July 2013 - Devel - libvirt List Archives

[libvirt] [PATCH v2 0/3] libxl: implement some chuncks of the NUMA interface
by Dario Faggioli 10 Jul '13

10 Jul '13

Hi everyone, This is take 2 of the series about introducing (some) NUMA support for the libxl driver. What was patch 2 in v1 has been already applied and so it's no longer part of the series. I think I addressed all the comments raised during v1 review (more details in the individual changelogs). Further comments are as usual welcome. Thanks and Regards, Dario --- Dario Faggioli (3): libxl: implement NUMA capabilities reporting libxl: advertise the support for VIR_TYPED_PARAM_STRING libxl: implement virDomainGetNumaParameters src/libxl/libxl_conf.c | 141 ++++++++++++++++++++++++++++++++++++++++ src/libxl/libxl_driver.c | 161 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 300 insertions(+), 2 deletions(-) -- <<This happens because I choose it to happen!>> (Raistlin Majere) ----------------------------------------------------------------- Dario Faggioli, Ph.D, http://about.me/dario.faggioli Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)

2 8

[libvirt] Using unix domain sockets with serial devices
by Chris Lalancette 10 Jul '13

10 Jul '13

Hello, The Oz automated install program (http://github.com/clalancette/oz) uses a serial device inside a guest to communicate the guest IP address to a listener on the host; once the host has the IP address, other customization steps can take place. This serial device in the guest is currently backed by a TCP socket on the host. I use the following libvirt XML snippet to set this up: <serial type="tcp"> <source mode="bind" host="127.0.0.1" service="9412"/> <protocol type="raw"/> <target port="1"/> </serial> DanB points out that this is probably insecure, and we should use named pipes or Unix domain sockets instead. I was able to implement Unix domain sockets with a few minor changes to Oz, but I'm running into a permissions problem. Essentially, the problem is that when you run Oz as a regular, non-root user, there is no convenient place on the filesystem where both the qemu user can read and write the socket, and where the user that is running Oz can read the socket. I've tried using /var/lib/libvirt/qemu/*.port, but that directory is 0650, so the regular user has no permission to it. Similarly, the qemu user may not have permission to read the users home directory, so I can't really put it there either. Does anyone have any ideas of what I might do here? I'm open to changing to any of Unix domain sockets, pipes, UDP sockets, or whatever, but it has to work for both root and non-root users. Thanks in advance, Chris

2 1

[libvirt] [PATCH] Properly detect VMDK with internal version 2
by Martin Kletzander 10 Jul '13

10 Jul '13

Initially proposed as [1], but then changed to comment fix only. VMDK can have internal version set to 2 when there are few features added which do not affect us. Thanks to Jan's commit a1ee8e18 this can be easily fixed by adding it to list of supported versions. [1] http://www.redhat.com/archives/libvir-list/2013-June/msg00419.html Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=836676 Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- src/util/virstoragefile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index 27aa4fe..23b4644 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -213,7 +213,7 @@ static struct FileTypeInfo const fileTypeInfo[] = { }, [VIR_STORAGE_FILE_VMDK] = { 0, "KDMV", NULL, - LV_LITTLE_ENDIAN, 4, {1}, + LV_LITTLE_ENDIAN, 4, {1, 2}, 4+4+4, 8, 512, -1, vmdk4GetBackingStore, NULL }, [VIR_STORAGE_FILE_VPC] = { -- 1.8.2.1

2 2

[libvirt] [PATCH] build: honor autogen.sh --no-git
by Eric Blake 10 Jul '13

10 Jul '13

Based on a report by Chandrashekar Shastri, at https://bugzilla.redhat.com/show_bug.cgi?id=979360 On systems where git cannot access the outside world, a developer can instead arrange to get a copy of gnulib at the right commit via side channels (such as NFS share drives), set GNULIB_SRCDIR, then use ./autogen.sh --no-git. In this setup, we will now avoid direct use of git. Of course, this means no automatic gnulib updates when libvirt.git updates its submodule, but it is expected that any developer in such a situation is already prepared to deal with the fallout. * .gnulib: Update to latest, for bootstrap. * bootstrap: Synchronize from gnulib. * autogen.sh (no_git): Avoid git when requested. * cfg.mk (_update_required): Skip automatic rerun of bootstrap if we can't use git. Signed-off-by: Eric Blake <eblake(a)redhat.com> --- This does not qualify as a build-breaker, and although it touches gnulib, it is complex enough that I'm not quite willing to push it under my carte-blanche rule for gnulib updates outside of freezes. So, if anyone is willing to review, great; if not, I'll probably still push on Monday, as it did pass my testing. * .gnulib f40e61e...b72ff2a (1): > bootstrap: honor --no-git .gnulib | 2 +- autogen.sh | 10 ++++++++-- bootstrap | 21 ++++++++++++++------- cfg.mk | 1 + 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/.gnulib b/.gnulib index f40e61e..b72ff2a 160000 --- a/.gnulib +++ b/.gnulib @@ -1 +1 @@ -Subproject commit f40e61ea0c4940b027aade7dd48948aa93f133a4 +Subproject commit b72ff2a45efde544c406804186d37a3254728571 diff --git a/autogen.sh b/autogen.sh index d4957f1..42e5608 100755 --- a/autogen.sh +++ b/autogen.sh @@ -49,6 +49,10 @@ fi # we rerun bootstrap to pull in those diffs. bootstrap_hash() { + if test "$no_git"; then + echo no-git + return + fi git submodule status | sed 's/^[ +-]//;s/ .*//' git hash-object bootstrap.conf git ls-tree -d HEAD gnulib/local | awk '{print $3}' @@ -62,7 +66,9 @@ bootstrap_hash() # Only run bootstrap from a git checkout, never from a tarball. if test -d .git; then curr_status=.git-module-status t= - if test -d .gnulib; then + if test "$no_git"; then + t=no-git + elif test -d .gnulib; then t=$(bootstrap_hash; git diff .gnulib) fi case $t:${CLEAN_SUBMODULE+set} in @@ -78,7 +84,7 @@ if test -d .git; then # good, it's up to date, all we need is autoreconf autoreconf -if else - if test ${CLEAN_SUBMODULE+set}; then + if test -z "$no_git" && test ${CLEAN_SUBMODULE+set}; then echo cleaning up submodules... git submodule foreach 'git clean -dfqx && git reset --hard' fi diff --git a/bootstrap b/bootstrap index 0cbea66..9c52204 100755 --- a/bootstrap +++ b/bootstrap @@ -1,6 +1,6 @@ #! /bin/sh # Print a version string. -scriptversion=2013-05-08.20; # UTC +scriptversion=2013-07-03.20; # UTC # Bootstrap this package from checked-out sources. @@ -551,7 +551,7 @@ fi echo "$0: Bootstrapping from checked-out $package sources..." # See if we can use gnulib's git-merge-changelog merge driver. -if test -d .git && (git --version) >/dev/null 2>/dev/null ; then +if $use_git && test -d .git && (git --version) >/dev/null 2>/dev/null ; then if git config merge.merge-changelog.driver >/dev/null ; then : elif (git-merge-changelog --version) >/dev/null 2>/dev/null ; then @@ -574,13 +574,17 @@ git_modules_config () { test -f .gitmodules && git config --file .gitmodules "$@" } -gnulib_path=$(git_modules_config submodule.gnulib.path) -test -z "$gnulib_path" && gnulib_path=gnulib +if $use_git; then + gnulib_path=$(git_modules_config submodule.gnulib.path) + test -z "$gnulib_path" && gnulib_path=gnulib +fi -# Get gnulib files. +# Get gnulib files. Populate $GNULIB_SRCDIR, possibly updating a +# submodule, for use in the rest of the script. case ${GNULIB_SRCDIR--} in -) + # Note that $use_git is necessarily true in this case. if git_modules_config submodule.gnulib.url >/dev/null; then echo "$0: getting gnulib files..." git submodule init || exit $? @@ -601,8 +605,8 @@ case ${GNULIB_SRCDIR--} in GNULIB_SRCDIR=$gnulib_path ;; *) - # Use GNULIB_SRCDIR as a reference. - if test -d "$GNULIB_SRCDIR"/.git && \ + # Use GNULIB_SRCDIR directly or as a reference. + if $use_git && test -d "$GNULIB_SRCDIR"/.git && \ git_modules_config submodule.gnulib.url >/dev/null; then echo "$0: getting gnulib files..." if git submodule -h|grep -- --reference > /dev/null; then @@ -628,6 +632,9 @@ case ${GNULIB_SRCDIR--} in ;; esac +# $GNULIB_SRCDIR now points to the version of gnulib to use, and +# we no longer need to use git or $gnulib_path below here. + if $bootstrap_sync; then cmp -s "$0" "$GNULIB_SRCDIR/build-aux/bootstrap" || { echo "$0: updating bootstrap and restarting..." diff --git a/cfg.mk b/cfg.mk index bbe84b3..147e788 100644 --- a/cfg.mk +++ b/cfg.mk @@ -828,6 +828,7 @@ ifeq (0,$(MAKELEVEL)) test -d .git || { echo 0; exit; }; \ test -f po/Makevars || { echo 1; exit; }; \ test -f AUTHORS || { echo 1; exit; }; \ + test "no-git" = "$$(cat $(_curr_status))" && { echo 0; exit; }; \ actual=$$(git submodule status | $(_submodule_hash); \ git hash-object bootstrap.conf; \ git ls-tree -d HEAD gnulib/local | awk '{print $$3}'; \ -- 1.8.1.4

2 5

[libvirt] [PATCH] maint: tweak use of <a> in HACKING
by Eric Blake 10 Jul '13

10 Jul '13

The previous handling of <a> tags led to some less-than-ideal layout in HACKING (most noticeable on a mid-sentence reference to the valgrind home page). * docs/hacking.html.in: Slight tweaks to <a> tags. * docs/hacking1.xsl: Move <a> handling... * docs/hacking2.xsl: ...here. * HACKING: Regenerate. Signed-off-by: Eric Blake <eblake(a)redhat.com> --- HACKING | 24 +++++++----------------- docs/hacking.html.in | 4 ++-- docs/hacking1.xsl | 10 ++++++++++ docs/hacking2.xsl | 8 -------- 4 files changed, 19 insertions(+), 27 deletions(-) diff --git a/HACKING b/HACKING index a310faa..271ff6c 100644 --- a/HACKING +++ b/HACKING @@ -103,11 +103,8 @@ and run the tests: make syntax-check make -C tests valgrind - - - Valgrind - http://valgrind.org/is a test that checks for memory management issues, such as leaks or use of -uninitialized variables. +Valgrind <http://valgrind.org/> is a test that checks for memory management +issues, such as leaks or use of uninitialized variables. If you encounter any failing tests, the VIR_TEST_DEBUG environment variable may provide extra information to debug the failures. Larger values of @@ -186,11 +183,8 @@ In this instance, it is acceptible to modify the "tests/.valgrind.supp" file in order to add a suppression filter. The filter should be unique enough to not suppress real leaks, but it should be generic enough to cover multiple code paths. The format of the entry can be found in the documentation found at -the - - Valgrind home page. - http://valgrind.org/The following trace was added to "tests/.valgrind.supp" in order to suppress -the warning: +the Valgrind home page <http://valgrind.org/>. The following trace was added +to "tests/.valgrind.supp" in order to suppress the warning: { dlInitMemoryLeak1 @@ -211,10 +205,8 @@ feature or changing the output of a program. There is more on this subject, including lots of links to background reading -on the subject, on - - Richard Jones' guide to working with open source projects - http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/ +on the subject, on Richard Jones' guide to working with open source projects +<http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/>. Code indentation @@ -893,9 +885,7 @@ logic would be better pulled out into a helper function. Although libvirt does not encourage the Linux kernel wind/unwind style of multiple labels, there's a good general discussion of the issue archived at - - KernelTrap - http://kerneltrap.org/node/553/2131 +KernelTrap <http://kerneltrap.org/node/553/2131> When using goto, please use one of these standard labels if it makes sense: diff --git a/docs/hacking.html.in b/docs/hacking.html.in index 904b846..41c8d48 100644 --- a/docs/hacking.html.in +++ b/docs/hacking.html.in @@ -211,7 +211,7 @@ not suppress real leaks, but it should be generic enough to cover multiple code paths. The format of the entry can be found in the documentation found at the - <a href="http://valgrind.org/">Valgrind home page.</a> + <a href="http://valgrind.org/">Valgrind home page</a>. The following trace was added to <code>tests/.valgrind.supp</code> in order to suppress the warning: </p> @@ -236,7 +236,7 @@ There is more on this subject, including lots of links to background reading on the subject, on <a href="http://et.redhat.com/~rjones/how-to-supply-code-to-open-source-projects/"> - Richard Jones' guide to working with open source projects</a> + Richard Jones' guide to working with open source projects</a>. </p> diff --git a/docs/hacking1.xsl b/docs/hacking1.xsl index cdeb3a4..e70b45d 100644 --- a/docs/hacking1.xsl +++ b/docs/hacking1.xsl @@ -27,4 +27,14 @@ <xsl:template match="html:i">'<xsl:apply-templates/>'</xsl:template> <xsl:template match="html:code">"<xsl:apply-templates/>"</xsl:template> + +<xsl:template match="html:a"> +<xsl:text> </xsl:text><xsl:apply-templates/> +<xsl:if test="@href"> + <xsl:text> <</xsl:text><xsl:value-of select="@href"/> + <xsl:text>></xsl:text> +</xsl:if> +</xsl:template> + + </xsl:stylesheet> diff --git a/docs/hacking2.xsl b/docs/hacking2.xsl index 72fa9d3..1c9271f 100644 --- a/docs/hacking2.xsl +++ b/docs/hacking2.xsl @@ -138,12 +138,4 @@ from docs/hacking.html.in! </xsl:template> - -<xsl:template match="html:a"> -<xsl:value-of select="$newline"/><xsl:value-of select="$newline"/> -<xsl:text> </xsl:text><xsl:apply-templates/> -<xsl:value-of select="$newline"/> -<xsl:text> </xsl:text><xsl:value-of select="@href"/> -</xsl:template> - </xsl:stylesheet> -- 1.8.1.4

2 2

[libvirt] ANNOUNCE: libvirt-sandbox "Owami Desert" release 0.2.1
by Daniel P. Berrange 10 Jul '13

10 Jul '13

I pleased to announce the a new public release of libvirt-sandbox, version 0.2.1, is now available for download ftp://libvirt.org/libvirt/sandbox/ The packages are GPG signed with Key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF (4096R) The libvirt-sandbox package provides an API layer on top of libvirt-gobject which facilitates the cration of application sandboxes using virtualization technology. An application sandbox is a virtual machine or container that runs a single application binary, directly from the host OS filesystem. In other words there is no separate guest operating system install to build or manager. At this point in time libvirt-sandbox can create sandboxes using either LXC or KVM, and should in theory be extendable to any libvirt driver. This release has focused entirely on improving the virt-sandbox-service tool Changed in this release: - Requires libvirt-glib >= 0.1.7 - ABI change: Removed GVirSandboxCleaner class - Don't add link in /var/log/journal for image based containers - Don't hold open libvirt connection when displaying service sandbox consoles - Record container UUID in config for service sandboxes - Add missing RPMs deps - Allow custom mounts to be specified to virt-sandbox-service - Fix misc bugs in sandbox creation/deletion - Use 'guest bind' for configuring image based service sandboxes - Allow NIC MAC address to be chosen - Include systemd-initctl.socket in service sandboxes by default to allow libvirt initiated graceful shutdown Thanks to everyone who contributed to this release Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

1 0

[libvirt] [PATCH] maint: fix typo in qemu error message
by Eric Blake 10 Jul '13

10 Jul '13

Introduced in commit d47eff88. * src/qemu/qemu_driver.c (qemuDomainSetVcpusFlags): Fix spelling. Signed-off-by: Eric Blake <eblake(a)redhat.com> --- Pushed under the trivial rule. src/qemu/qemu_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 1b9ba41..16aa43f 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -4133,7 +4133,7 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus, if (flags & VIR_DOMAIN_VCPU_GUEST) { if (flags & VIR_DOMAIN_AFFECT_CONFIG) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", - _("chainging of maximum vCPU count isn't supported " + _("changing of maximum vCPU count isn't supported " "via guest agent")); goto endjob; } -- 1.8.1.4

1 0

[libvirt] [PATCH glib] Add support for reading/writing UUID attribute in domain config
by Daniel P. Berrange 10 Jul '13

10 Jul '13

From: "Daniel P. Berrange" <berrange(a)redhat.com> Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- libvirt-gconfig/libvirt-gconfig-domain.c | 33 ++++++++++++++++++++++++++++++++ libvirt-gconfig/libvirt-gconfig-domain.h | 2 ++ 2 files changed, 35 insertions(+) diff --git a/libvirt-gconfig/libvirt-gconfig-domain.c b/libvirt-gconfig/libvirt-gconfig-domain.c index eb97cd5..3c28a4a 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain.c +++ b/libvirt-gconfig/libvirt-gconfig-domain.c @@ -39,6 +39,7 @@ G_DEFINE_TYPE(GVirConfigDomain, gvir_config_domain, GVIR_CONFIG_TYPE_OBJECT); enum { PROP_0, PROP_NAME, + PROP_UUID, PROP_TITLE, PROP_DESCRIPTION, PROP_MEMORY, @@ -58,6 +59,9 @@ static void gvir_config_domain_get_property(GObject *object, case PROP_NAME: g_value_set_string(value, gvir_config_domain_get_name(domain)); break; + case PROP_UUID: + g_value_set_string(value, gvir_config_domain_get_uuid(domain)); + break; case PROP_TITLE: g_value_set_string(value, gvir_config_domain_get_title(domain)); break; @@ -93,6 +97,9 @@ static void gvir_config_domain_set_property(GObject *object, case PROP_NAME: gvir_config_domain_set_name(domain, g_value_get_string(value)); break; + case PROP_UUID: + gvir_config_domain_set_uuid(domain, g_value_get_string(value)); + break; case PROP_TITLE: gvir_config_domain_set_title(domain, g_value_get_string(value)); break; @@ -135,6 +142,14 @@ static void gvir_config_domain_class_init(GVirConfigDomainClass *klass) G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)); g_object_class_install_property(object_class, + PROP_UUID, + g_param_spec_string("uuid", + "UUID", + "Domain UUID", + NULL, + G_PARAM_READWRITE | + G_PARAM_STATIC_STRINGS)); + g_object_class_install_property(object_class, PROP_TITLE, g_param_spec_string("title", "Title", @@ -247,6 +262,12 @@ const char *gvir_config_domain_get_name(GVirConfigDomain *domain) "name"); } +const char *gvir_config_domain_get_uuid(GVirConfigDomain *domain) +{ + return gvir_config_object_get_node_content(GVIR_CONFIG_OBJECT(domain), + "uuid"); +} + const char *gvir_config_domain_get_title(GVirConfigDomain *domain) { return gvir_config_object_get_node_content(GVIR_CONFIG_OBJECT(domain), @@ -266,6 +287,18 @@ void gvir_config_domain_set_name(GVirConfigDomain *domain, const char *name) } /** + * gvir_config_domain_set_uuid: + * @domain: a #GVirConfigDomain + * @uuid: (allow-none): + */ +void gvir_config_domain_set_uuid(GVirConfigDomain *domain, const char *uuid) +{ + gvir_config_object_set_node_content(GVIR_CONFIG_OBJECT(domain), + "uuid", uuid); + g_object_notify(G_OBJECT(domain), "uuid"); +} + +/** * gvir_config_domain_set_title: * @domain: a #GVirConfigDomain * @title: (allow-none): title of the domain diff --git a/libvirt-gconfig/libvirt-gconfig-domain.h b/libvirt-gconfig/libvirt-gconfig-domain.h index 4951cf1..6e85374 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain.h +++ b/libvirt-gconfig/libvirt-gconfig-domain.h @@ -105,6 +105,8 @@ GVirConfigDomainVirtType gvir_config_domain_get_virt_type(GVirConfigDomain *doma void gvir_config_domain_set_virt_type(GVirConfigDomain *domain, GVirConfigDomainVirtType type); const char *gvir_config_domain_get_name(GVirConfigDomain *domain); void gvir_config_domain_set_name(GVirConfigDomain *domain, const char *name); +const char *gvir_config_domain_get_uuid(GVirConfigDomain *domain); +void gvir_config_domain_set_uuid(GVirConfigDomain *domain, const char *uuid); const char *gvir_config_domain_get_description(GVirConfigDomain *domain); void gvir_config_domain_set_description(GVirConfigDomain *domain, const char *description); guint64 gvir_config_domain_get_memory(GVirConfigDomain *domain); -- 1.8.3.1

2 1

[libvirt] [PATCH] daemon: Fix command example in libvirtd.sasl
by Cole Robinson 10 Jul '13

10 Jul '13

sasldblistusers2 doesn't have a '-a' option --- daemon/libvirtd.sasl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/libvirtd.sasl b/daemon/libvirtd.sasl index bfa056f..5e2528d 100644 --- a/daemon/libvirtd.sasl +++ b/daemon/libvirtd.sasl @@ -27,5 +27,5 @@ mech_list: digest-md5 # If using digest-md5 for username/passwds, then this is the file # containing the passwds. Use 'saslpasswd2 -a libvirt [username]' -# to add entries, and 'sasldblistusers2 -a libvirt' to browse it +# to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it sasldb_path: /etc/libvirt/passwd.db -- 1.8.3.1

2 2

[libvirt] [PATCH] LXC: Ensure security context is set when mounting images
by Daniel P. Berrange 10 Jul '13

10 Jul '13

From: "Daniel P. Berrange" <berrange(a)redhat.com> When setting up filesystems backed by block devices or file images, the SELinux mount options must be used to ensure the correct context is set Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- src/lxc/lxc_container.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 389c336..84069c0 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -109,7 +109,8 @@ struct __lxc_child_argv { }; static int lxcContainerMountFSBlock(virDomainFSDefPtr fs, - const char *srcprefix); + const char *srcprefix, + const char *sec_mount_options); /* @@ -546,7 +547,8 @@ cleanup: static int lxcContainerPrepareRoot(virDomainDefPtr def, - virDomainFSDefPtr root) + virDomainFSDefPtr root, + const char *sec_mount_options) { char *dst; char *tmp; @@ -578,7 +580,7 @@ static int lxcContainerPrepareRoot(virDomainDefPtr def, tmp = root->dst; root->dst = dst; - if (lxcContainerMountFSBlock(root, "") < 0) { + if (lxcContainerMountFSBlock(root, "", sec_mount_options) < 0) { root->dst = tmp; VIR_FREE(dst); return -1; @@ -1084,7 +1086,8 @@ lxcContainerMountDetectFilesystem(const char *src ATTRIBUTE_UNUSED, */ static int lxcContainerMountFSBlockAuto(virDomainFSDefPtr fs, int fsflags, - const char *src) + const char *src, + const char *sec_mount_options) { FILE *fp = NULL; int ret = -1; @@ -1161,8 +1164,9 @@ retry: STREQ(type, "*")) gotStar = true; - VIR_DEBUG("Trying mount %s with %s", src, type); - if (mount(src, fs->dst, type, fsflags, NULL) < 0) { + VIR_DEBUG("Trying mount '%s' on '%s' with '%s' opts '%s'", + src, fs->dst, type, sec_mount_options); + if (mount(src, fs->dst, type, fsflags, sec_mount_options) < 0) { /* These errnos indicate a bogus filesystem type for * the image we have, so skip to the next type */ @@ -1212,7 +1216,8 @@ cleanup: * probing for filesystem type */ static int lxcContainerMountFSBlockHelper(virDomainFSDefPtr fs, - const char *src) + const char *src, + const char *sec_mount_options) { int fsflags = 0; int ret = -1; @@ -1232,9 +1237,9 @@ static int lxcContainerMountFSBlockHelper(virDomainFSDefPtr fs, goto cleanup; if (format) { - VIR_DEBUG("Mount '%s' on '%s' with detected format '%s'", - src, fs->dst, format); - if (mount(src, fs->dst, format, fsflags, NULL) < 0) { + VIR_DEBUG("Mount '%s' on '%s' with detected format '%s' opts '%s'", + src, fs->dst, format, sec_mount_options); + if (mount(src, fs->dst, format, fsflags, sec_mount_options) < 0) { virReportSystemError(errno, _("Failed to mount device %s to %s as %s"), src, fs->dst, format); @@ -1242,7 +1247,7 @@ static int lxcContainerMountFSBlockHelper(virDomainFSDefPtr fs, } ret = 0; } else { - ret = lxcContainerMountFSBlockAuto(fs, fsflags, src); + ret = lxcContainerMountFSBlockAuto(fs, fsflags, src, sec_mount_options); } cleanup: @@ -1252,7 +1257,8 @@ cleanup: static int lxcContainerMountFSBlock(virDomainFSDefPtr fs, - const char *srcprefix) + const char *srcprefix, + const char *sec_mount_options) { char *src = NULL; int ret = -1; @@ -1262,7 +1268,7 @@ static int lxcContainerMountFSBlock(virDomainFSDefPtr fs, goto cleanup; } - ret = lxcContainerMountFSBlockHelper(fs, src); + ret = lxcContainerMountFSBlockHelper(fs, src, sec_mount_options); VIR_DEBUG("Done mounting filesystem ret=%d", ret); @@ -1324,7 +1330,7 @@ static int lxcContainerMountFS(virDomainFSDefPtr fs, return -1; break; case VIR_DOMAIN_FS_TYPE_BLOCK: - if (lxcContainerMountFSBlock(fs, "/.oldroot") < 0) + if (lxcContainerMountFSBlock(fs, "/.oldroot", sec_mount_options) < 0) return -1; break; case VIR_DOMAIN_FS_TYPE_RAM: @@ -1801,7 +1807,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, goto cleanup; /* Ensure the root filesystem is mounted */ - if (lxcContainerPrepareRoot(vmDef, root) < 0) + if (lxcContainerPrepareRoot(vmDef, root, sec_mount_options) < 0) goto cleanup; /* Gives us a private root, leaving all parent OS mounts on /.oldroot */ -- 1.8.3.1

2 1