[libvirt] Change of server
by Daniel Veillard
I went ahead and switched earlier today, the new IP for libvirt.org
is 91.121.203.120 , seems to me that all services are functionning
as before, I also migrated the various cron. The DNS TTL should
expire within 2 hours and everybody should see the new box then.
it has twice the memory and twice the CPU power (still not a speed
daemon by any measure but should be a bit better). Main point is that
the hardware is newer and hence less likely to fail, but don't repeat
it Murphy could hear about it !
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
10 years, 5 months
[libvirt] [PATCH] block/sheepdog: rename management program from collie to dog
by Hitoshi Mitake
The management program of latest sheepdog is named as "dog", "collie"
is obsolete. This patch updates the name in the configure script and
the sheepdog driver.
Signed-off-by: Vasiliy Tolstov <v.tolstov(a)selfip.ru>
Signed-off-by: Hitoshi Mitake <mitake.hitoshi(a)lab.ntt.co.jp>
---
configure.ac | 10 +++++-----
src/storage/storage_backend_sheepdog.c | 12 ++++++------
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/configure.ac b/configure.ac
index 710cb71..186d9e3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1926,14 +1926,14 @@ AC_SUBST([LIBRBD_LIBS])
if test "$with_storage_sheepdog" = "yes" ||
test "$with_storage_sheepdog" = "check"; then
- AC_PATH_PROG([COLLIE], [collie], [], [$PATH:/sbin:/usr/sbin])
+ AC_PATH_PROG([DOG], [dog], [], [$PATH:/sbin:/usr/sbin])
if test "$with_storage_sheepdog" = "yes"; then
- if test -z "$COLLIE"; then
- AC_MSG_ERROR([We need collie for Sheepdog storage driver])
+ if test -z "$DOG"; then
+ AC_MSG_ERROR([We need dog for Sheepdog storage driver])
fi
else
- if test -z "$COLLIE"; then
+ if test -z "$DOG"; then
with_storage_sheepdog=no
fi
@@ -1945,7 +1945,7 @@ if test "$with_storage_sheepdog" = "yes" ||
if test "$with_storage_sheepdog" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_STORAGE_SHEEPDOG], 1,
[whether Sheepdog backend for storage driver is enabled])
- AC_DEFINE_UNQUOTED([COLLIE],["$COLLIE"],[Location of collie program])
+ AC_DEFINE_UNQUOTED([DOG],["$DOG"],[Location of dog program])
fi
fi
AM_CONDITIONAL([WITH_STORAGE_SHEEPDOG],
diff --git a/src/storage/storage_backend_sheepdog.c b/src/storage/storage_backend_sheepdog.c
index 9419859..864ecd6 100644
--- a/src/storage/storage_backend_sheepdog.c
+++ b/src/storage/storage_backend_sheepdog.c
@@ -150,7 +150,7 @@ virStorageBackendSheepdogRefreshAllVol(virConnectPtr conn ATTRIBUTE_UNUSED,
char **cells = NULL;
size_t i;
- virCommandPtr cmd = virCommandNewArgList(COLLIE, "vdi", "list", "-r", NULL);
+ virCommandPtr cmd = virCommandNewArgList(DOG, "vdi", "list", "-r", NULL);
virStorageBackendSheepdogAddHostArg(cmd, pool);
virCommandSetOutputBuffer(cmd, &output);
if (virCommandRun(cmd, NULL) < 0)
@@ -195,7 +195,7 @@ virStorageBackendSheepdogRefreshPool(virConnectPtr conn ATTRIBUTE_UNUSED,
char *output = NULL;
virCommandPtr cmd;
- cmd = virCommandNewArgList(COLLIE, "node", "info", "-r", NULL);
+ cmd = virCommandNewArgList(DOG, "node", "info", "-r", NULL);
virStorageBackendSheepdogAddHostArg(cmd, pool);
virCommandSetOutputBuffer(cmd, &output);
if (virCommandRun(cmd, NULL) < 0)
@@ -221,7 +221,7 @@ virStorageBackendSheepdogDeleteVol(virConnectPtr conn ATTRIBUTE_UNUSED,
virCheckFlags(0, -1);
- virCommandPtr cmd = virCommandNewArgList(COLLIE, "vdi", "delete", vol->name, NULL);
+ virCommandPtr cmd = virCommandNewArgList(DOG, "vdi", "delete", vol->name, NULL);
virStorageBackendSheepdogAddHostArg(cmd, pool);
int ret = virCommandRun(cmd, NULL);
@@ -266,7 +266,7 @@ virStorageBackendSheepdogBuildVol(virConnectPtr conn,
virCheckFlags(0, -1);
- virCommandPtr cmd = virCommandNewArgList(COLLIE, "vdi", "create", vol->name, NULL);
+ virCommandPtr cmd = virCommandNewArgList(DOG, "vdi", "create", vol->name, NULL);
virCommandAddArgFormat(cmd, "%llu", vol->target.capacity);
virStorageBackendSheepdogAddHostArg(cmd, pool);
if (virCommandRun(cmd, NULL) < 0)
@@ -351,7 +351,7 @@ virStorageBackendSheepdogRefreshVol(virConnectPtr conn ATTRIBUTE_UNUSED,
int ret;
char *output = NULL;
- virCommandPtr cmd = virCommandNewArgList(COLLIE, "vdi", "list", vol->name, "-r", NULL);
+ virCommandPtr cmd = virCommandNewArgList(DOG, "vdi", "list", vol->name, "-r", NULL);
virStorageBackendSheepdogAddHostArg(cmd, pool);
virCommandSetOutputBuffer(cmd, &output);
ret = virCommandRun(cmd, NULL);
@@ -387,7 +387,7 @@ virStorageBackendSheepdogResizeVol(virConnectPtr conn ATTRIBUTE_UNUSED,
virCheckFlags(0, -1);
- virCommandPtr cmd = virCommandNewArgList(COLLIE, "vdi", "resize", vol->name, NULL);
+ virCommandPtr cmd = virCommandNewArgList(DOG, "vdi", "resize", vol->name, NULL);
virCommandAddArgFormat(cmd, "%llu", capacity);
virStorageBackendSheepdogAddHostArg(cmd, pool);
int ret = virCommandRun(cmd, NULL);
--
1.7.1
10 years, 5 months
[libvirt] [PATCH] Add test for type none model dac seclabel
by Ján Tomko
---
.../qemuxml2argv-seclabel-dac-none.args | 4 ++++
.../qemuxml2argv-seclabel-dac-none.xml | 28 ++++++++++++++++++++++
tests/qemuxml2argvtest.c | 1 +
tests/qemuxml2xmltest.c | 1 +
4 files changed, 34 insertions(+)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dac-none.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dac-none.xml
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dac-none.args b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dac-none.args
new file mode 100644
index 0000000..d891234
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dac-none.args
@@ -0,0 +1,4 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
+/usr/bin/qemu -name QEMUGuest1 -S -M pc -m 214 -smp 1 -nographic \
+-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c \
+-usb -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dac-none.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dac-none.xml
new file mode 100644
index 0000000..493f38b
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dac-none.xml
@@ -0,0 +1,28 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <memballoon model='virtio'/>
+ </devices>
+ <seclabel type='none' model='dac'/>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 24d104e..349eb1e 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1214,6 +1214,7 @@ mymain(void)
DO_TEST("seclabel-static-relabel", QEMU_CAPS_NAME);
DO_TEST("seclabel-static-labelskip", QEMU_CAPS_NAME);
DO_TEST("seclabel-none", QEMU_CAPS_NAME);
+ DO_TEST("seclabel-dac-none", QEMU_CAPS_NAME);
DO_TEST("pseries-basic",
QEMU_CAPS_CHARDEV, QEMU_CAPS_DEVICE, QEMU_CAPS_NODEFCONFIG);
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 200d50f..43cd022 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -304,6 +304,7 @@ mymain(void)
DO_TEST("seclabel-static");
DO_TEST_FULL("seclabel-static-labelskip", false, WHEN_ACTIVE);
DO_TEST("seclabel-none");
+ DO_TEST("seclabel-dac-none");
DO_TEST("numad-static-vcpu-no-numatune");
DO_TEST("disk-scsi-lun-passthrough-sgio");
--
1.8.3.2
10 years, 5 months
[libvirt] [PATCH] test: add user_xattr check for securityselinuxlabeltest
by Jincheng Miao
libvirt unit test used setxattr with "user.libvirt.selinux" name to
emulate setfilecon of selinux. But for some old kernel filesystem
(like 2.6.32-431.el6.x86_64), if the filesystem is not mounted with
user_xattr flag, the setxattr with "user.libvirt.selinux" will fail.
So adding testUserXattrEnabled() in securityselinuxlabeltest.c,
if user_xattr is not enabled, skip this case.
The user_xattr is departed in newer kernel, therefore this commit is
only for the compatablity for old kernel.
Signed-off-by: Jincheng Miao <jmiao(a)redhat.com>
---
tests/securityselinuxlabeltest.c | 33 +++++++++++++++++++++++++++++++++
1 files changed, 33 insertions(+), 0 deletions(-)
diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c
index 88ec35a..3f155e3 100644
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@@ -28,6 +28,7 @@
#include <selinux/selinux.h>
#include <selinux/context.h>
+#include <attr/xattr.h>
#include "internal.h"
#include "testutils.h"
@@ -56,6 +57,35 @@ struct testSELinuxFile {
char *context;
};
+static int
+testUserXattrEnabled(void)
+{
+ int ret = -1;
+ ssize_t len;
+ const char *con_value = "system_u:object_r:svirt_image_t:s0:c41,c264";
+ char *path = NULL;
+ if (virAsprintf(&path, "%s/securityselinuxlabeldata/testxattr",
+ abs_srcdir) < 0)
+ goto cleanup;
+
+ if (virFileTouch(path, 0600) < 0)
+ goto cleanup;
+
+ len = setxattr(path, "user.libvirt.selinux", con_value,
+ strlen(con_value), 0);
+ if (len < 0) {
+ if (errno == EOPNOTSUPP)
+ ret = 0;
+ goto cleanup;
+ }
+
+ ret = 1;
+
+ cleanup:
+ unlink(path);
+ VIR_FREE(path);
+ return ret;
+}
static int
testSELinuxMungePath(char **path)
@@ -322,6 +352,9 @@ mymain(void)
{
int ret = 0;
+ if (!testUserXattrEnabled())
+ return EXIT_AM_SKIP;
+
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) {
virErrorPtr err = virGetLastError();
fprintf(stderr, "Unable to initialize security driver: %s\n",
--
1.7.1
10 years, 5 months
[libvirt] [PATCH V2] libxl: detect support for save and restore
by Jim Fehlig
libxl does not support save, restore, or migrate on all architectures,
notably ARM. Detect whether libxl supports these operations using
LIBXL_HAVE_NO_SUSPEND_RESUME. If not supported, drop advertisement of
<migration_features>.
Found by Ian Campbell while improving Xen's OSSTEST infrastructure
http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
Another option for
https://www.redhat.com/archives/libvir-list/2014-June/msg01276.html
With this one, we even avoid the distasteful double negative :).
Compile-tested on x86 only at this point. The ARM build is still
slowly grinding away...
src/libxl/libxl_conf.c | 4 ++++
src/libxl/libxl_driver.c | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+)
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 4b6b5c0..8eeaf82 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1340,7 +1340,11 @@ libxlMakeCapabilities(libxl_ctx *ctx)
{
virCapsPtr caps;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+ if ((caps = virCapabilitiesNew(virArchFromHost(), 0, 0)) == NULL)
+#else
if ((caps = virCapabilitiesNew(virArchFromHost(), 1, 1)) == NULL)
+#endif
return NULL;
if (libxlCapsInitHost(ctx, caps) < 0)
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 1ea99e2..646c9b9 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -1379,6 +1379,11 @@ libxlDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml,
int ret = -1;
bool remove_dom = false;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+ virReportUnsupportedError();
+ return -1;
+#endif
+
virCheckFlags(0, -1);
if (dxml) {
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
@@ -1440,6 +1445,11 @@ libxlDomainRestoreFlags(virConnectPtr conn, const char *from,
int fd = -1;
int ret = -1;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+ virReportUnsupportedError();
+ return -1;
+#endif
+
virCheckFlags(VIR_DOMAIN_SAVE_PAUSED, -1);
if (dxml) {
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
@@ -4351,6 +4361,11 @@ libxlDomainMigrateBegin3Params(virDomainPtr domain,
const char *xmlin = NULL;
virDomainObjPtr vm = NULL;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+ virReportUnsupportedError();
+ return NULL;
+#endif
+
virCheckFlags(LIBXL_MIGRATION_FLAGS, NULL);
if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) < 0)
return NULL;
@@ -4395,6 +4410,11 @@ libxlDomainMigratePrepare3Params(virConnectPtr dconn,
const char *dname = NULL;
const char *uri_in = NULL;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+ virReportUnsupportedError();
+ return -1;
+#endif
+
virCheckFlags(LIBXL_MIGRATION_FLAGS, -1);
if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) < 0)
goto error;
@@ -4445,6 +4465,11 @@ libxlDomainMigratePerform3Params(virDomainPtr dom,
const char *uri = NULL;
int ret = -1;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+ virReportUnsupportedError();
+ return -1;
+#endif
+
virCheckFlags(LIBXL_MIGRATION_FLAGS, -1);
if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) < 0)
goto cleanup;
@@ -4497,6 +4522,11 @@ libxlDomainMigrateFinish3Params(virConnectPtr dconn,
virDomainObjPtr vm = NULL;
const char *dname = NULL;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+ virReportUnsupportedError();
+ return NULL;
+#endif
+
virCheckFlags(LIBXL_MIGRATION_FLAGS, NULL);
if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) < 0)
return NULL;
@@ -4545,6 +4575,11 @@ libxlDomainMigrateConfirm3Params(virDomainPtr domain,
libxlDriverPrivatePtr driver = domain->conn->privateData;
virDomainObjPtr vm = NULL;
+#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
+ virReportUnsupportedError();
+ return -1;
+#endif
+
virCheckFlags(LIBXL_MIGRATION_FLAGS, -1);
if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) < 0)
return -1;
--
1.8.4.5
10 years, 5 months
[libvirt] [for 1.2.6] Redundancy of virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
by Peter Krempa
Hi,
when reviewing the patch to add python bindings for the said APIs it
occurred to me that the two APIs are so close in their prototypes and
way of functioning that we could actually merge them into one.
Both of those return a list of lease structures and the only difference
is the presence of the @mac argument.
We could unify those two APIs into one with the following signature:
int
virNetworkGetDHCPLeases(virNetworkPtr network,
const char *mac,
virNetworkDHCPLeasePtr **leases,
unsigned int flags)
And tweak the semantics of @mac where when the user passes NULL we'd
return the complete unfiltered list.
This would simplify our API and also the python bindings.
If we decide this is a good idea (in time for the release) I'll post
patches to flesh out the redundant parts.
Peter
10 years, 5 months
[libvirt] [PATCH] qemu: fix guestfwd chardev option back how it was
by Martin Kletzander
Since commit d86c876a66e320b55220d00113027c9ad6199cff we are using
guestfwd=tcp:IP:PORT,chardev=ID for guestfwd specification, however,
that has not changed in qemu, so guestfwd does not work since.
Apart from that, guestfwd is not working with older qemu that doesn't
have QEMU_CAPS_DEVICE.
Both regressions exist since late 2009 and nobody found that (until
now), so I'm only fixing the first one.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1112066
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
src/qemu/qemu_command.c | 2 +-
tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 93d303e..5074aa1 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9186,7 +9186,7 @@ qemuBuildChannelChrDeviceStr(char **deviceStr,
port = virSocketAddrGetPort(chr->target.addr);
if (virAsprintf(deviceStr,
- "user,guestfwd=tcp:%s:%i,chardev=char%s,id=user-%s",
+ "user,guestfwd=tcp:%s:%i-chardev:char%s,id=user-%s",
addr, port, chr->info.alias, chr->info.alias) < 0) {
virReportOOMError();
goto cleanup;
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args b/tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args
index 7a15369..eb13430 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-channel-guestfwd.args
@@ -4,5 +4,5 @@ pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -chardev socket,\
id=charmonitor,path=/tmp/test-monitor,server,nowait -mon chardev=charmonitor,\
id=monitor,mode=readline -no-acpi -boot c -usb -hda /dev/HostVG/QEMUGuest1 -chardev \
pipe,id=charchannel0,path=/tmp/guestfwd -netdev user,\
-guestfwd=tcp:10.0.2.1:4600,chardev=charchannel0,id=user-channel0 -device \
+guestfwd=tcp:10.0.2.1:4600-chardev:charchannel0,id=user-channel0 -device \
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
--
2.0.0
10 years, 5 months
[libvirt] [PATCH] docs: publish correct enum values
by Eric Blake
We publish libvirt-api.xml for others to use, and in fact, the
libvirt-python bindings use it to generate enum values. However,
we had an off-by-one bug that any enum that relied on C's rules
for implicit initialization of the first enum member to 0 got
listed in the xml as having a value of 1 (and all later members
of the enum were equally botched).
Affected are:
- virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW),
since libvirt TBD
- virDomainEventGraphicsAddressType (such as
VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4), since libvirt TBD
- virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4), since libvirt TBD
The fix is simple - since we add one to the previous value when
encountering an enum without an initializer, the previous value
must start at -1 so that the first enum member is assigned 0.
Thanks to Nehal J Wani for reporting the problem on IRC, and
for helping me zero in on the culprit function.
* docs/apibuild.py (CParser.parseEnumBlock): Fix implicit enum
values.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
I'm going to touch up the commit message before pushing, once I
do enough research on which versions of libvirt were impacted;
but I just got interrupted, so I'm posting this now to get the
review started.
docs/apibuild.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/apibuild.py b/docs/apibuild.py
index 5250c5a..30e224d 100755
--- a/docs/apibuild.py
+++ b/docs/apibuild.py
@@ -1312,7 +1312,7 @@ class CParser:
name = None
self.comment = None
comment = ""
- value = "0"
+ value = "-1"
while token is not None:
if token[0] == "sep" and token[1] == "{":
token = self.token()
--
1.9.3
10 years, 5 months
[libvirt] [PATCH] Fix typo s/SASL_CONF_DIR/SASL_CONF_PATH/ in QEMU VNC code
by Daniel P. Berrange
The QEMU VNC client arg code has a long standing typo
of SASL_CONF_DIR when it should be SASL_CONFIG_PATH for
the env variable name.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/qemu/qemu_command.c | 2 +-
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args | 2 +-
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 93d303e..d53315a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6541,7 +6541,7 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
virBufferAddLit(&opt, ",sasl");
if (cfg->vncSASLdir)
- virCommandAddEnvPair(cmd, "SASL_CONF_DIR", cfg->vncSASLdir);
+ virCommandAddEnvPair(cmd, "SASL_CONF_PATH", cfg->vncSASLdir);
/* TODO: Support ACLs later */
}
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
index 67ef88f..239fde1 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
@@ -1,5 +1,5 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
-SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none \
+SASL_CONF_PATH=/root/.sasl2 QEMU_AUDIO_DRV=none \
/usr/bin/qemu -S -M pc -m 214 \
-smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
/dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -vnc \
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
index d71a998..c681b1b 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
@@ -1,5 +1,5 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
-SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none \
+SASL_CONF_PATH=/root/.sasl2 QEMU_AUDIO_DRV=none \
/usr/bin/qemu -S -M pc -m 214 \
-smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
/dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -vnc \
--
1.9.3
10 years, 5 months
[libvirt] [PATCH] qemu: don't label anything before locking the domain
by Martin Kletzander
If locking the domain failed, files were already labelled and thus we
restored the previous label on them. Having disks on NFS means the
domain having the lock already gets permission denial.
This code moves the labelling part into the command hook since it's
still privileged, and also moves the clearing of
VIR_QEMU_PROCESS_STOP_NO_RELABEL from stop_flags right after the
handshare after hook.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1113327
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
src/qemu/qemu_process.c | 69 ++++++++++++++++++++++++++++---------------------
1 file changed, 39 insertions(+), 30 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 5b598be..bc751b9 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2700,6 +2700,8 @@ struct qemuProcessHookData {
virQEMUDriverPtr driver;
virBitmapPtr nodemask;
virQEMUDriverConfigPtr cfg;
+ const char *stdin_path;
+ int stdin_fd;
};
static int qemuProcessHook(void *data)
@@ -2739,6 +2741,34 @@ static int qemuProcessHook(void *data)
if (virNumaSetupMemoryPolicy(h->vm->def->numatune, h->nodemask) < 0)
goto cleanup;
+ /*
+ * Only after we managed to get a domain lock we can label
+ * domain-related objects.
+ */
+ VIR_DEBUG("Setting domain security labels");
+ if (virSecurityManagerSetAllLabel(h->driver->securityManager,
+ h->vm->def, h->stdin_path) < 0)
+ goto cleanup;
+
+ if (h->stdin_fd != -1) {
+ /* if there's an fd to migrate from, and it's a pipe, put the
+ * proper security label on it
+ */
+ struct stat stdin_sb;
+
+ VIR_DEBUG("setting security label on pipe used for migration");
+
+ if (fstat(h->stdin_fd, &stdin_sb) < 0) {
+ virReportSystemError(errno,
+ _("cannot stat fd %d"), h->stdin_fd);
+ goto cleanup;
+ }
+ if (S_ISFIFO(stdin_sb.st_mode) &&
+ virSecurityManagerSetImageFDLabel(h->driver->securityManager,
+ h->vm->def, h->stdin_fd) < 0)
+ goto cleanup;
+ }
+
ret = 0;
cleanup:
@@ -3702,6 +3732,8 @@ int qemuProcessStart(virConnectPtr conn,
hookData.driver = driver;
/* We don't increase cfg's reference counter here. */
hookData.cfg = cfg;
+ hookData.stdin_path = stdin_path;
+ hookData.stdin_fd = stdin_fd;
VIR_DEBUG("Beginning VM startup process");
@@ -4082,6 +4114,12 @@ int qemuProcessStart(virConnectPtr conn,
goto cleanup;
}
+ /* Security manager labeled all devices, therefore
+ * if any operation from now on fails and we goto cleanup,
+ * where virSecurityManagerRestoreAllLabel() is called
+ * (hidden under qemuProcessStop) we need to restore labels. */
+ stop_flags &= ~VIR_QEMU_PROCESS_STOP_NO_RELABEL;
+
VIR_DEBUG("Setting up domain cgroup (if required)");
if (qemuSetupCgroup(driver, vm, nodemask) < 0)
goto cleanup;
@@ -4092,36 +4130,7 @@ int qemuProcessStart(virConnectPtr conn,
qemuProcessInitCpuAffinity(driver, vm, nodemask) < 0)
goto cleanup;
- VIR_DEBUG("Setting domain security labels");
- if (virSecurityManagerSetAllLabel(driver->securityManager,
- vm->def, stdin_path) < 0)
- goto cleanup;
-
- /* Security manager labeled all devices, therefore
- * if any operation from now on fails and we goto cleanup,
- * where virSecurityManagerRestoreAllLabel() is called
- * (hidden under qemuProcessStop) we need to restore labels. */
- stop_flags &= ~VIR_QEMU_PROCESS_STOP_NO_RELABEL;
-
- if (stdin_fd != -1) {
- /* if there's an fd to migrate from, and it's a pipe, put the
- * proper security label on it
- */
- struct stat stdin_sb;
-
- VIR_DEBUG("setting security label on pipe used for migration");
-
- if (fstat(stdin_fd, &stdin_sb) < 0) {
- virReportSystemError(errno,
- _("cannot stat fd %d"), stdin_fd);
- goto cleanup;
- }
- if (S_ISFIFO(stdin_sb.st_mode) &&
- virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, stdin_fd) < 0)
- goto cleanup;
- }
-
- VIR_DEBUG("Labelling done, completing handshake to child");
+ VIR_DEBUG("Affinity/cgroups set, completing handshake to child");
if (virCommandHandshakeNotify(cmd) < 0) {
goto cleanup;
}
--
2.0.0
10 years, 5 months
