September 2018 - Devel - Libvirt List Archives

[libvirt] [PATCH v4 00/23] Introduce metadata locking

by Michal Privoznik

Technically, this is v4 of: https://www.redhat.com/archives/libvir-list/2018-August/msg01627.html However, this is implementing different approach than any of the previous versions. One of the problems with previous version was that it was too complicated. The main reason for that was that we could not close the connection whilst there was a file locked. So we had to invent a mechanism that would prevent that (on the client side). These patches implement different approach. They rely on secdriver's transactions which bring all the paths we want to label into one place so that they can be relabelled within different namespace. I'm extending this idea so that transactions run all the time (regardless of domain namespacing) and only at the very last moment is decided which namespace would the relabeling run in. Metadata locking is then as easy as putting lock/unlock calls around one function. You can find the patches at my github too: https://github.com/zippy2/libvirt/tree/disk_metadata_lock_v4_alt Michal Prívozník (23): qemu_security: Fully implement qemuSecurityDomainSetPathLabel qemu_security: Fully implement qemuSecurity{Set,Restore}SavedStateLabel qemu_security: Require full wrappers for APIs that might touch a file virSecurityManagerTransactionCommit: Accept pid == -1 qemu_security: Run transactions more frequently virlockspace: Allow caller to specify start and length offset in virLockSpaceAcquireResource lock_driver_lockd: Introduce VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA flag lock_driver: Introduce new VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON _virLockManagerLockDaemonPrivate: Move @hasRWDisks into dom union lock_driver: Introduce VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA lock_driver: Introduce VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK lock_daemon_dispatch: Check for ownerPid rather than ownerId lock_manager: Allow disabling configFile for virLockManagerPluginNew qemu_conf: Introduce metadata_lock_manager security_manager: Load lock plugin on init security_manager: Introduce metadata locking APIs security_dac: Move transaction handling up one level security_dac: Fix info messages when chown()-ing security_dac: Lock metadata when running transaction virSecuritySELinuxRestoreFileLabel: Rename 'err' label virSecuritySELinuxRestoreFileLabel: Adjust code pattern security_selinux: Move transaction handling up one level security_dac: Lock metadata when running transaction cfg.mk | 4 +- src/locking/lock_daemon_dispatch.c | 25 ++- src/locking/lock_driver.h | 12 ++ src/locking/lock_driver_lockd.c | 417 +++++++++++++++++++++++++------------ src/locking/lock_driver_lockd.h | 1 + src/locking/lock_driver_sanlock.c | 44 ++-- src/locking/lock_manager.c | 10 +- src/lxc/lxc_controller.c | 3 +- src/lxc/lxc_driver.c | 2 +- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 8 + src/qemu/qemu_conf.c | 13 ++ src/qemu/qemu_conf.h | 1 + src/qemu/qemu_domain.c | 3 +- src/qemu/qemu_driver.c | 10 +- src/qemu/qemu_process.c | 15 +- src/qemu/qemu_security.c | 272 +++++++++++++++++------- src/qemu/qemu_security.h | 18 +- src/qemu/test_libvirtd_qemu.aug.in | 1 + src/security/security_dac.c | 134 ++++++++---- src/security/security_manager.c | 171 ++++++++++++++- src/security/security_manager.h | 9 + src/security/security_selinux.c | 118 ++++++++--- src/util/virlockspace.c | 15 +- src/util/virlockspace.h | 4 + tests/seclabeltest.c | 2 +- tests/securityselinuxlabeltest.c | 2 +- tests/securityselinuxtest.c | 2 +- tests/testutilsqemu.c | 2 +- tests/virlockspacetest.c | 29 ++- 30 files changed, 1006 insertions(+), 342 deletions(-) -- 2.16.4

6 years, 6 months

4
70
0 / 0

[libvirt] [PATCH v3 0/3] fix build failure in vircgroup code

by Pavel Hrdina

Chagnes in v3: - removed VIR_CGROUP_SUPPORTED - include system headers only on linux Pavel Hrdina (3): vircgroup: remove VIR_CGROUP_SUPPORTED vircgroup: include system headers only on linux vircgroupv1: fix build on non-linux OSes src/util/vircgroup.c | 38 ++++++++++++++++---------------------- src/util/vircgroupv1.c | 20 +++++++++++++++----- 2 files changed, 31 insertions(+), 27 deletions(-) -- 2.17.1

6 years, 6 months

2
4
0 / 0

[libvirt] [tck PATCH] Fix typo in StrictHostKeyChecking setting

by Laine Stump

This was inadvertantly changed from "no" to "off" in commit 685bf11b. Signed-off-by: Laine Stump <laine(a)laine.org> --- ... and noticed soon after, but apparently nobody took the time to push a fix. Pushed under the trivial rule. scripts/nwfilter/210-no-mac-spoofing.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/nwfilter/210-no-mac-spoofing.t b/scripts/nwfilter/210-no-mac-spoofing.t index 87c19e7..78c500c 100644 --- a/scripts/nwfilter/210-no-mac-spoofing.t +++ b/scripts/nwfilter/210-no-mac-spoofing.t @@ -97,7 +97,7 @@ my $ssh = Net::OpenSSH->new($guestip, user => "root", password => $tck->root_password(), master_opts => [-o => "UserKnownHostsFile=/dev/null", - -o => "StrictHostKeyChecking=off"]); + -o => "StrictHostKeyChecking=no"]); # now bring eth0 down, change MAC and bring it up again diag "fiddling with mac"; -- 2.17.1

6 years, 6 months

1
0
0 / 0

[libvirt] [PATCH] tests: libxl: skip tests with nested_hvm

by Ján Tomko

Commit 95d19cd unconditionally adjusted the tests to account for the conditional move of the nested_hvm setting location. Run the affected tests only for the new setup (witnessed by LIBXL_HAVE_BUILDINFO_NESTED_HVM). Signed-off-by: Ján Tomko <jtomko(a)redhat.com> --- Technically a build breaker fix, but I'd love to hear any ideas that would easily let us test both versions. Also, my app-emulation/xen-tools-4.9.2-r1 on Gentoo does not seem to have LIBXL_HAVE_BUILDINFO_NESTED_HVM in libxl.h, even though it was introduced in 4.9.0-rc7-831-g3c44f8ed44 tests/libxlxml2domconfigtest.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/libxlxml2domconfigtest.c b/tests/libxlxml2domconfigtest.c index 0eba5814b1..6b1f9826d0 100644 --- a/tests/libxlxml2domconfigtest.c +++ b/tests/libxlxml2domconfigtest.c @@ -207,9 +207,16 @@ mymain(void) DO_TEST("cpu-shares-hvm"); DO_TEST("variable-clock-hvm"); DO_TEST("moredevs-hvm"); + +# ifdef LIBXL_HAVE_BUILDINFO_NESTED_HVM DO_TEST("vnuma-hvm"); +# endif + DO_TEST("multiple-ip"); + +# ifdef LIBXL_HAVE_BUILDINFO_NESTED_HVM DO_TEST("fullvirt-cpuid"); +# endif unlink("libxl-driver.log"); -- 2.16.4

6 years, 6 months

3
3
0 / 0

[libvirt] [PATCH v2] vircgroupv1: add ifdef around cgroup code

by Pavel Hrdina

Cgroups are supported only on linux. Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- changed in v2: - define moved to vircgrouppriv.h - fixed alternative virCgroupV1Register function src/util/vircgroup.c | 5 ----- src/util/vircgrouppriv.h | 8 ++++++++ src/util/vircgroupv1.c | 13 +++++++++++++ 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index 23957c82c7..aae699db0e 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -66,11 +66,6 @@ VIR_LOG_INIT("util.cgroup"); #define CGROUP_NB_TOTAL_CPU_STAT_PARAM 3 #define CGROUP_NB_PER_CPU_STAT_PARAM 1 -#if defined(__linux__) && defined(HAVE_GETMNTENT_R) && \ - defined(_DIRENT_HAVE_D_TYPE) && defined(_SC_CLK_TCK) -# define VIR_CGROUP_SUPPORTED -#endif - VIR_ENUM_IMPL(virCgroupController, VIR_CGROUP_CONTROLLER_LAST, "cpu", "cpuacct", "cpuset", "memory", "devices", "freezer", "blkio", "net_cls", "perf_event", diff --git a/src/util/vircgrouppriv.h b/src/util/vircgrouppriv.h index c50a25f195..5a19f965c2 100644 --- a/src/util/vircgrouppriv.h +++ b/src/util/vircgrouppriv.h @@ -29,9 +29,17 @@ #ifndef __VIR_CGROUP_PRIV_H__ # define __VIR_CGROUP_PRIV_H__ +# include <dirent.h> +# include <unistd.h> + # include "vircgroup.h" # include "vircgroupbackend.h" +# if defined(__linux__) && defined(HAVE_GETMNTENT_R) && \ + defined(_DIRENT_HAVE_D_TYPE) && defined(_SC_CLK_TCK) +# define VIR_CGROUP_SUPPORTED +# endif + struct _virCgroupV1Controller { int type; char *mountPoint; diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c index 62a6e5c448..a00dd06148 100644 --- a/src/util/vircgroupv1.c +++ b/src/util/vircgroupv1.c @@ -55,6 +55,8 @@ VIR_ENUM_IMPL(virCgroupV1Controller, VIR_CGROUP_CONTROLLER_LAST, "name=systemd"); +#ifdef VIR_CGROUP_SUPPORTED + /* We're looking for at least one 'cgroup' fs mount, * which is *not* a named mount. */ static bool @@ -2099,3 +2101,14 @@ virCgroupV1Register(void) { virCgroupBackendRegister(&virCgroupV1Backend); } + +#else /* !VIR_CGROUP_SUPPORTED */ + +void +virCgroupV1Register(void) +{ + virReportSystemError(ENOSYS, "%s", + _("Control groups not supported on this platform")); +} + +#endif /* !VIR_CGROUP_SUPPORTED */ -- 2.17.1

6 years, 6 months

2
1
0 / 0

[libvirt] [PATCH v3] qemu: Remove network type limitation for qemuARPGetInterfaces

by Lin Ma

Let's ignore the checking of interface type when we call the function qemuARPGetInterfaces to get IP from host's arp table. Based on suggestion from Laine. https://www.redhat.com/archives/libvir-list/2018-September/msg00684.html Signed-off-by: Lin Ma <lma(a)suse.com> --- src/qemu/qemu_driver.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 10d6bca186..3110e74e0e 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -20945,9 +20945,6 @@ qemuARPGetInterfaces(virDomainObjPtr vm, goto cleanup; for (i = 0; i < vm->def->nnets; i++) { - if (vm->def->nets[i]->type != VIR_DOMAIN_NET_TYPE_NETWORK) - continue; - virMacAddrFormat(&(vm->def->nets[i]->mac), macaddr); for (j = 0; j < table->n; j++) { virArpTableEntry entry = table->t[j]; -- 2.19.0

6 years, 6 months

3
2
0 / 0

[libvirt] [PATCH] virsh: Require explicit --domain for domxml-to-native

by Jiri Denemark

The domxml-to-native virsh command accepts either --xml or --domain option followed by a file or domain name respectively. The --domain option is documented as required, which means an argument with no option is treated as --xml. Commit v4.3.0-127-gd86531daf2 broke this by making --domain optional and thus an argument with no option was treated as --domain. Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- tools/virsh-domain.c | 6 +++--- tools/virsh.h | 8 +++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index cfb0095333..372bdb95d3 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -9509,7 +9509,7 @@ static const vshCmdInfo info_qemu_monitor_event[] = { static const vshCmdOptDef opts_qemu_monitor_event[] = { VIRSH_COMMON_OPT_DOMAIN_OT_STRING(N_("filter by domain name, id or uuid"), - 0), + 0, 0), {.name = "event", .type = VSH_OT_STRING, .help = N_("filter by event name") @@ -10062,7 +10062,7 @@ static const vshCmdOptDef opts_domxmltonative[] = { .flags = VSH_OFLAG_REQ, .help = N_("target config data type format") }, - VIRSH_COMMON_OPT_DOMAIN_OT_STRING_FULL(0), + VIRSH_COMMON_OPT_DOMAIN_OT_STRING_FULL(VSH_OFLAG_REQ_OPT, 0), {.name = "xml", .type = VSH_OT_STRING, .help = N_("xml data file to export from") @@ -13312,7 +13312,7 @@ static const vshCmdInfo info_event[] = { static const vshCmdOptDef opts_event[] = { VIRSH_COMMON_OPT_DOMAIN_OT_STRING(N_("filter by domain name, id or uuid"), - 0), + 0, 0), {.name = "event", .type = VSH_OT_STRING, .completer = virshDomainEventNameCompleter, diff --git a/tools/virsh.h b/tools/virsh.h index af0d6ce686..6ff5c74b5e 100644 --- a/tools/virsh.h +++ b/tools/virsh.h @@ -107,16 +107,18 @@ .help = _helpstr \ } -# define VIRSH_COMMON_OPT_DOMAIN_OT_STRING(_helpstr, cflags) \ +# define VIRSH_COMMON_OPT_DOMAIN_OT_STRING(_helpstr, oflags, cflags) \ {.name = "domain", \ .type = VSH_OT_STRING, \ + .flags = oflags, \ .help = _helpstr, \ .completer = virshDomainNameCompleter, \ .completer_flags = cflags, \ } -# define VIRSH_COMMON_OPT_DOMAIN_OT_STRING_FULL(cflags) \ - VIRSH_COMMON_OPT_DOMAIN_OT_STRING(N_("domain name, id or uuid"), cflags) +# define VIRSH_COMMON_OPT_DOMAIN_OT_STRING_FULL(oflags, cflags) \ + VIRSH_COMMON_OPT_DOMAIN_OT_STRING(N_("domain name, id or uuid"), \ + oflags, cflags) # define VIRSH_COMMON_OPT_DOMAIN_OT_ARGV(_helpstr, cflags) \ {.name = "domain", \ -- 2.19.0

6 years, 6 months

2
2
0 / 0

[libvirt] Plans for next release

by Daniel Veillard

that's next week ! If we want to release around Oct 1st, I would suggest to enter freeze this Wed, probably in the morning europe time, then plan for an RC2 friday morning and if everything goes well, have the final release next monday. I hope that works for everybody ! Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

6 years, 6 months

5
7
0 / 0

[libvirt] [PATCH 0/7] configure: remove some unused checks

by Ján Tomko

Ján Tomko (7): configure: split common header and function checks configure: sort AC_CHECK_HEADERS argument list configure: remove duplicit check for sys/un.h configure: remove check for regex.h configure: remove check for poll.h configure: do not check for kill configure: remove regexec and getgrnam_r checks configure.ac | 50 +++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 41 insertions(+), 9 deletions(-) -- 2.16.4

6 years, 6 months

2
14
0 / 0

[libvirt] [PATCH 0/4] Small changes to virdbus

by Marc Hartmayer

Marc Hartmayer (4): virdbus: Grab a ref as long as the while loop is executed virdbus: Unref the D-Bus connection when closing virdbus: Report a debug message that dbus_watch_handle() has failed virdbus: Use the mnemonic macros for dbus_bool_t values src/util/virdbus.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) -- 2.17.0

6 years, 6 months

2
6
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel September 2018