[libvirt] [PATCHv2] svirt: Label serial sockets (RHBZ#853393).
by Richard W.M. Jones
From: "Richard W.M. Jones" <rjones(a)redhat.com>
libvirt skips labelling these, for unknown reasons. This breaks
libguestfs. Adding this and some SELinux rules (RHBZ#857453) fixes
everything for me.
---
src/security/security_selinux.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a7e2420..4214105 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1233,6 +1233,14 @@ virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
ret = virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel);
break;
+ case VIR_DOMAIN_CHR_TYPE_UNIX:
+ if (!dev->data.nix.listen) {
+ if (virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0)
+ goto done;
+ }
+ ret = 0;
+ break;
+
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
@@ -1284,6 +1292,15 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
goto done;
ret = 0;
break;
+
+ case VIR_DOMAIN_CHR_TYPE_UNIX:
+ if (!dev->data.nix.listen) {
+ if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0)
+ goto done;
+ }
+ ret = 0;
+ break;
+
case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0) ||
(virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) {
--
1.7.10.4
12 years, 3 months
[libvirt] [libvirt-designer][PATCH v2 0/4] Yet another functional extension
by Michal Privoznik
This time aimed on virtxml tool to make it user friendlier a little bit.
Michal Privoznik (4):
virtxml: Init variables
virtxml: Detect OS from given ISO
virtxml: Detect platform from libvirt connection URI
Implement resources setting
configure.ac | 2 +-
examples/virtxml.c | 260 +++++++++++++++++++++++++---
libvirt-designer/libvirt-designer-domain.c | 91 ++++++++++
libvirt-designer/libvirt-designer-domain.h | 8 +
libvirt-designer/libvirt-designer.sym | 1 +
5 files changed, 335 insertions(+), 27 deletions(-)
--
1.7.8.6
12 years, 3 months
[libvirt] [PATCHv2 0/4] qemu: Add seccomp sandbox support
by Ján Tomko
This series adds support to run QEMU with seccomp sandbox enabled. It can be
configured in qemu.conf to on, off, or the QEMU default, which is off in 1.2.
Default value is the QEMU default.
V1 of the patches supports tri-state configuration and includes a test for
detecting the capability.
V2 includes libvirtd_qemu.aug, renames vague 'sandbox' to 'seccompSandbox'
and prints an error if the sandbox was requested but QEMU doesn't have the
capability.
Ján Tomko (4):
qemu: add capability flag for seccomp sandbox
qemu: conf: add seccomp_sandbox option
qemu: add -sandbox to command line if requested
tests: add qemu-1.2.0 help data
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 8 +
src/qemu/qemu_capabilities.c | 3 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 11 ++
src/qemu/qemu_conf.c | 5 +
src/qemu/qemu_conf.h | 1 +
tests/qemuhelpdata/qemu-1.2.0 | 270 ++++++++++++++++++++++++++++++++++
tests/qemuhelpdata/qemu-1.2.0-device | 181 +++++++++++++++++++++++
tests/qemuhelptest.c | 82 ++++++++++
10 files changed, 563 insertions(+), 0 deletions(-)
create mode 100644 tests/qemuhelpdata/qemu-1.2.0
create mode 100644 tests/qemuhelpdata/qemu-1.2.0-device
--
1.7.8.6
12 years, 3 months
[libvirt] [PATCH 0/6 v3] New APIs to get/set node memory tunables
by Osier Yang
v1:
https://www.redhat.com/archives/libvir-list/2012-September/msg00517.html
v1 - v2:
* Rename virNode{Get,Set}SharedMemoryParameters to
virNode{Get,Set}MemoryParameters, in case of we could add more
node memory tunables in future.
v2 - v3:
* Add prefix "shm_" to the shared memory parameter field.
* Change REMOTE_NODE_MEMORY_PARAMETERS_MAX from 16 to 64.
* Helper fucntions for internal APIs (node{Get,Set}MemoryParameters)
* Add "shm" prefix for the virsh options.
As a result of RFC:
https://www.redhat.com/archives/libvir-list/2012-August/msg01998.html,
this adds two new APIs (virNode{Get,Set}MemoryParameters) to get
and set the host shared memory tunables (ksm under linux).
Osier Yang (6):
node_memory: Define the APIs to get/set memory parameters
node_memory: Wire up the RPC protocol
node_memory: Implement the internal APIs
node_memory: Support get/set memory parameters for drivers
node_memory: Expose the APIs to virsh
node_memory: Expose the APIs to Python bindings
daemon/remote.c | 59 +++++++++
include/libvirt/libvirt.h.in | 63 ++++++++++
python/generator.py | 2 +
python/libvirt-override-api.xml | 13 ++
python/libvirt-override.c | 125 ++++++++++++++++++++
src/driver.h | 14 ++
src/libvirt.c | 121 +++++++++++++++++++
src/libvirt_private.syms | 2 +
src/libvirt_public.syms | 2 +
src/lxc/lxc_driver.c | 2 +
src/nodeinfo.c | 249 +++++++++++++++++++++++++++++++++++++++
src/nodeinfo.h | 10 ++
src/qemu/qemu_driver.c | 2 +
src/remote/remote_driver.c | 50 ++++++++
src/remote/remote_protocol.x | 24 ++++-
src/remote_protocol-structs | 20 +++
src/rpc/gendispatch.pl | 3 +
src/uml/uml_driver.c | 2 +
src/xen/xen_driver.c | 3 +
tools/virsh-host.c | 116 ++++++++++++++++++
tools/virsh.pod | 8 ++
21 files changed, 889 insertions(+), 1 deletions(-)
--
1.7.7.3
12 years, 3 months
[libvirt] [PATCH 0/5 v5] Atomic API to list secrets
by Osier Yang
v4 - v5:
* Support filter the returned secrets by its properties
"ephemeral" and "private".
Osier Yang (5):
list: Define new API virConnectListAllSecrets
list: Implement RPC calls for virConnectListAllSecrets
list: Implement listAllSecrets
list: Expose virConnectListAllSecrets to Python binding
list: Use virConnectListAllSecrets in virsh
daemon/remote.c | 54 +++++++++
include/libvirt/libvirt.h.in | 21 ++++
python/generator.py | 1 +
python/libvirt-override-api.xml | 6 +
python/libvirt-override-virConnect.py | 12 ++
python/libvirt-override.c | 48 ++++++++
src/conf/secret_conf.h | 12 ++
src/driver.h | 5 +
src/libvirt.c | 66 +++++++++++
src/libvirt_public.syms | 1 +
src/remote/remote_driver.c | 64 ++++++++++
src/remote/remote_protocol.x | 13 ++-
src/remote_protocol-structs | 12 ++
src/secret/secret_driver.c | 82 +++++++++++++-
tools/virsh-secret.c | 209 ++++++++++++++++++++++++++++-----
tools/virsh.pod | 8 +-
16 files changed, 581 insertions(+), 33 deletions(-)
--
1.7.7.3
12 years, 3 months
[libvirt] [PATCH 0/5 v4] Atomic API to list network filters
by Osier Yang
v3 - v4:
* Just rebase on the top, and split the patches from v3's large set.
Osier Yang (5):
list: Define new API virConnectListAllNWFilters
list: Implement RPC calls for virConnectListAllNWFilters
list: Implement listAllNWFilters
list: Expose virConnectListAllNWFilters to Python binding
list: Use virConnectListAllNWFilters in virsh
daemon/remote.c | 54 +++++++++++
include/libvirt/libvirt.h.in | 4 +-
python/generator.py | 1 +
python/libvirt-override-api.xml | 6 +
python/libvirt-override-virConnect.py | 12 +++
python/libvirt-override.c | 48 ++++++++++
src/driver.h | 5 +
src/libvirt.c | 50 ++++++++++
src/libvirt_public.syms | 1 +
src/nwfilter/nwfilter_driver.c | 56 +++++++++++
src/remote/remote_driver.c | 63 +++++++++++++
src/remote/remote_protocol.x | 13 +++-
src/remote_protocol-structs | 12 +++
tools/virsh-nwfilter.c | 163 +++++++++++++++++++++++++++------
14 files changed, 457 insertions(+), 31 deletions(-)
--
1.7.7.3
12 years, 3 months
[libvirt] [PATCH 0/7 v4] Atomic API to list node devices
by Osier Yang
v3 - v4:
* Just rebase on the top, split the patches from v3's larget set.
Osier Yang (7):
list: Define new API virConnectListAllNodeDevices
list: Implemente RPC calls for virConnectListAllNodeDevices
list: Add helpers for listing node devices
list: Implement listAllNodeDevices
list: Expose virConnectListAllNodeDevices to Python binding
virsh: Fix a bug of nodedev-list
list: Use virConnectListAllNodeDevices in virsh
daemon/remote.c | 53 ++++++
include/libvirt/libvirt.h.in | 25 +++
python/generator.py | 1 +
python/libvirt-override-api.xml | 6 +
python/libvirt-override-virConnect.py | 12 ++
python/libvirt-override.c | 48 +++++
src/conf/node_device_conf.c | 103 +++++++++++
src/conf/node_device_conf.h | 16 ++
src/driver.h | 4 +
src/libvirt.c | 62 +++++++
src/libvirt_private.syms | 2 +
src/libvirt_public.syms | 1 +
src/node_device/node_device_driver.c | 15 ++
src/node_device/node_device_driver.h | 3 +
src/node_device/node_device_hal.c | 1 +
src/node_device/node_device_udev.c | 1 +
src/remote/remote_driver.c | 64 +++++++
src/remote/remote_protocol.x | 13 ++-
src/remote_protocol-structs | 12 ++
tools/virsh-nodedev.c | 303 ++++++++++++++++++++++++++++-----
tools/virsh.pod | 8 +-
21 files changed, 710 insertions(+), 43 deletions(-)
--
1.7.7.3
12 years, 3 months
[libvirt] libvirt plans: dns support for IPv6?
by Gene Czarcinski
I would like to know what the plans are for supporting dns for virtual
guests with only IPv6.
My objective is to be able to reference a virtual guest for the host ...
doing ssh, scp, etc. such functions work just fine if you specify the
ip-address but, after a while, those ip-addresses are difficult to
remember ... afterall, that is why dns exists.
For IPv4, with a some patches to libvert implementing "--local=/virt/
--domain-needed" if "--domain virt" is specified, I am now able to ssh
to guests by name.
The additions needed are to run the NetworkManager supporting
"--conf-dir=/etc/NetworkManager/dnsmasq.d/" (or patch it like I did),
and add a file specifying the dnsmasq on the virtual NIC. For example,
server=/virt/,192.168.122.1 will forward queries.
Alternatively, you can run yet another dnsmasq on the host which just
passes queries to the dnsmasq and modify your upstream dns server to
forward any queries for the virtual domains to the dnsmasq on the host.
IPv6 is another situation entirely. And it may be even more important
to have dns support because if IPv4 address are difficult to remember,
IPv6 are practically impossible.
So, are there any plans for providing dns on the IPv6 virtual networks?
I can see a couple of solutions and each has pluses and minuses.
1. Do it the same way the it is done for IPv4. The current version of
dnsmasq (2.63) supports dhcp for IPv6 and, IIRC, has since 2.61. I
realize that you need to continue support of libvirt on RHEL 6 and
possibly others that are running an old version of dnsmasq, but isn't it
time to move along? While you can manually configure IPv6 interfaces so
that you can add the definitions to a /etc/host file, this is not a good
approach from my perspective. The use of dnsmasq also allows
specification of different domains for each virtual IPv6 network.
2. There is another approach and it would be useful for both dnsmasq and
this approach be available. That is, continue to use radvd and have the
virtual guests autoconf the ip addresses. Then use mDNS (avahi and
nss-mdns) to support access by name. This does not require doing
anything about dnsmasq. In fact, it is possible thatyou do not need it
at all. In addition, the plans for Fedora 18 are to make mDNS the
default for Desktop installs [I am not sure what that means]. A big
problem is that there is only a single domain which is ".local" by
default. An even bigger problem is that ssh (openssh) has an error if a
mDNS name is specified.
I noticed that Daniel Berrange has put in a bugzilla request that
dnsmasq be updated.
If someone is already coding up patches to add dhcp for IPv6 or will
"real soon now", I will be happy to test it. Otherwise, I could take a
shot at coming up with the patches.
Gene
12 years, 3 months
[libvirt] [V2 PATCH 0/3] Transport Open vSwitch per-port data during live migration
by Kyle Mestery
This series of commits has the end goal of allowing per-port data stored
in the Open vSwitch DB to be transported during live migration. This is
done by first providing a generic infrastructure for transporting network
data, adding some utility functions specific to Open vSwitch, and hooking
the two together.
The framework provided is generic in that other networking data could be
transferred as well by simply adding in additional hooks as needed.
----
V2 of this patch series fixes some issues found when migrating VMs on
standard Linux bridges.
Kyle Mestery (3):
Add the ability for the Qemu V3 migration protocol to include
transporting network configuration. A generic framework is proposed
with this patch to allow for the transfer of opaque data.
Add utility functions for Open vSwitch to both save per-port data
before a live migration, and restore the per-port data after a
live migration.
Transport Open vSwitch per-port data during live migration by
using the utility functions virNetDevOpenvswitchGetMigrateData()
and virNetDevOpenvswitchSetMigrateData().
src/libvirt_private.syms | 2 +
src/qemu/qemu_migration.c | 291 +++++++++++++++++++++++++++++++++++++++-
src/util/virnetdevopenvswitch.c | 71 ++++++++++
src/util/virnetdevopenvswitch.h | 6 +
4 files changed, 368 insertions(+), 2 deletions(-)
--
1.7.11.4
12 years, 3 months