainNetForwardDefPtr def; + + if (VIR_ALLOC(def) < 0) { + virReportOOMError(); + return NULL; + } + + type = virXMLPropString(node, "type"); + if (type == NULL) { + def->type = VIR_DOMAIN_NET_FORWARD_TYPE_TCP; + } else if ((def->type = virDomainNetForwardTypeFromString(type)) < 0) { + virDomainReportError(VIR_ERR_INTERNAL_ERROR, + _("unknown forward type '%s'"), type); + goto error; + } + + host_port = virXMLPropString(node, "host_port"); + if (!host_port || + virStrToLong_i(host_port, NULL, 10, &def->host_port) < 0) { + virDomainReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Cannot parse <forward> 'host_port' attribute")); + goto error; + } + + guest_port = virXMLPropString(node, "guest_port"); + if (!guest_port || + virStrToLong_i(guest_port, NULL, 10, &def->guest_port) < 0) { + virDomainReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Cannot parse <forward> 'guest_port' attribute")); + goto error; + } + + def->host_addr = virXMLPropString(node, "host"); + def->guest_addr = virXMLPropString(node, "guest"); + +cleanup: + VIR_FREE(type); + VIR_FREE(host_port); + VIR_FREE(guest_port); + + return def; + +error: + virDomainNetForwardDefFree(def); + def = NULL; + goto cleanup; +} + #define NET_MODEL_CHARS \ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ091234567890_-" @@ -4394,6 +4471,8 @@ virDomainNetDefParseXML(virCapsPtr caps, virDomainActualNetDefPtr actual = NULL; xmlNodePtr oldnode = ctxt->node; int ret; + int nforwards; + xmlNodePtr *forwardNodes = NULL; if (VIR_ALLOC(def) < 0) { virReportOOMError(); @@ -4683,6 +4762,28 @@ virDomainNetDefParseXML(virCapsPtr caps, break; case VIR_DOMAIN_NET_TYPE_USER: + /* parse the <forward> elements */ + nforwards = virXPathNodeSet("./forward", ctxt, &forwardNodes); + if (nforwards < 0) + goto error; + + if (nforwards > 0) { + int i; + if (VIR_ALLOC_N(def->data.user.forwards, nforwards) < 0) { + virReportOOMError(); + goto error; + } + for (i = 0; i < nforwards; i++) { + virDomainNetForwardDefPtr fwd = + virDomainNetForwardDefParseXML(forwardNodes[i]); + if (fwd == NULL) + goto error; + def->data.user.forwards[def->data.user.nforward++] = fwd; + } + VIR_FREE(forwardNodes); + } + break; + case VIR_DOMAIN_NET_TYPE_LAST: break; } @@ -11413,11 +11514,42 @@ error: } static int +virDomainNetForwardDefFormat(virBufferPtr buf, + virDomainNetForwardDefPtr def) +{ + const char *type; + if (!def) + return 0; + + type = virDomainNetForwardTypeToString(def->type); + if (!type) { + virDomainReportError(VIR_ERR_INTERNAL_ERROR, + _("unexpected net type %d"), def->type); + return -1; + } + virBufferAsprintf(buf, "<forward type='%s'", type); + + if (def->host_addr) + virBufferAsprintf(buf, " host='%s'", def->host_addr); + + virBufferAsprintf(buf, " host_port='%d'", def->host_port); + + if (def->guest_addr) + virBufferAsprintf(buf, " guest='%s'", def->guest_addr); + + virBufferAsprintf(buf, " guest_port='%d'", def->guest_port); + + virBufferAddLit(buf, "/>\n"); + return 0; +} + +static int virDomainNetDefFormat(virBufferPtr buf, virDomainNetDefPtr def, unsigned int flags) { const char *type = virDomainNetTypeToString(def->type); + int i; if (!type) { virDomainReportError(VIR_ERR_INTERNAL_ERROR, @@ -11517,6 +11649,14 @@ virDomainNetDefFormat(virBufferPtr buf, break; case VIR_DOMAIN_NET_TYPE_USER: + virBufferAdjustIndent(buf, 6); + for (i = 0; i < def->data.user.nforward; i++) { + if (virDomainNetForwardDefFormat(buf, def->data.user.forwards[i]) < 0) + return -1; + } + virBufferAdjustIndent(buf, -6); + break; + case VIR_DOMAIN_NET_TYPE_LAST: break; } diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 70129fe..7fde05e 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -768,6 +768,23 @@ struct _virDomainActualNetDef { virNetDevBandwidthPtr bandwidth; }; +enum virDomainNetForwardType { + VIR_DOMAIN_NET_FORWARD_TYPE_TCP, + VIR_DOMAIN_NET_FORWARD_TYPE_UDP, + + VIR_DOMAIN_NET_FORWARD_TYPE_LAST, +}; + +typedef struct _virDomainNetForwardDef virDomainNetForwardDef; +typedef virDomainNetForwardDef *virDomainNetForwardDefPtr; +struct _virDomainNetForwardDef { + int type; /* enum virDomainNetForwardType */ + char *host_addr; + int host_port; + char *guest_addr; + int guest_port; +}; + /* Stores the virtual network interface configuration */ struct _virDomainNetDef { enum virDomainNetType type; @@ -821,6 +838,10 @@ struct _virDomainNetDef { virDomainHostdevDef def; virNetDevVPortProfilePtr virtPortProfile; } hostdev; + struct { + int nforward; + virDomainNetForwardDefPtr *forwards; + } user; } data; struct { bool sndbuf_specified; @@ -1856,6 +1877,7 @@ int virDomainDiskFindControllerModel(virDomainDefPtr def, void virDomainControllerDefFree(virDomainControllerDefPtr def); void virDomainFSDefFree(virDomainFSDefPtr def); void virDomainActualNetDefFree(virDomainActualNetDefPtr def); +void virDomainNetForwardDefFree(virDomainNetForwardDefPtr def); void virDomainNetDefFree(virDomainNetDefPtr def); void virDomainSmartcardDefFree(virDomainSmartcardDefPtr def); void virDomainChrDefFree(virDomainChrDefPtr def); @@ -2170,6 +2192,7 @@ VIR_ENUM_DECL(virDomainFSAccessMode) VIR_ENUM_DECL(virDomainFSWrpolicy) VIR_ENUM_DECL(virDomainNet) VIR_ENUM_DECL(virDomainNetBackend) +VIR_ENUM_DECL(virDomainNetForward) VIR_ENUM_DECL(virDomainNetVirtioTxMode) VIR_ENUM_DECL(virDomainNetInterfaceLinkState) VIR_ENUM_DECL(virDomainChrDevice) diff --git a/tests/qemuargv2xmltest.c b/tests/qemuargv2xmltest.c index 439218e..cf2862b 100644 --- a/tests/qemuargv2xmltest.c +++ b/tests/qemuargv2xmltest.c @@ -207,7 +207,8 @@ mymain(void) DO_TEST("misc-acpi"); DO_TEST("misc-no-reboot"); DO_TEST("misc-uuid"); - DO_TEST("net-user"); + /* Fixed in following commit */ + /* DO_TEST("net-user"); */ DO_TEST("net-virtio"); DO_TEST("net-eth"); DO_TEST("net-eth-ifname"); diff --git a/tests/qemuxml2argvdata/qemuxml2argv-net-user.xml b/tests/qemuxml2argvdata/qemuxml2argv-net-user.xml index 37e5edf..ecefdeb 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-net-user.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-net-user.xml @@ -23,6 +23,8 @@ <controller type='ide' index='0'/> <interface type='user'> <mac address='00:11:22:33:44:55'/> + <forward type='tcp' host_port='2222' guest_port='22'/> + <forward type='udp' host='127.0.0.1' host_port='2242' guest='10.0.2.15' guest_port='42'/> </interface> <memballoon model='virtio'/> </devices> -- 1.7.10.1

4 13

[libvirt] [PATCH] nodeinfo: test more details
by Eric Blake 16 May '12

16 May '12

Make it obvious why we need Osier's patch to fix NUMA parsing of an AMD machine with two cores sharing a socket id. * tests/nodeinfotest.c (linuxTestCompareFiles): Enhance the test. * tests/nodeinfodata/linux-nodeinfo-sysfs-test-*-output.txt: Update. --- As promised here: https://www.redhat.com/archives/libvir-list/2012-May/msg00759.html (Hmm, I still need to add results from a machine with an offline cpu) I can push this either before or after Osier's patch here: https://www.redhat.com/archives/libvir-list/2012-May/msg00736.html whoever pushes second needs a minor rebase; should be obvious what the changes will be, since 48 online out of 24 max is clearly wrong... .../linux-nodeinfo-sysfs-test-1-cpu-ppc-output.txt | 2 +- .../linux-nodeinfo-sysfs-test-1-cpu-x86-output.txt | 2 +- .../linux-nodeinfo-sysfs-test-2-cpu-x86-output.txt | 2 +- .../linux-nodeinfo-sysfs-test-3-cpu-x86-output.txt | 2 +- tests/nodeinfotest.c | 9 ++++++--- 5 files changed, 10 insertions(+), 7 deletions(-) diff --git a/tests/nodeinfodata/linux-nodeinfo-sysfs-test-1-cpu-ppc-output.txt b/tests/nodeinfodata/linux-nodeinfo-sysfs-test-1-cpu-ppc-output.txt index 433a81f..80df832 100644 --- a/tests/nodeinfodata/linux-nodeinfo-sysfs-test-1-cpu-ppc-output.txt +++ b/tests/nodeinfodata/linux-nodeinfo-sysfs-test-1-cpu-ppc-output.txt @@ -1 +1 @@ -CPUs: 2, MHz: 8, Nodes: 1, Cores: 2 +CPUs: 2/2, MHz: 8, Nodes: 1, Sockets: 1, Cores: 2, Threads: 1 diff --git a/tests/nodeinfodata/linux-nodeinfo-sysfs-test-1-cpu-x86-output.txt b/tests/nodeinfodata/linux-nodeinfo-sysfs-test-1-cpu-x86-output.txt index 09e2946..4c86824 100644 --- a/tests/nodeinfodata/linux-nodeinfo-sysfs-test-1-cpu-x86-output.txt +++ b/tests/nodeinfodata/linux-nodeinfo-sysfs-test-1-cpu-x86-output.txt @@ -1 +1 @@ -CPUs: 2, MHz: 2800, Nodes: 1, Cores: 2 +CPUs: 2/2, MHz: 2800, Nodes: 1, Sockets: 1, Cores: 2, Threads: 1 diff --git a/tests/nodeinfodata/linux-nodeinfo-sysfs-test-2-cpu-x86-output.txt b/tests/nodeinfodata/linux-nodeinfo-sysfs-test-2-cpu-x86-output.txt index 73300a4..33bfbf3 100644 --- a/tests/nodeinfodata/linux-nodeinfo-sysfs-test-2-cpu-x86-output.txt +++ b/tests/nodeinfodata/linux-nodeinfo-sysfs-test-2-cpu-x86-output.txt @@ -1 +1 @@ -CPUs: 2, MHz: 800, Nodes: 1, Cores: 2 +CPUs: 2/2, MHz: 800, Nodes: 1, Sockets: 1, Cores: 2, Threads: 1 diff --git a/tests/nodeinfodata/linux-nodeinfo-sysfs-test-3-cpu-x86-output.txt b/tests/nodeinfodata/linux-nodeinfo-sysfs-test-3-cpu-x86-output.txt index e3c046b..ed5d6bd 100644 --- a/tests/nodeinfodata/linux-nodeinfo-sysfs-test-3-cpu-x86-output.txt +++ b/tests/nodeinfodata/linux-nodeinfo-sysfs-test-3-cpu-x86-output.txt @@ -1 +1 @@ -CPUs: 48, MHz: 2100, Nodes: 1, Cores: 6 +CPUs: 48/24, MHz: 2100, Nodes: 1, Sockets: 4, Cores: 6, Threads: 1 diff --git a/tests/nodeinfotest.c b/tests/nodeinfotest.c index 2b4c3a0..a2b89dd 100644 --- a/tests/nodeinfotest.c +++ b/tests/nodeinfotest.c @@ -60,9 +60,12 @@ linuxTestCompareFiles(const char *cpuinfofile, } VIR_FORCE_FCLOSE(cpuinfo); - if (virAsprintf(&actualData, "CPUs: %u, MHz: %u, Nodes: %u, Cores: %u\n", - nodeinfo.cpus, nodeinfo.mhz, nodeinfo.nodes, - nodeinfo.cores) < 0) + if (virAsprintf(&actualData, + "CPUs: %u/%u, MHz: %u, Nodes: %u, Sockets: %u, " + "Cores: %u, Threads: %u\n", + nodeinfo.cpus, VIR_NODEINFO_MAXCPUS(nodeinfo), + nodeinfo.mhz, nodeinfo.nodes, nodeinfo.sockets, + nodeinfo.cores, nodeinfo.threads) < 0) goto fail; if (STRNEQ(actualData, expectData)) { -- 1.7.7.6

3 3

[libvirt] [PATCH] build: fix recent syntax-check breakage
by Eric Blake 16 May '12

16 May '12

The use of readlink() in lxc_container.c is intentional; we don't want an absolute pathname there. * src/util/cgroup.h (VIR_CGROUP_SYSFS_MOUNT): Indent properly. * cfg.mk (exclude_file_name_regexp--sc_prohibit_readlink): Add exemption. --- Pushing under the build-breaker rule. cfg.mk | 3 ++- src/util/cgroup.h | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cfg.mk b/cfg.mk index 7f81933..07fb7b2 100644 --- a/cfg.mk +++ b/cfg.mk @@ -800,7 +800,8 @@ exclude_file_name_regexp--sc_prohibit_nonreentrant = \ exclude_file_name_regexp--sc_prohibit_raw_allocation = \ ^(src/util/memory\.[ch]|examples/.*)$$ -exclude_file_name_regexp--sc_prohibit_readlink = ^src/util/util\.c$$ +exclude_file_name_regexp--sc_prohibit_readlink = \ + ^(src/(util/util|lxc/lxc_container)\.c$$ exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/util\.c$$ diff --git a/src/util/cgroup.h b/src/util/cgroup.h index 857945d..05325ae 100644 --- a/src/util/cgroup.h +++ b/src/util/cgroup.h @@ -16,7 +16,7 @@ struct virCgroup; typedef struct virCgroup *virCgroupPtr; -#define VIR_CGROUP_SYSFS_MOUNT "/sys/fs/cgroup" +# define VIR_CGROUP_SYSFS_MOUNT "/sys/fs/cgroup" enum { VIR_CGROUP_CONTROLLER_CPU, -- 1.7.7.6

1 0

[libvirt] F17's libvirt takes comments into LIBVIRTD_ARGS
by Dan Kenigsberg 16 May '12

16 May '12

On Tue, May 15, 2012 at 04:16:11PM +0800, Shu Ming wrote: > On 2012-5-14 7:30, Dan Kenigsberg wrote: > >On Sun, May 13, 2012 at 11:51:48PM +0800, Shu Ming wrote: > >>Hi, > >> Recently, I found that my host in engine was always in a > >>"unassigned state" after the host node was installed. After looking > >>into the vdsm.log, it seemed that vdsm failed to call libvirt as an > >>error, "libvirtError: Cannot write data: Broken pipe". When I > >>started virsh in the host node at that time, a warning was given > >>"WARNING: no socket to connect to" and core dumped with "virsh > >>net-list". It looks like that no right socket was created for > >>virsh to connect to libvirtd. Any comments about this problem? The > >>followings are my steps in the node: > >> > >>[root@ovirt-node1 ~]# rpm -qa |grep vdsm > >>vdsm-cli-4.9.6-0.183.git107644d.fc16.shuming1336622293.noarch > >>vdsm-python-4.9.6-0.183.git107644d.fc16.shuming1336622293.noarch > >>vdsm-hook-vhostmd-4.9.6-0.183.git107644d.fc16.shuming1336622293.noarch > >>vdsm-4.9.6-0.183.git107644d.fc16.shuming1336622293.x86_64 > >>vdsm-reg-4.9.6-0.183.git107644d.fc16.shuming1336622293.noarch > >>vdsm-debug-plugin-4.9.6-0.183.git107644d.fc16.shuming1336622293.noarch > >>vdsm-hook-faqemu-4.9.6-0.183.git107644d.fc16.shuming1336622293.noarch > >>vdsm-bootstrap-4.9.6-0.183.git107644d.fc16.shuming1336622293.noarch > >>[root@ovirt-node1 ~]# > >>[root@ovirt-node1 ~]# ps -ef |grep libvirt > >> > >>libvirt-daemon-0.9.11-1.fc17.x86_64 > >>libvirt-daemon-config-nwfilter-0.9.11-1.fc17.x86_64 > >>libvirt-client-0.9.11-1.fc17.x86_64 > >>libvirt-daemon-config-network-0.9.11-1.fc17.x86_64 > >>libvirt-python-0.9.11-1.fc17.x86_64 > >> > >>[root@ovirt-node1 ~]# virsh net-list > >>WARNING: no socket to connect to > >>Segmentation fault > >I think that merits a libvirt bug. please attach strace output to > >bugzilla. > > > >>[root@ovirt-node1 ~]# > >> > >> > >>[root@ovirt-node1 ~]# ps -ef |grep vdsm > >>root 1299 1 0 23:10 ? 00:00:00 /usr/sbin/libvirtd > >>--listen # by vdsm > >The command line of libvirt process is very odd - the comment that vdsm > >puts into /etc/sysconfig/libvirtd is somehow taken verbatim. That's bad, > >and may be related to Fedora 17's systemd services. Try to remove the > >comment and restart libvirtd to see if this is the case. > The comment come from > > [root@ovirt-node1 ~]# cat /etc/sysconfig/libvirtd: I know that (see my text above). However, in F16 and before, comments have been stripped before being passed to commandline. Have you tested if all is well when the commment is removed? Let's see what our friends in libvir-list think. Dan.

3 7

[libvirt] [PATCH] qemu: Rollback on used USB devices
by Michal Privoznik 16 May '12

16 May '12

One of our latest USB device handling patches 05abd1507d66aabb6cad12eeafeb4c4d1911c585 introduced a regression. That is, we first create a temporary list of all USB devices that are to be used by domain just starting up. Then we iterate over and check if a device from the list is in the global list of currently assigned devices (activeUsbHostdevs). If not, we add it there and continue with next iteration then. But if a device from temporary list is either taken already or adding to the activeUsbHostdevs fails, we remove all devices in temp list from the activeUsbHostdevs list. Therefore, if a device is already taken we remove it from activeUsbHostdevs even if we should not. Thus, next time we allow the device to be assigned to another domain. --- src/qemu/qemu_hostdev.c | 28 ++++++++++++---------------- 1 files changed, 12 insertions(+), 16 deletions(-) diff --git a/src/qemu/qemu_hostdev.c b/src/qemu/qemu_hostdev.c index b649ae0..ff13305 100644 --- a/src/qemu/qemu_hostdev.c +++ b/src/qemu/qemu_hostdev.c @@ -567,7 +567,7 @@ qemuPrepareHostdevUSBDevices(struct qemud_driver *driver, const char *name, usbDeviceList *list) { - int i; + int i, j; unsigned int count; usbDevice *tmp; @@ -586,7 +586,7 @@ qemuPrepareHostdevUSBDevices(struct qemud_driver *driver, qemuReportError(VIR_ERR_OPERATION_INVALID, _("USB device %s is already in use"), usbDeviceGetName(tmp)); - return -1; + goto error; } usbDeviceSetUsedBy(usb, name); @@ -598,9 +598,16 @@ qemuPrepareHostdevUSBDevices(struct qemud_driver *driver, * perform rollback on failure. */ if (usbDeviceListAdd(driver->activeUsbHostdevs, usb) < 0) - return -1; + goto error; } return 0; + +error: + for (j = 0; j < i; j++) { + tmp = usbDeviceListGet(list, i); + usbDeviceListSteal(driver->activeUsbHostdevs, tmp); + } + return -1; } static int @@ -621,8 +628,7 @@ qemuPrepareHostUSBDevices(struct qemud_driver *driver, if (!(list = usbDeviceListNew())) goto cleanup; - /* Loop 1: build temporary list and validate no usb device - * is already taken + /* Loop 1: build temporary list */ for (i = 0 ; i < nhostdevs ; i++) { virDomainHostdevDefPtr hostdev = hostdevs[i]; @@ -678,7 +684,7 @@ qemuPrepareHostUSBDevices(struct qemud_driver *driver, * wrong, perform rollback. */ if (qemuPrepareHostdevUSBDevices(driver, def->name, list) < 0) - goto inactivedevs; + goto cleanup; /* Loop 2: Temporary list was successfully merged with * driver list, so steal all items to avoid freeing them @@ -690,16 +696,6 @@ qemuPrepareHostUSBDevices(struct qemud_driver *driver, } ret = 0; - goto cleanup; - -inactivedevs: - /* Steal devices from driver->activeUsbHostdevs. - * We will free them later. - */ - for (i = 0; i < usbDeviceListCount(list); i++) { - tmp = usbDeviceListGet(list, i); - usbDeviceListSteal(driver->activeUsbHostdevs, tmp); - } cleanup: usbDeviceListFree(list); -- 1.7.8.5

2 2

[libvirt] [PATCH] Fix build compat with older libselinux for LXC
by Daniel P. Berrange 16 May '12

16 May '12

From: "Daniel P. Berrange" <berrange(a)redhat.com> Most versions of libselinux do not contain the function selinux_lxc_contexts_path() that the security driver recently started using for LXC. We must add a conditional check for it in configure and then disable the LXC security driver for builds where libselinux lacks this function. NB although this qualifies as a build breaker fix, I'm not pushing until it has had review * configure.ac: Check for selinux_lxc_contexts_path * src/security/security_selinux.c: Disable LXC security if selinux_lxc_contexts_path() is missing --- configure.ac | 1 + src/security/security_selinux.c | 19 ++++++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 9c356c9..d666736 100644 --- a/configure.ac +++ b/configure.ac @@ -1360,6 +1360,7 @@ else fail=0 AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1]) AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1]) + AC_CHECK_FUNCS([selinux_lxc_contexts_path]) CFLAGS="$old_cflags" LIBS="$old_libs" diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index b0bb0a0..2b8ff19 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -127,6 +127,7 @@ err: } +#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH static int SELinuxLXCInitialize(virSecurityManagerPtr mgr) { @@ -189,6 +190,15 @@ error: VIR_FREE(data->content_context); return -1; } +#else +static int +SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("libselinux does not support LXC contexts path")); + return -1; +} +#endif static int @@ -443,9 +453,12 @@ SELinuxSecurityDriverProbe(const char *virtDriver) if (!is_selinux_enabled()) return SECURITY_DRIVER_DISABLE; - if (virtDriver && STREQ(virtDriver, "LXC") && - !virFileExists(selinux_lxc_contexts_path())) - return SECURITY_DRIVER_DISABLE; + if (virtDriver && STREQ(virtDriver, "LXC")) { +#if HAVE_SELINUX_LXC_CONTEXTS_PATH + if (!virFileExists(selinux_lxc_contexts_path())) +#endif + return SECURITY_DRIVER_DISABLE; + } return SECURITY_DRIVER_ENABLE; } -- 1.7.7.6

2 1

[libvirt] [PATCH libvirt] Reject any non-option command line arguments
by Daniel P. Berrange 16 May '12

16 May '12

From: "Daniel P. Berrange" <berrange(a)redhat.com> Due to a bug in editing /etc/sysconfig/libvirtd, VDSM was causing libvirt processes to run with the following command line args /usr/sbin/libvirtd --listen '#' 'by vdsm' While it correctly rejects any invalid option flags, libvirtd was not rejecting any non-option command line arguments * daemon/libvirtd.c: Reject non-option argv --- daemon/libvirtd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 2696c54..0b5ae35 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -999,6 +999,12 @@ int main(int argc, char **argv) { } } + if (optind != argc) { + fprintf(stderr, "%s: unexpected, non-option, command line arguments\n", + argv[0]); + exit(EXIT_FAILURE); + } + if (!(config = daemonConfigNew(privileged))) { VIR_ERROR(_("Can't create initial configuration")); exit(EXIT_FAILURE); -- 1.7.10.1

2 1