[libvirt] [PATCH v4 2/3] Check for --no-copy-dt-needed linker flag
by Guido Günther
and use it when available
---
configure.ac | 1 +
daemon/Makefile.am | 1 +
m4/virt-linker-no-indirect.m4 | 32 ++++++++++++++++++++++++++++++++
src/Makefile.am | 1 +
tests/Makefile.am | 1 +
tools/Makefile.am | 1 +
6 files changed, 37 insertions(+)
create mode 100644 m4/virt-linker-no-indirect.m4
diff --git a/configure.ac b/configure.ac
index ac8cfa1..25d91ce 100644
--- a/configure.ac
+++ b/configure.ac
@@ -160,6 +160,7 @@ AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS])
LIBVIRT_COMPILE_WARNINGS
LIBVIRT_COMPILE_PIE
LIBVIRT_LINKER_RELRO
+LIBVIRT_LINKER_NO_INDIRECT
LIBVIRT_CHECK_APPARMOR
LIBVIRT_CHECK_ATTR
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 5cd95aa..e34868b 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -129,6 +129,7 @@ libvirtd_LDFLAGS = \
$(PIE_LDFLAGS) \
$(RELRO_LDFLAGS) \
$(COVERAGE_LDFLAGS) \
+ $(NO_INDIRECT_LDFLAGS) \
$(NULL)
libvirtd_LDADD = \
diff --git a/m4/virt-linker-no-indirect.m4 b/m4/virt-linker-no-indirect.m4
new file mode 100644
index 0000000..b344f70
--- /dev/null
+++ b/m4/virt-linker-no-indirect.m4
@@ -0,0 +1,32 @@
+dnl
+dnl Check for --no-copy-dt-needed-entries
+dnl
+dnl Copyright (C) 2013 Guido Günther <agx(a)sigxcpu.org>
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library. If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_LINKER_NO_INDIRECT],[
+ AC_MSG_CHECKING([for how to avoid indirect lib deps])
+
+ NO_INDIRECT_LDFLAGS=
+ case `$LD --help 2>&1` in
+ *"--no-copy-dt-needed-entries"*)
+ NO_INDIRECT_LDFLAGS="-Wl,--no-copy-dt-needed-entries" ;;
+ esac
+ AC_SUBST([NO_INDIRECT_LDFLAGS])
+
+ AC_MSG_RESULT([$NO_INDIRECT_LDFLAGS])
+])
diff --git a/src/Makefile.am b/src/Makefile.am
index 7c3d8a1..faa2cd6 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -35,6 +35,7 @@ AM_CFLAGS = $(LIBXML_CFLAGS) \
AM_LDFLAGS = $(DRIVER_MODULE_LDFLAGS) \
$(COVERAGE_LDFLAGS) \
$(RELRO_LDFLAGS) \
+ $(NO_INDIRECT_LDFLAGS) \
$(NULL)
EXTRA_DIST = $(conf_DATA) util/keymaps.csv
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 9098dec..86c3e11 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -50,6 +50,7 @@ endif
LDADDS = \
$(WARN_CFLAGS) \
+ $(NO_INDIRECT_LDFLAGS) \
$(PROBES_O) \
../src/libvirt.la \
../gnulib/lib/libgnu.la
diff --git a/tools/Makefile.am b/tools/Makefile.am
index be7ed23..c5bd5bb 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -24,6 +24,7 @@ INCLUDES = \
AM_LDFLAGS = \
$(RELRO_LDFLAGS) \
+ $(NO_INDIRECT_LDFLAGS) \
$(NULL)
POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)"
--
1.8.4.rc3
11 years, 3 months
[libvirt] [PATCH v4 1/3] Simplify RELRO_LDFLAGS
by Guido Günther
by adding it to AM_LDFLAGS instead of every linking rule and
by avoiding a forked grep.
---
daemon/Makefile.am | 4 +++-
m4/virt-linker-relro.m4 | 11 +++++++----
src/Makefile.am | 13 +++----------
tools/Makefile.am | 18 +++++++++++++-----
4 files changed, 26 insertions(+), 20 deletions(-)
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index ad7544c..5cd95aa 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -125,9 +125,11 @@ libvirtd_CFLAGS = \
-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\""
libvirtd_LDFLAGS = \
+ $(RELRO_LDFLAGS) \
$(PIE_LDFLAGS) \
$(RELRO_LDFLAGS) \
- $(COVERAGE_LDFLAGS)
+ $(COVERAGE_LDFLAGS) \
+ $(NULL)
libvirtd_LDADD = \
$(LIBXML_LIBS) \
diff --git a/m4/virt-linker-relro.m4 b/m4/virt-linker-relro.m4
index 9bca90e..079a095 100644
--- a/m4/virt-linker-relro.m4
+++ b/m4/virt-linker-relro.m4
@@ -22,10 +22,13 @@ AC_DEFUN([LIBVIRT_LINKER_RELRO],[
AC_MSG_CHECKING([for how to force completely read-only GOT table])
RELRO_LDFLAGS=
- `$LD --help 2>&1 | grep -- "-z relro" >/dev/null` && \
- RELRO_LDFLAGS="-Wl,-z -Wl,relro"
- `$LD --help 2>&1 | grep -- "-z now" >/dev/null` && \
- RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now"
+ ld_help=`$LD --help 2>&1`
+ case $ld_help in
+ *"-z relro"*) RELRO_LDFLAGS="-Wl,-z -Wl,relro" ;;
+ esac
+ case $ld_help in
+ *"-z now"*) RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now" ;;
+ esac
AC_SUBST([RELRO_LDFLAGS])
AC_MSG_RESULT([$RELRO_LDFLAGS])
diff --git a/src/Makefile.am b/src/Makefile.am
index 4702cde..7c3d8a1 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -33,7 +33,9 @@ AM_CFLAGS = $(LIBXML_CFLAGS) \
$(WIN32_EXTRA_CFLAGS) \
$(COVERAGE_CFLAGS)
AM_LDFLAGS = $(DRIVER_MODULE_LDFLAGS) \
- $(COVERAGE_LDFLAGS)
+ $(COVERAGE_LDFLAGS) \
+ $(RELRO_LDFLAGS) \
+ $(NULL)
EXTRA_DIST = $(conf_DATA) util/keymaps.csv
@@ -1812,7 +1814,6 @@ libvirt_la_LDFLAGS = \
-version-info $(LIBVIRT_VERSION_INFO) \
$(LIBVIRT_NODELETE) \
$(AM_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS) \
$(NULL)
@@ -1896,7 +1897,6 @@ libvirt_qemu_la_LDFLAGS = \
$(VERSION_SCRIPT_FLAGS)$(LIBVIRT_QEMU_SYMBOL_FILE) \
-version-info $(LIBVIRT_VERSION_INFO) \
$(AM_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS) \
$(NULL)
@@ -1908,7 +1908,6 @@ libvirt_lxc_la_LDFLAGS = \
$(VERSION_SCRIPT_FLAGS)$(LIBVIRT_LXC_SYMBOL_FILE) \
-version-info $(LIBVIRT_VERSION_INFO) \
$(AM_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS) \
$(NULL)
@@ -1964,7 +1963,6 @@ virtlockd_CFLAGS = \
virtlockd_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS) \
$(NULL)
@@ -2243,7 +2241,6 @@ libvirt_iohelper_SOURCES = $(UTIL_IO_HELPER_SOURCES)
libvirt_iohelper_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(NULL)
libvirt_iohelper_LDADD = \
libvirt_util.la \
@@ -2266,7 +2263,6 @@ libvirt_parthelper_SOURCES = $(STORAGE_HELPER_DISK_SOURCES)
libvirt_parthelper_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(NULL)
libvirt_parthelper_LDADD = \
$(LIBPARTED_LIBS) \
@@ -2298,7 +2294,6 @@ libvirt_sanlock_helper_CFLAGS = \
libvirt_sanlock_helper_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(NULL)
libvirt_sanlock_helper_LDADD = libvirt.la
endif
@@ -2314,7 +2309,6 @@ libvirt_lxc_SOURCES = \
libvirt_lxc_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(NULL)
libvirt_lxc_LDADD = \
$(FUSE_LIBS) \
@@ -2358,7 +2352,6 @@ virt_aa_helper_SOURCES = $(SECURITY_DRIVER_APPARMOR_HELPER_SOURCES)
virt_aa_helper_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(NULL)
virt_aa_helper_LDADD = \
libvirt_conf.la \
diff --git a/tools/Makefile.am b/tools/Makefile.am
index f85c35c..be7ed23 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -22,6 +22,10 @@ INCLUDES = \
-I$(top_srcdir) \
$(GETTEXT_CPPFLAGS)
+AM_LDFLAGS = \
+ $(RELRO_LDFLAGS) \
+ $(NULL)
+
POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)"
ICON_FILES = \
@@ -118,8 +122,8 @@ virt_host_validate_SOURCES = \
$(NULL)
virt_host_validate_LDFLAGS = \
+ $(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(COVERAGE_LDFLAGS) \
$(NULL)
@@ -137,11 +141,13 @@ virt_host_validate_CFLAGS = \
virt_login_shell_SOURCES = \
virt-login-shell.c
-virt_login_shell_LDFLAGS = $(COVERAGE_LDFLAGS)
+virt_login_shell_LDFLAGS = \
+ $(AM_LDFLAGS) \
+ $(COVERAGE_LDFLAGS) \
+ $(NULL)
virt_login_shell_LDADD = \
$(STATIC_BINARIES) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
../src/libvirt.la \
../src/libvirt-lxc.la \
../gnulib/lib/libgnu.la
@@ -167,11 +173,13 @@ virsh_SOURCES = \
virsh-volume.c virsh-volume.h \
$(NULL)
-virsh_LDFLAGS = $(COVERAGE_LDFLAGS)
+virsh_LDFLAGS = \
+ $(AM_LDFLAGS) \
+ $(COVERAGE_LDFLAGS) \
+ $(NULL)
virsh_LDADD = \
$(STATIC_BINARIES) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
../src/libvirt.la \
../src/libvirt-lxc.la \
../src/libvirt-qemu.la \
--
1.8.4.rc3
11 years, 3 months
[libvirt] [PATCH] Test handling of non-existant x509 certs
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
In commit f905cc998449c89339d0e2894a71d9a9e45293e5 a use of
uninitialized data was fixed based on a coverity report. It
turns out it was possible to trigger this issue by pointing
libvirt at non-existant certificate files, typically causing
a crash.
This adds a test case for that scenario. With the above
commit reverted, this new test case will crash with a SEGV.
With the fix applied, it passes, reporting a normal libvirt
error to the caller.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
tests/virnettlscontexttest.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
index 2c7d400..33f239c 100644
--- a/tests/virnettlscontexttest.c
+++ b/tests/virnettlscontexttest.c
@@ -563,6 +563,8 @@ mymain(void)
DO_CTX_TEST(true, "cacertchain-ctx.pem", servercertlevel3areq.filename, false);
DO_CTX_TEST(false, "cacertchain-ctx.pem", clientcertlevel2breq.filename, false);
+ DO_CTX_TEST(false, "cacertdoesnotexist.pem", "servercertdoesnotexist.pem", true);
+
testTLSDiscardCert(&cacertreq);
testTLSDiscardCert(&cacert1req);
testTLSDiscardCert(&cacert2req);
--
1.8.3.1
11 years, 3 months
[libvirt] SIGSEGV using virConnect.newStream with Python
by Claudio Bley
Hi.
I tried this on Fedora 19, using libvirt 1.0.5 and also tested with
git v1.1.1-maint as well as git master on Ubuntu 12.04.
How to reproduce:
---- python -----
import libvirt as l
c = l.virConnect("test:///default")
v = c.virStream()
-----------------
Here's my GDB session with git master:
$ gdb python
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /usr/bin/python...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/python
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Python 2.7.3 (default, Apr 10 2013, 06:20:15)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt as l
2013-08-20 09:21:39.437+0000: 12678: info : libvirt version: 1.1.1
2013-08-20 09:21:39.437+0000: 12678: debug : virGlobalInit:438 : register drivers
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:764 : driver=0x7ffff5dc6760 name=Test
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:776 : registering Test as driver 0
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNetworkDriver:611 : registering Test as network driver 0
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterInterfaceDriver:638 : registering Test as interface driver 0
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterStorageDriver:665 : registering Test as storage driver 0
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNodeDeviceDriver:692 : registering Test as device driver 0
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterSecretDriver:719 : registering Test as secret driver 0
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNWFilterDriver:746 : registering Test as network filter driver 0
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterSecretDriver:719 : registering Test as secret driver 0 [19/1965]
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNWFilterDriver:746 : registering Test as network filter driver 0
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:764 : driver=0x7ffff5dc7ec0 name=OPENVZ
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:776 : registering OPENVZ as driver 1
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:764 : driver=0x7ffff5dc84e0 name=VMWARE
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:776 : registering VMWARE as driver 2
2013-08-20 09:21:39.437+0000: 12678: debug : parallelsRegister:2423 : Can't find prlctl command in the PATH env
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:764 : driver=0x7ffff5dc71a0 name=remote
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:776 : registering remote as driver 3
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNetworkDriver:611 : registering remote as network driver 1
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterInterfaceDriver:638 : registering remote as interface driver 1
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterStorageDriver:665 : registering remote as storage driver 1
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNodeDeviceDriver:692 : registering remote as device driver 1
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterSecretDriver:719 : registering remote as secret driver 1
2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNWFilterDriver:746 : registering remote as network filter driver 1
>>> c = l.virConnect("test:///default")
>>> v = c.newStream()
2013-08-20 09:22:08.120+0000: 12678: debug : virStreamNew:16922 : conn=0xf, flags=0
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff59be0e9 in virObjectIsClass (anyobj=<optimized out>, klass=0x0) at util/virobject.c:362
362 return virClassIsDerivedFrom(obj->klass, klass);
(gdb) bt full
#0 0x00007ffff59be0e9 in virObjectIsClass (anyobj=<optimized out>, klass=0x0) at util/virobject.c:362
obj = 0xf
#1 0x00007ffff5a7fca8 in virStreamNew (conn=0xf, flags=0) at libvirt.c:16926
st = <optimized out>
__func__ = "virStreamNew"
__FUNCTION__ = "virStreamNew"
#2 0x00007ffff5df7f72 in libvirt_virStreamNew (self=<optimized out>, args=<optimized out>) at libvirt.c:2617
_save = 0x0
c_retval = <optimized out>
conn = 0xf
pyobj_conn = 0x7ffff7edd5a8
flags = 0
#3 0x0000000000466254 in PyEval_EvalFrameEx ()
No symbol table info available.
#4 0x000000000057bd02 in PyEval_EvalCodeEx ()
No symbol table info available.
#5 0x00000000004667f8 in PyEval_EvalFrameEx ()
No symbol table info available.
#6 0x000000000057bd02 in PyEval_EvalCodeEx ()
No symbol table info available.
#7 0x000000000057d991 in PyRun_InteractiveOneFlags ()
No symbol table info available.
#8 0x000000000057dbfa in PyRun_InteractiveLoopFlags ()
No symbol table info available.
#9 0x000000000057e8e3 in PyRun_AnyFileExFlags ()
No symbol table info available.
#10 0x0000000000512cfd in Py_Main ()
No symbol table info available.
#11 0x00007ffff68cc76d in __libc_start_main (main=0x41ba20 <main>, argc=1, ubp_av=0x7fffffffe5f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe5e8) at libc-start.c:226
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -4474691967429585002, 4307496, 140737488348656, 0, 0, 4474691967066888086, 4474711353541580694}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x57e930, 0x7fffffffe5f8}, data = {
---Type <return> to continue, or q <return> to quit---
prev = 0x0, cleanup = 0x0, canceltype = 5761328}}}
not_first_call = <optimized out>
#12 0x000000000041ba51 in _start ()
No symbol table info available.
Can anybody make any sense out of this already? What else can I do
helping to solve this?
/ Claudio
--
AV-Test GmbH, Henricistraße 20, 04155 Leipzig, Germany
Phone: +49 341 265 310 19
Web:<http://www.av-test.org>
Eingetragen am / Registered at: Amtsgericht Stendal (HRB 114076)
Geschaeftsfuehrer (CEO): Andreas Marx, Guido Habicht, Maik Morgenstern
11 years, 3 months
[libvirt] [PATCH 1/2] Simplify RELRO_LDFLAGS
by Guido Günther
by adding it to AM_LDFLAGS instead of every linking rule and
by avoiding a forked grep.
---
Daniel kind of nacked the AM_LDFLAGS part already but I think it's a
reasonable cleanup. We should rather use AM_LDFLAGS everywhere which
(we currently don't and which would be another cleanup). Or are there
any reasons to not have a read only GOT?
daemon/Makefile.am | 4 +++-
m4/virt-linker-relro.m4 | 8 ++++----
src/Makefile.am | 13 +++----------
tools/Makefile.am | 18 +++++++++++++-----
4 files changed, 23 insertions(+), 20 deletions(-)
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index ad7544c..5cd95aa 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -125,9 +125,11 @@ libvirtd_CFLAGS = \
-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\""
libvirtd_LDFLAGS = \
+ $(RELRO_LDFLAGS) \
$(PIE_LDFLAGS) \
$(RELRO_LDFLAGS) \
- $(COVERAGE_LDFLAGS)
+ $(COVERAGE_LDFLAGS) \
+ $(NULL)
libvirtd_LDADD = \
$(LIBXML_LIBS) \
diff --git a/m4/virt-linker-relro.m4 b/m4/virt-linker-relro.m4
index 9bca90e..d287cbc 100644
--- a/m4/virt-linker-relro.m4
+++ b/m4/virt-linker-relro.m4
@@ -22,10 +22,10 @@ AC_DEFUN([LIBVIRT_LINKER_RELRO],[
AC_MSG_CHECKING([for how to force completely read-only GOT table])
RELRO_LDFLAGS=
- `$LD --help 2>&1 | grep -- "-z relro" >/dev/null` && \
- RELRO_LDFLAGS="-Wl,-z -Wl,relro"
- `$LD --help 2>&1 | grep -- "-z now" >/dev/null` && \
- RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now"
+ case `$LD --help 2>&1` in
+ *"-z relro"*) RELRO_LDFLAGS="-Wl,-z -Wl,relro" ;&
+ *"-z now"*) RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now" ;;
+ esac
AC_SUBST([RELRO_LDFLAGS])
AC_MSG_RESULT([$RELRO_LDFLAGS])
diff --git a/src/Makefile.am b/src/Makefile.am
index 4702cde..7c3d8a1 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -33,7 +33,9 @@ AM_CFLAGS = $(LIBXML_CFLAGS) \
$(WIN32_EXTRA_CFLAGS) \
$(COVERAGE_CFLAGS)
AM_LDFLAGS = $(DRIVER_MODULE_LDFLAGS) \
- $(COVERAGE_LDFLAGS)
+ $(COVERAGE_LDFLAGS) \
+ $(RELRO_LDFLAGS) \
+ $(NULL)
EXTRA_DIST = $(conf_DATA) util/keymaps.csv
@@ -1812,7 +1814,6 @@ libvirt_la_LDFLAGS = \
-version-info $(LIBVIRT_VERSION_INFO) \
$(LIBVIRT_NODELETE) \
$(AM_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS) \
$(NULL)
@@ -1896,7 +1897,6 @@ libvirt_qemu_la_LDFLAGS = \
$(VERSION_SCRIPT_FLAGS)$(LIBVIRT_QEMU_SYMBOL_FILE) \
-version-info $(LIBVIRT_VERSION_INFO) \
$(AM_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS) \
$(NULL)
@@ -1908,7 +1908,6 @@ libvirt_lxc_la_LDFLAGS = \
$(VERSION_SCRIPT_FLAGS)$(LIBVIRT_LXC_SYMBOL_FILE) \
-version-info $(LIBVIRT_VERSION_INFO) \
$(AM_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS) \
$(NULL)
@@ -1964,7 +1963,6 @@ virtlockd_CFLAGS = \
virtlockd_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS) \
$(NULL)
@@ -2243,7 +2241,6 @@ libvirt_iohelper_SOURCES = $(UTIL_IO_HELPER_SOURCES)
libvirt_iohelper_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(NULL)
libvirt_iohelper_LDADD = \
libvirt_util.la \
@@ -2266,7 +2263,6 @@ libvirt_parthelper_SOURCES = $(STORAGE_HELPER_DISK_SOURCES)
libvirt_parthelper_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(NULL)
libvirt_parthelper_LDADD = \
$(LIBPARTED_LIBS) \
@@ -2298,7 +2294,6 @@ libvirt_sanlock_helper_CFLAGS = \
libvirt_sanlock_helper_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(NULL)
libvirt_sanlock_helper_LDADD = libvirt.la
endif
@@ -2314,7 +2309,6 @@ libvirt_lxc_SOURCES = \
libvirt_lxc_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(NULL)
libvirt_lxc_LDADD = \
$(FUSE_LIBS) \
@@ -2358,7 +2352,6 @@ virt_aa_helper_SOURCES = $(SECURITY_DRIVER_APPARMOR_HELPER_SOURCES)
virt_aa_helper_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(NULL)
virt_aa_helper_LDADD = \
libvirt_conf.la \
diff --git a/tools/Makefile.am b/tools/Makefile.am
index f85c35c..be7ed23 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -22,6 +22,10 @@ INCLUDES = \
-I$(top_srcdir) \
$(GETTEXT_CPPFLAGS)
+AM_LDFLAGS = \
+ $(RELRO_LDFLAGS) \
+ $(NULL)
+
POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)"
ICON_FILES = \
@@ -118,8 +122,8 @@ virt_host_validate_SOURCES = \
$(NULL)
virt_host_validate_LDFLAGS = \
+ $(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
$(COVERAGE_LDFLAGS) \
$(NULL)
@@ -137,11 +141,13 @@ virt_host_validate_CFLAGS = \
virt_login_shell_SOURCES = \
virt-login-shell.c
-virt_login_shell_LDFLAGS = $(COVERAGE_LDFLAGS)
+virt_login_shell_LDFLAGS = \
+ $(AM_LDFLAGS) \
+ $(COVERAGE_LDFLAGS) \
+ $(NULL)
virt_login_shell_LDADD = \
$(STATIC_BINARIES) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
../src/libvirt.la \
../src/libvirt-lxc.la \
../gnulib/lib/libgnu.la
@@ -167,11 +173,13 @@ virsh_SOURCES = \
virsh-volume.c virsh-volume.h \
$(NULL)
-virsh_LDFLAGS = $(COVERAGE_LDFLAGS)
+virsh_LDFLAGS = \
+ $(AM_LDFLAGS) \
+ $(COVERAGE_LDFLAGS) \
+ $(NULL)
virsh_LDADD = \
$(STATIC_BINARIES) \
$(PIE_LDFLAGS) \
- $(RELRO_LDFLAGS) \
../src/libvirt.la \
../src/libvirt-lxc.la \
../src/libvirt-qemu.la \
--
1.8.4.rc3
11 years, 3 months
[libvirt] [PATCH v2]LXC: Helper function for checking ownership of dir when userns enabled
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
If we enable userns, the ownership of dir we provided for containers
should match the uid/gid in idmap.
Currently, the debug log is very implicit or misleading sometimes.
This patch will help clarify this for us when using
debug log or virsh.
v2: syntax-check clean
Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
---
src/lxc/lxc_container.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 46 insertions(+), 0 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index b910b10..2ccdc61 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1815,6 +1815,49 @@ lxcNeedNetworkNamespace(virDomainDefPtr def)
return false;
}
+/*
+ * Helper function for helping check
+ * whether we have enough privilege
+ * to operate the source dir when userns enabled
+ * @vmDef: pointer to vm definition structure
+ * Returns 0 on success or -1 in case of error
+ */
+static int
+lxcContainerUsernsSrcOwnershipCheck(virDomainDefPtr vmDef)
+{
+ struct stat buf;
+ size_t i;
+ uid_t uid;
+ gid_t gid;
+
+ VIR_DEBUG("vmDef->nfss %d", (int)vmDef->nfss);
+ for (i = 0; i < vmDef->nfss; i++) {
+ VIR_DEBUG("dst is %s, src is %s",
+ vmDef->fss[i]->dst,
+ vmDef->fss[i]->src);
+
+ uid = vmDef->idmap.uidmap[0].target;
+ gid = vmDef->idmap.gidmap[0].target;
+
+ if (lstat(vmDef->fss[i]->src, &buf) < 0) {
+ virReportSystemError(errno, _("Cannot access '%s'"),
+ vmDef->fss[i]->src);
+ return -1;
+ } else if (uid != buf.st_uid || gid != buf.st_gid) {
+ VIR_DEBUG("In userns uid is %d, gid is %d\n",
+ uid, gid);
+ errno = EINVAL;
+
+ virReportSystemError(errno,
+ _("[userns] Src dir '%s' does not belong to uid/gid: %d/%d"),
+ vmDef->fss[i]->src, uid, gid);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
/**
* lxcContainerStart:
* @def: pointer to virtual machine structure
@@ -1866,6 +1909,9 @@ int lxcContainerStart(virDomainDefPtr def,
if (userns_supported()) {
VIR_DEBUG("Enable user namespace");
cflags |= CLONE_NEWUSER;
+ if (lxcContainerUsernsSrcOwnershipCheck(def) < 0) {
+ return -1;
+ }
} else {
virReportSystemError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Kernel doesn't support user namespace"));
--
1.7.1
11 years, 3 months
[libvirt] [libvirt-IEEE-plan][PATCH] delete regression test of bug 990061 since it is moved to rhel6.6
by Xuesong Zhang
---
6-5/markdown/10-Test_design/22-Node_devices.txt | 6 ------
1 file changed, 6 deletions(-)
diff --git a/6-5/markdown/10-Test_design/22-Node_devices.txt b/6-5/markdown/10-Test_design/22-Node_devices.txt
index bf86615..dea4850 100644
--- a/6-5/markdown/10-Test_design/22-Node_devices.txt
+++ b/6-5/markdown/10-Test_design/22-Node_devices.txt
@@ -88,12 +88,6 @@ Action for the node device: Create, destroy, detach, dumpxml, list, retach, rese
Verify the driver of the device should be updated timely in the nodedev-dumpxml.
-**Regression tests:**
-
-1. **The virt_function should not be appear in the nodedev-dumpxml of VF** - BZ\#990061
-
- Verify there is no virt_function in the nodedev-dumpxml of one VF.
-
[ References ]
--
1.7.11.7
11 years, 3 months
[libvirt] [PATCH] blkio: change the minimum weight from 100 to 10
by Gao feng
kernel had changed the minimum weight of device blkio from
100 to 10 in commit df457f845e5449be2e7d96668791f789b3770ac7.
commit df457f845e5449be2e7d96668791f789b3770ac7
Author: Justin TerAvest <teravest(a)google.com>
Date: Tue Mar 8 19:45:00 2011 +0100
blk-cgroup: Lower minimum weight from 100 to 10.
We've found that we still get good, useful isolation at weights this
low. I'd like to adjust the minimum so that any other changes can take
these values into account.
Signed-off-by: Justin TerAvest <teravest(a)google.com>
Acked-by: Vivek Goyal <vgoyal(a)redhat.com>
Signed-off-by: Jens Axboe <jaxboe(a)fusionio.com>
libvirt should comport with kernel.
Signed-off-by: Gao feng <gaofeng(a)cn.fujitsu.com>
---
docs/formatdomain.html.in | 4 ++--
src/util/vircgroup.c | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 83d551a..541acb3 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -766,7 +766,7 @@
defaults. <span class="since">Since 0.8.8</span></dd>
<dt><code>weight</code></dt>
<dd> The optional <code>weight</code> element is the overall I/O
- weight of the guest. The value should be in the range [100,
+ weight of the guest. The value should be in the range [10,
1000].</dd>
<dt><code>device</code></dt>
<dd>The domain may have multiple <code>device</code> elements
@@ -783,7 +783,7 @@
Each <code>device</code> element has two
mandatory sub-elements, <code>path</code> describing the
absolute path of the device, and <code>weight</code> giving
- the relative weight of that device, in the range [100,
+ the relative weight of that device, in the range [10,
1000]. <span class="since">Since 0.9.8</span></dd>
</dl>
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 16458a3..6e1fe6c 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1784,9 +1784,9 @@ virCgroupPathOfController(virCgroupPtr group,
int
virCgroupSetBlkioWeight(virCgroupPtr group, unsigned int weight)
{
- if (weight > 1000 || weight < 100) {
+ if (weight > 1000 || weight < 10) {
virReportError(VIR_ERR_INVALID_ARG,
- _("weight '%u' must be in range (100, 1000)"),
+ _("weight '%u' must be in range (10, 1000)"),
weight);
return -1;
}
@@ -1825,7 +1825,7 @@ virCgroupGetBlkioWeight(virCgroupPtr group, unsigned int *weight)
*
* @group: The cgroup to change io device weight device for
* @path: The device with a weight to alter
- * @weight: The new device weight (100-1000), or 0 to clear
+ * @weight: The new device weight (10-1000), or 0 to clear
*
* device_weight is treated as a write-only parameter, so
* there isn't a getter counterpart.
@@ -1841,9 +1841,9 @@ virCgroupSetBlkioDeviceWeight(virCgroupPtr group,
struct stat sb;
int ret;
- if (weight && (weight > 1000 || weight < 100)) {
+ if (weight && (weight > 1000 || weight < 10)) {
virReportError(VIR_ERR_INVALID_ARG,
- _("weight '%u' must be in range (100, 1000)"),
+ _("weight '%u' must be in range (10, 1000)"),
weight);
return -1;
}
--
1.8.3.1
11 years, 3 months
[libvirt] Domblklist
by Yaniv Hadad
I am looking for the equivalent of virsh domblklist in libvirt API
reference. I am using the Java binding.
What I want to get is the device list of the domain as in the following
example:
virsh # domblklist centos64test
Target Source
------------------------------------------------
hda /instances/centos64test.img
hdc -
Yaniv Hadad
Servers & Network Group, IBM R&D Labs in Israel
Software Devloper
yanivh(a)il.ibm.com, +972-4-829-6594
Fax: +972-4-829-6111, Cell: +972-50-4078908
11 years, 3 months
