August 2012 - Devel - libvirt List Archives

[libvirt] [PATCH] build: Distribute check-symfile.pl
by Cole Robinson 13 Aug '12

13 Aug '12

Otherwise distcheck can fail with: GEN check-symfile Can't open perl script "../../src/check-symfile.pl": No such file or directory make[4]: *** [check-symfile] Error 2 --- src/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Makefile.am b/src/Makefile.am index 79b4e59..8a93a32 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -331,7 +331,7 @@ else !WITH_REMOTE # re-generated when configured --without-remote. check-protocol: endif -EXTRA_DIST += $(PROTOCOL_STRUCTS) +EXTRA_DIST += $(PROTOCOL_STRUCTS) check-symfile.pl check-local: check-protocol check-symfile .PHONY: check-protocol $(PROTOCOL_STRUCTS:structs=struct) -- 1.7.11.2

2 2

[libvirt] [PATCH v9 0/7] file descriptor passing using fd sets
by Corey Bryant 13 Aug '12

13 Aug '12

libvirt's sVirt security driver provides SELinux MAC isolation for Qemu guest processes and their corresponding image files. In other words, sVirt uses SELinux to prevent a QEMU process from opening files that do not belong to it. sVirt provides this support by labeling guests and resources with security labels that are stored in file system extended attributes. Some file systems, such as NFS, do not support the extended attribute security namespace, and therefore cannot support sVirt isolation. A solution to this problem is to provide fd passing support, where libvirt opens files and passes file descriptors to QEMU. This, along with SELinux policy to prevent QEMU from opening files, can provide image file isolation for NFS files stored on the same NFS mount. This patch series adds the add-fd, remove-fd, and query-fdsets QMP monitor commands, which allow file descriptors to be passed via SCM_RIGHTS, and assigned to specified fd sets. This allows fd sets to be created per file with fds having, for example, different access rights. When QEMU needs to reopen a file with different access rights, it can search for a matching fd in the fd set. Fd sets also allow for easy tracking of fds per file, helping to prevent fd leaks. Support is also added to the block layer to allow QEMU to dup an fd from an fdset when the filename is of the /dev/fdset/nnn format, where nnn is the fd set ID. No new SELinux policy is required to prevent open of NFS files (files with type nfs_t). The virt_use_nfs boolean type simply needs to be set to false, and open will be prevented (and dup will be allowed). For example: # setsebool virt_use_nfs 0 # getsebool virt_use_nfs virt_use_nfs --> off Corey Bryant (7): qemu-char: Add MSG_CMSG_CLOEXEC flag to recvmsg qapi: Introduce add-fd, remove-fd, query-fdsets block: Prevent detection of /dev/fdset/ as floppy block: Convert open calls to qemu_open block: Convert close calls to qemu_close block: Enable qemu_open/close to work with fd sets monitor: Clean up fd sets on monitor disconnect block/raw-posix.c | 46 +++++---- block/raw-win32.c | 6 +- block/vdi.c | 5 +- block/vmdk.c | 25 ++--- block/vpc.c | 4 +- block/vvfat.c | 16 +-- cutils.c | 5 + monitor.c | 287 +++++++++++++++++++++++++++++++++++++++++++++++++++++ monitor.h | 5 + osdep.c | 113 +++++++++++++++++++++ qapi-schema.json | 98 ++++++++++++++++++ qemu-char.c | 12 ++- qemu-common.h | 2 + qemu-tool.c | 20 ++++ qmp-commands.hx | 122 +++++++++++++++++++++++ savevm.c | 4 +- 16 files changed, 715 insertions(+), 55 deletions(-) -- 1.7.10.4

3 18

[libvirt] ANNOUNCE: Release of libvirt-sandbox version 0.1.0
by Daniel P. Berrange 13 Aug '12

13 Aug '12

I pleased to announce the a new public release of libvirt-sandbox, version 0.1.0, is now available for download ftp://libvirt.org/libvirt/sandbox/ The packages are GPG signed with Key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF (4096R) The libvirt-sandbox package provides an API layer on top of libvirt-gobject which facilitates the cration of application sandboxes using virtualization technology. An application sandbox is a virtual machine or container that runs a single application binary, directly from the host OS filesystem. In other words there is no separate guest operating system install to build or manager. At this point in time libvirt-sandbox can create sandboxes using either LXC or KVM, and should in theory be extendable to any libvirt driver. The first release is able to run simple command line based programs. This release has focused on improving the virt-sandbox-service tool, to facilitate creation and management of system services within sandboxes. For example, to allow a single host to easily run 100's of isolated apache instances. Changed in this release: - ABI+API incompatible with previous library, so new soname - Some changes to CLI args for virt-sandbox command - Many fixes to virt-sandbox-service - Use /run/libvirt-sandbox instead of /root/.cache/libvirt when run as root - Fix typo setting RUNDIR - Re-add /kernel suffix to kmod search dir - Add APIs to select kernel version - Fix SEGV when attaching consoles to NULL stdin - Add logrotate script for virt-sandbox-service - Turn GVirSandboxConsole into an abstract class - Configurable keysequence for breaking out of console (defaults to Ctrl+]) - Fix handling of strace debugging - Add APIs to select kmod directory prefix - Require glib >= 2.32 - Refactor APIs for configuring sandbox mounts - Maintain a single sorted list of mounts - Add support for RAM filesystems - Setup tmpfs for /run and /tmp in sandbox services - Remove need to provide executable for sandbox services, just rely on systemd unit filename - Enable admin customization of systemd services in sandbox services - Rewrite part of virt-sandbox-service in C to reduce long term memory overhead - Create custom systemd startup sequence Thanks to everyone who has contributed towards this release. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

1 0

[libvirt] [PATCH] Release only specific sanlock resource
by Frido Roose 13 Aug '12

13 Aug '12

This is a patch for bug 826704 All sanlock resources get released when hot-dettaching a disk from the domain because virLockManagerSanlockRelease uses the wrong function parameters/flags. With the patch only the resources that should be released are cleaned up. Signed-off-by: Frido Roose <frido.roose(a)gmail.com> --- src/locking/lock_driver_sanlock.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c index 7c71af3..0625d09 100644 --- a/src/locking/lock_driver_sanlock.c +++ b/src/locking/lock_driver_sanlock.c @@ -814,7 +814,7 @@ static int virLockManagerSanlockRelease(virLockManagerPtr lock, unsigned int flags) { virLockManagerSanlockPrivatePtr priv = lock->privateData; - int res_count; + int res_count=priv->res_count; int rv; virCheckFlags(0, -1); @@ -834,7 +834,7 @@ static int virLockManagerSanlockRelease(virLockManagerPtr lock, VIR_FREE(*state); } - if ((rv = sanlock_release(-1, priv->vm_pid, SANLK_REL_ALL, 0, NULL)) < 0) { + if ((rv = sanlock_release(-1, priv->vm_pid, 0, res_count, priv->res_args)) < 0) { if (rv <= -200) virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to release lock: error %d"), rv); -- 1.7.1

3 4

[libvirt] Memory leak in virInitialize -> vboxRegister -> VBoxCGlueInit
by Richard W.M. Jones 13 Aug '12

13 Aug '12

https://bugzilla.redhat.com/show_bug.cgi?id=847429 Spotted by valgrind: ==2390== 45 bytes in 1 blocks are definitely lost in loss record 68 of 123 ==2390== at 0x4A086DC: malloc (vg_replace_malloc.c:270) ==2390== by 0x30D060EBA0: _dl_signal_error (in /usr/lib64/ld-2.16.so) ==2390== by 0x30D0612CF2: _dl_open (in /usr/lib64/ld-2.16.so) ==2390== by 0x30D1601025: dlopen_doit (in /usr/lib64/libdl-2.16.so) ==2390== by 0x30D060EDC5: _dl_catch_error (in /usr/lib64/ld-2.16.so) ==2390== by 0x30D160163B: _dlerror_run (in /usr/lib64/libdl-2.16.so) ==2390== by 0x30D16010C0: dlopen@@GLIBC_2.2.5 (in /usr/lib64/libdl-2.16.so) ==2390== by 0x5893994: tryLoadOne (vbox_XPCOMCGlue.c:127) ==2390== by 0x5893BE2: VBoxCGlueInit (vbox_XPCOMCGlue.c:230) ==2390== by 0x589407F: vboxRegister (vbox_driver.c:88) ==2390== by 0x5817568: virInitialize (libvirt.c:450) ==2390== by 0x5492C02: init_libguestfs (guestfs.c:108) libvirt-0.10.0-0rc0.fc18.x86_64 libguestfs calls virInitialize, but (since there is no cleanup function) doesn't do any corresponding cleanup. Is that correct? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#) http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora

3 3

[libvirt] [libvirt-snmp] [PATCH] Fix build rules to use LDADD to add libraries
by Doug Goldstein 13 Aug '12

13 Aug '12

Fix build rules to use LDADD to add libraries to support --as-needed. Also refactored some of the other automake variables in the same fashion of the libvirt's automake rules. Signed-off-by: Doug Goldstein <cardoe(a)cardoe.com> --- configure.ac | 4 ++++ src/Makefile.am | 31 ++++++++++++++++--------------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/configure.ac b/configure.ac index a2bb1ac..9d7d03c 100644 --- a/configure.ac +++ b/configure.ac @@ -3,6 +3,10 @@ AM_INIT_AUTOMAKE([-Wall -Werror]) AC_CONFIG_HEADERS([config.h]) AC_PREREQ([2.50]) + +AC_PROG_CC +AM_PROG_CC_C_O + AC_CHECK_FUNCS([memset]) AC_CHECK_FUNCS([strdup]) AC_CHECK_HEADERS([stdlib.h]) diff --git a/src/Makefile.am b/src/Makefile.am index 6d27bf5..622a280 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,19 +1,5 @@ bin_PROGRAMS=libvirtMib_subagent -AM_CFLAGS = \ - $(COVERAGE_CFLAGS) \ - $(DRIVER_MODULE_CFLAGS) \ - $(SNMP_CFLAGS) \ - $(LIBVIRT_CFLAGS) \ - $(WARN_CFLAGS) \ - $(LOCK_CHECKING_CFLAGS) - -AM_LDFLAGS = \ - $(COVERAGE_LDFLAGS) \ - $(PTHREAD_LIBS) \ - $(LIBVIRT_LIBS) \ - $(SNMP_LIBS) - LIBVIRT_OLD_SRCS = \ threads.c \ event_poll.c \ @@ -58,7 +44,22 @@ HDRS = \ libvirtGuestTable.h libvirtMib_subagent_SOURCES=${SRCS} ${HDRS} -libvirtMib_subagent_LDFLAGS=${AM_LDFLAGS} + +libvirtMib_subagent_CFLAGS= \ + $(DRIVER_MODULE_CFLAGS) \ + $(SNMP_CFLAGS) \ + $(LIBVIRT_CFLAGS) \ + $(COVERAGE_CFLAGS) \ + $(WARN_CFLAGS) \ + $(LOCK_CHECKING_CFLAGS) + +libvirtMib_subagent_LDFLAGS= \ + $(COVERAGE_LDFLAGS) + +libvirtMib_subagent_LDADD= \ + $(PTHREAD_LIBS) \ + $(LIBVIRT_LIBS) \ + $(SNMP_LIBS) if LIBVIRT_OLD libvirtMib_subagent_SOURCES+=${LIBVIRT_OLD_SRCS} ${LIBVIRT_OLD_HDRS} -- 1.7.8.6

3 2

[libvirt] [PATCH v3] json: fix interface locale dependency
by Martin Kletzander 13 Aug '12

13 Aug '12

I'm trying to get a optimized and reusable version of the code fixing libvirt's locale dependency. This time I'm sending two versions of the patch: v1) adds static function virNumberToStr() that converts one number to string base on a parameter defining the format. For float, double and long double there are functions that should be used in the code. v2) adds function for converting only double to string. This version has also a little bit differently separated the conditional code. I personally like the second version better. for two reasons. 1) it looks better, 2) there is no need for special-formatting with C locale unless the result is being parsed by machine in which case the '%lf' is always sufficient. Martin Kletzander (1): json: fix interface locale dependency bootstrap.conf | 1 + configure.ac | 2 +- src/libvirt_private.syms | 3 + src/util/json.c | 2 +- src/util/util.c | 137 ++++++++++++++++++++++++++++++++++++++++++++++ src/util/util.h | 7 ++ 6 files changed, 150 insertions(+), 2 deletions(-) -- 1.7.8.6

2 4

[libvirt] [PATCH 0/1] Add VLAN capability to openvswitch virtualport types
by Kyle Mestery 13 Aug '12

13 Aug '12

With this change, it is now possible to support VLANs (both access and trunks) for openvswitch ports in libvirt. This also takes into account the profileid parameter, as the vlantag parameter is also optional. Examples of this configuration are below. Setup the port as an access port: <interface type='bridge'> <mac address='52:54:00:30:23:a6'/> <source bridge='data-br'/> <virtualport type='openvswitch'> <parameters interfaceid='cdbbbc31-b7fe-16ca-a715-cc7cc76e18b2' vlantag='70'/> </virtualport> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> Setup the port as an trunk port: <interface type='bridge'> <mac address='52:54:00:30:23:a6'/> <source bridge='data-br'/> <virtualport type='openvswitch'> <parameters interfaceid='cdbbbc31-b7fe-16ca-a715-cc7cc76e18b2' vlantag='70,71,72'/> </virtualport> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> src/conf/netdev_vport_profile_conf.c | 34 ++++++++++++++++++++++++++++++---- src/util/virnetdevopenvswitch.c | 23 +++++++++++++++++++++-- src/util/virnetdevvportprofile.h | 2 ++ 3 files changed, 53 insertions(+), 6 deletions(-) -- 1.7.11.2

5 10

[libvirt] [PATCH] Release only specific sanlock resource
by Frido Roose 13 Aug '12

13 Aug '12

This is a patch for bug 826704 All sanlock resources get released when hot-dettaching a disk from the domain because virLockManagerSanlockRelease uses the wrong function parameters/flags. With the patch only the resources that should be released are cleaned up. --- src/locking/lock_driver_sanlock.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c index 7c71af3..0625d09 100644 --- a/src/locking/lock_driver_sanlock.c +++ b/src/locking/lock_driver_sanlock.c @@ -814,7 +814,7 @@ static int virLockManagerSanlockRelease(virLockManagerPtr lock, unsigned int flags) { virLockManagerSanlockPrivatePtr priv = lock->privateData; - int res_count; + int res_count=priv->res_count; int rv; virCheckFlags(0, -1); @@ -834,7 +834,7 @@ static int virLockManagerSanlockRelease(virLockManagerPtr lock, VIR_FREE(*state); } - if ((rv = sanlock_release(-1, priv->vm_pid, SANLK_REL_ALL, 0, NULL)) < 0) { + if ((rv = sanlock_release(-1, priv->vm_pid, 0, res_count, priv->res_args)) < 0) { if (rv <= -200) virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to release lock: error %d"), rv); -- 1.7.1

1 0

[libvirt] [PATCH] build: fix binary location in stap files --with-driver-modules
by Laine Stump 13 Aug '12

13 Aug '12

libvirt_qemu_probes.stp stopped working after switching to a build that used --with-driver-modules. This was because the symbols listed int libvirt_qemu_probes.stp are no longer in $(bindir)/libvirtd, but are now in $(libdir)/connection-driver/libvirt_driver_qemu.so. This patch enhances dtrace2systemtap.pl (which generates the .stp files from .d files) to look for a new "module" setting in the comments of the .d file (similar to the existing "binary" setting), and to look for a --with-modules option. If the --with-modules option is set *and* a "module" setting is present in the .d file, the process name for the stap line is set to $libdir/$module If either of these isn't true, it reverts to the old behavior. src/Makefile.am was also modified to add the --with-modules option when the build calls for it, and src/libvirt_qemu_probes.d has added a "module" line pointing to the correct .so file for the qemu driver. --- src/Makefile.am | 7 +++++-- src/dtrace2systemtap.pl | 12 ++++++++++++ src/libvirt_qemu_probes.d | 1 + 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 6ed4a41..79b4e59 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1393,6 +1393,9 @@ nodist_libvirt_la_SOURCES = libvirt_probes.h if WITH_REMOTE nodist_libvirt_driver_remote_la_SOURCES = libvirt_probes.h endif WITH_REMOTE +if WITH_DRIVER_MODULES +DTRACE2SYSTEMTAP_FLAGS = --with-modules +endif BUILT_SOURCES += libvirt_probes.h libvirt_probes.stp libvirt_functions.stp @@ -1429,9 +1432,9 @@ RPC_PROBE_FILES = $(srcdir)/rpc/virnetprotocol.x \ libvirt_functions.stp: $(RPC_PROBE_FILES) $(srcdir)/rpc/gensystemtap.pl $(AM_V_GEN)$(PERL) -w $(srcdir)/rpc/gensystemtap.pl $(RPC_PROBE_FILES) > $@ -%_probes.stp: %_probes.d $(srcdir)/dtrace2systemtap.pl +%_probes.stp: %_probes.d $(srcdir)/dtrace2systemtap.pl $(top_builddir)/config.status $(AM_V_GEN)$(PERL) -w $(srcdir)/dtrace2systemtap.pl \ - $(bindir) $(sbindir) $(libdir) $< > $@ + $(DTRACE2SYSTEMTAP_FLAGS) $(bindir) $(sbindir) $(libdir) $< > $@ CLEANFILES += libvirt_probes.h libvirt_probes.o libvirt_probes.lo \ libvirt_qemu_probes.h libvirt_qemu_probes.o \ diff --git a/src/dtrace2systemtap.pl b/src/dtrace2systemtap.pl index c8d42d7..d57de68 100755 --- a/src/dtrace2systemtap.pl +++ b/src/dtrace2systemtap.pl @@ -31,6 +31,13 @@ my $file; my @files; my %files; +my $with_modules = 0; +if ($ARGV[0] eq "--with-modules") { + # set if we want to honor the "module" setting in the .d file + $with_modules = 1; + shift @ARGV; +} + my $bindir = shift @ARGV; my $sbindir = shift @ARGV; my $libdir = shift @ARGV; @@ -54,6 +61,8 @@ while (<>) { $files{$file}->{prefix} = $1; } elsif (m,^\s*\#\s*binary:\s*(\S+)\s*$,) { $files{$file}->{binary} = $1; + } elsif (m,^\s*\#\s*module:\s*(\S+)\s*$,) { + $files{$file}->{module} = $1; } else { # ignore unknown comments } @@ -98,6 +107,9 @@ foreach my $file (@files) { if (exists $files{$file}->{binary}) { $binary = $sbindir . "/" . $files{$file}->{binary}; } + if ($with_modules && exists $files{$file}->{module}) { + $binary = $libdir . "/" . $files{$file}->{module}; + } print "probe $pname = process(\"$binary\").mark(\"$name\") {\n"; diff --git a/src/libvirt_qemu_probes.d b/src/libvirt_qemu_probes.d index 6916778..e4449a9 100644 --- a/src/libvirt_qemu_probes.d +++ b/src/libvirt_qemu_probes.d @@ -2,6 +2,7 @@ provider libvirt { # file: src/qemu/qemu_monitor.c # prefix: qemu # binary: libvirtd + # module: libvirt/connection-driver/libvirt_driver_qemu.so # Monitor lifecycle probe qemu_monitor_new(void *mon, int refs, int fd); probe qemu_monitor_ref(void *mon, int refs); -- 1.7.11.2

3 3