[libvirt] [PATCH] spec: Make driver-qemu require driver-storage
by Martin Kletzander
Without that we might get similar messages in the log:
error : virDriverLoadModule:73 : failed to load module
/usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
/usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so: undefined
symbol: virStorageFileCreate
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
libvirt.spec.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 6b3e888d0048..816a950ef624 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -607,6 +607,7 @@ Group: Development/Libraries
Requires: libvirt-daemon = %{version}-%{release}
# There really is a hard cross-driver dependency here
Requires: libvirt-daemon-driver-network = %{version}-%{release}
+Requires: libvirt-daemon-driver-storage = %{version}-%{release}
Requires: /usr/bin/qemu-img
# For image compression
Requires: gzip
--
2.9.0
8 years, 5 months
[libvirt] [PATCH v2] util: Make failure to get suplementary group list for a uid non-fatal
by Peter Krempa
Since introduction of the DAC security driver we've documented that
seclabels with a leading + can be used with numerical uid. This would
not work though with the rest of libvirt if the uid was not actually
used in the system as we'd fail when trying to get a list of
suplementary groups for the given uid. Since a uid without entry in
/etc/passwd (or other user database) will not have any suppolementary
groups we can treat the failure to obtain them as such.
This patch modifies virGetGroupList to not report the error of missing
user and tweaks callers to treat the missing list as having 0
supplementary groups.
The only place reporting errors is virt-login-shell as it's used to
determine whether the given user is allowed to access the shell.
---
Although it was ACKed I'm reposting a rebased version including the fixes and
fixed merge conflicts. I'd like to hear feedback from the reporter of this issue.
CC: Roy Keene <rkeene(a)knightpoint.com>
src/security/security_dac.c | 13 +++++++------
src/util/vircommand.c | 4 +++-
src/util/virfile.c | 28 ++++++++++++++++------------
src/util/virutil.c | 27 +++++++++++++++++----------
tools/virt-login-shell.c | 6 +++++-
5 files changed, 48 insertions(+), 30 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 442ce70..9dec201 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -266,14 +266,15 @@ static int
virSecurityDACPreFork(virSecurityManagerPtr mgr)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
- int ngroups;
VIR_FREE(priv->groups);
- priv->ngroups = 0;
- if ((ngroups = virGetGroupList(priv->user, priv->group,
- &priv->groups)) < 0)
- return -1;
- priv->ngroups = ngroups;
+
+ /* ignore a possible problem in getting supplementary groups just assume
+ * we have none and continue with uid/gid only */
+ if ((priv->ngroups = virGetGroupList(priv->user, priv->group,
+ &priv->groups)) < 0)
+ priv->ngroups = 0;
+
return 0;
}
diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index f5bd7af..58af06a 100644
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@@ -554,8 +554,10 @@ virExec(virCommandPtr cmd)
childerr = null;
}
+ /* ignore a possible problem in getting supplementary groups just assume
+ * we have none and continue with uid/gid only */
if ((ngroups = virGetGroupList(cmd->uid, cmd->gid, &groups)) < 0)
- goto cleanup;
+ ngroups = 0;
pid = virFork();
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 9d460b9..4298ec5 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -1978,9 +1978,10 @@ virFileAccessibleAs(const char *path, int mode,
gid == getegid())
return access(path, mode);
- ngroups = virGetGroupList(uid, gid, &groups);
- if (ngroups < 0)
- return -1;
+ /* ignore a possible problem in getting supplementary groups just assume
+ * we have none and continue with uid/gid only */
+ if ((ngroups = virGetGroupList(uid, gid, &groups)) == -1)
+ ngroups = 0;
pid = virFork();
@@ -2104,9 +2105,10 @@ virFileOpenForked(const char *path, int openflags, mode_t mode,
* following dance avoids problems caused by root-squashing
* NFS servers. */
- ngroups = virGetGroupList(uid, gid, &groups);
- if (ngroups < 0)
- return -errno;
+ /* ignore a possible problem in getting supplementary groups just assume
+ * we have none and continue with uid/gid only */
+ if ((ngroups = virGetGroupList(uid, gid, &groups)) == -1)
+ ngroups = 0;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) < 0) {
ret = -errno;
@@ -2407,9 +2409,10 @@ virFileRemove(const char *path,
if (gid == (gid_t) -1)
gid = getegid();
- ngroups = virGetGroupList(uid, gid, &groups);
- if (ngroups < 0)
- return -errno;
+ /* ignore a possible problem in getting supplementary groups just assume
+ * we have none and continue with uid/gid only */
+ if ((ngroups = virGetGroupList(uid, gid, &groups)) == -1)
+ ngroups = 0;
pid = virFork();
@@ -2583,9 +2586,10 @@ virDirCreate(const char *path,
if (gid == (gid_t) -1)
gid = getegid();
- ngroups = virGetGroupList(uid, gid, &groups);
- if (ngroups < 0)
- return -errno;
+ /* ignore a possible problem in getting supplementary groups just assume
+ * we have none and continue with uid/gid only */
+ if ((ngroups = virGetGroupList(uid, gid, &groups)) == -1)
+ ngroups = 0;
pid = virFork();
diff --git a/src/util/virutil.c b/src/util/virutil.c
index ff58054..c11278f 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -755,9 +755,10 @@ virGetUserDirectory(void)
#ifdef HAVE_GETPWUID_R
/* Look up fields from the user database for the given user. On
- * error, set errno, report the error, and return -1. */
+ * error, set errno, report the error if not instructed otherwise via @quiet,
+ * and return -1. */
static int
-virGetUserEnt(uid_t uid, char **name, gid_t *group, char **dir, char **shell)
+virGetUserEnt(uid_t uid, char **name, gid_t *group, char **dir, char **shell, bool quiet)
{
char *strbuf;
struct passwd pwbuf;
@@ -792,12 +793,19 @@ virGetUserEnt(uid_t uid, char **name, gid_t *group, char **dir, char **shell)
if (VIR_RESIZE_N(strbuf, strbuflen, strbuflen, strbuflen) < 0)
goto cleanup;
}
+
if (rc != 0) {
+ if (quiet)
+ goto cleanup;
+
virReportSystemError(rc,
_("Failed to find user record for uid '%u'"),
(unsigned int) uid);
goto cleanup;
} else if (pw == NULL) {
+ if (quiet)
+ goto cleanup;
+
virReportError(VIR_ERR_SYSTEM_ERROR,
_("Failed to find user record for uid '%u'"),
(unsigned int) uid);
@@ -882,7 +890,7 @@ char *
virGetUserDirectoryByUID(uid_t uid)
{
char *ret;
- virGetUserEnt(uid, NULL, NULL, &ret, NULL);
+ virGetUserEnt(uid, NULL, NULL, &ret, NULL, false);
return ret;
}
@@ -890,7 +898,7 @@ virGetUserDirectoryByUID(uid_t uid)
char *virGetUserShell(uid_t uid)
{
char *ret;
- virGetUserEnt(uid, NULL, NULL, NULL, &ret);
+ virGetUserEnt(uid, NULL, NULL, NULL, &ret, false);
return ret;
}
@@ -940,7 +948,7 @@ char *virGetUserRuntimeDirectory(void)
char *virGetUserName(uid_t uid)
{
char *ret;
- virGetUserEnt(uid, &ret, NULL, NULL, NULL);
+ virGetUserEnt(uid, &ret, NULL, NULL, NULL, false);
return ret;
}
@@ -1113,8 +1121,9 @@ virGetGroupID(const char *group, gid_t *gid)
/* Compute the list of primary and supplementary groups associated
* with @uid, and including @gid in the list (unless it is -1),
* storing a malloc'd result into @list. Return the size of the list
- * on success, or -1 on failure with error reported and errno set. May
- * not be called between fork and exec. */
+ * on success, or -1 on failure with no error reported as this usually isn't
+ * a fatal problem for callers. errno is set on error. May not be called
+ * between fork and exec. */
int
virGetGroupList(uid_t uid, gid_t gid, gid_t **list)
{
@@ -1126,14 +1135,12 @@ virGetGroupList(uid_t uid, gid_t gid, gid_t **list)
if (uid == (uid_t)-1)
return 0;
- if (virGetUserEnt(uid, &user, &primary, NULL, NULL) < 0)
+ if (virGetUserEnt(uid, &user, &primary, NULL, NULL, true) < 0)
return -1;
ret = mgetgroups(user, primary, list);
if (ret < 0) {
sa_assert(!*list);
- virReportSystemError(errno,
- _("cannot get group list for '%s'"), user);
goto cleanup;
}
diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c
index 38fcb9e..2ad6634 100644
--- a/tools/virt-login-shell.c
+++ b/tools/virt-login-shell.c
@@ -303,8 +303,12 @@ main(int argc, char **argv)
if (!(conf = virConfReadFile(login_shell_path, 0)))
goto cleanup;
- if ((ngroups = virGetGroupList(uid, gid, &groups)) < 0)
+ if ((ngroups = virGetGroupList(uid, gid, &groups)) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("failed to query supplementary group list for uid '%u'"),
+ (unsigned int) uid);
goto cleanup;
+ }
if (virLoginShellAllowedUser(conf, name, groups) < 0)
goto cleanup;
--
2.8.3
8 years, 5 months
[libvirt] [PATCH v4 0/3] qemu: expand domain memory statistics
by Derbyshev Dmitriy
From: Derbyshev Dmitry <dderbyshev(a)virtuozzo.com>
QEMU reports timestamp and available along with other memory statistics.
This information was not saved into domain statistics.
Also, to collect all balloon statistics for all guests it was necessary to make
several libvirt requests (one per VE).
Last patch allows doing this via qemuConnectGetAllDomainStats in one request.
Changes since v1:
* Enum numeration fixed
* Macro getting "usage" field fixed
Changes since v2:
* previous patches were on wrong branch
* qemu's stat name was "stat-available-memory"
Changes since v3:
* 3rd patch added
Derbyshev Dmitry (3):
qemu: expand domain memory statistics with 'usable'
qemu: expand domain memory statistics with 'last-update' timestamp
qemu: return balloon statistics alongside all domain stats
include/libvirt/libvirt-domain.h | 11 +++++-
src/libvirt-domain.c | 5 +++
src/qemu/qemu_driver.c | 84 +++++++++++++++++++++++++++++++---------
src/qemu/qemu_monitor_json.c | 22 ++++++-----
tools/virsh-domain-monitor.c | 4 ++
5 files changed, 98 insertions(+), 28 deletions(-)
--
1.9.5.msysgit.0
8 years, 5 months
[libvirt] [PATCH] xenconfig: fix conversion of <driver> to backendtype
by Jim Fehlig
When converting domXML to xen xl.cfg, backendtype should
not be emitted if <driver> is not specified. Moreover,
<driver name='file'/> should be converted to backendtype
qdisk, similar to handling of <driver> in libxlMakeDisk()
in libxl_conf.c.
Prior to this change, connectDomainXMLToNative would
produce incorrect xl.cfg when the input domXML contained
<driver name='file'/>
domXML:
<disk type="file" device="disk">
<driver name="file"/>
<source file="/image/file/path"/>
<target dev="xvda" bus="xen"/>
</disk>
virsh domxml-to-native xen-xl domXML
disk = [ "format=raw,vdev=xvda,access=rw,backendtype=target=/image/file/path" ]
xl create xl.cfg
config parsing error in disk specification: unknown value
for backendtype: near `target=/image/file/path' in
`format=raw,vdev=xvda,access=rw,backendtype=target=/image/file/path'
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
src/xenconfig/xen_xl.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/xenconfig/xen_xl.c b/src/xenconfig/xen_xl.c
index 5879c66..d524a82 100644
--- a/src/xenconfig/xen_xl.c
+++ b/src/xenconfig/xen_xl.c
@@ -857,13 +857,15 @@ xenFormatXLDisk(virConfValuePtr list, virDomainDiskDefPtr disk)
}
/* backendtype */
- virBufferAddLit(&buf, "backendtype=");
- if (STREQ_NULLABLE(driver, "qemu"))
- virBufferAddLit(&buf, "qdisk,");
- else if (STREQ_NULLABLE(driver, "tap"))
- virBufferAddLit(&buf, "tap,");
- else if (STREQ_NULLABLE(driver, "phy"))
- virBufferAddLit(&buf, "phy,");
+ if (driver) {
+ virBufferAddLit(&buf, "backendtype=");
+ if (STREQ(driver, "qemu") || STREQ(driver, "file"))
+ virBufferAddLit(&buf, "qdisk,");
+ else if (STREQ(driver, "tap"))
+ virBufferAddLit(&buf, "tap,");
+ else if (STREQ(driver, "phy"))
+ virBufferAddLit(&buf, "phy,");
+ }
/* devtype */
if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM)
--
2.1.4
8 years, 5 months
[libvirt] [PATCH] util: fix missing broadcast address in bridge and tap device IP addresses
by Laine Stump
Commit b3d069872ce53eb added peer address setting to the low level
virNetDevSetIPAddress() function, but ended up causing a segfault in
cases where the caller passed NULL for peer address.
Commit a3510e33d33e52c fixed the segfault, but managed to cause us to
skip setting the broadcast address when setting an interface's IP
address if the peer address was NULL. The result is that the broadcast
address is 0.0.0.0 for all libvirt-created bridges (and for now also
in interfaces in lxc containers with IP addresses set by libvirt).
This was reported on the mailing list:
https://www.redhat.com/archives/libvir-list/2016-June/msg00027.html
but I was too busy to investigate at the time. I found it by accident
today while refactoring virNetDevSetIPAddress(). Since this regression
is present in the 1.3.5 release, I'm sending the bugfix as a separate
simpler patch from my larger refactoring patchset.
---
src/util/virnetdev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index 925b41f..5a4ccc6 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -1129,7 +1129,8 @@ int virNetDevSetIPAddress(const char *ifname,
unsigned int recvbuflen;
/* The caller needs to provide a correct address */
- if (VIR_SOCKET_ADDR_FAMILY(addr) == AF_INET && peer && !VIR_SOCKET_ADDR_VALID(peer)) {
+ if (VIR_SOCKET_ADDR_FAMILY(addr) == AF_INET &&
+ !(peer && VIR_SOCKET_ADDR_VALID(peer))) {
/* compute a broadcast address if this is IPv4 */
if (VIR_ALLOC(broadcast) < 0)
return -1;
--
2.4.11
8 years, 5 months
[libvirt] [PATCH] util: remove redundant comments
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)gmail.com>
Signed-off-by: Chen Hanxiao <chenhanxiao(a)gmail.com>
---
src/util/vireventpoll.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/util/vireventpoll.c b/src/util/vireventpoll.c
index 5e99b3c..81ecab4 100644
--- a/src/util/vireventpoll.c
+++ b/src/util/vireventpoll.c
@@ -405,7 +405,6 @@ static struct pollfd *virEventPollMakePollFDs(int *nfds) {
fds[*nfds].events = eventLoop.handles[i].events;
fds[*nfds].revents = 0;
(*nfds)++;
- //EVENT_DEBUG("Wait for %d %d", eventLoop.handles[i].fd, eventLoop.handles[i].events);
}
return fds;
--
1.8.3.1
8 years, 5 months
[libvirt] [PATCH python v2 0/2] Bindings for storage pool lifecycle events
by Jovanka Gulicoska
Changes since v1: use double newline spacing, change LIBVIRT_CHECK_VERSION
to 2.0.0
Python buindings and tests for storage pool lifecycle events API.
Function storageDetailToString() is not implemented for now.
Jovanka Gulicoska (2):
Python binding for storage pool lifecycle events API
event-test: Add storage pool lifecycle event tests
examples/event-test.py | 18 +++++
generator.py | 2 +
libvirt-override-virConnect.py | 35 ++++++++++
libvirt-override.c | 153 +++++++++++++++++++++++++++++++++++++++++
sanitytest.py | 2 +
5 files changed, 210 insertions(+)
--
2.5.5
8 years, 5 months
[libvirt] [PATCH v3 0/4] Some patches for native TLS encrypted chardev TCP support
by John Ferlan
v2: http://www.redhat.com/archives/libvir-list/2016-June/msg01044.html
Patches 3 and 4 from original already pushed.
Changes since v2:
Patch 1: (the two bullets were ACK'd, but 3rd introduced new change so repost)
* Change to using /etc/pki/qemu as the default directory name
* Add description for dh-params.pem
* Added default_tls_x509_verify
Patch 2:
* Change to using /etc/pki/qemu-chardev
* Change charTCP/chartcp to chardev
* Added chardev_tls_x509_verify
Patch 3: (former patch 5)
* Added processing for verify-peer and set in .args output
Patch 4: (was ACK'd, but...)
* Needed update due to new argument to qemuBuildTLSx509BackendProps
John Ferlan (4):
conf: Add new default TLS X.509 certificate default directory
conf: Introduce chartcp_tls_x509_cert_dir
qemu: Add support for TLS X.509 path to TCP chardev backend
qemu: Add the ability to hotplug the TLS X.509 environment
src/conf/domain_conf.h | 1 +
src/qemu/libvirtd_qemu.aug | 11 ++-
src/qemu/qemu.conf | 83 ++++++++++++----
src/qemu/qemu_command.c | 109 ++++++++++++++++++++-
src/qemu/qemu_command.h | 7 ++
src/qemu/qemu_conf.c | 59 +++++++++--
src/qemu/qemu_conf.h | 7 ++
src/qemu/qemu_hotplug.c | 30 +++++-
src/qemu/qemu_monitor_json.c | 9 ++
src/qemu/test_libvirtd_qemu.aug.in | 5 +
.../qemuxml2argv-serial-tcp-tlsx509-chardev.args | 33 +++++++
.../qemuxml2argv-serial-tcp-tlsx509-chardev.xml | 41 ++++++++
tests/qemuxml2argvtest.c | 6 ++
.../qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml | 50 ++++++++++
tests/qemuxml2xmltest.c | 1 +
15 files changed, 424 insertions(+), 28 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
--
2.5.5
8 years, 5 months
[libvirt] [PATCH 0/3] Tiny cleanups
by Martin Kletzander
John suggested I clean up some things, so here they are. 2 out of 3
are trivial, but the first patch would look really really ugly if I
wquashed them together (feel free to try).
Martin Kletzander (3):
qemu: Unify automatic coredump filenames
qemu: Follow coding style convention
qemu: Remove useless block in processWatchdogEvent
src/qemu/qemu_driver.c | 117 +++++++++++++++++++++++++------------------------
1 file changed, 60 insertions(+), 57 deletions(-)
--
2.9.0
8 years, 5 months
[libvirt] [PATCH] qemu: Shorten domain name for watchdog coredump
by Martin Kletzander
Similarly to commit d294f6b0dff7, if the name is long enough, the
filename can be longer than filesystem's limit.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1334237
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
src/qemu/qemu_driver.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index efb3f854fb10..80d1d209a80c 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3906,6 +3906,10 @@ static void processWatchdogEvent(virQEMUDriverPtr driver, virDomainObjPtr vm, in
{
int ret;
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+ char *domname = virDomainObjGetShortName(vm);
+
+ if (!domname)
+ goto cleanup;
switch (action) {
case VIR_DOMAIN_WATCHDOG_ACTION_DUMP:
@@ -3915,7 +3919,7 @@ static void processWatchdogEvent(virQEMUDriverPtr driver, virDomainObjPtr vm, in
if (virAsprintf(&dumpfile, "%s/%s-%u",
cfg->autoDumpPath,
- vm->def->name,
+ domname,
(unsigned int)time(NULL)) < 0)
goto cleanup;
@@ -3959,6 +3963,7 @@ static void processWatchdogEvent(virQEMUDriverPtr driver, virDomainObjPtr vm, in
qemuDomainObjEndAsyncJob(driver, vm);
cleanup:
+ VIR_FREE(domname);
virObjectUnref(cfg);
}
--
2.8.4
8 years, 5 months
