September 2015 - Devel - Libvirt List Archives

[libvirt] [PATCH] examples: Add missing build data for 'rename'

by Martin Kletzander

Commit e755186c5c30 added the rename example, but forgot to build some essential files in there as well as add it to the spec file. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- Pushed under the build-breaker rule. Makefile.am | 2 +- libvirt.spec.in | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index d338d5a220c1..6f217bc08595 100644 --- a/Makefile.am +++ b/Makefile.am @@ -24,7 +24,7 @@ SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \ examples/dominfo examples/domsuspend examples/apparmor \ examples/xml/nwfilter examples/openauth examples/systemtap \ tools/wireshark examples/dommigrate examples/polkit \ - examples/lxcconvert examples/domtop + examples/lxcconvert examples/domtop examples/rename ACLOCAL_AMFLAGS = -I m4 diff --git a/libvirt.spec.in b/libvirt.spec.in index 6f6b191ee61d..bb8bfc3c25c1 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1546,7 +1546,7 @@ rm -fr %{buildroot} # on RHEL 5, thus we need to expand it here. make install DESTDIR=%{?buildroot} SYSTEMD_UNIT_DIR=%{_unitdir} -for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap dommigrate domtop +for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap dommigrate domtop rename do (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in) done @@ -2330,6 +2330,7 @@ exit 0 %doc examples/dommigrate %doc examples/openauth %doc examples/xml +%doc examples/rename %doc examples/systemtap %changelog -- 2.5.1

9 years, 2 months

1
0
0 / 0

[libvirt] [PATCH] qemu: Check address when attaching a virtio disk with an invalid address.

by rbian

https://bugzilla.redhat.com/show_bug.cgi?id=1257844 Attach-device can hotplug a virtio disk device with any address now. It need to validate the address before the attachment. This patch fix the problem. Signed-off-by: rbian <rbian(a)redhat.com> --- src/qemu/qemu_hotplug.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index e71a204..be24993 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -331,6 +331,23 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn, disk->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW; else if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_VIRTIO_S390)) disk->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_VIRTIO_S390; + } else { + if (STREQLEN(vm->def->os.machine, "s390-ccw", 8) && + virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_VIRTIO_CCW)) { + if (!virDomainDeviceAddressIsValid(&disk->info, + VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW)) { + virReportError(VIR_ERR_OPERATION_FAILED, "%s", + _("device cannot be attached without a valid CCW address")); + goto error; + } + } else { + if (!virDomainDeviceAddressIsValid(&disk->info, + VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI)) { + virReportError(VIR_ERR_OPERATION_FAILED, "%s", + _("device cannot be attached without a valid PCI address")); + goto error; + } + } } for (i = 0; i < vm->def->ndisks; i++) { -- 2.4.3

9 years, 2 months

4
3
0 / 0

[libvirt] [PATCH libvirt master] interface type: add udp socket support

by Jonathan Toppins

Adds a new interface type using UDP sockets, this seems only applicable to QEMU but have edited tree-wide to support the new interface type. The interface type required the addition of a "destaddr" (destination address), this then maps into the following xml and qemu call. <interface type='udp'> <mac address='52:54:00:5c:67:56'/> <source address='127.0.0.1' port='11112'/> <model type='virtio'/> <dest address="127.0.0.1' port='22222'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> ... QEMU call: -netdev socket,udp=127.0.0.1:22222,localaddr=127.0.0.1:11112 Notice the xml "source" entry becomes the "localaddr" for the qemu call. reference: http://lists.gnu.org/archive/html/qemu-devel/2011-11/msg00629.html Signed-off-by: Jonathan Toppins <jtoppins(a)cumulusnetworks.com> --- docs/formatdomain.html.in | 17 ++++++++++++ src/conf/domain_conf.c | 56 +++++++++++++++++++++++++++++++++++++--- src/conf/domain_conf.h | 3 +++ src/conf/netdev_bandwidth_conf.h | 1 + src/libxl/libxl_conf.c | 1 + src/lxc/lxc_controller.c | 1 + src/lxc/lxc_process.c | 1 + src/qemu/qemu_command.c | 12 +++++++++ src/qemu/qemu_hotplug.c | 1 + src/qemu/qemu_interface.c | 2 ++ src/uml/uml_conf.c | 5 ++++ src/xenconfig/xen_sxpr.c | 1 + tools/virsh-domain.c | 1 + 13 files changed, 99 insertions(+), 3 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index c0a265a..95f7f5d 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -4165,6 +4165,23 @@ </devices> ...</pre> + <h5><a name="elementsNICSUDP">UDP unicast tunnel</a></h5> + + <p> + A UDP unicast architecture provides a virtual network which enables + connections between Qemu instances using Qemu's UDP infrastructure.</p> + +<pre> + ... + <devices> + <interface type='udp'> + <mac address='52:54:00:22:c9:42'/> + <source address='127.0.0.1' port='11115'/> + <dest address='127.0.0.1' port='11116'/> + </interface> + </devices> + ...</pre> + <h5><a name="elementsNICSModel">Setting the NIC model</a></h5> <pre> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index e4114f8..11961ea 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -385,7 +385,8 @@ VIR_ENUM_IMPL(virDomainNet, VIR_DOMAIN_NET_TYPE_LAST, "bridge", "internal", "direct", - "hostdev") + "hostdev", + "udp") VIR_ENUM_IMPL(virDomainNetBackend, VIR_DOMAIN_NET_BACKEND_TYPE_LAST, "default", @@ -1629,7 +1630,9 @@ void virDomainNetDefFree(virDomainNetDefPtr def) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: VIR_FREE(def->data.socket.address); + VIR_FREE(def->data.socket.destaddr); break; case VIR_DOMAIN_NET_TYPE_NETWORK: @@ -8398,6 +8401,8 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt, char *script = NULL; char *address = NULL; char *port = NULL; + char *destaddr = NULL; + char *destport = NULL; char *model = NULL; char *backend = NULL; char *txmode = NULL; @@ -8510,10 +8515,15 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt, } else if (!address && (def->type == VIR_DOMAIN_NET_TYPE_SERVER || def->type == VIR_DOMAIN_NET_TYPE_CLIENT || - def->type == VIR_DOMAIN_NET_TYPE_MCAST) && + def->type == VIR_DOMAIN_NET_TYPE_MCAST || + def->type == VIR_DOMAIN_NET_TYPE_UDP) && xmlStrEqual(cur->name, BAD_CAST "source")) { address = virXMLPropString(cur, "address"); port = virXMLPropString(cur, "port"); + } else if (!destaddr && def->type == VIR_DOMAIN_NET_TYPE_UDP && + xmlStrEqual(cur->name, BAD_CAST "dest")) { + destaddr = virXMLPropString(cur, "address"); + destport = virXMLPropString(cur, "port"); } else if (xmlStrEqual(cur->name, BAD_CAST "ip")) { virDomainNetIpDefPtr ip = NULL; @@ -8751,6 +8761,7 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt, case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: if (port == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("No <source> 'port' attribute " @@ -8766,7 +8777,8 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt, if (address == NULL) { if (def->type == VIR_DOMAIN_NET_TYPE_CLIENT || - def->type == VIR_DOMAIN_NET_TYPE_MCAST) { + def->type == VIR_DOMAIN_NET_TYPE_MCAST || + def->type == VIR_DOMAIN_NET_TYPE_UDP) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("No <source> 'address' attribute " "specified with socket interface")); @@ -8776,6 +8788,32 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt, def->data.socket.address = address; address = NULL; } + + if (def->type != VIR_DOMAIN_NET_TYPE_UDP) + break; + + if (destport == NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No <dest> 'port' attribute " + "specified with socket interface")); + goto error; + } + if (virStrToLong_i(destport, NULL, 10, &def->data.socket.destport) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Cannot parse <dest> 'port' attribute " + "with socket interface")); + goto error; + } + + if (destport == NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No <dest> 'address' attribute " + "specified with socket interface")); + goto error; + } else { + def->data.socket.destaddr = destaddr; + address = NULL; + } break; case VIR_DOMAIN_NET_TYPE_INTERNAL: @@ -19732,6 +19770,7 @@ virDomainNetDefFormat(virBufferPtr buf, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: if (def->data.socket.address) { virBufferAsprintf(buf, "<source address='%s' port='%d'/>\n", def->data.socket.address, def->data.socket.port); @@ -19739,6 +19778,17 @@ virDomainNetDefFormat(virBufferPtr buf, virBufferAsprintf(buf, "<source port='%d'/>\n", def->data.socket.port); } + + if (def->type != VIR_DOMAIN_NET_TYPE_UDP) + break; + + if (def->data.socket.destaddr) { + virBufferAsprintf(buf, "<dest address='%s' port='%d'/>\n", + def->data.socket.destaddr, def->data.socket.destport); + } else { + virBufferAsprintf(buf, "<dest port='%d'/>\n", + def->data.socket.destport); + } break; case VIR_DOMAIN_NET_TYPE_INTERNAL: diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 698a4d2..e96fece 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -889,6 +889,7 @@ typedef enum { VIR_DOMAIN_NET_TYPE_INTERNAL, VIR_DOMAIN_NET_TYPE_DIRECT, VIR_DOMAIN_NET_TYPE_HOSTDEV, + VIR_DOMAIN_NET_TYPE_UDP, VIR_DOMAIN_NET_TYPE_LAST } virDomainNetType; @@ -991,6 +992,8 @@ struct _virDomainNetDef { struct { char *address; int port; + char *destaddr; + int destport; } socket; /* any of NET_CLIENT or NET_SERVER or NET_MCAST */ struct { char *name; diff --git a/src/conf/netdev_bandwidth_conf.h b/src/conf/netdev_bandwidth_conf.h index 6cbf4ae..cdeac09 100644 --- a/src/conf/netdev_bandwidth_conf.h +++ b/src/conf/netdev_bandwidth_conf.h @@ -53,6 +53,7 @@ static inline bool virNetDevSupportBandwidth(virDomainNetType type) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_LAST: diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index e845759..a76ad5a 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -1177,6 +1177,7 @@ libxlMakeNic(virDomainDefPtr def, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_DIRECT: case VIR_DOMAIN_NET_TYPE_HOSTDEV: diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 110a556..03d6311 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -382,6 +382,7 @@ static int virLXCControllerGetNICIndexes(virLXCControllerPtr ctrl) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_DIRECT: case VIR_DOMAIN_NET_TYPE_HOSTDEV: diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index e99b039..04fbb0a 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -429,6 +429,7 @@ static int virLXCProcessSetupInterfaces(virConnectPtr conn, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_LAST: case VIR_DOMAIN_NET_TYPE_HOSTDEV: diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index eb00f0f..2dac923 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5354,6 +5354,17 @@ qemuBuildHostNetStr(virDomainNetDefPtr net, type_sep = ','; break; + case VIR_DOMAIN_NET_TYPE_UDP: + virBufferAsprintf(&buf, "socket%cudp=%s:%d%clocaladdr=%s:%d", + type_sep, + net->data.socket.destaddr, + net->data.socket.destport, + type_sep, + net->data.socket.address, + net->data.socket.port); + type_sep = ','; + break; + case VIR_DOMAIN_NET_TYPE_USER: default: virBufferAddLit(&buf, "user"); @@ -8416,6 +8427,7 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_LAST: diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 1ea397f..e6c20e9 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -2394,6 +2394,7 @@ qemuDomainChangeNet(virQEMUDriverPtr driver, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: if (STRNEQ_NULLABLE(olddev->data.socket.address, newdev->data.socket.address) || olddev->data.socket.port != newdev->data.socket.port) { diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c index 01226ac..4d55e4d 100644 --- a/src/qemu/qemu_interface.c +++ b/src/qemu/qemu_interface.c @@ -100,6 +100,7 @@ qemuInterfaceStartDevice(virDomainNetDefPtr net) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_LAST: @@ -187,6 +188,7 @@ qemuInterfaceStopDevice(virDomainNetDefPtr net) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_LAST: diff --git a/src/uml/uml_conf.c b/src/uml/uml_conf.c index 90deb2a..afc0375 100644 --- a/src/uml/uml_conf.c +++ b/src/uml/uml_conf.c @@ -195,6 +195,11 @@ umlBuildCommandLineNet(virConnectPtr conn, _("TCP client networking type not supported")); goto error; + case VIR_DOMAIN_NET_TYPE_UDP: + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("UDP networking type not supported")); + goto error; + case VIR_DOMAIN_NET_TYPE_MCAST: /* ethNNN=tuntap,macaddr,ipaddr,port */ virBufferAddLit(&buf, "mcast"); diff --git a/src/xenconfig/xen_sxpr.c b/src/xenconfig/xen_sxpr.c index 05e938a..1d43ec1 100644 --- a/src/xenconfig/xen_sxpr.c +++ b/src/xenconfig/xen_sxpr.c @@ -1962,6 +1962,7 @@ xenFormatSxprNet(virConnectPtr conn, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_DIRECT: case VIR_DOMAIN_NET_TYPE_HOSTDEV: diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 4988ba2..fc23ee1 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -993,6 +993,7 @@ cmdAttachInterface(vshControl *ctl, const vshCmd *cmd) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_LAST: -- 1.9.1

9 years, 2 months

6
20
0 / 0

[libvirt] [PATCH 0/5] Resolve some Coverity related errors

by John Ferlan

Patches 1, 3, & 4 show up periodically in my Coverity runs, but not always. Usually only when some sort of self inflicted build error only gets a partial build followed by a complete analysis phase. Patch 2 is related to a Coverity error seen in private integration testing as well. Although it could be deemed Coverity noise - it's just easier to adjust our code to use the right type than try to generate a reproducer or figure out exactly what the error is. Patch 5 is based on some investigation I started in July to remove some sa_asserts. I could split into two patches if really desired, but it was just easier to keep as one. John Ferlan (5): qemu: Check virGetLastError return value for migration finish failure lxc: Avoid Coverity SIZEOF_MISMATCH virfile: Avoid Coverity IDENTICAL_BRANCHES error util: Avoid Coverity FORWARD_NULL conf: Remove need for a couple of sa_asserts src/conf/domain_conf.c | 9 +++++---- src/libvirt-domain.c | 3 ++- src/lxc/lxc_container.c | 4 ++-- src/qemu/qemu_migration.c | 3 ++- src/util/virdbus.c | 4 ++++ src/util/virfile.c | 3 +-- 6 files changed, 16 insertions(+), 10 deletions(-) -- 2.1.0

9 years, 2 months

2
11
0 / 0

[libvirt] [PATCH sandbox] Require libvirt-glib >= 0.2.2 for LXC fsdriver format fix

by Daniel P. Berrange

Versions of libvirt-glib < 0.2.2 are buggy when configuring the <filesystem> format/driver attributes, causing the disk to be setup as a plain volume instead of nbd. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 69b5870..9677b24 100644 --- a/configure.ac +++ b/configure.ac @@ -14,7 +14,7 @@ GIO_UNIX_REQUIRED=2.28.0 GOBJECT_REQUIRED=2.32.0 LIBVIRT_REQUIRED=1.0.2 LIBVIRT_GCONFIG_REQUIRED=0.2.1 -LIBVIRT_GLIB_REQUIRED=0.1.7 +LIBVIRT_GLIB_REQUIRED=0.2.2 LIBVIRT_GOBJECT_REQUIRED=0.1.7 GOBJECT_INTROSPECTION_REQUIRED=0.10.8 LZMA_REQUIRED=5.0.0 -- 2.4.3

9 years, 2 months

2
1
0 / 0

[libvirt] [PATCH v2] examples: Add example polkit ACL rules

by Jiri Denemark

Creating ACL rules is not exactly easy and existing examples are pretty simple. This patch adds a somewhat complex example which defines several roles. Admins can do everything, operators can do basic operations on any domain and several groups of users who act as operators but only on a limited set of domains. Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- Makefile.am | 2 +- configure.ac | 1 + examples/polkit/Makefile.am | 17 ++++++ examples/polkit/libvirt-acl.rules | 115 ++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 3 + 5 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 examples/polkit/Makefile.am create mode 100644 examples/polkit/libvirt-acl.rules diff --git a/Makefile.am b/Makefile.am index 91b943b..d338d5a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,7 +23,7 @@ SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \ tests po examples/object-events examples/hellolibvirt \ examples/dominfo examples/domsuspend examples/apparmor \ examples/xml/nwfilter examples/openauth examples/systemtap \ - tools/wireshark examples/dommigrate \ + tools/wireshark examples/dommigrate examples/polkit \ examples/lxcconvert examples/domtop ACLOCAL_AMFLAGS = -I m4 diff --git a/configure.ac b/configure.ac index 8471a46..136c2e7 100644 --- a/configure.ac +++ b/configure.ac @@ -2809,6 +2809,7 @@ AC_CONFIG_FILES([\ examples/systemtap/Makefile \ examples/xml/nwfilter/Makefile \ examples/lxcconvert/Makefile \ + examples/polkit/Makefile \ tools/wireshark/Makefile \ tools/wireshark/src/Makefile]) AC_OUTPUT diff --git a/examples/polkit/Makefile.am b/examples/polkit/Makefile.am new file mode 100644 index 0000000..4d213e8 --- /dev/null +++ b/examples/polkit/Makefile.am @@ -0,0 +1,17 @@ +## Copyright (C) 2015 Red Hat, Inc. +## +## This library is free software; you can redistribute it and/or +## modify it under the terms of the GNU Lesser General Public +## License as published by the Free Software Foundation; either +## version 2.1 of the License, or (at your option) any later version. +## +## This library is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +## Lesser General Public License for more details. +## +## You should have received a copy of the GNU Lesser General Public +## License along with this library. If not, see +## <http://www.gnu.org/licenses/>. + +EXTRA_DIST = libvirt-acl.rules diff --git a/examples/polkit/libvirt-acl.rules b/examples/polkit/libvirt-acl.rules new file mode 100644 index 0000000..5c26593 --- /dev/null +++ b/examples/polkit/libvirt-acl.rules @@ -0,0 +1,115 @@ +function Role(name) { + this.name = name; + + this.users = []; + this.groups = []; + + this.check = function(subject, api, domain) { + var validUser = false + + if (this.users.indexOf(subject.user) >= 0) { + validUser = true; + } else { + for (var i = 0; i < subject.groups.length; i++) { + if (this.groups.indexOf(subject.groups[i]) >= 0) { + validUser = true; + break; + } + } + } + + if (validUser && + (this.name == "admin" || + !domain || + (this.domains && domain.match(this.domains)))) { + var msg = "Access granted: " + + "user = " + subject.user + + ", groups = [" + subject.groups + "]" + + ", role = " + this.name + + ", api = " + api; + if (domain) + msg += ", domain = " + domain; + polkit.log(msg); + return true + } + + return false; + }; +} + + +/* Basic operations and monitoring on a limited set of domains. */ +var userA = new Role("userA"); +userA.domains = /^a/; +userA.users = ["userA1", "userA2", "userA3", "multiUser"]; +userA.groups = ["groupA1", "groupA2"]; + +var userB = new Role("userB"); +userB.domains = /^b/; +userB.users = ["userB1", "userB2", "userB3", "multiUser"]; +userB.groups = ["groupB1", "groupB2", "multiGroup"]; + +var userC = new Role("userC"); +userC.domains = /^c/; +userC.users = ["userC1", "userC2", "userC3"]; +userC.groups = ["groupC1", "groupC2", "multiGroup"]; + +/* Same as users but on any domain. */ +var operator = new Role("operator"); +operator.domains = /.*/; +operator.users = ["powerUser1", "powerUser2"]; +operator.groups = ["powerGroup1", "powerGroup2", "powerGroup3"]; + +var users = [operator, userA, userB, userC]; + +/* Full access. */ +var admin = new Role("admin"); +admin.users = ["adminUser1"]; +admin.groups = ["adminGroup1"]; + + +restrictedActions = [ + "domain.core-dump", + "domain.fs-freeze", + "domain.fs-trim", + "domain.getattr", + "domain.hibernate", + "domain.init-control", + "domain.inject-nmi", + "domain.open-device", + "domain.open-graphics", + "domain.pm-control", + "domain.read", + "domain.reset", + "domain.save", + "domain.screenshot", + "domain.send-input", + "domain.send-signal", + "domain.set-password", + "domain.set-time", + "domain.snapshot", + "domain.start", + "domain.stop", + "domain.suspend" +]; + +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.libvirt.api.") != 0) + return polkit.Result.NOT_HANDLED; + + var api = action.id.replace("org.libvirt.api.", ""); + var domain = action.lookup("domain_name"); + + if (admin.check(subject, api, domain)) + return polkit.Result.YES; + + if (restrictedActions.indexOf(api) < 0) + return polkit.Result.NOT_HANDLED; + + for (var i = 0; i < users.length; i++) { + if (users[i].check(subject, api, domain)) + return polkit.Result.YES; + } + + return polkit.Result.NO; +}); diff --git a/libvirt.spec.in b/libvirt.spec.in index 78a4cc3..6f6b191 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -2039,6 +2039,9 @@ exit 0 %endif # ! %{with_driver_modules} %if %{with_network} + +%doc examples/polkit/*.rules + %files daemon-config-network %defattr(-, root, root) %dir %{_datadir}/libvirt/networks/ -- 2.5.1

9 years, 2 months

2
3
0 / 0

[libvirt] [PATCH 0/4] Several virsh initialization adjustments

by Erik Skultety

When looking at commit 4fdd873f, I've come to notice, that after my changes to virsh (834c5720), vshInit always calls vshReadlineInit and that is because client mode defaults to interactive which might be changed after command line arguments are parsed. So this series addresses this minor issue and provides some small tweaks and adjustments. Erik Skultety (4): virsh: Do not make interactive mode default vsh: adjust vshInit signature and remove redundant error label vsh: Introduce vshInitReload vsh: Make vshInitDebug static tools/virsh.c | 12 +++++++----- tools/vsh.c | 32 ++++++++++++++++++++++---------- tools/vsh.h | 4 ++-- 3 files changed, 31 insertions(+), 17 deletions(-) -- 2.4.3

9 years, 2 months

2
8
0 / 0

[libvirt] [PATCH 0/2] Change name of the domain upon successful rename

by Martin Kletzander

Try running the example added in 1/2 before and after applying 2/2. Martin Kletzander (2): Add example that renames domain there and back Change name of the domain upon successful rename .gitignore | 1 + configure.ac | 1 + examples/rename/Makefile.am | 24 +++++++++++++++ examples/rename/rename.c | 73 ++++++++++++++++++++++++++++++++++++++++++++ src/remote/remote_driver.c | 41 +++++++++++++++++++++++++ src/remote/remote_protocol.x | 2 +- 6 files changed, 141 insertions(+), 1 deletion(-) create mode 100644 examples/rename/Makefile.am create mode 100644 examples/rename/rename.c -- 2.5.1

9 years, 2 months

2
4
0 / 0

[libvirt] [PATCH v2 0/2] Need to perform address checks for ccw/s390

by John Ferlan

Assumptions were made that if someone provided an address type ccw or s390 that it would occur only if using an enabled emulator. Turns out that premise isn't necessarily true and it leads to libvirtd crashing for hotplugs and qemu start errors for config paths. These patches will make the checks prior to crashes or qemu process starts in order to avoid the situation. v1: http://www.redhat.com/archives/libvir-list/2015-August/msg01043.html Changes since v1... ... Implement a function to handle the s390-ccw check using STRPREFIX instead of a mix of STRPREFIX and STREQLEN ... Create qemuCheckCCWS390AddressSupport to handle checking address type if defined on entry to disk, controller, and rng device additions whether through hotplug or config options. NB: It doesn't seem network devices are afflicted, although perhaps I read the code wrong. It seems for a network device there is/was none of the set the default address if undefined code added. John Ferlan (2): qemu: Introduce qemuDomainMachineIsS390CCW qemu: Need to check for machine.os when using ADDRESS_TYPE_CCW src/qemu/qemu_command.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++-- src/qemu/qemu_command.h | 5 +++++ src/qemu/qemu_domain.c | 6 ++++++ src/qemu/qemu_domain.h | 1 + src/qemu/qemu_hotplug.c | 24 +++++++++++++++------ 5 files changed, 83 insertions(+), 8 deletions(-) -- 2.1.0

9 years, 2 months

2
3
0 / 0

[libvirt] [sandbox PATCH v3 00/22] *** Virt-sandbox-image ***

by Eren Yagdiran

V3 Changes: * License syntax fixed * Source abstract method get_env fixed * Discarding byte code generation now resides into a new commit * Template_dir and storage_dir refactored and runtime resolver is added for checking permissions * -f,--format parameter is refactored. Default is qcow2. * Ssl warning is now using stderr * get_disk method in Source now adds another layer with a randomized name Daniel P Berrange (1): Add virt-sandbox-image Eren Yagdiran (21): Fix virt-sandbox-image Image: Add Hooking Mechanism Image: virt-sandbox-image default dir constants Image: Discard caching bytecode Image: Add check_writable and runtime resolver Image: Add download function Image: Refactor create function Image: Add delete function Image: Add get_command function to Source Image: Add run args Image: Add check_connect function Image: Add get_disk function to Source Image: Add run function Image: Add network support Image: Add Volume Support Image: man file for virt-sandbox-image Add configuration object for environment variables Add environment parameter to virt-sandbox Common-init: Exporting custom environment variables Add testcase for custom environment variables Image: Add custom environment support .gitignore | 1 + bin/Makefile.am | 21 +- bin/virt-sandbox-image.in | 3 + bin/virt-sandbox-image.pod | 172 +++++++++++ bin/virt-sandbox.c | 14 + configure.ac | 2 + libvirt-sandbox/Makefile.am | 2 + libvirt-sandbox/libvirt-sandbox-config-all.h | 1 + libvirt-sandbox/libvirt-sandbox-config-env.c | 199 ++++++++++++ libvirt-sandbox/libvirt-sandbox-config-env.h | 78 +++++ libvirt-sandbox/libvirt-sandbox-config.c | 187 +++++++++++- libvirt-sandbox/libvirt-sandbox-config.h | 12 + libvirt-sandbox/libvirt-sandbox-init-common.c | 30 ++ libvirt-sandbox/libvirt-sandbox.h | 1 + libvirt-sandbox/libvirt-sandbox.sym | 6 + libvirt-sandbox/tests/test-config.c | 10 + po/POTFILES.in | 1 + virt-sandbox-image/Makefile.am | 14 + virt-sandbox-image/sources/DockerSource.py | 421 ++++++++++++++++++++++++++ virt-sandbox-image/sources/Source.py | 55 ++++ virt-sandbox-image/sources/__init__.py | 26 ++ virt-sandbox-image/virt-sandbox-image.py | 299 ++++++++++++++++++ 22 files changed, 1550 insertions(+), 5 deletions(-) create mode 100644 bin/virt-sandbox-image.in create mode 100644 bin/virt-sandbox-image.pod create mode 100644 libvirt-sandbox/libvirt-sandbox-config-env.c create mode 100644 libvirt-sandbox/libvirt-sandbox-config-env.h create mode 100644 virt-sandbox-image/Makefile.am create mode 100644 virt-sandbox-image/sources/DockerSource.py create mode 100644 virt-sandbox-image/sources/Source.py create mode 100644 virt-sandbox-image/sources/__init__.py create mode 100755 virt-sandbox-image/virt-sandbox-image.py -- 2.1.0

9 years, 2 months

3
28
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel September 2015