[libvirt] [PATCH 0/2] Tri-state bool enum cleanups
by Ján Tomko
We have been using a few different enum types with the same values:
DEFAULT
ENABLED = "on" / "yes"
DISABLED = "off" / "no"
Replace these with just two enums with rather unimaginative names:
virDomainYesNo and virDomainOnOff
Ján Tomko (2):
Introduce virDomainYesNo enum type
Introduce virDomainOnOff enum
src/conf/domain_conf.c | 194 +++++++++++++++++------------------------------
src/conf/domain_conf.h | 127 +++++--------------------------
src/libvirt_private.syms | 26 +------
src/libxl/libxl_conf.c | 6 +-
src/lxc/lxc_container.c | 4 +-
src/lxc/lxc_native.c | 2 +-
src/qemu/qemu_command.c | 80 +++++++++----------
src/qemu/qemu_driver.c | 4 +-
src/qemu/qemu_process.c | 2 +-
src/vbox/vbox_tmpl.c | 22 +++---
src/xenxs/xen_sxpr.c | 20 ++---
src/xenxs/xen_xm.c | 20 ++---
12 files changed, 174 insertions(+), 333 deletions(-)
--
1.8.5.5
10 years, 4 months
[libvirt] [PATCHv3] Rework lxc apparmor profile
by Cédric Bosdonnat
Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default.
This profile allows quite a lot, but strives to restrict access to
dangerous resources.
Removing the explicit authorizations to bash, systemd and cron files,
forces them to keep the lxc profile for all applications inside the
container. PUx permissions where leading to running systemd (and others
tasks) unconfined.
Put the generic files, network and capabilities restrictions directly
in the TEMPLATE.lxc: this way, users can restrict them on a per
container basis.
---
Diff to v2:
* Fixed missing goto cleanup
examples/apparmor/Makefile.am | 6 +-
examples/apparmor/TEMPLATE.lxc | 15 ++++
examples/apparmor/{TEMPLATE => TEMPLATE.qemu} | 2 +-
examples/apparmor/libvirt-lxc | 119 +++++++++++++++++++++++---
src/security/security_apparmor.c | 21 +++--
src/security/virt-aa-helper.c | 29 +------
6 files changed, 149 insertions(+), 43 deletions(-)
create mode 100644 examples/apparmor/TEMPLATE.lxc
rename examples/apparmor/{TEMPLATE => TEMPLATE.qemu} (75%)
diff --git a/examples/apparmor/Makefile.am b/examples/apparmor/Makefile.am
index a741e94..7a20e16 100644
--- a/examples/apparmor/Makefile.am
+++ b/examples/apparmor/Makefile.am
@@ -15,7 +15,8 @@
## <http://www.gnu.org/licenses/>.
EXTRA_DIST= \
- TEMPLATE \
+ TEMPLATE.qemu \
+ TEMPLATE.lxc \
libvirt-qemu \
libvirt-lxc \
usr.lib.libvirt.virt-aa-helper \
@@ -36,6 +37,7 @@ abstractions_DATA = \
templatesdir = $(apparmordir)/libvirt
templates_DATA = \
- TEMPLATE \
+ TEMPLATE.qemu \
+ TEMPLATE.lxc \
$(NULL)
endif WITH_APPARMOR_PROFILES
diff --git a/examples/apparmor/TEMPLATE.lxc b/examples/apparmor/TEMPLATE.lxc
new file mode 100644
index 0000000..7b64885
--- /dev/null
+++ b/examples/apparmor/TEMPLATE.lxc
@@ -0,0 +1,15 @@
+#
+# This profile is for the domain whose UUID matches this file.
+#
+
+#include <tunables/global>
+
+profile LIBVIRT_TEMPLATE {
+ #include <abstractions/libvirt-lxc>
+
+ # Globally allows everything to run under this profile
+ # These can be narrowed depending on the container's use.
+ file,
+ capability,
+ network,
+}
diff --git a/examples/apparmor/TEMPLATE b/examples/apparmor/TEMPLATE.qemu
similarity index 75%
rename from examples/apparmor/TEMPLATE
rename to examples/apparmor/TEMPLATE.qemu
index 187dec5..008a221 100644
--- a/examples/apparmor/TEMPLATE
+++ b/examples/apparmor/TEMPLATE.qemu
@@ -5,5 +5,5 @@
#include <tunables/global>
profile LIBVIRT_TEMPLATE {
- #include <abstractions/libvirt-driver>
+ #include <abstractions/libvirt-qemu>
}
diff --git a/examples/apparmor/libvirt-lxc b/examples/apparmor/libvirt-lxc
index d404328..4bfb503 100644
--- a/examples/apparmor/libvirt-lxc
+++ b/examples/apparmor/libvirt-lxc
@@ -2,16 +2,115 @@
#include <abstractions/base>
- # Needed for lxc-enter-namespace
- capability sys_admin,
- capability sys_chroot,
+ umount,
- # Added for lxc-enter-namespace --cmd /bin/bash
- /bin/bash PUx,
+ # ignore DENIED message on / remount
+ deny mount options=(ro, remount) -> /,
- /usr/sbin/cron PUx,
- /usr/lib/systemd/systemd PUx,
+ # allow tmpfs mounts everywhere
+ mount fstype=tmpfs,
- /usr/lib/libsystemd-*.so.* mr,
- /usr/lib/libudev-*.so.* mr,
- /etc/ld.so.cache mr,
+ # allow mqueue mounts everywhere
+ mount fstype=mqueue,
+
+ # allow fuse mounts everywhere
+ mount fstype=fuse.*,
+
+ # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted
+ mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
+ deny @{PROC}/sys/fs/** wklx,
+
+ # allow efivars to be mounted, writing to it will be blocked though
+ mount fstype=efivarfs -> /sys/firmware/efi/efivars/,
+
+ # block some other dangerous paths
+ deny @{PROC}/sysrq-trigger rwklx,
+ deny @{PROC}/mem rwklx,
+ deny @{PROC}/kmem rwklx,
+
+ # deny writes in /sys except for /sys/fs/cgroup, also allow
+ # fusectl, securityfs and debugfs to be mounted there (read-only)
+ mount fstype=fusectl -> /sys/fs/fuse/connections/,
+ mount fstype=securityfs -> /sys/kernel/security/,
+ mount fstype=debugfs -> /sys/kernel/debug/,
+ mount fstype=proc -> /proc/,
+ mount fstype=sysfs -> /sys/,
+ deny /sys/firmware/efi/efivars/** rwklx,
+ deny /sys/kernel/security/** rwklx,
+
+ # generated by: lxc-generate-aa-rules.py container-rules.base
+ deny /proc/sys/[^kn]*{,/**} wklx,
+ deny /proc/sys/k[^e]*{,/**} wklx,
+ deny /proc/sys/ke[^r]*{,/**} wklx,
+ deny /proc/sys/ker[^n]*{,/**} wklx,
+ deny /proc/sys/kern[^e]*{,/**} wklx,
+ deny /proc/sys/kerne[^l]*{,/**} wklx,
+ deny /proc/sys/kernel/[^smhd]*{,/**} wklx,
+ deny /proc/sys/kernel/d[^o]*{,/**} wklx,
+ deny /proc/sys/kernel/do[^m]*{,/**} wklx,
+ deny /proc/sys/kernel/dom[^a]*{,/**} wklx,
+ deny /proc/sys/kernel/doma[^i]*{,/**} wklx,
+ deny /proc/sys/kernel/domai[^n]*{,/**} wklx,
+ deny /proc/sys/kernel/domain[^n]*{,/**} wklx,
+ deny /proc/sys/kernel/domainn[^a]*{,/**} wklx,
+ deny /proc/sys/kernel/domainna[^m]*{,/**} wklx,
+ deny /proc/sys/kernel/domainnam[^e]*{,/**} wklx,
+ deny /proc/sys/kernel/domainname?*{,/**} wklx,
+ deny /proc/sys/kernel/h[^o]*{,/**} wklx,
+ deny /proc/sys/kernel/ho[^s]*{,/**} wklx,
+ deny /proc/sys/kernel/hos[^t]*{,/**} wklx,
+ deny /proc/sys/kernel/host[^n]*{,/**} wklx,
+ deny /proc/sys/kernel/hostn[^a]*{,/**} wklx,
+ deny /proc/sys/kernel/hostna[^m]*{,/**} wklx,
+ deny /proc/sys/kernel/hostnam[^e]*{,/**} wklx,
+ deny /proc/sys/kernel/hostname?*{,/**} wklx,
+ deny /proc/sys/kernel/m[^s]*{,/**} wklx,
+ deny /proc/sys/kernel/ms[^g]*{,/**} wklx,
+ deny /proc/sys/kernel/msg*/** wklx,
+ deny /proc/sys/kernel/s[^he]*{,/**} wklx,
+ deny /proc/sys/kernel/se[^m]*{,/**} wklx,
+ deny /proc/sys/kernel/sem*/** wklx,
+ deny /proc/sys/kernel/sh[^m]*{,/**} wklx,
+ deny /proc/sys/kernel/shm*/** wklx,
+ deny /proc/sys/kernel?*{,/**} wklx,
+ deny /proc/sys/n[^e]*{,/**} wklx,
+ deny /proc/sys/ne[^t]*{,/**} wklx,
+ deny /proc/sys/net?*{,/**} wklx,
+ deny /sys/[^fdc]*{,/**} wklx,
+ deny /sys/c[^l]*{,/**} wklx,
+ deny /sys/cl[^a]*{,/**} wklx,
+ deny /sys/cla[^s]*{,/**} wklx,
+ deny /sys/clas[^s]*{,/**} wklx,
+ deny /sys/class/[^n]*{,/**} wklx,
+ deny /sys/class/n[^e]*{,/**} wklx,
+ deny /sys/class/ne[^t]*{,/**} wklx,
+ deny /sys/class/net?*{,/**} wklx,
+ deny /sys/class?*{,/**} wklx,
+ deny /sys/d[^e]*{,/**} wklx,
+ deny /sys/de[^v]*{,/**} wklx,
+ deny /sys/dev[^i]*{,/**} wklx,
+ deny /sys/devi[^c]*{,/**} wklx,
+ deny /sys/devic[^e]*{,/**} wklx,
+ deny /sys/device[^s]*{,/**} wklx,
+ deny /sys/devices/[^v]*{,/**} wklx,
+ deny /sys/devices/v[^i]*{,/**} wklx,
+ deny /sys/devices/vi[^r]*{,/**} wklx,
+ deny /sys/devices/vir[^t]*{,/**} wklx,
+ deny /sys/devices/virt[^u]*{,/**} wklx,
+ deny /sys/devices/virtu[^a]*{,/**} wklx,
+ deny /sys/devices/virtua[^l]*{,/**} wklx,
+ deny /sys/devices/virtual/[^n]*{,/**} wklx,
+ deny /sys/devices/virtual/n[^e]*{,/**} wklx,
+ deny /sys/devices/virtual/ne[^t]*{,/**} wklx,
+ deny /sys/devices/virtual/net?*{,/**} wklx,
+ deny /sys/devices/virtual?*{,/**} wklx,
+ deny /sys/devices?*{,/**} wklx,
+ deny /sys/f[^s]*{,/**} wklx,
+ deny /sys/fs/[^c]*{,/**} wklx,
+ deny /sys/fs/c[^g]*{,/**} wklx,
+ deny /sys/fs/cg[^r]*{,/**} wklx,
+ deny /sys/fs/cgr[^o]*{,/**} wklx,
+ deny /sys/fs/cgro[^u]*{,/**} wklx,
+ deny /sys/fs/cgrou[^p]*{,/**} wklx,
+ deny /sys/fs/cgroup?*{,/**} wklx,
+ deny /sys/fs?*{,/**} wklx,
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 9603c78..e6563de 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -351,26 +351,37 @@ AppArmorSetSecuritySCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED,
static int
AppArmorSecurityManagerProbe(const char *virtDriver ATTRIBUTE_UNUSED)
{
- char *template = NULL;
+ char *template_qemu = NULL;
+ char *template_lxc = NULL;
int rc = SECURITY_DRIVER_DISABLE;
if (use_apparmor() < 0)
return rc;
/* see if template file exists */
- if (virAsprintf(&template, "%s/TEMPLATE",
+ if (virAsprintf(&template_qemu, "%s/TEMPLATE.qemu",
APPARMOR_DIR "/libvirt") == -1)
return rc;
- if (!virFileExists(template)) {
+ if (virAsprintf(&template_lxc, "%s/TEMPLATE.lxc",
+ APPARMOR_DIR "/libvirt") == -1)
+ goto cleanup;
+
+ if (!virFileExists(template_qemu)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("template \'%s\' does not exist"), template_qemu);
+ goto cleanup;
+ }
+ if (!virFileExists(template_lxc)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _("template \'%s\' does not exist"), template);
+ _("template \'%s\' does not exist"), template_lxc);
goto cleanup;
}
rc = SECURITY_DRIVER_ENABLE;
cleanup:
- VIR_FREE(template);
+ VIR_FREE(template_qemu);
+ VIR_FREE(template_lxc);
return rc;
}
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index f11855d..fe9ad59 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -336,24 +336,20 @@ create_profile(const char *profile, const char *profile_name,
char *pcontent = NULL;
char *replace_name = NULL;
char *replace_files = NULL;
- char *replace_driver = NULL;
const char *template_name = "\nprofile LIBVIRT_TEMPLATE";
const char *template_end = "\n}";
- const char *template_driver = "libvirt-driver";
int tlen, plen;
int fd;
int rc = -1;
- const char *driver_name = "qemu";
-
- if (virtType == VIR_DOMAIN_VIRT_LXC)
- driver_name = "lxc";
if (virFileExists(profile)) {
vah_error(NULL, 0, _("profile exists"));
goto end;
}
- if (virAsprintfQuiet(&template, "%s/TEMPLATE", APPARMOR_DIR "/libvirt") < 0) {
+
+ if (virAsprintfQuiet(&template, "%s/TEMPLATE.%s", APPARMOR_DIR "/libvirt",
+ virDomainVirtTypeToString(virtType)) < 0) {
vah_error(NULL, 0, _("template name exceeds maximum length"));
goto end;
}
@@ -378,11 +374,6 @@ create_profile(const char *profile, const char *profile_name,
goto clean_tcontent;
}
- if (strstr(tcontent, template_driver) == NULL) {
- vah_error(NULL, 0, _("no replacement string in template"));
- goto clean_tcontent;
- }
-
/* '\nprofile <profile_name>\0' */
if (virAsprintfQuiet(&replace_name, "\nprofile %s", profile_name) == -1) {
vah_error(NULL, 0, _("could not allocate memory for profile name"));
@@ -397,15 +388,7 @@ create_profile(const char *profile, const char *profile_name,
goto clean_tcontent;
}
- /* 'libvirt-<driver_name>\0' */
- if (virAsprintfQuiet(&replace_driver, "libvirt-%s", driver_name) == -1) {
- vah_error(NULL, 0, _("could not allocate memory for profile driver"));
- VIR_FREE(replace_driver);
- goto clean_tcontent;
- }
-
- plen = tlen + strlen(replace_name) - strlen(template_name) +
- strlen(replace_driver) - strlen(template_driver) + 1;
+ plen = tlen + strlen(replace_name) - strlen(template_name) + 1;
if (virtType != VIR_DOMAIN_VIRT_LXC)
plen += strlen(replace_files) - strlen(template_end);
@@ -422,9 +405,6 @@ create_profile(const char *profile, const char *profile_name,
pcontent[0] = '\0';
strcpy(pcontent, tcontent);
- if (replace_string(pcontent, plen, template_driver, replace_driver) < 0)
- goto clean_all;
-
if (replace_string(pcontent, plen, template_name, replace_name) < 0)
goto clean_all;
@@ -455,7 +435,6 @@ create_profile(const char *profile, const char *profile_name,
clean_replace:
VIR_FREE(replace_name);
VIR_FREE(replace_files);
- VIR_FREE(replace_driver);
clean_tcontent:
VIR_FREE(tcontent);
end:
--
1.8.4.5
10 years, 4 months
[libvirt] [PATCH 0/2] AppArmor lxc profile fixes
by Cédric Bosdonnat
Hi all,
Here are 2 patches fixing AppArmor profiles for lxc containers. The main problem was
that the current profile was:
1/ too restricting as it needed to allow all needed applications
2/ used PUx permissions, which made systemd (or bash) run as unprofiled as they
have no profiles defined.
The new profile is based on container-default profile shipped for lxc on Ubuntu.
All applications are now running under the parent profile (ix permission) and some
critical files accesses are denied.
The first patch also avoid writing the useless libvirt-UUID.files for lxc containers.
Cédric Bosdonnat (2):
Don't output libvirt-UUID.files for LXC apparmor profiles
Rework lxc apparmor profile
examples/apparmor/Makefile.am | 6 +-
examples/apparmor/TEMPLATE.lxc | 15 ++++
examples/apparmor/{TEMPLATE => TEMPLATE.qemu} | 2 +-
examples/apparmor/libvirt-lxc | 119 +++++++++++++++++++++++---
src/security/security_apparmor.c | 20 +++--
src/security/virt-aa-helper.c | 32 ++-----
6 files changed, 150 insertions(+), 44 deletions(-)
create mode 100644 examples/apparmor/TEMPLATE.lxc
rename examples/apparmor/{TEMPLATE => TEMPLATE.qemu} (75%)
--
1.8.4.5
10 years, 4 months
[libvirt] [PATCH 0/2] Fix condition value assignments in conditions
by Ján Tomko
Split into two patches, as we might want to backport the first one somewhere.
Ján Tomko (2):
Fix error on fs pool build failure
Fix assignment of comparison against zero
src/storage/storage_backend_fs.c | 2 +-
tests/virnettlshelpers.c | 4 ++--
tools/virsh-network.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
--
1.8.5.5
10 years, 4 months
[libvirt] [PATCH] qemu: blockcopy: Initialize correct source structure
by Peter Krempa
4cc1f1a01fb338de939ba88eb933931687b22336 introduced a crash when doing a
block copy as virStorageSourceInitChainElement was called on
"disk->mirror" that is still NULL at that point instead of "mirror"
which temporarily holds the mirror source struct until it's fully
initialized. This resulted into a crash as a NULL was dereferenced.
Reported by: Shanzi Yu <shyu(a)redhat.com>
---
Fortunately unreleased.
src/qemu/qemu_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 8d40bc9..c0ad446 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -15309,7 +15309,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
if (VIR_STRDUP(mirror->path, dest) < 0)
goto endjob;
- if (virStorageSourceInitChainElement(disk->mirror, disk->src, false) < 0)
+ if (virStorageSourceInitChainElement(mirror, disk->src, false) < 0)
goto endjob;
if (qemuDomainPrepareDiskChainElement(driver, vm, mirror,
--
2.0.0
10 years, 4 months
Re: [libvirt] [libvirt-users] LVM Volume Creation
by Ravi Samji
Hi All,
I'm having issue with creating LVM Volume via libvirt.
We are running libvirtd 1.2 with KVM.
We are creating Volume Group (VG01) outside of libvirt and defining a storage pool for it.
Here is the StoragePool XML for the Volume Group created outside libvirt.
<pool type="logical">
<name>VG01</name>
<target>
<path>/dev/VG01</path>
</target>
</pool>
We are creating Logical Volume (ub_test01.img) through libvirt in the Volume Group (VG01)
Here is the XML to create Storage Volume in LVM Storage Pool VG01.
<volume type="block">
<name>ub_test01.img</name>
<allocation>0</allocation>
<capacity unit="M">1</capacity>
<target>
<format type="lvm2" />
</target>
</volume>
When I create the Logical Volume from libvirt using above XML and run lvs command to list logical volumes, this is what I see.
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
--------------- ------- ------- ------- ----------------------- ------- ------- ------- ------- -------
foo VG01 -wi-a- 1.00g
ub_test01.img VG01 swi-a- 4.00m [ub_test01.img_vorigin] 0.20
root ops-02 -wi-ao 227.08g
swap_1 ops-02 -wi-ao 5.75g
As you see, ub_test01.img shows that it has an Origin indicating that it was created as a snapshot, but, that Origin doesn't exist and wasn't specified.
I'd appreciate if you anyone can help me understand what is going on and/or describe how to make libvirt create logical volumes not as a snapshot.
I'm happy to enable debugging to see what command libvirt is running to create the volume if someone case describe how to enable debugging.
Regards,
Ravi
Message sent via Atmail Open - http://atmail.org/
10 years, 4 months
[libvirt] LVM Volume Creation
by Ravi Samji
Hi All,
I'm having issue with creating LVM volume via libvirt.
XML of LVM StoragePool is:
VG01
/dev/VG01
(existing vg)
XML of create volume in lvm pool is:
ub_test01.img
0
1
When I create the volume with above XML defn, lvs command to list logical
volume shows a value in the origin column indicating it was created as
snapshot.. the strange thing is that the origin volume does not exist..!
something strange going on. You can see the lvs output here See
http://pastebin.com/prk6VqwD [1]
I'd appreciate if you anyone can help me understand what is going on and/or
describe how to make libvirt create logical volumes not as a snapshot.
We are running libvirtd 1.2 with KVM.
Regards,
Ravi
-------------------------
Message sent via Atmail Open - http://atmail.org/
Links:
------
[1] http://pastebin.com/prk6VqwD
10 years, 4 months
[libvirt] [libvirt-glib 1/3] Add gvir_config_capabilities_cpu_get_model()
by Zeeshan Ali (Khattak)
Add a method to get the model of the CPU from capabilities.
---
libvirt-gconfig/libvirt-gconfig-capabilities-cpu.c | 6 ++++++
libvirt-gconfig/libvirt-gconfig-capabilities-cpu.h | 2 ++
libvirt-gconfig/libvirt-gconfig.sym | 2 ++
3 files changed, 10 insertions(+)
diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-cpu.c b/libvirt-gconfig/libvirt-gconfig-capabilities-cpu.c
index f4753ff..255c4d7 100644
--- a/libvirt-gconfig/libvirt-gconfig-capabilities-cpu.c
+++ b/libvirt-gconfig/libvirt-gconfig-capabilities-cpu.c
@@ -60,6 +60,12 @@ gvir_config_capabilities_cpu_get_arch(GVirConfigCapabilitiesCpu *cpu)
return gvir_config_object_get_node_content(GVIR_CONFIG_OBJECT(cpu), "arch");
}
+const gchar *
+gvir_config_capabilities_cpu_get_model(GVirConfigCapabilitiesCpu *cpu)
+{
+ return gvir_config_object_get_node_content(GVIR_CONFIG_OBJECT(cpu), "model");
+}
+
/**
* gvir_config_capabilities_cpu_add_feature:
*
diff --git a/libvirt-gconfig/libvirt-gconfig-capabilities-cpu.h b/libvirt-gconfig/libvirt-gconfig-capabilities-cpu.h
index ce3613f..c6c152f 100644
--- a/libvirt-gconfig/libvirt-gconfig-capabilities-cpu.h
+++ b/libvirt-gconfig/libvirt-gconfig-capabilities-cpu.h
@@ -66,6 +66,8 @@ GType gvir_config_capabilities_cpu_get_type(void);
const gchar *
gvir_config_capabilities_cpu_get_arch(GVirConfigCapabilitiesCpu *cpu);
+const gchar *
+gvir_config_capabilities_cpu_get_model(GVirConfigCapabilitiesCpu *cpu);
void gvir_config_capabilities_cpu_add_feature(GVirConfigCapabilitiesCpu *cpu,
GVirConfigCapabilitiesCpuFeature *feature);
GList *
diff --git a/libvirt-gconfig/libvirt-gconfig.sym b/libvirt-gconfig/libvirt-gconfig.sym
index 0d33fdb..86dada6 100644
--- a/libvirt-gconfig/libvirt-gconfig.sym
+++ b/libvirt-gconfig/libvirt-gconfig.sym
@@ -689,6 +689,8 @@ global:
LIBVIRT_GCONFIG_0.1.9 {
global:
+ gvir_config_capabilities_cpu_get_model;
+
gvir_config_capabilities_host_get_secmodels;
gvir_config_capabilities_host_secmodel_get_doi;
--
1.9.3
10 years, 4 months
[libvirt] [PATCH] GetBlockInfo: Use the correct path to qemuOpenFile
by John Ferlan
Commit id '3ea661de' refactored the code to use the 'disk->src->path'
instead of getting the path from virDomainDiskGetSource(). The one
call to qemuOpenFile() didn't use the disk source path, rather it used
the path as passed from the caller (in this case 'vda') - this caused
a failure with the virt-test/tp-libvirt as follows:
$ virsh domblkinfo virt-tests-vm1 vda
error: cannot stat file '/home/virt-test/shared/data/images/jeos-20-64.qcow2': Bad file descriptor
$
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
NOTE: Luckily this hasn't crept into a release...
src/qemu/qemu_driver.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ecccf6c..8d40bc9 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -10370,7 +10370,8 @@ qemuDomainGetBlockInfo(virDomainPtr dom,
goto cleanup;
}
- if ((fd = qemuOpenFile(driver, vm, path, O_RDONLY, NULL, NULL)) == -1)
+ if ((fd = qemuOpenFile(driver, vm, disk->src->path, O_RDONLY,
+ NULL, NULL)) == -1)
goto cleanup;
if (fstat(fd, &sb) < 0) {
--
1.9.3
10 years, 4 months
