Re: [libvirt] [Qemu-devel] [PATCH v2 4/4] block: Convert open calls to qemu_open
by Kevin Wolf
Am 08.06.2012 17:42, schrieb Corey Bryant:
> This patch converts all block layer open calls to qemu_open. This
> enables all block layer open paths to dup(X) a pre-opened file
> descriptor if the filename is of the format /dev/fd/X. This is
> useful if QEMU is restricted from opening certain files.
>
> Note that this adds the O_CLOEXEC flag to the changed open paths
> when the O_CLOEXEC macro is defined.
>
> v2:
> -Convert calls to qemu_open instead of file_open (kwolf(a)redhat.com)
> -Mention introduction of O_CLOEXEC (kwolf(a)redhat.com)
>
> Signed-off-by: Corey Bryant <coreyb(a)linux.vnet.ibm.com>
> @@ -950,7 +950,7 @@ static int floppy_probe_device(const char *filename)
> if (strstart(filename, "/dev/fd", NULL))
> prio = 50;
Good to have this context here. I think this has to be removed in
another patch or all our file descriptors will become host_floppy...
>
> - fd = open(filename, O_RDONLY | O_NONBLOCK);
> + fd = qemu_open(filename, O_RDONLY | O_NONBLOCK);
> if (fd < 0) {
> goto out;
> }
Kevin
12 years, 6 months
[libvirt] [PATCH 00/12] rpc: Fix several issues with keepalive messages
by Jiri Denemark
So far, we were dropping non-blocking calls whenever sending them would block.
In case a client is sending lots of stream calls (which are not supposed to
generate any reply), the assumption that having other calls in a queue is
sufficient to get a reply from the server doesn't work. I tried to fix this in
b1e374a7ac56927cfe62435179bf0bba1e08b372 but failed and reverted that commit.
While working on the proper fix, I discovered several other issues we had in
handling keepalive messages in client RPC code. See individual patches for more
details.
As a nice bonus, the fixed version is shorter by one line than the current
broken version :-)
Jiri Denemark (12):
client rpc: Improve debug messages in virNetClientIO
client rpc: Use event loop for writing
client rpc: Don't drop non-blocking calls
client rpc: Just queue non-blocking call if another thread has the
buck
client rpc: Drop unused return value of virNetClientSendNonBlock
rpc: Refactor keepalive timer code
rpc: Add APIs for direct triggering of keepalive timer
client rpc: Separate call creation from running IO loop
rpc: Do not use timer for sending keepalive responses
rpc: Remove unused parameter in virKeepAliveStopInternal
server rpc: Remove APIs for manipulating filters on locked client
client rpc: Send keepalive requests from IO event loop
src/libvirt_probes.d | 2 +-
src/rpc/virkeepalive.c | 233 ++++++++++++--------------
src/rpc/virkeepalive.h | 7 +-
src/rpc/virnetclient.c | 368 +++++++++++++++++++++++-------------------
src/rpc/virnetserverclient.c | 127 +++++++--------
5 files changed, 368 insertions(+), 369 deletions(-)
--
1.7.10.2
12 years, 6 months
[libvirt] [PATCH] build: fix 'make dist' on virgin checkout
by Eric Blake
'make dist' was depending on *protocol-structs files, which are
stored in git but in turn depended on generated files. We still
want to ship the protocol-structs files, but by renaming the
tests to something not matching a file name, we separate 'make
check' (which depends on the generated file) from 'make dist'
(which only depends on the git files). After all, the tarball
should never depend on a generated file not stored in git.
I found one more case of a git file depending on a generated
file, in a bogus virkeycode.c listing; but at least this one
had no associated rules so it never broke 'make dist'.
Reported by Wen Congyang. Latent bug has been present since
commit 62dee6f, but only recently exposed by commit 7bff56a.
* src/Makefile.am ($(srcdir)/util/virkeycode.c): Drop useless
dependency.
(BUILT_SOURCES): ...and build virkeymaps.h sooner.
(PROTOCOL_STRUCTS): Rather than depend on the struct file...
(check-local): ...convert things into a phony target of...
(check-protocol): ...a new check.
($(srcdir)/remote_protocol-struct): Rename to isolate the distributed
file from the conditional test.
(PDWTAGS): Deal with rename. Swap to compare 'expected actual'.
---
Posting now for a review. I'm still planning on running a 'make
distcheck' on a virgin repository, if that passes and correctly
runs the protocol syntax checks, then I will check this in under
the build-breaker rule. Or, if someone ACKs this first...
src/Makefile.am | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 60f5442..2bcebcf 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -113,12 +113,12 @@ UTIL_SOURCES = \
EXTRA_DIST += $(srcdir)/util/virkeymaps.h $(srcdir)/util/keymaps.csv \
$(srcdir)/util/virkeycode-mapgen.py
+BUILT_SOURCES += $(srcdir)/util/virkeymaps.h
+
$(srcdir)/util/virkeymaps.h: $(srcdir)/util/keymaps.csv \
$(srcdir)/util/virkeycode-mapgen.py
$(AM_V_GEN)$(PYTHON) $(srcdir)/util/virkeycode-mapgen.py <$(srcdir)/util/keymaps.csv >$@
-$(srcdir)/util/virkeycode.c: $(srcdir)/util/virkeycode.h $(srcdir)/util/virkeymaps.h
-
EXTRA_DIST += util/threads-pthread.c util/threads-win32.c
# Internal generic driver infrastructure
@@ -293,7 +293,7 @@ PDWTAGS = \
-e '}' \
< $(@F)-t1 > $(@F)-t3; \
case $$? in 8) rm -f $(@F)-t?; exit 0;; 0) ;; *) exit 1;; esac;\
- diff -u $(@F)-t3 $@; st=$$?; rm -f $(@F)-t?; exit $$st; \
+ diff -u $(@)s $(@F)-t3; st=$$?; rm -f $(@F)-t?; exit $$st; \
fi; \
else \
echo 'WARNING: you lack pdwtags; skipping the $@ test' >&2; \
@@ -306,21 +306,24 @@ PROTOCOL_STRUCTS = \
$(srcdir)/virnetprotocol-structs \
$(srcdir)/virkeepaliveprotocol-structs
if WITH_REMOTE
+check-protocol: $(PROTOCOL_STRUCTS) $(PROTOCOL_STRUCTS:structs=struct)
+
# The .o file that pdwtags parses is created as a side effect of running
# libtool; but from make's perspective we depend on the .lo file.
-$(srcdir)/%_protocol-structs: libvirt_driver_remote_la-%_protocol.lo
- $(PDWTAGS)
-$(srcdir)/virnetprotocol-structs: libvirt_net_rpc_la-virnetprotocol.lo
+$(srcdir)/remote_protocol-struct $(srcdir)/qemu_protocol-struct: \
+ $(srcdir)/%-struct: libvirt_driver_remote_la-%.lo
$(PDWTAGS)
-$(srcdir)/virkeepaliveprotocol-structs: libvirt_net_rpc_la-virkeepaliveprotocol.lo
+$(srcdir)/virnetprotocol-struct $(srcdir)/virkeepaliveprotocol-struct: \
+ $(srcdir)/%-struct: libvirt_net_rpc_la-%.lo
$(PDWTAGS)
else !WITH_REMOTE
-# These generated files must live in git, because they cannot be re-generated
-# when configured --without-remote.
-$(PROTOCOL_STRUCTS):
+# The $(PROTOCOL_STRUCTS) files must live in git, because they cannot be
+# re-generated when configured --without-remote.
+check-protocol:
endif
EXTRA_DIST += $(PROTOCOL_STRUCTS)
-check-local: $(PROTOCOL_STRUCTS)
+check-local: check-protocol
+.PHONY: check-protocol $(PROTOCOL_STRUCTS:structs=struct)
# Mock driver, covering domains, storage, networks, etc
TEST_DRIVER_SOURCES = \
--
1.7.10.2
12 years, 6 months
[libvirt] [PATCH] virsh: Honor reedit opts printing to a function
by Michal Privoznik
When printing reedit options we make stdin raw. However,
this results in stdout being raw as well. Therefore we need
to return carriage when doing new line. Unfortunately,
'\r' cannot be part of internationalized messages hence
we must move them to formatting string which then in turn
become huge and disarranged. To solve this, a new function
is introduced which takes variable string arguments and
prepend each with "\r\n" just before printing.
---
tools/virsh.c | 25 +++++++++++++++++++++----
1 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index 90ea43d..6840b92 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -655,6 +655,21 @@ vshReconnect(vshControl *ctl)
ctl->useSnapshotOld = false;
}
+static void
+vshPrintRaw(vshControl *ctl, ...)
+{
+ va_list ap;
+ char *key;
+
+ va_start(ap, ctl);
+ while ((key = va_arg(ap, char *)) != NULL) {
+ vshPrint(ctl, "\r\n%s", key);
+ }
+ vshPrint(ctl, "\r\n");
+
+ va_end(ap);
+}
+
/**
* vshAskReedit:
* @msg: Question to ask user
@@ -690,10 +705,12 @@ vshAskReedit(vshControl *ctl, const char *msg)
c = c_tolower(getchar());
if (c == '?') {
- vshPrint(ctl, "\r\n%s", _("y - yes, start editor again\n"
- "n - no, throw away my changes\n"
- "f - force, try to redefine again\n"
- "? - print this help\n"));
+ vshPrintRaw(ctl,
+ _("y - yes, start editor again"),
+ _("n - no, throw away my changes"),
+ _("f - force, try to redefine again"),
+ _("? - print this help"),
+ NULL);
continue;
} else if (c == 'y' || c == 'n' || c == 'f') {
break;
--
1.7.8.5
12 years, 6 months
[libvirt] [RFC] Filtering SG_IO commands using cgroups
by Paolo Bonzini
While we wait for Al's answer, it seems to me that filtering CDBs with cgroups is a
pretty natural extension of filtering devices with cgroups. So here is a possible
specification for such a cgroup.
[CCing the libvirt mailing list since they could be one of the first clients]
Paolo
SG_IO Filter Controller ("cdb")
1. Description
The cdb cgroup implement a way to filter allowed SCSI commands according
to one or more Berkeley Packet Filter programs associated to the cgroup
and its parents. BPF programs have access to the CDB and various
ancillary data about the device.
To be allowed, a command must be allowed by at least one program for each
cgroup from the current task's to the root. In addition, as a general
rule it must pass the regular check on privileged commands that is done
even without cgroups. Groups with no programs are handled specially so
that the default configuration is the same as without cgroups.
Privileged tasks may install programs that bypass the usual check on
"dangerous" SCSI commands. Non-privileged tasks in the same cgroup will
also be able to bypass the check, but they may not widen their privileged
abilities beyond what the cgroup already has.
Administrators can replace the current entries, or add new ones. Replacing
the entries in a cgroup will never affect those that are inherited from
the parent. However when a parent cgroup is changed, the new filters
will also apply to the children.
2. Operation
The BPF program can return one of the following values:
* 0: the CDB is denied. Another program in the cgroup will be tried,
or the SG_IO ioctl will return with EPERM if there are none.
* 1: the CDB is allowed; it should be subject to the bitmap that is
used in the absence of cgroups.
* 2: the CDB is allowed, and the generic filter may be bypassed.
Programs that return 2 or the value of the accumulator are called
privileged in the remainder of this document.
BPF programs used with the cdb cgroup have access to the following
ancillary values:
* ANC_MAJOR (45): the major number of the device
* ANC_MINOR (46): the minor number of the device
* ANC_BLOCK (47): 1 if the device is a block device, 0 if it is a
character device
* ANC_PART (48): the partition number of the device; 0 if it is a
character device
* ANC_MODE (49): one of O_RDONLY/O_WRONLY/O_RDWR depending on how
the file was opened.
* ANC_RAWIO (50): 1 if the current process has CAP_SYS_RAWIO, 0
otherwise.
Evaluation goes through all filters in each cgroup and picks the most
permissive (largest) value. It also goes through all cgroups from the
current task's up to the root, and executes filters in there; but here
it picks the most restrictive value. In other words the result from
multiple filters is "ORed", while the result from multiple cgroups
is "ANDed".
Cgroups with no filters are skipped, with one exception: if the current
task is in a cgroup with no filters, it will behave as if it had this
special filter:
pseudocode: | BPF:
if capable(CAP_SYS_RAWIO) | ANC RAWIO
return 2 | ADD #1
else | RET A
return 1 |
This has two effects:
1) when a non-privileged task is moved from a privileged cgroup to a
new cgroup, it will be subject to the generic filter;
2) when a task is in the root cgroup, and the root cgroup has no
filters, it behaves as if the cdb cgroup did not exist at all.
This maps to the following algorithm:
privileged = YES
allowed = YES
for each cgroup C from the current task cdb cgroup to the root
if no filters in C
if C is the current task cdb cgroup
privileged &= capable(CAP_SYS_RAWIO)
continue
privileged_this_cgroup = NO
allowed_this_cgroup = NO
for each filter F in C
ret = run_filter(F, cdb)
if ret != 0 then
allowed_this_cgroup = YES
if ret == 2 then
privileged_this_cgroup = YES
privileged &= privileged_this_cgroup
allowed &= allowed_this_cgroup
if !allowed then
return EPERM
if !privileged then
test CDB against bitmap
execute CDB
(Of course some short-circuiting is possible).
3. User Interface
The cgroup provides three files:
* cdb.filter: entries are modified using this file. Entries are
added if the file was opened with O_APPEND, otherwise they are replaced.
Opening the file with O_TRUNC immediately removes all filters. These
rules are chosen so that shell redirections (including ":>cdb.filter")
will do the right thing.
Adding or replacing programs requires CAP_SYS_ADMIN. Adding
privileged programs *in addition* requires CAP_SYS_RAWIO.
An entry is represented by multiple occurrences of the following
structure, which must all be written with a single system call:
struct bpf_insn {
u16 code;
u8 jt;
u8 jf;
u32 k;
};
in the native endianness of the running architecture. A zero-length
write will do nothing if the file was opened with O_APPEND, and
remove all entries if it wasn't.
* cdb.list: entries are retrieved using this file. All filters
are preceded by a 32-bit value counting the number of bpf_insn
structs in the program, and concatenated.
* cdb.priv: returns 1 if the cgroup is privileged (has at least one
privileged filter). This is true if at least one filter includes
a "RET #2" or "RET A" instruction.
4. Security
Filters that include the "RET A" or "RET #2" instructions can only
be added by a task that has CAP_SYS_RAWIO; thus only tasks with
CAP_SYS_RAWIO, who could bypass the bitmap themselves, can also
let other processes do so. Such cgroups are marked as privileged;
CAP_SYS_RAWIO is required to attach a process to a privileged cgroup.
The privileged status is visible in the "cdb.priv" file.
While such filters let non-privileged processes and their children
bypass the bitmap, this only holds as long as the non-privileged
process does none of the following operations (which by themselves
require CAP_SYS_ADMIN):
* replace all filters from the cgroup
* create a new sub-cgroup and move itself to it
Because in either case, the empty cgroup will behave as if it
had "RET #1".
In addition, new filters added to the cgroup will never widen the
privileged abilities of the process, because filters with "RET #2"
or "RET A" will not be allowed.
5. Examples of filters
5.1. Persistent reservations
This filter lets a program use persistent reservations, plus any
other command that is allowed without CAP_SYS_RAWIO:
LD_B 0 ; A = cdb[0]
JGT #0x5f, Lpass, 1f ; pass if > PR OUT
1: JGE #0x5e, Lpr, Lpass ; pass if < PR IN
Lpass: RET #1 ; go to bitmap check
Lpr: RET #2 ; bypass bitmap check
A program could put itself in a new cgroup, add this filter and then
drop CAP_SYS_RAWIO/CAP_SYS_ADMIN.
5.2. Arbitrary bitmap
This filter could be used as a template to convert a 256-bit bitmap
to a BPF program.
LD_B 0
AND #31
TAX ; X = cdb[0] & 31
LD #1
LSH X
TAX ; X = 1 << (cdb[0] & 31)
LD_B 0 ; A = cdb[0]
JSET #128, L1xx, L0xx ; Decode bit 7 of the opcode
L0xx: JSET #64, L01x, L00x ; Decode bit 6
L1xx: JSET #64, L11x, L10x
L00x: JSET #32, L001, L000 ; Decode bit 5
L01x: JSET #32, L011, L010
L10x: JSET #32, L101, L100
L11x: JSET #32, L111, L110
L000: TXA; JSET #..., Lpass, Lfail ; fill in bitmap values here
L001: TXA; JSET #..., Lpass, Lfail
L010: TXA; JSET #..., Lpass, Lfail
L011: TXA; JSET #..., Lpass, Lfail
L100: TXA; JSET #..., Lpass, Lfail
L101: TXA; JSET #..., Lpass, Lfail
L110: TXA; JSET #..., Lpass, Lfail
L111: TXA; JSET #..., Lpass, Lfail
Lpass: RET #1 ; could also be RET #2
Lfail: RET #0
12 years, 6 months
[libvirt] [PATCH] build: silence gettext warning
by Eric Blake
Otherwise, 'make dist' gives multiple warnings like:
libvirt.pot:20814: warning: internationalized messages should not contain the `\r' escape sequence
* tools/virsh.c (vshAskReedit): Avoid \r in _().
---
Pushing under the trivial rule.
tools/virsh.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index 744b629..90ea43d 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -690,10 +690,10 @@ vshAskReedit(vshControl *ctl, const char *msg)
c = c_tolower(getchar());
if (c == '?') {
- vshPrint(ctl, "\r\n%s", _("y - yes, start editor again\r\n"
- "n - no, throw away my changes\r\n"
- "f - force, try to redefine again\r\n"
- "? - print this help\r\n"));
+ vshPrint(ctl, "\r\n%s", _("y - yes, start editor again\n"
+ "n - no, throw away my changes\n"
+ "f - force, try to redefine again\n"
+ "? - print this help\n"));
continue;
} else if (c == 'y' || c == 'n' || c == 'f') {
break;
--
1.7.10.2
12 years, 6 months
[libvirt] [PATCH 1/2] drop the removed module check
by Wanlong Gao
check.py has been dropped and functions moved into utils.py.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
repos/domain/balloon_memory.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/repos/domain/balloon_memory.py b/repos/domain/balloon_memory.py
index 5879d15..7051a0a 100644
--- a/repos/domain/balloon_memory.py
+++ b/repos/domain/balloon_memory.py
@@ -13,7 +13,6 @@ from libvirt import libvirtError
from src import sharedmod
from utils import utils
-from utils import check
required_params = ('guestname', 'memorypair',)
optional_params = {}
--
1.7.11.rc0
12 years, 6 months
[libvirt] make dist failed
by Wen Congyang
make dist failed with the following error:
make[1]: Entering directory `/home/wency/source/libvirt/src'
GEN rpc/virnetprotocol.h
GEN rpc/virnetprotocol.c
GEN rpc/virkeepaliveprotocol.h
GEN rpc/virkeepaliveprotocol.c
GEN remote/remote_protocol.h
GEN remote/remote_protocol.c
GEN remote/qemu_protocol.h
GEN remote/qemu_protocol.c
GEN remote/qemu_client_bodies.h
GEN util/virkeymaps.h
CC libvirt_driver_remote_la-remote_protocol.lo
In file included from ./remote/remote_protocol.h:17,
from ./remote/remote_protocol.c:7:
./internal.h:300:31: error: libvirt_probes.h: No such file or directory
12 years, 6 months
Re: [libvirt] Error while installing a guest
by Pankaj Rawat
#qemu-img info /var/lib/libvirt/images/g2
image: /var/lib/libvirt/images/g2
file format: qcow2
virtual size: 8.0G (8589934592 bytes)
disk size: 136K
cluster_size: 65536
[root@localhost libvirt-0.9.11]# ifconfig | grep br0
br0 Link encap:Ethernet HWaddr 00:1A:4B:B9:E2:50
virbr0 Link encap:Ethernet HWaddr C6:F4:2E:7A:4C:25
I tried prompt option but it does'nt work
# /usr/sbin/virt-install --accelerate --hvm --connect qemu:///system --name g3 --vcpu=1 --ram 1024 --os-type=linux --os-variant=rhel6 --network bridge:br0 --disk /var/lib/libvirt/images/g2 --disk=/opt/SL-62-x86_64-2012-02-06-Install-DVD.iso,device=cdrom,perms=ro --location=/mnt/ --nographics --serial pty --extra-args=console=ttyS0,115200n8 --keymap=en --force --prompt
Starting install...
Retrieving file .treeinfo... | 768 B 00:00 ...
Retrieving file vmlinuz... | 7.5 MB 00:00 ...
Retrieving file initrd.img... | 59 MB 00:00 ...
ERROR internal error Process exited while reading console log output:
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect qemu:///system start g3
otherwise, please restart your installation.
On 06/12/2012 05:55 PM, Pankaj Rawat wrote:
Ok I am attaching the file.
Please check your guest image size by qemu-img info or ll -h, for example: qemu-img info /var/lib/libvirt/images/g2,
and run 'ifconfig | grep br0' then paste output in here, thanks.
In addition, you may also use interactive virt-install to install a guest with --prompt option then step by step.
Regards
Pankaj Rawat
-----Original Message-----
From: Alex Jia [mailto:a...@redhat.com]
Sent: Tuesday, June 12, 2012 11:38 AM
To: Pankaj Rawat
Cc: libvir-list(a)redhat.com
Subject: Re: [libvirt] Error while installing a guest
Hi Pankaj,
Could you attach your virt-install.log as an attachment?
it locals in ~/.virtinst/virt-install.log.
Or Is it okay if you also upgrade your python-virtinst?
Thanks,
Alex
----- Original Message -----
From: "Pankaj Rawat" <pankaj.ra...(a)nechclst.in>
To: libvir-list(a)redhat.com
Sent: Tuesday, June 12, 2012 1:56:05 PM
Subject: [libvirt] Error while installing a guest
Hi all ,
I have SL6.2 x86_64 Installed on my system
I updated libvirt version from 0.9.4 to 0.9.11, I had removed previous libvirt via yum
I done this by compiling the source.
I started libvirt daemon created by compiling source :
# ./root/libvirt_0.9.11/build/daomen/libvirtd
Now I tried to create a guest:-
[root@localhost libvirt-0.9.11]# /usr/sbin/virt-install --accelerate --hvm --connect qemu:///system --name g3 --vcpu=1 --ram 1024 --os-type=linux --os-variant=rhel6 --network bridge:br0 --disk /var/lib/libvirt/images/g2 --disk=/opt/SL-62-x86_64-2012-02-06-Install-DVD.iso,device=cdrom,perms=ro --location=/mnt/ --nographics --serial pty --extra-args=console=ttyS0,115200n8 --keymap=en --force
The command line above normally works fine (I have created many vm by using same above command)
But here Following error comes
Starting install...
Retrieving file .treeinfo... | 768 B 00:00 ...
Retrieving file vmlinuz... | 7.5 MB 00:00 ...
Retrieving file initrd.img... 100% [=====================================================] 11 MB/s | 29 MB --:-- ETA
Retrieving file initrd.img... | 59 MB 00:09 ...
ERROR internal error Process exited while reading console log output:
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect qemu:///system start g3
otherwise, please restart your installation.
at libvirtd console following output comes:
2012-06-12 13:58:55.239+0000: 17800: error : qemuProcessReadLogOutput:1298 : internal error Process exited while reading console log output: 2012-06-12 14:04:12.120+0000: 17802: warning : qemuDomainObjTaint:1227 : Domain id=3 name='g3' uuid=fec6cb5a-d4ea-d2c9-505c-611227fb4f4c is tainted: high-privileges 2012-06-12 13:58:55.239+0000: 17800: error : qemuProcessReadLogOutput:1298 : internal error Process exited while reading console lo
I dont know how to resolve this .
Regards
Pankaj Rawat
DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only.
It shall not attach any liability on the originator or NECHCL or its
affiliates. Any views or opinions presented in
this email are solely those of the author and may not necessarily reflect the
opinions of NECHCL or its affiliates.
Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of
this message without the prior written consent of the author of this e-mail is
strictly prohibited. If you have
received this email in error please delete it and notify the sender
immediately. .
-----------------------------------------------------------------------------------------------------------------------
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only.
It shall not attach any liability on the originator or NECHCL or its
affiliates. Any views or opinions presented in
this email are solely those of the author and may not necessarily reflect the
opinions of NECHCL or its affiliates.
Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of
this message without the prior written consent of the author of this e-mail is
strictly prohibited. If you have
received this email in error please delete it and notify the sender
immediately. .
DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only.
It shall not attach any liability on the originator or NECHCL or its
affiliates. Any views or opinions presented in
this email are solely those of the author and may not necessarily reflect the
opinions of NECHCL or its affiliates.
Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of
this message without the prior written consent of the author of this e-mail is
strictly prohibited. If you have
received this email in error please delete it and notify the sender
immediately. .
-----------------------------------------------------------------------------------------------------------------------
12 years, 6 months
[libvirt] [sandbox][PATCH] config: select specific kernel
by Radu Caragea
Added parameters to select a kernel through the release version and path to binary.
When setting kernel release version, the module search will be done in /lib/modules/<release>/kernel . Also, by default, after setting the kernel release version the default kernel image path will be /boot/vmlinuz-<release>
The two default to the running configuration: /lib/modules/`uname -r`/kernel and /boot/vmlinuz-`uname -r`
kver didn't seem suggestive enough; I used kernrelease and kernpath. To be changed if necessary.
Also removed utsname inclusion wherever it wasn't used at all anymore
diff --git a/libvirt-sandbox/libvirt-sandbox-builder-machine.c b/libvirt-sandbox/libvirt-sandbox-builder-machine.c
index 7087459..3f7c5d7 100644
--- a/libvirt-sandbox/libvirt-sandbox-builder-machine.c
+++ b/libvirt-sandbox/libvirt-sandbox-builder-machine.c
@@ -22,7 +22,6 @@
#include <config.h>
#include <string.h>
-#include <sys/utsname.h>
#include "libvirt-sandbox/libvirt-sandbox.h"
@@ -116,7 +115,6 @@ static void gvir_sandbox_builder_machine_finalize(GObject *object)
static gchar *gvir_sandbox_builder_machine_mkinitrd(GVirSandboxConfig *config,
- const gchar *kver,
GError **error)
{
GVirSandboxConfigInitrd *initrd = gvir_sandbox_config_initrd_new();
@@ -124,7 +122,7 @@ static gchar *gvir_sandbox_builder_machine_mkinitrd(GVirSandboxConfig *config,
gchar *targetfile = g_strdup_printf("/tmp/libvirt-sandbox-initrd-XXXXXX");
int fd = -1;
- gvir_sandbox_config_initrd_set_kver(initrd, kver);
+ gvir_sandbox_config_initrd_set_kver(initrd, gvir_sandbox_config_get_kernrelease(config));
gvir_sandbox_config_initrd_set_init(initrd, LIBEXECDIR "/libvirt-sandbox-init-qemu");
gvir_sandbox_config_initrd_add_module(initrd, "fscache.ko");
@@ -341,19 +340,16 @@ static gboolean gvir_sandbox_builder_machine_construct_os(GVirSandboxBuilder *bu
gchar *kernel = NULL;
gchar *initrd = NULL;
gchar *cmdline = NULL;
- struct utsname uts;
GVirConfigDomainOs *os;
if (!GVIR_SANDBOX_BUILDER_CLASS(gvir_sandbox_builder_machine_parent_class)->
construct_os(builder, config, configdir, cleaner, domain, error))
return FALSE;
- uname(&uts);
-
- if (!(initrd = gvir_sandbox_builder_machine_mkinitrd(config, uts.release, error)))
+ if (!(initrd = gvir_sandbox_builder_machine_mkinitrd(config, error)))
return FALSE;
- kernel = g_strdup_printf("/boot/vmlinuz-%s", uts.release);
+ kernel = g_strdup(gvir_sandbox_config_get_kernpath(config));
cmdline = gvir_sandbox_builder_machine_cmdline(config);
gvir_sandbox_cleaner_add_rmfile_post_start(cleaner,
diff --git a/libvirt-sandbox/libvirt-sandbox-config-initrd.c b/libvirt-sandbox/libvirt-sandbox-config-initrd.c
index 327e0bf..5c75fce 100644
--- a/libvirt-sandbox/libvirt-sandbox-config-initrd.c
+++ b/libvirt-sandbox/libvirt-sandbox-config-initrd.c
@@ -22,7 +22,6 @@
#include <config.h>
#include <string.h>
-#include <sys/utsname.h>
#include "libvirt-sandbox/libvirt-sandbox.h"
@@ -161,12 +160,8 @@ static void gvir_sandbox_config_initrd_class_init(GVirSandboxConfigInitrdClass *
static void gvir_sandbox_config_initrd_init(GVirSandboxConfigInitrd *config)
{
GVirSandboxConfigInitrdPrivate *priv = config->priv;
- struct utsname uts;
priv = config->priv = GVIR_SANDBOX_CONFIG_INITRD_GET_PRIVATE(config);
-
priv->init = g_strdup(LIBEXECDIR "/libvirt-sandbox-init-qemu");
- uname(&uts);
- priv->kver = g_strdup(uts.release);
}
diff --git a/libvirt-sandbox/libvirt-sandbox-config-network-address.c b/libvirt-sandbox/libvirt-sandbox-config-network-address.c
index ad91f77..959bf94 100644
--- a/libvirt-sandbox/libvirt-sandbox-config-network-address.c
+++ b/libvirt-sandbox/libvirt-sandbox-config-network-address.c
@@ -22,7 +22,6 @@
#include <config.h>
#include <string.h>
-#include <sys/utsname.h>
#include "libvirt-sandbox/libvirt-sandbox.h"
diff --git a/libvirt-sandbox/libvirt-sandbox-config-network-route.c b/libvirt-sandbox/libvirt-sandbox-config-network-route.c
index 7962352..6c473d0 100644
--- a/libvirt-sandbox/libvirt-sandbox-config-network-route.c
+++ b/libvirt-sandbox/libvirt-sandbox-config-network-route.c
@@ -22,7 +22,6 @@
#include <config.h>
#include <string.h>
-#include <sys/utsname.h>
#include "libvirt-sandbox/libvirt-sandbox.h"
diff --git a/libvirt-sandbox/libvirt-sandbox-config-network.c b/libvirt-sandbox/libvirt-sandbox-config-network.c
index 5668274..6440642 100644
--- a/libvirt-sandbox/libvirt-sandbox-config-network.c
+++ b/libvirt-sandbox/libvirt-sandbox-config-network.c
@@ -22,7 +22,6 @@
#include <config.h>
#include <string.h>
-#include <sys/utsname.h>
#include "libvirt-sandbox/libvirt-sandbox.h"
diff --git a/libvirt-sandbox/libvirt-sandbox-config.c b/libvirt-sandbox/libvirt-sandbox-config.c
index 2b0a9be..b9cda3d 100644
--- a/libvirt-sandbox/libvirt-sandbox-config.c
+++ b/libvirt-sandbox/libvirt-sandbox-config.c
@@ -46,6 +46,8 @@ struct _GVirSandboxConfigPrivate
gchar *name;
gchar *root;
gchar *arch;
+ gchar *kernrelease;
+ gchar *kernpath;
gboolean shell;
guint uid;
@@ -72,6 +74,8 @@ enum {
PROP_ROOT,
PROP_ARCH,
PROP_SHELL,
+ PROP_KERNRELEASE,
+ PROP_KERNPATH,
PROP_UID,
PROP_GID,
@@ -123,6 +127,14 @@ static void gvir_sandbox_config_get_property(GObject *object,
g_value_set_string(value, priv->arch);
break;
+ case PROP_KERNRELEASE:
+ g_value_set_string(value, priv->kernrelease);
+ break;
+
+ case PROP_KERNPATH:
+ g_value_set_string(value, priv->kernpath);
+ break;
+
case PROP_SHELL:
g_value_set_boolean(value, priv->shell);
break;
@@ -181,6 +193,16 @@ static void gvir_sandbox_config_set_property(GObject *object,
priv->arch = g_value_dup_string(value);
break;
+ case PROP_KERNRELEASE:
+ g_free(priv->kernrelease);
+ priv->kernrelease = g_value_dup_string(value);
+ break;
+
+ case PROP_KERNPATH:
+ g_free(priv->kernpath);
+ priv->kernpath = g_value_dup_string(value);
+ break;
+
case PROP_SHELL:
priv->shell = g_value_get_boolean(value);
break;
@@ -239,6 +261,8 @@ static void gvir_sandbox_config_finalize(GObject *object)
g_free(priv->name);
g_free(priv->root);
g_free(priv->arch);
+ g_free(priv->kernrelease);
+ g_free(priv->kernpath);
g_free(priv->secLabel);
G_OBJECT_CLASS(gvir_sandbox_config_parent_class)->finalize(object);
@@ -291,6 +315,28 @@ static void gvir_sandbox_config_class_init(GVirSandboxConfigClass *klass)
G_PARAM_STATIC_NICK |
G_PARAM_STATIC_BLURB));
g_object_class_install_property(object_class,
+ PROP_KERNRELEASE,
+ g_param_spec_string("kernrelease",
+ "Kernrelease",
+ "The kernel release version",
+ NULL,
+ G_PARAM_READABLE |
+ G_PARAM_WRITABLE |
+ G_PARAM_STATIC_NAME |
+ G_PARAM_STATIC_NICK |
+ G_PARAM_STATIC_BLURB));
+ g_object_class_install_property(object_class,
+ PROP_KERNPATH,
+ g_param_spec_string("kernpath",
+ "Kernpath",
+ "The kernel image path",
+ NULL,
+ G_PARAM_READABLE |
+ G_PARAM_WRITABLE |
+ G_PARAM_STATIC_NAME |
+ G_PARAM_STATIC_NICK |
+ G_PARAM_STATIC_BLURB));
+ g_object_class_install_property(object_class,
PROP_SHELL,
g_param_spec_string("shell",
"SHELL",
@@ -388,6 +434,8 @@ static void gvir_sandbox_config_init(GVirSandboxConfig *config)
priv->name = g_strdup("sandbox");
priv->root = g_strdup("/");
priv->arch = g_strdup(uts.machine);
+ priv->kernrelease = g_strdup(uts.release);
+ priv->kernpath = g_strdup_printf("/boot/vmlinuz-%s", priv->kernrelease);
priv->secLabel = g_strdup("system_u:system_r:svirt_t:s0:c0.c1023");
priv->uid = geteuid();
@@ -474,6 +522,70 @@ const gchar *gvir_sandbox_config_get_arch(GVirSandboxConfig *config)
/**
+ * gvir_sandbox_config_set_kernrelease:
+ * @config: (transfer none): the sandbox config
+ * @kernrelease: (transfer none): the host directory
+ *
+ * Set the kernel release version to use in the sandbox. If none is provided,
+ * it will default to matching the current running kernel.
+ * Also sets the default kernel path as /boot/vmlinuz-<release>
+ */
+void gvir_sandbox_config_set_kernrelease(GVirSandboxConfig *config, const gchar *kernrelease)
+{
+ GVirSandboxConfigPrivate *priv = config->priv;
+ g_free(priv->kernrelease);
+ priv->kernrelease = g_strdup(kernrelease);
+ gvir_sandbox_config_set_kernpath(config, g_strdup_printf("/boot/vmlinuz-%s", priv->kernrelease));
+
+}
+
+
+/**
+ * gvir_sandbox_config_get_kernrelease:
+ * @config: (transfer none): the sandbox config
+ *
+ * Retrieves the sandbox kernel release version
+ *
+ * Returns: (transfer none): the current kernel release version
+ */
+const gchar *gvir_sandbox_config_get_kernrelease(GVirSandboxConfig *config)
+{
+ GVirSandboxConfigPrivate *priv = config->priv;
+ return priv->kernrelease;
+}
+/**
+ * gvir_sandbox_config_set_kernpath:
+ * @config: (transfer none): the sandbox config
+ * @kernpath: (transfer none): the host directory
+ *
+ * Set the kernel image path to use in the sandbox. If none is provided,
+ * it will default to matching /boot/vmlinuz-<kernel release>.
+ */
+
+void gvir_sandbox_config_set_kernpath(GVirSandboxConfig *config, const gchar *kernpath)
+{
+ GVirSandboxConfigPrivate *priv = config->priv;
+ g_free(priv->kernpath);
+ priv->kernpath = g_strdup(kernpath);
+}
+
+
+/**
+ * gvir_sandbox_config_get_kernpath:
+ * @config: (transfer none): the sandbox config
+ *
+ * Retrieves the sandbox kernel image path
+ *
+ * Returns: (transfer none): the current kernel image path
+ */
+const gchar *gvir_sandbox_config_get_kernpath(GVirSandboxConfig *config)
+{
+ GVirSandboxConfigPrivate *priv = config->priv;
+ return priv->kernpath;
+}
+
+
+/**
* gvir_sandbox_config_set_shell:
* @config: (transfer none): the sandbox config
* @shell: (transfer none): true if the container should have a shell
@@ -1531,6 +1643,14 @@ static gboolean gvir_sandbox_config_load_config(GVirSandboxConfig *config,
g_free(priv->arch);
priv->arch = str;
}
+ if ((str = g_key_file_get_string(file, "core", "kernrelease", NULL)) != NULL) {
+ g_free(priv->kernrelease);
+ priv->kernrelease = str;
+ }
+ if ((str = g_key_file_get_string(file, "core", "kernpath", NULL)) != NULL) {
+ g_free(priv->kernpath);
+ priv->kernpath = str;
+ }
b = g_key_file_get_boolean(file, "core", "shell", &e);
if (e) {
g_error_free(e);
@@ -1748,6 +1868,8 @@ static void gvir_sandbox_config_save_config(GVirSandboxConfig *config,
g_key_file_set_string(file, "core", "name", priv->name);
g_key_file_set_string(file, "core", "root", priv->root);
g_key_file_set_string(file, "core", "arch", priv->arch);
+ g_key_file_set_string(file, "core", "kernrelease", priv->kernrelease);
+ g_key_file_set_string(file, "core", "kernpath", priv->kernpath);
g_key_file_set_boolean(file, "core", "shell", priv->shell);
g_key_file_set_uint64(file, "identity", "uid", priv->uid);
diff --git a/libvirt-sandbox/libvirt-sandbox-config.h b/libvirt-sandbox/libvirt-sandbox-config.h
index 3902e40..a6c8ae8 100644
--- a/libvirt-sandbox/libvirt-sandbox-config.h
+++ b/libvirt-sandbox/libvirt-sandbox-config.h
@@ -76,6 +76,12 @@ const gchar *gvir_sandbox_config_get_root(GVirSandboxConfig *config);
void gvir_sandbox_config_set_arch(GVirSandboxConfig *config, const gchar *arch);
const gchar *gvir_sandbox_config_get_arch(GVirSandboxConfig *config);
+void gvir_sandbox_config_set_kernrelease(GVirSandboxConfig *config, const gchar *kernrelease);
+const gchar *gvir_sandbox_config_get_kernrelease(GVirSandboxConfig *config);
+
+void gvir_sandbox_config_set_kernpath(GVirSandboxConfig *config, const gchar *kernpath);
+const gchar *gvir_sandbox_config_get_kernpath(GVirSandboxConfig *config);
+
void gvir_sandbox_config_set_shell(GVirSandboxConfig *config, gboolean shell);
gboolean gvir_sandbox_config_get_shell(GVirSandboxConfig *config);
diff --git a/libvirt-sandbox/libvirt-sandbox.sym b/libvirt-sandbox/libvirt-sandbox.sym
index 16cd2ff..424fd98 100644
--- a/libvirt-sandbox/libvirt-sandbox.sym
+++ b/libvirt-sandbox/libvirt-sandbox.sym
@@ -94,6 +94,8 @@ LIBVIRT_SANDBOX_0.0.1 {
gvir_sandbox_config_set_root;
gvir_sandbox_config_set_shell;
gvir_sandbox_config_set_arch;
+gvir_sandbox_config_set_kernrelease;
+gvir_sandbox_config_set_kernpath;
gvir_sandbox_config_set_userid;
gvir_sandbox_config_set_groupid;
gvir_sandbox_config_set_username;
12 years, 6 months