May 2010 - Devel - libvirt List Archives

[libvirt] Compile v0.8.0 under fedora 12 / mingw
by Dev.Atom 03 Jun '10

03 Jun '10

Hi there, I'm trying to compile the libvirt from git (today). I use these configure parameters : ./configure --prefix=/usr/i686-pc-mingw32/sys-root/mingw/ --host=i686-pc-mingw32 --without-xen --without-xen-inotify --without-umlt --without-openvz --without-phyp --without-xenapi --without-vbox --without-lxc --without-one --without-esx --without-libvirtd --without-sasl --without-yajl --without-polkit --without-avahi --without-selinux --without-secdriver-selinux --without-apparmor --without-capng --without-netcf --without-python --without-xen-proxy --without-hal --without-udev And make crash in this way : make[3]: Entering directory `/home/arnaud/Bureau/MingWinProjects/libvirt/git20102704/libvirt/src' CC libvirt_util_la-authhelper.lo CC libvirt_util_la-buf.lo CC libvirt_util_la-conf.lo CC libvirt_util_la-cgroup.lo CC libvirt_util_la-event.lo CC libvirt_util_la-hash.lo CC libvirt_util_la-hooks.lo In file included from ../src/util/threads-pthread.h:24, from ../src/util/threads.h:65, from ./conf/domain_conf.h:36, from util/hooks.c:38: /usr/i686-pc-mingw32/sys-root/mingw/include/pthread.h:307: error: redefinition of 'struct rpl_timespec' make[3]: *** [libvirt_util_la-hooks.lo] Error 1 make[3]: Leaving directory `/home/arnaud/Bureau/MingWinProjects/libvirt/git20102704/libvirt/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/arnaud/Bureau/MingWinProjects/libvirt/git20102704/libvirt/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/arnaud/Bureau/MingWinProjects/libvirt/git20102704/libvirt' make: *** [all] Error 2 Maybe I have made a mistake in the configure line ? Any help ? Thanks Arnaud Champion

2 2

[libvirt] [PATCH 0/2] Filesystem pool probing & filesystem building
by David Allan 03 Jun '10

03 Jun '10

The following patches add support for building a filesystem on the source device when building a filesystem pool. The first patch adds mkfs and libblkid to the build system. The second patch adds two flags to virStorageBackendFileSystemBuild. The first flag causes the build operation to probe for an existing filesystem of the type specified in the pool XML. If an existing filesystem of the specified type is present, mkfs is not executed and the build call returns an error. Any other data present on the source device will be overwritten. The second flag causes the build to execute mkfs unconditionally overwriting whatever is currently on the source device. Calling virStorageBackendFileSystemBuild without any flags preserves the current behavior, which is to make the directory on which the filesystem will be mounted, but to leave the source device untouched. David Allan (2): Add mkfs and libblkid to build system Add fs pool formatting configure.ac | 25 ++++++++ include/libvirt/libvirt.h.in | 6 +- include/libvirt/virterror.h | 2 + libvirt.spec.in | 5 ++ po/POTFILES.in | 1 + src/Makefile.am | 5 ++ src/libvirt_private.syms | 4 + src/storage/storage_backend_fs.c | 88 +++++++++++++++++++++++++- src/storage/storage_backend_fs.h | 19 ++++++ src/storage/storage_backend_fs_libblkid.c | 97 +++++++++++++++++++++++++++++ src/util/virterror.c | 12 ++++ tools/virsh.c | 15 ++++- 12 files changed, 273 insertions(+), 6 deletions(-) create mode 100644 src/storage/storage_backend_fs_libblkid.c

4 14

[libvirt] [PATCH 2/2] Add --source-format argument to virsh pool-define-as and pool-create-as
by Justin Clift 02 Jun '10

02 Jun '10

This is the corresponding patch for the virsh man page (virsh.pod). It's diff-d against present git master. Regards and best wishes, Justin Clift -- Salasaga - Open Source eLearning IDE http://www.salasaga.org

3 3

[libvirt] [PATCH] Trivial virsh.pod additions --all for "list" command and similar
by Justin Clift 02 Jun '10

02 Jun '10

Hi all, This is just a trivial patch to virsh.pod (from git master). It adds the following pieces to the virsh man page: + Shows the --inactive and --all optional parameters for the list command. Closes Bugzilla #575512, reported by Renich Bon Ciric (CC'd) https://bugzilla.redhat.com/show_bug.cgi?id=575512 + Corrects the existing description of the list command, to now say that only running domains are listed if no domains are specified. The man page up until this point has said all domains are listed if no domains are specified, which is incorrect. + Adds the "shut off" state to the list of states for the list command. + Adds a missing =back around line 755, that pod2man was complaining was missing. Regards and best wishes, Justin Clift -- Salasaga - Open Source eLearning IDE http://www.salasaga.org

3 3

[libvirt] another AUTHORS update
by Eric Blake 02 Jun '10

02 Jun '10

Eduardo Otubo contacted me off-list, noticing that his name was not yet in AUTHORS even though he has had commits in the past. I've rectified this situation with an obvious commit; not worth posting the diff to the list (to avoid unnecessary exposure of all the email addresses...). -- Eric Blake eblake(a)redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org

2 5

[libvirt] A few small libvirt build issues
by Cole Robinson 02 Jun '10

02 Jun '10

I've hit a few small build issues that I don't know how to fix. daemon/libvirtd.init isn't regenerated if ./configure is re-run. If I do: ./configure --prefix=/foo && make && ./configure --prefix=/bar && make daemon/libvirtd.init will reference /foo and not /bar. The logrotate files are affected as well. Second issue involves root squash homedir which I use regularly for development. If I ./configure && make -j4 && sudo make install, I get the following error: Making install in python make[1]: Entering directory `/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python' Making install in . make[2]: Entering directory `/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python' make[3]: Entering directory `/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python' test -z "/usr/lib64/python2.6/site-packages" || /bin/mkdir -p "/usr/lib64/python2.6/site-packages" /bin/sh ../libtool --mode=install /usr/bin/install -c libvirtmod.la '/usr/lib64/python2.6/site-packages' libtool: install: warning: relinking `libvirtmod.la' libtool: install: (cd /mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python; /bin/sh /mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/libtool --silent --tag CC --mode=relink gcc -Wno-redundant-decls -g -O2 -module -avoid-version -shared -L../src/.libs -o libvirtmod.la -rpath /usr/lib64/python2.6/site-packages libvirtmod_la-libvirt-override.lo libvirtmod_la-typewrappers.lo libvirtmod_la-libvirt.lo ../src/libvirt.la -ldl ) mv: cannot move `libvirtmod.so' to `libvirtmod.soU': Permission denied libtool: install: error: relink `libvirtmod.la' with the above command before installing it My automake-fu is weak so I haven't had much luck decoding any of this. 'make install' seems to want to run that relink command every time, running it by hand doesn't help any. Anyone have any thoughts? Jim, Eric, I figure you guys would know best, so any input appreciated. Thanks, Cole

3 4

[libvirt] [PATCH v2] qemu: Add a qemu.conf option for clearing capabilities
by Cole Robinson 02 Jun '10

02 Jun '10

Currently there is no way to opt out of libvirt dropping POSIX capabilities for qemu. This at least is a useful debugging tool, but is also wanted by users (and distributors): https://bugzilla.redhat.com/show_bug.cgi?id=559154 https://bugzilla.redhat.com/show_bug.cgi?id=573850 v2: Clarify qemu.conf comment, warn about security implications Signed-off-by: Cole Robinson <crobinso(a)redhat.com> --- src/qemu/qemu.conf | 9 +++++++++ src/qemu/qemu_conf.c | 5 +++++ src/qemu/qemu_conf.h | 2 +- src/qemu/qemu_driver.c | 11 +++++++++-- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 98a1176..93934f3 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -178,3 +178,12 @@ # QEMU_AUDIO_DRV environment variable when using VNC. # # vnc_allow_host_audio = 0 + +# If clear_emulator_capabilities is enabled, libvirt will drop all +# privileged capabilities of the QEmu/KVM emulator. This is enabled by +# default. +# +# Warning: Disabling this option means that a compromised guest can +# exploit the privileges and possibly do damage to the host. +# +# clear_emulator_capabilities = 1 diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 66a949e..d7e61d2 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -104,6 +104,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, /* Setup critical defaults */ driver->dynamicOwnership = 1; + driver->clearEmulatorCapabilities = 1; if (!(driver->vncListen = strdup("127.0.0.1"))) { virReportOOMError(); @@ -355,6 +356,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, CHECK_TYPE ("vnc_allow_host_audio", VIR_CONF_LONG); if (p) driver->vncAllowHostAudio = p->l; + p = virConfGetValue (conf, "clear_emulator_capabilities"); + CHECK_TYPE ("clear_emulator_capabilities", VIR_CONF_LONG); + if (p) driver->clearEmulatorCapabilities = p->l; + virConfFree (conf); return 0; } diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 7616d15..0f8a1b3 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -138,8 +138,8 @@ struct qemud_driver { ebtablesContext *ebtables; unsigned int relaxedACS : 1; - unsigned int vncAllowHostAudio : 1; + unsigned int clearEmulatorCapabilities : 1; virCapsPtr caps; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ad7fb54..3faf31e 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3287,7 +3287,7 @@ static int qemudStartVMDaemon(virConnectPtr conn, int stdin_fd) { const char **argv = NULL, **tmp; const char **progenv = NULL; - int i, ret; + int i, ret, runflags; struct stat sb; int *vmfds = NULL; int nvmfds = 0; @@ -3501,9 +3501,16 @@ static int qemudStartVMDaemon(virConnectPtr conn, for (i = 0 ; i < nvmfds ; i++) FD_SET(vmfds[i], &keepfd); + VIR_DEBUG("Clear emulator capabilities: %d", + driver->clearEmulatorCapabilities); + runflags = VIR_EXEC_NONBLOCK; + if (driver->clearEmulatorCapabilities) { + runflags |= VIR_EXEC_CLEAR_CAPS; + } + ret = virExecDaemonize(argv, progenv, &keepfd, &child, stdin_fd, &logfile, &logfile, - VIR_EXEC_NONBLOCK | VIR_EXEC_CLEAR_CAPS, + runflags, qemudSecurityHook, &hookData, pidfile); VIR_FREE(pidfile); -- 1.6.6.1

4 5

[libvirt] [patch] libvirt documentation - disk cache description
by Марк Коренберг 02 Jun '10

02 Jun '10

The description was got from qemu manual. Please review, edit, apply adn update the website :) -- Segmentation fault

2 1

[libvirt] vol-list and other vol-* functions
by Eduardo Otubo 02 Jun '10

02 Jun '10

Hello all, When implementing the vol-list function I came up with the concept of 'path' which I am not sure if I understood. Does 'path' in this case represents where it is mounted on the guest system? On IBM Power Hypervisor, there's some logical volumes which I can get the path and there's some I can't, hence, I can't get LookUpByPath() function implemented correctly. Any ideas? Thanks, -- Eduardo Otubo Software Engineer Linux Technology Center IBM Systems & Technology Group Mobile: +55 19 8135 0885 eotubo(a)linux.vnet.ibm.com

3 2

[libvirt] [PATCH] [PATCH v13-pre1] add 802.1Qbh and 802.1Qbg handling
by Scott Feldman 02 Jun '10

02 Jun '10

From: Scott Feldman <scofeldm(a)cisco.com> Stefan, I was doing more testing and have some fixes for the bh paths. This patch is on top of your V12 patch... - some minor cleanups - if association fails due to timeout, disassociate the port profile, otherwise association state-machine will be "in-progress" potentially forever. - don't pass mac/vlan/uuids/profile when disassociating. ifindex and vf are enough Signed-off-by: Scott Feldman <scofeldm(a)cisco.com> --- src/util/macvtap.c | 75 ++++++++++++++++++++++++++++++---------------------- 1 files changed, 43 insertions(+), 32 deletions(-) diff --git a/src/util/macvtap.c b/src/util/macvtap.c index 71c6169..9ca6203 100644 --- a/src/util/macvtap.c +++ b/src/util/macvtap.c @@ -963,11 +963,11 @@ getPortProfileStatus(struct nlattr **tb, int32_t vf, if (tb[IFLA_PORT_SELF]) { if (nla_parse_nested(tb_port, IFLA_PORT_MAX, tb[IFLA_PORT_SELF], ifla_port_policy)) { - msg = _("error parsing IFLA_VF_SELF part"); + msg = _("error parsing IFLA_PORT_SELF part"); goto err_exit; } } else { - msg = _("IFLA_VF_SELF is missing"); + msg = _("IFLA_PORT_SELF is missing"); goto err_exit; } } else { @@ -1266,7 +1266,7 @@ doPortProfileOpCommon(bool nltarget_kernel, vf, op); - if (rc != 0) { + if (rc) { macvtapError(VIR_ERR_INTERNAL_ERROR, "%s", _("sending of PortProfileRequest failed.")); return rc; @@ -1278,7 +1278,7 @@ doPortProfileOpCommon(bool nltarget_kernel, goto err_exit; rc = getPortProfileStatus(tb, vf, instanceId, nltarget_kernel, is8021Qbg, &status); - if (rc != 0) + if (rc) goto err_exit; if (status == PORT_PROFILE_RESPONSE_SUCCESS || status == PORT_VDP_RESPONSE_SUCCESS) { @@ -1478,16 +1478,11 @@ doPortProfileOp8021Qbh(const char *ifname, char *physfndev; unsigned char hostuuid[VIR_UUID_BUFLEN]; int32_t vf; - int op = PORT_REQUEST_ASSOCIATE; bool nltarget_kernel = true; int ifindex; int vlanid = -1; const unsigned char *macaddr = NULL; - rc = virGetHostUUID(hostuuid); - if (rc) - goto err_exit; - rc = getPhysfn(ifname, &vf, &physfndev); if (rc) goto err_exit; @@ -1499,35 +1494,51 @@ doPortProfileOp8021Qbh(const char *ifname, switch (virtPortOp) { case ASSOCIATE: - op = PORT_REQUEST_ASSOCIATE; + rc = virGetHostUUID(hostuuid); + if (rc) + goto err_exit; + + rc = doPortProfileOpCommon(nltarget_kernel, NULL, ifindex, + macaddr, + vlanid, + virtPort->u.virtPort8021Qbh.profileID, + NULL, + vm_uuid, + hostuuid, + vf, + PORT_REQUEST_ASSOCIATE); + if (rc == -ETIMEDOUT) + /* Association timed out, disassociate */ + doPortProfileOpCommon(nltarget_kernel, NULL, ifindex, + NULL, + 0, + NULL, + NULL, + NULL, + NULL, + vf, + PORT_REQUEST_DISASSOCIATE); + if (!rc) + ifaceUp(ifname); break; + case DISASSOCIATE: - op = PORT_REQUEST_DISASSOCIATE; + rc = doPortProfileOpCommon(nltarget_kernel, NULL, ifindex, + NULL, + 0, + NULL, + NULL, + NULL, + NULL, + vf, + PORT_REQUEST_DISASSOCIATE); + ifaceDown(ifname); break; + default: macvtapError(VIR_ERR_INTERNAL_ERROR, - _("operation type %d not supported"), op); + _("operation type %d not supported"), virtPortOp); rc = 1; - goto err_exit; - } - - rc = doPortProfileOpCommon(nltarget_kernel, NULL, ifindex, - macaddr, - vlanid, - virtPort->u.virtPort8021Qbh.profileID, - NULL, - vm_uuid, - hostuuid, - vf, - op); - - switch (virtPortOp) { - case ASSOCIATE: - ifaceUp(ifname); - break; - case DISASSOCIATE: - ifaceDown(ifname); - break; } err_exit:

3 2