[libvirt] [PATCH]virsh: improve usability of '--print-xml' flag for attach-disk command
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
'--print-xml' option is very useful for doing some test.
But we had to specify a real domain for it.
This patch could enable us to specify a fake domain
when using --print-xml option.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
---
tools/virsh-domain.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 2aed9f9..565966d 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -528,13 +528,6 @@ cmdAttachDisk(vshControl *ctl, const vshCmd *cmd)
if (live)
flags |= VIR_DOMAIN_AFFECT_LIVE;
- if (!(dom = vshCommandOptDomain(ctl, cmd, NULL)))
- return false;
-
- if (persistent &&
- virDomainIsActive(dom) == 1)
- flags |= VIR_DOMAIN_AFFECT_LIVE;
-
if (vshCommandOptStringReq(ctl, cmd, "source", &source) < 0 ||
vshCommandOptStringReq(ctl, cmd, "target", &target) < 0 ||
vshCommandOptStringReq(ctl, cmd, "driver", &driver) < 0 ||
@@ -672,6 +665,13 @@ cmdAttachDisk(vshControl *ctl, const vshCmd *cmd)
goto cleanup;
}
+ if (!(dom = vshCommandOptDomain(ctl, cmd, NULL)))
+ return false;
+
+ if (persistent &&
+ virDomainIsActive(dom) == 1)
+ flags |= VIR_DOMAIN_AFFECT_LIVE;
+
if (flags)
ret = virDomainAttachDeviceFlags(dom, xml, flags);
else
--
1.8.2.1
11 years, 1 month
[libvirt] [PATCH 0/3] esx: Remove unnecessary NULL comparisons
by Geoff Hickey
In reply to my last submit, Eric Blake suggested removing an explicit NULL
comparison, and instead to simply use the pointer in a boolean context, as
in: if (ptr) instead of if (ptr != NULL). Since the second form was used
thoughout the esx code, making this change in one place wouldn't have
advanced the cause of consistency in the code. This series of patches
makes this change throughout the esx code. There are no logic changes. The
result is (arguably) easier to read.
Geoff Hickey (3):
esx: Remove unnecessary NULL comparisons (1/3)
esx: Remove unnecessary NULL comparisons (2/3)
esx: Remove unnecessary NULL comparisons (3/3)
src/esx/esx_driver.c | 244 +++++++++---------
src/esx/esx_interface_driver.c | 10 +-
src/esx/esx_network_driver.c | 64 ++---
src/esx/esx_storage_backend_iscsi.c | 44 ++--
src/esx/esx_storage_backend_vmfs.c | 86 +++----
src/esx/esx_storage_driver.c | 6 +-
src/esx/esx_util.c | 48 ++--
src/esx/esx_vi.c | 475 ++++++++++++++++++------------------
src/esx/esx_vi_methods.c | 10 +-
src/esx/esx_vi_types.c | 88 +++----
10 files changed, 535 insertions(+), 540 deletions(-)
--
1.8.1.2
11 years, 1 month
[libvirt] [PATCH] Remove ATTRIBUTE_NONNULL(3) from qemuMonitorJSONDrivePivot
by John Ferlan
The header definition didn't match the function declaration, so adjusted
header to reflect the definition.
Found during a Coverity build where STATIC_ANALYSIS is enabled resulting
in the internal.h adding __nonnull__ handling to arguments.
Commit '6d264c91' added support for the qemuMonitorJSONDrivePivot() and
commit 'fbc3adc9' added a corresponding test which ended up triggering
the build failure which I didn't notice until today!
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/qemu/qemu_monitor_json.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 51cf19c..a1a7548 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -250,7 +250,7 @@ int qemuMonitorJSONDrivePivot(qemuMonitorPtr mon,
const char *device,
const char *file,
const char *format)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
int qemuMonitorJSONBlockCommit(qemuMonitorPtr mon,
const char *device,
--
1.8.3.1
11 years, 1 month
[libvirt] [PATCH] Add support for SPICE SASL
by Christophe Fergeau
This adds a spice_sasl boolean option to qemu.conf to mimic what is
donc for VNC SASL support.
I did not add a spice_sasl_dir option as the corresponding
vnc_sasl_dir option sets a SASL_CONF_DIR environment variable, but
I could not find any reference to that variable in either QEMU or
cyrus-sasl, and Google was not helpful either.
---
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 11 ++++++
src/qemu/qemu_command.c | 2 +
src/qemu/qemu_conf.c | 1 +
src/qemu/qemu_conf.h | 1 +
src/qemu/test_libvirtd_qemu.aug.in | 1 +
.../qemuxml2argv-graphics-spice-sasl.args | 12 ++++++
.../qemuxml2argv-graphics-spice-sasl.xml | 45 ++++++++++++++++++++++
tests/qemuxml2argvtest.c | 6 +++
9 files changed, 80 insertions(+)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.xml
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 32db983..3dc1b43 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -38,6 +38,7 @@ module Libvirtd_qemu =
| bool_entry "spice_tls"
| str_entry "spice_tls_x509_cert_dir"
| str_entry "spice_password"
+ | bool_entry "spice_sasl"
let nogfx_entry = bool_entry "nographics_allow_host_audio"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index bf57b9c..7b128aa 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -140,6 +140,17 @@
#spice_password = "XYZ12345"
+# Enable use of SASL encryption on the SPICE server. This requires
+# a SPICE client which supports the SASL protocol extension.
+# Examples include vinagre, virt-viewer and virt-manager
+# itself.
+#
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# the desired SASL plugin (eg, GSSPI for Kerberos)
+#
+#spice_sasl = 1
+
+
# By default, if no graphical front end is configured, libvirt will disable
# QEMU audio output since directly talking to alsa/pulseaudio may not work
# with various security settings. If you know what you're doing, enable
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index abb62e9..ea5cfcb 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7340,6 +7340,8 @@ qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg,
* migration algorithm silently. */
virBufferAddLit(&opt, ",seamless-migration=on");
}
+ if (cfg->spiceSASL)
+ virBufferAddLit(&opt, ",sasl");
virCommandAddArg(cmd, "-spice");
virCommandAddArgBuffer(cmd, &opt);
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 44a2296..532b0ff 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -399,6 +399,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
GET_VALUE_STR("spice_tls_x509_cert_dir", cfg->spiceTLSx509certdir);
GET_VALUE_STR("spice_listen", cfg->spiceListen);
GET_VALUE_STR("spice_password", cfg->spicePassword);
+ GET_VALUE_BOOL("spice_sasl", cfg->spiceSASL);
GET_VALUE_LONG("remote_websocket_port_min", cfg->webSocketPortMin);
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index ea3c691..35a2515 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -110,6 +110,7 @@ struct _virQEMUDriverConfig {
char *vncSASLdir;
bool spiceTLS;
+ bool spiceSASL;
char *spiceTLSx509certdir;
char *spiceListen;
char *spicePassword;
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 7af3f64..f759db5 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -15,6 +15,7 @@ module Test_libvirtd_qemu =
{ "spice_tls" = "1" }
{ "spice_tls_x509_cert_dir" = "/etc/pki/libvirt-spice" }
{ "spice_password" = "XYZ12345" }
+{ "spice_sasl" = "1" }
{ "nographics_allow_host_audio" = "1" }
{ "remote_display_port_min" = "5900" }
{ "remote_display_port_max" = "65535" }
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args
new file mode 100644
index 0000000..4fe78a5
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args
@@ -0,0 +1,12 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=spice \
+/usr/bin/qemu -S -M pc -m 214 -smp 1 -nodefaults -monitor \
+unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
+/dev/HostVG/QEMUGuest1 -spice port=5903,tls-port=5904,addr=127.0.0.1,\
+x509-dir=/etc/pki/libvirt-spice,tls-channel=default,tls-channel=main,\
+plaintext-channel=inputs,\
+image-compression=auto_glz,jpeg-wan-compression=auto,\
+zlib-glz-wan-compression=auto,\
+playback-compression=on,streaming-video=filter,disable-copy-paste,sasl -vga \
+qxl -global qxl.ram_size=67108864 -global qxl.vram_size=18874368 \
+-device qxl,id=video1,ram_size=67108864,vram_size=33554432,bus=pci.0,addr=0x4 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.xml b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.xml
new file mode 100644
index 0000000..b22fbcc
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.xml
@@ -0,0 +1,45 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <graphics type='spice' port='5903' tlsPort='5904' autoport='no' listen='127.0.0.1' defaultMode='secure'>
+ <listen type='address' address='127.0.0.1'/>
+ <channel name='main' mode='secure'/>
+ <channel name='inputs' mode='insecure'/>
+ <image compression='auto_glz'/>
+ <jpeg compression='auto'/>
+ <zlib compression='auto'/>
+ <playback compression='on'/>
+ <streaming mode='filter'/>
+ <clipboard copypaste='no'/>
+ </graphics>
+ <video>
+ <model type='qxl' ram='65536' vram='18432' heads='1'/>
+ </video>
+ <video>
+ <model type='qxl' ram='65536' vram='32768' heads='1'/>
+ </video>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 060acf2..1cdb964 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -685,6 +685,12 @@ mymain(void)
QEMU_CAPS_PCI_MULTIFUNCTION, QEMU_CAPS_USB_HUB,
QEMU_CAPS_ICH9_USB_EHCI1, QEMU_CAPS_USB_REDIR,
QEMU_CAPS_CHARDEV_SPICEVMC);
+ driver.config->spiceSASL = 1;
+ DO_TEST("graphics-spice-sasl",
+ QEMU_CAPS_VGA, QEMU_CAPS_VGA_QXL,
+ QEMU_CAPS_DEVICE, QEMU_CAPS_SPICE,
+ QEMU_CAPS_DEVICE_QXL);
+ driver.config->spiceSASL = 0;
DO_TEST("input-usbmouse", NONE);
DO_TEST("input-usbtablet", NONE);
--
1.8.3.1
11 years, 1 month
[libvirt] [PATCH] netcf: Don't complain when cleanup is called before init
by Christophe Fergeau
netcfStateInitialize() initializes the driverState variable,
and when netcfStateCleanup is called, it will call virReportError()
if driverState is NULL.
This is not consistent with what other state objects are doing,
they return -1 without reporting an error in such cases.
See also
https://www.redhat.com/archives/libvir-list/2013-October/msg00809.html:
On Thu, Oct 17, 2013 at 01:40:19PM +0100, Daniel P. Berrange wrote:
> We don't want virStateCleanup to skip execution if virStateInitialize
> has failed though - every callback in virStateCleanup should be written
> to be safe if its corresponding init function hasn't run.
---
src/interface/interface_backend_netcf.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/interface/interface_backend_netcf.c b/src/interface/interface_backend_netcf.c
index fac059d..c4e18c4 100644
--- a/src/interface/interface_backend_netcf.c
+++ b/src/interface/interface_backend_netcf.c
@@ -100,11 +100,8 @@ netcfStateInitialize(bool privileged ATTRIBUTE_UNUSED,
static int
netcfStateCleanup(void)
{
- if (!driverState) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Attempt to close netcf state driver already closed"));
+ if (!driverState)
return -1;
- }
if (virObjectUnref(driverState)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
--
1.8.3.1
11 years, 1 month
[libvirt] [PATCH] vircgroupmock.c: Avoid crashing if lstat() not found
by Michal Privoznik
In init_syms() we admit that stat() may not exists (in favor of existing
__lxstat). However, if previously an library checked for existence of
these two symbols and wisely has chosen the existing one, now, that we've
mocked the both symbols, we are confusing the library. Moreover, such
library will get SIGSEGV immediately after wrong decision, since
reallstat is NULL.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
tests/vircgroupmock.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/tests/vircgroupmock.c b/tests/vircgroupmock.c
index adc1718..0b44fda 100644
--- a/tests/vircgroupmock.c
+++ b/tests/vircgroupmock.c
@@ -542,10 +542,16 @@ int lstat(const char *path, struct stat *sb)
errno = ENOMEM;
return -1;
}
- ret = reallstat(newpath, sb);
+ if (reallstat)
+ ret = reallstat(newpath, sb);
+ else
+ ret = real__lxstat(_STAT_VER, newpath, sb);
free(newpath);
} else {
- ret = reallstat(path, sb);
+ if (reallstat)
+ ret = reallstat(path, sb);
+ else
+ ret = real__lxstat(_STAT_VER, path, sb);
}
return ret;
}
--
1.8.1.5
11 years, 1 month
[libvirt] Migration issue php-libvirt
by Umar Draz
Hi All
I am trying to migrate offline domain on other URI but its not working
due to this error
Failure!Libvirt last error: Requested operation is not valid: domain is not
running
I tried to use this option but not working
VIR_MIGRATE_OFFLINE
Please anybody help me?
Br.
Umar
11 years, 1 month
[libvirt] [PATCH v3 0/2] expose baselabel for each sec model/virt type
by Giuseppe Scrivano
Now each security model can define its own base label, that describes
the default security context used by libvirt to run an hypervisor
process. This information is exposed to users trough the host
capabilities XML.
*v3 major changes
- support LXC
- merge virSecurityDACSetUser and virSecurityDACSetGroup in
virSecurityDACSetUserAndGroup
- DAC sets the baselabel in virSecurityDACSetUserAndGroup
- Use virDomainVirtTypeToString instead of hardcoding the name
Giuseppe Scrivano (2):
security: add new internal function "virSecurityManagerGetBaseLabel"
capabilities: add baselabel per sec driver/virt type to secmodel
docs/schemas/capability.rng | 8 ++++
src/conf/capabilities.c | 60 +++++++++++++++++++++++++++-
src/conf/capabilities.h | 14 +++++++
src/libvirt_private.syms | 2 +
src/lxc/lxc_conf.c | 10 ++++-
src/qemu/qemu_conf.c | 21 ++++++++--
src/security/security_apparmor.c | 8 ++++
src/security/security_dac.c | 34 +++++++++++-----
src/security/security_dac.h | 7 ++--
src/security/security_driver.h | 4 ++
src/security/security_manager.c | 22 +++++++++-
src/security/security_manager.h | 2 +
src/security/security_nop.c | 10 +++++
src/security/security_selinux.c | 12 ++++++
src/security/security_stack.c | 9 +++++
tests/capabilityschemadata/caps-qemu-kvm.xml | 2 +
tests/capabilityschemadata/caps-test3.xml | 2 +
17 files changed, 204 insertions(+), 23 deletions(-)
--
1.8.3.1
11 years, 1 month
[libvirt] PATCH: better error checking for LOCAL_PEERCRED
by Brian Candler
I was debugging libvirt with OSX today, and got as far as finding the
problem with LOCAL_PEERCRED, then googled this only to find that Ryota
Ozaki had fixed the problems a few days ago!
However you still may find the following patch useful. It tightens up
the checking in the LOCAL_PEERCRED block, and in particular fixes the
unlocking of the socket in the error return path for invalid groups, by
using the same logic from SO_PEERCRED - have a 'goto cleanup' in all
return paths.
(Detail: I found that when getsockopt was being called with SOL_SOCKET,
cr_ngroups was typically <0, probably because it was uninitialised.
However once the check for this was tightened, it hung because the
socket wasn't being unlocked on return. So better to (a) initialise it
to a negative value anyway, and (b) fix the return path)
However I have not checked that NGROUPS is defined on other BSD-like
systems. You could just have "if (cr.cr_ngroups <= 0)" instead.
Regards,
Brian Candler.
--- src/rpc/virnetsocket.c.orig 2013-10-10 22:37:49.000000000 +0100
+++ src/rpc/virnetsocket.c 2013-10-12 22:51:57.000000000 +0100
@@ -1157,8 +1157,10 @@
{
struct xucred cr;
socklen_t cr_len = sizeof(cr);
+ int ret = -1;
virObjectLock(sock);
+ cr.cr_ngroups = -1;
# if defined(__APPLE__)
if (getsockopt(sock->fd, SOL_LOCAL, LOCAL_PEERCRED, &cr, &cr_len)
< 0) {
# else
@@ -1166,20 +1168,19 @@
# endif
virReportSystemError(errno, "%s",
_("Failed to get client socket identity"));
- virObjectUnlock(sock);
- return -1;
+ goto cleanup;
}
if (cr.cr_version != XUCRED_VERSION) {
virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
_("Failed to get valid client socket identity"));
- return -1;
+ goto cleanup;
}
- if (cr.cr_ngroups == 0) {
+ if (cr.cr_ngroups <= 0 || cr.cr_ngroups > NGROUPS) {
virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
_("Failed to get valid client socket identity
groups"));
- return -1;
+ goto cleanup;
}
/* PID and process creation time are not supported on BSDs */
@@ -1188,8 +1189,11 @@
*uid = cr.cr_uid;
*gid = cr.cr_gid;
+ ret = 0;
+
+cleanup:
virObjectUnlock(sock);
- return 0;
+ return ret;
}
#else
int virNetSocketGetUNIXIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED,
11 years, 1 month
[libvirt] [PATCH 0/6] AArch64 support for libvirt.
by Pranavkumar Sawargaonkar
This patchset extends libvirt for AArch64 (armv8a).
All patches have been tested on APM X-Gene SoC and we are able
to run libvirtd on APM X-Gene SOC and spawn VMs remotely using
virsh and virt-manager.
Pranavkumar Sawargaonkar (6):
AArch64: Add AArch64 architecture to list of valid arches.
AArch64: CPU Support for AArch64 (ARMv8 64bit).
AArch64: Parse cputopology from /proc/cpuinfo.
Implement minimal sysinfo for AArch64 platforms.
Add parsing of AArch64 qemu capabilities.
AArch64: Add qemu capabilities schemeta for test.
src/Makefile.am | 1 +
src/cpu/cpu.c | 2 +
src/cpu/cpu_aarch64.c | 79 ++++++++++++++++++++++++++
src/cpu/cpu_aarch64.h | 31 ++++++++++
src/nodeinfo.c | 5 +-
src/qemu/qemu_capabilities.c | 4 ++
src/util/virarch.c | 1 +
src/util/virarch.h | 1 +
src/util/virsysinfo.c | 3 +-
tests/capabilityschemadata/caps-qemu-kvm.xml | 11 ++++
tests/sysinfodata/aarch64cpuinfo.data | 10 ++++
tests/sysinfodata/aarch64sysinfo.expect | 10 ++++
tests/sysinfotest.c | 14 ++++-
13 files changed, 168 insertions(+), 4 deletions(-)
create mode 100644 src/cpu/cpu_aarch64.c
create mode 100644 src/cpu/cpu_aarch64.h
create mode 100644 tests/sysinfodata/aarch64cpuinfo.data
create mode 100644 tests/sysinfodata/aarch64sysinfo.expect
--
1.7.9.5
11 years, 1 month
