[PATCH] apparmor: fix qemu_bridge_helper for named profile
by Christian Ehrhardt
Since a3ab6d42 "apparmor: convert libvirtd profile to a named profile"
the detection of the subelement for qemu_bridge_helper is wrong.
In combination with the older 123cc3e1 "apparmor: allow
/usr/lib/qemu/qemu-bridge-helper" it now detects qemu-bridge-helper no
more with its path, but instead as a proper subelement of the named profile
like: label=libvirtd//qemu_bridge_helper
In the same fashion the reverse rule in the qemu_bridge_helper
sub-profile still uses the path and not the named profile label.
Triggering denies like:
apparmor="DENIED" operation="file_inherit"
profile="libvirtd//qemu_bridge_helper" pid=5629 comm="qemu-bridge-hel"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none peer="libvirtd"
This patch fixes the unix socket rules for the communication between
libvirtd and qemu-bridge-helper to match that.
Fixes: a3ab6d42d825499af44b8f19f9299e150d9687bc
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1655111
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
src/security/apparmor/usr.sbin.libvirtd | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/security/apparmor/usr.sbin.libvirtd b/src/security/apparmor/usr.sbin.libvirtd
index 29f9936ad9..172972e525 100644
--- a/src/security/apparmor/usr.sbin.libvirtd
+++ b/src/security/apparmor/usr.sbin.libvirtd
@@ -62,8 +62,8 @@ profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
signal (send) set=("kill", "term") peer=unconfined,
# For communication/control to qemu-bridge-helper
- unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd//qemu_bridge_helper),
- signal (send) set=("term") peer=/usr/sbin/libvirtd//qemu_bridge_helper,
+ unix (send, receive) type=stream addr=none peer=(label=libvirtd//qemu_bridge_helper),
+ signal (send) set=("term") peer=libvirtd//qemu_bridge_helper,
# allow connect with openGraphicsFD, direction reversed in newer versions
unix (send, receive) type=stream addr=none peer=(label=libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*),
@@ -121,7 +121,7 @@ profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
network inet stream,
# For communication/control from libvirtd
- unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
+ unix (send, receive) type=stream addr=none peer=(label=libvirtd),
signal (receive) set=("term") peer=/usr/sbin/libvirtd,
signal (receive) set=("term") peer=libvirtd,
--
2.25.0
5 years, 2 months
[PATCH 00/10] qemu: Fix pre-creation of non-shared storage on migration
by Peter Krempa
The last patch fixes a bug where we'd fail to detect capacity of disks
on migration source due to changes in disk topology related to blockdev.
The rest of the series makes the function at least somewhat sane.
Peter Krempa (10):
util: hash: Use g_new0 for allocating hash internals
conf: domain: Remove checking of return value of virHashCreateFull
Remove checking of return value of virHashNew
qemuMigrationCookieAddNBD: Exit early if there are no disks
qemuMigrationCookieNBD: Extract embedded struct
qemuMigrationCookieAddNBD: Use glib memory allocators
qemuMigrationCookieAddNBD: Move monitor call out of the loop
qemuMigrationCookieAddNBD: Use virHashNew and automatic freeing of
virHashTablePtr
qemuMigrationCookieAddNBD: Remove 'ret' variable and 'cleanup' label
qemuMigrationCookieAddNBD: Fix filling of 'capacity' when blockdev is
used
src/conf/backup_conf.c | 6 +---
src/conf/domain_addr.c | 32 +++++++-----------
src/qemu/qemu_migration_cookie.c | 58 +++++++++++++++-----------------
src/qemu/qemu_migration_cookie.h | 10 +++---
src/qemu/qemu_monitor_json.c | 3 +-
src/util/virhash.c | 14 +++-----
6 files changed, 54 insertions(+), 69 deletions(-)
--
2.24.1
5 years, 2 months
[PATCH v2 00/21] PCI Multifunction hotplug/hotunplug support
by Daniel Henrique Barboza
This series adds PCI multifunction hotplug/unplug capabilities
for Libvirt. Some of these patches were sent last year in a
shorter prep series in [1]. The patches then got a bit of
rework to keep up with Libvirt changes in master. This
work follows the considerations made for the unplug design
in [2]. A first version of this series were sent back in
2018 [3], so this is the official version 2 of that work.
The design guideline for the patches can be summed up as:
- attach/detach functions were changed to handle a list of
devices instead of a single device definition. The regular
device attach/detach is represented with a list with
size = 1;
- common code between single device and multifunction device
mechanics were moved to 'internal' versions of the functions;
- for the 'Live' operations, both attach and detach were
handled in specialized functions for the multifunction case.
The regular case is still being handled by the same
functions.
This allowed us to add the multifunction support without
changing existing regular attach/detach device support.
Attaching/detaching a multifunction device works by supplying
the <devices> XML to the same attach/detach commands we
already use. It is expected to supply the same XML when
detaching the device, as discussed in [2].
Despite the changes and additions I've made, this is still
adherent to the original 2018 series from Shivaprasad G Bhat.
[1] https://www.redhat.com/archives/libvir-list/2019-August/msg01382.html
[2] https://www.redhat.com/archives/libvir-list/2020-January/msg00865.html
[3] https://www.redhat.com/archives/libvir-list/2018-March/msg00729.html
Daniel Henrique Barboza (4):
utils: PCI multifunction detection helpers
qemu_hotplug.c: tune unplugTimeout for multifunction detach
qemu_hotplug: do not hotplug/hotunplug 'unassigned' hostdevs
qemu_hotplug.c: use enhanced multifunction unplug if available
Shivaprasad G Bhat (17):
qemu: address: Separate the slots into multiple aggregates
virhostdev: Introduce virHostdevPCIDevicesBelongToSameSlot
qemu: address: Enable auto addressing multifunction cards
conf: qemu: validate multifunction hostdevice domain configs
conf: Add helper to get active functions of a slot of domain
qemu: hostdev: Move the hostdev preparation to a separate function
qemu: hotplug: Move the detach of PCI device to the beginning of live
hotplug
qemu: hotplug: move assignment outside qemuDomainAttachHostPCIDevice
Introduce virDomainDeviceDefParseXMLMany
Introduce qemuDomainDeviceParseXMLMany
qemu: refactor qemuDomain[Attach|Detach]DeviceConfig
qemu: refactor qemuDomain[Attach|Detach]DeviceLive
qemu: hotplug: Queue and wait for multiple devices
domain: addr: Introduce virDomainPCIAddressEnsureMultifunctionAddress
qemu: hotplug: Implement multifunction device hotplug
qemu: hotplug: Prevent updates to multifunction device
qemu: hotplug: Implement multifunction device unplug
src/conf/device_conf.h | 7 +
src/conf/domain_addr.c | 129 ++++-
src/conf/domain_addr.h | 43 +-
src/conf/domain_conf.c | 198 +++++++-
src/conf/domain_conf.h | 35 ++
src/libvirt_private.syms | 10 +
src/qemu/qemu_domain.c | 73 +++
src/qemu/qemu_domain.h | 21 +-
src/qemu/qemu_domain_address.c | 366 ++++++++++++++-
src/qemu/qemu_domain_address.h | 16 +
src/qemu/qemu_driver.c | 242 +++++++---
src/qemu/qemu_hotplug.c | 440 +++++++++++++++---
src/qemu/qemu_hotplug.h | 14 +
src/util/virhostdev.c | 54 +++
src/util/virhostdev.h | 5 +
src/util/virpci.c | 17 +
src/util/virpci.h | 4 +
tests/qemuhotplugtest.c | 68 ++-
...emuhotplug-multifunction-hostdev-pci-2.xml | 14 +
...plug-multifunction-hostdev-pci-partial.xml | 27 ++
.../qemuhotplug-multifunction-hostdev-pci.xml | 26 ++
...live+multifunction-hostdev-pci-partial.xml | 82 ++++
...ug-base-live+multifunction-hostdev-pci.xml | 82 ++++
...-base-live+multifunction-hostdev-pci-2.xml | 59 +++
...es-base-live+multifunction-hostdev-pci.xml | 69 +++
.../hostdev-pci-address-unassigned.args | 9 +-
.../hostdev-pci-multifunction.args | 18 +-
.../hostdev-pci-multifunction.xml | 8 +-
.../hostdev-pci-no-primary-function.xml | 23 +
.../hostdev-pci-validate.args | 30 ++
.../qemuxml2argvdata/hostdev-pci-validate.xml | 29 ++
.../qemuxml2argvdata/pseries-hostdevs-1.args | 5 +-
.../qemuxml2argvdata/pseries-hostdevs-3.args | 5 +-
tests/qemuxml2argvtest.c | 14 +-
.../hostdev-pci-address-unassigned.xml | 8 +-
.../hostdev-pci-multifunction.xml | 24 +-
.../qemuxml2xmloutdata/pseries-hostdevs-1.xml | 4 +-
.../qemuxml2xmloutdata/pseries-hostdevs-3.xml | 4 +-
tests/virpcitestdata/0005-90-01.1.config | Bin 256 -> 256 bytes
tests/virpcitestdata/0005-90-01.2.config | Bin 256 -> 256 bytes
tests/virpcitestdata/0005-90-01.3.config | Bin 0 -> 256 bytes
41 files changed, 2023 insertions(+), 259 deletions(-)
create mode 100644 tests/qemuhotplugtestdevices/qemuhotplug-multifunction-hostdev-pci-2.xml
create mode 100644 tests/qemuhotplugtestdevices/qemuhotplug-multifunction-hostdev-pci-partial.xml
create mode 100644 tests/qemuhotplugtestdevices/qemuhotplug-multifunction-hostdev-pci.xml
create mode 100644 tests/qemuhotplugtestdomains/qemuhotplug-base-live+multifunction-hostdev-pci-partial.xml
create mode 100644 tests/qemuhotplugtestdomains/qemuhotplug-base-live+multifunction-hostdev-pci.xml
create mode 100644 tests/qemuhotplugtestdomains/qemuhotplug-pseries-base-live+multifunction-hostdev-pci-2.xml
create mode 100644 tests/qemuhotplugtestdomains/qemuhotplug-pseries-base-live+multifunction-hostdev-pci.xml
create mode 100644 tests/qemuxml2argvdata/hostdev-pci-no-primary-function.xml
create mode 100644 tests/qemuxml2argvdata/hostdev-pci-validate.args
create mode 100644 tests/qemuxml2argvdata/hostdev-pci-validate.xml
create mode 100644 tests/virpcitestdata/0005-90-01.3.config
--
2.24.1
5 years, 2 months
[PATCH 0/6] Couple of apparmor fixes
by Michal Privoznik
These are inspired by Gentoo patch [1]. However, they still match what
we do upstream, so I figured we should merge them.
1: https://github.com/gentoo/gentoo/blob/master/app-emulation/libvirt/files/...
Michal Prívozník (6):
apparmor: Fix parthelper, iohelper and virt-aa-helper paths in
profiles
apparmor: Allow libvirt to spawn virt-aa-helper and libvirt_lxc
docs: Fix virt-aa-helper location
apparmor: Rename virt-aa-helper profile
apparmor: Sort paths in blocks in libvirt-qemu profile
apparmor: Allow some more BIOS/UEFI paths
docs/drvqemu.html.in | 2 +-
src/security/Makefile.inc.am | 10 +--
src/security/apparmor/libvirt-qemu | 78 ++++++++++---------
...t-aa-helper => usr.libexec.virt-aa-helper} | 6 +-
src/security/apparmor/usr.sbin.libvirtd | 6 +-
5 files changed, 53 insertions(+), 49 deletions(-)
rename src/security/apparmor/{usr.lib.libvirt.virt-aa-helper => usr.libexec.virt-aa-helper} (90%)
--
2.24.1
5 years, 2 months
[libvirt-rust PATCH v3 0/4] Map more functions in stream module
by Zixing Liu
This set of patches will add more functions to the Rust bindings.
Newly mapped functions from C library: virStreamNew virStreamEventUpdateCallback virStreamEventRemoveCallback virStreamEventAddCallback.
virStreamEventAddCallback can accept normal fn functions or closures (can capture variables outside)
The changes are not very thoroughly tested since event module is not implemented at all so the virStreamEventAddCallback will always return "unsupported by the connection driver".
Version 2: Addressed comments
Version 3: Undo format changes and rebased against latest branch
Zixing Liu (4):
libvirt-rust: stream: add more functions in stream
libvirt-rust: stream: add more functions in stream
libvirt-rust: use reference instead of moving
libvirt-rust: stream: addressed comments
src/domain.rs | 2 +-
src/stream.rs | 94 ++++++++++++++++++++++++++++++++++++++++++++++---
tests/stream.rs | 40 +++++++++++++++++++++
3 files changed, 130 insertions(+), 6 deletions(-)
create mode 100644 tests/stream.rs
--
2.25.0
5 years, 2 months
[libvirt-go PATCH] Import from libvirt.org instead of github.com
by Andrea Bolognani
Since
commit 201156ec6e65e08cdb04d6fdefe013652fb7fa87
Author: Daniel P. Berrangé <berrange(a)redhat.com>
Date: Mon Dec 16 10:06:50 2019 +0000
docs: add pages to support Go module package resolution
it's possible to use
import "libvirt.org/libvirt-go"
in Go programs, which will result in the Go bindings being
fetched directly from libvirt.org thus removing our reliance
on GitHub.
Update the documentation accordingly.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
README.md | 4 ++--
doc.go | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 326d6a0..c11e9ab 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# libvirt-go [](http... [](https://godoc.org/github.com/libvirt/libvirt-go)
+# libvirt-go [](http... [](https://godoc.org/libvirt.org/libvirt-go)
Go bindings for libvirt.
@@ -32,7 +32,7 @@ changes may apply to future versions:
## Documentation
-* [api documentation for the bindings](https://godoc.org/github.com/libvirt/libvirt-go)
+* [api documentation for the bindings](https://godoc.org/libvirt.org/t libvirt-go)
* [api documentation for libvirt](http://libvirt.org/html/libvirt-libvirt.html)
## Contributing
diff --git a/doc.go b/doc.go
index 55d75b0..35c9962 100644
--- a/doc.go
+++ b/doc.go
@@ -116,7 +116,7 @@
// To connect to libvirt
//
// import (
-// libvirt "github.com/libvirt/libvirt-go"
+// libvirt "libvirt.org/libvirt-go"
// )
// conn, err := libvirt.NewConnect("qemu:///system")
// if err != nil {
--
2.24.1
5 years, 2 months
[libvirt-go-xml PATCH] Import from libvirt.org instead of github.com
by Andrea Bolognani
Since
commit 201156ec6e65e08cdb04d6fdefe013652fb7fa87
Author: Daniel P. Berrangé <berrange(a)redhat.com>
Date: Mon Dec 16 10:06:50 2019 +0000
docs: add pages to support Go module package resolution
it's possible to use
import "libvirt.org/libvirt-go-xml"
in Go programs, which will result in the Go bindings being
fetched directly from libvirt.org thus removing our reliance
on GitHub.
Update the documentation accordingly.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
README.md | 4 ++--
doc.go | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index 79f42f4..fcc1ffb 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# libvirt-go-xml [](... [](https://godoc.org/github.com/libvirt/libvirt-go-xml)
+# libvirt-go-xml [](... [](https://godoc.org/libvirt.org/libvirt-go-xml)
Go API for manipulating libvirt XML documents
@@ -9,7 +9,7 @@ the way in which the application talks to libvirt.
## Documentation
-* [API documentation for the bindings](https://godoc.org/github.com/libvirt/libvirt-go-xml)
+* [API documentation for the bindings](https://godoc.org/libvirt.org/libvirt-go-xml)
* [Libvirt XML schema documentation](https://libvirt.org/format.html):
* [capabilities](https://libvirt.org/formatcaps.html)
* [domain](https://libvirt.org/formatdomain.html)
diff --git a/doc.go b/doc.go
index 25bc1d5..f93fac0 100644
--- a/doc.go
+++ b/doc.go
@@ -36,7 +36,7 @@
// package main
//
// import (
-// "github.com/libvirt/libvirt-go-xml"
+// "libvirt.org/libvirt-go-xml"
// )
//
// func main() {
@@ -51,8 +51,8 @@
// package main
//
// import (
-// "github.com/libvirt/libvirt-go"
-// "github.com/libvirt/libvirt-go-xml"
+// "libvirt.org/libvirt-go"
+// "libvirt.org/libvirt-go-xml"
// "fmt"
// )
//
--
2.24.1
5 years, 2 months
[PATCH v3 0/4] lxc: Add suport to network indexes for LXC 3.X
by Julio Faracco
This series implement support for network syntax settings for LXC 3.X.
Now, indexes are part of the settings to define network interfaces. Each
interface has its own index. The old style uses 'type' tag to
differentiate each interface and with this, it could use one single
structure. Now, network interfaces are a single array with interface
pointers.
Old:
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = virbr0
New:
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = virbr0
v1-v2: Moving sscanf to virStrToLong_ull according Daniel's suggestion.
v2-v3: Adding missing g_autofree from `suffix` variable.
Julio Faracco (4):
lxc: refactor lxcNetworkParseData pointers to use new structures
lxc: add LXC version 3 network parser
lxc: remove domain definition from lxc network struct
tests: update LXC config dataset to support V3 indexes
src/lxc/lxc_native.c | 189 ++++++++++++------
.../lxcconf2xml-ethernet-v3.config | 16 +-
.../lxcconf2xml-fstab-v3.config | 10 +-
.../lxcconf2xml-macvlannetwork-v3.config | 10 +-
.../lxcconf2xml-simple-v3.config | 18 +-
5 files changed, 151 insertions(+), 92 deletions(-)
--
2.20.1
5 years, 2 months
](http...](http://Status](https://travis-ci.org/libvirt/libvirt-go.svg?branch=master)](https://travis-ci.org/libvirt/libvirt-go)){kind=link}
](...](http://Status](https://travis-ci.org/libvirt/libvirt-go-xml.svg?branch=master)](https://travis-ci.org/libvirt/libvirt-go-xml)){kind=link}