[libvirt PATCH v2 0/2] rST-ify and rewrite a couple of block-layer docs
by Kashyap Chamarthy
I don't think the Debian "sid" failure is related to my patch:
https://gitlab.com/kashyapc/libvirt/-/pipelines/300380749/failures
Changes in v2:
- Mention backupBegin() [Peter]
- Add examples of push-mode backup using backupBegin() [Peter, Kashyap]
- Use existing rST conventions to make `rst2html5` happy [Michal]
- Update meson.build [Michal]
- Use .contents:: [Michal]
- Paragraph alignment [Michal]
Kashyap Chamarthy (2):
docs: kbase: Add a doc on live full disk backup
docs: kbase: Add a doc on merging disk image chains
docs/kbase/live_full_disk_backup.rst | 186 +++++++++++++++++++++
docs/kbase/merging_disk_image_chains.rst | 200 +++++++++++++++++++++++
docs/kbase/meson.build | 2 +
3 files changed, 388 insertions(+)
create mode 100644 docs/kbase/live_full_disk_backup.rst
create mode 100644 docs/kbase/merging_disk_image_chains.rst
--
2.30.2
3 years, 6 months
[libvirt PATCH v2 00/10] make internal only secrets work with split daemons
by Daniel P. Berrangé
If you define a secret with private="yes", then libvirt won't let any
client query the secret value after it is set. Only other libvirt
drivers inside the daemon can query it by passing a special internal
only flag to the virSecretGetValue API. The remote driver/daemon
refuses to let this internal flag go over the wire preventing normal
clients from using it
This doesn't work with the split daemons because the virSecretGetValue
API done by virqemud / virtstoraged has to go over the wire to reach
the virsecretd.
We need to come up with an alternative way to "prove" that the caller
of virSecretGetValue is a libvirt daemon, as opposed to a general
libvirt client.
Note with if only traditional POSIX DAC permissions are in effect
then we could consider it pointless trying to restrict access to
clients running the same user/group as the libvirt daemon. We ought
to take into account that the client might be confined by SELinux
though, so the "private secret" concept isn't entirely pointless.
Thus doing a simple uid of client == uid of daemon check is a bit
too weak. The UID check might also not fly if the modular daemons
are run inside containers with user namespaces, as the container
for virtsecretd and virtqemud might have different user mappings
in theory.
This series adds a concept of a "token" which is known only to the
libvirt daemons. The first daemon to use it writes a random hex
string to /var/run/libvirt/common/system.token. Other daemons can
read and compare this. Unless a MAC system is present this is still
largely security theatre, but that's not really worse than the
historical behaviour.
When an API call is made the virIdentity by default reflects the
identity of the UNIX process that initiated it.
When connecting to virtproxyd, the client apps' identity is forwarded
to the next virtNNNNd daemon.
When libvirt drivers, however, initiate an API call we never set any
identity. With monolithic libvirtd, they'd inherit the current client
identity automagically since it was all in the same thread local. With
modular daemons the othe driver would see the identity of the other
libvirt daemon which is bad as this gives elevated privileges in the
ACL check.
Thus we fix the code which drivers use to open a connection to other
daemons, such that it applies the current caller's identity. It does
this using an "elevated" identity though, which means, we have added
in the system token. Thus the virtsecretd daemon getting the call
virSecretGetValue sees the virIdentity reflecting the client
application which originally called the virDomainCreate() API, but
with the system token set. Thus virsecretd can see that the
virSecretGetValue was invoked by another daemon, not a libvirt
client app.
Changed in v2...
We can't set the elevated identity only when opening the virConnect
for the secret driver. This works for modular daemons, as the identity
is passed to the virsecretd at time of opening and thus applies to
the later virSecretGetValue call on that connection.
For monolithic daemon, the identity present at virConnectOpen is
irrelevant. The virSecretGetValue call will just directly query
the current thread's identity.
IOW, to work in both deployment scenarios we need to have the
elevated identity set across both virConnectOpen and virSecretGetValue
Daniel P. Berrangé (10):
util: add virRandomToken API
util: introduce concept of a system token into identities
util: generate a persistent system token
util: set system token for system identity
util: add API for copying identity objects
util: helper to temporary elevate privileges of the current identity
src: add API to determine if current identity is a system identity
src: set identity when opening secondary drivers
src: elevate current identity privilege when fetching secret
secret: rework handling of private secrets
src/driver-secret.h | 9 +-
src/driver.c | 27 +++
src/libvirt-secret.c | 2 +-
src/libvirt_private.syms | 7 +
src/libxl/libxl_conf.c | 5 +
src/qemu/qemu_domain.c | 11 +-
src/qemu/qemu_tpm.c | 5 +
src/remote/remote_driver.c | 8 +-
src/secret/secret_driver.c | 34 ++-
src/storage/storage_backend_iscsi.c | 5 +
src/storage/storage_backend_iscsi_direct.c | 5 +
src/storage/storage_backend_rbd.c | 5 +
src/storage/storage_util.c | 5 +
src/util/viridentity.c | 239 +++++++++++++++++++++
src/util/viridentity.h | 11 +
src/util/virrandom.c | 18 ++
src/util/virrandom.h | 1 +
src/util/virsecret.c | 3 +-
tests/qemuxml2argvtest.c | 3 +-
19 files changed, 375 insertions(+), 28 deletions(-)
--
2.31.1
3 years, 6 months
[PATCH] Introduce a new virDomainReloadTlsCertificates API
by Zheng Yan
The new virDomainReloadTlsCertificates API is used to notify domain reload
its certificates without restart, and avoid service interruption.
Currently, only QEMU VNC TLS certificates are supported, but parameters and
flags are also reserved for subsequent scenarios.
Take reload QEMU VNC TLS certificates as an example, we can call:
virDomainReloadTlsCertificates(domain,
VIR_DOMAIN_TLS_CERT_GRAPHICS_VNC,
NULL, 0, 0);
Then the specified QMP message would be send to QEMU:
{"execute": "display-reload", "arguments":{"type": "vnc", "tls-certs": true}}
Refers:
https://gitlab.com/qemu-project/qemu/-/commit/9cc07651655ee86eca41059f5ea...
---
include/libvirt/libvirt-domain.h | 20 +++++++++++
src/driver-hypervisor.h | 8 +++++
src/libvirt-domain.c | 58 ++++++++++++++++++++++++++++++++
src/libvirt_public.syms | 5 +++
src/qemu/qemu_driver.c | 40 ++++++++++++++++++++++
src/qemu/qemu_hotplug.c | 17 ++++++++++
src/qemu/qemu_hotplug.h | 4 +++
src/qemu/qemu_monitor.c | 27 +++++++++++++++
src/qemu/qemu_monitor.h | 3 ++
src/qemu/qemu_monitor_json.c | 27 +++++++++++++++
src/qemu/qemu_monitor_json.h | 4 +++
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 15 ++++++++-
src/remote_protocol-structs | 10 ++++++
14 files changed, 238 insertions(+), 1 deletion(-)
diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
index e99bfb7654..357d3598a6 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -5152,4 +5152,24 @@ int virDomainStartDirtyRateCalc(virDomainPtr domain,
int seconds,
unsigned int flags);
+/**
+ * virDomainTlsCertificateType:
+ * the used scene of TLS certificates for doamin
+ */
+typedef enum {
+ VIR_DOMAIN_TLS_CERT_GRAPHICS_VNC = 0,
+ VIR_DOMAIN_TLS_CERT_GRAPHICS_SPICE = 1,
+
+# ifdef VIR_ENUM_SENTINELS
+ VIR_DOMAIN_TLS_CERT_LAST
+# endif
+} virDomainTlsCertificateType;
+
+int
+virDomainReloadTlsCertificates(virDomainPtr domain,
+ unsigned int type,
+ virTypedParameterPtr params,
+ int nparams,
+ unsigned int flags);
+
#endif /* LIBVIRT_DOMAIN_H */
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index d642af8a37..d0d4976441 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1410,6 +1410,13 @@ typedef int
int seconds,
unsigned int flags);
+typedef int
+(*virDrvDomainReloadTlsCertificates)(virDomainPtr domain,
+ unsigned int type,
+ virTypedParameterPtr params,
+ int nparams,
+ unsigned int flags);
+
typedef struct _virHypervisorDriver virHypervisorDriver;
/**
@@ -1676,4 +1683,5 @@ struct _virHypervisorDriver {
virDrvDomainAuthorizedSSHKeysSet domainAuthorizedSSHKeysSet;
virDrvDomainGetMessages domainGetMessages;
virDrvDomainStartDirtyRateCalc domainStartDirtyRateCalc;
+ virDrvDomainReloadTlsCertificates domainReloadTlsCertificates;
};
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index 42c75f6cc5..1b6889ab49 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -13218,3 +13218,61 @@ virDomainStartDirtyRateCalc(virDomainPtr domain,
virDispatchError(conn);
return -1;
}
+
+/**
+ * virDomainReloadTlsCertificates:
+ * @domain: a domain object.
+ * @type: a value of virDomainTlsCertificateType
+ * @params: pointer to TLS Certs parameter objects, must be NULL if not used
+ * @nparams: number of TLS Certs parameter objects, must be 0 if not used
+ * @flags: extra flags; not used yet, so callers should always pass 0
+ *
+ * Notify domain reload its certificates with specified 'type'
+ *
+ * Returns 0 in case of success, -1 otherwise.
+ */
+int
+virDomainReloadTlsCertificates(virDomainPtr domain,
+ unsigned int type,
+ virTypedParameterPtr params,
+ int nparams,
+ unsigned int flags)
+{
+ virConnectPtr conn;
+
+ VIR_DOMAIN_DEBUG(domain, "certificate type=%u, params=%p, nparams=%d, flags=%x",
+ type, params, nparams, flags);
+
+ virResetLastError();
+
+ virCheckDomainReturn(domain, -1);
+ conn = domain->conn;
+
+ virCheckReadOnlyGoto(conn->flags, error);
+ virCheckNonNegativeArgGoto(nparams, error);
+
+ if (type >= VIR_DOMAIN_TLS_CERT_LAST) {
+ virReportInvalidArg(type,
+ _("type must be less than %d"),
+ VIR_DOMAIN_TLS_CERT_LAST);
+ goto error;
+ }
+
+ if (conn->driver->domainReloadTlsCertificates) {
+ int ret;
+ ret = conn->driver->domainReloadTlsCertificates(domain,
+ type,
+ params,
+ nparams,
+ flags);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virReportUnsupportedError();
+
+ error:
+ virDispatchError(domain->conn);
+ return -1;
+}
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 5678a13cda..30ff012958 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -896,4 +896,9 @@ LIBVIRT_7.3.0 {
virNodeDeviceCreate;
} LIBVIRT_7.2.0;
+LIBVIRT_7.4.0 {
+ global:
+ virDomainReloadTlsCertificates;
+} LIBVIRT_7.3.0;
+
# .... define new API here using predicted next version number ....
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index c90d52edc0..422a350c65 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20449,6 +20449,45 @@ qemuDomainStartDirtyRateCalc(virDomainPtr dom,
return ret;
}
+static int
+qemuDomainReloadTlsCertificates(virDomainPtr domain,
+ unsigned int type,
+ virTypedParameterPtr params,
+ int nparams,
+ unsigned int flags)
+{
+ int ret = -1;
+ virQEMUDriver *driver = domain->conn->privateData;
+ virDomainObj *vm = qemuDomObjFromDomain(domain);
+
+ if (!vm)
+ goto cleanup;
+
+ virCheckNonNullArgGoto(params, cleanup);
+ if (nparams != 0) {
+ virReportInvalidZeroArg(nparams);
+ goto cleanup;
+ }
+ virCheckFlagsGoto(0, cleanup);
+
+ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+ goto cleanup;
+
+ if (!virDomainObjIsActive(vm)) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ "%s", _("domain is not running"));
+ goto endjob;
+ }
+
+ ret = qemuDomainReloadTLSCerts(driver, vm, type);
+
+ endjob:
+ qemuDomainObjEndJob(driver, vm);
+
+ cleanup:
+ virDomainObjEndAPI(&vm);
+ return ret;
+}
static virHypervisorDriver qemuHypervisorDriver = {
.name = QEMU_DRIVER_NAME,
@@ -20693,6 +20732,7 @@ static virHypervisorDriver qemuHypervisorDriver = {
.domainAuthorizedSSHKeysSet = qemuDomainAuthorizedSSHKeysSet, /* 6.10.0 */
.domainGetMessages = qemuDomainGetMessages, /* 7.1.0 */
.domainStartDirtyRateCalc = qemuDomainStartDirtyRateCalc, /* 7.2.0 */
+ .domainReloadTlsCertificates = qemuDomainReloadTlsCertificates, /* 7.4.0 */
};
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index a64cddb9e7..34dc035d73 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -6704,3 +6704,20 @@ qemuDomainSetVcpuInternal(virQEMUDriver *driver,
virBitmapFree(livevcpus);
return ret;
}
+
+int qemuDomainReloadTLSCerts(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ unsigned int type)
+{
+ int ret = -1;
+ qemuDomainObjPrivate *priv = vm->privateData;
+
+ qemuDomainObjEnterMonitor(driver, vm);
+
+ ret = qemuMonitorDisplayReloadTLSCerts(priv->mon, type);
+
+ if (qemuDomainObjExitMonitor(driver, vm) < 0)
+ ret = -1;
+
+ return ret;
+}
diff --git a/src/qemu/qemu_hotplug.h b/src/qemu/qemu_hotplug.h
index df8f76f8d6..411741a688 100644
--- a/src/qemu/qemu_hotplug.h
+++ b/src/qemu/qemu_hotplug.h
@@ -160,3 +160,7 @@ int qemuHotplugAttachDBusVMState(virQEMUDriver *driver,
int qemuHotplugRemoveDBusVMState(virQEMUDriver *driver,
virDomainObj *vm,
qemuDomainAsyncJob asyncJob);
+
+int qemuDomainReloadTLSCerts(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ unsigned int type);
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 1e6f892e08..11f8cc8670 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4746,3 +4746,30 @@ qemuMonitorQueryDirtyRate(qemuMonitor *mon,
return qemuMonitorJSONQueryDirtyRate(mon, info);
}
+
+static const char *
+qemuMonitorTLSCertificateTypeToString(unsigned int type)
+{
+ switch (type) {
+ /* for now, only VNC is supported */
+ case VIR_DOMAIN_TLS_CERT_GRAPHICS_VNC:
+ return "vnc";
+ default:
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("unsupported qemu certificate type %u"),
+ type);
+ return NULL;
+ }
+}
+
+int
+qemuMonitorDisplayReloadTLSCerts(qemuMonitorPtr mon, unsigned int type)
+{
+ const char *certType = qemuMonitorTLSCertificateTypeToString(type);
+ if (!certType)
+ return -1;
+
+ QEMU_CHECK_MONITOR(mon);
+
+ return qemuMonitorJSONDisplayReload(mon, certType, true);
+}
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 6a25def78b..f26f92fb51 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1496,3 +1496,6 @@ struct _qemuMonitorDirtyRateInfo {
int
qemuMonitorQueryDirtyRate(qemuMonitor *mon,
qemuMonitorDirtyRateInfo *info);
+
+int qemuMonitorDisplayReloadTLSCerts(qemuMonitorPtr mon,
+ unsigned int type);
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 46aa3330a8..9934613cc2 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -9446,3 +9446,30 @@ qemuMonitorJSONQueryDirtyRate(qemuMonitor *mon,
return qemuMonitorJSONExtractDirtyRateInfo(data, info);
}
+
+int qemuMonitorJSONDisplayReload(qemuMonitorPtr mon,
+ const char *type,
+ bool tlsCerts)
+{
+ int ret = -1;
+ virJSONValuePtr reply = NULL;
+ virJSONValuePtr cmd = qemuMonitorJSONMakeCommand("display-reload",
+ "s:type", type,
+ "b:tls-certs", tlsCerts,
+ NULL);
+ if (!cmd)
+ return -1;
+
+ if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+ goto cleanup;
+
+ if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+ cleanup:
+ virJSONValueFree(cmd);
+ virJSONValueFree(reply);
+ return ret;
+}
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 01a3ba25f1..73761d54f8 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -706,3 +706,7 @@ qemuMonitorJSONStartDirtyRateCalc(qemuMonitor *mon,
int
qemuMonitorJSONQueryDirtyRate(qemuMonitor *mon,
qemuMonitorDirtyRateInfo *info);
+
+int qemuMonitorJSONDisplayReload(qemuMonitorPtr mon,
+ const char *type,
+ bool tlsCerts);
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 0c72d69933..0e6e4e3007 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -8566,6 +8566,7 @@ static virHypervisorDriver hypervisor_driver = {
.domainAuthorizedSSHKeysSet = remoteDomainAuthorizedSSHKeysSet, /* 6.10.0 */
.domainGetMessages = remoteDomainGetMessages, /* 7.1.0 */
.domainStartDirtyRateCalc = remoteDomainStartDirtyRateCalc, /* 7.2.0 */
+ .domainReloadTlsCertificates = remoteDomainReloadTlsCertificates, /* 7.4.0 */
};
static virNetworkDriver network_driver = {
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index de69704b68..c13b3e1f5c 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -286,6 +286,8 @@ const REMOTE_DOMAIN_AUTHORIZED_SSH_KEYS_MAX = 2048;
/* Upper limit on number of messages */
const REMOTE_DOMAIN_MESSAGES_MAX = 2048;
+/* Upper limit on list of TLS certificate parameters */
+const REMOTE_DOMAIN_RELOAD_TLS_CERT_PARAMETERS_MAX = 16;
/* UUID. VIR_UUID_BUFLEN definition comes from libvirt.h */
typedef opaque remote_uuid[VIR_UUID_BUFLEN];
@@ -3836,6 +3838,12 @@ struct remote_domain_start_dirty_rate_calc_args {
unsigned int flags;
};
+struct remote_domain_reload_tls_certificates_args {
+ remote_nonnull_domain dom;
+ unsigned int type;
+ remote_typed_param params<REMOTE_DOMAIN_RELOAD_TLS_CERT_PARAMETERS_MAX>;
+ unsigned int flags;
+};
/*----- Protocol. -----*/
@@ -6784,6 +6792,11 @@ enum remote_procedure {
* @priority: high
* @acl: node_device:start
*/
- REMOTE_PROC_NODE_DEVICE_CREATE = 430
+ REMOTE_PROC_NODE_DEVICE_CREATE = 430,
+ /**
+ * @generate: both
+ * @acl: domain:write
+ */
+ REMOTE_PROC_DOMAIN_RELOAD_TLS_CERTIFICATES = 431
};
diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs
index 6b46328adc..799a8596ea 100644
--- a/src/remote_protocol-structs
+++ b/src/remote_protocol-structs
@@ -3192,6 +3192,15 @@ struct remote_domain_start_dirty_rate_calc_args {
int seconds;
u_int flags;
};
+struct remote_domain_reload_tls_certificates_args {
+ remote_nonnull_domain dom;
+ u_int type;
+ struct {
+ u_int params_len;
+ remote_typed_param * params_val;
+ } params;
+ u_int flags;
+};
enum remote_procedure {
REMOTE_PROC_CONNECT_OPEN = 1,
REMOTE_PROC_CONNECT_CLOSE = 2,
@@ -3623,4 +3632,5 @@ enum remote_procedure {
REMOTE_PROC_NODE_DEVICE_DEFINE_XML = 428,
REMOTE_PROC_NODE_DEVICE_UNDEFINE = 429,
REMOTE_PROC_NODE_DEVICE_CREATE = 430,
+ REMOTE_PROC_DOMAIN_RELOAD_TLS_CERTIFICATES = 431,
};
--
2.25.1
3 years, 6 months
[PATCH] securityselinuxhelper: Fix retval of setcon_raw() and security_disable()
by Michal Privoznik
The securityselinuxhelper is a mock that's replacing libselinux
APIs with our own implementation to achieve deterministic
results. Our implementation uses env vars (among other things) to
hold internal state. For instance, "FAKE_SELINUX_CONTEXT" and
"FAKE_SELINUX_DISABLED" variables are used. However, as we were
switching from setenv() to g_setenv() we also changed the set of
possible retvals from setcon_raw() and security_disable().
Previously, the retval of setenv() was used directly which
returns 0 on success and -1 on error. But g_setenv() has
different retval semantics: it returns 1 on success and 0 on
error.
This discrepancy can be observed by running viridentitytest where
case #2 reports an error ("!") - because setcon_raw() returns 1.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
tests/securityselinuxhelper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index b308ef5095..c3d6505ef2 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -140,7 +140,7 @@ int setcon_raw(const char *context)
errno = EINVAL;
return -1;
}
- return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE);
+ return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE) == TRUE ? 0 : -1;
}
int setcon(const char *context)
@@ -219,7 +219,7 @@ int security_disable(void)
return -1;
}
- return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE);
+ return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) == TRUE ? 0 : -1;
}
int security_getenforce(void)
--
2.26.3
3 years, 6 months
[libvirt PATCH v3 0/8] cleanup meson checks for runtime binaries
by Pavel Hrdina
Recent attempt to add a lot of meson options to specify different
runtime paths motivated me enough to cleanup this from meson.
Changes in v3:
- some patches were already pushed
- removed patch that moved virFindFileInPath from testutilsqemu.c
Changes in v2:
- split and rework patch 16/17 to address review comments
- added a new patch to cleanup libvirt.spec.in file
Pavel Hrdina (8):
virfile: introduce virFindFileInPathFull()
qemu_conf: use virFindFileInPathFull for runtime binaries
meson: drop check for runtime binary dependencies
meson: move iscsiadm check into storage_iscsi condition
meson: stop setting runtime binaries defines during compilation
meson: use runtime binaries to only resolve features with "auto" value
meson: optional_programs should be used only for building libvirt
libvirt.spec: drop no longer required build dependencies
libvirt.spec.in | 31 ----
meson.build | 214 +++++++++----------------
src/bhyve/bhyve_command.c | 4 +
src/libvirt_private.syms | 2 +-
src/locking/lock_driver_lockd.c | 12 +-
src/network/bridge_driver.c | 2 +
src/node_device/node_device_driver.c | 2 +
src/qemu/qemu_conf.c | 23 ++-
src/storage/storage_backend_logical.c | 13 ++
src/storage/storage_backend_sheepdog.c | 2 +
src/storage/storage_backend_zfs.c | 3 +
src/storage/storage_util.c | 2 +
src/storage/storage_util.h | 6 +
src/util/virdnsmasq.c | 1 +
src/util/virfile.c | 16 +-
src/util/virfile.h | 5 +-
src/util/virfirewall.h | 4 +
src/util/viriscsi.h | 2 +
src/util/virkmod.h | 3 +
src/util/virnetdevbandwidth.h | 2 +
src/util/virnetdevip.c | 2 +
src/util/virnetdevmidonet.c | 2 +
src/util/virnetdevopenvswitch.c | 2 +
src/util/virnuma.c | 1 +
src/util/virsysinfo.c | 1 +
src/util/virutil.c | 2 +
tests/testutilsqemu.c | 3 +-
tests/virfirewallmock.c | 3 +-
28 files changed, 173 insertions(+), 192 deletions(-)
--
2.30.2
3 years, 6 months
[PATCH v3 0/1] qemu: add support for max-ram-below-4g option
by Zhiyong Ye
For background, see:
https://listman.redhat.com/archives/libvir-list/2021-April/msg01196.html
V3 to V2:
* Fix conflicts created by git pull
V2 to V1:
* Change the 'below4g' attribute to not share the 'unit' argument with
actual memory size, and let its unit default to KiB
* Add docs and test changes
* Add check in the ABI stability checker code
Zhiyong Ye (1):
qemu: add support for max-ram-below-4g option
docs/formatdomain.rst | 10 ++++++--
docs/schemas/domaincommon.rng | 5 ++++
src/conf/domain_conf.c | 15 ++++++++++++
src/conf/domain_conf.h | 3 +++
src/conf/domain_validate.c | 13 ++++++++++
src/qemu/qemu_command.c | 4 ++++
tests/qemuxml2argvdata/memory-below4g.args | 29 ++++++++++++++++++++++
tests/qemuxml2argvdata/memory-below4g.xml | 26 ++++++++++++++++++++
tests/qemuxml2argvtest.c | 1 +
tests/qemuxml2xmloutdata/memory-below4g.xml | 37 +++++++++++++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
11 files changed, 142 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxml2argvdata/memory-below4g.args
create mode 100644 tests/qemuxml2argvdata/memory-below4g.xml
create mode 100644 tests/qemuxml2xmloutdata/memory-below4g.xml
--
2.11.0
3 years, 6 months
After blockcopy with pivot, a dirty-bitmap is added, but not been removed automatically.
by ChangLimin
Hi Peter,
Since https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=7bfff40fdfe5410c446...,
after blockcopy with pivot, a dirty-bitmap is added, but not been removed automatically.
Is that something wrong?
0. start a vm, and switch on some traces
# virsh start cirros
# virsh qemu-monitor-command cirros --hmp "trace-event handle_qmp* on"
# virsh qemu-monitor-command cirros --hmp "trace-event hbitmap* on"
1. cirros0.img is opened.
# virsh domblklist cirros
Target Source
------------------------------------
vda /vms/images1/cirros0.img
2. blockcopy and pivot to cirros1.img
# virsh blockcopy cirros vda --dest /vms/images1/cirros1.img --pivot --transient-job
Successfully pivoted
3. cirros1.img is opened
# virsh domblklist cirros
Target Source
------------------------------------
vda /vms/images1/cirros1.img
4. From qemu log, a dirty-bitmap is added @1620475221.389151
77998@1620475125.281656:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "human-monitor-command", "arguments": {"command-line": "trace-event qmp_job* on"}, "id": "libvirt-380"}
77998@1620475125.299950:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "human-monitor-command", "arguments": {"command-line": "trace-event mirror* on"}, "id": "libvirt-381"}
77998@1620475125.317931:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "human-monitor-command", "arguments": {"command-line": "trace-event hbitmap* on"}, "id": "libvirt-382"}
77998@1620475217.640133:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "query-named-block-nodes", "arguments": {"flat": true}, "id": "libvirt-383"}
77998@1620475217.642025:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "blockdev-add", "arguments": {"node-name": "libvirt-2-storage", "driver": "file", "filename": "/vms/images1/cirros1.img", "auto-read-only": true, "aio": "native", "cache": {"no-flush": false, "direct": true}, "discard": "unmap"}, "id": "libvirt-384"}
77998@1620475217.643434:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "blockdev-create", "arguments": {"job-id": "create-libvirt-2-format", "options": {"driver": "qcow2", "cluster-size": 65536, "size": 46137344, "file": "libvirt-2-storage"}}, "id": "libvirt-385"}
77998@1620475217.827378:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "query-jobs", "id": "libvirt-386"}
77998@1620475217.827980:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "job-dismiss", "arguments": {"id": "create-libvirt-2-format"}, "id": "libvirt-387"}
77998@1620475217.850802:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "blockdev-add", "arguments": {"backing": null, "node-name": "libvirt-2-format", "driver": "qcow2", "read-only": false, "cache": {"no-flush": false, "direct": true}, "file": "libvirt-2-storage"}, "id": "libvirt-388"}
77998@1620475217.853157:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "blockdev-mirror", "arguments": {"auto-finalize": true, "device": "libvirt-1-format", "auto-dismiss": false, "sync": "full", "job-id": "copy-vda-libvirt-1-format", "target": "libvirt-2-format"}, "id": "libvirt-389"}
77998@1620475217.871674:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "query-block-jobs", "id": "libvirt-390"}
77998@1620475221.387625:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "query-block-jobs", "id": "libvirt-396"}
77998@1620475221.389151:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "transaction", "arguments": {"actions": [{"type": "block-dirty-bitmap-add", "data": {"name": "libvirt-tmp-activewrite", "persistent": false, "node": "libvirt-2-format", "disabled": false}}]}, "id": "libvirt-397"}
77998@1620475221.389755:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "job-complete", "arguments": {"id": "copy-vda-libvirt-1-format"}, "id": "libvirt-398"}
77998@1620475221.391321:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "query-jobs", "id": "libvirt-399"}
77998@1620475221.391926:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "job-dismiss", "arguments": {"id": "copy-vda-libvirt-1-format"}, "id": "libvirt-400"}
77998@1620475221.393052:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "blockdev-del", "arguments": {"node-name": "libvirt-1-format"}, "id": "libvirt-401"}
77998@1620475221.393702:handle_qmp_command mon 0x55ebd4b176b0 req: {"execute": "blockdev-del", "arguments": {"node-name": "libvirt-1-storage"}, "id": "libvirt-402"}
Also there are many hbitmap_xx events.
5. I have debuged the source, in qemuBlockJobProcessEventCompletedCopyBitmaps , QEMU_CAPS_BLOCKDEV_REOPEN cap is not supported unti the latest qemu.
So the bitmap is not removed. Is the QEMU_CAPS_BLOCKDEV_REOPEN cap be must?
Regards,
Chang Limin
3 years, 6 months
[PATCH v2 0/1] qemu: add support for max-ram-below-4g option
by Zhiyong Ye
Hi all,
Sorry to bother again.
Since I'm new to the libvirt community, and also this is my first time to
submit patches, I'm truly sorry for the format problems that I emailed before.
Could you kindly help me review it again, and let me know if there is anything
I need to change.
For background, see:
https://listman.redhat.com/archives/libvir-list/2021-April/msg01196.html
Changes since V1:
* Change the 'below4g' attribute to not share the 'unit' argument with
actual memory size, and let its unit default to KiB
* Add docs and test changes
* Add check in the ABI stability checker code
Best regards!
Zhiyong Ye
Zhiyong Ye (1):
qemu: add support for max-ram-below-4g option
docs/formatdomain.rst | 10 ++++++--
docs/schemas/domaincommon.rng | 5 ++++
src/conf/domain_conf.c | 15 ++++++++++++
src/conf/domain_conf.h | 3 +++
src/conf/domain_validate.c | 13 ++++++++++
src/qemu/qemu_command.c | 4 ++++
tests/qemuxml2argvdata/memory-below4g.args | 29 ++++++++++++++++++++++
tests/qemuxml2argvdata/memory-below4g.xml | 26 ++++++++++++++++++++
tests/qemuxml2argvtest.c | 1 +
tests/qemuxml2xmloutdata/memory-below4g.xml | 37 +++++++++++++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
11 files changed, 142 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxml2argvdata/memory-below4g.args
create mode 100644 tests/qemuxml2argvdata/memory-below4g.xml
create mode 100644 tests/qemuxml2xmloutdata/memory-below4g.xml
--
2.11.0
3 years, 6 months
[libvirt PATCH 0/9] make internal only secrets work with split daemons
by Daniel P. Berrangé
If you define a secret with private="yes", then libvirt won't let any
client query the secret value after it is set. Only other libvirt
drivers inside the daemon can query it by passing a special internal
only flag to the virSecretGetValue API. The remote driver/daemon
refuses to let this internal flag go over the wire preventing normal
clients from using it
This doesn't work with the split daemons because the virSecretGetValue
API done by virqemud / virtstoraged has to go over the wire to reach
the virsecretd.
We need to come up with an alternative way to "prove" that the caller
of virSecretGetValue is a libvirt daemon, as opposed to a general
libvirt client.
Note with if only traditional POSIX DAC permissions are in effect
then we could consider it pointless trying to restrict access to
clients running the same user/group as the libvirt daemon. We ought
to take into account that the client might be confined by SELinux
though, so the "private secret" concept isn't entirely pointless.
Thus doing a simple uid of client == uid of daemon check is a bit
too weak. The UID check might also not fly if the modular daemons
are run inside containers with user namespaces, as the container
for virtsecretd and virtqemud might have different user mappings
in theory.
This series adds a concept of a "token" which is known only to the
libvirt daemons. The first daemon to use it writes a random hex
string to /var/run/libvirt/common/system.token. Other daemons can
read and compare this. Unless a MAC system is present this is still
largely security theatre, but that's not really worse than the
historical behaviour.
When an API call is made the virIdentity by default reflects the
identity of the UNIX process that initiated it.
When connecting to virtproxyd, the client apps' identity is forwarded
to the next virtNNNNd daemon.
When libvirt drivers, however, initiate an API call we never set any
identity. With monolithic libvirtd, they'd inherit the current client
identity automagically since it was all in the same thread local. With
modular daemons the othe driver would see the identity of the other
libvirt daemon which is bad as this gives elevated privileges in the
ACL check.
Thus we fix the code which drivers use to open a connection to other
daemons, such that it applies the current caller's identity. It does
this using an "elevated" identity though, which means, we have added
in the system token. Thus the virtsecretd daemon getting the call
virSecretGetValue sees the virIdentity reflecting the client
application which originally called the virDomainCreate() API, but
with the system token set. Thus virsecretd can see that the
virSecretGetValue was invoked by another daemon, not a libvirt
client app.
Daniel P. Berrangé (9):
util: add virRandomToken API
util: introduce concept of a system token into identities
util: generate a persistent system token
src: set system token for system identity
util: add API for copying identity objects
util: add method for getting the current identity with system token
src: add API to determine if current identity is a system identity
secret: rework handling of private secrets
src: set identity when opening secondary drivers
src/driver-secret.h | 9 +-
src/driver.c | 27 +++++
src/libvirt-secret.c | 2 +-
src/libvirt_private.syms | 5 +
src/remote/remote_driver.c | 8 +-
src/secret/secret_driver.c | 34 ++++--
src/util/viridentity.c | 230 +++++++++++++++++++++++++++++++++++++
src/util/viridentity.h | 7 ++
src/util/virrandom.c | 18 +++
src/util/virrandom.h | 1 +
src/util/virsecret.c | 3 +-
tests/qemuxml2argvtest.c | 3 +-
12 files changed, 320 insertions(+), 27 deletions(-)
--
2.31.1
3 years, 6 months
