[libvirt] [PATCH] security: aa-helper: allow virt-aa-helper to read .vhd images
by Christian Ehrhardt
VHD images can be used as any other, so we should add them to the list
of types that virt-aa-helper can read when creating the per-guest rules
for backing files.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
index 78994bcda6..bf6bd297d1 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
/**.qcow{,2} r,
/**.qed r,
/**.vmdk r,
+ /**.vhd r,
/**.[iI][sS][oO] r,
/**/disk{,.*} r,
--
2.22.0
5 years, 6 months
[libvirt] [PATCH v3 0/2] add support for bochs-video device
by Jonathon Jongsma
Changes from v2:
- fix version number in documentation
- move bochs to its own case in virDomainVideoDefaultRAM()
- use pcieFlags instead of pciFlags in
qemuDomainDeviceCalculatePCIConnectFlags()
- use DO_TEST_CAPS_LATEST() in test
Jonathon Jongsma (2):
qemu: Add bochs-display capability
qemu: add 'bochs' video display type
docs/formatdomain.html.in | 5 ++-
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c | 4 ++
src/conf/domain_conf.h | 1 +
src/qemu/qemu_capabilities.c | 4 ++
src/qemu/qemu_capabilities.h | 3 ++
src/qemu/qemu_command.c | 6 +++
src/qemu/qemu_domain.c | 1 +
src/qemu/qemu_domain_address.c | 3 ++
.../qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 +
.../caps_3.0.0.x86_64.xml | 1 +
.../qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 1 +
.../caps_3.1.0.x86_64.xml | 1 +
.../caps_4.0.0.aarch64.xml | 1 +
.../qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1 +
.../caps_4.0.0.riscv32.xml | 1 +
.../caps_4.0.0.riscv64.xml | 1 +
.../caps_4.0.0.x86_64.xml | 1 +
.../caps_4.1.0.x86_64.xml | 1 +
...eo-bochs-display-device.x86_64-latest.args | 38 +++++++++++++++++++
.../video-bochs-display-device.xml | 29 ++++++++++++++
tests/qemuxml2argvtest.c | 1 +
22 files changed, 104 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxml2argvdata/video-bochs-display-device.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/video-bochs-display-device.xml
--
2.20.1
5 years, 6 months
[libvirt] [PATCH] qemu: Relax os.loader->type check when validating domain
by Michal Privoznik
When validating a domain among all the checks there are two that
concern VIR_DOMAIN_LOADER_TYPE_PFLASH specifically. The first
check ensures that on x86 ACPI is enabled when UEFI is requested,
the second ensures that UEFI is used when ACPI is requested on
aarch64. However, check for UEFI is done by plain comparison of
def->os.loader->type which is insufficient because we have
def->os.firmware too.
NB, this wouldn't be a problem for active domain, because on
startup process def->os.loader->type gets filled by
qemuFirmwareEnableFeatures(), but that's not the case for
inactive domains.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1729604
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_domain.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 0f1fda2384..ed33e31699 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4221,8 +4221,9 @@ qemuDomainDefValidate(const virDomainDef *def,
}
/* On x86, UEFI requires ACPI */
- if (def->os.loader &&
- def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_PFLASH &&
+ if ((def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_EFI ||
+ (def->os.loader &&
+ def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_PFLASH)) &&
ARCH_IS_X86(def->os.arch) &&
def->features[VIR_DOMAIN_FEATURE_ACPI] != VIR_TRISTATE_SWITCH_ON) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -4233,8 +4234,9 @@ qemuDomainDefValidate(const virDomainDef *def,
/* On aarch64, ACPI requires UEFI */
if (def->features[VIR_DOMAIN_FEATURE_ACPI] == VIR_TRISTATE_SWITCH_ON &&
def->os.arch == VIR_ARCH_AARCH64 &&
- (!def->os.loader ||
- def->os.loader->type != VIR_DOMAIN_LOADER_TYPE_PFLASH)) {
+ (def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_EFI &&
+ (!def->os.loader ||
+ def->os.loader->type != VIR_DOMAIN_LOADER_TYPE_PFLASH))) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("ACPI requires UEFI on this architecture"));
goto cleanup;
--
2.21.0
5 years, 6 months
[libvirt] [PATCH] maint: RNG comment fix
by Eric Blake
Typo'd at file creation in commit 0c97dc41.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
Pushing under the trivial rule
docs/schemas/basictypes.rng | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/schemas/basictypes.rng b/docs/schemas/basictypes.rng
index 9b3dcad4a5..70d2101b78 100644
--- a/docs/schemas/basictypes.rng
+++ b/docs/schemas/basictypes.rng
@@ -2,7 +2,7 @@
<!-- network-related definitions used in multiple grammars -->
<grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
- <!-- Our unsignedInt doesn"t allow a leading "+" in its lexical form -->
+ <!-- Our unsignedInt doesn't allow a leading "+" in its lexical form -->
<define name="unsignedInt">
<data type="unsignedInt">
<param name="pattern">[0-9]+</param>
--
2.20.1
5 years, 6 months
[libvirt] [PATCH] tests: skip systemd activation test if FDs 3/4/5 are open
by Daniel P. Berrangé
With systemd activation the passed in file descriptors are required to
be numbered from STDERR_FILENO + 1 onwards. The unit tests thus require
FDs 3, 4 and 5 to be available.
This may not be the case in all environments in which the tests run. For
example on RHEL7 it was seen that a library constructor (gcrypt probably)
opens /dev/urandom and leaves the file handle open. This means FD 3 is
not available and the activation tests fail.
The best way to deal with this would be to create a standalone helper
program for the tests, but that's much more work than just skipping the
tests if we notice we have the problem.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
Pushed as a CI build fix
tests/virsystemdtest.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/tests/virsystemdtest.c b/tests/virsystemdtest.c
index 586c512fca..cd031914ab 100644
--- a/tests/virsystemdtest.c
+++ b/tests/virsystemdtest.c
@@ -23,6 +23,7 @@
#if defined(WITH_DBUS) && defined(__linux__)
# include <dbus/dbus.h>
+# include <fcntl.h>
# define LIBVIRT_VIRSYSTEMDPRIV_H_ALLOW
# include "virsystemdpriv.h"
@@ -762,10 +763,17 @@ mymain(void)
if (virTestRun("Test activation empty", testActivationEmpty, NULL) < 0)
ret = -1;
- if (virTestRun("Test activation names", testActivationFDNames, NULL) < 0)
- ret = -1;
- if (virTestRun("Test activation addrs", testActivationFDAddrs, NULL) < 0)
- ret = -1;
+
+ if (fcntl(STDERR_FILENO + 1, F_GETFL) == -1 && errno == EBADF &&
+ fcntl(STDERR_FILENO + 2, F_GETFL) == -1 && errno == EBADF &&
+ fcntl(STDERR_FILENO + 3, F_GETFL) == -1 && errno == EBADF) {
+ if (virTestRun("Test activation names", testActivationFDNames, NULL) < 0)
+ ret = -1;
+ if (virTestRun("Test activation addrs", testActivationFDAddrs, NULL) < 0)
+ ret = -1;
+ } else {
+ VIR_INFO("Skipping activation tests as FD 3/4/5 is open");
+ }
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
--
2.21.0
5 years, 6 months
[libvirt] [PATCH] storage: rbd: do not attempt to dereference a non-pointer
by Ján Tomko
My commit 9b7c4048fa0559fd81d57b7f7d13b1dccd6a99b2 was too blind
and my librbd was not new enough to actually compile this part.
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
Pushed under the 'build breaker fix' rule whilst violating the
'do not push patches on a Friday afternoon' rule.
src/storage/storage_backend_rbd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
index 1cb447c55a..f3104ba310 100644
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -637,7 +637,7 @@ virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
nnames = nimages;
for (i = 0; i < nimages; i++)
- VIR_STEAL_PTR(names[i], images[i]->name);
+ VIR_STEAL_PTR(names[i], images[i].name);
return names;
--
2.20.1
5 years, 6 months
[libvirt] [PATCH 0/9] qemu: monitor: Pepare APIs for blockdev (blockdev-add saga)
by Peter Krempa
This contains set of monitor adjustments needed for supporting the block
job APIs with -blockdev.
Note that the last patch does not contain tests as there is a extensive
testsuite added with the actual formatter of the JSON properties which
are used with that API which will be posted later.
I can and probably will hold-off pushing this series together with the
rest once I iron out a few wrinkles.
Peter Krempa (9):
qemu: monitor: Add new fields for 'block-stream' command
qemu: monitor: Add new fields for 'block-commit' command
qemu: monitor: Add new fields for 'blockdev-mirror' command
qemu: monitor: Add support for 'job-dismiss' command
qemu: monitor: Add support for 'job-cancel' command
qemu: monitor: Add support for 'job-complete' command
qemu: monitor: Add infrastructure for 'query-jobs'
qemu: monitor: Implement support for 'JOB_STATUS_CHANGE' event
qemu: monitor: Add APIs for 'blockdev-create'
src/qemu/qemu_driver.c | 8 +-
src/qemu/qemu_migration.c | 2 +-
src/qemu/qemu_monitor.c | 150 ++++++++++-
src/qemu/qemu_monitor.h | 86 ++++++-
src/qemu/qemu_monitor_json.c | 243 +++++++++++++++++-
src/qemu/qemu_monitor_json.h | 33 ++-
.../query-jobs-create.json | 20 ++
.../query-jobs-create.result | 11 +
.../qemumonitorjsondata/query-jobs-empty.json | 1 +
.../query-jobs-empty.result | 0
tests/qemumonitorjsontest.c | 97 ++++++-
11 files changed, 625 insertions(+), 26 deletions(-)
create mode 100644 tests/qemumonitorjsondata/query-jobs-create.json
create mode 100644 tests/qemumonitorjsondata/query-jobs-create.result
create mode 100644 tests/qemumonitorjsondata/query-jobs-empty.json
create mode 100644 tests/qemumonitorjsondata/query-jobs-empty.result
--
2.21.0
5 years, 6 months
[libvirt] [PATCH v2 0/3] Add support for bochs video device
by Jonathon Jongsma
Patch series v2, mostly containing changes suggested by Peter Krempa:
- renamed libvirt device name from 'bochs-display' to 'bochs'
- split capabilities change from schema/conf change
- refactored logic in qemuBuildDeviceVideoStr() in a separate patch
- returned pcieFlags instead of pciFlags in qemuDomainDeviceCalculatePCIConnectFlags
Jonathon Jongsma (3):
qemu: Add bochs-display capability
qemu: minor refactor of video device string handling
conf: add 'bochs' video display type
docs/formatdomain.html.in | 5 +--
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c | 2 ++
src/conf/domain_conf.h | 1 +
src/qemu/qemu_capabilities.c | 4 +++
src/qemu/qemu_capabilities.h | 3 ++
src/qemu/qemu_command.c | 19 +++++++----
src/qemu/qemu_domain.c | 1 +
src/qemu/qemu_domain_address.c | 3 ++
.../qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 1 +
.../caps_3.0.0.x86_64.xml | 1 +
.../qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 1 +
.../caps_3.1.0.x86_64.xml | 1 +
.../caps_4.0.0.aarch64.xml | 1 +
.../qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1 +
.../caps_4.0.0.riscv32.xml | 1 +
.../caps_4.0.0.riscv64.xml | 1 +
.../caps_4.0.0.x86_64.xml | 1 +
.../caps_4.1.0.x86_64.xml | 1 +
.../video-bochs-display-device.args | 32 +++++++++++++++++++
.../video-bochs-display-device.xml | 29 +++++++++++++++++
tests/qemuxml2argvtest.c | 3 ++
22 files changed, 104 insertions(+), 9 deletions(-)
create mode 100644 tests/qemuxml2argvdata/video-bochs-display-device.args
create mode 100644 tests/qemuxml2argvdata/video-bochs-display-device.xml
--
2.20.1
5 years, 6 months
[libvirt] [PATCH 0/4] Blind rbd driver fixes
by Ján Tomko
Sadly I haven't had the time to get a working RBD setup but
I believe these patches should fix some recently introduced bugs
https://bugzilla.redhat.com/show_bug.cgi?id=1724065
https://bugzilla.redhat.com/show_bug.cgi?id=1729292
If you can test them, please do.
Ján Tomko (4):
storage: rbd: use VIR_REALLOC in the loop
storage: rbd: actually index the array when iterating over it
Revert "conf: Remove volOptions for VIR_STORAGE_POOL_RBD"
docs: RBD pool only supports raw volumes
docs/storage.html.in | 2 +-
src/conf/storage_conf.c | 5 +++++
src/storage/storage_backend_rbd.c | 4 ++--
tests/storagepoolcapsschemadata/poolcaps-fs.xml | 5 +++++
tests/storagepoolcapsschemadata/poolcaps-full.xml | 5 +++++
5 files changed, 18 insertions(+), 3 deletions(-)
--
2.20.1
5 years, 6 months