[libvirt] [PATCH] spec: Enable KVM support on ARM
by Cole Robinson
F20/rawhide has will support this.
From: Peter Robinson <pbrobinson(a)gmail.com>
---
libvirt.spec.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 8d43e6d..e357a3d 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -54,7 +54,11 @@
%define with_qemu_tcg %{with_qemu}
# Change if we ever provide qemu-kvm binaries on non-x86 hosts
%if 0%{?fedora} >= 18
- %define qemu_kvm_arches %{ix86} x86_64 ppc64 s390x
+ %if 0%{?fedora} >= 20
+ %define qemu_kvm_arches %{ix86} x86_64 ppc64 s390x %{arm}
+ %else
+ %define qemu_kvm_arches %{ix86} x86_64 ppc64 s390x
+ %endif
%else
%define qemu_kvm_arches %{ix86} x86_64
%endif
--
1.8.2.1
11 years, 4 months
[libvirt] [PATCH 00/11] Support CHAP authentication for iscsi pool
by Osier Yang
The XMLs like (<auth type='chap' login='foo' passwd='kudo'/>) was
introduced long ago, but it's never used for any pool backend. This
implements the support first (See 6/11 for details), and based on it,
using "secret" object for the authentication is added too. E.g.
<auth type='chap' username='foo'>
<secret uuid='48dcd4a4-b25f-4fc6-8874-84797c6e3678'/>
</auth>
Osier Yang (11):
storage: Refactor the rng schema for storage pool auth
storage: Support "username" for "chap" type "auth"
storage: Add a struct for auth secret
storage: Introduce XMLs to use secret object for pool auth
storage: Output auth type before username
storage: Support "chap" authentication for iscsi pool
storage: Support to use secret object for iscsi chap "auth"
storage: Update docs/formatsecret.html
storage: Use the internal API to get the secret value instead
storage: Improve the pool auth type parsing and formating
Storage: Fix the indention of rbd test file
docs/formatsecret.html.in | 10 +-
docs/schemas/storagepool.rng | 51 +++---
src/conf/storage_conf.c | 179 ++++++++++++++-------
src/conf/storage_conf.h | 28 +++-
src/storage/storage_backend_iscsi.c | 114 ++++++++++++-
src/storage/storage_backend_rbd.c | 13 +-
.../storagepoolxml2xmlin/pool-iscsi-auth-login.xml | 17 ++
.../pool-iscsi-auth-secret.xml | 19 +++
.../pool-iscsi-auth-username.xml | 17 ++
tests/storagepoolxml2xmlin/pool-iscsi-auth.xml | 17 --
tests/storagepoolxml2xmlin/pool-rbd.xml | 2 +-
.../pool-iscsi-auth-login.xml | 20 +++
.../pool-iscsi-auth-secret.xml | 22 +++
.../pool-iscsi-auth-username.xml | 20 +++
tests/storagepoolxml2xmlout/pool-iscsi-auth.xml | 20 ---
.../pool-iscsi-vendor-product.xml | 2 +-
tests/storagepoolxml2xmlout/pool-rbd.xml | 2 +-
tests/storagepoolxml2xmltest.c | 3 +-
18 files changed, 424 insertions(+), 132 deletions(-)
create mode 100644 tests/storagepoolxml2xmlin/pool-iscsi-auth-login.xml
create mode 100644 tests/storagepoolxml2xmlin/pool-iscsi-auth-secret.xml
create mode 100644 tests/storagepoolxml2xmlin/pool-iscsi-auth-username.xml
delete mode 100644 tests/storagepoolxml2xmlin/pool-iscsi-auth.xml
create mode 100644 tests/storagepoolxml2xmlout/pool-iscsi-auth-login.xml
create mode 100644 tests/storagepoolxml2xmlout/pool-iscsi-auth-secret.xml
create mode 100644 tests/storagepoolxml2xmlout/pool-iscsi-auth-username.xml
delete mode 100644 tests/storagepoolxml2xmlout/pool-iscsi-auth.xml
--
1.8.1.4
11 years, 4 months
[libvirt] [PATCH] Add optional serial id for USB devices in hostdev
by david.waring@rd.bbc.co.uk
From: David Waring <david.waring(a)rd.bbc.co.uk>
This patch adds the ability to include a serial element in a hostdev/source
to select a device with a particular serial number. Patch for bugzilla
#914883. This allows specific USB devices to attached to guests when there may
be more than one of the same USB device attached to a host.
The serial number is optional so that without it existing behaviour is
maintained.
David Waring (1):
Add ability to attach USB devices to guests using vendor, product and
serial id.
docs/formatdomain.html.in | 21 +++++++++++---------
src/conf/domain_conf.c | 18 +++++++++++++++--
src/conf/domain_conf.h | 1 +
src/conf/node_device_conf.c | 5 +++++
src/conf/node_device_conf.h | 1 +
src/lxc/lxc_hostdev.c | 5 +++--
src/qemu/qemu_hostdev.c | 5 +++--
src/util/virusb.c | 47 +++++++++++++++++++++++++++++++++++++++++----
src/util/virusb.h | 2 ++
9 files changed, 86 insertions(+), 19 deletions(-)
--
1.8.1.4
11 years, 4 months
[libvirt] [PATCH 00/19] Support for access control
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
This series (which depends on the Xen refactoring patches) adds
support for access control checks on all APIs that run inside
libvirtd.
The first patch defines the basic objects which can be checked
and the permissions associated with each object. In addition
it provides the basic internal (pluggable) API for access
control checks
Later there are policykit and selinux drivers for the access
control framework. Neither of these is currently optimal
but they have basic functionality working
To ensure that we don't forget access control checks when
adding new APIs, we maintain metadata in the remote_protocol.x
file against each method declaring what access control check
must be done.
There are actually two checks possible. The first check is
against the object being used. The optional second check
is against the objects being returned (if any). The latter
is used to filter what can be seen when asking for a list
of objects (eg 'virsh list' gets filtered)
Again to ensure accurate checks, we automate the generation
of methods for applying access control checks to each API.
These helper methods are named to match the public API names.
The last patch ensures that every method listed in the
virXXXXDriverPtr tables has a call to an access control
helper with the same name as the public API.
And of course there are the patches which actually add
the access control checks.
Still todo
- Not all Xen methods have access control checks yet.
This causes the test case in the last patch to report
failures
- Have not wired up the checks for filtering the returned
objects in any driver yet
- The polkit driver is inefficient since it spawns
pkcheck for each check. We need to talk to DBus
directly since ACL checks will be very frequent
and need to be lightweight
- The SELinux driver is validating against the label
of libvirtd. We need to validate against the label of
the virDomainDefPtr security model or some equivalent
for other objects.
- Need to write a generic RBAC access control impl. It
was hoped that new polkit would make this obsolete.
Polkit is still unable to do access control checks
for non-local users though eg it can't validate
against SASL usernames or x509 certs.
Daniel P. Berrange (19):
Define basic internal API for access control
Set conn->driver before running driver connectOpen method
Setup default access control manager in libvirtd
Add a policy kit access control driver
Add an SELinux access control driver
Add ACL annotations to all RPC messages
Auto-generate helpers for checking access control rules
Add ACL checks into the QEMU driver
Add ACL checks into the LXC driver
Add ACL checks into the UML driver
Add ACL checks into the Xen driver
Add ACL checks into the libxl driver
Add ACL checks into the storage driver
Add ACL checks into the network driver
Add ACL checks into the interface driver
Add ACL checks into the node device driver
Add ACL checks into the nwfilter driver
Add ACL checks into the secrets driver
Add validation that all APIs contain ACL checks
.gitignore | 10 +
daemon/Makefile.am | 1 +
daemon/libvirtd-config.c | 4 +
daemon/libvirtd-config.h | 2 +
daemon/libvirtd.aug | 1 +
daemon/libvirtd.c | 27 ++
daemon/libvirtd.conf | 9 +
daemon/test_libvirtd.aug.in | 4 +
include/libvirt/virterror.h | 4 +
m4/virt-compile-warnings.m4 | 1 +
m4/virt-selinux.m4 | 2 +
po/POTFILES.in | 3 +
src/Makefile.am | 128 +++++-
src/access/genpolkit.pl | 119 ++++++
src/access/viraccessdriver.h | 89 ++++
src/access/viraccessdrivernop.c | 118 ++++++
src/access/viraccessdrivernop.h | 28 ++
src/access/viraccessdriverpolkit.c | 399 ++++++++++++++++++
src/access/viraccessdriverpolkit.h | 28 ++
src/access/viraccessdriverselinux.c | 565 +++++++++++++++++++++++++
src/access/viraccessdriverselinux.h | 28 ++
src/access/viraccessdriverstack.c | 285 +++++++++++++
src/access/viraccessdriverstack.h | 32 ++
src/access/viraccessmanager.c | 352 ++++++++++++++++
src/access/viraccessmanager.h | 91 ++++
src/access/viraccessperm.c | 84 ++++
src/access/viraccessperm.h | 647 +++++++++++++++++++++++++++++
src/check-aclrules.pl | 144 +++++++
src/interface/interface_backend_netcf.c | 114 +++++
src/interface/interface_backend_udev.c | 85 +++-
src/internal.h | 4 +
src/libvirt.c | 11 +-
src/libvirt_private.syms | 37 ++
src/libxl/libxl_driver.c | 187 ++++++++-
src/locking/lock_protocol.x | 8 +
src/lxc/lxc_driver.c | 219 +++++++++-
src/network/bridge_driver.c | 61 +++
src/node_device/node_device_driver.c | 36 ++
src/nwfilter/nwfilter_driver.c | 26 ++
src/qemu/qemu_driver.c | 716 ++++++++++++++++++++++++++++----
src/remote/lxc_protocol.x | 1 +
src/remote/qemu_protocol.x | 4 +
src/remote/remote_protocol.x | 406 ++++++++++++++++++
src/rpc/gendispatch.pl | 212 +++++++++-
src/secret/secret_driver.c | 31 ++
src/storage/storage_driver.c | 155 ++++++-
src/uml/uml_driver.c | 174 +++++++-
src/util/virerror.c | 8 +
src/util/virlog.c | 3 +-
src/util/virlog.h | 1 +
src/xen/xen_driver.c | 217 +++++++++-
51 files changed, 5785 insertions(+), 136 deletions(-)
create mode 100755 src/access/genpolkit.pl
create mode 100644 src/access/viraccessdriver.h
create mode 100644 src/access/viraccessdrivernop.c
create mode 100644 src/access/viraccessdrivernop.h
create mode 100644 src/access/viraccessdriverpolkit.c
create mode 100644 src/access/viraccessdriverpolkit.h
create mode 100644 src/access/viraccessdriverselinux.c
create mode 100644 src/access/viraccessdriverselinux.h
create mode 100644 src/access/viraccessdriverstack.c
create mode 100644 src/access/viraccessdriverstack.h
create mode 100644 src/access/viraccessmanager.c
create mode 100644 src/access/viraccessmanager.h
create mode 100644 src/access/viraccessperm.c
create mode 100644 src/access/viraccessperm.h
create mode 100644 src/check-aclrules.pl
--
1.8.1.4
11 years, 4 months
[libvirt] [PATCH 00/11] storage_scsi: Stable SCSI host addressing support
by Osier Yang
The SCSI host number is not stable on Linux platform, the number
can be changed after a system rebooting or scsi kernel modules
reloaded. To have a stable address for the scsi_host adapter of
scsi pool, this introduces new XMLs like:
<adapter type='scsi_host' parent='pci_0000_00_1f_2' unique_id='5'/>
Where "parent" is the parent device of the scsi host, it should be
consistent with the name style what node device driver uses (Either
udev backend style or HAL backend style), or the PCI address in format
"domain:bus:slot:function" format. "unique_id" is the number exposed
by sysfs. E.g:
% cat /sys/bus/pci/devices/0000:00:1f.2/ata5/host4/scsi_host/host4/unique_id
5
The attribute "parent" is required, attribute "unique_id" is optional,
if it's omitted, the scsi host which has smallest unique_id under the
"parent" device will be used.
"parent" and the old "name" attribute are exclusive, since they are both to
indicate scsi host number.
Osier Yang (11):
storage: Add a struct for scsi_host type adapter
storage: Introduce new XMLs for stable SCSI host addressing
util: Add a util to traverse directory tree
util: Add util to find PCI device address by its vendor and product
IDs
util: Add util to parse the stable scsi host address
storage_scsi: Don't ignore the return value of VIR_STRDUP
storage_scsi: Translate the stable address into scsi host number
util: Add util to pad string
storage_scsi: Allow the direct PCI address for 'parent'
util: Add a util to guess the scsi host name with specified "parent"
storage_scsi: Allow the omitted 'unique_id'
docs/schemas/basictypes.rng | 20 +-
src/conf/storage_conf.c | 66 ++-
src/conf/storage_conf.h | 7 +-
src/libvirt_private.syms | 5 +
src/phyp/phyp_driver.c | 8 +-
src/storage/storage_backend_scsi.c | 152 +++++-
src/util/virstring.c | 38 ++
src/util/virstring.h | 6 +
src/util/virutil.c | 549 +++++++++++++++++++++
src/util/virutil.h | 67 +++
.../pool-scsi-type-scsi-host-stable.xml | 15 +
.../pool-scsi-type-scsi-host-stable.xml | 18 +
tests/storagepoolxml2xmltest.c | 1 +
.../ata1/host0/scsi_host/host0/unique_id | 1 +
.../ata2/host1/scsi_host/host1/unique_id | 1 +
tests/sysfs/devices/pci0000:00/0000:00:1f.1/device | 1 +
tests/sysfs/devices/pci0000:00/0000:00:1f.1/vendor | 1 +
tests/sysfs/devices/pci0000:00/0000:00:1f.2/device | 1 +
tests/sysfs/devices/pci0000:00/0000:00:1f.2/vendor | 1 +
tests/sysfs/devices/pci0000:00/0000:00:1f.4/device | 1 +
tests/sysfs/devices/pci0000:00/0000:00:1f.4/vendor | 1 +
tests/utiltest.c | 137 +++++
22 files changed, 1076 insertions(+), 21 deletions(-)
create mode 100644 tests/storagepoolxml2xmlin/pool-scsi-type-scsi-host-stable.xml
create mode 100644 tests/storagepoolxml2xmlout/pool-scsi-type-scsi-host-stable.xml
create mode 100644 tests/sysfs/bus/pci/devices/0000:00:1f.2/ata1/host0/scsi_host/host0/unique_id
create mode 100644 tests/sysfs/bus/pci/devices/0000:00:1f.2/ata2/host1/scsi_host/host1/unique_id
create mode 100644 tests/sysfs/devices/pci0000:00/0000:00:1f.1/device
create mode 100644 tests/sysfs/devices/pci0000:00/0000:00:1f.1/vendor
create mode 100644 tests/sysfs/devices/pci0000:00/0000:00:1f.2/device
create mode 100644 tests/sysfs/devices/pci0000:00/0000:00:1f.2/vendor
create mode 100644 tests/sysfs/devices/pci0000:00/0000:00:1f.4/device
create mode 100644 tests/sysfs/devices/pci0000:00/0000:00:1f.4/vendor
--
1.8.1.4
11 years, 4 months
[libvirt] [PATCH 0/5] Handling of undefine and redefine snapshots with VirtualBox 4.2
by Manuel VIVES
Hi,
This is a serie of patches in order to support undefining and redefining
snapshots with VirtualBox 4.2.
The VirtualBox API provides only high level operations to manipulate snapshots,
so it not possible to support flags like VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE and
VIR_DOMAIN_SNAPSHOT_DELETE_METADATA_ONLY with only API calls.
Following an IRC talk with Eric Blake, the decision was taken to emulate these
behaviours by manipulating directly the .vbox XML files.
The first two patches are some util methods for handling uuid and strings that
will be used after.
The third patch brings more details in the snapshot XML returned by libvirt.
We will need those modifications in order to redefine the snapshots.
The fourth patch brings the support of the VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE
and VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT flags in virDomainSnapshotCreateXML.
The fifth and last patch brings the support of the VIR_DOMAIN_SNAPSHOT_DELETE_METADATA_ONLY
flag in virDomainSnapshotDelete.
The patches are only for Virtualbox 4.2
Regards,
Manuel VIVES
Manuel VIVES (5):
viruuid.h/c: Util method for finding uuid patterns in some strings
virstring.h/c: Util method for making some find and replace in
strings
vbox_tmpl.c: Better XML description for snapshots
vbox_tmpl.c: Patch for redefining snapshots
vbox_tmpl.c: Add methods for undefining snapshots
src/conf/domain_conf.c | 20 +-
src/libvirt_private.syms | 2 +
src/util/virstring.c | 129 ++++
src/util/virstring.h | 6 +
src/util/viruuid.c | 79 ++
src/util/viruuid.h | 1 +
src/vbox/vbox_tmpl.c | 1831 +++++++++++++++++++++++++++++++++++++++++++---
7 files changed, 1943 insertions(+), 125 deletions(-)
--
1.7.10.4
11 years, 4 months
[libvirt] Schedule for next release 1.0.7 ?
by Daniel Veillard
If we want to release at the end of the month as usual, we should
probably enter freeze next Monday or Tuesday. There is however some
patch set needing review, e.g. the 'Guest Panicked' one or the big
fine grained ACL feature. Dan do you think this can reasonably be merged
in by next Monday ?
If we get fine grained ACLs in then I would suggest to bump the
release number to 1.1.0 as this is a major improvement whose possible
impact at the application level is worth inticating as part of the
release medium number. If not I guess we're in for 1.0.7,
Opinions ?
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
11 years, 4 months
[libvirt] ANNOUNCE: virt-manager 0.10.0 released
by Cole Robinson
I'm happy to announce the release of virt-manager 0.10.0!
virt-manager is a desktop application for managing KVM and Xen virtual
machines via libvirt.
The release can be downloaded from:
http://virt-manager.org/download.html
The direct download links are:
http://virt-manager.org/download/sources/virt-manager/virt-manager-0.10.0...
This release includes:
- Merged code with python-virtinst. virtinst is no longer public
- Port from GTK2 to GTK3 (Daniel Berrange, Cole Robinson)
- Port from gconf to gsettings
- Port from autotools to python distutils
- Remove virt-manager-tui
- Remove HAL support
- IPv6 and static route virtual network support (Gene Czarcinski)
- virt-install: Add --cpu host-passthrough (Ken ICHIKAWA, Hu Tao)
To elaborate a bit on the first two:
* python-virtinst has been merged with virt-manager, and the virtinst
library is no longer public. This shouldn't be a surprise to anyone
following development over the last year. virt-manager now distributes
the virtinst tools virt-install, virt-clone, virt-image, and virt-convert.
* virt-manager has been ported to GTK3 and several other modern gnome
libraries. The newest version that have been tested are what is
shipped with Fedora 18, so nothing less than a year old. This version
may not work correctly on an older distro.
Thanks to everyone who has contributed to this release through testing,
bug reporting, submitting patches, and otherwise sending in feedback!
Thanks,
Cole
11 years, 4 months