August 2021 - Devel - libvirt List Archives

[PATCH] NEWS: Mention new SecurityManager APIs for labeling network devices
by Jim Fehlig 27 Aug '21

27 Aug '21

Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- NEWS.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 21df0e1602..744f445319 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -19,6 +19,13 @@ v7.7.0 (unreleased) * **Improvements** + * Add SecurityManager APIs for labeling network devices + + New ``virSecurityManagerSetNetdevLabel`` and ``virSecurityManagerSetNetdevLabel`` + APIs are introduced and implemented in the Apparmor security driver. + The qemu driver uses the APIs to label vhostuser ports on hotplug and + restore labeling on unplug. + * **Bug fixes** -- 2.32.0

2 1

[PATCH] NEWS: Document my contributions for the upcoming release
by Michal Privoznik 27 Aug '21

27 Aug '21

Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- NEWS.rst | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 21df0e1602..1a8abb56f4 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -105,6 +105,11 @@ v7.5.0 (2021-07-01) Since it's impossible to fix it without running into further regressions the documentation was improved to document the intricacies. + * vmx: Parse vm.genid and support super wide SCSI bus + + The genid attribute is now reported for VMX guests. Libvirt can now + properly process super wide SCSI bus (64 units). + * **Bug fixes** * qemu: Fixed validation of disk ``iothread`` configuration @@ -113,6 +118,18 @@ v7.5.0 (2021-07-01) it caused bogus errors when address wasn't allocated when hotplugging a disk. The check is now removed as it wasn't actually necessary at all. + * qemu: Open chardev logfile on behalf of QEMU + + Guests with a logfile configured for their chardevs are now able to start + when even no virtlogd is configured. + + * virhostmem: Handle numactl-less build in hugepages allocation/reporting + + Some architectures don't have notion of NUMA (e.g. s390x) but do support + hugepages. Libvirt silently ignored requests to allocate/report hugepage + pool when built without numactl. This is now fixed and the pool can be + allocated/reported on properly. + v7.4.0 (2021-06-01) =================== -- 2.31.1

2 1

[libvirt PATCH 00/11] Automatic mutex management
by Tim Wiederhake 27 Aug '21

27 Aug '21

libvirt currently manages mutexes manually. Manual mutex management suffers from the same drawbacks as manual memory management, and at least one lock-unlock mismatch exists currently in the code base, see https://listman.redhat.com/archives/libvir-list/2021-August/msg00125.html. This series lays the ground work for automatic mutex management in libvirt. Later series will continue to replace calls to virMutex{Lock,Unlock} and virObject{Lock,Unlock}. Patches 1 - 3 deal with a bug in clang (see patch 1 for explanation), patches 4 - 6 introduce a new type, virLockGuard, that handles the automatic mutex management, and patches 7-11 demonstrate the application of this new type. Patches that eliminate the majority of calls to virMutex{Lock,Unlock} are on stand-by, as well as patches that provide virLockGuard support for virObject and will be send once this series is accepted. Regards, Tim Tim Wiederhake (11): glibcompat: Add wrapper for g_auto* VIR_XPATH_NODE_AUTORESTORE: Add semicolon virxml: Simplify VIR_XPATH_NODE_AUTORESTORE internal: Add CONCAT macro virthread: Introduce virLockGuard virthread: Introduce WITH_VIR_MUTEX_LOCK_GUARD virChrdevFDStreamCloseCb: Use virLockGuard virChrdevFree: Use virLockGuard virChrdevOpen: Use virLockGuard networkBridgeNameValidate: Use virLockGuard networkBridgeNameValidate: Cleanup src/conf/backup_conf.c | 2 +- src/conf/checkpoint_conf.c | 2 +- src/conf/cpu_conf.c | 2 +- src/conf/domain_conf.c | 140 ++++++++++++++--------------- src/conf/interface_conf.c | 8 +- src/conf/netdev_vlan_conf.c | 2 +- src/conf/network_conf.c | 14 +-- src/conf/networkcommon_conf.c | 2 +- src/conf/node_device_conf.c | 42 ++++----- src/conf/numa_conf.c | 6 +- src/conf/snapshot_conf.c | 2 +- src/conf/storage_adapter_conf.c | 2 +- src/conf/storage_conf.c | 4 +- src/conf/storage_encryption_conf.c | 4 +- src/conf/storage_source_conf.c | 2 +- src/conf/virchrdev.c | 26 ++---- src/conf/virsavecookie.c | 2 +- src/cpu/cpu_map.c | 4 +- src/cpu/cpu_x86.c | 2 +- src/internal.h | 3 + src/libvirt_private.syms | 3 + src/lxc/lxc_domain.c | 2 +- src/network/bridge_driver.c | 11 +-- src/qemu/qemu_capabilities.c | 2 +- src/qemu/qemu_domain.c | 8 +- src/qemu/qemu_domainjob.c | 2 +- src/qemu/qemu_migration_cookie.c | 8 +- src/util/glibcompat.h | 20 +++++ src/util/virthread.c | 26 ++++++ src/util/virthread.h | 30 +++++++ src/util/virxml.h | 6 +- 31 files changed, 228 insertions(+), 161 deletions(-) -- 2.31.1

4 18

[libvirt PATCH] src: fix generation of default resource partition
by Pavel Hrdina 26 Aug '21

26 Aug '21

Now that resource structure can have appid as well we need to adapt code that creates default resource partition if not provided by user. Otherwise starting a VM with appid defined would fail with following error: error: unsupported configuration: Resource partition '(null)' must start with '/' Fixes: 38b5f4faabccf681439d99e5394954c6ef7a5a40 Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- src/lxc/lxc_process.c | 10 ++++------ src/qemu/qemu_cgroup.c | 12 ++++-------- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index cfa009f14e..d262128a50 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -1258,13 +1258,11 @@ int virLXCProcessStart(virConnectPtr conn, return -1; } - if (!vm->def->resource) { - virDomainResourceDef *res = g_new0(virDomainResourceDef, 1); + if (!vm->def->resource) + vm->def->resource = g_new0(virDomainResourceDef, 1); - res->partition = g_strdup("/machine"); - - vm->def->resource = res; - } + if (!vm->def->resource->partition) + vm->def->resource->partition = g_strdup("/machine"); logfile = g_strdup_printf("%s/%s.log", cfg->logDir, vm->def->name); diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 42dba1750d..6d4a82b3cd 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -949,15 +949,11 @@ qemuInitCgroup(virDomainObj *vm, virCgroupFree(priv->cgroup); priv->cgroup = NULL; - if (!vm->def->resource) { - virDomainResourceDef *res; + if (!vm->def->resource) + vm->def->resource = g_new0(virDomainResourceDef, 1); - res = g_new0(virDomainResourceDef, 1); - - res->partition = g_strdup("/machine"); - - vm->def->resource = res; - } + if (!vm->def->resource->partition) + vm->def->resource->partition = g_strdup("/machine"); if (!g_path_is_absolute(vm->def->resource->partition)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, -- 2.31.1

2 1

[libvirt PATCH 00/13] selinux: introduce sVirt policy and build
by Daniel P. Berrangé 26 Aug '21

26 Aug '21

This is an extension of https://listman.redhat.com/archives/libvir-list/2021-July/msg00167.html The original patches from that series are unchanged apart from the commit message, and tweak to the min fedora version in the RPM. I then include various refactors/cleanups. On Fedora 34 I notice the following: ../src/security/selinux/virt.te:579: Warning: fs_rw_anon_inodefs_files(virtd_t) has been deprecated. All calls can be safely removed. ../src/security/selinux/virt.te:580: Warning: fs_list_inotifyfs(virtd_t) has been deprecated. All calls can be safely removed. ../src/security/selinux/virt.te:985: Warning: fs_rw_anon_inodefs_files(virt_domain) has been deprecated. All calls can be safely removed. ../src/security/selinux/virt.te:1520: Warning: fs_list_inotifyfs(svirt_sandbox_domain) has been deprecated. All calls can be safely removed. assuming those warnings are correct, we can delete a few things from the policy, but that's not done here. Daniel P. Berrangé (10): selinux: remove redundant use of 'set_variable' function selinux: move selinux policy build helper to scripts directory selinux: don't hardcode paths to selinux tools selinux: don't hardcode policy include files directory rpm: move logic for setting selinux policy variables rpm: rename selinux variables to improve clarity selinux: introduce meson option for selinux policy install selinux: remove duplicate sources list for policy scripts: use variables for cli args in selinux helper scripts: factor repeated path joins from selinux helper Nikola Knazekova (1): security: add SELinux policy for virt Vit Mojzis (2): selinux: introduce build, install, packaging for selinux policy Install selinux-policy-devel in test environment ci/containers/centos-8.Dockerfile | 1 + ci/containers/centos-stream-8.Dockerfile | 1 + ci/containers/fedora-33.Dockerfile | 1 + ci/containers/fedora-34.Dockerfile | 1 + .../fedora-rawhide-cross-mingw32.Dockerfile | 1 + .../fedora-rawhide-cross-mingw64.Dockerfile | 1 + ci/containers/fedora-rawhide.Dockerfile | 1 + libvirt.spec.in | 100 + meson.build | 1 + meson_options.txt | 2 + scripts/meson.build | 1 + scripts/selinux-compile-policy.py | 156 ++ src/security/meson.build | 2 + src/security/selinux/mcs/meson.build | 17 + src/security/selinux/meson.build | 45 + src/security/selinux/mls/meson.build | 17 + src/security/selinux/virt.fc | 111 + src/security/selinux/virt.if | 1984 ++++++++++++++++ src/security/selinux/virt.te | 2078 +++++++++++++++++ 19 files changed, 4521 insertions(+) create mode 100755 scripts/selinux-compile-policy.py create mode 100644 src/security/selinux/mcs/meson.build create mode 100644 src/security/selinux/meson.build create mode 100644 src/security/selinux/mls/meson.build create mode 100644 src/security/selinux/virt.fc create mode 100644 src/security/selinux/virt.if create mode 100644 src/security/selinux/virt.te -- 2.31.1

3 23

[RFC 0/7] introduce support for live appid updates
by Pavel Hrdina 25 Aug '21

25 Aug '21

I'm posting this as an RFC mainly because I'm not sure how to model the new API. This patches introduce a new naive API that will change only the APPID and nothing else. Currently there are no other known features related to Fibre Channel resources so this non-extendable API will be sufficient, however the appid lives in <resource> element in the XML where we currently have root cgroup partition. Even though changing the partition will not be supported and we don't know about anything else that could be placed here it doesn't mean it will not happen in the future. In that case we would have to add new API as well. So I'm wondering if we should create a more generic API that would take typed parameters as arguments: int virDomainSetResource(virDomainPtr domain, virTypedParameterPtr params, int nparams, unsigned int flags) Any ideas? Pavel Hrdina (7): conf: extract appid validation to virDomainDefResourceAppidValidate cgroup: extract setting fibre channel appid into virCgroupSetFCAppid virCgroupSetFCAppid: properly handle when appid is NULL src: introduce virDomainSetFibreChannelAppid API remote: add RPC support for the virDomainSetFibreChannelAppid API qemu: implement virDomainSetFibreChannelAppid API tools: introduce virsh setappid command docs/manpages/virsh.rst | 14 ++++++ include/libvirt/libvirt-domain.h | 4 ++ src/conf/domain_validate.c | 42 ++++++++++-------- src/conf/domain_validate.h | 2 + src/driver-hypervisor.h | 6 +++ src/libvirt-domain.c | 44 +++++++++++++++++++ src/libvirt_private.syms | 2 + src/libvirt_public.syms | 1 + src/qemu/qemu_cgroup.c | 17 +------- src/qemu/qemu_driver.c | 75 ++++++++++++++++++++++++++++++++ src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 14 +++++- src/remote_protocol-structs | 6 +++ src/util/vircgroup.c | 24 ++++++++++ src/util/vircgroup.h | 3 ++ tools/virsh-domain.c | 65 +++++++++++++++++++++++++++ 16 files changed, 286 insertions(+), 34 deletions(-) -- 2.31.1

1 7

[libvirt PATCH 00/11] Attempt to rewrite group-qemu-caps.py in Python
by Ján Tomko 25 Aug '21

25 Aug '21

Disclaimer: I don't really know Python Ján Tomko (11): scripts: group-qemu-caps: read file separately in load_caps_flags scripts: group-qemu-caps: store paths in helper variables scripts: group-qemu-caps: remove cryptic bool from load_caps_flags scripts: group-qemu-caps: remove unnecessary regexes scripts: group-qemu-caps: split lines in regroup_caps scripts: group-qemu-caps: introduce load_file scripts: group-qemu-caps: introduce find_markers scripts: group-qemu-caps: introduce check_wrapping scripts: group-qemu-caps: only pass relevant lines to regroup_caps scripts: group-qemu-caps: reorder arguments scripts: group-qemu-caps: remove Errs variable scripts/group-qemu-caps.py | 172 +++++++++++++++++++------------------ 1 file changed, 90 insertions(+), 82 deletions(-) -- 2.31.1

3 14

[libvirt PATCH] tests: Fix typos
by Tim Wiederhake 25 Aug '21

25 Aug '21

Signed-off-by: Tim Wiederhake <twiederh(a)redhat.com> --- tests/qemuxml2argvtest.c | 2 +- tests/testutilsqemu.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 0cc4e8a73b..aa2afd878b 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2093,7 +2093,7 @@ mymain(void) DO_TEST_CAPS_VER("cpu-host-model", "6.0.0"); DO_TEST_CAPS_VER("cpu-host-model", "6.1.0"); - /* For this specific test we accept the increased likelyhood of changes + /* For this specific test we accept the increased likelihood of changes * if qemu updates the CPU model */ DO_TEST_CAPS_LATEST("cpu-host-model"); diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index ea9a283297..164d601613 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -750,7 +750,7 @@ testQemuInfoInitArgs(struct testQemuInfo *info) info->args.newargs = false; if (info->args.invalidarg) { - fprintf(stderr, "Invalid agument encountered by 'testQemuInfoSetArgs'\n"); + fprintf(stderr, "Invalid argument encountered by 'testQemuInfoSetArgs'\n"); return -1; } -- 2.31.1

2 1

[PATCH 0/4] Appease Clang
by Michal Privoznik 25 Aug '21

25 Aug '21

With its recent update Clang-13.0.1-rc1 started to report spurious warnings. Basically it is concerned about our use of g_auto*: g_autofree char *var = NULL; var = func(); It fails to see that @var is there to automatically free retval of func(). I've reported the bug here: https://bugs.llvm.org/show_bug.cgi?id=36627 But there are few places where we can change the code and appease Clang. The rest, where our code is correct - I'm "fixing" those places in patch 4/4 which exists only to show that after the problematic pattern is broken the build passes again: https://gitlab.com/MichalPrivoznik/libvirt/-/jobs/1532513684 Michal Prívozník (4): virpci: Avoid Clang false positive test: Drop unused @cfg from qemu*test virscsi: Drop @tmp from virSCSIDeviceListDel DO NOT MERGE src/rpc/virnetclient.c | 9 ++++++--- src/util/viridentity.c | 3 ++- src/util/virpci.c | 4 ++-- src/util/virscsi.c | 3 +-- tests/qemumigrationcookiexmltest.c | 2 -- tests/qemustatusxml2xmltest.c | 2 -- 6 files changed, 11 insertions(+), 12 deletions(-) -- 2.31.1

2 7

[PATCH] qemu: snapshot: Translate 'volume' disks before attempting offline snapshot manipulation
by Peter Krempa 25 Aug '21

25 Aug '21

When the VM is inactive the 'virStorageSource' struct doesn't have the necessary data pointing to the actual storage. This is a problem for inactive snapshot operations on VMs which use disk type='volume'. Add the translation steps for reversion and deletion of snapshots. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1977155 Resolves: https://gitlab.com/libvirt/libvirt/-/issues/202 Signed-off-by: Peter Krempa <pkrempa(a)redhat.com> --- src/qemu/qemu_domain.c | 6 ++++++ src/qemu/qemu_snapshot.c | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 50a921c80d..962343cb2d 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -7088,6 +7088,7 @@ qemuDomainSnapshotDiscard(virQEMUDriver *driver, if (!metadata_only) { if (!virDomainObjIsActive(vm)) { + size_t i; /* Ignore any skipped disks */ /* Prefer action on the disks in use at the time the snapshot was @@ -7098,6 +7099,11 @@ qemuDomainSnapshotDiscard(virQEMUDriver *driver, if (!def) def = vm->def; + for (i = 0; i < def->ndisks; i++) { + if (virDomainDiskTranslateSourcePool(def->disks[i]) < 0) + return -1; + } + if (qemuDomainSnapshotForEachQcow2(driver, def, snap, "-d", true) < 0) return -1; } else { diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c index 4e74ddd7f8..fa1f9ce973 100644 --- a/src/qemu/qemu_snapshot.c +++ b/src/qemu/qemu_snapshot.c @@ -1813,6 +1813,8 @@ qemuSnapshotRevertInactive(virQEMUDriver *driver, virDomainObj *vm, virDomainMomentObj *snap) { + size_t i; + /* Prefer action on the disks in use at the time the snapshot was * created; but fall back to current definition if dealing with a * snapshot created prior to libvirt 0.9.5. */ @@ -1821,6 +1823,11 @@ qemuSnapshotRevertInactive(virQEMUDriver *driver, if (!def) def = vm->def; + for (i = 0; i < def->ndisks; i++) { + if (virDomainDiskTranslateSourcePool(def->disks[i]) < 0) + return -1; + } + /* Try all disks, but report failure if we skipped any. */ if (qemuDomainSnapshotForEachQcow2(driver, def, snap, "-a", true) != 0) return -1; -- 2.31.1

2 1