[libvirt] [PATCHv3 0/3] Couple of seclabels improvements
by Michal Privoznik
Some patches of the previous version are pushed already.
However, there are some new too.
Michal Privoznik (3):
conf: Always format seclabel's model
virSecurityLabelDefParseXML: Rework
virSecurityLabelDef: use enum type for @type
src/conf/domain_conf.c | 129 +++++++++++----------
src/security/security_dac.c | 2 +-
src/util/virseclabel.h | 2 +-
.../qemuxml2argv-seclabel-dynamic-none.xml | 28 +++++
tests/qemuxml2xmltest.c | 1 +
5 files changed, 101 insertions(+), 61 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-none.xml
--
1.8.5.5
10 years, 4 months
[libvirt] [PATCH 0/2] capabilities cleanups
by Eric Blake
I'm still trying to figure out how best to expose capabilities
in the new virConnectGetDomainCapabilities for things such as
active commit - we may want to tweak that XML before it becomes
baked in as part of the 1.2.7 release. But meanwhile, these
two patches should be fairly non-controversial.
Eric Blake (2):
docs: mention more about older capability feature bits
capabilities: use bool instead of int
docs/formatcaps.html.in | 42 +++++++++++++++++++++++++++++++++++++++-
src/bhyve/bhyve_capabilities.c | 2 +-
src/conf/capabilities.c | 18 ++++++++---------
src/conf/capabilities.h | 18 ++++++++---------
src/esx/esx_driver.c | 4 ++--
src/libxl/libxl_conf.c | 4 ++--
src/lxc/lxc_conf.c | 4 ++--
src/openvz/openvz_conf.c | 2 +-
src/parallels/parallels_driver.c | 2 +-
src/phyp/phyp_driver.c | 2 +-
src/qemu/qemu_capabilities.c | 17 ++++++++--------
src/security/virt-aa-helper.c | 2 +-
src/test/test_driver.c | 6 +++---
src/uml/uml_conf.c | 2 +-
src/vbox/vbox_tmpl.c | 2 +-
src/vmware/vmware_conf.c | 2 +-
src/xen/xen_hypervisor.c | 31 ++++++++++++++---------------
src/xenapi/xenapi_driver.c | 2 +-
tests/qemucaps2xmltest.c | 2 +-
tests/testutils.c | 2 +-
tests/testutilslxc.c | 2 +-
tests/testutilsqemu.c | 6 +++---
tests/testutilsxen.c | 2 +-
tests/vircaps2xmltest.c | 2 +-
tests/vircapstest.c | 2 +-
tests/vmx2xmltest.c | 2 +-
tests/xml2vmxtest.c | 2 +-
27 files changed, 112 insertions(+), 72 deletions(-)
--
1.9.3
10 years, 4 months
[libvirt] [PATCHv2]util:openvswitch:Delete port if it is exist when add port
by Lichunhe
If the ovs service stop abnormal, or host cold reboot, vm is destroyed after ovs service stop. The ovs port which connect to interface of vm will not be clear. When the ovs service restart, recover configuration from db, but the interface is no exist, port recovery failed, and then vm restart on the same host, libvirt add port again, but the port configuration is same as before, ovs will not connect the interface, only store the configuration in db. Below will trigger this problem,
virsh start vm
service openvswitch-switch stop
virsh destroy vm
service openvswitch-switch start
virsh start vm
Signed-off-by: Chunhe Li <lichunhe(a)huawei.com>
---
src/util/virnetdevopenvswitch.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/virnetdevopenvswitch.c b/src/util/virnetdevopenvswitch.c
index 9bcbfb1..2c414ad 100644
--- a/src/util/virnetdevopenvswitch.c
+++ b/src/util/virnetdevopenvswitch.c
@@ -84,8 +84,8 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname,
cmd = virCommandNew(OVSVSCTL);
- virCommandAddArgList(cmd, "--timeout=5", "--", "--may-exist", "add-port",
- brname, ifname, NULL);
+ virCommandAddArgList(cmd, "--timeout=5", "--", "--if-exists", "del-port",
+ ifname, "--", "add-port", brname, ifname, NULL);
if (virtVlan && virtVlan->nTags > 0) {
--
1.9.2.msysgit.0
10 years, 4 months
[libvirt] [PATCHv2 0/2] doc: Improve snapshot/blockjob docs
by Peter Krempa
Peter Krempa (2):
doc: Document that snapshot name of block-backed disk isnt
autogenerated
doc: Be more specific about semantics of _REUSE_EXT flag
docs/formatsnapshot.html.in | 8 +++++---
src/libvirt.c | 23 ++++++++++++++---------
tools/virsh.pod | 21 +++++++++++++--------
3 files changed, 32 insertions(+), 20 deletions(-)
--
2.0.0
10 years, 4 months
[libvirt] [PATCH] conf: Fix possible NULL dereference in virStorageVolTargetDefFormat
by Matthias Bolte
Commit dae1568c6c6455091e8cd9bc2e90a22af3d3880c converted the perms
member of the virStorageVolTarget struct into a pointer to make it
optional. But virStorageVolTargetDefFormat did not check perms for
NULL before dereferencing it.
---
src/conf/storage_conf.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c
index 9ac5975..aa29658 100644
--- a/src/conf/storage_conf.c
+++ b/src/conf/storage_conf.c
@@ -1423,22 +1423,24 @@ virStorageVolTargetDefFormat(virStorageVolOptionsPtr options,
virBufferAsprintf(buf, "<format type='%s'/>\n", format);
}
- virBufferAddLit(buf, "<permissions>\n");
- virBufferAdjustIndent(buf, 2);
+ if (def->perms) {
+ virBufferAddLit(buf, "<permissions>\n");
+ virBufferAdjustIndent(buf, 2);
- virBufferAsprintf(buf, "<mode>0%o</mode>\n",
- def->perms->mode);
- virBufferAsprintf(buf, "<owner>%u</owner>\n",
- (unsigned int) def->perms->uid);
- virBufferAsprintf(buf, "<group>%u</group>\n",
- (unsigned int) def->perms->gid);
+ virBufferAsprintf(buf, "<mode>0%o</mode>\n",
+ def->perms->mode);
+ virBufferAsprintf(buf, "<owner>%u</owner>\n",
+ (unsigned int) def->perms->uid);
+ virBufferAsprintf(buf, "<group>%u</group>\n",
+ (unsigned int) def->perms->gid);
- virBufferEscapeString(buf, "<label>%s</label>\n",
- def->perms->label);
+ virBufferEscapeString(buf, "<label>%s</label>\n",
+ def->perms->label);
- virBufferAdjustIndent(buf, -2);
- virBufferAddLit(buf, "</permissions>\n");
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</permissions>\n");
+ }
if (def->timestamps) {
virBufferAddLit(buf, "<timestamps>\n");
--
1.9.1
10 years, 4 months
[libvirt] [PATCH] virseclabel: Resolve Coverity FORWARD_NULL issue
by John Ferlan
Resolve issue introduced by commit id '13adf1b'
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/util/virseclabel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virseclabel.c b/src/util/virseclabel.c
index e9d973c..02a8342 100644
--- a/src/util/virseclabel.c
+++ b/src/util/virseclabel.c
@@ -61,7 +61,7 @@ virSecurityLabelDefNew(const char *model)
if (VIR_ALLOC(seclabel) < 0 ||
VIR_STRDUP(seclabel->model, model) < 0) {
virSecurityLabelDefFree(seclabel);
- seclabel = NULL;
+ return NULL;
}
seclabel->relabel = true;
--
1.9.3
10 years, 4 months
[libvirt] [PATCHv2 0/2] AppArmor lxc profile fixes
by Cédric Bosdonnat
Diff to v1:
* virt-aa-helper: don't return -1 when reloading the profile: nothing
to do isn't a bad thing sometimes.
Cédric Bosdonnat (2):
Don't output libvirt-UUID.files for LXC apparmor profiles
Rework lxc apparmor profile
examples/apparmor/Makefile.am | 6 +-
examples/apparmor/TEMPLATE.lxc | 15 ++++
examples/apparmor/{TEMPLATE => TEMPLATE.qemu} | 2 +-
examples/apparmor/libvirt-lxc | 119 +++++++++++++++++++++++---
src/security/security_apparmor.c | 20 +++--
src/security/virt-aa-helper.c | 34 ++------
6 files changed, 152 insertions(+), 44 deletions(-)
create mode 100644 examples/apparmor/TEMPLATE.lxc
rename examples/apparmor/{TEMPLATE => TEMPLATE.qemu} (75%)
--
1.8.4.5
10 years, 4 months
[libvirt] [PATCH] libxl: Correct cast to virDomainDiskDiscard enum.
by Jim Fehlig
From: Ian Campbell <Ian.Campbell(a)citrix.com>
This was converted to a typedef in 5a2bd4c9171d "conf: more enum
cleanups in "src/conf/domain_conf.h"" causing:
libxl/libxl_conf.c: In function 'libxlDiskSetDiscard':
libxl/libxl_conf.c:724:19: error: conversion to incomplete type
Signed-off-by: Ian Campbell <ian.campbell(a)citrix.com>
---
This build failure was found by the osstest build bot
http://lists.xen.org/archives/html/xen-devel/2014-07/msg01552.html
Pushing under the build-breaker rule.
src/libxl/libxl_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 0b4a0b5..f620d47 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -721,7 +721,7 @@ libxlDiskSetDiscard(libxl_device_disk *x_disk, int discard)
if (!x_disk->readwrite)
return 0;
#if defined(LIBXL_HAVE_LIBXL_DEVICE_DISK_DISCARD_ENABLE)
- switch ((enum virDomainDiskDiscard)discard) {
+ switch ((virDomainDiskDiscard)discard) {
case VIR_DOMAIN_DISK_DISCARD_DEFAULT:
case VIR_DOMAIN_DISK_DISCARD_LAST:
break;
--
1.8.4.5
10 years, 4 months
[libvirt] CPU model API (v2)
by Zeeshan Ali (Khattak)
v2:
* Correct hierarchy for GVirConfigDomainCpuModel
* Correct order of new symbols in .sym file
10 years, 4 months
[libvirt] [PATCH v3] LXC: add support for --config in setmem command
by Chen Hanxiao
In lxc, we could not use setmem command
with --config options.
This patch will add support for this.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
---
v3: add max_balloon check for AFFECT_CONFIG
v2: use virDomainSetMemoryFlagsEnsureACL
remove redundant domain running check
src/lxc/lxc_driver.c | 58 ++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 47 insertions(+), 11 deletions(-)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 3253211..f04b543 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -711,36 +711,64 @@ static int lxcDomainSetMaxMemory(virDomainPtr dom, unsigned long newmax)
return ret;
}
-static int lxcDomainSetMemory(virDomainPtr dom, unsigned long newmem)
+static int lxcDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem,
+ unsigned int flags)
{
virDomainObjPtr vm;
+ virDomainDefPtr persistentDef = NULL;
+ virCapsPtr caps = NULL;
int ret = -1;
virLXCDomainObjPrivatePtr priv;
+ virLXCDriverPtr driver = dom->conn->privateData;
+ virLXCDriverConfigPtr cfg = NULL;
+ unsigned long oldmax = 0;
+
+ virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
+ VIR_DOMAIN_AFFECT_CONFIG, -1);
if (!(vm = lxcDomObjFromDomain(dom)))
goto cleanup;
+ cfg = virLXCDriverGetConfig(driver);
+
priv = vm->privateData;
- if (virDomainSetMemoryEnsureACL(dom->conn, vm->def) < 0)
+ if (virDomainSetMemoryFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup;
- if (newmem > vm->def->mem.max_balloon) {
+ if (!(caps = virLXCDriverGetCapabilities(driver, false)))
+ goto cleanup;
+
+ if (virDomainLiveConfigHelperMethod(caps, driver->xmlopt, vm, &flags,
+ &persistentDef) < 0)
+ goto cleanup;
+
+ if (flags & VIR_DOMAIN_AFFECT_LIVE)
+ oldmax = vm->def->mem.max_balloon;
+ if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
+ if (!oldmax || oldmax > persistentDef->mem.max_balloon)
+ oldmax = persistentDef->mem.max_balloon;
+ }
+
+ if (newmem > oldmax) {
virReportError(VIR_ERR_INVALID_ARG,
"%s", _("Cannot set memory higher than max memory"));
goto cleanup;
}
- if (!virDomainObjIsActive(vm)) {
- virReportError(VIR_ERR_OPERATION_INVALID,
- "%s", _("Domain is not running"));
- goto cleanup;
+ if (flags & VIR_DOMAIN_AFFECT_LIVE) {
+ if (virCgroupSetMemory(priv->cgroup, newmem) < 0) {
+ virReportError(VIR_ERR_OPERATION_FAILED,
+ "%s", _("Failed to set memory for domain"));
+ goto cleanup;
+ }
}
- if (virCgroupSetMemory(priv->cgroup, newmem) < 0) {
- virReportError(VIR_ERR_OPERATION_FAILED,
- "%s", _("Failed to set memory for domain"));
- goto cleanup;
+ if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
+ sa_assert(persistentDef);
+ persistentDef->mem.cur_balloon = newmem;
+ if (virDomainSaveConfig(cfg->configDir, persistentDef) < 0)
+ goto cleanup;
}
ret = 0;
@@ -748,9 +776,16 @@ static int lxcDomainSetMemory(virDomainPtr dom, unsigned long newmem)
cleanup:
if (vm)
virObjectUnlock(vm);
+ virObjectUnref(caps);
+ virObjectUnref(cfg);
return ret;
}
+static int lxcDomainSetMemory(virDomainPtr dom, unsigned long newmem)
+{
+ return lxcDomainSetMemoryFlags(dom, newmem, VIR_DOMAIN_AFFECT_LIVE);
+}
+
static int
lxcDomainSetMemoryParameters(virDomainPtr dom,
virTypedParameterPtr params,
@@ -5697,6 +5732,7 @@ static virDriver lxcDriver = {
.domainGetMaxMemory = lxcDomainGetMaxMemory, /* 0.7.2 */
.domainSetMaxMemory = lxcDomainSetMaxMemory, /* 0.7.2 */
.domainSetMemory = lxcDomainSetMemory, /* 0.7.2 */
+ .domainSetMemoryFlags = lxcDomainSetMemoryFlags, /* 1.2.7 */
.domainSetMemoryParameters = lxcDomainSetMemoryParameters, /* 0.8.5 */
.domainGetMemoryParameters = lxcDomainGetMemoryParameters, /* 0.8.5 */
.domainSetBlkioParameters = lxcDomainSetBlkioParameters, /* 0.9.8 */
--
1.9.0
10 years, 4 months
