[libvirt] [PATCH] Fix virt-pki-validate's determination of CN
by Dustin Kirkland
Fix virt-pki-validate's determination of CN
This patch is a follow-up to:
cb06a9bfe529e64b15773cb86781ae14c09f8216
"portability fixes to tools/virt-pki-validate.in"
addressing Eric Blake's concerns about the regular expression.
Ubuntu's gntls package generates an Issuer line that looks like this:
Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster(a)example.com
While Red Hat's looks like this
Issuer: CN=Red Hat Emerging Technologies
Note the leading whitespace, and the additional fields in the former.
This patch updates the regular expression to:
* trim leading characters before "Issuer:"
* trim anything between Issuer: and CN=
* trim anything after the next ,
I've tested this against the certool output of both RH and Ubuntu
generated certs.
I know that Eric dislikes the leading grep. My apologies. I spent more
time than I care to admit trying to get sed to select that one line, and
then run two regexes against it. Feel free to correct this patch and
educate me, if you have a better way. Thanks!
Signed-off-by: Dustin Kirkland <kirkland(a)canonical.com>
diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
index f77521d..c44aa9d 100755
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -130,7 +130,7 @@ then
echo "as root do: chmod 644 $CA/cacert.pem"
exit 1
fi
-ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'`
+ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep "Issuer:" | sed -e 's/^.*Issuer:.*CN=//' -e 's/,.*$//'`
if [ "$ORG" = "" ]
then
echo the CA certificate $CA/cacert.pem does not define the organization
14 years
[libvirt] [v2 0/3] Fixes related to the IP address learning thread
by Stefan Berger
The following set of patches are primarily related to the
thread learning the IP address of a VM and deal with:
- ebtables cleanup before applying basic filtering rules that are
active while the IP address is detected
- shutting down all traffic in case the filtering rules could not
be applied by the thread
- serialization of the teardown of eb/ip/ip6tables rules to occurr
after the IP address learning thread has terminated
- not to apply or tear any eb/ip/ip6tables rules of a VM's interface
while the IP address learning thread is active. This may be due
to a filter being updated concurrently using for exampe
'virsh define/edit'.
Regards,
Stefan
14 years
[libvirt] [PATCH] qemudDomainSaveFlag: remove dead store
by Jim Meyering
Clang spotted a new (albeit harmless) dead store:
>From 0e37c524fb9c62d9b16443d6ff081c977963f4c5 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Thu, 29 Apr 2010 17:56:01 +0200
Subject: [PATCH] qemudDomainSaveFlag: remove dead store
* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Remove dead store to "rc".
---
src/qemu/qemu_driver.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6ee5cc2..8c5d745 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -4818,7 +4818,7 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
virReportSystemError(errno, _("unable to open %s"), path);
goto endjob;
}
- if ((rc = qemudDomainSaveFileOpHook(fd, &hdata)) != 0) {
+ if (qemudDomainSaveFileOpHook(fd, &hdata) != 0) {
close(fd);
goto endjob;
}
--
1.7.1.328.g9993c
14 years
[libvirt] [PATCH 0/5] build: rely more on gnulib
by Eric Blake
I can't yet upgrade to the latest gnulib due to some LGPLv2+ issues
being worked out upstream. But in the meantime, here's some cleanups
that will make it easier to upgrade when gnulib is ready. I always
like patch series with a net reduction in lines.
I suppose I should try to get a mingw or cygwin build finished with
these in place, before pushing anything, but that will have to be
tomorrow (I tested on Linux, but it's late for me now).
bootstrap.conf | 3 +++
configure.ac | 39 +++++++++++++--------------------------
src/Makefile.am | 3 ++-
src/libvirt.c | 4 +---
src/nodeinfo.c | 12 ++----------
src/remote/remote_driver.c | 11 ++++-------
src/storage/storage_backend.c | 4 +---
src/util/ebtables.c | 7 ++-----
src/util/hooks.c | 4 +---
src/util/iptables.c | 7 ++-----
src/util/threads.c | 4 ++--
src/util/threads.h | 4 ++--
src/util/util.c | 14 ++++++--------
13 files changed, 41 insertions(+), 75 deletions(-)
[PATCH 1/5] build: rely on gnulib's pthread module
[PATCH 2/5] build: replace redundant header check with function check
[PATCH 3/5] build: use gnulib's uname
[PATCH 4/5] build: use gnulib's sys/wait.h
[PATCH 5/5] build: drop more redundant configure checks
14 years
[libvirt] [PATCH] Fix handling of disk backing stores with cgroups
by Daniel P. Berrange
The cgroups ACL code was only allowing the primary disk image.
It is possible to chain images together, so we need to search
for backing stores and add them to the ACL too. Since the ACL
only handles block devices, we ignore the EINVAL we get from
plain files.
* src/qemu/qemu_driver.c: Allow backing stores in cgroup ACLs
---
src/qemu/qemu_driver.c | 47 +++++++++++++++++++++++++++++++++++------------
1 files changed, 35 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 326cb58..ae6addd 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -84,6 +84,7 @@
#include "macvtap.h"
#include "nwfilter/nwfilter_gentech_driver.h"
#include "hooks.h"
+#include "storage_file.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
@@ -2957,18 +2958,40 @@ static int qemuSetupCgroup(struct qemud_driver *driver,
}
for (i = 0; i < vm->def->ndisks ; i++) {
- if (vm->def->disks[i]->type != VIR_DOMAIN_DISK_TYPE_BLOCK ||
- vm->def->disks[i]->src == NULL)
- continue;
+ char *path = vm->def->disks[i]->src;
+ while (path != NULL) {
+ virStorageFileMetadata meta;
+ int ret;
+
+ VIR_DEBUG("Process path %s for disk %d", path, i);
+ rc = virCgroupAllowDevicePath(cgroup, path);
+ if (rc != 0) {
+ /* Get this for non-block devices */
+ if (rc == -EINVAL) {
+ VIR_DEBUG("Ignoring EINVAL for %s", path);
+ } else {
+ virReportSystemError(-rc,
+ _("Unable to allow device %s for %s"),
+ path, vm->def->name);
+ if (path != vm->def->disks[i]->src)
+ VIR_FREE(path);
+ goto cleanup;
+ }
+ }
- rc = virCgroupAllowDevicePath(cgroup,
- vm->def->disks[i]->src);
- if (rc != 0) {
- virReportSystemError(-rc,
- _("Unable to allow device %s for %s"),
- vm->def->disks[i]->src, vm->def->name);
- goto cleanup;
- }
+ memset(&meta, 0, sizeof(meta));
+
+ ret = virStorageFileGetMetadata(path, &meta);
+
+ if (path != vm->def->disks[i]->src)
+ VIR_FREE(path);
+ path = NULL;
+
+ if (ret < 0)
+ goto cleanup;
+
+ path = meta.backingStore;
+ } while (path != NULL);
}
rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_PTY_MAJOR);
--
1.6.5.2
14 years
[libvirt] [PATCH v2 0/8]: Add arbitrary qemu command-line and monitor commands
by Chris Lalancette
As we discussed previously, here is the patch series to add the ability
to specify arbitrary qemu command-line parameters and environment variables,
and also give arbitrary monitor commands to a guest. Because these
extra arguments have a good shot at confusing libvirt, the use of them
is not supported, but left available for advanced users and developers.
They are also in a separate library and have a separate on-the-wire
protocol.
There is one bug left that I have not yet been able to fix. Because of the
complicated way that virsh parses command-line arguments, it is not possible
to pass through spaces and quotes when using the qemu-monitor-command.
Unfortunately, the qemu monitor commands (and in particular when using QMP)
depend heavily on quoting and spacing, so using virsh to send through
command-lines is difficult. I'll have to think about how to better resolve
this issue, but it should not hold up the rest of the series.
Thanks to Dan Berrange and Eric Blake for their reviews already, and to DV
for the Relax NG schema changes.
Changes since v1 are listed in the individual patches.
14 years
[libvirt] [PATCH] Report better error if qemuSnapshotIsAllowed failed.
by Chris Lalancette
Signed-off-by: Chris Lalancette <clalance(a)redhat.com>
---
src/qemu/qemu_driver.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f7084ca..5ab211a 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -10782,8 +10782,8 @@ static int qemuDomainSnapshotIsAllowed(virDomainObjPtr vm)
(!vm->def->disks[i]->driverType ||
STRNEQ(vm->def->disks[i]->driverType, "qcow2"))) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
- _("Disk device '%s' does not support snapshotting"),
- vm->def->disks[i]->info.alias);
+ _("Disk '%s' does not support snapshotting"),
+ vm->def->disks[i]->src);
return 0;
}
}
--
1.6.6.1
14 years
[libvirt] nwfilter: Also pick IP address from a DHCP ACK message
by Stefan Berger
The local DHCP server on virtbr0 sends DHCP ACK messages when a VM is
started and requests an IP address while the initial DHCP lease on the
VM's MAC address hasn't expired. So, also pick the IP address of the VM
if that type of message is seen.
Thanks to Gerhard Stenzel for providing a test case for this.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.c
+++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c
@@ -98,6 +98,7 @@ struct dhcp {
} ATTRIBUTE_PACKED;
#define DHCP_MSGT_DHCPOFFER 2
+#define DHCP_MSGT_DHCPACK 5
struct ether_vlan_header
{
@@ -347,6 +348,7 @@ procDHCPOpts(struct dhcp *dhcp, int dhcp
if (dhcp_opts_len >= 3) {
uint8_t *val = (uint8_t *)&dhcpopt->value;
switch (*val) {
+ case DHCP_MSGT_DHCPACK:
case DHCP_MSGT_DHCPOFFER:
*vmaddr = dhcp->yiaddr;
*howDetected = DETECT_DHCP;
14 years
[libvirt] [PATCH] Fix build on Ubuntu.
by Chris Lalancette
When building on Ubuntu with make -j3 (or more), it would always
fail when trying to build virt-aa-helper. I'm not an expert in
automake by any means, but I think the entry for virt-aa-helper
is mis-using LDADD; it shouldn't be putting direct paths to
libvirt_conf.la and libvirt_util.la, but instead referencing those
names. With this patch in place, I'm able to successfully build
on Ubuntu 9.04 with make -j3.
Signed-off-by: Chris Lalancette <clalance(a)redhat.com>
---
src/Makefile.am | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index d8466f0..2531ac5 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1005,9 +1005,9 @@ virt_aa_helper_LDFLAGS = $(WARN_CFLAGS)
virt_aa_helper_LDADD = \
$(WARN_CFLAGS) \
$(LIBXML_LIBS) \
- @top_srcdir(a)/src/libvirt_conf.la \
- @top_srcdir(a)/src/libvirt_util.la \
- @top_srcdir(a)/gnulib/lib/libgnu.la
+ libvirt_conf.la \
+ libvirt_util.la \
+ ../gnulib/lib/libgnu.la
virt_aa_helper_CFLAGS = \
-I@top_srcdir@/src/conf \
-I@top_srcdir@/src/security
--
1.6.6.1
14 years
[libvirt] [PATCH] Fix a memory leak in the node_device_udev code
by Chris Lalancette
We were over-writing a pointer without freeing it in
case of a disk device, leading to a memory leak.
Signed-off-by: Chris Lalancette <clalance(a)redhat.com>
---
src/node_device/node_device_udev.c | 7 -------
1 files changed, 0 insertions(+), 7 deletions(-)
diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
index 3a5a7e2..bcfe991 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -815,13 +815,6 @@ static int udevProcessDisk(struct udev_device *device,
union _virNodeDevCapData *data = &def->caps->data;
int ret = 0;
- data->storage.drive_type = strdup("disk");
- if (data->storage.drive_type == NULL) {
- virReportOOMError();
- ret = -1;
- goto out;
- }
-
if (udevGetUint64SysfsAttr(device,
"size",
&data->storage.num_blocks) == PROPERTY_ERROR) {
--
1.6.6.1
14 years
