September 2013 - Devel - libvirt List Archives

[libvirt] [PATCH] maint: update to latest gnulib
by Eric Blake 24 Sep '13

24 Sep '13

Since we're about to freeze, it's time to pick up the latest upstream gnulib. Among other changes, gnulib now guarantees the use of some -f flags that we were previously manually adding. * .gnulib: Update to latest, in part for warning improvements. * m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Drop flags that are now guaranteed by gnulib. * bootstrap: Resync to gnulib. Signed-off-by: Eric Blake <eblake(a)redhat.com> --- Pushing under my gnulib maintenance rule. * .gnulib 0ba0877...4a5ee89 (31): > manywarnings: enable nicer gcc warning messages > timespec: use the new TIMESPEC_RESOLUTION in a few more places > warnings: port --enable-gcc-warnings to Solaris Studio 12.3 > configmake: support new --runstatedir option > ctype, string: depend on extern-inline > userspec: support optional parameters to parse_user_spec() > timespec: new function make_timespec, and new constants > stdio: OS X port of putc_unlocked + extern inline > signal: OS X port of sigaddset etc. + extern inline > extern-inline: do not always suppress extern inline on OS X > extern-inline: document fixes for ctype and wctype macros > fflush, freadahead, fseeko: Fix for Android > pmccabe2html: fix portability issues > getgroups: statement without effect > autoupdate > update from texinfo > update from texinfo > glob: fix compilation > glob: fix build for platforms without __THROW > autoupdate > regex-quote: fix buffer access out of bounds > glob: avoid -Wattribute warnings on glibc > headers: check that _GL_INLINE_HEADER_BEGIN is defined > bootstrap: remove the --version requirement from ancillary tools > gc: support HMAC-SHA256 and HMAC-SHA512. > gettext: update to version 0.18.3.1 > selinux-at: omit unnecessary include > autoupdate > d-ino: avoid false negative on symlink > update from texinfo > autoupdate .gnulib | 2 +- bootstrap | 19 +++++++++++-------- m4/virt-compile-warnings.m4 | 2 -- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/.gnulib b/.gnulib index 0ba0877..4a5ee89 160000 --- a/.gnulib +++ b/.gnulib @@ -1 +1 @@ -Subproject commit 0ba087759d2797c8f7d3c34bef6268ba3fd212cb +Subproject commit 4a5ee89c8a8be7350a8fd8ca1bacb196a190e492 diff --git a/bootstrap b/bootstrap index cc7fc1b..e31d17d 100755 --- a/bootstrap +++ b/bootstrap @@ -209,12 +209,16 @@ bootstrap_sync=false # Use git to update gnulib sources use_git=true +check_exists() { + ($1 --version </dev/null) >/dev/null 2>&1 + test $? -lt 126 +} + # find_tool ENVVAR NAMES... # ------------------------- # Search for a required program. Use the value of ENVVAR, if set, -# otherwise find the first of the NAMES that can be run (i.e., -# supports --version). If found, set ENVVAR to the program name, -# die otherwise. +# otherwise find the first of the NAMES that can be run. +# If found, set ENVVAR to the program name, die otherwise. # # FIXME: code duplication, see also gnu-web-doc-update. find_tool () @@ -225,7 +229,7 @@ find_tool () eval "find_tool_res=\$$find_tool_envvar" if test x"$find_tool_res" = x; then for i; do - if ($i --version </dev/null) >/dev/null 2>&1; then + if check_exists $i; then find_tool_res=$i break fi @@ -463,8 +467,7 @@ check_versions() { if [ "$req_ver" = "-" ]; then # Merely require app to exist; not all prereq apps are well-behaved # so we have to rely on $? rather than get_version. - $app --version >/dev/null 2>&1 </dev/null - if [ 126 -le $? ]; then + if ! check_exists $app; then warn_ "Error: '$app' not found" ret=1 fi @@ -551,10 +554,10 @@ fi echo "$0: Bootstrapping from checked-out $package sources..." # See if we can use gnulib's git-merge-changelog merge driver. -if $use_git && test -d .git && (git --version) >/dev/null 2>/dev/null ; then +if $use_git && test -d .git && check_exists git; then if git config merge.merge-changelog.driver >/dev/null ; then : - elif (git-merge-changelog --version) >/dev/null 2>/dev/null ; then + elif check_exists git-merge-changelog; then echo "$0: initializing git-merge-changelog driver" git config merge.merge-changelog.name 'GNU-style ChangeLog merge driver' git config merge.merge-changelog.driver 'git-merge-changelog %O %A %B' diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4 index 938c8bb..8f905cc 100644 --- a/m4/virt-compile-warnings.m4 +++ b/m4/virt-compile-warnings.m4 @@ -187,8 +187,6 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ esac wantwarn="$wantwarn -fexceptions" wantwarn="$wantwarn -fasynchronous-unwind-tables" - wantwarn="$wantwarn -fdiagnostics-show-option" - wantwarn="$wantwarn -funit-at-a-time" # Need -fipa-pure-const in order to make -Wsuggest-attribute=pure # fire even without -O. -- 1.8.3.1

1 0

[libvirt] [PATCH 0/2]
by Claudio Bley 24 Sep '13

24 Sep '13

Hi. I used the rawhide RPMs to take out the DLLs for a test drive on Windows 64bit the other day. While trying to read the "screenshot" from the test domain using the test:///default connection, I only received 5 Bytes of the libvirtLogo.png file. Looking at the test driver, the condition piqued my interest, but wasn't the cause of the short read, only a bit odd. See patch #1. The actual cause was that the file was opened in text mode and the seventh byte was a 0x1A which triggered EOF on the FD. See patch #2. Claudio Bley (2): test: fix call to virFDStreamOpenFile in testDomainScreenshot Always open files in binary mode in virFDStreamOpenFileInternal src/fdstream.c | 2 +- src/test/test_driver.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- 1.8.3.1

3 7

[libvirt] [PATCH] conf: Fix virNetworkAssignDef's comment.
by lawrancejing 24 Sep '13

24 Sep '13

--- src/conf/network_conf.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index 6968e25..c877a6d 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -333,7 +333,7 @@ virNetworkObjAssignDef(virNetworkObjPtr network, * def. For an existing network, use "live" and current state of the * network to determine which to replace. * - * Returns -1 on failure, 0 on success. + * Returns NULL on error, virNetworkObjPtr on success. */ virNetworkObjPtr virNetworkAssignDef(virNetworkObjListPtr nets, -- 1.7.1

4 4

[libvirt] [PATCH 0/3] More OOM check fixes
by Daniel P. Berrange 24 Sep '13

24 Sep '13

From: "Daniel P. Berrange" <berrange(a)redhat.com> More OOM fixes. These didn't cause crashes, rather invalid XML / cli arg generation. Daniel P. Berrange (3): Add missing check for OOM when building boot menu args Honour error returned by virBitmapFormat Check return value of virDomainControllerInsert when parsing QEMU args src/conf/domain_conf.h | 9 ++++++--- src/qemu/qemu_command.c | 38 ++++++++++++++++++++++---------------- 2 files changed, 28 insertions(+), 19 deletions(-) -- 1.8.3.1

2 4

[libvirt] [PATCH] Add --disable-securityfs configure option
by Bogdan Purcareata 24 Sep '13

24 Sep '13

Securityfs is not enabled on all kernels running libvirt containers. This patch introduces a configure option that can specify whether containers should mount securityfs in their rootfs. Signed-off-by: Bogdan Purcareata <bogdan.purcareata(a)freescale.com> --- configure.ac | 8 ++++++++ src/lxc/lxc_container.c | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/configure.ac b/configure.ac index 553015a..b4351dd 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,14 @@ then [Extra package version]) fi +dnl Enable securityfs mounts if necessary +AC_ARG_ENABLE([securityfs], + AS_HELP_STRING([--disable-securityfs], [Disable mounting securityfs from container domains])) + +AS_IF([test "x$enable_securityfs" != "xno"],[ + AC_DEFINE_UNQUOTED([WITH_SECURITYFS],[],[Securityfs present]) + ]) + dnl Required minimum versions of all libs we depend on LIBXML_REQUIRED="2.6.0" GNUTLS_REQUIRED="1.0.25" diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index c60f5d8..72f1e81 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -768,8 +768,10 @@ static const virLXCBasicMountInfo lxcBasicMounts[] = { { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, { "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, +#if WITH_SECURITYFS { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, +#endif #if WITH_SELINUX { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, @@ -872,8 +874,10 @@ static int lxcContainerMountBasicFS(bool userns_enabled) continue; #endif +#if WITH_SECURITYFS if (STREQ(mnt->src, "securityfs") && userns_enabled) continue; +#endif if (virFileMakePath(mnt->dst) < 0) { virReportSystemError(errno, -- 1.7.11.7

3 3

[libvirt] [Patch]LXC: Add support for attach/detach/update controller in config for LXC
by Chen Hanxiao 24 Sep '13

24 Sep '13

From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com> Add support for attach/detach/update controller in config for LXC. Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com> --- src/lxc/lxc_driver.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 4cf0b50..9c58f67 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -2750,6 +2750,7 @@ lxcDomainAttachDeviceConfig(virDomainDefPtr vmdef, virDomainDiskDefPtr disk; virDomainNetDefPtr net; virDomainHostdevDefPtr hostdev; + virDomainControllerDefPtr controller; switch (dev->type) { case VIR_DOMAIN_DEVICE_DISK: @@ -2787,6 +2788,21 @@ lxcDomainAttachDeviceConfig(virDomainDefPtr vmdef, ret = 0; break; + case VIR_DOMAIN_DEVICE_CONTROLLER: + controller = dev->data.controller; + if (virDomainControllerFind(vmdef, controller->type, + controller->idx) >= 0) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("Target already exists")); + return -1; + } + + if (virDomainControllerInsert(vmdef, controller) < 0) + return -1; + dev->data.controller = NULL; + ret = 0; + break; + default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("persistent attach of device is not supported")); @@ -2849,6 +2865,7 @@ lxcDomainDetachDeviceConfig(virDomainDefPtr vmdef, virDomainDiskDefPtr disk, det_disk; virDomainNetDefPtr net; virDomainHostdevDefPtr hostdev, det_hostdev; + virDomainControllerDefPtr controller, det_cont; int idx; char mac[VIR_MAC_STRING_BUFLEN]; @@ -2895,6 +2912,19 @@ lxcDomainDetachDeviceConfig(virDomainDefPtr vmdef, break; } + case VIR_DOMAIN_DEVICE_CONTROLLER: + controller = dev->data.controller; + if ((idx = virDomainControllerFind(vmdef, controller->type, + controller->idx)) < 0) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("device not present in domain configuration")); + return -1; + } + det_cont = virDomainControllerRemove(vmdef, idx); + virDomainControllerDefFree(det_cont); + ret = 0; + break; + default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("persistent detach of device is not supported")); -- 1.8.2.1

2 2

Re: [libvirt] [PATCH] conf: Fix virNetworkAssignDef's comment.
by lawrance jing 24 Sep '13

24 Sep '13

OK. 2013/9/24 lawrance jing <lawrancejing(a)gmail.com>: > OK, thanks. > > 2013/9/24 Osier Yang <jyang(a)redhat.com>: >> On 24/09/13 15:57, lawrance jing wrote: >>> >>> I changed virNetworkAssignDef's comment,however what the patch show is >>> "-333,7 +333,7 @@ virNetworkObjAssignDef". Please give me a hint, thank you. >> >> >> Oh, it was confused, ACK and pushed. By the way, it's nicer if your reply >> mails with text format. >> >> Osier

1 0

[libvirt] How to intercept the VM start event and run the identity check
by Исаев Виталий Анатольевич 24 Sep '13

24 Sep '13

Dear developers! We are working on the project based on Red Hat Enterprise Virtualisation and Red Hat Identity Management. RHEV environment will be deployed in protected internal enterprise network. Now we are developing special admin tools in order to extend functionality of RHEL IdM and we faced with a rather difficult problem... The system should meet the increased demands of informational security, so what we are trying to implement is: 1. Intercept the event of user's VM start on the RHEL Hypervisor; 2. Suspend the VM; 3. Mount VM's disk to Hypervisor (or some other VM, for instance, admin's VM); 4. Check the integrity of the VM's system files (count md5sum etc.) 5. Unmount disk; 6. If verification is passed, start the VM, else - power off and disable VM till the decision of administrator. Is there any opportunity to implement this within the libvirt API? Thank you, Vitaly Isaev, "Fintech" JSC, Moscow, Russia www.fintech.ru<http://www.fintech.ru>

2 1

[libvirt] [PATCH 00/10] Fix multiple OOM problems
by Daniel P. Berrange 24 Sep '13

24 Sep '13

From: "Daniel P. Berrange" <berrange(a)redhat.com> Running out long ignored OOM injection tests identified a number of problems. This series fixes those that I have found so far, but more are to follow. I'm also rewriting the OOM injection code to make it much, much, much faster to run. Daniel P. Berrange (10): Fix crash on OOM when parsing disk security label Fix crash on OOM in parsing CPU mask in domain XML Fix crash if OOM occurs when creating virConnectPtr Fix crash on OOM in qemuDomainCCWAddressSetCreate() Fix crash on OOM in qemuAddRBDHost Fix allocation of arglist in qemuStringToArgvEnv Fix error checking of qemuParseKeywords return status Fix missing OOM check in qemuParseCommandLine when splitting strings Fix reporting of errors in OOM injection code Don't ignore allocation failure in virCommandAddEnvPassCommon src/conf/domain_conf.c | 5 ++-- src/datatypes.c | 10 +++++--- src/qemu/qemu_command.c | 59 ++++++++++++++++++++++++-------------------- src/qemu/qemu_command.h | 1 + src/qemu/qemu_monitor_json.c | 4 +-- src/util/viralloc.c | 18 ++++++++++++-- src/util/vircommand.c | 5 +++- 7 files changed, 63 insertions(+), 39 deletions(-) -- 1.8.3.1

2 20

[libvirt] [PATCH v4 0/7] cpu: add function to get the models for an arch
by Giuseppe Scrivano 24 Sep '13

24 Sep '13

This series adds a new API "virConnectGetCPUModelNames" that allows to retrieve the list of CPU models known by the hypervisor for a specific architecture. This new function is mainly needed by virt-manager to not read directly the cpu_map.xml file (it could also be different when accessing a remote daemon). *v4 main changes - cpuGetModels translates the arch name to the driver name. - virConnectGetCPUModelNames handles models==NULL, and - amended all the changes reported for v3 *v3 main changes - virConnectGetCPUModelNames returns the number of models instead of 0 on success. - Use VIR_INSERT_ELEMENT instead of VIR_EXPAND_N. - Fix a potential memory leak in the python bindings. - Move virsh changes to a separate commit. - Remove API documentation from libvirt.h. *v2 main changes - set a hard limit for the number of CPU models that is possible to fetch from a remote server. - Use VIR_EXPAND_N instead of VIR_REALLOC_N. - s|1.1.2|1.1.3| Giuseppe Scrivano (7): libvirt: add new public API virConnectGetCPUModelNames cpu: add function to get the models for an arch virConnectGetCPUModelNames: implement the remote protocol virConnectGetCPUModelNames: add the support for qemu virConnectGetCPUModelNames: add the support for the test protocol virsh: add function to get the CPU models for an arch python: add bindings for virConnectGetCPUModelNames daemon/remote.c | 52 ++++++++++++++++++++++++++ include/libvirt/libvirt.h.in | 4 ++ python/generator.py | 1 + python/libvirt-override-api.xml | 7 ++++ python/libvirt-override.c | 52 ++++++++++++++++++++++++++ python/libvirt-override.py | 11 ++++++ src/cpu/cpu.c | 82 ++++++++++++++++++++++++++++++++++++++++- src/cpu/cpu.h | 5 ++- src/driver.h | 7 ++++ src/libvirt.c | 51 +++++++++++++++++++++++++ src/libvirt_private.syms | 1 + src/libvirt_public.syms | 5 +++ src/qemu/qemu_driver.c | 14 +++++++ src/remote/remote_driver.c | 63 +++++++++++++++++++++++++++++++ src/remote/remote_protocol.x | 22 ++++++++++- src/remote_protocol-structs | 13 +++++++ src/test/test_driver.c | 11 ++++++ tools/virsh-host.c | 54 +++++++++++++++++++++++++++ tools/virsh.pod | 5 +++ 19 files changed, 457 insertions(+), 3 deletions(-) -- 1.8.3.1

2 14