Re: [libvirt] if_bridge.h: include in6.h for struct in6_addr use
by Thomas Backlund
Thomas Backlund skrev 13.1.2013 20:38:
> patch both inline and attached as thunderbird tends to mess up ...
> -----
>
> if_bridge.h uses struct in6_addr ip6; but does not include the in6.h
> header.
>
> Found by trying to build libvirt and connman against 3.8-rc3 headers.
>
Ok,
ignore this patch, it's not the correct fix as it introduces
redefinitions...
Btw, the error that I hit that made me suggest this fix was libvirt
config check bailing out:
config.log:/usr/include/linux/if_bridge.h:173:20: error: field 'ip6' has
incomplete type
> Reported-by: Colin Guthrie <colin(a)mageia.org>
> Reported-by: Christiaan Welvaart <cjw(a)daneel.dyndns.org>
> Signed-off-by: Thomas Backlund <tmb(a)mageia.org>
>
> --
>
> diff -Nurp linux-3.8-rc3/include/uapi/linux/if_bridge.h
> linux-3.8-rc3.fix/include/uapi/linux/if_bridge.h
> --- linux-3.8-rc3/include/uapi/linux/if_bridge.h 2013-01-13
> 20:09:54.257271755 +0200
> +++ linux-3.8-rc3.fix/include/uapi/linux/if_bridge.h 2013-01-13
> 20:15:04.153676151 +0200
> @@ -14,6 +14,7 @@
> #define _UAPI_LINUX_IF_BRIDGE_H
>
> #include <linux/types.h>
> +#include <linux/in6.h>
>
> #define SYSFS_BRIDGE_ATTR "bridge"
> #define SYSFS_BRIDGE_FDB "brforward"
>
>
> -----
> Thomas
>
--
Thomas
12 years, 1 month
[libvirt] understanding managedsave
by Nicolas Sebrecht
Hi,
I'm trying to understand how the managedsave and restoration features
work at the libvirt/qemu level.
I'd like to write a little python script to reproduce the feature to
learn how it works. So, I start a kvm guest by hand with
qemu-kvm [...] -qmp tcp:localhost:4444,server
and connect to the QMP with telnet or the qemu qmp-shell for my tests.
>From what I've read, libvirt internally does a migration to a file:
qemuDomainSaveMemory() -> qemuMonitorToFile() -> qemuMonitorMigrateToFd().
Why do a migration instead of QMP stop/memsave?
What whould be the whole QMP/Monitor sequence of commands to handle the
process?
--
Nicolas Sebrecht
12 years, 1 month
[libvirt] [PATCH] Apply security label when entering LXC namespaces
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Add a new virDomainLxcEnterSecurityLabel() function as a
counterpart to virDomainLxcEnterNamespaces(), which can
change the current calling process to have a new security
context. This call runs client side, not in libvirtd
so we can't use the security driver infrastructure.
When entering a namespace, the process spawned from virsh
will default to running with the security label of virsh.
The actual desired behaviour is to run with the security
label of the container most of the time. So this changes
virsh lxc-enter-namespace command to invoke the
virDomainLxcEnterSecurityLabel method.
The current behaviour is:
LABEL PID TTY TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 29 ? 00:00:00 dhclient
staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 47 ? 00:00:00 ps
Note the ps command is running as unconfined_t, After this patch,
The new behaviour is this:
virsh -c lxc:/// lxc-enter-namespace dan -- /bin/ps -eZ
LABEL PID TTY TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 38 ? 00:00:00 ps
The '--noseclabel' flag can be used to skip security labelling.
---
include/libvirt/libvirt-lxc.h | 4 ++
python/generator.py | 1 +
src/libvirt-lxc.c | 96 +++++++++++++++++++++++++++++++++++++++++++
tools/virsh-domain.c | 32 +++++++++++++++
4 files changed, 133 insertions(+)
diff --git a/include/libvirt/libvirt-lxc.h b/include/libvirt/libvirt-lxc.h
index f2c87fb..5021813 100644
--- a/include/libvirt/libvirt-lxc.h
+++ b/include/libvirt/libvirt-lxc.h
@@ -42,6 +42,10 @@ int virDomainLxcEnterNamespace(virDomainPtr domain,
unsigned int *noldfdlist,
int **oldfdlist,
unsigned int flags);
+int virDomainLxcEnterSecurityLabel(virSecurityModelPtr model,
+ virSecurityLabelPtr label,
+ virSecurityLabelPtr oldlabel,
+ unsigned int flags);
# ifdef __cplusplus
}
diff --git a/python/generator.py b/python/generator.py
index 8236bd2..6a25c2d 100755
--- a/python/generator.py
+++ b/python/generator.py
@@ -557,6 +557,7 @@ skip_function = (
lxc_skip_function = (
"virDomainLxcEnterNamespace",
+ "virDomainLxcEnterSecurityLabel",
)
qemu_skip_function = (
#"virDomainQemuAttach",
diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c
index f580c3c..c1bf168 100644
--- a/src/libvirt-lxc.c
+++ b/src/libvirt-lxc.c
@@ -29,6 +29,9 @@
#include "virlog.h"
#include "virprocess.h"
#include "datatypes.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
#define VIR_FROM_THIS VIR_FROM_NONE
@@ -163,3 +166,96 @@ error:
virDispatchError(domain->conn);
return -1;
}
+
+
+/**
+ * virDomainLxcEnterSecurityLabel:
+ * @model: the security model to set
+ * @label: the security label to apply
+ * @oldlabel: filled with old security label
+ * @flags: currently unused, pass 0
+ *
+ * This API is LXC specific, so it will only work with hypervisor
+ * connections to the LXC driver.
+ *
+ * Attaches the process to the security label specified
+ * by @label. @label is interpreted relative to @model
+ * Depending on the security driver, this may
+ * not take effect until the next call to exec().
+ *
+ * If @oldlabel is not NULL, it will be filled with info
+ * about the current security label. This may let the
+ * process be moved back to the previous label if no
+ * exec() has yet been performed.
+ *
+ * Returns 0 on success, -1 on error
+ */
+int
+virDomainLxcEnterSecurityLabel(virSecurityModelPtr model,
+ virSecurityLabelPtr label,
+ virSecurityLabelPtr oldlabel,
+ unsigned int flags)
+{
+ virCheckFlagsGoto(0, error);
+
+ virCheckNonNullArgGoto(model, error);
+ virCheckNonNullArgGoto(label, error);
+
+ if (oldlabel)
+ memset(oldlabel, 0, sizeof(*oldlabel));
+
+ if (STREQ(model->model, "selinux")) {
+#ifdef WITH_SELINUX
+ if (oldlabel) {
+ security_context_t ctx;
+
+ if (getcon(&ctx) < 0) {
+ virReportSystemError(errno,
+ _("unable to get PID %d security context"),
+ getpid());
+ goto error;
+ }
+
+ if (strlen((char *) ctx) >= VIR_SECURITY_LABEL_BUFLEN) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label exceeds "
+ "maximum length: %d"),
+ VIR_SECURITY_LABEL_BUFLEN - 1);
+ freecon(ctx);
+ goto error;
+ }
+
+ strcpy(oldlabel->label, (char *) ctx);
+ freecon(ctx);
+
+ if ((oldlabel->enforcing = security_getenforce()) < 0) {
+ virReportSystemError(errno, "%s",
+ _("error calling security_getenforce()"));
+ goto error;
+ }
+ }
+
+ if (setexeccon(label->label) < 0) {
+ virReportSystemError(errno,
+ _("Cannot set context %s"),
+ label->label);
+ goto error;
+ }
+#else
+ virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
+ _("Support for SELinux is not enabled"));
+ goto error;
+#endif
+ } else {
+ virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+ _("Security model %s cannot be entered"),
+ model->model);
+ goto error;
+ }
+
+ return 0;
+
+error:
+ virDispatchError(NULL);
+ return -1;
+}
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 7caa364..f85e74d 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -7992,6 +7992,7 @@ static const vshCmdInfo info_lxc_enter_namespace[] = {
static const vshCmdOptDef opts_lxc_enter_namespace[] = {
{"domain", VSH_OT_DATA, VSH_OFLAG_REQ, N_("domain name, id or uuid")},
+ {"noseclabel", VSH_OT_BOOL, 0, N_("Do not change process security label")},
{"cmd", VSH_OT_ARGV, VSH_OFLAG_REQ, N_("namespace")},
{NULL, 0, 0, NULL}
};
@@ -8008,11 +8009,17 @@ cmdLxcEnterNamespace(vshControl *ctl, const vshCmd *cmd)
int nfdlist;
int *fdlist;
size_t i;
+ bool setlabel = true;
+ virSecurityModelPtr secmodel = NULL;
+ virSecurityLabelPtr seclabel = NULL;
dom = vshCommandOptDomain(ctl, cmd, NULL);
if (dom == NULL)
goto cleanup;
+ if (vshCommandOptBool(cmd, "noseclabel"))
+ setlabel = false;
+
while ((opt = vshCommandOptArgv(cmd, opt))) {
if (VIR_EXPAND_N(cmdargv, ncmdargv, 1) < 0) {
vshError(ctl, _("%s: %d: failed to allocate argv"),
@@ -8029,12 +8036,35 @@ cmdLxcEnterNamespace(vshControl *ctl, const vshCmd *cmd)
if ((nfdlist = virDomainLxcOpenNamespace(dom, &fdlist, 0)) < 0)
goto cleanup;
+ if (setlabel) {
+ fprintf(stderr, "Getr sec\n");
+ if (VIR_ALLOC(secmodel) < 0) {
+ vshError(ctl, "%s", _("Failed to allocate security model"));
+ goto cleanup;
+ }
+ if (VIR_ALLOC(seclabel) < 0) {
+ vshError(ctl, "%s", _("Failed to allocate security label"));
+ goto cleanup;
+ }
+ if (virNodeGetSecurityModel(ctl->conn, secmodel) < 0)
+ goto cleanup;
+ if (virDomainGetSecurityLabel(dom, seclabel) < 0)
+ goto cleanup;
+ }
+
/* Fork once because we don't want to affect
* virsh's namespace itself
*/
if (virFork(&pid) < 0)
goto cleanup;
if (pid == 0) {
+ if (setlabel &&
+ virDomainLxcEnterSecurityLabel(secmodel,
+ seclabel,
+ NULL,
+ 0) < 0)
+ _exit(255);
+
if (virDomainLxcEnterNamespace(dom,
nfdlist,
fdlist,
@@ -8067,6 +8097,8 @@ cmdLxcEnterNamespace(vshControl *ctl, const vshCmd *cmd)
ret = true;
cleanup:
+ VIR_FREE(seclabel);
+ VIR_FREE(secmodel);
if (dom)
virDomainFree(dom);
VIR_FREE(cmdargv);
--
1.8.1.4
12 years, 1 month
[libvirt] [PATCH] Fix query of LXC security label
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The virDomainGetSecurityLabel method is currently (mistakenly)
showing the label of the libvirt_lxc process:
...snip...
Security model: selinux
Security DOI: 0
Security label: system_u:system_r:virtd_t:s0-s0:c0.c1023 (permissive)
when it should be showing the init process label
...snip...
Security model: selinux
Security DOI: 0
Security label: system_u:system_r:svirt_t:s0:c724,c995 (permissive)
---
src/lxc/lxc_driver.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 338b8eb..7791966 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1162,8 +1162,16 @@ static int lxcDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr secla
* LXC monitor hasn't seen SIGHUP/ERR on poll().
*/
if (virDomainObjIsActive(vm)) {
+ virLXCDomainObjPrivatePtr priv = vm->privateData;
+
+ if (!priv->initpid) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("Init pid is not yet available"));
+ goto cleanup;
+ }
+
if (virSecurityManagerGetProcessLabel(driver->securityManager,
- vm->def, vm->pid, seclabel) < 0) {
+ vm->def, priv->initpid, seclabel) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("Failed to get security label"));
goto cleanup;
--
1.8.1.4
12 years, 1 month
[libvirt] [PATCHv5] virtio-rng: Add rate limiting options for virtio-RNG
by Peter Krempa
Qemu's implementation of virtio RNG supports rate limiting of the
entropy used. This patch exposes the option to tune this functionality.
This patch is based on qemu commit 904d6f588063fb5ad2b61998acdf1e73fb4
The rate limiting is exported in the XML as:
<devices>
...
<rng model='virtio'>
<rate period='1234'>4321</rate>
<backend model='random'/>
</rng>
...
---
Notes:
Version 5:
- adjust after forbiding arbitrary name passthrough
- rebase to master
Version 4:
- Reword docs
- state it is available since 1.0.4 as the tree is frozen and this was actually never acked before
Version 3:
- State the time unit in docs
Version 2:
- qemu uses bytes/period, adapt the value according to that
docs/formatdomain.html.in | 14 ++++++++++++++
docs/schemas/domaincommon.rng | 18 +++++++++++++++++-
src/conf/domain_conf.c | 17 +++++++++++++++++
src/conf/domain_conf.h | 2 ++
src/qemu/qemu_command.c | 9 +++++++++
.../qemuxml2argv-virtio-rng-random.args | 2 +-
.../qemuxml2argv-virtio-rng-random.xml | 1 +
7 files changed, 61 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 4cafc92..b8eb53d 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4280,6 +4280,7 @@ qemu-kvm -net nic,model=? /dev/null
...
<devices>
<rng model='virtio'>
+ <rate period="2000">1234</rate>
<backend model='random'>/dev/random</backend>
<!-- OR -->
<backend model='egd' type='udp'>
@@ -4302,6 +4303,19 @@ qemu-kvm -net nic,model=? /dev/null
<li>'virtio' — supported by qemu and virtio-rng kernel module</li>
</ul>
</dd>
+ <dt><code>rate</code></dt>
+ <dd>
+ <p>
+ The optional <code>rate</code> element allows limiting the rate at
+ which entropy can be consumed from the source. An optional
+ <code>period</code> attribute specifies the duration of a period in
+ milliseconds; if omitted, the period is taken as 1000 milliseconds
+ (1 second). The element contents specify how many bits are permitted
+ per period. Drivers may enforce a minimum rate, and may round the
+ rate down to a minimum granularity.
+ <span class='since'>Since 1.0.4</span>
+ </p>
+ </dd>
<dt><code>backend</code></dt>
<dd>
<p>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 4b60885..dc45af1 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3500,7 +3500,12 @@
<value>virtio</value>
</choice>
</attribute>
- <ref name="rng-backend"/>
+ <interleave>
+ <ref name="rng-backend"/>
+ <optional>
+ <ref name="rng-rate"/>
+ </optional>
+ </interleave>
</element>
</define>
@@ -3527,6 +3532,17 @@
</element>
</define>
+ <define name="rng-rate">
+ <element name="rate">
+ <optional>
+ <attribute name="period">
+ <ref name="positiveInteger"/>
+ </attribute>
+ </optional>
+ <ref name="positiveInteger"/>
+ </element>
+ </define>
+
<define name="usbmaster">
<element name="master">
<attribute name="startport">
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 739bd72..8a02375 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7400,6 +7400,17 @@ virDomainRNGDefParseXML(const xmlNodePtr node,
ctxt->node = node;
+ if (virXPathUInt("string(./rate)", ctxt, &def->rate) < -1) {
+ virReportError(VIR_ERR_XML_ERROR, "%s", _("invalid RNG rate value"));
+ goto error;
+ }
+
+ if (def->rate > 0 &&
+ virXPathUInt("string(./rate/@period)", ctxt, &def->period) < -1) {
+ virReportError(VIR_ERR_XML_ERROR, "%s", _("invalid RNG period value"));
+ goto error;
+ }
+
if ((nbackends = virXPathNodeSet("./backend", ctxt, &backends)) < 0)
goto error;
@@ -13715,6 +13726,12 @@ virDomainRNGDefFormat(virBufferPtr buf,
const char *backend = virDomainRNGBackendTypeToString(def->backend);
virBufferAsprintf(buf, " <rng model='%s'>\n", model);
+ if (def->rate) {
+ virBufferAddLit(buf, " <rate");
+ if (def->period)
+ virBufferAsprintf(buf, " period='%u'", def->period);
+ virBufferAsprintf(buf, ">%u</rate>\n", def->rate);
+ }
virBufferAsprintf(buf, " <backend model='%s'", backend);
switch ((enum virDomainRNGBackend) def->backend) {
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 2509193..e19b5c0 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1721,6 +1721,8 @@ enum virDomainRNGBackend {
struct _virDomainRNGDef {
int model;
int backend;
+ unsigned int rate; /* bits per period */
+ unsigned int period; /* milliseconds */
union {
char *file; /* file name for 'random' source */
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 201fac1..c0f8dd2 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -4255,6 +4255,15 @@ qemuBuildRNGDeviceArgs(virCommandPtr cmd,
virBufferAsprintf(&buf, "virtio-rng-pci,rng=%s", dev->info.alias);
+ if (dev->rate > 0) {
+ /* qemu uses bytes */
+ virBufferAsprintf(&buf, ",max-bytes=%u", dev->rate / 8);
+ if (dev->period)
+ virBufferAsprintf(&buf, ",period=%u", dev->period);
+ else
+ virBufferAddLit(&buf, ",period=1000");
+ }
+
if (qemuBuildDeviceAddressStr(&buf, &dev->info, qemuCaps) < 0)
goto cleanup;
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.args b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.args
index 7ab9dbc..33b5adc 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.args
@@ -3,4 +3,4 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu \
-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 \
-object rng-random,id=rng0,filename=/dev/hwrng \
--device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x4
+-device virtio-rng-pci,rng=rng0,max-bytes=100,period=1234,bus=pci.0,addr=0x4
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.xml b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.xml
index 1e2c4be..813e42e 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.xml
@@ -17,6 +17,7 @@
<controller type='usb' index='0'/>
<memballoon model='virtio'/>
<rng model='virtio'>
+ <rate period='1234'>800</rate>
<backend model='random'>/dev/hwrng</backend>
</rng>
</devices>
--
1.8.1.1
12 years, 1 month
[libvirt] [PATCH] Use separate symbol file for GNUTLS symbols
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
A number of symbols are only present when GNUTLS is enabled.
Thus we must use a separate libvirt_gnutls.syms file for them
instead of libvirt_private.syms
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/Makefile.am | 7 +++++++
src/libvirt_gnutls.syms | 46 ++++++++++++++++++++++++++++++++++++++++++++++
src/libvirt_private.syms | 23 -----------------------
3 files changed, 53 insertions(+), 23 deletions(-)
create mode 100644 src/libvirt_gnutls.syms
diff --git a/src/Makefile.am b/src/Makefile.am
index 60935f4..a6cc839 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1458,6 +1458,12 @@ else
SYM_FILES += $(srcdir)/libvirt_sasl.syms
endif
+if WITH_GNUTLS
+USED_SYM_FILES += $(srcdir)/libvirt_gnutls.syms
+else
+SYM_FILES += $(srcdir)/libvirt_gnutls.syms
+endif
+
if WITH_SSH2
USED_SYM_FILES += $(srcdir)/libvirt_libssh2.syms
else
@@ -1481,6 +1487,7 @@ EXTRA_DIST += \
libvirt_openvz.syms \
libvirt_qemu.syms \
libvirt_sasl.syms \
+ libvirt_gnutls.syms \
libvirt_vmx.syms \
libvirt_xenxs.syms \
libvirt_libssh2.syms
diff --git a/src/libvirt_gnutls.syms b/src/libvirt_gnutls.syms
new file mode 100644
index 0000000..bd4f950
--- /dev/null
+++ b/src/libvirt_gnutls.syms
@@ -0,0 +1,46 @@
+#
+# GNUTLS-specific symbols
+#
+
+# rpc/virnetclient.h
+virNetClientGetTLSKeySize;
+virNetClientSetTLSSession;
+
+
+# rpc/virnetserver.h
+virNetServerSetTLSContext;
+
+
+# rpc/virnetserverclient.h
+virNetServerClientGetTLSKeySize;
+virNetServerClientHasTLSSession;
+
+
+# rpc/virnetserverservice.h
+virNetServerServiceGetTLSContext;
+
+
+# rpc/virnetsocket.h
+virNetSocketSetTLSSession;
+
+
+# rpc/virnettlscontext.h
+virNetTLSContextCheckCertificate;
+virNetTLSContextNewClient;
+virNetTLSContextNewClientPath;
+virNetTLSContextNewServer;
+virNetTLSContextNewServerPath;
+virNetTLSInit;
+virNetTLSSessionGetHandshakeStatus;
+virNetTLSSessionGetKeySize;
+virNetTLSSessionHandshake;
+virNetTLSSessionNew;
+virNetTLSSessionRead;
+virNetTLSSessionSetIOCallbacks;
+virNetTLSSessionWrite;
+
+
+# Let emacs know we want case-insensitive sorting
+# Local Variables:
+# sort-fold-case: t
+# End:
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 0e8fcbf..fbd540a 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -762,7 +762,6 @@ virNetClientAddStream;
virNetClientClose;
virNetClientDupFD;
virNetClientGetFD;
-virNetClientGetTLSKeySize;
virNetClientHasPassFD;
virNetClientIsEncrypted;
virNetClientIsOpen;
@@ -784,7 +783,6 @@ virNetClientSendNoReply;
virNetClientSendWithReply;
virNetClientSendWithReplyStream;
virNetClientSetCloseCallback;
-virNetClientSetTLSSession;
# rpc/virnetclientprogram.h
@@ -844,7 +842,6 @@ virNetServerPreExecRestart;
virNetServerQuit;
virNetServerRemoveShutdownInhibition;
virNetServerRun;
-virNetServerSetTLSContext;
virNetServerUpdateServices;
@@ -856,9 +853,7 @@ virNetServerClientGetAuth;
virNetServerClientGetFD;
virNetServerClientGetPrivateData;
virNetServerClientGetReadonly;
-virNetServerClientGetTLSKeySize;
virNetServerClientGetUNIXIdentity;
-virNetServerClientHasTLSSession;
virNetServerClientImmediateClose;
virNetServerClientInit;
virNetServerClientInitKeepAlive;
@@ -910,7 +905,6 @@ virNetServerServiceClose;
virNetServerServiceGetAuth;
virNetServerServiceGetMaxRequests;
virNetServerServiceGetPort;
-virNetServerServiceGetTLSContext;
virNetServerServiceIsReadonly;
virNetServerServiceNewFD;
virNetServerServiceNewPostExecRestart;
@@ -952,27 +946,10 @@ virNetSocketRemoteAddrString;
virNetSocketRemoveIOCallback;
virNetSocketSendFD;
virNetSocketSetBlocking;
-virNetSocketSetTLSSession;
virNetSocketUpdateIOCallback;
virNetSocketWrite;
-# rpc/virnettlscontext.h
-virNetTLSContextCheckCertificate;
-virNetTLSContextNewClient;
-virNetTLSContextNewClientPath;
-virNetTLSContextNewServer;
-virNetTLSContextNewServerPath;
-virNetTLSInit;
-virNetTLSSessionGetHandshakeStatus;
-virNetTLSSessionGetKeySize;
-virNetTLSSessionHandshake;
-virNetTLSSessionNew;
-virNetTLSSessionRead;
-virNetTLSSessionSetIOCallbacks;
-virNetTLSSessionWrite;
-
-
# security/security_driver.h
virSecurityDriverLookup;
--
1.8.1.4
12 years, 1 month
[libvirt] [PATCH] qemu_driver: Try KVM_CAP_MAX_VCPUS only if defined
by Michal Privoznik
With our recent patch (1715c83b5f) we thrive to get the correct
number of maximal VCPUs. However, we are using a constant from
linux/kvm.h which may be not defined in every distro. Hence, we
should guard usage of the constant with ifdef preprocessor
directive.
---
src/qemu/qemu_driver.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index de53a1b..c3a8f24 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1122,9 +1122,11 @@ kvmGetMaxVCPUs(void) {
return -1;
}
+#ifdef KVM_CAP_MAX_VCPUS
/* at first try KVM_CAP_MAX_VCPUS to determine the maximum count */
if ((ret = ioctl(fd, KVM_CHECK_EXTENSION, KVM_CAP_MAX_VCPUS)) > 0)
goto cleanup;
+#endif /* KVM_CAP_MAX_VCPUS */
/* as a fallback get KVM_CAP_NR_VCPUS (the recommended maximum number of
* vcpus). Note that on most machines this is set to 160. */
--
1.8.1.5
12 years, 1 month
[libvirt] [PATCHv3 00/27] Driver XML conf adjustment callbacks [READ FIRST]
by Peter Krempa
This series implements the driver XML parsing callbacks as
Dan suggested.
This series may appear to be monstrous but I chose to split some patches
to separate ones although the code does not compile afterwards to ease review.
!! READ THIS: !!
!! The patches starting with the word "fix" will need to be squashed into the
!! non "fix" patches predceeding them otherwise it will not compile cleanly.
This new version fixes the review comments by Dan, Michal and Laine.
There's still outstanding work to do to get rid of all the irrelevant data
from virCaps, but I'd like to stabilize the design before doing so.
In this series the callback now supports passing opaque data to the callback
functions and it's demonstrated in "virCaps: get rid of defaultDiskDriverName".
There's also a patch demonstrating doing check that is not covered by the XML
schema and thus shouldn't be part of the parser, but is docummented for all
drivers and thus should be enforced. This demonstrates the use of the verification
function.
Peter Krempa (27):
virCaps: conf: start splitting out irrelevat data
fix fallout in src/conf/
fix fallout in src/esx
fix fallout in src/lxc
fix fallout in src/openvz
fix fallout in src/parallels
fix fallout in phyp driver
fix fallout in src/qemu/
fix fallout in tests/
fix fallout in src/xen
fix fallout in src/vmware
fix fallout in src/uml
fix fallout in test driver
fix fallout in vbox driver
fix fallout in aahelper code
fix fallout in src/libxl
fix fallout in src/xenapi
fix fallout in selinux test
conf: Add separate defaults addition and validation for XML parsing
fix fallout from adding new parameter to internal APIs
conf: Add argument to support use of the driver adjust callbacks
qemu: Record the default NIC model in the domain XML
fix fallout of the change of the network device default
virCaps: get rid of "defaultInitPath" value in the virCaps struct
virCaps: get rid of defaultDiskDriverName
virCaps: get rid of emulatorRequired
conf: Enforce ranges on cputune variables
src/Makefile.am | 1 +
src/conf/capabilities.c | 10 -
src/conf/capabilities.h | 17 +-
src/conf/domain_conf.c | 387 +++++++++++++++++----
src/conf/domain_conf.h | 71 +++-
src/conf/snapshot_conf.c | 3 +-
src/conf/snapshot_conf.h | 1 +
src/esx/esx_driver.c | 14 +-
src/esx/esx_private.h | 2 +
src/libvirt_private.syms | 5 +-
src/libxl/libxl_conf.h | 1 +
src/libxl/libxl_driver.c | 57 +--
src/lxc/lxc_conf.c | 13 +-
src/lxc/lxc_conf.h | 2 +
src/lxc/lxc_controller.c | 7 +-
src/lxc/lxc_domain.c | 26 +-
src/lxc/lxc_domain.h | 3 +-
src/lxc/lxc_driver.c | 49 +--
src/lxc/lxc_process.c | 9 +-
src/openvz/openvz_conf.c | 5 +-
src/openvz/openvz_conf.h | 1 +
src/openvz/openvz_driver.c | 45 ++-
src/parallels/parallels_driver.c | 12 +-
src/parallels/parallels_utils.h | 1 +
src/phyp/phyp_driver.c | 12 +-
src/phyp/phyp_driver.h | 1 +
src/qemu/qemu_capabilities.c | 3 -
src/qemu/qemu_command.c | 9 +-
src/qemu/qemu_command.h | 3 +
src/qemu/qemu_conf.c | 14 +-
src/qemu/qemu_conf.h | 5 +
src/qemu/qemu_domain.c | 108 ++++--
src/qemu/qemu_domain.h | 7 +-
src/qemu/qemu_driver.c | 134 ++++---
src/qemu/qemu_migration.c | 22 +-
src/qemu/qemu_process.c | 109 +-----
src/security/virt-aa-helper.c | 10 +-
src/test/test_driver.c | 61 +++-
src/uml/uml_conf.h | 1 +
src/uml/uml_driver.c | 32 +-
src/vbox/vbox_tmpl.c | 27 +-
src/vmware/vmware_conf.c | 3 +-
src/vmware/vmware_conf.h | 1 +
src/vmware/vmware_driver.c | 25 +-
src/xen/xen_driver.c | 8 +-
src/xen/xen_driver.h | 1 +
src/xen/xend_internal.c | 14 +-
src/xen/xm_internal.c | 4 +-
src/xenapi/xenapi_driver.c | 34 +-
src/xenapi/xenapi_driver_private.h | 1 +
tests/domainsnapshotxml2xmltest.c | 5 +
tests/lxcxml2xmldata/lxc-hostdev.xml | 1 +
tests/lxcxml2xmldata/lxc-systemd.xml | 1 +
tests/lxcxml2xmltest.c | 7 +-
tests/qemuargv2xmltest.c | 8 +-
tests/qemumonitorjsontest.c | 29 +-
tests/qemumonitortestutils.c | 4 +-
tests/qemumonitortestutils.h | 5 +-
.../qemuxml2argv-net-bandwidth.xml | 1 +
.../qemuxml2argvdata/qemuxml2argv-net-client.args | 4 +-
.../qemuxml2argv-net-eth-ifname.args | 4 +-
.../qemuxml2argv-net-eth-ifname.xml | 1 +
.../qemuxml2argv-net-eth-names.args | 8 +-
tests/qemuxml2argvdata/qemuxml2argv-net-eth.args | 4 +-
tests/qemuxml2argvdata/qemuxml2argv-net-eth.xml | 1 +
.../qemuxml2argvdata/qemuxml2argv-net-hostdev.xml | 1 +
tests/qemuxml2argvdata/qemuxml2argv-net-mcast.args | 4 +-
.../qemuxml2argv-net-openvswitch.xml | 1 +
.../qemuxml2argvdata/qemuxml2argv-net-server.args | 4 +-
tests/qemuxml2argvdata/qemuxml2argv-net-user.args | 3 +-
tests/qemuxml2argvdata/qemuxml2argv-net-user.xml | 1 +
.../qemuxml2argv-net-virtio-network-portgroup.xml | 2 +
tests/qemuxml2argvtest.c | 5 +-
.../qemuxml2xmlout-graphics-spice-timeout.xml | 1 +
tests/qemuxml2xmltest.c | 6 +-
tests/qemuxmlnstest.c | 5 +-
tests/securityselinuxlabeltest.c | 6 +-
tests/testutilsqemu.c | 3 +-
tests/testutilsqemu.h | 2 +
tests/testutilsxen.c | 6 +
tests/testutilsxen.h | 2 +
tests/xmconfigtest.c | 8 +-
tests/xml2sexprtest.c | 8 +-
tests/xml2vmxtest.c | 8 +-
84 files changed, 1034 insertions(+), 516 deletions(-)
--
1.8.1.5
12 years, 1 month
[libvirt] failed to mount cgroup
by Yin Olivia-R63875
Hi,
I tried to run libvirt-1.0.2 with LXC as below, but it failed to mount cgroup.
1). mount /cgroup
# mkdir /cgroup
# mount -t cgroup cgroup /cgroup
# vi vm1.xml
<domain type='lxc'>
<name>vm1</name>
<memory>32768</memory>
<os>
<type>exe</type>
<init>/bin/sh</init>
</os>
<vcpu>1</vcpu>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/libexec/libvirt_lxc</emulator>
<console type='pty' tty='/dev/pts/3'>
<source path='/dev/pts/3'/>
<target port='0'/>
</console>
</devices>
</domain>
# virsh -c lxc:/// define vm1.xml
# virsh -c lxc:/// start vm1
error: Failed to start domain vm1
error: internal error guest failed to start: 2013-03-05 02:13:03.639+0000: 2403: info : libvirt version: 1.0.2
2013-03-05 02:13:03.639+0000: 2403: warning : lxcCapsInit:73 : Failed to get host power management capabilities
PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=d50aec75-4566-62b3-ed81-adf3e8705efe LIBVIRT_LXC_UUID=d50aec75-4566-62b3-ed81-adf3e8705efe LIBVIRT_LXC_NAME=vm1 /bin/sh
2013-03-05 02:13:03.779+0000: 1: error : lxcContainerIdentifyCGroups:1775 : Unable to read directory : No such file or directory
2013-03-05 02:13:03.779+0000: 2404: error : virLXCControllerRun:1468 : error receiving signal from container: Input/output error
# ps aux | grep libvirtd
root 2314 0.1 0.4 108320 4876 ? Sl 02:47 0:00 libvirtd -d
root 2383 0.0 0.0 4116 452 ttyS0 S+ 02:52 0:00 grep libvirtd
# cat /proc/2314/status
Name: libvirtd
State: S (sleeping)
Tgid: 2314
Pid: 2314
PPid: 1
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 32
Groups: 0
VmPeak: 112420 kB
VmSize: 108320 kB
VmLck: 0 kB
VmHWM: 4884 kB
VmRSS: 4876 kB
VmData: 91540 kB
VmStk: 136 kB
VmExe: 348 kB
VmLib: 13092 kB
VmPTE: 96 kB
VmSwap: 0 kB
Threads: 11
SigQ: 0/7760
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000001000
SigCgt: 0000000180004cef
CapInh: 0000000000000000
CapPrm: ffffffffffffffff
CapEff: ffffffffffffffff
CapBnd: ffffffffffffffff
Cpus_allowed: 3
Cpus_allowed_list: 0-1
Mems_allowed: 1
Mems_allowed_list: 0
voluntary_ctxt_switches: 59
nonvoluntary_ctxt_switches: 24
# cat /proc/2314/cgroup
1:freezer,devices,memory,cpuacct,cpuset:/
# mount | grep cgroup
cgroup on /cgroup type cgroup (rw,relatime,freezer,devices,memory,cpuacct,cpuset)
# vi /var/log/libvirt/lxc/vm1.log
2013-03-05 02:48:39.218+0000: starting up
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin LIBVIRT_DEBUG=3 LIBVIRT_LOG_OUTPUTS=3:stderr /usr/libexec/libvirt_lxc --name vm1 --console 17 --security=none --handshake 20 --background
2013-03-05 02:48:39.229+0000: 2365: info : libvirt version: 1.0.2
2013-03-05 02:48:39.229+0000: 2365: warning : lxcCapsInit:73 : Failed to get host power management capabilities
PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=523492fb-36c8-3662-c61e-91697d5ad0ab LIBVIRT_LXC_UUID=523492fb-36c8-3662-c61e-91697d5ad0ab LIBVIRT_LXC_NAME=vm1 /bin/sh
2013-03-05 02:48:39.299+0000: 1: error : lxcContainerIdentifyCGroups:1775 : Unable to read directory : No such file or directory
2013-03-05 02:48:39.300+0000: 2366: error : virLXCControllerRun:1468 : error receiving signal from container: Input/output error
But if mount cgroup on another poinit, the error message is different.
2). mount /dev/cgroups
# mkdir /dev/cgroups
# mount -t cgroup cgroup /dev/cgroups
# virsh -c lxc:/// start vm1
# vi /var/log/libvirt/lxc/vm1.log
2013-03-05 03:15:49.660+0000: starting up
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin LIBVIRT_DEBUG=3 LIBVIRT_LOG_OUTPUTS=3:stderr /usr/libexec/libvirt_lxc --name vm1 --console
2013-03-05 03:15:49.666+0000: 2430: info : libvirt version: 1.0.2
2013-03-05 03:15:49.666+0000: 2430: warning : lxcCapsInit:73 : Failed to get host power management capabilities
PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=518d6735-42d5-90b0-3780-d41a651385fc LIBVIRT_LXC_UUID=518d6735-42d5-90b0-3780-d41a651385fc LI
2013-03-05 03:15:49.749+0000: 1: error : lxcContainerMountCGroups:1892 : Failed to mount cgroup on '/dev/cgroups': No such file or directory
2013-03-05 03:15:49.749+0000: 2431: error : virLXCControllerRun:1468 : error receiving signal from container: Input/output error
Best Regards,
Olivia
12 years, 1 month
[libvirt] [libvirt-sandbox][PATCH] docs: correct libvirt sandbox command naming
by Alex Jia
Signed-off-by: Alex Jia <ajia(a)redhat.com>
---
docs/testing.txt | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/docs/testing.txt b/docs/testing.txt
index 54106bb..13724b3 100644
--- a/docs/testing.txt
+++ b/docs/testing.txt
@@ -11,27 +11,27 @@ For all tests, repeat with both KVM and LXC, eg
a. No I/O, with TTY
- libvirt-sandbox /bin/false
+ virt-sandbox /bin/false
b. Output only, with TTY
- libvirt-sandbox /bin/date
+ virt-sandbox /bin/date
c. Input/output, with TTY
- libvirt-sandbox /bin/sh
+ virt-sandbox /bin/sh
d. No I/O, without TTY
- libvirt-sandbox /bin/false < /dev/null > /dev/null
+ virt-sandbox /bin/false < /dev/null > /dev/null
e. Output only, without TTY
- libvirt-sandbox /bin/date > date.txt
+ virt-sandbox /bin/date > date.txt
f. Input/output, without TTY
- libvirt-sandbox /bin/cat < src.txt > dst.txt
+ virt-sandbox /bin/cat < src.txt > dst.txt
2. Filesystem config
--
1.7.1
12 years, 1 month
