[libvirt] [PATCH] Fix missing error dispatch in virDomainLxcEnterNamespace
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The virDomainLxcEnterNamespace method mistakenly uses
virCheckFlags, which returns immediately instead of
virCheckFlagsGoto which jumps to the error cleanup
patch where there is a virDispatchError call
---
src/libvirt-lxc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c
index c1bf168..abbbc12 100644
--- a/src/libvirt-lxc.c
+++ b/src/libvirt-lxc.c
@@ -138,7 +138,7 @@ virDomainLxcEnterNamespace(virDomainPtr domain,
{
int i;
- virCheckFlags(0, -1);
+ virCheckFlagsGoto(0, error);
if (noldfdlist && oldfdlist) {
size_t nfds;
--
1.8.1.4
12 years, 1 month
[libvirt] IPv6: getting it to work
by Gene Czarcinski
Before I start creating patches (since it is not only source code but
also documentation, schemas, tests, etc), I thought I would run this by
you folks for comments/suggestions.
With IPv4, it is relatively easy to set up working networks: just use
nat/MASQUERADE and things pretty much just work.
With IPv6, it is a bit more difficult because IPv6 is route-only with
(theoretically) unique addresses known across the Internet. It took me
a while but once I realized that I needed to define some static routes
on my default router, it because much easier. The default route(s) on
the default router connect the IPv6 guest network used by a
qemu-kvm/libvirt with the virtual host's IPv6 address.
My recommendation is to use a /48 or /56 IPv6 network and assign it to a
specific virtual host. This virtual host needs to have a fixed IPv6
address either with manual configuration or using a client-id to pin a
specific IPv6 address. Then make each of the virtual networks on that
host be a /64 network. So far so good and really not too much of an
administrative burden. NetworkManager can be used to set this default
route.
Now lets add some additional virtual network layers/segments to the
mix. For example:
guest10 <-> net-a <-> guest20 <-> net-b <-> guest30 <-> virbr<n>
host40 <-> router50 <-> host60
guest30 can talk to other systems such as host40, router50, and host60
on the real network since it is covered by the static route on the
default router.
guest10, guest20, and guest30 can talk to each other with some
additional static routes (or just default routes).
The problem: guest10 cannot talk to other real hosts such as host40 or
host60. The problem is that NetworkManager will not set a static route
for any network on a libvirt bridge device (or any bridge device which
NM does not "own").
At first I thought this was a NM problem but I now believe that this
should be fixed by libvirt.
I did some manual configuration to figure out what needed to be done so
that guest10 could use IPv6 to talk to another host on the real network.
1. You have defined a static route on the default router for
fd00:aa:bb::/48 to the virtual host.
2. You have an libvirt network defined with (for example)
fd00:aa:bb:10::/64 and a guest on that network with the address of
fd00:aa:bb:10::2/128. Lets say it is on virbr4.
3. Your secondary (isolated) virtual network is fd00:aa:bb:11::/64.
4. You need to issue firewalld commands so it will pass the additional
network on virbr4. These are of the form:
firewall-cmd --direct --passthrough ipv6 -I FORWARD -1 -d
fd00:aa:bb:11::/64 -o virbr4 -j ACCEPT
firewall-cmd --direct --passthrough ipv6 -I FORWARD -1 -s
fd00:aa:bb:11::/64 -i virbr4 -j ACCEPT
5. Create the route:
ip -6 route fd00:aa:bb:11::/64 via fd00:aa:bb:10::2 dev virbr4
proto static metric 1
OK, that is what has to be done but I want libvirt to do all of this for
me after some simple configuration.
I propose adding a new optional xml-element to the <ip> element: <via>
<via> would be an exclusive alternate to <dhcp> and both <via> and
<dhcp> could not be used under a single <ip> definition. As implied by
the name, <via> would specify the gateway address which is to receive
the packets on the designated network.
Right now, if you specify an additional IPv6 address to a network
definition, you get the correct ip6tables rules but you also get a
ip-addr for that additional definition and an ip-route for the related
network. With <via>, this last part would be replaced with NO
additional ip-addr and a static route for the network to the gateway.
Anticipated code changes (besides the tests, schemas, and documentation)
are:
network_conf.c to handle the new <via> element.
virnetdev.c to create and issue the ip-6-route command.
bridge_driver.c to detect when an IPv6 address is a "via" and do the
ip-6-route instead of adding the address.
Although this is being done for IPv6, there is no reason not to make
sure it also works with IPv4.
Comments, suggestions appreciated.
Gene
12 years, 1 month
[libvirt] This patch adds the label to lxc-enter-namespace
by Daniel J Walsh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
lxc-enter-namespace allows a process from outside a container to start a
process inside a container. One problem with the current code is the process
running within the container would run with the label of the process that
created it.
For example if the admin process is running as unconfined_t and executes the
following command
# virsh -c lxc:/// lxc-enter-namespace --nolabel dan -- /bin/ps -eZ
LABEL PID TTY TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 29 ? 00:00:00 dhclient
staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 47 ? 00:00:00 ps
Note the ps command is running as unconfined_t, After this patch,
virsh -c lxc:/// lxc-enter-namespace dan -- /bin/ps -eZ
LABEL PID TTY TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 38 ? 00:00:00 ps
I also add a --nolabel command to virsh, which can go back to the original
behaviour.
virsh -c lxc:/// lxc-enter-namespace --nolabel dan -- /bin/ps -eZ
LABEL PID TTY TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 37 ? 00:00:00 ps
One problem I had when I originally did the patch is
lxcDomainGetSecurityLabel was returning the incorrect label, I needed the
label of the initpid within the container not its parent process, so I
changed this function to match OpenNamespaces function.
One last strangeness, about half the time I run this, virsh hangs and never
returns.
Seems like
if (conn->driver->domainGetSecurityLabel(domain,
seclabel) == 0) {
Gets hung up. I have attached the strace in out1.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlE476kACgkQrlYvE4MpobMW8QCeMwkx5uzMgQdJbNqnyiOa62+Y
JNIAnA8ZZRhjlqMIRAy5/RbMc1g3Wxv1
=cSsv
-----END PGP SIGNATURE-----
12 years, 1 month
[libvirt] Libvirt and qemu multiqueue net
by Michal Privoznik
It's been a while since qemu added support for multiqueue virtio-net.
For more info follow [1]. From usage POV, libvirt is required to pass
multiple FDs:
qemu-kvm -netdev tap,id=hn0,fds=x:y:...:z,vhost=on,vhostfds=a:b:...:c
-device virtio-net-pci,netdev=hn0,vectors=N ...
where count(x:...:z) = M. We are strongly advised to use 1:1 ratio => M=N.
The FDs for 'fds' argument can be obtained via:
fd1 = open("/dev/net/tun")
ioctl(fd1, TUNSETIFF, "tap")
fd2 = open("/dev/net/tun")
ioctl(fd2, TUNATTACHQUEUE, "tap")
And what I am wondering about is, how to expose this to XML. Or do we
even want to expose this instead of some smart automatic setting? There
are not any other configurable knobs right now, but they may come in the
future.
Michal
1: http://www.linux-kvm.org/page/Multiqueue
12 years, 1 month
[libvirt] we can't build a new libvirt package (error 1)
by Erdembileg. G
Hi,
I installed Xen 4.2.1-4.el6 on CentOS 6.4. kernel version
is 3.8.2-3.el6xen.x86_64. Libvirt version is libvirt-0.10.2-18.el6
Before configure and installion are OK. But I can't build a new libvirt
package.
PASS: test_conf.sh
PASS: cpuset
PASS: define-dev-segfault
PASS: int-overflow
PASS: libvirtd-fail
PASS: libvirtd-pool
PASS: read-bufsiz
PASS: read-non-seekable
PASS: start
PASS: vcpupin
TEST: virsh-all
........................................ 40
........................................ 80
........................................ 120
........................................ 160
................................. 193 OK
PASS: virsh-all
PASS: virsh-optparse
PASS: virsh-schedinfo
PASS: virsh-synopsis
PASS: virsh-undefine
=======================================
1 of 71 tests failed
(1 test was not run)
Please report to libvir-list(a)redhat.com
=======================================
make[1]: *** [check-TESTS] Error 1
make[1]: Leaving directory `/root/rpmbuild/BUILD/libvirt-0.10.2/tests'
make: *** [check-am] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.rsnyPA (%check)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.rsnyPA (%check)
[root@xebin SPECS]#
--
Best Regards,
Erdembileg.G
12 years, 1 month
[libvirt] [PATCH] audit: Audit operations done by using VirtIO RNG
by Peter Krempa
This patch adds auditing of resources used by the 'random' backend of
virtio RNG.
---
If there's desire to audit also use of the "egd" backend that uses a
generic character device, a way how to audit this device will need to be
introduced. We don't audit useage of chardevs right now.
src/conf/domain_audit.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 76 insertions(+)
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 8cd522a..c80bdb4 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -100,6 +100,79 @@ cleanup:
}
+static void
+virDomainAuditRNG(virDomainObjPtr vm,
+ virDomainRNGDefPtr newDef, virDomainRNGDefPtr oldDef,
+ const char *reason, bool success)
+{
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ char *vmname;
+ char *oldsrc = NULL;
+ char *newsrc = NULL;
+ const char *virt;
+
+ virUUIDFormat(vm->def->uuid, uuidstr);
+ if (!(vmname = virAuditEncode("vm", vm->def->name)))
+ goto no_memory;
+
+ if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+ virt = "?";
+ }
+
+ if (newDef) {
+ switch (newDef->backend) {
+ case VIR_DOMAIN_RNG_BACKEND_RANDOM:
+ if (!(newsrc = virAuditEncode("new-rng", VIR_AUDIT_STR(newDef->source.file))))
+ goto no_memory;
+ break;
+
+ case VIR_DOMAIN_RNG_BACKEND_EGD:
+ case VIR_DOMAIN_RNG_BACKEND_LAST:
+ if (!(newsrc = virAuditEncode("new-rng", "?")))
+ goto no_memory;
+ break;
+ }
+ } else {
+ if (!(newsrc = virAuditEncode("new-rng", "?")))
+ goto no_memory;
+ }
+
+ if (oldDef) {
+ switch (oldDef->backend) {
+ case VIR_DOMAIN_RNG_BACKEND_RANDOM:
+ if (!(oldsrc = virAuditEncode("old-rng", VIR_AUDIT_STR(oldDef->source.file))))
+ goto no_memory;
+ break;
+
+ case VIR_DOMAIN_RNG_BACKEND_EGD:
+ case VIR_DOMAIN_RNG_BACKEND_LAST:
+ if (!(oldsrc = virAuditEncode("old-rng", "?")))
+ goto no_memory;
+ break;
+ }
+ } else {
+ if (!(oldsrc = virAuditEncode("old-rng", "?")))
+ goto no_memory;
+ }
+
+ VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+ "virt=%s resrc=rng reason=%s %s uuid=%s %s %s",
+ virt, reason, vmname, uuidstr,
+ oldsrc, newsrc);
+
+cleanup:
+ VIR_FREE(vmname);
+ VIR_FREE(oldsrc);
+ VIR_FREE(newsrc);
+ return;
+
+no_memory:
+ VIR_WARN("OOM while encoding audit message");
+ goto cleanup;
+}
+
+
void
virDomainAuditFS(virDomainObjPtr vm,
virDomainFSDefPtr oldDef, virDomainFSDefPtr newDef,
@@ -641,6 +714,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
virDomainAuditRedirdev(vm, redirdev, "start", true);
}
+ if (vm->def->rng)
+ virDomainAuditRNG(vm, vm->def->rng, NULL, "start", true);
+
virDomainAuditMemory(vm, 0, vm->def->mem.cur_balloon, "start", true);
virDomainAuditVcpu(vm, 0, vm->def->vcpus, "start", true);
--
1.8.1.5
12 years, 1 month
[libvirt] [PATCH v3 0/3] Keep original file label
by Michal Privoznik
Yet another rework of $subj. I am still not solving atomicity
problem for now. See diff to the patches if you want to know
what's changed.
Michal Privoznik (3):
virFile: Add APIs for extended attributes handling
virfile: Introduce internal API for managing ACL
security_dac: Favour ACLs over chown()
configure.ac | 2 +
libvirt.spec.in | 1 +
m4/virt-acl.m4 | 9 ++
src/Makefile.am | 4 +-
src/libvirt_private.syms | 6 +
src/security/security_dac.c | 209 ++++++++++++++++++++++++++-----
src/util/virfile.c | 290 ++++++++++++++++++++++++++++++++++++++++++++
src/util/virfile.h | 23 ++++
8 files changed, 515 insertions(+), 29 deletions(-)
create mode 100644 m4/virt-acl.m4
--
1.8.1.5
12 years, 1 month
[libvirt] [PATCH] Add missing break in LXC loop device setup
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
When setting up disks with loop devices for LXC, one of the
switch cases was missing a 'break' causing it to fallthrough
to an error condition.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/lxc/lxc_controller.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index ce46070..128271f 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -448,6 +448,7 @@ static int virLXCControllerSetupLoopDevices(virLXCControllerPtr ctrl)
fd = virLXCControllerSetupLoopDeviceDisk(disk);
if (fd < 0)
goto cleanup;
+ break;
default:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
--
1.8.1.4
12 years, 1 month
[libvirt] using virSetUIDGID() with unprivileged qemu defeats setuid helper
by Csaba Henk
Hi,
I recently experienced that my qemu guest (which I'm using with
unprivileged user) fails to start with:
error: internal error process exited while connecting to monitor: chardev: opening backend "pty" failed
This happens upon trying to facilitate the
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
stanzas, for which qemu wants to grab a pty through openpty(3).
openpty needs to have the assigned pty to be chown'd to the qemu
user, which is attempted via running the setuid helper program
pt_chown. However, chown(2) fails with EPERM.
The culprit seems to be the commits
v1.0.3-rc1~113: util: virSetUIDGIDWithCaps - change uid while keeping caps
v1.0.3-rc1~112: util: maintain caps when running command with uid != 0
which change how capabilities are manipulated before program execution.
Just immediately before the execve(2) call, the qemu process used to have
the following capabilities:
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: ffffffffffffffff
since said commits, it looks like:
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: ffffffe000000000
as far as my capability-noob eyes can see, the bounding set lacks CAP_CHOWN
and thus pt_chown won't attain CAP_CHOWN despite running on uid 0, and the
EPERM is triggered.
How could we fix it? Qemu invocation should be customized or virExec() adjusted?
Or is there some configuration workaround?
(For the record, I've seen it on Arch Linux; tried their binary package and also
my own builds, which included a current git checkout.)
Thanks
Csaba
12 years, 1 month
[libvirt] [PATCH] Add support for disks backed by plain files in LXC
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
By using a loopback device, disks backed by plain files can
be made available to LXC containers. We make no attempt to
auto-detect format if <driver type="raw"/> is not set,
instead we unconditionally treat that as meaning raw. This
is to avoid the security issues inherant with format
auto-detection
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/lxc/lxc_controller.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 65 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index a7e715e..176e1be 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -356,7 +356,7 @@ static int virLXCControllerValidateConsoles(virLXCControllerPtr ctrl)
}
-static int virLXCControllerSetupLoopDevice(virDomainFSDefPtr fs)
+static int virLXCControllerSetupLoopDeviceFS(virDomainFSDefPtr fs)
{
int lofd;
char *loname = NULL;
@@ -377,6 +377,27 @@ static int virLXCControllerSetupLoopDevice(virDomainFSDefPtr fs)
}
+static int virLXCControllerSetupLoopDeviceDisk(virDomainDiskDefPtr disk)
+{
+ int lofd;
+ char *loname = NULL;
+
+ if ((lofd = virFileLoopDeviceAssociate(disk->src, &loname)) < 0)
+ return -1;
+
+ /*
+ * We now change it into a block device type, so that
+ * the rest of container setup 'just works'
+ */
+ disk->type = VIR_DOMAIN_DISK_TYPE_BLOCK;
+ VIR_FREE(disk->src);
+ disk->src = loname;
+ loname = NULL;
+
+ return lofd;
+}
+
+
static int virLXCControllerSetupLoopDevices(virLXCControllerPtr ctrl)
{
size_t i;
@@ -389,7 +410,7 @@ static int virLXCControllerSetupLoopDevices(virLXCControllerPtr ctrl)
if (fs->type != VIR_DOMAIN_FS_TYPE_FILE)
continue;
- fd = virLXCControllerSetupLoopDevice(fs);
+ fd = virLXCControllerSetupLoopDeviceFS(fs);
if (fd < 0)
goto cleanup;
@@ -402,6 +423,48 @@ static int virLXCControllerSetupLoopDevices(virLXCControllerPtr ctrl)
ctrl->loopDevFds[ctrl->nloopDevs - 1] = fd;
}
+ for (i = 0 ; i < ctrl->def->ndisks ; i++) {
+ virDomainDiskDefPtr disk = ctrl->def->disks[i];
+ int fd;
+
+ if (disk->type != VIR_DOMAIN_DISK_TYPE_FILE)
+ continue;
+
+ switch (disk->format) {
+ /* We treat 'none' as meaning 'raw' since we
+ * don't want to go into the auto-probing
+ * business for security reasons
+ */
+ case VIR_STORAGE_FILE_RAW:
+ case VIR_STORAGE_FILE_NONE:
+ if (disk->driverName &&
+ STRNEQ(disk->driverName, "loop")) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("disk driver %s is not supported"),
+ disk->driverName);
+ goto cleanup;
+ }
+
+ fd = virLXCControllerSetupLoopDeviceDisk(disk);
+ if (fd < 0)
+ goto cleanup;
+
+ default:
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("disk format %s is not supported"),
+ virStorageFileFormatTypeToString(disk->format));
+ goto cleanup;
+ }
+
+ VIR_DEBUG("Saving loop fd %d", fd);
+ if (VIR_EXPAND_N(ctrl->loopDevFds, ctrl->nloopDevs, 1) < 0) {
+ VIR_FORCE_CLOSE(fd);
+ virReportOOMError();
+ goto cleanup;
+ }
+ ctrl->loopDevFds[ctrl->nloopDevs - 1] = fd;
+ }
+
VIR_DEBUG("Setup all loop devices");
ret = 0;
--
1.7.11.7
12 years, 1 month
