[libvirt] [PATCH 0/5] Get AppArmor to work for LXC containers
by Cédric Bosdonnat
This patch series, implements the AppArmor support for LXC containers.
examples/apparmor/libvirt-lxc only allows the minimum, users will be
able to add more in the generated profile.
Cédric Bosdonnat (5):
LXC driver: generate apparmor profiles for guests
Make sure apparmor is started before libvirtd
Set default lxc security_driver to none
apparmor: add debug traces when changing profile.
add support for apparmor in lxc-enter-namespace
daemon/libvirtd.service.in | 1 +
examples/apparmor/Makefile.am | 2 ++
examples/apparmor/TEMPLATE | 2 +-
examples/apparmor/libvirt-lxc | 17 ++++++++++
src/libvirt-lxc.c | 13 ++++++++
src/lxc/lxc.conf | 2 ++
src/security/security_apparmor.c | 15 ++++++---
src/security/virt-aa-helper.c | 69 +++++++++++++++++++++++++++++-----------
8 files changed, 97 insertions(+), 24 deletions(-)
create mode 100644 examples/apparmor/libvirt-lxc
--
1.8.5.2
10 years, 9 months
[libvirt] [PATCH v2 glib] gobject-stream: fix issue found by coverity
by Pavel Hrdina
The coverity server found issue in gvir_stream_close function that
we ignore return values of g_input_stream_close and
g_output_stream_close, but we also ignore the error message and we
assume that it's closed without error.
Now we will check return values and also propagate the error message
to the upper layers. We should try to close both streams even if
closing the first one will fails. We can propagate only one error
message.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
libvirt-gobject/libvirt-gobject-stream.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/libvirt-gobject/libvirt-gobject-stream.c b/libvirt-gobject/libvirt-gobject-stream.c
index 1572022..46dbd9a 100644
--- a/libvirt-gobject/libvirt-gobject-stream.c
+++ b/libvirt-gobject/libvirt-gobject-stream.c
@@ -102,17 +102,31 @@ static GOutputStream* gvir_stream_get_output_stream(GIOStream *io_stream)
static gboolean gvir_stream_close(GIOStream *io_stream,
GCancellable *cancellable,
- G_GNUC_UNUSED GError **error)
+ GError **error)
{
GVirStream *self = GVIR_STREAM(io_stream);
+ GError *local_error = NULL;
+ gboolean i_ret = TRUE, o_ret = TRUE;
+
+ g_return_val_if_fail(error == NULL || *error == NULL, FALSE);
if (self->priv->input_stream)
- g_input_stream_close(self->priv->input_stream, cancellable, NULL);
+ i_ret = g_input_stream_close(self->priv->input_stream, cancellable, &local_error);
+
+ if (local_error)
+ g_propagate_error(error, local_error);
if (self->priv->output_stream)
- g_output_stream_close(self->priv->output_stream, cancellable, NULL);
+ o_ret = g_output_stream_close(self->priv->output_stream, cancellable, &local_error);
+
+ if (local_error) {
+ if (i_ret)
+ g_propagate_error(error, local_error);
+ else
+ g_error_free(local_error);
+ }
- return TRUE; /* FIXME: really close the stream? */
+ return (i_ret && o_ret);
}
--
1.8.3.1
10 years, 9 months
[libvirt] [PATCH v12 00/11] Write separate module for hostdev passthrough
by Chunyan Liu
These patches implements a separate module for hostdev passthrough so that it
could be shared by different drivers and can maintain a global state of a host
device.
patch 1/11: pci/usb/scsi used_by should include driver and domain info to check
conflict among different drivers.
patch 2/11~5/11: extract qemu specific code outside, to prepare for hostdev
common library
patch 6/11: move hostdev functions from qemu_hostdev.c to common library and
maintain insistent device state.
patch 7/11: add a unit test for hostdev common library.
patch 8/11: switch qemu driver to use the common library instead of its own
hostdev passthrough APIs.
patch 9/11: switch lxc driver to use the common library instead of its own
hostdev passthrough APIs.
patch 10/11: add a hostdev pci backend type for xen usage.
patch 11/11: add pci passthrough to libxl driver.
---
Changes to v11:
* rebase to latest shareable scsi hostdev changes
* split v11 1/6 (add hostdev common library): add some small patches to extract qemu specific codes outside first before adding hostdev common library patch, for easier review.
Chunyan Liu (11):
change used_by: specify both driver and domain
qemu_hostdev: move cfg->relaxedACS as a flag
qemu_hostdev: move COLD_BOOT as a flag
qemu_hostdev: parse BACKEND_DEFAULT outside
qemu_hostdev: add/remove share device outside
add hostdev passthrough common library
add unit test for hostdev common library
change qemu driver to use hostdev common library
change lxc driver to use hostdev common library
add hostdev pci backend type for xen
add pci passthrough for libxl driver
.gitignore | 1 +
docs/schemas/domaincommon.rng | 1 +
po/POTFILES.in | 3 +-
src/Makefile.am | 3 +-
src/conf/domain_conf.c | 3 +-
src/conf/domain_conf.h | 1 +
src/libvirt_private.syms | 21 +
src/libxl/libxl_conf.c | 63 +
src/libxl/libxl_conf.h | 4 +
src/libxl/libxl_domain.c | 9 +
src/libxl/libxl_driver.c | 448 +++++-
src/lxc/lxc_conf.h | 4 -
src/lxc/lxc_driver.c | 47 +-
src/lxc/lxc_hostdev.c | 413 -----
src/lxc/lxc_hostdev.h | 43 -
src/lxc/lxc_process.c | 24 +-
src/qemu/qemu_command.c | 4 +-
src/qemu/qemu_conf.h | 11 +-
src/qemu/qemu_domain.c | 22 +
src/qemu/qemu_driver.c | 83 +-
src/qemu/qemu_hostdev.c | 89 +-
src/qemu/qemu_hostdev.h | 5 +-
src/qemu/qemu_hotplug.c | 144 +-
src/qemu/qemu_process.c | 61 +-
src/util/virhostdev.c | 1787 ++++++++++++++++++++
src/util/virhostdev.h | 134 ++
src/util/virpci.c | 30 +-
src/util/virpci.h | 9 +-
src/util/virscsi.c | 30 +-
src/util/virscsi.h | 7 +-
src/util/virusb.c | 29 +-
src/util/virusb.h | 8 +-
tests/Makefile.am | 5 +
.../qemuxml2argv-hostdev-pci-address.xml | 1 +
.../qemuxml2argvdata/qemuxml2argv-net-hostdev.xml | 1 +
tests/qemuxml2argvdata/qemuxml2argv-pci-rom.xml | 2 +
tests/virhostdevtest.c | 473 ++++++
tests/virscsitest.c | 6 +-
38 files changed, 3292 insertions(+), 737 deletions(-)
delete mode 100644 src/lxc/lxc_hostdev.c
delete mode 100644 src/lxc/lxc_hostdev.h
create mode 100644 src/util/virhostdev.c
create mode 100644 src/util/virhostdev.h
create mode 100644 tests/virhostdevtest.c
10 years, 9 months
[libvirt] [PATCH] Ignore additional fields in iscsiadm output
by Ján Tomko
There has been a new field introduced in iscsiadm --mode session
output [1], but our regex only expects four fields. This breaks
startup of iscsi pools:
error: Failed to start pool iscsi
error: internal error: cannot find session
Fix this by ignoring anything after the fourth field.
https://bugzilla.redhat.com/show_bug.cgi?id=1067173
[1] https://github.com/mikechristie/open-iscsi/commit/181af9a
---
src/storage/storage_backend_iscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_backend_iscsi.c
index 556c2cc..1149e43 100644
--- a/src/storage/storage_backend_iscsi.c
+++ b/src/storage/storage_backend_iscsi.c
@@ -102,7 +102,7 @@ virStorageBackendISCSISession(virStoragePoolObjPtr pool,
* Pull out 2nd and 4th fields
*/
const char *regexes[] = {
- "^tcp:\\s+\\[(\\S+)\\]\\s+\\S+\\s+(\\S+)\\s*$"
+ "^tcp:\\s+\\[(\\S+)\\]\\s+\\S+\\s+(\\S+).*$"
};
int vars[] = {
2,
--
1.8.3.2
10 years, 9 months
[libvirt] [PATCH] Add a stub for virCgroupGetDomainTotalCpuStats
by Ján Tomko
Commit 6515889 broke the build on FreeBSD:
In function `qemuDomainGetCPUStats':
/../../src/qemu/qemu_driver.c:16102:
undefined reference to `virCgroupGetDomainTotalCpuStats'
---
Pushed as a build-breaker.
src/util/vircgroup.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 268a4ae..2dba10c 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -4261,6 +4261,17 @@ virCgroupGetCpuacctStat(virCgroupPtr group ATTRIBUTE_UNUSED,
int
+virCgroupGetDomainTotalCpuStats(virCgroupPtr group ATTRIBUTE_UNUSED,
+ virTypedParameterPtr params ATTRIBUTE_UNUSED,
+ int nparams ATTRIBUTE_UNUSED)
+{
+ virReportSystemError(ENOSYS, "%s",
+ _("Control groups not supported on this platform"));
+ return -1;
+}
+
+
+int
virCgroupSetFreezerState(virCgroupPtr group ATTRIBUTE_UNUSED,
const char *state ATTRIBUTE_UNUSED)
{
--
1.8.3.2
10 years, 9 months
[libvirt] [PATCHv4 00/10] Add BlkIO and CPU/mem stat API implementations for lxc
by Thorsten Behrens
This patch set adds block io, memory and domain cpu statistics API
slot implementations to the LXC driver, in order to get linux
container monitoring and accounting a bit closer to qemu standards.
The last patch is a tad quirky (happy to hear suggestions on
alternative ways), in that it widens the permissible value set
at the .domainBlockStats slot: for lxc guests, it is relatively
likely to have zero disk devices, since host filesystems can be
used via passthrough bind mounts. Therefore, passing the zero-length
string as device path, is interpreted as 'return summary stats for
the entire domains's block io'.
v4 addresses the last remaining review comments.
Thorsten Behrens (10):
Add util virCgroupGetBlkioIo*Serviced methods.
Implement domainMemoryStats API slot for LXC driver.
Make qemuGetDomainTotalCPUStats a virCgroup function.
Implement domainGetCPUStats for lxc driver.
Implement lxcDomainBlockStats* for lxc driver
Widening API change - accept empty path for virDomainBlockStats
Add unit test for virCgroupGetBlkioIo*Serviced
Add unit test for virCgroupGetMemoryUsage.
Fix misspelled cpuacct.usage_percpu in cgroup mock.
Add unit test for virCgroupGetPercpuStats.
src/libvirt.c | 8 +-
src/libvirt_private.syms | 4 +
src/lxc/lxc_driver.c | 300 +++++++++++++++++++++++++++++++++
src/qemu/qemu_driver.c | 54 +-----
src/util/vircgroup.c | 382 +++++++++++++++++++++++++++++++++++++++++++
src/util/vircgroup.h | 24 +++
tests/testutilslxc.h | 3 +
tests/vircgroupmock.c | 100 ++++++++++-
tests/vircgrouptest.c | 230 ++++++++++++++++++++++++++
tools/virsh-domain-monitor.c | 11 +-
tools/virsh.pod | 5 +-
11 files changed, 1059 insertions(+), 62 deletions(-)
--
1.8.4.5
10 years, 9 months
[libvirt] [libvirt-python PATCH] generator: Skip exporting only sentinels
by Martin Kletzander
When enum type has '_LAST' in its name, but is not the last type in
that enum, it's skipped even though it shouldn't be. Currently, this
is the case for only VIR_NETWORK_UPDATE_COMMAND_ADD_LAST inside an
enum virNetworkUpdateCommand.
Also, since _LAST types can have other enums instead of values, that
needs to be filtered out using a try-except when converting the value.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
generator.py | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/generator.py b/generator.py
index 42f3913..0e9600f 100755
--- a/generator.py
+++ b/generator.py
@@ -227,10 +227,9 @@ def enum(type, name, value):
value = 1
elif value == 'VIR_DOMAIN_AFFECT_CONFIG':
value = 2
- if name[-5:] != '_LAST':
- if onlyOverrides and name not in enums[type]:
- return
- enums[type][name] = value
+ if onlyOverrides and name not in enums[type]:
+ return
+ enums[type][name] = value
def lxc_enum(type, name, value):
if type not in lxc_enums:
@@ -1765,13 +1764,23 @@ def buildWrappers(module):
#
# Generate enum constants
#
+ def enumsSortKey(data):
+ value = data[1]
+ try:
+ value = int(value)
+ except ValueError:
+ value = float('inf')
+ return value
+
enumvals = list(enums.items())
if enumvals is not None:
enumvals.sort(key=lambda x: x[0])
for type,enum in enumvals:
classes.write("# %s\n" % type)
items = list(enum.items())
- items.sort(key=lambda i: int(i[1]))
+ items.sort(key=enumsSortKey)
+ if items[-1][0].endswith('_LAST'):
+ del items[-1]
for name,value in items:
classes.write("%s = %s\n" % (name,value))
classes.write("\n")
--
1.9.0
10 years, 9 months
[libvirt] [PATCH] virsh: fix memory leak in virsh when starting a guest with invalid fd
by Jincheng Miao
When start a guest with --pass-fd, if the argument of --pass-fd is invalid,
virsh will exit, but doesn't free the variable 'dom'.
The valgrind said:
...
==24569== 63 (56 direct, 7 indirect) bytes in 1 blocks are definitely lost in loss record 130 of 234
==24569== at 0x4C2A1D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24569== by 0x4E879A4: virAllocVar (viralloc.c:544)
==24569== by 0x4EBD625: virObjectNew (virobject.c:190)
==24569== by 0x4F3A18A: virGetDomain (datatypes.c:226)
==24569== by 0x4F9311F: remoteDomainLookupByName (remote_driver.c:6636)
==24569== by 0x4F44F20: virDomainLookupByName (libvirt.c:2277)
==24569== by 0x12F616: vshCommandOptDomainBy (virsh-domain.c:105)
==24569== by 0x131C79: cmdStart (virsh-domain.c:3330)
==24569== by 0x12C4AB: vshCommandRun (virsh.c:1752)
==24569== by 0x127001: main (virsh.c:3218)
https://bugzilla.redhat.com/show_bug.cgi?id=1067338
Signed-off-by: Jincheng Miao <jmiao(a)redhat.com>
---
tools/virsh-domain.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index c3db94c..57653a2 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -3428,11 +3428,11 @@ cmdStart(vshControl *ctl, const vshCmd *cmd)
if (virDomainGetID(dom) != (unsigned int)-1) {
vshError(ctl, "%s", _("Domain is already active"));
virDomainFree(dom);
- return false;
+ goto cleanup;
}
if (cmdStartGetFDs(ctl, cmd, &nfds, &fds) < 0)
- return false;
+ goto cleanup;
if (vshCommandOptBool(cmd, "paused"))
flags |= VIR_DOMAIN_START_PAUSED;
--
1.8.5.3
10 years, 9 months
[libvirt] [PATCH] maint: update to latest gnulib
by Eric Blake
Among other things, gnulib now allows overriding of sed during
'make syntax-check'.
* .gnulib: Update to latest, for maint.mk improvements.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
Pushing under the maintainer rule, before we freeze. I still need
to revive Roman's work on using $(SED) and/or portable sed constructs
in our cfg.mk, but that can occur after freeze if necessary, while
the hard part of the gnulib submodule should be done before freeze.
* .gnulib d5fec6c...3f51bf4 (9):
> maintainer-makefiles: use $(SED) for syntax check
> update from texinfo
> savedir: add sorting arg to savedir, streamsavedir; remove fdsavedir
> autoupdate
> update from texinfo
> update from texinfo
> file-type: add support for doors and other less-common file types
> update from texinfo
> autoupdate
.gnulib | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gnulib b/.gnulib
index d5fec6c..3f51bf4 160000
--- a/.gnulib
+++ b/.gnulib
@@ -1 +1 @@
-Subproject commit d5fec6c22f03c6a73d62260c9ce091c10c0a9cbd
+Subproject commit 3f51bf41c8be8b310f57caff371377414701d5cc
--
1.8.5.3
10 years, 9 months
Re: [libvirt] [libvirt-users] event-test.py cannot detects domain shutdown
by Cole Robinson
On 02/18/2014 05:12 AM, Kim Larry wrote:
> 2014년 2월 11일 오후 10:00에 Eric Blake <eblake(a)redhat.com> 작성:
>
>> On 02/11/2014 12:20 AM, Kim Larry wrote:
>>
>>>>> libvirtd version is 1.1.4 and using Xen for hypervisor.
>>>> I'm not as familiar with the xen hypervisor as with qemu; it may just be
>>>> the case that no one has coded the xen driver to send a shutdown event.
>>>> At any rate, I can confirm that with the qemu driver, shutdown events
>>>> are delivered.
>>
>>> It is a bit weird that all except shutdown event are coded...
>>> If it is true, do I have to just wait?
>>
>> https://rwmj.wordpress.com/2010/11/08/want-help-dont-email-me-directly/
>>
>> Or you could look into the source code and provide a patch; but
>> discussing this on the list is a better way to get a reaction from
>> someone familiar with the xen code.
>>
>> --
>> Eric Blake eblake redhat com +1-919-301-3266
>> Libvirt virtualization library http://libvirt.org
>
>
> Ah, I forgot to add libvirt-users in Cc... sorry.
>
> The thing I found today is that if libvirt uses xend driver, shutdown events
> are delivered, but if libvirt uses libxl drvier, doesn't show up anything. It
> seems there are bugs on shutdown event, so I did dig into the libvirt source
> briefly, but I couldn't find where libxl driver calls event callback.
>
> Any help will be greatly appreciated. Especially someone who is familiar with
> xen code.
>
Jim, does this sound familiar?
- Cole
10 years, 9 months
