[libvirt PATCH 0/1] apparmor: Allow umount(/dev)
by Andrea Bolognani
CC'ing AppArmor experts to get their input :)
This is a farily big hammer, but unfortunately I don't think it's
possible to tell AppArmor "let the driver use umount, but only if
it's running inside a namespace".
Andrea Bolognani (1):
apparmor: Allow umount(/dev)
src/security/apparmor/usr.sbin.libvirtd.in | 1 +
src/security/apparmor/usr.sbin.virtqemud.in | 1 +
2 files changed, 2 insertions(+)
--
2.39.0
2 years, 3 months
[PATCH] remote: add missing lock guard for secret value API
by Daniel P. Berrangé
This fixes a bug in
commit fda53ab3a536647192dd088672dcb6f4a6820e51
Author: Daniel P. Berrangé <berrange(a)redhat.com>
Date: Thu Dec 22 10:29:32 2022 -0500
remote: use VIR_LOCK_GUARD in client code
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/remote/remote_driver.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 206a3829e2..a1e08bcfe2 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -5088,6 +5088,7 @@ remoteSecretGetValue(virSecretPtr secret, size_t *value_size,
remote_secret_get_value_args args;
remote_secret_get_value_ret ret = {0};
struct private_data *priv = secret->conn->privateData;
+ VIR_LOCK_GUARD lock = remoteDriverLock(priv);
make_nonnull_secret(&args.secret, secret);
args.flags = flags;
--
2.39.0
2 years, 3 months
[libvirt PATCH] remote: remoteDomainCreate: Add missing struct initializer for 'ret2'
by Erik Skultety
Fixes: 62448c1a4927682f999fecf55e896de4625e46f6
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
The commit in question broke many integration tests:
https://gitlab.com/libvirt/libvirt/-/jobs/3620679044
src/remote/remote_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 206a3829e2..33eff0fe12 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -2428,7 +2428,7 @@ remoteDomainCreate(virDomainPtr domain)
{
remote_domain_create_args args;
remote_domain_lookup_by_uuid_args args2;
- remote_domain_lookup_by_uuid_ret ret2;
+ remote_domain_lookup_by_uuid_ret ret2 = {0};
struct private_data *priv = domain->conn->privateData;
VIR_LOCK_GUARD lock = remoteDriverLock(priv);
--
2.39.0
2 years, 3 months
[libvirt PATCH] ch: use CURLOPT_UPLOAD instead of CURLOPT_PUT
by Daniel P. Berrangé
The CURLOPT_PUT constant causes a deprecation warning when compiling on
Alpine Edge. The docs indicate it is deprecated since 7.2.1
https://curl.se/libcurl/c/CURLOPT_PUT.html
We already use CURLOPT_UPLOAD in the ESX driver, so this brings the CH
driver into line.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/ch/ch_monitor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ch/ch_monitor.c b/src/ch/ch_monitor.c
index 8d8654332f..7b8f0a8077 100644
--- a/src/ch/ch_monitor.c
+++ b/src/ch/ch_monitor.c
@@ -660,7 +660,7 @@ virCHMonitorPutNoContent(virCHMonitor *mon, const char *endpoint)
curl_easy_setopt(mon->handle, CURLOPT_UNIX_SOCKET_PATH, mon->socketpath);
curl_easy_setopt(mon->handle, CURLOPT_URL, url);
- curl_easy_setopt(mon->handle, CURLOPT_PUT, true);
+ curl_easy_setopt(mon->handle, CURLOPT_UPLOAD, 1L);
curl_easy_setopt(mon->handle, CURLOPT_HTTPHEADER, NULL);
responseCode = virCHMonitorCurlPerform(mon->handle);
--
2.39.0
2 years, 3 months
[PATCH V9 00/14] spec: Decompose the daemon subpackage
by Jim Fehlig
This is V9 of
https://listman.redhat.com/archives/libvir-list/2023-January/237006.html
The end goal is to remove the libvirt-dameon dependency on the various
libvirt-daemon-driver-foo subpackages, allowing installation of a
modular daemon configuration without the traditional monolithic libvirtd.
Changes from V8:
* Move adjustments to systemd service files to a new patch
* Address more review comments
Jim Fehlig (14):
spec: Move virtlockd to a new subpackage libvirt-daemon-lock
spec: Move virtlogd to a new subpackage libvirt-daemon-log
spec: Move virtproxyd to a new subpackage libvirt-daemon-proxy
spec: Move lockd plugin to a new subpackage
spec: Rename the libvirt-lock-sanlock subpackage
spec: Move common files and dependencies to libvirt-daemon-common
spec: Add module-init-tools dependency to nodedev and lxc drivers
spec: Add numad dependency to qemu and lxc drivers
spec: Remove libvirt-daemon dependency from secondary drivers
services: Weaken systemd dependency on virtlockd
spec: Remove libvirt-daemon dependency from primary drivers
spec: Remove libvirt-daemon dependency from hypervisor subpackages
kbase: Update rpm-deployment.rst with new subpackages
NEWS: Mention split of libvirt-daemon subpackage
NEWS.rst | 6 +
docs/kbase/rpm-deployment.rst | 48 +++--
libvirt.spec.in | 332 +++++++++++++++++++++++----------
src/libxl/virtxend.service.in | 2 +-
src/qemu/virtqemud.service.in | 2 +-
src/remote/libvirtd.service.in | 2 +-
6 files changed, 281 insertions(+), 111 deletions(-)
--
2.38.1
2 years, 3 months
[PATCH] qemu_namespace: Umount the original /dev before replacing it with tmpfs
by Michal Privoznik
Our code relies on mount events propagating into the namespace we
create for a domain. However, there's one caveat. In v8.8.0-rc1~8
I've tried to make us detect differences in mount tables between
the namespace in which libvirtd runs and the domain namespace.
This is crucial for any mounts that happen after the domain was
started (for instance new hugetlbfs can be mounted on say
/dev/hugepages1G).
Therefore, we take a look into /proc/$(pgrep qemu)/mounts to see
what filesystems are mounted under /dev. Now, since we don't
umount the original /dev, just mount a tmpfs over it, we get all
the events (e.g. aforementioned hugetlbfs mount on
/dev/hugepages1G), but we are not really able to access it
because of the tmpfs that's placed on top. This then confuses our
algorithm for detecting which filesystems are mounted (the
algorithm is implemented in qemuDomainGetPreservedMounts()).
To break the link between host's and guest's /dev we just need to
umount() the original /dev in the namespace. Just before our
artificially created tmpfs is moved into its place.
Fixes: 46b03819ae8d833b11c2aaccb2c2a0361727f51b
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151869#c6
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_namespace.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 90c0b90024..a6b9af1307 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -775,6 +775,11 @@ qemuDomainUnshareNamespace(virQEMUDriverConfig *cfg,
goto cleanup;
}
+ if (umount("/dev") < 0) {
+ virReportSystemError(errno, "%s", _("failed to umount devfs on /dev"));
+ return -1;
+ }
+
if (virFileMoveMount(devPath, "/dev") < 0)
goto cleanup;
--
2.37.4
2 years, 3 months
[PATCH 00/15] Clean up credential asking code in SSH transport
by Peter Krempa
Peter Krempa (15):
virNetLibsshSessionAuthAddPrivKeyAuth: Drop 'password' argument
virNetLibsshAuthMethod: Drop 'password' field
util: authconfig: Use automatic pointer clearing for virAuthConfig
util: authconfig: Use conteporary and consistent header style
virNetSSHSessionAuthAddPrivKeyAuth: Remove unused 'password' argument
virNetSSHSessionAuthAddPrivKeyAuth: Refactor cleanup
virNetSSHAuthMethod: Remove unused 'password' field
virnetsshsession: Pass in username via virNetSSHSessionNew rather than
auth functions
util: auth: Introduce virAuthAskCredential
virNetLibsshAuthenticateKeyboardInteractive: Use virAuthAskCredential
virNetLibsshAuthenticatePrivkeyCb: Use virAuthAskCredential
util: virauth: Export virAuthGetCredential
virNetLibsshCheckHostKey: Use virAuthAskCredential
virNetLibsshAuthenticatePassword: Use virAuthAskPassword instead of
virAuthGetPasswordPath
virAuthGetPasswordPath: Use virAuthAskCredential for callback
interaction
src/libvirt_private.syms | 3 +
src/rpc/virnetlibsshsession.c | 211 ++++++++++------------------------
src/rpc/virnetlibsshsession.h | 3 +-
src/rpc/virnetsocket.c | 19 +--
src/rpc/virnetsshsession.c | 162 ++++++++------------------
src/rpc/virnetsshsession.h | 13 +--
src/util/virauth.c | 107 +++++++++++------
src/util/virauth.h | 12 ++
src/util/virauthconfig.c | 52 ++++-----
9 files changed, 223 insertions(+), 359 deletions(-)
--
2.38.1
2 years, 3 months
[PATCH] qemu: Provide virDomainGetCPUStats() implementation for session connection
by Michal Privoznik
We have virDomainGetCPUStats() API which offers querying
statistics on host CPU usage by given guest. And it works in two
modes: getting overall stats (@start_cpu == -1, @ncpus == 1) or
getting per host CPU usage.
For the QEMU driver it is implemented by looking into values
stored in corresponding cpuacct CGroup controller. Well, this
works for system instances, where libvirt has permissions to
create CGroups and place QEMU process into them. But it does not
fly for session connection, where no CGroups are set up.
Fortunately, we can do something similar to v8.8.0-rc1~95 and use
virProcessGetStatInfo() to fill the overall stats. Unfortunately,
I haven't found any source of per host CPU usage, so we just
continue throwing an error in that case.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_driver.c | 52 ++++++++++++++++++++++++++++++++++++++++--
1 file changed, 50 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index d6879175fe..a570057ecf 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -16009,6 +16009,50 @@ qemuDomainGetMetadata(virDomainPtr dom,
return ret;
}
+#define QEMU_CPU_STATS_PROC_TOTAL 3
+
+static int
+qemuDomainGetCPUStatsProc(virDomainObj *vm,
+ virTypedParameterPtr params,
+ unsigned int nparams)
+{
+ unsigned long long cpuTime = 0;
+ unsigned long long userTime = 0;
+ unsigned long long sysTime = 0;
+
+ if (nparams == 0) {
+ /* return supported number of params */
+ return QEMU_CPU_STATS_PROC_TOTAL;
+ }
+
+ if (virProcessGetStatInfo(&cpuTime, &userTime, &sysTime,
+ NULL, NULL, vm->pid, 0) < 0) {
+ virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+ _("cannot read cputime for domain"));
+ return -1;
+ }
+
+ if (virTypedParameterAssign(¶ms[0], VIR_DOMAIN_CPU_STATS_CPUTIME,
+ VIR_TYPED_PARAM_ULLONG, cpuTime) < 0)
+ return -1;
+
+ if (nparams > 1 &&
+ virTypedParameterAssign(¶ms[1], VIR_DOMAIN_CPU_STATS_USERTIME,
+ VIR_TYPED_PARAM_ULLONG, userTime) < 0)
+ return -1;
+
+ if (nparams > 2 &&
+ virTypedParameterAssign(¶ms[2], VIR_DOMAIN_CPU_STATS_SYSTEMTIME,
+ VIR_TYPED_PARAM_ULLONG, sysTime) < 0)
+ return -1;
+
+ if (nparams > 3)
+ nparams = 3;
+
+ return nparams;
+}
+
+#undef QEMU_CPU_STATS_PROC_TOTAL
static int
qemuDomainGetCPUStats(virDomainPtr domain,
@@ -16037,8 +16081,12 @@ qemuDomainGetCPUStats(virDomainPtr domain,
goto cleanup;
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUACCT)) {
- virReportError(VIR_ERR_OPERATION_INVALID,
- "%s", _("cgroup CPUACCT controller is not mounted"));
+ if (start_cpu == -1) {
+ ret = qemuDomainGetCPUStatsProc(vm, params, nparams);
+ } else {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("cgroup CPUACCT controller is not mounted"));
+ }
goto cleanup;
}
--
2.38.2
2 years, 3 months
[PATCH] docs: Fix typo
by Andrea Bolognani
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
Pushed as trivial.
docs/formatdomain.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 8fc8aeb928..f76c7c3d81 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -2703,7 +2703,7 @@ paravirtualized driver is specified via the ``disk`` element.
holding the disk. :since:`Since 0.0.3`
:since:`Since 9.0.0` a new optional attribute ``fdgroup`` can be added
- instructing to access the disk via file descriptiors associated to the
+ instructing to access the disk via file descriptors associated to the
domain object via the ``virDomainFDAssociate()`` API rather than opening
the files. The files do not necessarily have to be accessible by libvirt
via the filesystem. The filename passed via ``file`` can still be used
--
2.39.0
2 years, 3 months
[libvirt PATCH 0/3] cgroups cpu shares fixes
by Pavel Hrdina
Pavel Hrdina (3):
vircgroupv2: fix cpu.weight limits check
domain_validate: drop cpu.shares cgroup check
docs: document correct cpu shares limits with both cgroups v1 and v2
docs/formatdomain.rst | 2 +-
docs/manpages/virsh.rst | 3 ++-
src/conf/domain_validate.c | 10 ----------
src/util/vircgroup.h | 2 ++
src/util/vircgroupv2.c | 8 ++++----
5 files changed, 9 insertions(+), 16 deletions(-)
--
2.39.0
2 years, 3 months
