September 2015 - Devel - libvirt List Archives

[libvirt] [PATCH] cpu: Introduce IvyBridge CPU model
by Jiri Denemark 07 Sep '15

07 Sep '15

https://bugzilla.redhat.com/show_bug.cgi?id=1254420 Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- src/cpu/cpu_map.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml index d2469ee..51aa899 100644 --- a/src/cpu/cpu_map.xml +++ b/src/cpu/cpu_map.xml @@ -869,6 +869,55 @@ <feature name='xsave'/> </model> + <model name='IvyBridge'> + <vendor name='Intel'/> + <feature name='aes'/> + <feature name='apic'/> + <feature name='avx'/> + <feature name='clflush'/> + <feature name='cmov'/> + <feature name='cx16'/> + <feature name='cx8'/> + <feature name='de'/> + <feature name='erms'/> + <feature name='f16c'/> + <feature name='fpu'/> + <feature name='fsgsbase'/> + <feature name='fxsr'/> + <feature name='lahf_lm'/> + <feature name='lm'/> + <feature name='mca'/> + <feature name='mce'/> + <feature name='mmx'/> + <feature name='msr'/> + <feature name='mtrr'/> + <feature name='nx'/> + <feature name='pae'/> + <feature name='pat'/> + <feature name='pclmuldq'/> + <feature name='pge'/> + <feature name='pni'/> + <feature name='popcnt'/> + <feature name='pse'/> + <feature name='pse36'/> + <feature name='rdrand'/> + <feature name='rdtscp'/> + <feature name='sep'/> + <feature name='smep'/> + <feature name='sse'/> + <feature name='sse2'/> + <feature name='sse4.1'/> + <feature name='sse4.2'/> + <feature name='ssse3'/> + <feature name='syscall'/> + <feature name='tsc'/> + <feature name='tsc-deadline'/> + <feature name='vme'/> + <feature name='x2apic'/> + <feature name='xsave'/> + <feature name='xsaveopt'/> + </model> + <model name='Haswell-noTSX'> <vendor name='Intel'/> <feature name='aes'/> -- 2.5.1

2 2

[libvirt] [PATCH] .gitignore: Ignore the correct rename example binary
by Michal Privoznik 07 Sep '15

07 Sep '15

In e755186c5c305a9 we tried to introduce an example demonstrating new virDomainRename API. Unfortunately, in the .gitignore we had a different binary listed. It's 'rename' binary which we want git to ignore, not 'test'. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- Pushed under trivial rule. .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 19402f5..2d52a8f 100644 --- a/.gitignore +++ b/.gitignore @@ -83,7 +83,7 @@ /examples/domtop/domtop /examples/hellolibvirt/hellolibvirt /examples/openauth/openauth -/examples/rename/test +/examples/rename/rename /gnulib/lib/* /gnulib/m4/* /gnulib/tests/* -- 2.4.6

1 0

[libvirt] [PATCH] examples: Add missing build data for 'rename'
by Martin Kletzander 07 Sep '15

07 Sep '15

Commit e755186c5c30 added the rename example, but forgot to build some essential files in there as well as add it to the spec file. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- Pushed under the build-breaker rule. Makefile.am | 2 +- libvirt.spec.in | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index d338d5a220c1..6f217bc08595 100644 --- a/Makefile.am +++ b/Makefile.am @@ -24,7 +24,7 @@ SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \ examples/dominfo examples/domsuspend examples/apparmor \ examples/xml/nwfilter examples/openauth examples/systemtap \ tools/wireshark examples/dommigrate examples/polkit \ - examples/lxcconvert examples/domtop + examples/lxcconvert examples/domtop examples/rename ACLOCAL_AMFLAGS = -I m4 diff --git a/libvirt.spec.in b/libvirt.spec.in index 6f6b191ee61d..bb8bfc3c25c1 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1546,7 +1546,7 @@ rm -fr %{buildroot} # on RHEL 5, thus we need to expand it here. make install DESTDIR=%{?buildroot} SYSTEMD_UNIT_DIR=%{_unitdir} -for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap dommigrate domtop +for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap dommigrate domtop rename do (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in) done @@ -2330,6 +2330,7 @@ exit 0 %doc examples/dommigrate %doc examples/openauth %doc examples/xml +%doc examples/rename %doc examples/systemtap %changelog -- 2.5.1

1 0

[libvirt] [PATCH] qemu: Check address when attaching a virtio disk with an invalid address.
by rbian 06 Sep '15

06 Sep '15

https://bugzilla.redhat.com/show_bug.cgi?id=1257844 Attach-device can hotplug a virtio disk device with any address now. It need to validate the address before the attachment. This patch fix the problem. Signed-off-by: rbian <rbian(a)redhat.com> --- src/qemu/qemu_hotplug.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index e71a204..be24993 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -331,6 +331,23 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn, disk->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW; else if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_VIRTIO_S390)) disk->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_VIRTIO_S390; + } else { + if (STREQLEN(vm->def->os.machine, "s390-ccw", 8) && + virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_VIRTIO_CCW)) { + if (!virDomainDeviceAddressIsValid(&disk->info, + VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW)) { + virReportError(VIR_ERR_OPERATION_FAILED, "%s", + _("device cannot be attached without a valid CCW address")); + goto error; + } + } else { + if (!virDomainDeviceAddressIsValid(&disk->info, + VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI)) { + virReportError(VIR_ERR_OPERATION_FAILED, "%s", + _("device cannot be attached without a valid PCI address")); + goto error; + } + } } for (i = 0; i < vm->def->ndisks; i++) { -- 2.4.3

4 3

[libvirt] [PATCH libvirt master] interface type: add udp socket support
by Jonathan Toppins 05 Sep '15

05 Sep '15

Adds a new interface type using UDP sockets, this seems only applicable to QEMU but have edited tree-wide to support the new interface type. The interface type required the addition of a "destaddr" (destination address), this then maps into the following xml and qemu call. <interface type='udp'> <mac address='52:54:00:5c:67:56'/> <source address='127.0.0.1' port='11112'/> <model type='virtio'/> <dest address="127.0.0.1' port='22222'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> ... QEMU call: -netdev socket,udp=127.0.0.1:22222,localaddr=127.0.0.1:11112 Notice the xml "source" entry becomes the "localaddr" for the qemu call. reference: http://lists.gnu.org/archive/html/qemu-devel/2011-11/msg00629.html Signed-off-by: Jonathan Toppins <jtoppins(a)cumulusnetworks.com> --- docs/formatdomain.html.in | 17 ++++++++++++ src/conf/domain_conf.c | 56 +++++++++++++++++++++++++++++++++++++--- src/conf/domain_conf.h | 3 +++ src/conf/netdev_bandwidth_conf.h | 1 + src/libxl/libxl_conf.c | 1 + src/lxc/lxc_controller.c | 1 + src/lxc/lxc_process.c | 1 + src/qemu/qemu_command.c | 12 +++++++++ src/qemu/qemu_hotplug.c | 1 + src/qemu/qemu_interface.c | 2 ++ src/uml/uml_conf.c | 5 ++++ src/xenconfig/xen_sxpr.c | 1 + tools/virsh-domain.c | 1 + 13 files changed, 99 insertions(+), 3 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index c0a265a..95f7f5d 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -4165,6 +4165,23 @@ </devices> ...</pre> + <h5><a name="elementsNICSUDP">UDP unicast tunnel</a></h5> + + <p> + A UDP unicast architecture provides a virtual network which enables + connections between Qemu instances using Qemu's UDP infrastructure.</p> + +<pre> + ... + <devices> + <interface type='udp'> + <mac address='52:54:00:22:c9:42'/> + <source address='127.0.0.1' port='11115'/> + <dest address='127.0.0.1' port='11116'/> + </interface> + </devices> + ...</pre> + <h5><a name="elementsNICSModel">Setting the NIC model</a></h5> <pre> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index e4114f8..11961ea 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -385,7 +385,8 @@ VIR_ENUM_IMPL(virDomainNet, VIR_DOMAIN_NET_TYPE_LAST, "bridge", "internal", "direct", - "hostdev") + "hostdev", + "udp") VIR_ENUM_IMPL(virDomainNetBackend, VIR_DOMAIN_NET_BACKEND_TYPE_LAST, "default", @@ -1629,7 +1630,9 @@ void virDomainNetDefFree(virDomainNetDefPtr def) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: VIR_FREE(def->data.socket.address); + VIR_FREE(def->data.socket.destaddr); break; case VIR_DOMAIN_NET_TYPE_NETWORK: @@ -8398,6 +8401,8 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt, char *script = NULL; char *address = NULL; char *port = NULL; + char *destaddr = NULL; + char *destport = NULL; char *model = NULL; char *backend = NULL; char *txmode = NULL; @@ -8510,10 +8515,15 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt, } else if (!address && (def->type == VIR_DOMAIN_NET_TYPE_SERVER || def->type == VIR_DOMAIN_NET_TYPE_CLIENT || - def->type == VIR_DOMAIN_NET_TYPE_MCAST) && + def->type == VIR_DOMAIN_NET_TYPE_MCAST || + def->type == VIR_DOMAIN_NET_TYPE_UDP) && xmlStrEqual(cur->name, BAD_CAST "source")) { address = virXMLPropString(cur, "address"); port = virXMLPropString(cur, "port"); + } else if (!destaddr && def->type == VIR_DOMAIN_NET_TYPE_UDP && + xmlStrEqual(cur->name, BAD_CAST "dest")) { + destaddr = virXMLPropString(cur, "address"); + destport = virXMLPropString(cur, "port"); } else if (xmlStrEqual(cur->name, BAD_CAST "ip")) { virDomainNetIpDefPtr ip = NULL; @@ -8751,6 +8761,7 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt, case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: if (port == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("No <source> 'port' attribute " @@ -8766,7 +8777,8 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt, if (address == NULL) { if (def->type == VIR_DOMAIN_NET_TYPE_CLIENT || - def->type == VIR_DOMAIN_NET_TYPE_MCAST) { + def->type == VIR_DOMAIN_NET_TYPE_MCAST || + def->type == VIR_DOMAIN_NET_TYPE_UDP) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("No <source> 'address' attribute " "specified with socket interface")); @@ -8776,6 +8788,32 @@ virDomainNetDefParseXML(virDomainXMLOptionPtr xmlopt, def->data.socket.address = address; address = NULL; } + + if (def->type != VIR_DOMAIN_NET_TYPE_UDP) + break; + + if (destport == NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No <dest> 'port' attribute " + "specified with socket interface")); + goto error; + } + if (virStrToLong_i(destport, NULL, 10, &def->data.socket.destport) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Cannot parse <dest> 'port' attribute " + "with socket interface")); + goto error; + } + + if (destport == NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No <dest> 'address' attribute " + "specified with socket interface")); + goto error; + } else { + def->data.socket.destaddr = destaddr; + address = NULL; + } break; case VIR_DOMAIN_NET_TYPE_INTERNAL: @@ -19732,6 +19770,7 @@ virDomainNetDefFormat(virBufferPtr buf, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: if (def->data.socket.address) { virBufferAsprintf(buf, "<source address='%s' port='%d'/>\n", def->data.socket.address, def->data.socket.port); @@ -19739,6 +19778,17 @@ virDomainNetDefFormat(virBufferPtr buf, virBufferAsprintf(buf, "<source port='%d'/>\n", def->data.socket.port); } + + if (def->type != VIR_DOMAIN_NET_TYPE_UDP) + break; + + if (def->data.socket.destaddr) { + virBufferAsprintf(buf, "<dest address='%s' port='%d'/>\n", + def->data.socket.destaddr, def->data.socket.destport); + } else { + virBufferAsprintf(buf, "<dest port='%d'/>\n", + def->data.socket.destport); + } break; case VIR_DOMAIN_NET_TYPE_INTERNAL: diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 698a4d2..e96fece 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -889,6 +889,7 @@ typedef enum { VIR_DOMAIN_NET_TYPE_INTERNAL, VIR_DOMAIN_NET_TYPE_DIRECT, VIR_DOMAIN_NET_TYPE_HOSTDEV, + VIR_DOMAIN_NET_TYPE_UDP, VIR_DOMAIN_NET_TYPE_LAST } virDomainNetType; @@ -991,6 +992,8 @@ struct _virDomainNetDef { struct { char *address; int port; + char *destaddr; + int destport; } socket; /* any of NET_CLIENT or NET_SERVER or NET_MCAST */ struct { char *name; diff --git a/src/conf/netdev_bandwidth_conf.h b/src/conf/netdev_bandwidth_conf.h index 6cbf4ae..cdeac09 100644 --- a/src/conf/netdev_bandwidth_conf.h +++ b/src/conf/netdev_bandwidth_conf.h @@ -53,6 +53,7 @@ static inline bool virNetDevSupportBandwidth(virDomainNetType type) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_LAST: diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index e845759..a76ad5a 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -1177,6 +1177,7 @@ libxlMakeNic(virDomainDefPtr def, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_DIRECT: case VIR_DOMAIN_NET_TYPE_HOSTDEV: diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 110a556..03d6311 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -382,6 +382,7 @@ static int virLXCControllerGetNICIndexes(virLXCControllerPtr ctrl) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_DIRECT: case VIR_DOMAIN_NET_TYPE_HOSTDEV: diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index e99b039..04fbb0a 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -429,6 +429,7 @@ static int virLXCProcessSetupInterfaces(virConnectPtr conn, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_LAST: case VIR_DOMAIN_NET_TYPE_HOSTDEV: diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index eb00f0f..2dac923 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5354,6 +5354,17 @@ qemuBuildHostNetStr(virDomainNetDefPtr net, type_sep = ','; break; + case VIR_DOMAIN_NET_TYPE_UDP: + virBufferAsprintf(&buf, "socket%cudp=%s:%d%clocaladdr=%s:%d", + type_sep, + net->data.socket.destaddr, + net->data.socket.destport, + type_sep, + net->data.socket.address, + net->data.socket.port); + type_sep = ','; + break; + case VIR_DOMAIN_NET_TYPE_USER: default: virBufferAddLit(&buf, "user"); @@ -8416,6 +8427,7 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_LAST: diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 1ea397f..e6c20e9 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -2394,6 +2394,7 @@ qemuDomainChangeNet(virQEMUDriverPtr driver, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: if (STRNEQ_NULLABLE(olddev->data.socket.address, newdev->data.socket.address) || olddev->data.socket.port != newdev->data.socket.port) { diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c index 01226ac..4d55e4d 100644 --- a/src/qemu/qemu_interface.c +++ b/src/qemu/qemu_interface.c @@ -100,6 +100,7 @@ qemuInterfaceStartDevice(virDomainNetDefPtr net) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_LAST: @@ -187,6 +188,7 @@ qemuInterfaceStopDevice(virDomainNetDefPtr net) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_LAST: diff --git a/src/uml/uml_conf.c b/src/uml/uml_conf.c index 90deb2a..afc0375 100644 --- a/src/uml/uml_conf.c +++ b/src/uml/uml_conf.c @@ -195,6 +195,11 @@ umlBuildCommandLineNet(virConnectPtr conn, _("TCP client networking type not supported")); goto error; + case VIR_DOMAIN_NET_TYPE_UDP: + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("UDP networking type not supported")); + goto error; + case VIR_DOMAIN_NET_TYPE_MCAST: /* ethNNN=tuntap,macaddr,ipaddr,port */ virBufferAddLit(&buf, "mcast"); diff --git a/src/xenconfig/xen_sxpr.c b/src/xenconfig/xen_sxpr.c index 05e938a..1d43ec1 100644 --- a/src/xenconfig/xen_sxpr.c +++ b/src/xenconfig/xen_sxpr.c @@ -1962,6 +1962,7 @@ xenFormatSxprNet(virConnectPtr conn, case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_DIRECT: case VIR_DOMAIN_NET_TYPE_HOSTDEV: diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 4988ba2..fc23ee1 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -993,6 +993,7 @@ cmdAttachInterface(vshControl *ctl, const vshCmd *cmd) case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_LAST: -- 1.9.1

6 20

[libvirt] [PATCH 0/5] Resolve some Coverity related errors
by John Ferlan 05 Sep '15

05 Sep '15

Patches 1, 3, & 4 show up periodically in my Coverity runs, but not always. Usually only when some sort of self inflicted build error only gets a partial build followed by a complete analysis phase. Patch 2 is related to a Coverity error seen in private integration testing as well. Although it could be deemed Coverity noise - it's just easier to adjust our code to use the right type than try to generate a reproducer or figure out exactly what the error is. Patch 5 is based on some investigation I started in July to remove some sa_asserts. I could split into two patches if really desired, but it was just easier to keep as one. John Ferlan (5): qemu: Check virGetLastError return value for migration finish failure lxc: Avoid Coverity SIZEOF_MISMATCH virfile: Avoid Coverity IDENTICAL_BRANCHES error util: Avoid Coverity FORWARD_NULL conf: Remove need for a couple of sa_asserts src/conf/domain_conf.c | 9 +++++---- src/libvirt-domain.c | 3 ++- src/lxc/lxc_container.c | 4 ++-- src/qemu/qemu_migration.c | 3 ++- src/util/virdbus.c | 4 ++++ src/util/virfile.c | 3 +-- 6 files changed, 16 insertions(+), 10 deletions(-) -- 2.1.0

2 11

[libvirt] [PATCH sandbox] Require libvirt-glib >= 0.2.2 for LXC fsdriver format fix
by Daniel P. Berrange 05 Sep '15

05 Sep '15

Versions of libvirt-glib < 0.2.2 are buggy when configuring the <filesystem> format/driver attributes, causing the disk to be setup as a plain volume instead of nbd. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 69b5870..9677b24 100644 --- a/configure.ac +++ b/configure.ac @@ -14,7 +14,7 @@ GIO_UNIX_REQUIRED=2.28.0 GOBJECT_REQUIRED=2.32.0 LIBVIRT_REQUIRED=1.0.2 LIBVIRT_GCONFIG_REQUIRED=0.2.1 -LIBVIRT_GLIB_REQUIRED=0.1.7 +LIBVIRT_GLIB_REQUIRED=0.2.2 LIBVIRT_GOBJECT_REQUIRED=0.1.7 GOBJECT_INTROSPECTION_REQUIRED=0.10.8 LZMA_REQUIRED=5.0.0 -- 2.4.3

2 1

[libvirt] [PATCH v2] examples: Add example polkit ACL rules
by Jiri Denemark 05 Sep '15

05 Sep '15

Creating ACL rules is not exactly easy and existing examples are pretty simple. This patch adds a somewhat complex example which defines several roles. Admins can do everything, operators can do basic operations on any domain and several groups of users who act as operators but only on a limited set of domains. Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- Makefile.am | 2 +- configure.ac | 1 + examples/polkit/Makefile.am | 17 ++++++ examples/polkit/libvirt-acl.rules | 115 ++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 3 + 5 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 examples/polkit/Makefile.am create mode 100644 examples/polkit/libvirt-acl.rules diff --git a/Makefile.am b/Makefile.am index 91b943b..d338d5a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,7 +23,7 @@ SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \ tests po examples/object-events examples/hellolibvirt \ examples/dominfo examples/domsuspend examples/apparmor \ examples/xml/nwfilter examples/openauth examples/systemtap \ - tools/wireshark examples/dommigrate \ + tools/wireshark examples/dommigrate examples/polkit \ examples/lxcconvert examples/domtop ACLOCAL_AMFLAGS = -I m4 diff --git a/configure.ac b/configure.ac index 8471a46..136c2e7 100644 --- a/configure.ac +++ b/configure.ac @@ -2809,6 +2809,7 @@ AC_CONFIG_FILES([\ examples/systemtap/Makefile \ examples/xml/nwfilter/Makefile \ examples/lxcconvert/Makefile \ + examples/polkit/Makefile \ tools/wireshark/Makefile \ tools/wireshark/src/Makefile]) AC_OUTPUT diff --git a/examples/polkit/Makefile.am b/examples/polkit/Makefile.am new file mode 100644 index 0000000..4d213e8 --- /dev/null +++ b/examples/polkit/Makefile.am @@ -0,0 +1,17 @@ +## Copyright (C) 2015 Red Hat, Inc. +## +## This library is free software; you can redistribute it and/or +## modify it under the terms of the GNU Lesser General Public +## License as published by the Free Software Foundation; either +## version 2.1 of the License, or (at your option) any later version. +## +## This library is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +## Lesser General Public License for more details. +## +## You should have received a copy of the GNU Lesser General Public +## License along with this library. If not, see +## <http://www.gnu.org/licenses/>. + +EXTRA_DIST = libvirt-acl.rules diff --git a/examples/polkit/libvirt-acl.rules b/examples/polkit/libvirt-acl.rules new file mode 100644 index 0000000..5c26593 --- /dev/null +++ b/examples/polkit/libvirt-acl.rules @@ -0,0 +1,115 @@ +function Role(name) { + this.name = name; + + this.users = []; + this.groups = []; + + this.check = function(subject, api, domain) { + var validUser = false + + if (this.users.indexOf(subject.user) >= 0) { + validUser = true; + } else { + for (var i = 0; i < subject.groups.length; i++) { + if (this.groups.indexOf(subject.groups[i]) >= 0) { + validUser = true; + break; + } + } + } + + if (validUser && + (this.name == "admin" || + !domain || + (this.domains && domain.match(this.domains)))) { + var msg = "Access granted: " + + "user = " + subject.user + + ", groups = [" + subject.groups + "]" + + ", role = " + this.name + + ", api = " + api; + if (domain) + msg += ", domain = " + domain; + polkit.log(msg); + return true + } + + return false; + }; +} + + +/* Basic operations and monitoring on a limited set of domains. */ +var userA = new Role("userA"); +userA.domains = /^a/; +userA.users = ["userA1", "userA2", "userA3", "multiUser"]; +userA.groups = ["groupA1", "groupA2"]; + +var userB = new Role("userB"); +userB.domains = /^b/; +userB.users = ["userB1", "userB2", "userB3", "multiUser"]; +userB.groups = ["groupB1", "groupB2", "multiGroup"]; + +var userC = new Role("userC"); +userC.domains = /^c/; +userC.users = ["userC1", "userC2", "userC3"]; +userC.groups = ["groupC1", "groupC2", "multiGroup"]; + +/* Same as users but on any domain. */ +var operator = new Role("operator"); +operator.domains = /.*/; +operator.users = ["powerUser1", "powerUser2"]; +operator.groups = ["powerGroup1", "powerGroup2", "powerGroup3"]; + +var users = [operator, userA, userB, userC]; + +/* Full access. */ +var admin = new Role("admin"); +admin.users = ["adminUser1"]; +admin.groups = ["adminGroup1"]; + + +restrictedActions = [ + "domain.core-dump", + "domain.fs-freeze", + "domain.fs-trim", + "domain.getattr", + "domain.hibernate", + "domain.init-control", + "domain.inject-nmi", + "domain.open-device", + "domain.open-graphics", + "domain.pm-control", + "domain.read", + "domain.reset", + "domain.save", + "domain.screenshot", + "domain.send-input", + "domain.send-signal", + "domain.set-password", + "domain.set-time", + "domain.snapshot", + "domain.start", + "domain.stop", + "domain.suspend" +]; + +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.libvirt.api.") != 0) + return polkit.Result.NOT_HANDLED; + + var api = action.id.replace("org.libvirt.api.", ""); + var domain = action.lookup("domain_name"); + + if (admin.check(subject, api, domain)) + return polkit.Result.YES; + + if (restrictedActions.indexOf(api) < 0) + return polkit.Result.NOT_HANDLED; + + for (var i = 0; i < users.length; i++) { + if (users[i].check(subject, api, domain)) + return polkit.Result.YES; + } + + return polkit.Result.NO; +}); diff --git a/libvirt.spec.in b/libvirt.spec.in index 78a4cc3..6f6b191 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -2039,6 +2039,9 @@ exit 0 %endif # ! %{with_driver_modules} %if %{with_network} + +%doc examples/polkit/*.rules + %files daemon-config-network %defattr(-, root, root) %dir %{_datadir}/libvirt/networks/ -- 2.5.1

2 3

[libvirt] [PATCH 0/4] Several virsh initialization adjustments
by Erik Skultety 04 Sep '15

04 Sep '15

When looking at commit 4fdd873f, I've come to notice, that after my changes to virsh (834c5720), vshInit always calls vshReadlineInit and that is because client mode defaults to interactive which might be changed after command line arguments are parsed. So this series addresses this minor issue and provides some small tweaks and adjustments. Erik Skultety (4): virsh: Do not make interactive mode default vsh: adjust vshInit signature and remove redundant error label vsh: Introduce vshInitReload vsh: Make vshInitDebug static tools/virsh.c | 12 +++++++----- tools/vsh.c | 32 ++++++++++++++++++++++---------- tools/vsh.h | 4 ++-- 3 files changed, 31 insertions(+), 17 deletions(-) -- 2.4.3

2 8

[libvirt] [PATCH 0/2] Change name of the domain upon successful rename
by Martin Kletzander 04 Sep '15

04 Sep '15

Try running the example added in 1/2 before and after applying 2/2. Martin Kletzander (2): Add example that renames domain there and back Change name of the domain upon successful rename .gitignore | 1 + configure.ac | 1 + examples/rename/Makefile.am | 24 +++++++++++++++ examples/rename/rename.c | 73 ++++++++++++++++++++++++++++++++++++++++++++ src/remote/remote_driver.c | 41 +++++++++++++++++++++++++ src/remote/remote_protocol.x | 2 +- 6 files changed, 141 insertions(+), 1 deletion(-) create mode 100644 examples/rename/Makefile.am create mode 100644 examples/rename/rename.c -- 2.5.1

2 4