August 2015 - Devel - Libvirt List Archives

[libvirt] [PATCH v2 0/3] Some additional checks for virDomainRename

by Michal Privoznik

So after some discussion to my original approach, this is v2. Michal Privoznik (3): virHashAddOrUpdateEntry: Tunr @new_name into void * virHashAddEntry: Report error on duplicate key qemuDomainRename: Explicitly check if domain is renaming to itself src/qemu/qemu_driver.c | 6 ++++++ src/util/virhash.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) -- 2.4.6

9 years, 3 months

2
6
0 / 0

[libvirt] [PATCH] utils: Remove the logging of errors from virNetDevSendEthtoolIoctl

by Moshe Levi

This patch remove the logging of errors of ioctl api and instead let the caller to choose what errors to log --- src/util/virnetdev.c | 44 +++++++++++++------------------------------- 1 files changed, 13 insertions(+), 31 deletions(-) diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index 2f3690e..cf79e8d 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -3032,11 +3032,10 @@ static int virNetDevSendEthtoolIoctl(const char *ifname, void *cmd) { int ret = -1; - int sock = -1; + int sock; virIfreq ifr; - sock = socket(AF_LOCAL, SOCK_DGRAM, 0); - if (sock < 0) { + if ((sock = socket(AF_LOCAL, SOCK_DGRAM, 0)) < 0) { virReportSystemError(errno, "%s", _("Cannot open control socket")); goto cleanup; } @@ -3045,26 +3044,9 @@ virNetDevSendEthtoolIoctl(const char *ifname, void *cmd) strcpy(ifr.ifr_name, ifname); ifr.ifr_data = cmd; ret = ioctl(sock, SIOCETHTOOL, &ifr); - if (ret != 0) { - switch (errno) { - case EPERM: - VIR_DEBUG("ethtool ioctl: permission denied"); - break; - case EINVAL: - VIR_DEBUG("ethtool ioctl: invalid request"); - break; - case EOPNOTSUPP: - VIR_DEBUG("ethtool ioctl: request not supported"); - break; - default: - virReportSystemError(errno, "%s", _("ethtool ioctl error")); - goto cleanup; - } - } cleanup: - if (sock) - VIR_FORCE_CLOSE(sock); + VIR_FORCE_CLOSE(sock); return ret; } @@ -3081,12 +3063,12 @@ virNetDevSendEthtoolIoctl(const char *ifname, void *cmd) static int virNetDevFeatureAvailable(const char *ifname, struct ethtool_value *cmd) { - int ret = -1; - cmd = (void*)cmd; - if (!virNetDevSendEthtoolIoctl(ifname, cmd)) - ret = cmd->data > 0 ? 1 : 0; - return ret; + if (virNetDevSendEthtoolIoctl(ifname, cmd) < 0) { + virReportSystemError(errno, _("Cannot get device %s flags"), ifname); + return -1; + } + return cmd->data > 0 ? 1 : 0; } @@ -3103,12 +3085,12 @@ virNetDevFeatureAvailable(const char *ifname, struct ethtool_value *cmd) static int virNetDevGFeatureAvailable(const char *ifname, struct ethtool_gfeatures *cmd) { - int ret = -1; - cmd = (void*)cmd; - if (!virNetDevSendEthtoolIoctl(ifname, cmd)) - ret = FEATURE_BIT_IS_SET(cmd->features, TX_UDP_TNL, active); - return ret; + if (virNetDevSendEthtoolIoctl(ifname, cmd) < 0) { + virReportSystemError(errno, _("Cannot get device %s generic features"), ifname); + return -1; + } + return FEATURE_BIT_IS_SET(cmd->features, TX_UDP_TNL, active); } # endif -- 1.7.1

9 years, 3 months

2
4
0 / 0

[libvirt] [PATCH] qemu: Resolve Coverity UNINIT

by John Ferlan

Coverity complained that 'vm' wasn't initialized before jumping to cleanup: and calling virDomainObjEndAPI if the VIR_STRDUP fails. Rather than initialize vm = NULL, I moved the VIR_STRDUP closer to usage and used endjob for goto. Signed-off-by: John Ferlan <jferlan(a)redhat.com> --- src/qemu/qemu_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 3683591..a54a3dd 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -19902,9 +19902,6 @@ static int qemuDomainRename(virDomainPtr dom, virCheckFlags(0, ret); - if (VIR_STRDUP(new_dom_name, new_name) < 0) - goto cleanup; - if (!(vm = qemuDomObjFromDomain(dom))) goto cleanup; @@ -19940,6 +19937,9 @@ static int qemuDomainRename(virDomainPtr dom, goto endjob; } + if (VIR_STRDUP(new_dom_name, new_name) < 0) + goto endjob; + if (virAsprintf(&rename_log_msg, ": domain %s has been renamed to %s\n", vm->def->name, new_name) < 0) { goto endjob; -- 2.1.0

9 years, 3 months

2
2
0 / 0

[libvirt] [PATCH] protocol: Don't use rename as a variable name

by Martin Kletzander

That causes shadowing errors on older compilers. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- Pushed under the build-breaker rule. src/remote/remote_protocol.x | 2 +- src/remote_protocol-structs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 770aa72dc0f6..92a92e2bfa24 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -3237,7 +3237,7 @@ struct remote_domain_rename_args { }; struct remote_domain_rename_ret { - int rename; + int retcode; }; /*----- Protocol. -----*/ diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs index ca36dc96e634..ff99c0096941 100644 --- a/src/remote_protocol-structs +++ b/src/remote_protocol-structs @@ -2690,7 +2690,7 @@ struct remote_domain_rename_args { u_int flags; }; struct remote_domain_rename_ret { - int rename; + int retcode; }; enum remote_procedure { REMOTE_PROC_CONNECT_OPEN = 1, -- 2.5.0

9 years, 3 months

1
0
0 / 0

[libvirt] [PATCH] Remove static from vshReadline when readline not exist

by Moshe Levi

This patch remove the static from the vshReadline which introduce in this commit 834c5720e4434f0bcc807bb1cf20855af63e24a3. In with readline function vshReadline is not static but without readline it defined static which cause compilation error. --- tools/vsh.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tools/vsh.c b/tools/vsh.c index 03ff859..1a5b6e8 100644 --- a/tools/vsh.c +++ b/tools/vsh.c @@ -2655,7 +2655,7 @@ vshReadlineDeinit(vshControl *ctl ATTRIBUTE_UNUSED) /* empty */ } -static char * +char * vshReadline(vshControl *ctl, const char *prompt) { char line[1024]; -- 1.7.1

9 years, 3 months

2
1
0 / 0

[libvirt] [PATCH v3 0/3] virt-shell: v3 diff series

by Erik Skultety

v3: - renamed virshCommandOptTimeoutToMs - resolved conflicts caused by virsh block job handling refactor - generic commands implementation moved to vsh.c As usual, for testing purposes, everything is available on my remote branch https://github.com/eskultety/libvirt/tree/virt-shell Erik Skultety (3): virt-shell: Resolve conflicts and some forgotten substitution from v2 virt-shell: Support command history for individual clients virt-shell: Move generic commands implementation to vsh.c src/libvirt_private.syms | 1 + src/util/virstring.c | 32 ++++ src/util/virstring.h | 1 + tools/virsh-domain.c | 150 +++++++++--------- tools/virsh-network.c | 2 +- tools/virsh.c | 390 ++++++++++++----------------------------------- tools/virsh.h | 1 - tools/vsh.c | 242 ++++++++++++++++++++++++++--- tools/vsh.h | 13 +- 9 files changed, 441 insertions(+), 391 deletions(-) -- 2.4.3

9 years, 3 months

2
8
0 / 0

[libvirt] [PATCH 0/7] qemu: Make it possible to run domains with dirrefent seclabels

by Martin Kletzander

We offer setting seclabel for the whole domain, but we never fixed the fact that the domain will not be able to even create its monitor socket because the directory is owned by the default preconfigured user and group. Moreover the selinux context can be off as well. So this patch series fixes few preliminary problems and then changes autogenerating so that it creates path per-domain. That way we can start do mains with any seclabels we want without that annoying error message (or similar ones, depends on your configuration): error: Failed to start domain dummy error: internal error: process exited while connecting to monitor: 2015-08-13T15:26:01.474941Z qemu-system-x86_64: -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/dummy.monitor,server,nowait: Failed to unlink socket /var/lib/libvirt/qemu/dummy.monitor: Permission denied The idea is mentioned in this thread in which I tried fixing it pretty badly without thinking it through (feel free to read the patch for your amusement): https://www.redhat.com/archives/libvir-list/2015-February/msg01051.htmlA One thing to note here is that tests for patch 5/7 are in a separate patch 6/7 and only minimal. We can also use qemuxml2argvtest to test for the same thing and indeed that is patch 7/7 that I haven't sent. I will send it if anyone wants to have that been done as well, but I believe the qemuxml2argvtest can be left as it currently is because the patch itself has around 350KiB. It's also enough if you just tell me in the review that I should squash it in the previous commit (which I don't suppose anyone will do). Or another idea, I made it available on my github: https://github.com/nertpinx/libvirt.git (branch bz1146886) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886 Martin Kletzander (7): security_selinux: Use proper structure to access socket data security_dac: Label non-listening sockets security: Expose SetChardevLabel function in security drivers security: Label parent directories of character devices qemu: Fix access to auto-generated socket paths tests: Use qemuProcessPrepareMonitorChr in qemuxmlnstest tests: Use qemuProcessPrepareMonitorChr in qemuxml2argvtest src/conf/domain_conf.h | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_command.c | 2 +- src/qemu/qemu_domain.c | 17 ++++----- src/qemu/qemu_process.c | 43 +++++++++++++++++++++- src/security/security_dac.c | 25 ++++++++++++- src/security/security_driver.h | 7 +++- src/security/security_manager.c | 19 ++++++++++ src/security/security_manager.h | 5 +++ src/security/security_selinux.c | 17 ++++++++- src/security/security_stack.c | 21 +++++++++++ .../qemuxml2argv-aarch64-aavmf-virtio-mmio.args | 3 +- .../qemuxml2argv-aarch64-cpu-passthrough.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-aarch64-gic.args | 3 +- .../qemuxml2argv-aarch64-kvm-32-on-64.args | 2 +- .../qemuxml2argv-aarch64-virt-default-nic.args | 3 +- .../qemuxml2argv-aarch64-virt-virtio.args | 3 +- .../qemuxml2argv-arm-vexpressa9-basic.args | 3 +- .../qemuxml2argv-arm-vexpressa9-nodevs.args | 3 +- .../qemuxml2argv-arm-vexpressa9-virtio.args | 3 +- .../qemuxml2argv-arm-virt-virtio.args | 3 +- .../qemuxml2argv-balloon-device-auto.args | 3 +- .../qemuxml2argv-balloon-device-period.args | 3 +- .../qemuxml2argv-balloon-device.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-bios-nvram.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-bios.args | 3 +- .../qemuxml2argv-blkdeviotune-max.args | 3 +- .../qemuxml2argv-blkdeviotune.args | 3 +- .../qemuxml2argv-blkiotune-device.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-blkiotune.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-boot-cdrom.args | 3 +- .../qemuxml2argv-boot-complex-bootindex.args | 2 +- .../qemuxml2argv-boot-complex.args | 2 +- .../qemuxml2argv-boot-floppy-q35.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-boot-floppy.args | 3 +- ...xml2argv-boot-menu-disable-drive-bootindex.args | 2 +- .../qemuxml2argv-boot-menu-disable-drive.args | 2 +- .../qemuxml2argv-boot-menu-disable.args | 3 +- ...qemuxml2argv-boot-menu-enable-with-timeout.args | 2 +- .../qemuxml2argv-boot-menu-enable.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-boot-multi.args | 3 +- .../qemuxml2argv-boot-network.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-boot-order.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-boot-strict.args | 2 +- .../qemuxml2argv-bootindex-floppy-q35.args | 2 +- .../qemuxml2argv-channel-guestfwd.args | 3 +- .../qemuxml2argv-channel-spicevmc-old.args | 3 +- .../qemuxml2argv-channel-spicevmc.args | 3 +- .../qemuxml2argv-channel-virtio-auto.args | 2 +- .../qemuxml2argv-channel-virtio-autoadd.args | 2 +- .../qemuxml2argv-channel-virtio-autoassign.args | 2 +- .../qemuxml2argv-channel-virtio-default.args | 2 +- .../qemuxml2argv-channel-virtio-state.args | 2 +- .../qemuxml2argv-channel-virtio-unix.args | 9 +++-- .../qemuxml2argv-channel-virtio.args | 2 +- .../qemuxml2argv-clock-catchup.args | 3 +- .../qemuxml2argv-clock-france.args | 3 +- .../qemuxml2argv-clock-hpet-off.args | 3 +- ...muxml2argv-clock-localtime-basis-localtime.args | 3 +- .../qemuxml2argv-clock-localtime.args | 3 +- .../qemuxml2argv-clock-timer-hyperv-rtc.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-clock-utc.args | 2 +- .../qemuxml2argv-clock-variable.args | 3 +- .../qemuxml2argv-console-compat-auto.args | 3 +- .../qemuxml2argv-console-compat-chardev.args | 3 +- .../qemuxml2argv-console-compat.args | 3 +- .../qemuxml2argv-console-sclp.args | 2 +- .../qemuxml2argv-console-virtio-ccw.args | 2 +- .../qemuxml2argv-console-virtio-many.args | 2 +- .../qemuxml2argv-console-virtio-s390.args | 2 +- .../qemuxml2argv-console-virtio.args | 2 +- .../qemuxml2argv-controller-order.args | 2 +- .../qemuxml2argv-cpu-Haswell-noTSX.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-cpu-Haswell.args | 3 +- .../qemuxml2argv-cpu-Haswell2.args | 3 +- .../qemuxml2argv-cpu-Haswell3.args | 3 +- .../qemuxml2argv-cpu-eoi-disabled.args | 3 +- .../qemuxml2argv-cpu-eoi-enabled.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-cpu-exact1.args | 3 +- .../qemuxml2argv-cpu-exact2-nofallback.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-cpu-exact2.args | 3 +- .../qemuxml2argv-cpu-fallback.args | 2 +- .../qemuxml2argv-cpu-host-kvmclock.args | 3 +- .../qemuxml2argv-cpu-host-model-fallback.args | 2 +- .../qemuxml2argv-cpu-host-model-vendor.args | 2 +- .../qemuxml2argv-cpu-host-model.args | 2 +- ...qemuxml2argv-cpu-host-passthrough-features.args | 2 +- .../qemuxml2argv-cpu-host-passthrough.args | 2 +- .../qemuxml2argv-cpu-kvmclock.args | 3 +- .../qemuxml2argv-cpu-minimum1.args | 3 +- .../qemuxml2argv-cpu-minimum2.args | 3 +- .../qemuxml2argv-cpu-numa-disjoint.args | 3 +- .../qemuxml2argv-cpu-numa-no-memory-element.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-cpu-numa1.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-cpu-numa2.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-cpu-strict1.args | 3 +- .../qemuxml2argv-cpu-topology1.args | 3 +- .../qemuxml2argv-cpu-topology2.args | 3 +- .../qemuxml2argv-cpu-topology3.args | 3 +- .../qemuxml2argv-cputune-numatune.args | 2 +- .../qemuxml2argv-cputune-zero-shares.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-cputune.args | 3 +- .../qemuxml2argv-default-kvm-host-arch.args | 3 +- .../qemuxml2argv-default-qemu-host-arch.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-disk-aio.args | 3 +- .../qemuxml2argv-disk-blockio.args | 3 +- .../qemuxml2argv-disk-cdrom-empty.args | 3 +- .../qemuxml2argv-disk-cdrom-network-ftp.args | 3 +- .../qemuxml2argv-disk-cdrom-network-ftps.args | 3 +- .../qemuxml2argv-disk-cdrom-network-http.args | 3 +- .../qemuxml2argv-disk-cdrom-network-https.args | 3 +- .../qemuxml2argv-disk-cdrom-network-tftp.args | 3 +- ...qemuxml2argv-disk-cdrom-tray-no-device-cap.args | 3 +- .../qemuxml2argv-disk-cdrom-tray.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-cdrom.args | 3 +- .../qemuxml2argv-disk-copy_on_read.args | 2 +- .../qemuxml2argv-disk-drive-boot-cdrom.args | 3 +- .../qemuxml2argv-disk-drive-boot-disk.args | 3 +- .../qemuxml2argv-disk-drive-cache-directsync.args | 3 +- .../qemuxml2argv-disk-drive-cache-unsafe.args | 3 +- .../qemuxml2argv-disk-drive-cache-v1-none.args | 3 +- .../qemuxml2argv-disk-drive-cache-v1-wb.args | 3 +- .../qemuxml2argv-disk-drive-cache-v1-wt.args | 3 +- .../qemuxml2argv-disk-drive-cache-v2-none.args | 3 +- .../qemuxml2argv-disk-drive-cache-v2-wb.args | 3 +- .../qemuxml2argv-disk-drive-cache-v2-wt.args | 3 +- .../qemuxml2argv-disk-drive-copy-on-read.args | 3 +- .../qemuxml2argv-disk-drive-discard.args | 3 +- ...uxml2argv-disk-drive-error-policy-enospace.args | 2 +- .../qemuxml2argv-disk-drive-error-policy-stop.args | 2 +- ...gv-disk-drive-error-policy-wreport-rignore.args | 2 +- .../qemuxml2argv-disk-drive-fat.args | 3 +- .../qemuxml2argv-disk-drive-fmt-qcow.args | 3 +- .../qemuxml2argv-disk-drive-network-gluster.args | 3 +- ...qemuxml2argv-disk-drive-network-iscsi-auth.args | 3 +- .../qemuxml2argv-disk-drive-network-iscsi-lun.args | 3 +- .../qemuxml2argv-disk-drive-network-iscsi.args | 3 +- ...qemuxml2argv-disk-drive-network-nbd-export.args | 3 +- ...ml2argv-disk-drive-network-nbd-ipv6-export.args | 3 +- .../qemuxml2argv-disk-drive-network-nbd-ipv6.args | 3 +- .../qemuxml2argv-disk-drive-network-nbd-unix.args | 3 +- .../qemuxml2argv-disk-drive-network-nbd.args | 3 +- .../qemuxml2argv-disk-drive-network-rbd-auth.args | 3 +- ...muxml2argv-disk-drive-network-rbd-ceph-env.args | 3 +- .../qemuxml2argv-disk-drive-network-rbd-ipv6.args | 3 +- .../qemuxml2argv-disk-drive-network-rbd.args | 3 +- .../qemuxml2argv-disk-drive-network-sheepdog.args | 3 +- .../qemuxml2argv-disk-drive-no-boot.args | 2 +- .../qemuxml2argv-disk-drive-readonly-disk.args | 3 +- ...qemuxml2argv-disk-drive-readonly-no-device.args | 3 +- .../qemuxml2argv-disk-drive-shared.args | 3 +- .../qemuxml2argv-disk-floppy-pseries.args | 3 +- ...emuxml2argv-disk-floppy-tray-no-device-cap.args | 3 +- .../qemuxml2argv-disk-floppy-tray.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-floppy.args | 3 +- .../qemuxml2argv-disk-geometry.args | 3 +- .../qemuxml2argv-disk-ide-drive-split.args | 3 +- .../qemuxml2argv-disk-ide-wwn.args | 3 +- .../qemuxml2argv-disk-ioeventfd.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-disk-iscsi.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-disk-many.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-order.args | 2 +- .../qemuxml2argv-disk-sata-device.args | 3 +- .../qemuxml2argv-disk-scsi-device-auto.args | 3 +- .../qemuxml2argv-disk-scsi-device.args | 3 +- .../qemuxml2argv-disk-scsi-disk-split.args | 3 +- .../qemuxml2argv-disk-scsi-disk-vpd.args | 3 +- .../qemuxml2argv-disk-scsi-disk-wwn.args | 3 +- .../qemuxml2argv-disk-scsi-lun-passthrough.args | 3 +- .../qemuxml2argv-disk-scsi-megasas.args | 3 +- .../qemuxml2argv-disk-scsi-virtio-scsi.args | 3 +- .../qemuxml2argv-disk-scsi-vscsi.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-serial.args | 3 +- .../qemuxml2argv-disk-snapshot.args | 3 +- .../qemuxml2argv-disk-source-pool-mode.args | 3 +- .../qemuxml2argv-disk-source-pool.args | 3 +- .../qemuxml2argv-disk-usb-device-removable.args | 3 +- .../qemuxml2argv-disk-usb-device.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-disk-usb.args | 3 +- .../qemuxml2argv-disk-virtio-ccw-many.args | 3 +- .../qemuxml2argv-disk-virtio-ccw.args | 3 +- .../qemuxml2argv-disk-virtio-s390.args | 3 +- .../qemuxml2argv-disk-virtio-scsi-ccw.args | 3 +- .../qemuxml2argv-disk-virtio-scsi-cmd_per_lun.args | 3 +- .../qemuxml2argv-disk-virtio-scsi-ioeventfd.args | 3 +- .../qemuxml2argv-disk-virtio-scsi-max_sectors.args | 3 +- .../qemuxml2argv-disk-virtio-scsi-num_queues.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-virtio.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-xenvbd.args | 3 +- .../qemuxml2argv-eoi-disabled.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-eoi-enabled.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-event_idx.args | 2 +- .../qemuxml2argv-fips-enabled.args | 3 +- .../qemuxml2argv-floppy-drive-fat.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-fs9p-ccw.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-fs9p.args | 3 +- .../qemuxml2argv-graphics-sdl-fullscreen.args | 3 +- .../qemuxml2argv-graphics-sdl.args | 3 +- ...emuxml2argv-graphics-spice-agent-file-xfer.args | 3 +- .../qemuxml2argv-graphics-spice-agentmouse.args | 3 +- .../qemuxml2argv-graphics-spice-compression.args | 3 +- .../qemuxml2argv-graphics-spice-qxl-vga.args | 3 +- .../qemuxml2argv-graphics-spice-sasl.args | 3 +- .../qemuxml2argv-graphics-spice-timeout.args | 3 +- .../qemuxml2argv-graphics-spice-usb-redir.args | 2 +- .../qemuxml2argv-graphics-spice.args | 3 +- .../qemuxml2argv-graphics-vnc-policy.args | 3 +- .../qemuxml2argv-graphics-vnc-sasl.args | 3 +- .../qemuxml2argv-graphics-vnc-socket.args | 3 +- .../qemuxml2argv-graphics-vnc-tls.args | 3 +- .../qemuxml2argv-graphics-vnc-websocket.args | 3 +- .../qemuxml2argv-graphics-vnc.args | 3 +- .../qemuxml2argv-hostdev-pci-address-device.args | 2 +- .../qemuxml2argv-hostdev-pci-address.args | 3 +- .../qemuxml2argv-hostdev-scsi-boot.args | 2 +- .../qemuxml2argv-hostdev-scsi-lsi-iscsi-auth.args | 2 +- .../qemuxml2argv-hostdev-scsi-lsi-iscsi.args | 2 +- .../qemuxml2argv-hostdev-scsi-lsi.args | 2 +- .../qemuxml2argv-hostdev-scsi-readonly.args | 2 +- ...emuxml2argv-hostdev-scsi-virtio-iscsi-auth.args | 2 +- .../qemuxml2argv-hostdev-scsi-virtio-iscsi.args | 2 +- .../qemuxml2argv-hostdev-scsi-virtio-scsi.args | 2 +- ...muxml2argv-hostdev-usb-address-device-boot.args | 3 +- .../qemuxml2argv-hostdev-usb-address-device.args | 3 +- .../qemuxml2argv-hostdev-usb-address.args | 3 +- .../qemuxml2argv-hostdev-vfio-multidomain.args | 2 +- .../qemuxml2argv-hostdev-vfio.args | 2 +- .../qemuxml2argv-hotplug-base.args | 2 +- .../qemuxml2argv-hugepages-numa.args | 2 +- .../qemuxml2argv-hugepages-pages.args | 3 +- .../qemuxml2argv-hugepages-pages2.args | 3 +- .../qemuxml2argv-hugepages-pages3.args | 3 +- .../qemuxml2argv-hugepages-pages5.args | 3 +- .../qemuxml2argv-hugepages-pages6.args | 3 +- .../qemuxml2argv-hugepages-shared.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-hugepages.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-hyperv-off.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-hyperv.args | 3 +- .../qemuxml2argv-input-usbmouse-addr.args | 3 +- .../qemuxml2argv-input-usbmouse.args | 3 +- .../qemuxml2argv-input-usbtablet.args | 3 +- .../qemuxml2argv-iothreads-disk-virtio-ccw.args | 3 +- .../qemuxml2argv-iothreads-disk.args | 3 +- .../qemuxml2argv-iothreads-ids-partial.args | 3 +- .../qemuxml2argv-iothreads-ids.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-iothreads.args | 3 +- .../qemuxml2argv-kvm-features-off.args | 2 +- .../qemuxml2argv-kvm-features.args | 3 +- .../qemuxml2argv-kvm-pit-delay.args | 2 +- .../qemuxml2argv-kvm-pit-device.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-kvm.args | 3 +- .../qemuxml2argv-kvmclock+eoi-disabled.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-kvmclock.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-lease.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-off-argv.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-off-cap.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-off-caps.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-on-argv.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-on-cap.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-on-caps.args | 3 +- .../qemuxml2argv-machine-aliases1.args | 3 +- .../qemuxml2argv-machine-aliases2.args | 3 +- .../qemuxml2argv-machine-core-off.args | 3 +- .../qemuxml2argv-machine-core-on.args | 3 +- .../qemuxml2argv-machine-deakeywrap-off-argv.args | 3 +- .../qemuxml2argv-machine-deakeywrap-off-cap.args | 3 +- .../qemuxml2argv-machine-deakeywrap-off-caps.args | 3 +- .../qemuxml2argv-machine-deakeywrap-on-argv.args | 3 +- .../qemuxml2argv-machine-deakeywrap-on-cap.args | 3 +- .../qemuxml2argv-machine-deakeywrap-on-caps.args | 3 +- .../qemuxml2argv-machine-keywrap-none-argv.args | 3 +- .../qemuxml2argv-machine-keywrap-none-caps.args | 3 +- .../qemuxml2argv-machine-keywrap-none.args | 3 +- .../qemuxml2argv-machine-usb-opt.args | 3 +- .../qemuxml2argv-machine-vmport-opt.args | 3 +- .../qemuxml2argv-memory-hotplug-dimm-addr.args | 3 +- .../qemuxml2argv-memory-hotplug-dimm.args | 3 +- .../qemuxml2argv-memory-hotplug.args | 3 +- .../qemuxml2argv-memtune-unlimited.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-memtune.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-metadata.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-migrate.args | 3 +- .../qemuxml2argv-minimal-msg-timestamp.args | 2 +- .../qemuxml2argv-minimal-s390.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-minimal.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-misc-acpi.args | 3 +- .../qemuxml2argv-misc-disable-s3.args | 3 +- .../qemuxml2argv-misc-disable-suspends.args | 3 +- .../qemuxml2argv-misc-enable-s4.args | 3 +- .../qemuxml2argv-misc-no-reboot.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-misc-uuid.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-mlock-off.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-mlock-on.args | 3 +- .../qemuxml2argv-mlock-unsupported.args | 3 +- .../qemuxml2argv-monitor-json.args | 3 +- .../qemuxml2argv-multifunction-pci-device.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-net-client.args | 3 +- .../qemuxml2argv-net-eth-ifname.args | 3 +- .../qemuxml2argv-net-eth-names.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-net-eth.args | 3 +- .../qemuxml2argv-net-hostdev-multidomain.args | 2 +- .../qemuxml2argv-net-hostdev-vfio-multidomain.args | 2 +- .../qemuxml2argv-net-hostdev-vfio.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-net-hostdev.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-net-mcast.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-net-server.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-net-user.args | 3 +- .../qemuxml2argv-net-vhostuser-multiq.args | 3 +- .../qemuxml2argv-net-vhostuser.args | 3 +- .../qemuxml2argv-net-virtio-ccw.args | 3 +- .../qemuxml2argv-net-virtio-device.args | 3 +- .../qemuxml2argv-net-virtio-disable-offloads.args | 3 +- .../qemuxml2argv-net-virtio-netdev.args | 3 +- .../qemuxml2argv-net-virtio-s390.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-net-virtio.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-no-shutdown.args | 2 +- .../qemuxml2argv-nographics-vga.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-nographics.args | 3 +- .../qemuxml2argv-nosharepages.args | 2 +- ...qemuxml2argv-numad-auto-memory-vcpu-cpuset.args | 3 +- ...d-auto-memory-vcpu-no-cpuset-and-placement.args | 3 +- ...muxml2argv-numad-auto-vcpu-static-numatune.args | 3 +- ...qemuxml2argv-numad-static-memory-auto-vcpu.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-numad.args | 3 +- ...qemuxml2argv-numatune-auto-nodeset-invalid.args | 3 +- .../qemuxml2argv-numatune-auto-prefer.args | 2 +- .../qemuxml2argv-numatune-memnode-no-memory.args | 2 +- .../qemuxml2argv-numatune-memnode.args | 2 +- .../qemuxml2argv-numatune-memory.args | 3 +- .../qemuxml2argv-panic-no-address.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-panic.args | 3 +- .../qemuxml2argv-parallel-parport-chardev.args | 3 +- .../qemuxml2argv-parallel-tcp-chardev.args | 3 +- .../qemuxml2argv-parallel-tcp.args | 3 +- .../qemuxml2argv-pci-autoadd-addr.args | 2 +- .../qemuxml2argv-pci-autoadd-idx.args | 2 +- .../qemuxml2argv-pci-bridge-many-disks.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-pci-many.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-pci-rom.args | 2 +- .../qemuxml2argv-pci-serial-dev-chardev.args | 2 +- .../qemuxml2argv-pcie-root-port.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-pcie-root.args | 3 +- .../qemuxml2argv-pcie-switch-downstream-port.args | 3 +- .../qemuxml2argv-pcie-switch-upstream-port.args | 3 +- .../qemuxml2argv-pcihole64-none.args | 3 +- .../qemuxml2argv-pcihole64-q35.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-pcihole64.args | 2 +- .../qemuxml2argv-pmu-feature-off.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-pmu-feature.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-ppc-dtb.args | 3 +- .../qemuxml2argv-ppce500-serial.args | 2 +- .../qemuxml2argv-pseries-basic.args | 2 +- .../qemuxml2argv-pseries-cpu-compat.args | 2 +- .../qemuxml2argv-pseries-cpu-exact.args | 2 +- .../qemuxml2argv-pseries-cpu-le.args | 2 +- .../qemuxml2argv-pseries-nvram.args | 2 +- .../qemuxml2argv-pseries-panic-missing.args | 2 +- .../qemuxml2argv-pseries-panic-no-address.args | 2 +- .../qemuxml2argv-pseries-usb-default.args | 2 +- .../qemuxml2argv-pseries-usb-kbd.args | 2 +- .../qemuxml2argv-pseries-usb-multi.args | 2 +- .../qemuxml2argv-pseries-vio-user-assigned.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-pseries-vio.args | 2 +- .../qemuxml2argv-pv-spinlock-disabled.args | 3 +- .../qemuxml2argv-pv-spinlock-enabled.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-q35.args | 3 +- .../qemuxml2argv-qemu-ns-no-env.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-qemu-ns.args | 3 +- .../qemuxml2argv-reboot-timeout-disabled.args | 3 +- .../qemuxml2argv-reboot-timeout-enabled.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-restore-v1.args | 3 +- .../qemuxml2argv-restore-v2-fd.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-restore-v2.args | 3 +- ...muxml2argv-s390-allow-bogus-usb-controller.args | 2 +- .../qemuxml2argv-s390-allow-bogus-usb-none.args | 2 +- .../qemuxml2argv-seclabel-dac-none.args | 3 +- .../qemuxml2argv-seclabel-dynamic-baselabel.args | 3 +- .../qemuxml2argv-seclabel-dynamic-labelskip.args | 3 +- .../qemuxml2argv-seclabel-dynamic-override.args | 3 +- .../qemuxml2argv-seclabel-dynamic-relabel.args | 3 +- .../qemuxml2argv-seclabel-dynamic.args | 3 +- .../qemuxml2argv-seclabel-none.args | 3 +- .../qemuxml2argv-seclabel-static-labelskip.args | 3 +- .../qemuxml2argv-seclabel-static-relabel.args | 2 +- .../qemuxml2argv-seclabel-static.args | 3 +- .../qemuxml2argv-serial-dev-chardev-iobase.args | 3 +- .../qemuxml2argv-serial-dev-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-dev.args | 3 +- .../qemuxml2argv-serial-file-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-file.args | 3 +- .../qemuxml2argv-serial-many-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-many.args | 3 +- .../qemuxml2argv-serial-pty-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-pty.args | 3 +- .../qemuxml2argv-serial-spiceport-nospice.args | 2 +- .../qemuxml2argv-serial-spiceport.args | 2 +- .../qemuxml2argv-serial-tcp-chardev.args | 3 +- .../qemuxml2argv-serial-tcp-telnet-chardev.args | 3 +- .../qemuxml2argv-serial-tcp-telnet.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-tcp.args | 3 +- .../qemuxml2argv-serial-udp-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-udp.args | 3 +- .../qemuxml2argv-serial-unix-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-unix.args | 3 +- .../qemuxml2argv-serial-vc-chardev.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-serial-vc.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-shmem.args | 3 +- .../qemuxml2argv-smartcard-controller.args | 2 +- .../qemuxml2argv-smartcard-host-certificates.args | 2 +- .../qemuxml2argv-smartcard-host.args | 2 +- ...emuxml2argv-smartcard-passthrough-spicevmc.args | 2 +- .../qemuxml2argv-smartcard-passthrough-tcp.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-smbios.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-smp.args | 3 +- .../qemuxml2argv-sound-device.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-sound.args | 3 +- .../qemuxml2argv-tpm-passthrough.args | 3 +- .../qemuxml2argv-usb-controller.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-usb-hub.args | 2 +- .../qemuxml2argv-usb-ich9-companion.args | 2 +- .../qemuxml2argv-usb-ich9-ehci-addr.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-usb-none.args | 2 +- .../qemuxml2argv-usb-piix3-controller.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-usb-ports.args | 2 +- .../qemuxml2argv-usb-redir-boot.args | 2 +- .../qemuxml2argv-usb-redir-filter-version.args | 2 +- .../qemuxml2argv-usb-redir-filter.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-usb-redir.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-usb1-usb2.args | 2 +- .../qemuxml2argv-video-device-pciaddr-default.args | 3 +- .../qemuxml2argv-video-qxl-device-vgamem.args | 3 +- .../qemuxml2argv-video-qxl-device.args | 3 +- .../qemuxml2argv-video-qxl-nodevice.args | 3 +- .../qemuxml2argv-video-qxl-sec-device-vgamem.args | 3 +- .../qemuxml2argv-video-qxl-sec-device.args | 3 +- .../qemuxml2argv-video-vga-device-vgamem.args | 3 +- .../qemuxml2argv-video-vga-device.args | 3 +- .../qemuxml2argv-video-vga-nodevice.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-virtio-lun.args | 2 +- .../qemuxml2argv-virtio-rng-ccw.args | 2 +- .../qemuxml2argv-virtio-rng-default.args | 3 +- .../qemuxml2argv-virtio-rng-egd.args | 3 +- .../qemuxml2argv-virtio-rng-multiple.args | 3 +- .../qemuxml2argv-virtio-rng-random.args | 3 +- .../qemuxml2argv-watchdog-device.args | 3 +- .../qemuxml2argv-watchdog-diag288.args | 2 +- .../qemuxml2argv-watchdog-dump.args | 3 +- .../qemuxml2argv-watchdog-injectnmi.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-watchdog.args | 3 +- tests/qemuxml2argvtest.c | 19 +++++++--- .../qemuxmlns-qemu-ns-commandline-ns0.args | 2 +- .../qemuxmlns-qemu-ns-commandline-ns1.args | 2 +- .../qemuxmlns-qemu-ns-commandline.args | 2 +- .../qemuxmlns-qemu-ns-domain-commandline-ns0.args | 2 +- .../qemuxmlns-qemu-ns-domain-commandline.args | 2 +- .../qemuxmlns-qemu-ns-domain-ns0.args | 2 +- tests/qemuxmlnsdata/qemuxmlns-qemu-ns-domain.args | 2 +- tests/qemuxmlnstest.c | 19 +++++++--- 458 files changed, 936 insertions(+), 477 deletions(-) -- 2.5.0

9 years, 3 months

2
13
0 / 0

[libvirt] [PATCH] Inherit namespace feature 2

by ik.nitk

This patch adds feature for lxc containers to inherit namespaces. This is very similar to what lxc-tools or docker provides. Look for "man lxc-start" and you will find that you can pass command args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker networking option in which you can give --net=container:NAME_or_ID as an option for sharing namespace. >From this patch you can add extra libvirt option to share namespace in following way. <lxc:namespace> <lxc:sharenet type='netns' value='red'/> <lxc:shareipc type='pid' value='12345'/> <lxc:shareuts type='name' value='container1'/> </lxc:namespace> The netns option is specific to sharenet. It can be used to inherit from existing network namespace.w --- docs/drvlxc.html.in | 21 +++++ docs/schemas/domaincommon.rng | 42 +++++++++ src/Makefile.am | 2 +- src/lxc/lxc_conf.c | 2 +- src/lxc/lxc_conf.h | 15 ++++ src/lxc/lxc_container.c | 145 ++++++++++++++++++++++++++++-- src/lxc/lxc_container.h | 1 + src/lxc/lxc_controller.c | 42 ++++++++- src/lxc/lxc_domain.c | 164 +++++++++++++++++++++++++++++++++- src/lxc/lxc_domain.h | 1 + src/lxc/lxc_process.c | 111 +++++++++++++++++++++++ tests/lxcxml2xmldata/lxc-sharenet.xml | 33 +++++++ tests/lxcxml2xmltest.c | 1 + 13 files changed, 570 insertions(+), 10 deletions(-) create mode 100644 tests/lxcxml2xmldata/lxc-sharenet.xml diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index a094bd9..d6c57c4 100644 --- a/docs/drvlxc.html.in +++ b/docs/drvlxc.html.in @@ -590,6 +590,27 @@ Note that allowing capabilities that are normally dropped by default can serious affect the security of the container and the host. </p> +<h2><a name="share">Inherit namespaces</a></h2> + +<p> +Libvirt allows you to inherit the namespace from container/process just like lxc tools +or docker provides to share the network namespace. The following can be used to share +required namespaces. If we want to share only one then the other namespaces can be ignored. +The netns option is specific to sharenet. It can be used in cases we want to use existing network namespace +rather than creating new network namespace for the container. In this case privnet option will be +ignored. +</p> +<pre> +<domain type='lxc' xmlns:lxc='http://libvirt.org/schemas/domain/lxc/1.0'> +... +<lxc:namespace> + <lxc:sharenet type='netns' value='red'/> + <lxc:shareuts type='name' value='container1'/> + <lxc:shareipc type='pid' value='12345'/> +</lxc:namespace> +</domain> +</pre> + <h2><a name="usage">Container usage / management</a></h2> <p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1120003..803b327 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -68,6 +68,9 @@ <ref name='qemucmdline'/> </optional> <optional> + <ref name='lxcsharens'/> + </optional> + <optional> <ref name='keywrap'/> </optional> </interleave> @@ -5012,6 +5015,45 @@ </element> </define> +  + <define name="lxcsharens"> + <element name="namespace" ns="http://libvirt.org/schemas/domain/lxc/1.0"> + <zeroOrMore> + <element name="sharenet"> + <attribute name="type"> + <choice> + <value>netns</value> + <value>name</value> + <value>pid</value> + </choice> + </attribute> + <attribute name='value'/> + </element> + <element name="shareipc"> + <attribute name="type"> + <choice> + <value>name</value> + <value>pid</value> + </choice> + </attribute> + <attribute name='value'/> + </element> + <element name="shareuts"> + <attribute name="type"> + <choice> + <value>name</value> + <value>pid</value> + </choice> + </attribute> + <attribute name='value'/> + </element> + </zeroOrMore> + </element> + </define> + <define name="metadata"> <element name="metadata"> <zeroOrMore> diff --git a/src/Makefile.am b/src/Makefile.am index c4d49a5..b2ceda3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1320,7 +1320,7 @@ libvirt_driver_lxc_impl_la_CFLAGS = \ -I$(srcdir)/access \ -I$(srcdir)/conf \ $(AM_CFLAGS) -libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(FUSE_LIBS) +libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(LIBXML_LIBS) libvirt-lxc.la $(FUSE_LIBS) if WITH_BLKID libvirt_driver_lxc_impl_la_CFLAGS += $(BLKID_CFLAGS) libvirt_driver_lxc_impl_la_LIBADD += $(BLKID_LIBS) diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c index b689b92..8ada531 100644 --- a/src/lxc/lxc_conf.c +++ b/src/lxc/lxc_conf.c @@ -213,7 +213,7 @@ lxcDomainXMLConfInit(void) { return virDomainXMLOptionNew(&virLXCDriverDomainDefParserConfig, &virLXCDriverPrivateDataCallbacks, - NULL); + &virLXCDriverDomainXMLNamespace); } diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h index 8340b1f..72b1d44 100644 --- a/src/lxc/lxc_conf.h +++ b/src/lxc/lxc_conf.h @@ -67,6 +67,21 @@ struct _virLXCDriverConfig { bool securityRequireConfined; }; + +typedef enum { + VIR_DOMAIN_NAMESPACE_SHARENET = 0, + VIR_DOMAIN_NAMESPACE_SHAREIPC, + VIR_DOMAIN_NAMESPACE_SHAREUTS, + VIR_DOMAIN_NAMESPACE_LAST, +} virDomainNamespace; + +typedef struct _lxcDomainDef lxcDomainDef; +typedef lxcDomainDef *lxcDomainDefPtr; +struct _lxcDomainDef { + char *ns_type[VIR_DOMAIN_NAMESPACE_LAST]; + char *ns_val[VIR_DOMAIN_NAMESPACE_LAST]; +}; + struct _virLXCDriver { virMutex lock; diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 11e9514..103e9bc 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -27,6 +27,7 @@ #include <config.h> #include <fcntl.h> +#include <sched.h> #include <limits.h> #include <stdlib.h> #include <stdio.h> @@ -38,7 +39,6 @@ #include <mntent.h> #include <sys/reboot.h> #include <linux/reboot.h> - /* Yes, we want linux private one, for _syscall2() macro */ #include <linux/unistd.h> @@ -2321,6 +2321,96 @@ virArch lxcContainerGetAlt32bitArch(virArch arch) return VIR_ARCH_NONE; } +struct lxcNSInfo { + const char *proc_name; + int clone_flag; +}nsInfoLocal[VIR_DOMAIN_NAMESPACE_LAST] = { + [VIR_DOMAIN_NAMESPACE_SHARENET] = {"net", CLONE_NEWNET}, + [VIR_DOMAIN_NAMESPACE_SHAREIPC] = {"ipc", CLONE_NEWIPC}, + [VIR_DOMAIN_NAMESPACE_SHAREUTS] = {"uts", CLONE_NEWUTS} +}; + + +static void lxcClose_ns(int ns_fd[VIR_DOMAIN_NAMESPACE_LAST]) +{ + int i; + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) { + if (ns_fd[i] > -1) { + if (VIR_CLOSE(ns_fd[i]) < 0) + virReportSystemError(errno, "%s", _("failed to close file")); + ns_fd[i] = -1; + } + } +} + + +/** + * lxcPreserve_ns: + * @ns_fd: array to store current namespace + * @clone_flags: namespaces that need to be preserved + */ +static int lxcPreserve_ns(int ns_fd[VIR_DOMAIN_NAMESPACE_LAST], int clone_flags) +{ + int i, saved_errno; + char *path = NULL; + + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) + ns_fd[i] = -1; + + if (!virFileExists("/proc/self/ns")) { + virReportSystemError(errno, "%s", + _("Kernel does not support attach; preserve_ns ignored")); + return -1; + } + + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) { + if ((clone_flags & nsInfoLocal[i].clone_flag) == 0) + continue; + if (virAsprintf(&path, "/proc/self/ns/%s", + nsInfoLocal[i].proc_name) < 0) + goto error; + ns_fd[i] = open(path, O_RDONLY | O_CLOEXEC); + if (ns_fd[i] < 0) + goto error; + VIR_FREE(path); + } + return 0; + error: + saved_errno = errno; + lxcClose_ns(ns_fd); + errno = saved_errno; + virReportSystemError(errno, _("lxcPreserve_ns failed for '%s'"), path); + VIR_FREE(path); + return -1; +} + +/** + * lxcAttach_ns: + * @ns_fd: array of namespaces to attach + */ +static int lxcAttach_ns(const int ns_fd[VIR_DOMAIN_NAMESPACE_LAST]) +{ + int i; + + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) { + if (ns_fd[i] < 0) + continue; + VIR_DEBUG("Setting into namespace\n"); + /* We get EINVAL if new NS is same as the current + * NS, or if the fd namespace doesn't match the + * type passed to setns()'s second param. Since we + * pass 0, we know the EINVAL is harmless + */ + if (setns(ns_fd[i], 0) < 0 && + errno != EINVAL) { + virReportSystemError(errno, _("failed to set namespace '%s'") + , nsInfoLocal[i].proc_name); + return -1; + } + } + return 0; +} + /** * lxcContainerStart: @@ -2342,13 +2432,17 @@ int lxcContainerStart(virDomainDefPtr def, int *passFDs, int control, int handshakefd, + int nsInheritFDs[VIR_DOMAIN_NAMESPACE_LAST], size_t nttyPaths, char **ttyPaths) { pid_t pid; - int cflags; + int cflags, i; int stacksize = getpagesize() * 4; char *stack, *stacktop; + int savedNsFDs[VIR_DOMAIN_NAMESPACE_LAST]; + int preserve_mask = 0; + lxcDomainDefPtr lxcDef; lxc_child_argv_t args = { .config = def, .securityDriver = securityDriver, @@ -2368,7 +2462,12 @@ int lxcContainerStart(virDomainDefPtr def, stacktop = stack + stacksize; - cflags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|SIGCHLD; + lxcDef = def->namespaceData; + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) + if (lxcDef && lxcDef->ns_type[i]) + preserve_mask |= nsInfoLocal[i].clone_flag; + + cflags = CLONE_NEWPID|CLONE_NEWNS|SIGCHLD; if (userns_required(def)) { if (userns_supported()) { @@ -2381,10 +2480,37 @@ int lxcContainerStart(virDomainDefPtr def, return -1; } } + if (!lxcDef || !lxcDef->ns_type[VIR_DOMAIN_NAMESPACE_SHARENET]) { + if (lxcNeedNetworkNamespace(def)) { + VIR_DEBUG("Enable network namespaces"); + cflags |= CLONE_NEWNET; + } + } else { + VIR_DEBUG("Inheriting a net namespace"); + } - if (lxcNeedNetworkNamespace(def)) { - VIR_DEBUG("Enable network namespaces"); - cflags |= CLONE_NEWNET; + if (!lxcDef || !lxcDef->ns_type[VIR_DOMAIN_NAMESPACE_SHAREIPC]) { + cflags |= CLONE_NEWIPC; + } else { + VIR_DEBUG("Inheriting an IPC namespace"); + } + + if (!lxcDef || !lxcDef->ns_type[VIR_DOMAIN_NAMESPACE_SHAREUTS]) { + cflags |= CLONE_NEWUTS; + } else { + VIR_DEBUG("Inheriting a UTS namespace"); + } + + if (lxcDef && lxcPreserve_ns(savedNsFDs, preserve_mask) < 0) { + virReportError(VIR_ERR_SYSTEM_ERROR, "%s", + _("failed to preserve the namespace")); + return -1; + } + + if (lxcDef && lxcAttach_ns(nsInheritFDs) < 0) { + virReportError(VIR_ERR_SYSTEM_ERROR, "%s", + _("failed to attach the namespace")); + return -1; } VIR_DEBUG("Cloning container init process"); @@ -2397,7 +2523,14 @@ int lxcContainerStart(virDomainDefPtr def, _("Failed to run clone container")); return -1; } + if (lxcDef && lxcAttach_ns(savedNsFDs)) { + virReportError(VIR_ERR_SYSTEM_ERROR, "%s", + _("failed to restore saved namespaces")); + } + /* clean up */ + if (lxcDef) + lxcClose_ns(nsInheritFDs); return pid; } diff --git a/src/lxc/lxc_container.h b/src/lxc/lxc_container.h index 67292ab..f585a35 100644 --- a/src/lxc/lxc_container.h +++ b/src/lxc/lxc_container.h @@ -60,6 +60,7 @@ int lxcContainerStart(virDomainDefPtr def, int *passFDs, int control, int handshakefd, + int nsInheritFDs[VIR_DOMAIN_NAMESPACE_LAST], size_t nttyPaths, char **ttyPaths); diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 110a556..1cbe0b3 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -119,6 +119,8 @@ struct _virLXCController { size_t npassFDs; int *passFDs; + int nsFDs[VIR_DOMAIN_NAMESPACE_LAST]; + size_t nconsoles; virLXCControllerConsolePtr consoles; char *devptmx; @@ -2391,6 +2393,7 @@ virLXCControllerRun(virLXCControllerPtr ctrl) ctrl->passFDs, control[1], containerhandshake[1], + ctrl->nsFDs, ctrl->nconsoles, containerTTYPaths)) < 0) goto cleanup; @@ -2468,6 +2471,7 @@ int main(int argc, char *argv[]) const char *name = NULL; size_t nveths = 0; char **veths = NULL; + int ns_fd[VIR_DOMAIN_NAMESPACE_LAST]; int handshakeFd = -1; bool bg = false; const struct option options[] = { @@ -2478,6 +2482,9 @@ int main(int argc, char *argv[]) { "passfd", 1, NULL, 'p' }, { "handshakefd", 1, NULL, 's' }, { "security", 1, NULL, 'S' }, + { "share-net", 1, NULL, 'N' }, + { "share-ipc", 1, NULL, 'I' }, + { "share-uts", 1, NULL, 'U' }, { "help", 0, NULL, 'h' }, { 0, 0, 0, 0 }, }; @@ -2489,6 +2496,9 @@ int main(int argc, char *argv[]) size_t i; const char *securityDriver = "none"; + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) + ns_fd[i] = -1; + if (setlocale(LC_ALL, "") == NULL || bindtextdomain(PACKAGE, LOCALEDIR) == NULL || textdomain(PACKAGE) == NULL || @@ -2504,7 +2514,7 @@ int main(int argc, char *argv[]) while (1) { int c; - c = getopt_long(argc, argv, "dn:v:p:m:c:s:h:S:", + c = getopt_long(argc, argv, "dn:v:p:m:c:s:h:S:N:I:U:", options, NULL); if (c == -1) @@ -2552,6 +2562,30 @@ int main(int argc, char *argv[]) } break; + case 'N': + if (virStrToLong_i(optarg, NULL, 10, &ns_fd[VIR_DOMAIN_NAMESPACE_SHARENET]) < 0) { + fprintf(stderr, "malformed --share-net argument '%s'", + optarg); + goto cleanup; + } + break; + + case 'I': + if (virStrToLong_i(optarg, NULL, 10, &ns_fd[VIR_DOMAIN_NAMESPACE_SHAREIPC]) < 0) { + fprintf(stderr, "malformed --share-ipc argument '%s'", + optarg); + goto cleanup; + } + break; + + case 'U': + if (virStrToLong_i(optarg, NULL, 10, &ns_fd[VIR_DOMAIN_NAMESPACE_SHAREUTS]) < 0) { + fprintf(stderr, "malformed --share-uts argument '%s'", + optarg); + goto cleanup; + } + break; + case 'S': securityDriver = optarg; break; @@ -2569,6 +2603,9 @@ int main(int argc, char *argv[]) fprintf(stderr, " -v VETH, --veth VETH\n"); fprintf(stderr, " -s FD, --handshakefd FD\n"); fprintf(stderr, " -S NAME, --security NAME\n"); + fprintf(stderr, " -N FD, --share-net FD\n"); + fprintf(stderr, " -I FD, --share-ipc FD\n"); + fprintf(stderr, " -U FD, --share-uts FD\n"); fprintf(stderr, " -h, --help\n"); fprintf(stderr, "\n"); goto cleanup; @@ -2621,6 +2658,9 @@ int main(int argc, char *argv[]) ctrl->passFDs = passFDs; ctrl->npassFDs = npassFDs; + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) + ctrl->nsFDs[i] = ns_fd[i]; + for (i = 0; i < nttyFDs; i++) { if (virLXCControllerAddConsole(ctrl, ttyFDs[i]) < 0) goto cleanup; diff --git a/src/lxc/lxc_domain.c b/src/lxc/lxc_domain.c index 70606f3..5e63969 100644 --- a/src/lxc/lxc_domain.c +++ b/src/lxc/lxc_domain.c @@ -26,8 +26,14 @@ #include "viralloc.h" #include "virlog.h" #include "virerror.h" +#include <fcntl.h> +#include <libxml/xpathInternals.h> +#include "virstring.h" +#include "virutil.h" +#include "virfile.h" #define VIR_FROM_THIS VIR_FROM_LXC +#define LXC_NAMESPACE_HREF "http://libvirt.org/schemas/domain/lxc/1.0" VIR_LOG_INIT("lxc.lxc_domain"); @@ -41,6 +47,163 @@ static void *virLXCDomainObjPrivateAlloc(void) return priv; } +VIR_ENUM_DECL(virDomainNamespace) +VIR_ENUM_IMPL(virDomainNamespace, VIR_DOMAIN_NAMESPACE_LAST, + N_("sharenet"), + N_("shareipc"), + N_("shareuts")) + +static void +lxcDomainDefNamespaceFree(void *nsdata) +{ + int j; + lxcDomainDefPtr lxcDef = nsdata; + for (j = 0; j < VIR_DOMAIN_NAMESPACE_LAST; j++) { + VIR_FREE(lxcDef->ns_type[j]); + VIR_FREE(lxcDef->ns_val[j]); + } + VIR_FREE(nsdata); +} + +static int +lxcDomainDefNamespaceParse(xmlDocPtr xml ATTRIBUTE_UNUSED, + xmlNodePtr root ATTRIBUTE_UNUSED, + xmlXPathContextPtr ctxt, + void **data) +{ + lxcDomainDefPtr lxcDef = NULL; + xmlNodePtr *nodes = NULL; + bool uses_lxc_ns = false; + xmlNodePtr node; + int feature; + int n; + char *tmp = NULL; + size_t i; + + if (xmlXPathRegisterNs(ctxt, BAD_CAST "lxc", BAD_CAST LXC_NAMESPACE_HREF) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Failed to register xml namespace '%s'"), + LXC_NAMESPACE_HREF); + return -1; + } + + if (VIR_ALLOC(lxcDef) < 0) + return -1; + /* Init ns_herit_fd for namespaces */ + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) { + lxcDef->ns_type[i] = NULL; + lxcDef->ns_val[i] = NULL; + } + + node = ctxt->node; + if ((n = virXPathNodeSet("./lxc:namespace/*", ctxt, &nodes)) < 0) + goto error; + uses_lxc_ns |= n > 0; + + for (i = 0; i < n; i++) { + feature = + virDomainNamespaceTypeFromString((const char *) nodes[i]->name); + if (feature < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unsupported Namespace feature: %s"), + nodes[i]->name); + goto error; + } + + ctxt->node = nodes[i]; + + switch ((virDomainNamespace) feature) { + case VIR_DOMAIN_NAMESPACE_SHARENET: + case VIR_DOMAIN_NAMESPACE_SHAREIPC: + case VIR_DOMAIN_NAMESPACE_SHAREUTS: + { + tmp = virXMLPropString(nodes[i], "type"); + if (tmp == NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("No lxc environment type specified")); + goto error; + } + /* save the tmp so that its needed while writing to xml */ + lxcDef->ns_type[feature] = tmp; + tmp = virXMLPropString(nodes[i], "value"); + if (tmp == NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("No lxc environment type specified")); + goto error; + } + lxcDef->ns_val[feature] = tmp; + } + break; + case VIR_DOMAIN_NAMESPACE_LAST: + break; + } + } + VIR_FREE(nodes); + ctxt->node = node; + if (uses_lxc_ns) + *data = lxcDef; + else + VIR_FREE(lxcDef); + return 0; + error: + VIR_FREE(nodes); + lxcDomainDefNamespaceFree(lxcDef); + return -1; +} + + +static int +lxcDomainDefNamespaceFormatXML(virBufferPtr buf, + void *nsdata) +{ + lxcDomainDefPtr lxcDef = nsdata; + size_t j; + + if (!lxcDef) + return 0; + + virBufferAddLit(buf, "<lxc:namespace>\n"); + virBufferAdjustIndent(buf, 2); + + for (j = 0; j < VIR_DOMAIN_NAMESPACE_LAST; j++) { + switch ((virDomainNamespace) j) { + case VIR_DOMAIN_NAMESPACE_SHAREIPC: + case VIR_DOMAIN_NAMESPACE_SHAREUTS: + case VIR_DOMAIN_NAMESPACE_SHARENET: + { + if (lxcDef->ns_type[j]) { + virBufferAsprintf(buf, "<lxc:%s type='%s' value='%s'/>\n", + virDomainNamespaceTypeToString(j), + lxcDef->ns_type[j], + lxcDef->ns_val[j]); + } + } + break; + case VIR_DOMAIN_NAMESPACE_LAST: + break; + } + } + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</lxc:namespace>\n"); + return 0; +} + +static const char * +lxcDomainDefNamespaceHref(void) +{ + return "xmlns:lxc='" LXC_NAMESPACE_HREF "'"; +} + + +virDomainXMLNamespace virLXCDriverDomainXMLNamespace = { + .parse = lxcDomainDefNamespaceParse, + .free = lxcDomainDefNamespaceFree, + .format = lxcDomainDefNamespaceFormatXML, + .href = lxcDomainDefNamespaceHref, +}; + + static void virLXCDomainObjPrivateFree(void *data) { virLXCDomainObjPrivatePtr priv = data; @@ -77,7 +240,6 @@ virLXCDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt, } else { priv->initpid = thepid; } - return 0; } diff --git a/src/lxc/lxc_domain.h b/src/lxc/lxc_domain.h index 751aece..25df999 100644 --- a/src/lxc/lxc_domain.h +++ b/src/lxc/lxc_domain.h @@ -41,6 +41,7 @@ struct _virLXCDomainObjPrivate { virCgroupPtr cgroup; }; +extern virDomainXMLNamespace virLXCDriverDomainXMLNamespace; extern virDomainXMLPrivateDataCallbacks virLXCDriverPrivateDataCallbacks; extern virDomainDefParserConfig virLXCDriverDomainDefParserConfig; diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index e99b039..ead7f67 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -359,6 +359,97 @@ char *virLXCProcessSetupInterfaceDirect(virConnectPtr conn, return ret; } +static const char *nsInfoLocal[] = { "net", "ipc", "uts" }; +/** + * virLXCProcessSetupNamespaces: + * @conn: pointer to connection + * @def: pointer to virtual machines namespaceData + * @nsFDs: out parameter to store the namespace FD + * + * Opens the specified namespace that needs to be shared and + * will moved into the container namespace later after clone has been called. + * + * Returns 0 on success or -1 in case of error + */ +static int virLXCProcessSetupNamespaces(virConnectPtr conn, + lxcDomainDefPtr lxcDef, + int nsFDs[VIR_DOMAIN_NAMESPACE_LAST]) +{ + int i, n, rc = 0; + virDomainPtr dom = NULL; + pid_t pid; + int nfdlist; + int *fdlist; + char *path = NULL; + char *eptr; + + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) + nsFDs[i] = -1; + /*If there are no namespace to be opened just return success*/ + if (lxcDef == NULL) return 0; + + if (STREQ_NULLABLE("netns", lxcDef->ns_type[VIR_DOMAIN_NAMESPACE_SHARENET])) { + if (virAsprintf(&path, "/var/run/netns/%s", lxcDef->ns_val[VIR_DOMAIN_NAMESPACE_SHARENET]) < 0) + return -1; + nsFDs[VIR_DOMAIN_NAMESPACE_SHARENET] = open(path, O_RDONLY); + VIR_FREE(path); + if (nsFDs[VIR_DOMAIN_NAMESPACE_SHARENET] < 0) { + virReportSystemError(errno, + _("failed to open netns %s"), lxcDef->ns_val[VIR_DOMAIN_NAMESPACE_SHARENET]); + return -1; + } + } + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) { + /* If not yet intialized by above: netns*/ + if (lxcDef->ns_type[i] && nsFDs[i] == -1) { + pid = strtol(lxcDef->ns_val[i], &eptr, 10); + if (*eptr != '\0' || pid < 1) { + /* check if the domain is running, then set the namespaces + * to that container + */ + const char *ns[] = { "user", "ipc", "uts", "net", "pid", "mnt" }; + dom = virDomainLookupByName(conn, lxcDef->ns_val[i]); + if (!dom) { + virReportError(virGetLastError()->code, + _("Unable to lookup peer container %s"), + lxcDef->ns_val[i]); + rc = -1; + goto cleanup; + } + if ((nfdlist = virDomainLxcOpenNamespace(dom, &fdlist, 0)) < 0) { + virReportError(virGetLastError()->code, + _("Unable to open %s"), lxcDef->ns_val[i]); + rc = -1; + goto cleanup; + } + for (n = 0; n < ARRAY_CARDINALITY(ns); n++) { + if (STREQ(ns[n], nsInfoLocal[i])) { + nsFDs[i] = fdlist[n]; + } else { + if (VIR_CLOSE(fdlist[n]) < 0) + VIR_ERROR(_("failed to close fd. ignoring..")); + } + } + if (nfdlist > 0) + VIR_FREE(fdlist); + } else { + if (virAsprintf(&path, "/proc/%d/ns/%s", pid, nsInfoLocal[i]) < 0) + return -1; + nsFDs[i] = open(path, O_RDONLY); + VIR_FREE(path); + if (nsFDs[i] < 0) { + virReportSystemError(errno, + _("failed to open ns %s"), lxcDef->ns_val[i]); + return -1; + } + } + } + } + cleanup: + if (dom) + virDomainFree(dom); + return rc; +} /** * virLXCProcessSetupInterfaces: @@ -764,6 +855,7 @@ virLXCProcessBuildControllerCmd(virLXCDriverPtr driver, char **veths, int *ttyFDs, size_t nttyFDs, + int nsInheritFDs[VIR_DOMAIN_NAMESPACE_LAST], int *files, size_t nfiles, int handshakefd, @@ -825,6 +917,19 @@ virLXCProcessBuildControllerCmd(virLXCDriverPtr driver, virCommandPassFD(cmd, files[i], 0); } + for (i = 0; i < VIR_DOMAIN_NAMESPACE_LAST; i++) { + if (nsInheritFDs[i] > 0) { + char *tmp = NULL; + if (virAsprintf(&tmp, "--share-%s", + nsInfoLocal[i]) < 0) + goto cleanup; + virCommandAddArg(cmd, tmp); + virCommandAddArgFormat(cmd, "%d", nsInheritFDs[i]); + virCommandPassFD(cmd, nsInheritFDs[i], 0); + VIR_FREE(tmp); + } + } + virCommandAddArgPair(cmd, "--security", virSecurityManagerGetModel(driver->securityManager)); @@ -1032,6 +1137,7 @@ int virLXCProcessStart(virConnectPtr conn, off_t pos = -1; char ebuf[1024]; char *timestamp; + int nsInheritFDs[VIR_DOMAIN_NAMESPACE_LAST]; virCommandPtr cmd = NULL; virLXCDomainObjPrivatePtr priv = vm->privateData; virCapsPtr caps = NULL; @@ -1204,6 +1310,10 @@ int virLXCProcessStart(virConnectPtr conn, if (virLXCProcessSetupInterfaces(conn, vm->def, &nveths, &veths) < 0) goto cleanup; + VIR_DEBUG("Setting up namespaces if any"); + if (virLXCProcessSetupNamespaces(conn, vm->def->namespaceData, nsInheritFDs) < 0) + goto cleanup; + VIR_DEBUG("Preparing to launch"); if ((logfd = open(logfile, O_WRONLY | O_APPEND | O_CREAT, S_IRUSR|S_IWUSR)) < 0) { @@ -1223,6 +1333,7 @@ int virLXCProcessStart(virConnectPtr conn, vm, nveths, veths, ttyFDs, nttyFDs, + nsInheritFDs, files, nfiles, handshakefds[1], &logfd, diff --git a/tests/lxcxml2xmldata/lxc-sharenet.xml b/tests/lxcxml2xmldata/lxc-sharenet.xml new file mode 100644 index 0000000..a2b8d1b --- /dev/null +++ b/tests/lxcxml2xmldata/lxc-sharenet.xml @@ -0,0 +1,33 @@ +<domain type='lxc' xmlns:lxc='http://libvirt.org/schemas/domain/lxc/1.0'> + <name>jessie</name> + <uuid>e21987a5-e98e-9c99-0e35-803e4d9ad1fe</uuid> + <memory unit='KiB'>1048576</memory> + <currentMemory unit='KiB'>1048576</currentMemory> + <vcpu placement='static'>1</vcpu> + <resource> + <partition>/machine</partition> + </resource> + <os> + <type arch='x86_64'>exe</type> + <init>/sbin/init</init> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>restart</on_crash> + <devices> + <emulator>/usr/libexec/libvirt_lxc</emulator> + <filesystem type='mount' accessmode='passthrough'> + <source dir='/mach/jessie'/> + <target dir='/'/> + </filesystem> + <console type='pty'> + <target type='lxc' port='0'/> + </console> + </devices> + <lxc:namespace> + <lxc:sharenet type='netns' value='red'/> + <lxc:shareipc type='pid' value='12345'/> + <lxc:shareuts type='name' value='container1'/> + </lxc:namespace> +</domain> diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c index 3e00347..8d824b9 100644 --- a/tests/lxcxml2xmltest.c +++ b/tests/lxcxml2xmltest.c @@ -133,6 +133,7 @@ mymain(void) DO_TEST("filesystem-root"); DO_TEST("idmap"); DO_TEST("capabilities"); + DO_TEST("sharenet"); virObjectUnref(caps); virObjectUnref(xmlopt); -- 1.9.1

9 years, 3 months

2
1
0 / 0

[libvirt] [PATCH v4 0/5] domainRename API implementation

by Tomas Meszaros

This is an effort to implement domain rename API. Presented patch series consists of the following: virDomainRename API implementation for qemu, implementation of the virsh command domrename and the additional support code. The idea behind this endeavor is to provide convenient and safe way to rename a domain. Instead of the: virsh dumpxml domain > domain.xml (change domain name in domain.xml) virsh undefine domain virsh define domain.xml user can simply type: virsh domrename foo bar or call virDomainRename() API and domain "foo" will be renamed to "bar". We currently support only renaming inactive domains without snapshots. Renaming procedure takes care of domain log, config, guest agent path and should be able to recover in case of failure. I've been working on this functionality in collaboration with Michal Privoznik who is my mentor during the GSoC 2015. If you have any questions, ideas or criticism feel free to join the discussion. v2: - removed guest agent path rename code - removed rename permission - added code for emitting undefined+renamed event for the old domain v3: - removed domain rename permission - fixed virDomainRename doc comment - added @flags parameter to the virDomainRename API v4: - removed ATTRIBUTE_UNUSED from the @flags parameter - added virCheckFlags() call - added flags to the remote_domain_rename_args Tomas Meszaros (5): Introduce virDomainRename API virsh: Implement "domrename" command domain_conf: Introducde virDomainObjListRenameAddNew() & virDomainObjListRenameRemove() Introduce new VIR_DOMAIN_EVENT_DEFINED_RENAMED event qemu: Implement virDomainRename examples/object-events/event-test.c | 4 + include/libvirt/libvirt-domain.h | 6 ++ src/conf/domain_conf.c | 35 +++++++++ src/conf/domain_conf.h | 5 ++ src/driver-hypervisor.h | 6 ++ src/libvirt-domain.c | 35 +++++++++ src/libvirt_private.syms | 2 + src/libvirt_public.syms | 5 ++ src/qemu/qemu_driver.c | 147 ++++++++++++++++++++++++++++++++++++ src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 18 ++++- src/remote_protocol-structs | 9 +++ tools/virsh-domain.c | 63 +++++++++++++++- tools/virsh.pod | 7 ++ 14 files changed, 340 insertions(+), 3 deletions(-) -- 2.1.0

9 years, 3 months

2
6
0 / 0

[libvirt] [PATCH v3 0/5] domainRename API implementation

by Tomas Meszaros

This is an effort to implement domain rename API. Presented patch series consists of the following: virDomainRename API implementation for qemu, implementation of the virsh command domrename and the additional support code. The idea behind this endeavor is to provide convenient and safe way to rename a domain. Instead of the: virsh dumpxml domain > domain.xml (change domain name in domain.xml) virsh undefine domain virsh define domain.xml user can simply type: virsh domrename foo bar or call virDomainRename() API and domain "foo" will be renamed to "bar". We currently support only renaming inactive domains without snapshots. Renaming procedure takes care of domain log, config, guest agent path and should be able to recover in case of failure. I've been working on this functionality in collaboration with Michal Privoznik who is my mentor during the GSoC 2015. If you have any questions, ideas or criticism feel free to join the discussion. v2: - removed guest agent path rename code - removed rename permission - added code for emitting undefined+renamed event for the old domain v3: - removed domain rename permission - fixed virDomainRename doc comment - added @flags parameter to the virDomainRename API Tomas Meszaros (5): Introduce virDomainRename API virsh: Implement "domrename" command domain_conf: Introducde virDomainObjListRenameAddNew() & virDomainObjListRenameRemove() Introduce new VIR_DOMAIN_EVENT_DEFINED_RENAMED event qemu: Implement virDomainRename examples/object-events/event-test.c | 4 + include/libvirt/libvirt-domain.h | 6 ++ src/conf/domain_conf.c | 35 +++++++++ src/conf/domain_conf.h | 5 ++ src/driver-hypervisor.h | 6 ++ src/libvirt-domain.c | 34 +++++++++ src/libvirt_private.syms | 2 + src/libvirt_public.syms | 5 ++ src/qemu/qemu_driver.c | 145 ++++++++++++++++++++++++++++++++++++ src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 18 ++++- src/remote_protocol-structs | 8 ++ tools/virsh-domain.c | 63 +++++++++++++++- tools/virsh.pod | 7 ++ 14 files changed, 336 insertions(+), 3 deletions(-) -- 2.1.0

9 years, 3 months

3
11
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel August 2015