November 2013 - Devel - Libvirt List Archives

[libvirt] Warnings messages in logs from DHCP snooping code

by Daniel P. Berrange

I'm noticing that VMs which have nwfilters associated with them will apparently always cause the following errors to appear in the logs upon VM shutdown: 2013-02-27 17:02:18.709+0000: 9669: error : virNWFilterDHCPSnoopEnd:2131 : internal error ifname "vnet0" not in key map 2013-02-27 17:02:18.715+0000: 9669: error : virNetDevGetIndex:653 : Unable to get index for interface vnet0: No such device Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

11 years, 2 months

3
2
0 / 0

Re: [libvirt] [PATCH] Be more clever and verbose about localization-initialization.

by andreas.fuchs＠sit.fraunhofer.de

I should have been more specific. If e.g. an LC_MESSAGE is set that cannot be found it returns "initialization failed" and nothing more... See the bug report.Spent >1h this morning trying to get some demonstrator running... So I thought rather share it... ----- Reply message ----- Von: "Daniel P. Berrange" <berrange(a)redhat.com> An: "Fuchs, Andreas" <andreas.fuchs(a)sit.fraunhofer.de> Cc: "libvir-list(a)redhat.com" <libvir-list(a)redhat.com> Betreff: [libvirt] [PATCH] Be more clever and verbose about localization-initialization. Datum: Mo., Okt 7, 2013 17:52 On Mon, Oct 07, 2013 at 03:47:48PM +0000, Fuchs, Andreas wrote: > Currently libvirt fails with an uninformative error message > if no translations are found. I don't see any failure if I delete all the libvirt.mo files. What are you actually doing to trigger an error, and what is the exact error you get. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

11 years, 2 months

5
9
0 / 0

[libvirt] Add patches to allow users to join running containers.

by dwalsh＠redhat.com

[PATCH 1/2] Add virGetUserDirectoryByUID to retrieve users homedir [PATCH 2/2] virt-login-shell joins users into lxc container. This patch implements most of the changes suggested by Dan Berrange and Eric Blake. Some replies to suggested changes. Removed mingw-libvirt.spec.in changes since virt lxc probably can not be supported in Windows. Not sure if I need to make changes so my code will not build on that platform. Did not make the changes to install virt-login-shell as 4755 automatically. I guess I want a more firm, make that change request... I did not make a helper function to parse a list of strings out of conf file. The getuid and getgid calls return the user that executed the program, when the app is setuid geteuid and getegid return "0". I believe getuid and getgid are correct. Added virt-login-shell --help, not sure what --program would do? The program is hard coded to LXC because there is no way that I know of for a ZZ process to join a running qemu instance. I have heard back from one security review from Miloslav Trmac, who had similar comments as Eric.

11 years, 3 months

4
11
0 / 0

[libvirt] [PATCHv4 0/5] Handling of undefine and redefine snapshots with VirtualBox 4.2

by Manuel VIVES

Hi, This is a serie of patches in order to support undefining and redefining snapshots with VirtualBox 4.2. The serie of patches is rather big, and adds among other things some utility functions unrelated to VirtualBox in patches 1 & 2. The code review could be done in several parts: e.g. patches 1 & 2 separately to validate the utility functions. The VirtualBox API provides only high level operations to manipulate snapshots, so it not possible to support flags like VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE and VIR_DOMAIN_SNAPSHOT_DELETE_METADATA_ONLY with only API calls. Following an IRC talk with Eric Blake, the decision was taken to emulate these behaviours by manipulating directly the .vbox XML files. The first two patches are some util methods for handling uuid and strings that will be used after. The third patch brings more details in the snapshot XML returned by libvirt. We will need those modifications in order to redefine the snapshots. The fourth patch brings the support of the VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE and VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT flags in virDomainSnapshotCreateXML. The fifth and last patch brings the support of the VIR_DOMAIN_SNAPSHOT_DELETE_METADATA_ONLY flag in virDomainSnapshotDelete. The patches are only tested with Virtualbox 4.2 but the code is compliant with Virtualbox 4.3 API. Regards, Manuel VIVES V4: * The code is compliant with Virtualbox 4.3 API * Some minor modifications in order to satisfy "make syntax-check" V3: * Use of STREQ_NULLABLE instead of STREQ in one case * Fix the method for finding uuids according to Ján Tomko review V2: * Fix a licence problem with the method for string replacement Manuel VIVES (5): viruuid.h/c: Util method for finding uuid patterns in some strings virstring.h/c: Util method for making some find and replace in strings vbox_tmpl.c: Better XML description for snapshots vbox_tmpl.c: Patch for redefining snapshots vbox_tmpl.c: Add methods for undefining snapshots po/POTFILES.in | 1 + src/conf/domain_conf.c | 2 +- src/libvirt_private.syms | 2 + src/util/virstring.c | 48 ++ src/util/virstring.h | 2 + src/util/viruuid.c | 81 ++ src/util/viruuid.h | 1 + src/vbox/vbox_tmpl.c | 1854 +++++++++++++++++++++++++++++++++++++++++++--- 8 files changed, 1879 insertions(+), 112 deletions(-) -- 1.7.10.4

11 years, 3 months

3
17
0 / 0

[libvirt] newer libvirt version issues

by Franky Van Liedekerke

Hi, since we're running more than 20 hosts per KVM server, we needed to update libvirt to at least 1.1.2 for virtlockd to be able to cope with this (due to an old hardcoded limit that was in there before). But where 1.1.0 compiles and runs just fine on a fully-patched CentOS 6.4 server, newer version have all kinds of issues: Every version of libvirt >= 1.1.2 crashes with a segfault on up-to-date CentOS 6.4 servers (see below). Also, versions of libvirt >= 1.1.3 need a change in the spec file to be able to compile: apparently the %doc entries that are different with 1.1.2 prevent rpmbuild to succeed on CentOS servers. Using the %doc lines as per the 1.1.2 spec file results in a working rpmbuild. The 1.1.4 version has issues with a symbol not found after compiling and letting it run: error : virDriverLoadModule:78 : failed to load module /usr/lib64/libvirt/connection-driver/libvirt_driver_network.so /usr/lib64/libvirt/connection-driver/libvirt_driver_network.so: undefined symbol: virNetworkList error : virDriverLoadModule:78 : failed to load module /usr/lib64/libvirt/connection-driver/libvirt_driver_storage.so /usr/lib64/libvirt/connection-driver/libvirt_driver_storage.so: undefined symbol: virAsprintf error : virDriverLoadModule:78 : failed to load module /usr/lib64/libvirt/connection-driver/libvirt_driver_nodedev.so /usr/lib64/libvirt/connection-driver/libvirt_driver_nodedev.so: undefined symbol: virNodeDeviceList 31677: error : virDriverLoadModule:78 : failed to load module /usr/lib64/libvirt/connection-driver/libvirt_driver_secret.so /usr/lib64/libvirt/connection-driver/libvirt_driver_secret.so: undefined symbol: virAsprintf 31677: error : virDriverLoadModule:78 : failed to load module /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so: undefined symbol: virAsprintf 31677: error : virDriverLoadModule:78 : failed to load module /usr/lib64/libvirt/connection-driver/libvirt_driver_interface.so /usr/lib64/libvirt/connection-driver/libvirt_driver_interface.so: undefined symbol: virAsprintf 31677: error : virDriverLoadModule:78 : failed to load module /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so: undefined symbol: networkAllocateActualDevice 31677: error : virDriverLoadModule:78 : failed to load module /usr/lib64/libvirt/connection-driver/libvirt_driver_lxc.so /usr/lib64/libvirt/connection-driver/libvirt_driver_lxc.so: undefined symbol: networkAllocateActualDevice And every time libvirt segfaults, there's this in the logs: debug : virJSONValueToString:1133 : result={"id":"libvirt-6","error":{"class":"CommandNotFound","desc":"The command qom-list has not been found","data":{"name":"qom-list"}}} debug : virEventPollRunOnce:627 : EVENT_POLL_RUN: nhandles=32 timeout=1684 9479: debug : qemuMonitorJSONCheckError:341 : unable to execute QEMU command {"execute":"qom-list","arguments":{"path":"/"},"id":"libvirt-6"}: {"id":"libvirt-6","error":{"class":"CommandNotFound","desc":"The command qom-list has not been found","data":{"name":"qom-list"}}} 9479: error : qemuMonitorJSONCheckError:352 : internal error: unable to execute QEMU command 'qom-list': The command qom-list has not been found Any insights on any of these issues? Franky

11 years, 3 months

3
3
0 / 0

[libvirt] [PATCH 00/14] Fix flaw in virt-login-shell CVE-2013-4400

by Daniel P. Berrange

From: "Daniel P. Berrange" <berrange(a)redhat.com> The following series of patches have been pushed to master as a fix for CVE-2013-4400. The first four patches are the core fix. The remaining 10 patches are preventative measures to help avoid further problems in the future. I will be pushing at least the first 4 patches to stable branches and any of the further patches if I find they apply without merge problems. Daniel P. Berrange (14): Add helpers for getting env vars in a setuid environment Only allow 'stderr' log output when running setuid (CVE-2013-4400) Close all non-stdio FDs in virt-login-shell (CVE-2013-4400) Don't link virt-login-shell against libvirt.so (CVE-2013-4400) Set a sane $PATH for virt-login-shell Make virCommand env handling robust in setuid env Remove all direct use of getenv Block all use of getenv with syntax-check Only allow the UNIX transport in remote driver when setuid Don't allow remote driver daemon autostart when running setuid Add stub getegid impl for platforms lacking it Remove (nearly) all use of getuid()/getgid() Block all use of libvirt.so in setuid programs Move virt-login-shell into libvirt-login-shell sub-RPM Makefile.am | 1 + bootstrap.conf | 1 + cfg.mk | 8 ++++ config-post.h | 44 ++++++++++++++++++ configure.ac | 1 + daemon/Makefile.am | 1 + daemon/libvirtd.c | 2 +- examples/domain-events/events-c/Makefile.am | 3 +- examples/hellolibvirt/Makefile.am | 2 +- examples/openauth/Makefile.am | 2 +- gnulib/lib/Makefile.am | 2 +- libvirt.spec.in | 28 +++++++---- python/Makefile.am | 1 + src/Makefile.am | 72 +++++++++++++++++++++++++++++ src/driver.c | 3 +- src/libvirt.c | 54 +++++++++++++++------- src/libvirt_private.syms | 6 ++- src/locking/lock_daemon.c | 6 +-- src/locking/lock_driver_lockd.c | 6 +-- src/locking/lock_manager.c | 2 +- src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 4 +- src/lxc/lxc_process.c | 2 +- src/qemu/qemu_command.c | 8 ++-- src/qemu/qemu_driver.c | 6 +-- src/remote/remote_driver.c | 37 +++++++++++---- src/rpc/virnetsocket.c | 16 +++---- src/rpc/virnettlscontext.c | 4 +- src/storage/storage_backend.c | 4 +- src/storage/storage_backend_fs.c | 4 +- src/storage/storage_backend_logical.c | 2 +- src/util/virauth.c | 2 +- src/util/vircommand.c | 50 +++++++++++++++----- src/util/vircommand.h | 8 +++- src/util/virfile.c | 23 +++++---- src/util/viridentity.c | 8 ++-- src/util/virlog.c | 18 ++++++-- src/util/virrandom.c | 2 +- src/util/virstoragefile.c | 2 +- src/util/virutil.c | 47 +++++++++++++++++-- src/util/virutil.h | 8 ++++ src/vbox/vbox_XPCOMCGlue.c | 2 +- src/vbox/vbox_driver.c | 2 +- src/vbox/vbox_tmpl.c | 6 +-- tests/commandtest.c | 8 ++-- tests/qemumonitortestutils.c | 2 +- tests/virnetsockettest.c | 4 +- tools/Makefile.am | 9 +++- tools/virsh.c | 18 ++++---- tools/virt-login-shell.c | 14 ++++++ 50 files changed, 430 insertions(+), 137 deletions(-) create mode 100644 config-post.h -- 1.8.3.1

11 years, 3 months

2
16
0 / 0

[libvirt] JNA Error Callback could cause core dump.

by Benjamin Wang (gendwang)

Hi, When I changed code as following: public class Connect { // Load the native part static { Libvirt.INSTANCE.virInitialize(); try { ErrorHandler.processError(Libvirt.INSTANCE); } catch (Exception e) { e.printStackTrace(); } + Libvirt.INSTANCE.virSetErrorFunc(null, new ErrorCallback()); } The server will generate the following core dump: Program terminated with signal 6, Aborted. #0 0x0000003f9b030265 in raise () from /lib64/libc.so.6 (gdb) where #0 0x0000003f9b030265 in raise () from /lib64/libc.so.6 #1 0x0000003f9b031d10 in abort () from /lib64/libc.so.6 #2 0x0000003f9b06a84b in __libc_message () from /lib64/libc.so.6 #3 0x0000003f9b07230f in _int_free () from /lib64/libc.so.6 #4 0x0000003f9b07276b in free () from /lib64/libc.so.6 #5 0x00002aaaacf46868 in ?? () #6 0x0000000000000000 in ?? () The problem was caused that when JNA call setErrorFunc, it will create ErrorCallback object. But when GC is executed, the object is GCed. But even I change code as following. When GC is excuted, the callback object will be moved. Then C can't find this object. Both of scenarios will cause core dump. It seems that JNA mustn't provide ErrorCallback Class, Because nobody can use this. Please correct me. public class Connect { + private static final ErrorCallback callback = new ErrorCallback(); // Load the native part static { Libvirt.INSTANCE.virInitialize(); try { ErrorHandler.processError(Libvirt.INSTANCE); } catch (Exception e) { e.printStackTrace(); } + Libvirt.INSTANCE.virSetErrorFunc(null, callback); } B.R. Benjamin Wang

11 years, 3 months

2
4
0 / 0

[libvirt] [PATCH 0/5] Fill qemucapabilitiesdata with some data

by Michal Privoznik

The actual patches are accessible at: git://gitorious.org/libvirt/michal-staging.git branch test_qemu_capabilities_data I'm not sending the actual patches as it's big junk of JSON qemu replies. The patches has from 35KiB to 59KiB. I don't want to overload the list. Michal Privoznik (5): qemucapabilitiesdata: Add qemu-1.2.2 data qemucapabilitiesdata: Add qemu-1.3.1 data qemucapabilitiesdata: Add qemu-1.4.2 data qemucapabilitiesdata: Add qemu-1.6.0 data qemucapabilitiesdata: Add qemu-1.6.50 data tests/qemucapabilitiesdata/caps_1.2.2-1.caps | 114 + tests/qemucapabilitiesdata/caps_1.2.2-1.replies | 1543 +++++++++++++ tests/qemucapabilitiesdata/caps_1.3.1-1.caps | 128 ++ tests/qemucapabilitiesdata/caps_1.3.1-1.replies | 1715 +++++++++++++++ tests/qemucapabilitiesdata/caps_1.4.2-1.caps | 129 ++ tests/qemucapabilitiesdata/caps_1.4.2-1.replies | 1765 +++++++++++++++ tests/qemucapabilitiesdata/caps_1.6.0-1.caps | 137 ++ tests/qemucapabilitiesdata/caps_1.6.0-1.replies | 2499 ++++++++++++++++++++++ tests/qemucapabilitiesdata/caps_1.6.50-1.caps | 136 ++ tests/qemucapabilitiesdata/caps_1.6.50-1.replies | 2476 +++++++++++++++++++++ tests/qemucapabilitiestest.c | 5 + 11 files changed, 10647 insertions(+) create mode 100644 tests/qemucapabilitiesdata/caps_1.2.2-1.caps create mode 100644 tests/qemucapabilitiesdata/caps_1.2.2-1.replies create mode 100644 tests/qemucapabilitiesdata/caps_1.3.1-1.caps create mode 100644 tests/qemucapabilitiesdata/caps_1.3.1-1.replies create mode 100644 tests/qemucapabilitiesdata/caps_1.4.2-1.caps create mode 100644 tests/qemucapabilitiesdata/caps_1.4.2-1.replies create mode 100644 tests/qemucapabilitiesdata/caps_1.6.0-1.caps create mode 100644 tests/qemucapabilitiesdata/caps_1.6.0-1.replies create mode 100644 tests/qemucapabilitiesdata/caps_1.6.50-1.caps create mode 100644 tests/qemucapabilitiesdata/caps_1.6.50-1.replies -- 1.8.1.5

11 years, 3 months

3
9
0 / 0

[libvirt] [PATCHv5 0/4] Introduce APIs to extract DHCP leases info

by Nehal J Wani

This API returns the leases information stored in the DHCP leases file of dnsmasq for a given virtual network. It contacts the bridge network driver, which parses a custom leases file created by libvirt. It supports two methods: 1. Return info for all network interfaces connected to a given virtual network 2. Return information for a particular network interface in a given virtual network by providing its MAC Address v5 Created a helper file to generate custom leases for libvirt. Since dnsmasq doesn't provide the MAC Address in case of DHCPv6, the need for this file was proposed. The design of virNetworkDHCPLeases struct has been updated and the previous use of union has been removed. OOM errors have been taken care of in the remote driver and remote daemon. Discussion on struct design: https://www.redhat.com/archives/libvir-list/2013-October/msg00326.html Discussion on helper file: https://www.redhat.com/archives/libvir-list/2013-October/msg00989.html v4 * Added support for DHCPv6, updated lease file parsing method Refer: https://www.redhat.com/archives/libvir-list/2013-September/msg01554.html v3 * Mostly small nits, change in MACRO names, use of virSocketAddrGetIpPrefix to retrieve IP prefix from @dom XML. Refer: https://www.redhat.com/archives/libvir-list/2013-September/msg00832.html v2 * Since DHCPv6 is supposed to be suported in future, virNetworkGetDHCPLeasesForMAC changed, prefix and virIPAddrType added in virNetworkDHCPLeases struct. Refer: https://www.redhat.com/archives/libvir-list/2013-September/msg00732.html v1 * Refer: https://www.redhat.com/archives/libvir-list/2013-September/msg00620.html * The need for these APIs were result of a RFC was proposed on the list. Refer: http://www.redhat.com/archives/libvir-list/2013-July/msg01603.html Nehal J Wani (4): net-dhcp-leases: Implement the public APIs net-dhcp-leases: Implement the remote protocol net-dhcp-leases: Private implementation inside network driver net-dhcp-leases: Add virsh support daemon/remote.c | 176 ++++++++++++++++++++++++++++++ include/libvirt/libvirt.h.in | 35 ++++++ src/Makefile.am | 21 ++++ src/driver.h | 13 +++ src/libvirt.c | 197 ++++++++++++++++++++++++++++++++++ src/libvirt_public.syms | 7 ++ src/network/bridge_driver.c | 248 +++++++++++++++++++++++++++++++++++++++++++ src/remote/remote_driver.c | 187 ++++++++++++++++++++++++++++++++ src/remote/remote_protocol.x | 54 +++++++++- src/remote_protocol-structs | 38 +++++++ src/rpc/gendispatch.pl | 1 + src/util/leaseshelper.c | 185 ++++++++++++++++++++++++++++++++ tools/virsh-network.c | 118 ++++++++++++++++++++ tools/virsh.pod | 6 ++ 14 files changed, 1285 insertions(+), 1 deletion(-) create mode 100644 src/util/leaseshelper.c -- 1.8.1.4

11 years, 3 months

2
15
0 / 0

[libvirt] [PATCH 0/4] Support for integrating cgroups with systemd

by Daniel P. Berrange

From: "Daniel P. Berrange" <berrange(a)redhat.com> This is a much changed / expanded version of my previous work to create cgroups via systemd. The difference is that this time it actually works :-) I'm not proposing this for merge until after the 1.1.1 release. Daniel P. Berrange (4): Add APIs for formatting systemd slice/scope names Add support for systemd cgroup mount Cope with races while killing processes Enable support for systemd-machined in cgroups creation src/libvirt_private.syms | 2 + src/lxc/lxc_process.c | 10 +- src/qemu/qemu_cgroup.c | 1 + src/util/vircgroup.c | 270 +++++++++++++++++++++++++++++++++++++++++------ src/util/vircgroup.h | 2 + src/util/virsystemd.c | 96 ++++++++++++++++- src/util/virsystemd.h | 5 + tests/vircgrouptest.c | 9 ++ tests/virsystemdtest.c | 48 +++++++++ 9 files changed, 403 insertions(+), 40 deletions(-) -- 1.8.1.4

11 years, 3 months

4
16
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel November 2013