March 2013 - Devel - Libvirt List Archives

[libvirt] [PATCH] qemu: Fix startupPolicy regression

by Jiri Denemark

Commit 82d5fe543720da6d83c1d6bfa1c347d7d9fda278 qemu: check backing chains even when cgroup is omitted added backing file checks just before the code that removes optional disks if they are not present. However, the backing chain code fails in case the disk file does not exist, which makes qemuProcessStart fail regardless on configured startupPolicy. Note that startupPolicy implementation is still wrong after this patch since it only check the first file in a possible chain. It should rather check the complete backing chain. But this is an existing limitation that can be solved later. After all, startupPolicy is most useful for CDROM images and they won't make use of backing files in most cases. --- src/qemu/qemu_process.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 1941d4e..3d2b7d6 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3621,14 +3621,15 @@ int qemuProcessStart(virConnectPtr conn, goto cleanup; VIR_DEBUG("Checking for CDROM and floppy presence"); + if (qemuDomainCheckDiskPresence(driver, vm, + flags & VIR_QEMU_PROCESS_START_COLD) < 0) + goto cleanup; + for (i = 0; i < vm->def->ndisks ; i++) { if (qemuDomainDetermineDiskChain(driver, vm->def->disks[i], false) < 0) goto cleanup; } - if (qemuDomainCheckDiskPresence(driver, vm, - flags & VIR_QEMU_PROCESS_START_COLD) < 0) - goto cleanup; /* Get the advisory nodeset from numad if 'placement' of * either <vcpu> or <numatune> is 'auto'. -- 1.8.1.5

12 years, 1 month

3
3
0 / 0

[libvirt] [libvirt-sandbox][PATCH] Add missing break statements

by Alex Jia

Signed-off-by: Alex Jia <ajia(a)redhat.com> --- libvirt-sandbox/libvirt-sandbox-init-qemu.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c index 38ed284..dfa1374 100644 --- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c +++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c @@ -496,12 +496,16 @@ insmod(const char *filename) switch (errno) { case ENOEXEC: msg = "Invalid module format"; + break; case ENOENT: msg = "Unknown symbol in module"; + break; case ESRCH: msg = "Module has wrong symbol version"; + break; case EINVAL: msg = "Invalid parameters"; + break; default: msg = strerror(errno); } -- 1.7.1

12 years, 1 month

2
2
0 / 0

[libvirt] [libvirt-sandbox][PATCHv2] Docs: fix a typo in help documents

by Alex Jia

Signed-off-by: Alex Jia <ajia(a)redhat.com> --- bin/virt-sandbox.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/bin/virt-sandbox.c b/bin/virt-sandbox.c index bd7ac49..257d6c2 100644 --- a/bin/virt-sandbox.c +++ b/bin/virt-sandbox.c @@ -87,7 +87,7 @@ int main(int argc, char **argv) { { "name", 'n', 0, G_OPTION_ARG_STRING, &name, N_("name of the sandbox"), "NAME" }, { "mount", 'm', 0, G_OPTION_ARG_STRING_ARRAY, &mounts, - N_("mount a filesystem int he guest"), "TYPE:TARGET=SOURCE" }, + N_("mount a filesystem in the guest"), "TYPE:TARGET=SOURCE" }, { "include", 'i', 0, G_OPTION_ARG_STRING_ARRAY, &includes, N_("file to copy into custom dir"), "GUEST-PATH=HOST-PATH", }, { "includefile", 'I', 0, G_OPTION_ARG_STRING, &includefile, -- 1.7.1

12 years, 1 month

2
2
0 / 0

[libvirt] [PATCH 0/4] Add cpuset cgroup support for LXC

by Gao feng

This patchset intend to add cpuset cgroup support for LXC. in order to don't create too many redundant codes, this patchset also rename some functions and structure. Gao feng (4): rename qemuGetNumadAdvice to virGetNumadAdvice LXC: allow uses advisory nodeset from querying numad remove the redundant codes LXC: add cpuset cgroup support for lxc po/POTFILES.in | 1 + src/Makefile.am | 1 + src/conf/domain_conf.h | 23 +------ src/libvirt_private.syms | 4 ++ src/lxc/lxc_cgroup.c | 57 +++++++++++++++- src/lxc/lxc_cgroup.h | 2 +- src/lxc/lxc_controller.c | 156 +++++++++++++++--------------------------- src/qemu/qemu_process.c | 154 +---------------------------------------- src/util/virnuma.c | 174 +++++++++++++++++++++++++++++++++++++++++++++++ src/util/virnuma.h | 52 ++++++++++++++ 10 files changed, 348 insertions(+), 276 deletions(-) create mode 100644 src/util/virnuma.c create mode 100644 src/util/virnuma.h -- 1.7.11.7

12 years, 1 month

3
17
0 / 0

[libvirt] [libvirt-sandbox][PATCH v2] Docs: Fix security options wrongs in man page

by Alex Jia

Signed-off-by: Alex Jia <ajia(a)redhat.com> --- bin/virt-sandbox.c | 17 +++++++++++++---- 1 files changed, 13 insertions(+), 4 deletions(-) diff --git a/bin/virt-sandbox.c b/bin/virt-sandbox.c index 69d1e62..bd7ac49 100644 --- a/bin/virt-sandbox.c +++ b/bin/virt-sandbox.c @@ -372,13 +372,22 @@ separated by commas. The following options are valid for SELinux =over 4 -=item type=TYPE +=item dynamic -The SELinux security type, defaults to sandbox_t +Dynamically allocate an SELinux label, using the default base context. +The default base context is system_u:system_r:svirt_lxc_net_t:s0 for LXC, +system_u:system_r:svirt_t:s0 for KVM, system_u:system_r:svirt_tcg_t:s0 +for QEMU. -=item level=LEVEL +=item dynamic,label=USER:ROLE:TYPE:LEVEL -The SELinux MCS level, defaults to a randomly allocated level +Dynamically allocate an SELinux label, using the base context +USER:ROLE:TYPE:LEVEL, instead of the default base context. + +=item static,label=USER:ROLE:TYPE:LEVEL + +To set a completely static label. For example, +static,label=system_u:system_r:svirt_t:s0:c412,c355 =back -- 1.7.1

12 years, 1 month

2
2
0 / 0

[libvirt] Tails bounty for supporting the 'removable' flag for USB disks

by intrigeri

Hello, I'm part of the people developing the live system called Tails [1]. [1] https://tails.boum.org/ We are now preparing a bounties program to help developers work on upstream software and fix bugs or implement features needed for Tails. Daniel P. Berrange suggested we write to this list about it. More specifically, for our libvirt-based test suite, we need a way to emulate both removable and non-removable USB 2.0+ devices. This distinction is supported in QEMU since --device can receive an optional removable= property. So, what we lack is a way to tell libvirt to pass this or that value to QEMU for the removable= property of a given emulated USB 2.0+ device. For instance, on a Linux guest it controls the value of /sys/block/$dev/removable. We propose a USD $3000 bounty to implement this feature. We are already in contact with someone who is very interested in doing this work. Ticket: https://bugzilla.redhat.com/show_bug.cgi?id=922495 Thanks for your work on libvirt! Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

12 years, 1 month

1
0
0 / 0

[libvirt] [PATCH v2 00/11] Add support for guests with TPM passthrough device

by Stefan Berger

Hello! The following set of patches adds support to libvirt for adding a TPM passthrough device to a QEMU guest. Support for this was recently accepted into QEMU. This set of patches borrows a lot from the recently added support for rng's. Regards, Stefan --- v1->v2: - Followed Daniel Berrange's comments (except for the one on de-consolidating the JSON monitor code)

12 years, 1 month

1
11
0 / 0

[libvirt] [PATCH] util: portably check for unchanged uid

by Eric Blake

We've already scrubbed for comparisons of 'uid_t == -1' (which fail on platforms where uid_t is a u16), but another one snuck in. * src/util/virutil.c (virSetUIDGIDWithCaps): Correct uid comparison. * cfg.mk (sc_prohibit_risky_id_promotion): New rule. --- cfg.mk | 6 ++++++ src/util/virutil.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/cfg.mk b/cfg.mk index b95a90b..394521e 100644 --- a/cfg.mk +++ b/cfg.mk @@ -389,6 +389,12 @@ sc_prohibit_setuid: halt='use virSetUIDGID, not raw set*id' \ $(_sc_search_regexp) +# Don't compare *id_t against raw -1. +sc_prohibit_risky_id_promotion: + @prohibit='\b(user|group|[ug]id) *[=!]= *-' \ + halt='cast -1 to ([ug]id_t) before comparing against id' \ + $(_sc_search_regexp) + # Use snprintf rather than s'printf, even if buffer is provably large enough, # since gnulib has more guarantees for snprintf portability sc_prohibit_sprintf: diff --git a/src/util/virutil.c b/src/util/virutil.c index a0d1530..42b4295 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -3011,7 +3011,7 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, unsigned long long capBits, * change the capabilities bounding set. */ - if (clearExistingCaps || (uid != -1 && uid != 0)) + if (clearExistingCaps || (uid != (uid_t)-1 && uid != 0)) capng_clear(CAPNG_SELECT_BOTH); for (ii = 0; ii <= CAP_LAST_CAP; ii++) { -- 1.8.1.4

12 years, 1 month

2
2
0 / 0

[libvirt] can this vm-xml-interface works,thanks

by yue

hi,all,please look at interface . actually ,virbr0 is NAT, my program product a vm-xml which is not standard. it use the way to product bridge interface to product a NAT interface. but i want to know if this can work rightly. <interface type='bridge'> # "type='network'" <mac address='00:1a:4a:a8:7a:09'/> <source bridge='virbr0'/># network='virbr0' <target dev='vnet0'/> <model type='virtio'/> <boot order='3'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> thanks

12 years, 1 month

2
2
0 / 0

[libvirt] [PATCHv3] audit: Audit resources used by VirtIO RNG

by Peter Krempa

This patch adds auditing of resources used by Virtio RNG devices. Only resources on the local filesystems are audited. The audit logs look like: For the 'random' backend: type=VIRT_RESOURCE msg=audit(1363099126.643:31): pid=995252 uid=0 auid=4294967295 ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test" uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?" new-rng="/dev/random": exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0 res=success' For local character device source: type=VIRT_RESOURCE msg=audit(1363100164.240:96): pid=995252 uid=0 auid=4294967295 ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test" uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?" new-rng="/tmp/unix.sock": exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0 res=success' --- Notes: Version 3: - don't log non-local resources for EGD backend - change order of blocks of code to optimize Version 2: - log also EGD backends - add example of audit message to commit message src/conf/domain_audit.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c index 8cd522a..a776058 100644 --- a/src/conf/domain_audit.c +++ b/src/conf/domain_audit.c @@ -57,6 +57,37 @@ virDomainAuditGetRdev(const char *path ATTRIBUTE_UNUSED) } #endif + +static const char * +virDomainAuditChardevPath(virDomainChrSourceDefPtr chr) +{ + if (!chr) + return NULL; + + switch ((enum virDomainChrType) chr->type) { + case VIR_DOMAIN_CHR_TYPE_PTY: + case VIR_DOMAIN_CHR_TYPE_DEV: + case VIR_DOMAIN_CHR_TYPE_FILE: + case VIR_DOMAIN_CHR_TYPE_PIPE: + return chr->data.file.path; + + case VIR_DOMAIN_CHR_TYPE_UNIX: + return chr->data.nix.path; + + case VIR_DOMAIN_CHR_TYPE_TCP: + case VIR_DOMAIN_CHR_TYPE_UDP: + case VIR_DOMAIN_CHR_TYPE_NULL: + case VIR_DOMAIN_CHR_TYPE_VC: + case VIR_DOMAIN_CHR_TYPE_STDIO: + case VIR_DOMAIN_CHR_TYPE_SPICEVMC: + case VIR_DOMAIN_CHR_TYPE_LAST: + return NULL; + } + + return NULL; +} + + void virDomainAuditDisk(virDomainObjPtr vm, const char *oldDef, const char *newDef, @@ -100,6 +131,92 @@ cleanup: } +static void +virDomainAuditRNG(virDomainObjPtr vm, + virDomainRNGDefPtr newDef, virDomainRNGDefPtr oldDef, + const char *reason, bool success) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + char *vmname; + const char *newsrcpath = NULL; + const char *oldsrcpath = NULL; + char *oldsrc = NULL; + char *newsrc = NULL; + const char *virt; + + if (newDef) { + switch ((enum virDomainRNGBackend) newDef->backend) { + case VIR_DOMAIN_RNG_BACKEND_RANDOM: + if (newDef->source.file) + newsrcpath = newDef->source.file; + else + newsrcpath = "/dev/random"; + break; + + case VIR_DOMAIN_RNG_BACKEND_EGD: + newsrcpath = virDomainAuditChardevPath(newDef->source.chardev); + break; + + case VIR_DOMAIN_RNG_BACKEND_LAST: + break; + } + } + + if (oldDef) { + switch ((enum virDomainRNGBackend) oldDef->backend) { + case VIR_DOMAIN_RNG_BACKEND_RANDOM: + if (oldDef->source.file) + oldsrcpath = oldDef->source.file; + else + oldsrcpath = "/dev/random"; + break; + + case VIR_DOMAIN_RNG_BACKEND_EGD: + oldsrcpath = virDomainAuditChardevPath(oldDef->source.chardev); + break; + + case VIR_DOMAIN_RNG_BACKEND_LAST: + break; + } + } + + /* don't audit the RNG device if it doesn't use local resources */ + if (!oldsrcpath && !newsrcpath) + return; + + virUUIDFormat(vm->def->uuid, uuidstr); + if (!(vmname = virAuditEncode("vm", vm->def->name))) + goto no_memory; + + if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) { + VIR_WARN("Unexpected virt type %d while encoding audit message", + vm->def->virtType); + virt = "?"; + } + + if (!(newsrc = virAuditEncode("new-rng", VIR_AUDIT_STR(newsrcpath)))) + goto no_memory; + + if (!(oldsrc = virAuditEncode("old-rng", VIR_AUDIT_STR(oldsrcpath)))) + goto no_memory; + + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, + "virt=%s resrc=rng reason=%s %s uuid=%s %s %s", + virt, reason, vmname, uuidstr, + oldsrc, newsrc); + +cleanup: + VIR_FREE(vmname); + VIR_FREE(oldsrc); + VIR_FREE(newsrc); + return; + +no_memory: + VIR_WARN("OOM while encoding audit message"); + goto cleanup; +} + + void virDomainAuditFS(virDomainObjPtr vm, virDomainFSDefPtr oldDef, virDomainFSDefPtr newDef, @@ -641,6 +758,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success) virDomainAuditRedirdev(vm, redirdev, "start", true); } + if (vm->def->rng) + virDomainAuditRNG(vm, vm->def->rng, NULL, "start", true); + virDomainAuditMemory(vm, 0, vm->def->mem.cur_balloon, "start", true); virDomainAuditVcpu(vm, 0, vm->def->vcpus, "start", true); -- 1.8.1.5

12 years, 1 month

3
4
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel March 2013