September 2012 - Devel - libvirt List Archives

[libvirt] libvirt plans: dns support for IPv6?
by Gene Czarcinski 17 Sep '12

17 Sep '12

I would like to know what the plans are for supporting dns for virtual guests with only IPv6. My objective is to be able to reference a virtual guest for the host ... doing ssh, scp, etc. such functions work just fine if you specify the ip-address but, after a while, those ip-addresses are difficult to remember ... afterall, that is why dns exists. For IPv4, with a some patches to libvert implementing "--local=/virt/ --domain-needed" if "--domain virt" is specified, I am now able to ssh to guests by name. The additions needed are to run the NetworkManager supporting "--conf-dir=/etc/NetworkManager/dnsmasq.d/" (or patch it like I did), and add a file specifying the dnsmasq on the virtual NIC. For example, server=/virt/,192.168.122.1 will forward queries. Alternatively, you can run yet another dnsmasq on the host which just passes queries to the dnsmasq and modify your upstream dns server to forward any queries for the virtual domains to the dnsmasq on the host. IPv6 is another situation entirely. And it may be even more important to have dns support because if IPv4 address are difficult to remember, IPv6 are practically impossible. So, are there any plans for providing dns on the IPv6 virtual networks? I can see a couple of solutions and each has pluses and minuses. 1. Do it the same way the it is done for IPv4. The current version of dnsmasq (2.63) supports dhcp for IPv6 and, IIRC, has since 2.61. I realize that you need to continue support of libvirt on RHEL 6 and possibly others that are running an old version of dnsmasq, but isn't it time to move along? While you can manually configure IPv6 interfaces so that you can add the definitions to a /etc/host file, this is not a good approach from my perspective. The use of dnsmasq also allows specification of different domains for each virtual IPv6 network. 2. There is another approach and it would be useful for both dnsmasq and this approach be available. That is, continue to use radvd and have the virtual guests autoconf the ip addresses. Then use mDNS (avahi and nss-mdns) to support access by name. This does not require doing anything about dnsmasq. In fact, it is possible thatyou do not need it at all. In addition, the plans for Fedora 18 are to make mDNS the default for Desktop installs [I am not sure what that means]. A big problem is that there is only a single domain which is ".local" by default. An even bigger problem is that ssh (openssh) has an error if a mDNS name is specified. I noticed that Daniel Berrange has put in a bugzilla request that dnsmasq be updated. If someone is already coding up patches to add dhcp for IPv6 or will "real soon now", I will be happy to test it. Otherwise, I could take a shot at coming up with the patches. Gene

3 7

[libvirt] [V2 PATCH 0/3] Transport Open vSwitch per-port data during live migration
by Kyle Mestery 15 Sep '12

15 Sep '12

This series of commits has the end goal of allowing per-port data stored in the Open vSwitch DB to be transported during live migration. This is done by first providing a generic infrastructure for transporting network data, adding some utility functions specific to Open vSwitch, and hooking the two together. The framework provided is generic in that other networking data could be transferred as well by simply adding in additional hooks as needed. ---- V2 of this patch series fixes some issues found when migrating VMs on standard Linux bridges. Kyle Mestery (3): Add the ability for the Qemu V3 migration protocol to include transporting network configuration. A generic framework is proposed with this patch to allow for the transfer of opaque data. Add utility functions for Open vSwitch to both save per-port data before a live migration, and restore the per-port data after a live migration. Transport Open vSwitch per-port data during live migration by using the utility functions virNetDevOpenvswitchGetMigrateData() and virNetDevOpenvswitchSetMigrateData(). src/libvirt_private.syms | 2 + src/qemu/qemu_migration.c | 291 +++++++++++++++++++++++++++++++++++++++- src/util/virnetdevopenvswitch.c | 71 ++++++++++ src/util/virnetdevopenvswitch.h | 6 + 4 files changed, 368 insertions(+), 2 deletions(-) -- 1.7.11.4

3 5

[libvirt] [PATCH 0/3] Transport Open vSwitch per-port data during live migration
by Kyle Mestery 15 Sep '12

15 Sep '12

This series of commits has the end goal of allowing per-port data stored in the Open vSwitch DB to be transported during live migration. This is done by first providing a generic infrastructure for transporting network data, adding some utility functions specific to Open vSwitch, and hooking the two together. The framework provided is generic in that other networking data could be transferred as well by simply adding in additional hooks as needed. Kyle Mestery (3): Add the ability for the Qemu V3 migration protocol to include transporting network configuration. A generic framework is proposed with this patch to allow for the transfer of opaque data. Add utility functions for Open vSwitch to both save per-port data before a live migration, and restore the per-port data after a live migration. Transport Open vSwitch per-port data during live migration by using the utility functions virNetDevOpenvswitchGetMigrateData() and virNetDevOpenvswitchSetMigrateData(). cfg.mk | 9 + configure.ac | 36 +- docs/formatdomain.html.in | 45 +- docs/schemas/domaincommon.rng | 75 ++- src/conf/domain_conf.c | 394 +++++++++++- src/conf/domain_conf.h | 32 + src/esx/esx_util.c | 7 +- src/libvirt.c | 20 +- src/libvirt_private.syms | 5 + src/parallels/parallels_driver.c | 133 +++- src/qemu/qemu_capabilities.c | 679 +++++++++++++++------ src/qemu/qemu_capabilities.h | 49 +- src/qemu/qemu_command.c | 660 +++++++++++--------- src/qemu/qemu_command.h | 56 +- src/qemu/qemu_domain.c | 16 +- src/qemu/qemu_domain.h | 4 +- src/qemu/qemu_driver.c | 50 +- src/qemu/qemu_hotplug.c | 141 ++--- src/qemu/qemu_migration.c | 295 ++++++++- src/qemu/qemu_monitor.c | 114 ++-- src/qemu/qemu_monitor.h | 10 +- src/qemu/qemu_monitor_json.c | 77 ++- src/qemu/qemu_monitor_json.h | 5 +- src/qemu/qemu_monitor_text.c | 335 +++------- src/qemu/qemu_process.c | 62 +- src/rpc/virnetserverprogram.c | 11 +- src/rpc/virnettlscontext.c | 6 +- src/util/bitmap.c | 19 + src/util/bitmap.h | 6 + src/util/virnetdevopenvswitch.c | 71 +++ src/util/virnetdevopenvswitch.h | 6 + src/vbox/vbox_tmpl.c | 14 +- src/vmware/vmware_driver.c | 4 +- tests/Makefile.am | 10 +- .../domain-parallels-ct-simple.xml | 27 + tests/qemuhelptest.c | 16 +- tests/qemumonitortestutils.c | 12 +- .../qemuxml2argv-cpu-eoi-disabled.args | 4 + .../qemuxml2argv-cpu-eoi-disabled.xml | 28 + .../qemuxml2argv-cpu-eoi-enabled.args | 4 + .../qemuxml2argv-cpu-eoi-enabled.xml | 28 + .../qemuxml2argv-eoi-disabled.args | 4 + .../qemuxml2argvdata/qemuxml2argv-eoi-disabled.xml | 25 + .../qemuxml2argvdata/qemuxml2argv-eoi-enabled.args | 4 + .../qemuxml2argvdata/qemuxml2argv-eoi-enabled.xml | 25 + .../qemuxml2argv-usb-redir-filter.args | 10 + .../qemuxml2argv-usb-redir-filter.xml | 45 ++ tests/qemuxml2argvtest.c | 23 +- tests/qemuxml2xmltest.c | 6 + tests/qemuxmlnstest.c | 6 +- tests/undefine | 72 --- tests/virsh-undefine | 72 +++ tools/virsh-domain.c | 4 +- tools/virsh-network.c | 8 +- tools/virsh-pool.c | 8 +- tools/virsh-volume.c | 8 +- 56 files changed, 2678 insertions(+), 1217 deletions(-) create mode 100644 tests/domainschemadata/domain-parallels-ct-simple.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-eoi-disabled.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-eoi-disabled.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-eoi-enabled.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-eoi-enabled.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-eoi-disabled.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-eoi-disabled.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-eoi-enabled.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-eoi-enabled.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-usb-redir-filter.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-usb-redir-filter.xml delete mode 100755 tests/undefine create mode 100755 tests/virsh-undefine -- 1.7.11.4

3 5

[libvirt] [PATCH 1/2] build: allow building with newer glibc-headers and -O0
by Christophe Fergeau 15 Sep '12

15 Sep '12

Fix copied from libvirt, commit by Eric Blake. glibc 2.15 (on Fedora 17) coupled with explicit disabling of optimization during development dies a painful death: /usr/include/features.h:314:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp] Work around this by only conditionally defining _FORTIFY_SOURCE, in the case where glibc can actually use it. The trick is using AH_VERBATIM instead of AC_DEFINE. --- m4/virt-compile-warnings.m4 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4 index d403587..913abca 100644 --- a/m4/virt-compile-warnings.m4 +++ b/m4/virt-compile-warnings.m4 @@ -84,8 +84,12 @@ AC_DEFUN([LIBVIRT_DESIGNER_COMPILE_WARNINGS],[ gl_WARN_ADD([-Wframe-larger-than=4096]) # Use improved glibc headers - AC_DEFINE([_FORTIFY_SOURCE], [2], - [enable compile-time and run-time bounds-checking, and some warnings]) + AH_VERBATIM([FORTIFY_SOURCE], + [/* Enable compile-time and run-time bounds-checking, and some warnings. */ + #if defined __OPTIMIZE__ && __OPTIMIZE__ + # define _FORTIFY_SOURCE 2 + #endif + ]) # Extra special flags dnl -fstack-protector stuff passes gl_WARN_ADD with gcc -- 1.7.11.4

3 4

[libvirt] [PATCH RFC] network: define new API virNetworkUpdate
by Laine Stump 15 Sep '12

15 Sep '12

This patch adds a new public API virNetworkUpdate that will permit updating an existing network configuration without requiring that the network be destroyed/restarted for the changes to take effect. --- an example of use: to add a dhcp host entry to network "net", you would do this: virNetworkUpdate(net, VIR_NETWORK_SECTION_IP_DHCP_HOST, -1, "<host mac='00:11:22:33:44:55' ip='192.168.122.5'/>", VIR_NETWORK_UPDATE_AFFECT_LIVE | VIR_NETWORK_UPDATE_AFFECT_CONFIG | VIR_NETWORK_UPDATE_ADD_LAST); To delete that same entry: virNetworkUpdate(net, VIR_NETWORK_SECTION_IP_DHCP_HOST, -1, "<host mac='00:11:22:33:44:55'/>", VIR_NETWORK_UPDATE_AFFECT_LIVE | VIR_NETWORK_UPDATE_AFFECT_CONFIG | VIR_NETWORK_UPDATE_DELETE); If you wanted to force any of these to affect the dhcp host list in the 3rd <ip> element of the network, you would replace "-1" with "2". I'm still working on an example of one of the backends of this, but need eyeballs on the API, since that's the most critical part before the freeze. I would appreciate anyone with a few spare minutes who can take a look. Differences from email thread: 1) Aside from being actual code instead of just pseudo code, I've changed the "index" arg into "parentIndex" to avoid confusion between the index of the element we're looking at (e.g. which host in the list of hosts in a <dhcp> element) and the index of the parent (e.g. which <ip> element will contain the <dhcp> with the list of <hosts> we want to update). I also changed this from a unsigned into to an int so that it can hold the special value "-1", which means "pick the most useful/only item". Again, in the case of VIR_NETWORK_SECTION_IP_DHCP_HOST, this would mean to pick the one <ip> element that actually has a <dhcp> section (may not be the first, but there can only be one). I'll follow with a backend implementation of at least one of the update sections as soon as I get all the underlying utility functions working properly. 2) added VIR_NETWORK_UPDATE_AFFECT_CURRENT similar to VIR_DOMAIN_AFFECT_CURRENT include/libvirt/libvirt.h.in | 50 ++++++++++++++++++++++++++++++++++++ src/driver.h | 7 ++++++ src/libvirt.c | 60 +++++++++++++++++++++++++++++++++++++++++++- src/libvirt_public.syms | 1 + 4 files changed, 117 insertions(+), 1 deletion(-) diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index b0d34c5..d91e6c2 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -2328,6 +2328,56 @@ virNetworkPtr virNetworkDefineXML (virConnectPtr conn, int virNetworkUndefine (virNetworkPtr network); /* + * virNetworkUpdateSection: + * + * describes which section of a <network> definition the provided + * xml should be applied to. + * + */ +typedef enum { + VIR_NETWORK_SECTION_BRIDGE = 0, + VIR_NETWORK_SECTION_DOMAIN = 1, + VIR_NETWORK_SECTION_IP = 2, + VIR_NETWORK_SECTION_IP_DHCP_HOST = 3, + VIR_NETWORK_SECTION_IP_DHCP_RANGE = 4, + VIR_NETWORK_SECTION_FORWARD = 5, + VIR_NETWORK_SECTION_FORWARD_INTERFACE = 6, + VIR_NETWORK_SECTION_FORWARD_PF = 7, + VIR_NETWORK_SECTION_PORTGROUP = 8, + VIR_NETWORK_SECTION_DNS_HOST = 9, + VIR_NETWORK_SECTION_DNS_TXT = 10, + VIR_NETWORK_SECTION_DNS_SRV = 11, +#ifdef VIR_ENUM_SENTINELS + VIR_NETWORK_SECTION_LAST +#endif +} virNetworkUpdateSection; + +/* + * virNetworkUpdateFlags: + * + * Used to specify what type of operation to perform, and whether to + * affect live network, persistent config, or both. + */ +typedef enum { + VIR_NETWORK_UPDATE_AFFECT_CURRENT = 0, + VIR_NETWORK_UPDATE_AFFECT_LIVE = 1 << 0, + VIR_NETWORK_UPDATE_AFFECT_CONFIG = 1 << 1, + VIR_NETWORK_UPDATE_EXISTING = 1 << 2, + VIR_NETWORK_UPDATE_DELETE = 1 << 3, + VIR_NETWORK_UPDATE_ADD_LAST = 1 << 4, + VIR_NETWORK_UPDATE_ADD_FIRST = 1 << 5, + } virNetworkUpdateFlags; + +/* + * Update an existing network definition + */ +int virNetworkUpdate(virNetworkPtr network, + unsigned int section, /* virNetworkUpdateSection */ + int parentIndex, + const char *xml, + unsigned int flags); + +/* * Activate persistent network */ int virNetworkCreate (virNetworkPtr network); diff --git a/src/driver.h b/src/driver.h index 534da05..958712a 100644 --- a/src/driver.h +++ b/src/driver.h @@ -1101,6 +1101,12 @@ typedef virNetworkPtr typedef int (*virDrvNetworkUndefine) (virNetworkPtr network); typedef int + (*virDrvNetworkUpdate) (virNetworkPtr network, + unsigned int section, /* virNetworkUpdateSection */ + int parentIndex, + const char *xml, + unsigned int flags); +typedef int (*virDrvNetworkCreate) (virNetworkPtr network); typedef int (*virDrvNetworkDestroy) (virNetworkPtr network); @@ -1150,6 +1156,7 @@ struct _virNetworkDriver { virDrvNetworkCreateXML networkCreateXML; virDrvNetworkDefineXML networkDefineXML; virDrvNetworkUndefine networkUndefine; + virDrvNetworkUpdate networkUpdate; virDrvNetworkCreate networkCreate; virDrvNetworkDestroy networkDestroy; virDrvNetworkGetXMLDesc networkGetXMLDesc; diff --git a/src/libvirt.c b/src/libvirt.c index 5639850..133fbf5 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -10207,7 +10207,7 @@ error: * @conn: pointer to the hypervisor connection * @xml: the XML description for the network, preferably in UTF-8 * - * Define a network, but does not create it + * Define a network, but do not create it. * * Returns NULL in case of error, a pointer to the network otherwise */ @@ -10286,6 +10286,64 @@ error: } /** + * virNetworkUpdate: + * @network: pointer to a defined network + * @section: which section of the network to update + * (virNetworkUpdateSection) + * @index: which parent element if there are multiple parents + * of the same type (e.g. which <ip> element when + * modifying a <dhcp> element) + * @xml: the XML description for the network, preferably in UTF-8 + * @flags: bitwise or of virNetworkDefineFlags (currently must be 0). + * + * Update the definition of an existing network, either its live + * running state, its persistent configuration, or both. + * + * Returns 0 in case of success, -1 in case of error + */ +int +virNetworkUpdate(virNetworkPtr network, + unsigned int section, /* virNetworkUpdateSection */ + int parentIndex, + const char *xml, + unsigned int flags) +{ + virConnectPtr conn; + VIR_DEBUG("network=%p, section=%d, parentIndex=%d, xml=%s, flags=0x%x", + network, section, parentIndex, xml, flags); + + virResetLastError(); + + if (!VIR_IS_CONNECTED_NETWORK(network)) { + virLibNetworkError(VIR_ERR_INVALID_NETWORK, __FUNCTION__); + virDispatchError(NULL); + return -1; + } + conn = network->conn; + if (conn->flags & VIR_CONNECT_RO) { + virLibNetworkError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + + virCheckNonNullArgGoto(xml, error); + + if (conn->networkDriver && conn->networkDriver->networkUpdate) { + int ret; + ret = conn->networkDriver->networkUpdate(network, section, + parentIndex, xml, flags); + if (ret < 0) + goto error; + return ret; + } + + virLibConnError(VIR_ERR_NO_SUPPORT, __FUNCTION__); + +error: + virDispatchError(network->conn); + return -1; +} + +/** * virNetworkCreate: * @network: pointer to a defined network * diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 6ff5a77..f953f67 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -558,6 +558,7 @@ LIBVIRT_0.10.2 { global: virConnectListAllNetworks; virConnectListAllStoragePools; + virNetworkUpdate; virStoragePoolListAllVolumes; } LIBVIRT_0.10.0; -- 1.7.11.4

1 0

[libvirt] [PATCH 0/8] Hostdev-hybrid patches
by Shradha Shah 15 Sep '12

15 Sep '12

This patch series adds the support for interface-type="hostdev-hybrid" and forward mode="hostdev-hybrid". The hostdev-hybrid mode makes migration possible along with PCI-passthrough. I had posted a RFC on the hostdev-hybrid methodology earlier on the libvirt mailing list. The RFC can be found here: https://www.redhat.com/archives/libvir-list/2012-February/msg00309.html Shradha Shah (8): RNG updates, new xml parser/formatter code for interface type=hostdev-hybrid RNG updates, new xml parser/formatter code for forward mode=hostdev-hybrid Hostdev-hybrid mode requires a direct linkdev and direct mode. ActualParent is used to store the information about the NETDEV. network: support hostdev-hybrid in network driver qemu: support netdevs from hostdev-hybrid networks Using the Ephemeral Flag to prepare for Migration Support. Migration support for hostdev-hybrid. docs/formatdomain.html.in | 29 ++++ docs/formatnetwork.html.in | 46 ++++++ docs/schemas/domaincommon.rng | 50 ++++++ docs/schemas/network.rng | 1 + include/libvirt/libvirt.h.in | 1 + src/conf/domain_conf.c | 167 +++++++++++++++++--- src/conf/domain_conf.h | 8 + src/conf/network_conf.c | 9 +- src/conf/network_conf.h | 1 + src/libvirt_private.syms | 1 + src/network/bridge_driver.c | 123 +++++++++++++-- src/qemu/qemu_command.c | 61 +++++++ src/qemu/qemu_domain.c | 6 +- src/qemu/qemu_domain.h | 3 +- src/qemu/qemu_driver.c | 6 +- src/qemu/qemu_hostdev.c | 158 +++++++++++++------ src/qemu/qemu_hotplug.c | 26 +++- src/qemu/qemu_migration.c | 106 ++++++++++++- src/qemu/qemu_process.c | 3 +- src/uml/uml_conf.c | 5 + src/util/pci.c | 2 +- src/util/pci.h | 2 + src/util/virnetdev.c | 40 +++++ src/util/virnetdev.h | 6 + src/xenxs/xen_sxpr.c | 1 + tests/networkxml2xmlin/hostdev-hybrid-pf.xml | 7 + tests/networkxml2xmlin/hostdev-hybrid.xml | 10 ++ tests/networkxml2xmlout/hostdev-hybrid-pf.xml | 7 + tests/networkxml2xmlout/hostdev-hybrid.xml | 10 ++ tests/networkxml2xmltest.c | 2 + .../qemuxml2argv-net-hostdevhybrid.args | 8 + .../qemuxml2argv-net-hostdevhybrid.xml | 35 ++++ tests/qemuxml2argvtest.c | 2 + .../qemuxml2xmlout-net-hostdevhybrid.xml | 40 +++++ tests/qemuxml2xmltest.c | 1 + 35 files changed, 884 insertions(+), 99 deletions(-) create mode 100644 tests/networkxml2xmlin/hostdev-hybrid-pf.xml create mode 100644 tests/networkxml2xmlin/hostdev-hybrid.xml create mode 100644 tests/networkxml2xmlout/hostdev-hybrid-pf.xml create mode 100644 tests/networkxml2xmlout/hostdev-hybrid.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-net-hostdevhybrid.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-net-hostdevhybrid.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-net-hostdevhybrid.xml -- 1.7.4.4

4 22

[libvirt] [PATCH v4 0/5] Per-guest configurable user/group for QEMU processes
by Marcelo Cerri 15 Sep '12

15 Sep '12

This is a v4 patch series that updates the libvirt's security driver mechanism to support per-guest configurable user and group for QEMU processes running together with other security drivers, such as SELinux and AppArmor. Marcelo Cerri (5): Internal refactory of data structures Multiple security drivers in XML data Update security layer to handle many security labels Support for multiple default security drivers in QEMU config Update the remote API daemon/remote.c | 63 ++++ docs/formatdomain.html.in | 11 +- docs/schemas/capability.rng | 18 +- docs/schemas/domaincommon.rng | 30 ++- include/libvirt/libvirt.h.in | 2 + python/generator.py | 1 + src/conf/capabilities.c | 17 +- src/conf/capabilities.h | 6 +- src/conf/domain_audit.c | 14 +- src/conf/domain_conf.c | 343 +++++++++++++++----- src/conf/domain_conf.h | 20 +- src/driver.h | 4 + src/libvirt.c | 47 +++ src/libvirt_private.syms | 5 + src/libvirt_public.syms | 1 + src/lxc/lxc_conf.c | 8 +- src/lxc/lxc_controller.c | 8 +- src/lxc/lxc_driver.c | 11 +- src/lxc/lxc_process.c | 23 +- src/qemu/qemu.conf | 6 +- src/qemu/qemu_conf.c | 38 ++- src/qemu/qemu_conf.h | 2 +- src/qemu/qemu_driver.c | 218 +++++++++++--- src/qemu/qemu_process.c | 50 ++- src/remote/remote_driver.c | 46 +++ src/remote/remote_protocol.x | 17 +- src/remote_protocol-structs | 11 + src/security/security_apparmor.c | 118 +++++-- src/security/security_dac.c | 324 +++++++++++++++++-- src/security/security_manager.c | 101 +++++-- src/security/security_manager.h | 8 +- src/security/security_selinux.c | 263 +++++++++++----- src/security/security_stack.c | 237 +++++++++----- src/security/security_stack.h | 13 + src/test/test_driver.c | 11 +- .../qemuxml2argv-seclabel-dynamic-override.xml | 4 +- .../qemuxml2argv-seclabel-dynamic.xml | 2 +- 37 files changed, 1653 insertions(+), 448 deletions(-)

5 20

[libvirt] [PATCH] svirt: Label serial sockets (RHBZ#853393).
by Richard W.M. Jones 15 Sep '12

15 Sep '12

From: "Richard W.M. Jones" <rjones(a)redhat.com> libvirt skips labelling these, for unknown reasons. This breaks libguestfs. Adding this and some SELinux rules (RHBZ#857453) fixes everything for me. --- src/security/security_selinux.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index a7e2420..c3b33f8 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1230,6 +1230,7 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def, switch (dev->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: + case VIR_DOMAIN_CHR_TYPE_UNIX: ret = virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel); break; @@ -1280,6 +1281,7 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def, switch (dev->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: + case VIR_DOMAIN_CHR_TYPE_UNIX: if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) goto done; ret = 0; @@ -1318,11 +1320,6 @@ virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def, virDomainChrDefPtr dev, void *opaque ATTRIBUTE_UNUSED) { - /* This is taken care of by processing of def->serials */ - if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE && - dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) - return 0; - return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->source); } @@ -1698,11 +1695,6 @@ virSecuritySELinuxSetSecurityChardevCallback(virDomainDefPtr def, virDomainChrDefPtr dev, void *opaque ATTRIBUTE_UNUSED) { - /* This is taken care of by processing of def->serials */ - if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE && - dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) - return 0; - return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->source); } -- 1.7.10.4

2 2

[libvirt] [PATCH] qemu: fix uninitialized variable in qemuParseCommandLine
by Ján Tomko 14 Sep '12

14 Sep '12

Newly added if branch for kvm_pv_eoi did not set the ret variable. --- src/qemu/qemu_command.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index ec825bc..d0c8e22 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7655,7 +7655,7 @@ qemuParseCommandLineCPU(virDomainDefPtr dom, else if (*p == '+' || *p == '-') { char *feature; int policy; - int ret; + int ret = 0; if (*p == '+') policy = VIR_CPU_FEATURE_REQUIRE; @@ -7702,7 +7702,6 @@ qemuParseCommandLineCPU(virDomainDefPtr dom, goto error; } dom->clock.timers[i]->present = present; - ret = 0; } else if (STREQ(feature, "kvm_pv_eoi")) { if (policy == VIR_CPU_FEATURE_REQUIRE) dom->apic_eoi = VIR_DOMAIN_APIC_EOI_ON; -- 1.7.8.6

2 2

[libvirt] [PATCH 00/20] Prepare QEMU capabilities for detection via QMP
by Daniel P. Berrange 14 Sep '12

14 Sep '12

As of QEMU 1.2 libvirt is supposed to stop parsing -help and instead use various QMP commands to detect capabilities. Before we can do this, the current QEMU capabilities code needs a serious cleanup and some refactoring. This series does that major preparation work. Currently we consider "capabilities" to just refer to flags we detect from -help. This series expands to cover all the things we detect from QEMU, specifically including machine types, CPU definitions and architecture. It introduces a single object to track all this data and a centralized caching mechanism so we never re-query data we already have somewhere.

2 45