August 2019 - Devel - libvirt List Archives

[libvirt] [PATCH] virpci: Rename virPCIDevice{Bind, Unbind}FromStubWithOverride
by Michal Privoznik 23 Aug '19

23 Aug '19

After my previous patches we have virPCIDeviceBindToStub() and virPCIDeviceUnbindFromStub() which really do nothing but call virPCIDeviceBindToStubWithOverride() and virPCIDeviceUnbindFromStubWithOverride() respectively. Drop "WithOverride" from the names and drop the thin wrappers. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- Pushed under trivial rule. src/util/virpci.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/src/util/virpci.c b/src/util/virpci.c index 6724a8ad9e..ee78151e74 100644 --- a/src/util/virpci.c +++ b/src/util/virpci.c @@ -1136,7 +1136,7 @@ virPCIDeviceBindWithDriverOverride(virPCIDevicePtr dev, } static int -virPCIDeviceUnbindFromStubWithOverride(virPCIDevicePtr dev) +virPCIDeviceUnbindFromStub(virPCIDevicePtr dev) { if (!dev->unbind_from_stub) { VIR_DEBUG("Unbind from stub skipped for PCI device %s", dev->name); @@ -1147,13 +1147,7 @@ virPCIDeviceUnbindFromStubWithOverride(virPCIDevicePtr dev) } static int -virPCIDeviceUnbindFromStub(virPCIDevicePtr dev) -{ - return virPCIDeviceUnbindFromStubWithOverride(dev); -} - -static int -virPCIDeviceBindToStubWithOverride(virPCIDevicePtr dev) +virPCIDeviceBindToStub(virPCIDevicePtr dev) { const char *stubDriverName; VIR_AUTOFREE(char *) stubDriverPath = NULL; @@ -1192,12 +1186,6 @@ virPCIDeviceBindToStubWithOverride(virPCIDevicePtr dev) return 0; } -static int -virPCIDeviceBindToStub(virPCIDevicePtr dev) -{ - return virPCIDeviceBindToStubWithOverride(dev); -} - /* virPCIDeviceDetach: * * Detach this device from the host driver, attach it to the stub -- 2.21.0

1 0

[libvirt] [PATCH 00/12] Drop KVM assignment
by Michal Privoznik 23 Aug '19

23 Aug '19

The KVM style of PCI assignment is not used, and it hasn't been for a while. Any attempt to start a domain with it would result in error as kernel dropped its support in 4.12.0 (after being deprecated for 1.5 years). Michal Prívozník (12): qemu: Drop KVM assignment tests: Remove 'kvm' PCI backend from domaincapstest virhostdev: Unify virDomainHostdevDef to virPCIDevice translation qemu: Drop unused qemuOpenPCIConfig() virhostdev: Disable legacy kvm assignment virpci: Drop 'pci-stub' driver virpci: Remove unused virPCIDeviceWaitForCleanup virpci: Drop newid style of PCI device detach virpcimock: Don't create "pci-stub" driver virpcimock: Don't create new_id or remove_id files virpcimock: Drop @driverActions enum news: Document KVM assignment removal docs/news.xml | 13 + src/libvirt_private.syms | 1 - src/qemu/qemu_capabilities.c | 6 - src/qemu/qemu_command.c | 48 +-- src/qemu/qemu_command.h | 3 - src/qemu/qemu_driver.c | 14 +- src/qemu/qemu_hostdev.c | 44 +- src/qemu/qemu_hostdev.h | 1 - src/qemu/qemu_hotplug.c | 20 +- src/util/virhostdev.c | 97 +++-- src/util/virpci.c | 403 +----------------- src/util/virpci.h | 2 - .../qemu_1.7.0.x86_64.xml | 1 - .../qemu_2.12.0-virt.aarch64.xml | 1 - .../qemu_2.12.0.ppc64.xml | 1 - .../qemu_2.12.0.s390x.xml | 1 - .../qemu_2.12.0.x86_64.xml | 1 - .../qemu_2.6.0-virt.aarch64.xml | 1 - .../qemu_2.6.0.aarch64.xml | 1 - .../domaincapsschemadata/qemu_2.6.0.ppc64.xml | 1 - .../qemu_2.6.0.x86_64.xml | 1 - .../domaincapsschemadata/qemu_2.7.0.s390x.xml | 1 - .../qemu_2.8.0-tcg.x86_64.xml | 1 - .../domaincapsschemadata/qemu_2.8.0.s390x.xml | 1 - .../qemu_2.8.0.x86_64.xml | 1 - .../qemu_2.9.0-q35.x86_64.xml | 1 - .../qemu_2.9.0-tcg.x86_64.xml | 1 - .../qemu_2.9.0.x86_64.xml | 1 - .../domaincapsschemadata/qemu_3.0.0.s390x.xml | 1 - .../qemu_3.1.0.x86_64.xml | 1 - .../domaincapsschemadata/qemu_4.0.0.s390x.xml | 1 - .../qemu_4.0.0.x86_64.xml | 1 - .../qemu_4.1.0.x86_64.xml | 1 - tests/domaincapstest.c | 4 +- tests/virpcimock.c | 137 +----- 35 files changed, 92 insertions(+), 722 deletions(-) -- 2.21.0

3 41

[libvirt] [PATCH] mdev: point user to mdevctl for missing devices
by Jonathon Jongsma 22 Aug '19

22 Aug '19

When a host is rebooted, any mediated devices that were previously configured will disappear. There have been requests for libvirt to handle persisting these mediated devices across reboots, but the decision was made that this should be handled at a lower level. mdevctl is a new tool that handles registration and persistence of mediated devices. If desired, mdevctl can automatically start these mediated devices when the parent device becomes available. Since mdevctl is the recommended solution for handling persistent mediated devices, point users there when they encounter an error for a missing mediated device. Signed-off-by: Jonathon Jongsma <jjongsma(a)redhat.com> --- NOTE: - previous patch which attempted to start missing devices using mdevctl has been withdrawn. src/util/virmdev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/util/virmdev.c b/src/util/virmdev.c index 3d5488cdae..df02fc8d28 100644 --- a/src/util/virmdev.c +++ b/src/util/virmdev.c @@ -149,7 +149,9 @@ virMediatedDeviceNew(const char *uuidstr, virMediatedDeviceModelType model) if (!virFileExists(sysfspath)) { virReportError(VIR_ERR_DEVICE_MISSING, - _("mediated device '%s' not found"), uuidstr); + _("mediated device '%s' not found. " + "Persistent devices can be managed with 'mdevctl'."), + uuidstr); return NULL; } -- 2.21.0

2 2

[libvirt] [PATCH v2 0/2] security: Deal with stale XATTRs
by Michal Privoznik 22 Aug '19

22 Aug '19

v2 of: https://www.redhat.com/archives/libvir-list/2019-August/msg00520.html diff to v1: - use virOnce to obtain host boot time - switched to configure time check of getutxid - dropped host's UUID from timestamp Michal Prívozník (2): util: Introduce virhostuptime security_util: Remove stale XATTRs configure.ac | 1 + src/libvirt_private.syms | 4 + src/security/security_util.c | 196 +++++++++++++++++++++++++++++++- src/util/Makefile.inc.am | 2 + src/util/virhostuptime.c | 81 +++++++++++++ src/util/virhostuptime.h | 27 +++++ tests/qemusecuritymock.c | 12 ++ tools/libvirt_recover_xattrs.sh | 2 +- 8 files changed, 323 insertions(+), 2 deletions(-) create mode 100644 src/util/virhostuptime.c create mode 100644 src/util/virhostuptime.h -- 2.21.0

2 6

[libvirt] [PATCH] security: Don't increase XATTRs refcounter on failure
by Michal Privoznik 22 Aug '19

22 Aug '19

If user has two domains, each have the same disk (configured for RW) but each runs with different seclabel then we deny start of the second domain because in order to do that we would need to relabel the disk but that would cut the first domain off. Even if we did not do that, qemu would fail to start because it would be unable to lock the disk image for the second time. So far, this behaviour is expected. But what is not expected is that we increase the refcounter in XATTRs and leave it like that. What happens is that when the second domain starts, virSecuritySetRememberedLabel() is called, and since there are XATTRs from the first domain it increments the refcounter and returns it (refcounter == 2 at this point). Then callers (virSecurityDACSetOwnership() and virSecuritySELinuxSetFileconHelper()) realize that refcounter is greater than 1 and desired seclabel doesn't match the one the disk image already has and an error is produced. But the refcounter is never decremented. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740024 Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/security/security_dac.c | 19 ++++++++++++++----- src/security/security_selinux.c | 17 +++++++++++------ 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 137daf5d28..b0070f7390 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -754,6 +754,8 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, struct stat sb; int refcount; int rc; + bool rollback = false; + int ret = -1; if (!path && src && src->path && virStorageSourceIsLocalStorage(src)) @@ -780,16 +782,18 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, } else if (refcount < 0) { return -1; } else if (refcount > 1) { + rollback = true; /* Refcount is greater than 1 which means that there * is @refcount domains using the @path. Do not * change the label (as it would almost certainly * cause the other domains to lose access to the - * @path). */ + * @path). However, the refcounter was incremented in + * XATTRs so decrease it. */ if (sb.st_uid != uid || sb.st_gid != gid) { virReportError(VIR_ERR_OPERATION_INVALID, _("Setting different DAC user or group on %s " "which is already in use"), path); - return -1; + goto cleanup; } } } @@ -797,7 +801,13 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'", NULLSTR(src ? src->path : path), (long)uid, (long)gid); - if (virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid) < 0) { + if (virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (ret < 0 && rollback) { virErrorPtr origerr; virErrorPreserveLast(&origerr); @@ -812,10 +822,9 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, NULLSTR(src ? src->path : path)); virErrorRestore(&origerr); - return -1; } - return 0; + return ret; } diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index ea20373a90..0c6ace75fa 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1334,6 +1334,7 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr, security_context_t econ = NULL; int refcount; int rc; + bool rollback = false; int ret = -1; if ((rc = virSecuritySELinuxTransactionAppend(path, tcon, @@ -1358,11 +1359,13 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr, } else if (refcount < 0) { goto cleanup; } else if (refcount > 1) { + rollback = true; /* Refcount is greater than 1 which means that there * is @refcount domains using the @path. Do not * change the label (as it would almost certainly * cause the other domains to lose access to the - * @path). */ + * @path). However, the refcounter was + * incremented in XATTRs so decrease it. */ if (STRNEQ(econ, tcon)) { virReportError(VIR_ERR_OPERATION_INVALID, _("Setting different SELinux label on %s " @@ -1373,7 +1376,12 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr, } } - if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged) < 0) { + if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged) < 0) + goto cleanup; + + ret = 0; + cleanup: + if (ret < 0 && rollback) { virErrorPtr origerr; virErrorPreserveLast(&origerr); @@ -1388,11 +1396,8 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr, path); virErrorRestore(&origerr); - goto cleanup; - } - ret = 0; - cleanup: + } freecon(econ); return ret; } -- 2.21.0

2 1

[libvirt] [PATCH v10 00/10] incremental backup
by Eric Blake 22 Aug '19

22 Aug '19

This is not the final version of incremental backup - before we can accept this series, it needs a lot of polish to pick up cleanups made possible by Peter's blockdev work, and we need to settle on our Job API addition (so that the return value of BackupBegin and the parameter to BackupGetXMLDesc and BackupEnd use the same representation, whether that be UUID or something else). I also know that Peter left quite a few comments against v9, many of which I have not actually attempted to address yet. But it rebases things on top of the checkpoint work that landed in the 5.6 release, and is still able to perform the pull-mode incremental backups that I demonstrated at KVM Forum 2018. There's still probably crashes in portions of the code that are not exercised by my demo, and I know that we really want to use qemu's blockdev image creation instead of calling out to qemu-img create for preparing the qcow2 scratch image in pull mode. The main point of this posting is to allow further testing before the actual feature lands in an upstream libvirt release. I've pushed a tag backup-v10 to both my libvirt.git and libvirt-python.git repos to match: https://repo.or.cz/libvirt/ericb.git/shortlog/refs/tags/backup-v10 https://repo.or.cz/libvirt-python/ericb.git/shortlog/refs/tags/backup-v10 001/10:[0033] [FC] 'backup: qemu: Implement VIR_DOMAIN_CHECKPOINT_XML_SIZE flag' 002/10:[0002] [FC] 'backup: Document new XML for backups' 003/10:[0010] [FC] 'backup: Introduce virDomainBackup APIs' 004/10:[0031] [FC] 'backup: Implement backup APIs for remote driver' 005/10:[----] [--] 'backup: Parse and output backup XML' 006/10:[----] [--] 'backup: Implement virsh support for backup' 007/10:[0025] [FC] 'backup: qemu: Implement framework for backup job APIs' 008/10:[0002] [FC] 'backup: Wire up qemu full pull backup commands over QMP' 009/10:[----] [--] 'backup: qemu: Wire up qemu full push backup commands over QMP' 010/10:[0017] [FC] 'backup: Implement qemu incremental pull backup' Eric Blake (10): backup: qemu: Implement VIR_DOMAIN_CHECKPOINT_XML_SIZE flag backup: Document new XML for backups backup: Introduce virDomainBackup APIs backup: Implement backup APIs for remote driver backup: Parse and output backup XML backup: Implement virsh support for backup backup: qemu: Implement framework for backup job APIs backup: Wire up qemu full pull backup commands over QMP backup: qemu: Wire up qemu full push backup commands over QMP backup: Implement qemu incremental pull backup include/libvirt/libvirt-domain.h | 41 +- src/conf/backup_conf.h | 94 +++ src/conf/virconftypes.h | 3 + src/driver-hypervisor.h | 14 + src/qemu/qemu_blockjob.h | 1 + src/qemu/qemu_domain.h | 4 + src/qemu/qemu_monitor.h | 4 + src/qemu/qemu_monitor_json.h | 4 + docs/docs.html.in | 3 +- docs/format.html.in | 1 + docs/formatbackup.html.in | 184 +++++ docs/formatcheckpoint.html.in | 12 +- docs/index.html.in | 3 +- docs/schemas/domainbackup.rng | 219 ++++++ examples/c/misc/event-test.c | 3 + libvirt.spec.in | 1 + mingw-libvirt.spec.in | 2 + src/conf/Makefile.inc.am | 2 + src/conf/backup_conf.c | 546 +++++++++++++++ src/conf/domain_conf.c | 2 +- src/libvirt-domain-checkpoint.c | 7 +- src/libvirt-domain.c | 219 ++++++ src/libvirt_private.syms | 8 +- src/libvirt_public.syms | 7 + src/qemu/qemu_blockjob.c | 3 + src/qemu/qemu_domain.c | 35 +- src/qemu/qemu_driver.c | 684 ++++++++++++++++++- src/qemu/qemu_monitor.c | 11 + src/qemu/qemu_monitor_json.c | 84 +++ src/qemu/qemu_process.c | 8 + src/remote/remote_driver.c | 3 + src/remote/remote_protocol.x | 54 +- src/remote_protocol-structs | 28 + tests/Makefile.am | 2 + tests/domainbackupxml2xmlin/backup-pull.xml | 9 + tests/domainbackupxml2xmlin/backup-push.xml | 9 + tests/domainbackupxml2xmlin/empty.xml | 1 + tests/domainbackupxml2xmlout/backup-pull.xml | 9 + tests/domainbackupxml2xmlout/backup-push.xml | 9 + tests/domainbackupxml2xmlout/empty.xml | 7 + tests/virschematest.c | 2 + tools/virsh-domain.c | 253 ++++++- tools/virsh.pod | 49 ++ 43 files changed, 2623 insertions(+), 21 deletions(-) create mode 100644 src/conf/backup_conf.h create mode 100644 docs/formatbackup.html.in create mode 100644 docs/schemas/domainbackup.rng create mode 100644 src/conf/backup_conf.c create mode 100644 tests/domainbackupxml2xmlin/backup-pull.xml create mode 100644 tests/domainbackupxml2xmlin/backup-push.xml create mode 100644 tests/domainbackupxml2xmlin/empty.xml create mode 100644 tests/domainbackupxml2xmlout/backup-pull.xml create mode 100644 tests/domainbackupxml2xmlout/backup-push.xml create mode 100644 tests/domainbackupxml2xmlout/empty.xml -- 2.21.0

1 10

[libvirt] [PATCH 00/11] Fix 10 tests on macOS
by Roman Bolshakov 21 Aug '19

21 Aug '19

Hi! This patch series attempts to reduce the number of failing tests on macOS. The fixes involve some funk with macOS dynamic and static linkers, dyld and ld64, respectively. As result, instead of 15 failing tests we get only 5. The tests have been fixed: qemublocktest qemumonitorjsontest viriscsitest virmacmaptest virnetserverclienttest vircryptotest qemufirmwaretest domaincapstest commandtest sockettest The tests are still failing: qemumemlocktest storagepoolxml2argvtest qemuxml2xmltest qemusecuritytest qemuxml2argvtest qemucapsprobe doesn't yet works but I started working on the fix. The failing tests depend on virpcimock that is guarded by ifdefs so no functions are injected and the mock is no-op on macOS. How can we fix the tests that rely on the mock? Should we select only specific tests to run on macOS or we should make virpci mock cross-platform? Skipping them entirely is not an option IMO as I think qemu driver can be used on macOS with qemu/hvf/haxm domains and the tests are helpful for the domains. And as soon as we get working tests and qemucapsprobe I'd want to resend hvf patchset. Best regards, Roman Roman Bolshakov (11): tests: Don't test octal localhost IP in sockettest on macOS tests: Avoid IPv4-translated IPv6 address in sockettest tests: Preload mocks with DYLD_INSERT_LIBRARIES on macOS tests: Add lib- prefix to all mocks tests: Remove -module flag for mocks tests: Drop /private CWD prefix in commandhelper build: Use flat namespace for libvirt on macOS tests: Lookup extended stat/lstat in mocks tests: Use flat namespace on macOS tests: Avoid gnulib replacements in mocks tests: Make references to global symbols indirect in test drivers configure.ac | 1 + src/Makefile.am | 9 +- tests/Makefile.am | 199 +++++++++++++++++---------------- tests/bhyveargv2xmltest.c | 2 +- tests/bhyvexml2argvtest.c | 2 +- tests/bhyvexml2xmltest.c | 2 +- tests/commandhelper.c | 9 ++ tests/domaincapstest.c | 6 +- tests/fchosttest.c | 2 +- tests/libxlxml2domconfigtest.c | 2 +- tests/nsstest.c | 2 +- tests/qemucaps2xmltest.c | 2 +- tests/qemucapsprobe.c | 2 +- tests/qemumemlocktest.c | 3 +- tests/qemumonitorjsontest.c | 2 +- tests/qemuxml2argvtest.c | 8 +- tests/qemuxml2xmltest.c | 6 +- tests/sockettest.c | 6 +- tests/testutils.c | 4 +- tests/testutils.h | 18 ++- tests/vircaps2xmltest.c | 2 +- tests/vircgrouptest.c | 2 +- tests/vircryptotest.c | 2 +- tests/virfilecachetest.c | 2 +- tests/virfiletest.c | 2 +- tests/virfilewrapper.c | 5 + tests/virfirewalltest.c | 2 +- tests/virhostcputest.c | 2 +- tests/virhostdevtest.c | 2 +- tests/viriscsitest.c | 3 +- tests/virmacmaptest.c | 2 +- tests/virmock.h | 10 ++ tests/virmockstathelpers.c | 18 +++ tests/virnetdaemontest.c | 2 +- tests/virnetdevbandwidthtest.c | 2 +- tests/virnetdevtest.c | 2 +- tests/virnetserverclienttest.c | 2 +- tests/virnettlscontexttest.c | 2 +- tests/virnettlssessiontest.c | 2 +- tests/virpcitest.c | 2 +- tests/virpolkittest.c | 2 +- tests/virportallocatortest.c | 2 +- tests/virsystemdtest.c | 2 +- tests/virusbtest.c | 2 +- 44 files changed, 214 insertions(+), 149 deletions(-) -- 2.22.0

2 24

[libvirt] [PATCH 00/10] ci: Several fixes and improvements
by Andrea Bolognani 21 Aug '19

21 Aug '19

See the individual commits for details, but the gist of it is that after this series it's possible for users to hook into the build process and customize it according to their needs; on top of that, the whole thing is made more maintainable in the process. Andrea Bolognani (10): ci: Fix /etc/sub{u,g}id parsing ci: Drop $(CI_SUBMODULES) ci: Move everything to a separate directory ci: Create user's home directory in the container ci: Move source directory under $(CI_USER_HOME) ci: Introduce $(CI_BUILD_SCRIPT) ci: Generalize running commands inside the container ci: Introduce $(CI_PREPARE_SCRIPT) ci: Run $(CI_PREPARE_SCRIPT) as root ci: Stop using --workdir .gitignore | 2 +- .travis.yml | 8 +-- Makefile.am | 6 +- Makefile.ci => ci/Makefile | 109 +++++++++++++++++++------------------ ci/build.sh | 40 ++++++++++++++ ci/prepare.sh | 13 +++++ 6 files changed, 118 insertions(+), 60 deletions(-) rename Makefile.ci => ci/Makefile (79%) create mode 100644 ci/build.sh create mode 100644 ci/prepare.sh -- 2.21.0

2 12

[libvirt] [PATCH v2 0/9] More consistent virDomainUndefine flag handling
by Eric Blake 21 Aug '19

21 Aug '19

Since v1: - use syntax-check rather than dynamic runtime check for API mismatch - fix more stragglers with mismatched API, found by the syntax-check - fix a bug in bhyve no-op flag handling - expand no-op flag handling to other affected drivers Eric Blake (9): vbox: Add various vir*Flags API xenapi: Add various vir*Flags API maint: Enhance check-driverimpls.pl to check for API pairing bhyve: Ignore no-op flag during virDomainUndefine libxl: Ignore no-op flag during virDomainUndefine lxc: Ignore no-op flag during virDomainUndefine openvz: Ignore no-op flag during virDomainUndefine vmware: Ignore no-op flag during virDomainUndefine xenapi: Ignore no-op flag during virDomainUndefine src/bhyve/bhyve_driver.c | 6 +++++- src/check-driverimpls.pl | 33 +++++++++++++++++++++++++++++++-- src/libxl/libxl_driver.c | 4 +++- src/lxc/lxc_driver.c | 5 ++++- src/openvz/openvz_driver.c | 5 ++++- src/vbox/vbox_common.c | 24 ++++++++++++++++++++++-- src/vmware/vmware_driver.c | 5 ++++- src/xenapi/xenapi_driver.c | 28 ++++++++++++++++++++++++---- 8 files changed, 97 insertions(+), 13 deletions(-) -- 2.20.1

2 23

[libvirt] [PATCH 0/5] security: Deal with stale XATTRs
by Michal Privoznik 21 Aug '19

21 Aug '19

There are some ways users can end up in stale XATTRs. One is sudden power loss, the other is stopping libvirt whilst some domains are running and then rebooting the host. And I believe users will find other creative ways to shut down domains without qemuProcessStop() being called. When that happens our XATTRs will be left behind and not reflect the real state of things (e.g. refcounter). To resolve this, record a timestamp within XATTRs too so that host reboots can be detected. Michal Prívozník (5): virUUIDFormat: s/VIR_UUID_RAW_LEN/VIR_UUID_BUFLEN/ in comment security_util: Use more VIR_AUTOFREE() security_util: Document virSecurityMoveRememberedLabel util: Introduce virhostuptime security_util: Remove stale XATTRs src/libvirt_private.syms | 4 + src/security/security_util.c | 293 +++++++++++++++++++++++++++++------ src/util/Makefile.inc.am | 2 + src/util/virhostuptime.c | 61 ++++++++ src/util/virhostuptime.h | 27 ++++ src/util/viruuid.c | 2 +- tests/qemusecuritymock.c | 12 ++ 7 files changed, 353 insertions(+), 48 deletions(-) create mode 100644 src/util/virhostuptime.c create mode 100644 src/util/virhostuptime.h -- 2.21.0

3 11