July 2014 - Devel - libvirt List Archives

[libvirt] [PATCH 0/3] libxl: support hotplug of <interface> device
by Chunyan Liu 15 Jul '14

15 Jul '14

This patch series is to add support for attach/detaching an <interface> device. At the same time, add two fixes (1/3 and 3/3) Chunyan Liu (3): libxl: add HOSTDEV type in libxlDomainDetachDeviceConfig libxl: support hotplug of <interface> libxl: fix return value error Attach|DetachDeviceFlags .gnulib | 2 +- src/libxl/libxl_domain.c | 12 ++- src/libxl/libxl_driver.c | 193 +++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 180 insertions(+), 27 deletions(-) -- 1.8.4.5

2 4

[libvirt] [PATCH v2 00/16] Support for per-guest-node binding
by Martin Kletzander 15 Jul '14

15 Jul '14

Currently we are only able to bind the whole domain to some host nodes using the /domain/numatune/memory element. Numerous requests were made to support host<->guest numa node bindings, so this series tries to implement that using /domain/numatune/memnode elements. That is incompatible with automatic numa placement (numad) since that makes no sense. Some of these patches were ACK'd in the previous round, but this version completely rewrites the parsing and formatting of the numatune XML element and places it into a separate file. Hence the repost of all the patches even with those ACK'd ones. Patches 1-3 move some code around, patch 4 adds cell id specification into the XML (which is used later on). Then patches 5-7 rework the numatune handling, which clears out some odd things, but mostly cleans the parsing code. Patch 8 adds the support for memnode elements in the XML conf code and together with patch 9 enables the use of it outside numatune_conf.c. After that, I needed to probe qemu for 2 capabilities; for one of them patch 10 adds the possibility to probe for it, then two following patches 11 and 12 add the probing data. One of the capabilities tells us that we can use disjoint ranges (not necessarily for the cpus= param) with qemu, so patch 13 makes a use of it. Finally patch 14 uses the memnode data to tell qemu which host nodes should be used for the allocations of memory blocks. Patch 15 does almost nothing, but the next patch looks better with it. And the last patch, number 16, fixes a bug with KVM and cgroups. One last note, APIs for handling the memnode settings will be added later. I'm sending this to prepare the ground for Michal's work with hugepages. Martin Kletzander (16): qemu: purely a code movement qemu: remove useless error check conf: purely a code movement conf, schema: add 'id' field for cells numatune: create new module for numatune numatune: unify numatune struct and enum names numatune: Encapsulate numatune configuration in order to unify results conf, schema: add support for memnode elements numatune: add support for per-node memory bindings in private APIs qemu: allow qmp probing for cmdline options without params qemu: memory-backend-ram capability probing qemu: newer -numa parameter capability probing qemu: enable disjoint numa cpu ranges qemu: pass numa node binding preferences to qemu qemu: split out cpuset.mems setting qemu: leave restricting cpuset.mems after initialization docs/formatdomain.html.in | 26 +- docs/schemas/domaincommon.rng | 22 + po/POTFILES.in | 1 + src/Makefile.am | 3 +- src/conf/cpu_conf.c | 39 +- src/conf/cpu_conf.h | 3 +- src/conf/domain_conf.c | 203 ++----- src/conf/domain_conf.h | 10 +- src/conf/numatune_conf.c | 589 +++++++++++++++++++++ src/conf/numatune_conf.h | 108 ++++ src/libvirt_private.syms | 24 +- src/lxc/lxc_cgroup.c | 20 +- src/lxc/lxc_controller.c | 5 +- src/lxc/lxc_native.c | 15 +- src/parallels/parallels_driver.c | 7 +- src/qemu/qemu_capabilities.c | 16 +- src/qemu/qemu_capabilities.h | 2 + src/qemu/qemu_cgroup.c | 52 +- src/qemu/qemu_cgroup.h | 4 +- src/qemu/qemu_command.c | 98 +++- src/qemu/qemu_driver.c | 84 ++- src/qemu/qemu_monitor.c | 6 +- src/qemu/qemu_monitor.h | 3 +- src/qemu/qemu_monitor_json.c | 8 +- src/qemu/qemu_monitor_json.h | 3 +- src/qemu/qemu_process.c | 12 +- src/util/virnuma.c | 61 +-- src/util/virnuma.h | 28 +- tests/qemucapabilitiesdata/caps_1.6.50-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.6.50-1.replies | 5 + tests/qemumonitorjsontest.c | 20 +- .../qemuxml2argv-cpu-numa-disjoint.args | 6 + .../qemuxml2argv-cpu-numa-disjoint.xml | 28 + tests/qemuxml2argvdata/qemuxml2argv-cpu-numa1.xml | 6 +- tests/qemuxml2argvdata/qemuxml2argv-cpu-numa2.xml | 6 +- tests/qemuxml2argvdata/qemuxml2argv-cpu-numa3.xml | 25 + .../qemuxml2argv-numatune-auto-prefer.xml | 29 + .../qemuxml2argv-numatune-memnode-no-memory.args | 8 + .../qemuxml2argv-numatune-memnode-no-memory.xml | 30 ++ .../qemuxml2argv-numatune-memnode-nocpu.xml | 25 + .../qemuxml2argv-numatune-memnode.args | 11 + .../qemuxml2argv-numatune-memnode.xml | 33 ++ .../qemuxml2argv-numatune-memnodes-problematic.xml | 31 ++ tests/qemuxml2argvtest.c | 12 + .../qemuxml2xmlout-cpu-numa1.xml | 28 + .../qemuxml2xmlout-cpu-numa2.xml | 28 + .../qemuxml2xmlout-numatune-auto-prefer.xml | 29 + .../qemuxml2xmlout-numatune-memnode.xml | 33 ++ tests/qemuxml2xmltest.c | 8 + 49 files changed, 1467 insertions(+), 387 deletions(-) create mode 100644 src/conf/numatune_conf.c create mode 100644 src/conf/numatune_conf.h create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-numa-disjoint.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-numa-disjoint.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-cpu-numa3.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-auto-prefer.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-memnode-no-memory.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-memnode-no-memory.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-memnode-nocpu.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-memnode.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-memnode.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-numatune-memnodes-problematic.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-cpu-numa1.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-cpu-numa2.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-numatune-auto-prefer.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-numatune-memnode.xml -- 2.0.0

3 31

[libvirt] [PATCH 0/2] Tri-state bool enum cleanups
by Ján Tomko 15 Jul '14

15 Jul '14

We have been using a few different enum types with the same values: DEFAULT ENABLED = "on" / "yes" DISABLED = "off" / "no" Replace these with just two enums with rather unimaginative names: virDomainYesNo and virDomainOnOff Ján Tomko (2): Introduce virDomainYesNo enum type Introduce virDomainOnOff enum src/conf/domain_conf.c | 194 +++++++++++++++++------------------------------ src/conf/domain_conf.h | 127 +++++-------------------------- src/libvirt_private.syms | 26 +------ src/libxl/libxl_conf.c | 6 +- src/lxc/lxc_container.c | 4 +- src/lxc/lxc_native.c | 2 +- src/qemu/qemu_command.c | 80 +++++++++---------- src/qemu/qemu_driver.c | 4 +- src/qemu/qemu_process.c | 2 +- src/vbox/vbox_tmpl.c | 22 +++--- src/xenxs/xen_sxpr.c | 20 ++--- src/xenxs/xen_xm.c | 20 ++--- 12 files changed, 174 insertions(+), 333 deletions(-) -- 1.8.5.5

3 9

[libvirt] [PATCHv3] Rework lxc apparmor profile
by Cédric Bosdonnat 15 Jul '14

15 Jul '14

Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default. This profile allows quite a lot, but strives to restrict access to dangerous resources. Removing the explicit authorizations to bash, systemd and cron files, forces them to keep the lxc profile for all applications inside the container. PUx permissions where leading to running systemd (and others tasks) unconfined. Put the generic files, network and capabilities restrictions directly in the TEMPLATE.lxc: this way, users can restrict them on a per container basis. --- Diff to v2: * Fixed missing goto cleanup examples/apparmor/Makefile.am | 6 +- examples/apparmor/TEMPLATE.lxc | 15 ++++ examples/apparmor/{TEMPLATE => TEMPLATE.qemu} | 2 +- examples/apparmor/libvirt-lxc | 119 +++++++++++++++++++++++--- src/security/security_apparmor.c | 21 +++-- src/security/virt-aa-helper.c | 29 +------ 6 files changed, 149 insertions(+), 43 deletions(-) create mode 100644 examples/apparmor/TEMPLATE.lxc rename examples/apparmor/{TEMPLATE => TEMPLATE.qemu} (75%) diff --git a/examples/apparmor/Makefile.am b/examples/apparmor/Makefile.am index a741e94..7a20e16 100644 --- a/examples/apparmor/Makefile.am +++ b/examples/apparmor/Makefile.am @@ -15,7 +15,8 @@ ## <http://www.gnu.org/licenses/>. EXTRA_DIST= \ - TEMPLATE \ + TEMPLATE.qemu \ + TEMPLATE.lxc \ libvirt-qemu \ libvirt-lxc \ usr.lib.libvirt.virt-aa-helper \ @@ -36,6 +37,7 @@ abstractions_DATA = \ templatesdir = $(apparmordir)/libvirt templates_DATA = \ - TEMPLATE \ + TEMPLATE.qemu \ + TEMPLATE.lxc \ $(NULL) endif WITH_APPARMOR_PROFILES diff --git a/examples/apparmor/TEMPLATE.lxc b/examples/apparmor/TEMPLATE.lxc new file mode 100644 index 0000000..7b64885 --- /dev/null +++ b/examples/apparmor/TEMPLATE.lxc @@ -0,0 +1,15 @@ +# +# This profile is for the domain whose UUID matches this file. +# + +#include <tunables/global> + +profile LIBVIRT_TEMPLATE { + #include <abstractions/libvirt-lxc> + + # Globally allows everything to run under this profile + # These can be narrowed depending on the container's use. + file, + capability, + network, +} diff --git a/examples/apparmor/TEMPLATE b/examples/apparmor/TEMPLATE.qemu similarity index 75% rename from examples/apparmor/TEMPLATE rename to examples/apparmor/TEMPLATE.qemu index 187dec5..008a221 100644 --- a/examples/apparmor/TEMPLATE +++ b/examples/apparmor/TEMPLATE.qemu @@ -5,5 +5,5 @@ #include <tunables/global> profile LIBVIRT_TEMPLATE { - #include <abstractions/libvirt-driver> + #include <abstractions/libvirt-qemu> } diff --git a/examples/apparmor/libvirt-lxc b/examples/apparmor/libvirt-lxc index d404328..4bfb503 100644 --- a/examples/apparmor/libvirt-lxc +++ b/examples/apparmor/libvirt-lxc @@ -2,16 +2,115 @@ #include <abstractions/base> - # Needed for lxc-enter-namespace - capability sys_admin, - capability sys_chroot, + umount, - # Added for lxc-enter-namespace --cmd /bin/bash - /bin/bash PUx, + # ignore DENIED message on / remount + deny mount options=(ro, remount) -> /, - /usr/sbin/cron PUx, - /usr/lib/systemd/systemd PUx, + # allow tmpfs mounts everywhere + mount fstype=tmpfs, - /usr/lib/libsystemd-*.so.* mr, - /usr/lib/libudev-*.so.* mr, - /etc/ld.so.cache mr, + # allow mqueue mounts everywhere + mount fstype=mqueue, + + # allow fuse mounts everywhere + mount fstype=fuse.*, + + # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted + mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, + deny @{PROC}/sys/fs/** wklx, + + # allow efivars to be mounted, writing to it will be blocked though + mount fstype=efivarfs -> /sys/firmware/efi/efivars/, + + # block some other dangerous paths + deny @{PROC}/sysrq-trigger rwklx, + deny @{PROC}/mem rwklx, + deny @{PROC}/kmem rwklx, + + # deny writes in /sys except for /sys/fs/cgroup, also allow + # fusectl, securityfs and debugfs to be mounted there (read-only) + mount fstype=fusectl -> /sys/fs/fuse/connections/, + mount fstype=securityfs -> /sys/kernel/security/, + mount fstype=debugfs -> /sys/kernel/debug/, + mount fstype=proc -> /proc/, + mount fstype=sysfs -> /sys/, + deny /sys/firmware/efi/efivars/** rwklx, + deny /sys/kernel/security/** rwklx, + + # generated by: lxc-generate-aa-rules.py container-rules.base + deny /proc/sys/[^kn]*{,/**} wklx, + deny /proc/sys/k[^e]*{,/**} wklx, + deny /proc/sys/ke[^r]*{,/**} wklx, + deny /proc/sys/ker[^n]*{,/**} wklx, + deny /proc/sys/kern[^e]*{,/**} wklx, + deny /proc/sys/kerne[^l]*{,/**} wklx, + deny /proc/sys/kernel/[^smhd]*{,/**} wklx, + deny /proc/sys/kernel/d[^o]*{,/**} wklx, + deny /proc/sys/kernel/do[^m]*{,/**} wklx, + deny /proc/sys/kernel/dom[^a]*{,/**} wklx, + deny /proc/sys/kernel/doma[^i]*{,/**} wklx, + deny /proc/sys/kernel/domai[^n]*{,/**} wklx, + deny /proc/sys/kernel/domain[^n]*{,/**} wklx, + deny /proc/sys/kernel/domainn[^a]*{,/**} wklx, + deny /proc/sys/kernel/domainna[^m]*{,/**} wklx, + deny /proc/sys/kernel/domainnam[^e]*{,/**} wklx, + deny /proc/sys/kernel/domainname?*{,/**} wklx, + deny /proc/sys/kernel/h[^o]*{,/**} wklx, + deny /proc/sys/kernel/ho[^s]*{,/**} wklx, + deny /proc/sys/kernel/hos[^t]*{,/**} wklx, + deny /proc/sys/kernel/host[^n]*{,/**} wklx, + deny /proc/sys/kernel/hostn[^a]*{,/**} wklx, + deny /proc/sys/kernel/hostna[^m]*{,/**} wklx, + deny /proc/sys/kernel/hostnam[^e]*{,/**} wklx, + deny /proc/sys/kernel/hostname?*{,/**} wklx, + deny /proc/sys/kernel/m[^s]*{,/**} wklx, + deny /proc/sys/kernel/ms[^g]*{,/**} wklx, + deny /proc/sys/kernel/msg*/** wklx, + deny /proc/sys/kernel/s[^he]*{,/**} wklx, + deny /proc/sys/kernel/se[^m]*{,/**} wklx, + deny /proc/sys/kernel/sem*/** wklx, + deny /proc/sys/kernel/sh[^m]*{,/**} wklx, + deny /proc/sys/kernel/shm*/** wklx, + deny /proc/sys/kernel?*{,/**} wklx, + deny /proc/sys/n[^e]*{,/**} wklx, + deny /proc/sys/ne[^t]*{,/**} wklx, + deny /proc/sys/net?*{,/**} wklx, + deny /sys/[^fdc]*{,/**} wklx, + deny /sys/c[^l]*{,/**} wklx, + deny /sys/cl[^a]*{,/**} wklx, + deny /sys/cla[^s]*{,/**} wklx, + deny /sys/clas[^s]*{,/**} wklx, + deny /sys/class/[^n]*{,/**} wklx, + deny /sys/class/n[^e]*{,/**} wklx, + deny /sys/class/ne[^t]*{,/**} wklx, + deny /sys/class/net?*{,/**} wklx, + deny /sys/class?*{,/**} wklx, + deny /sys/d[^e]*{,/**} wklx, + deny /sys/de[^v]*{,/**} wklx, + deny /sys/dev[^i]*{,/**} wklx, + deny /sys/devi[^c]*{,/**} wklx, + deny /sys/devic[^e]*{,/**} wklx, + deny /sys/device[^s]*{,/**} wklx, + deny /sys/devices/[^v]*{,/**} wklx, + deny /sys/devices/v[^i]*{,/**} wklx, + deny /sys/devices/vi[^r]*{,/**} wklx, + deny /sys/devices/vir[^t]*{,/**} wklx, + deny /sys/devices/virt[^u]*{,/**} wklx, + deny /sys/devices/virtu[^a]*{,/**} wklx, + deny /sys/devices/virtua[^l]*{,/**} wklx, + deny /sys/devices/virtual/[^n]*{,/**} wklx, + deny /sys/devices/virtual/n[^e]*{,/**} wklx, + deny /sys/devices/virtual/ne[^t]*{,/**} wklx, + deny /sys/devices/virtual/net?*{,/**} wklx, + deny /sys/devices/virtual?*{,/**} wklx, + deny /sys/devices?*{,/**} wklx, + deny /sys/f[^s]*{,/**} wklx, + deny /sys/fs/[^c]*{,/**} wklx, + deny /sys/fs/c[^g]*{,/**} wklx, + deny /sys/fs/cg[^r]*{,/**} wklx, + deny /sys/fs/cgr[^o]*{,/**} wklx, + deny /sys/fs/cgro[^u]*{,/**} wklx, + deny /sys/fs/cgrou[^p]*{,/**} wklx, + deny /sys/fs/cgroup?*{,/**} wklx, + deny /sys/fs?*{,/**} wklx, diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 9603c78..e6563de 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -351,26 +351,37 @@ AppArmorSetSecuritySCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED, static int AppArmorSecurityManagerProbe(const char *virtDriver ATTRIBUTE_UNUSED) { - char *template = NULL; + char *template_qemu = NULL; + char *template_lxc = NULL; int rc = SECURITY_DRIVER_DISABLE; if (use_apparmor() < 0) return rc; /* see if template file exists */ - if (virAsprintf(&template, "%s/TEMPLATE", + if (virAsprintf(&template_qemu, "%s/TEMPLATE.qemu", APPARMOR_DIR "/libvirt") == -1) return rc; - if (!virFileExists(template)) { + if (virAsprintf(&template_lxc, "%s/TEMPLATE.lxc", + APPARMOR_DIR "/libvirt") == -1) + goto cleanup; + + if (!virFileExists(template_qemu)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("template \'%s\' does not exist"), template_qemu); + goto cleanup; + } + if (!virFileExists(template_lxc)) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("template \'%s\' does not exist"), template); + _("template \'%s\' does not exist"), template_lxc); goto cleanup; } rc = SECURITY_DRIVER_ENABLE; cleanup: - VIR_FREE(template); + VIR_FREE(template_qemu); + VIR_FREE(template_lxc); return rc; } diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index f11855d..fe9ad59 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -336,24 +336,20 @@ create_profile(const char *profile, const char *profile_name, char *pcontent = NULL; char *replace_name = NULL; char *replace_files = NULL; - char *replace_driver = NULL; const char *template_name = "\nprofile LIBVIRT_TEMPLATE"; const char *template_end = "\n}"; - const char *template_driver = "libvirt-driver"; int tlen, plen; int fd; int rc = -1; - const char *driver_name = "qemu"; - - if (virtType == VIR_DOMAIN_VIRT_LXC) - driver_name = "lxc"; if (virFileExists(profile)) { vah_error(NULL, 0, _("profile exists")); goto end; } - if (virAsprintfQuiet(&template, "%s/TEMPLATE", APPARMOR_DIR "/libvirt") < 0) { + + if (virAsprintfQuiet(&template, "%s/TEMPLATE.%s", APPARMOR_DIR "/libvirt", + virDomainVirtTypeToString(virtType)) < 0) { vah_error(NULL, 0, _("template name exceeds maximum length")); goto end; } @@ -378,11 +374,6 @@ create_profile(const char *profile, const char *profile_name, goto clean_tcontent; } - if (strstr(tcontent, template_driver) == NULL) { - vah_error(NULL, 0, _("no replacement string in template")); - goto clean_tcontent; - } - /* '\nprofile <profile_name>\0' */ if (virAsprintfQuiet(&replace_name, "\nprofile %s", profile_name) == -1) { vah_error(NULL, 0, _("could not allocate memory for profile name")); @@ -397,15 +388,7 @@ create_profile(const char *profile, const char *profile_name, goto clean_tcontent; } - /* 'libvirt-<driver_name>\0' */ - if (virAsprintfQuiet(&replace_driver, "libvirt-%s", driver_name) == -1) { - vah_error(NULL, 0, _("could not allocate memory for profile driver")); - VIR_FREE(replace_driver); - goto clean_tcontent; - } - - plen = tlen + strlen(replace_name) - strlen(template_name) + - strlen(replace_driver) - strlen(template_driver) + 1; + plen = tlen + strlen(replace_name) - strlen(template_name) + 1; if (virtType != VIR_DOMAIN_VIRT_LXC) plen += strlen(replace_files) - strlen(template_end); @@ -422,9 +405,6 @@ create_profile(const char *profile, const char *profile_name, pcontent[0] = '\0'; strcpy(pcontent, tcontent); - if (replace_string(pcontent, plen, template_driver, replace_driver) < 0) - goto clean_all; - if (replace_string(pcontent, plen, template_name, replace_name) < 0) goto clean_all; @@ -455,7 +435,6 @@ create_profile(const char *profile, const char *profile_name, clean_replace: VIR_FREE(replace_name); VIR_FREE(replace_files); - VIR_FREE(replace_driver); clean_tcontent: VIR_FREE(tcontent); end: -- 1.8.4.5

2 1

[libvirt] [PATCH 0/2] AppArmor lxc profile fixes
by Cédric Bosdonnat 15 Jul '14

15 Jul '14

Hi all, Here are 2 patches fixing AppArmor profiles for lxc containers. The main problem was that the current profile was: 1/ too restricting as it needed to allow all needed applications 2/ used PUx permissions, which made systemd (or bash) run as unprofiled as they have no profiles defined. The new profile is based on container-default profile shipped for lxc on Ubuntu. All applications are now running under the parent profile (ix permission) and some critical files accesses are denied. The first patch also avoid writing the useless libvirt-UUID.files for lxc containers. Cédric Bosdonnat (2): Don't output libvirt-UUID.files for LXC apparmor profiles Rework lxc apparmor profile examples/apparmor/Makefile.am | 6 +- examples/apparmor/TEMPLATE.lxc | 15 ++++ examples/apparmor/{TEMPLATE => TEMPLATE.qemu} | 2 +- examples/apparmor/libvirt-lxc | 119 +++++++++++++++++++++++--- src/security/security_apparmor.c | 20 +++-- src/security/virt-aa-helper.c | 32 ++----- 6 files changed, 150 insertions(+), 44 deletions(-) create mode 100644 examples/apparmor/TEMPLATE.lxc rename examples/apparmor/{TEMPLATE => TEMPLATE.qemu} (75%) -- 1.8.4.5

4 11

[libvirt] [PATCH 0/2] Fix condition value assignments in conditions
by Ján Tomko 15 Jul '14

15 Jul '14

Split into two patches, as we might want to backport the first one somewhere. Ján Tomko (2): Fix error on fs pool build failure Fix assignment of comparison against zero src/storage/storage_backend_fs.c | 2 +- tests/virnettlshelpers.c | 4 ++-- tools/virsh-network.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) -- 1.8.5.5

2 3

[libvirt] [PATCH] qemu: blockcopy: Initialize correct source structure
by Peter Krempa 15 Jul '14

15 Jul '14

4cc1f1a01fb338de939ba88eb933931687b22336 introduced a crash when doing a block copy as virStorageSourceInitChainElement was called on "disk->mirror" that is still NULL at that point instead of "mirror" which temporarily holds the mirror source struct until it's fully initialized. This resulted into a crash as a NULL was dereferenced. Reported by: Shanzi Yu <shyu(a)redhat.com> --- Fortunately unreleased. src/qemu/qemu_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 8d40bc9..c0ad446 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -15309,7 +15309,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm, if (VIR_STRDUP(mirror->path, dest) < 0) goto endjob; - if (virStorageSourceInitChainElement(disk->mirror, disk->src, false) < 0) + if (virStorageSourceInitChainElement(mirror, disk->src, false) < 0) goto endjob; if (qemuDomainPrepareDiskChainElement(driver, vm, mirror, -- 2.0.0

2 2

Re: [libvirt] [libvirt-users] LVM Volume Creation
by Ravi Samji 15 Jul '14

15 Jul '14

Hi All, I'm having issue with creating LVM Volume via libvirt. We are running libvirtd 1.2 with KVM. We are creating Volume Group (VG01) outside of libvirt and defining a storage pool for it. Here is the StoragePool XML for the Volume Group created outside libvirt. <pool type="logical"> <name>VG01</name> <target> <path>/dev/VG01</path> </target> </pool> We are creating Logical Volume (ub_test01.img) through libvirt in the Volume Group (VG01) Here is the XML to create Storage Volume in LVM Storage Pool VG01. <volume type="block"> <name>ub_test01.img</name> <allocation>0</allocation> <capacity unit="M">1</capacity> <target> <format type="lvm2" /> </target> </volume> When I create the Logical Volume from libvirt using above XML and run lvs command to list logical volumes, this is what I see. LV VG Attr LSize Origin Snap% Move Log Copy% Convert --------------- ------- ------- ------- ----------------------- ------- ------- ------- ------- ------- foo VG01 -wi-a- 1.00g ub_test01.img VG01 swi-a- 4.00m [ub_test01.img_vorigin] 0.20 root ops-02 -wi-ao 227.08g swap_1 ops-02 -wi-ao 5.75g As you see, ub_test01.img shows that it has an Origin indicating that it was created as a snapshot, but, that Origin doesn't exist and wasn't specified. I'd appreciate if you anyone can help me understand what is going on and/or describe how to make libvirt create logical volumes not as a snapshot. I'm happy to enable debugging to see what command libvirt is running to create the volume if someone case describe how to enable debugging. Regards, Ravi Message sent via Atmail Open - http://atmail.org/

2 1

[libvirt] python bindings links?
by Eric Blake 15 Jul '14

15 Jul '14

According to http://libvirt.org/bindings.html, python bindings are still listed as part of libvirt.git. But now that they are a separate git repository, we probably ought to have a more official page for these bindings, including an easy-to-find link to the repository viewer. Right now, libvirt.org/python doesn't have any hits; seems like the obvious place to put such information, given that we already have libvirt.org/php. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org

2 1

[libvirt] LVM Volume Creation
by Ravi Samji 15 Jul '14

15 Jul '14

Hi All, I'm having issue with creating LVM volume via libvirt. XML of LVM StoragePool is: VG01 /dev/VG01 (existing vg) XML of create volume in lvm pool is: ub_test01.img 0 1 When I create the volume with above XML defn, lvs command to list logical volume shows a value in the origin column indicating it was created as snapshot.. the strange thing is that the origin volume does not exist..! something strange going on. You can see the lvs output here See http://pastebin.com/prk6VqwD [1] I'd appreciate if you anyone can help me understand what is going on and/or describe how to make libvirt create logical volumes not as a snapshot. We are running libvirtd 1.2 with KVM. Regards, Ravi ------------------------- Message sent via Atmail Open - http://atmail.org/ Links: ------ [1] http://pastebin.com/prk6VqwD

2 1