January 2015 - Devel - libvirt List Archives

[libvirt] [PATCH] lxc: Cleaning up mount setup
by Daniel P. Berrange 09 Jan '15

09 Jan '15

We have historically done a number of things with LXC that are somewhat questionable in retrospect 1. Mounted /proc/sys read-only, but then mounted /proc/sys/net/ipv* read-write again 2. Mounted /sys read only 3. Mount /sys/fs/cgroup/NNN/the/guest/dir to /sys/fs/cgroup/NNN 4. FUSE mount on /proc/meminfo Items 1 & 2 are pointless as they offer no security benefit either with or without user namespaces. Without userns it is always insecure, with userns it is always secure, no matter what the mount state is. Item 3 is some what dubious, since /proc/self/cgroup paths for processes are now not visible at /sys/fs/cgroup. This really confuses systemd inside the container making it create a broken layout Item 4 is some what dubious, since we're only changing some of the fields in /proc/meminfo. It helps apps which blindly parse /proc/meminfo to determine free system resources they can consume. Those apps are broken even without containers being involved though, since any application must expect to be placed inside a cgroup with limited resources. Faking /proc/meminfo is a pretty limited workaround that just delays the inevitable fixing of such apps.. The patch that follows just removes the items 1 & 2, but I'm thinking we should go further and remove items 3 & 4 too. Changing 4 in particular though is certainly classed as a guest ABI change though, so is not something distros may wish to see when upgrading libvirt. There is scope to argue that 1-3 are guest ABI changes too In full machine virt world, we deal with this using machine types. eg each new KVM version introduces a new machine type which models the guest ABI in a stable fashion. Guest machine types are fixed at time of first deployment. So when libvirt / KVM is upgraded, existing guests will not see any changes, but new guests will automatically get the new machine type. I'm thinking we might want make use of this in LXC before making these changes. eg introduce a new machine 'libvirt-lxc-1' to represent the current guest mount setup and make sure all existing guests get that machine type. Then introduce a new machine type libvirt-lxc-2 that removes all this cruft, which new guests will get by default. Alternatively we could call them 'libvirt-lxc-compat-1' and 'libvirt-lxc-bare-1' to give a clearer indication of their functional difference and version them separately in the future ? Regards, Daniel Daniel P. Berrange (1): lxc: Stop mouning /proc and /sys read only src/lxc/lxc_container.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) -- 2.1.0

3 7

[libvirt] [PATCH] maint: in makefiles, $(top_srcdir)/src is verbose
by Eric Blake 08 Jan '15

08 Jan '15

I noticed this while working on the previous commit. Why should we be calling out '../src/' when it is sufficient to refer to just './'? Blind copy-and-paste runs rampant in this file :) * src/Makefile.am (INCLUDES, *_CFLAGS): Shorten to $(srcdir). Signed-off-by: Eric Blake <eblake(a)redhat.com> --- I'll wait for a review on this one. Let me know if I should redo the patch to keep trailing \ lined up in the sections where it started as aligned... src/Makefile.am | 112 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index f970d60..645d801 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -29,7 +29,7 @@ INCLUDES = -I../gnulib/lib \ -I$(top_srcdir) \ -I../include \ -I$(top_srcdir)/include \ - -I$(top_srcdir)/src/util \ + -I$(srcdir)/util \ -DIN_LIBVIRT \ -Dabs_topbuilddir="\"$(abs_topbuilddir)\"" \ $(GETTEXT_CPPFLAGS) @@ -1036,7 +1036,7 @@ libvirt_util_la_CFLAGS = $(CAPNG_CFLAGS) $(YAJL_CFLAGS) $(LIBNL_CFLAGS) \ $(AM_CFLAGS) $(AUDIT_CFLAGS) $(DEVMAPPER_CFLAGS) \ $(DBUS_CFLAGS) $(LDEXP_LIBM) $(NUMACTL_CFLAGS) \ $(SYSTEMD_DAEMON_CFLAGS) $(POLKIT_CFLAGS) \ - -I$(top_srcdir)/src/conf + -I$(srcdir)/conf libvirt_util_la_LIBADD = $(CAPNG_LIBS) $(YAJL_LIBS) $(LIBNL_LIBS) \ $(THREAD_LIBS) $(AUDIT_LIBS) $(DEVMAPPER_LIBS) \ $(LIB_CLOCK_GETTIME) $(DBUS_LIBS) $(MSCOM_LIBS) $(LIBXML_LIBS) \ @@ -1054,7 +1054,7 @@ libvirt_conf_la_LIBADD = $(LIBXML_LIBS) noinst_LTLIBRARIES += libvirt_cpu.la libvirt_la_BUILT_LIBADD += libvirt_cpu.la libvirt_cpu_la_CFLAGS = \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_cpu_la_SOURCES = $(CPU_SOURCES) libvirt_cpu_la_DEPENDENCIES = $(abs_builddir)/cpu/cpu_map.xml @@ -1065,7 +1065,7 @@ if WITH_VMX noinst_LTLIBRARIES += libvirt_vmx.la libvirt_la_BUILT_LIBADD += libvirt_vmx.la libvirt_vmx_la_CFLAGS = \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_vmx_la_SOURCES = $(VMX_SOURCES) endif WITH_VMX @@ -1075,14 +1075,14 @@ if WITH_XENCONFIG noinst_LTLIBRARIES += libvirt_xenxldiskparser.la libvirt_xenxldiskparser_la_CFLAGS = \ -I$(srcdir)/xenconfig \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) -Wno-unused-parameter + -I$(srcdir)/conf $(AM_CFLAGS) -Wno-unused-parameter libvirt_xenxldiskparser_la_SOURCES = \ $(XENXLDISKPARSER_SOURCES) noinst_LTLIBRARIES += libvirt_xenconfig.la libvirt_la_BUILT_LIBADD += libvirt_xenconfig.la libvirt_xenconfig_la_CFLAGS = \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_xenconfig_la_LIBADD = libvirt_xenxldiskparser.la libvirt_xenconfig_la_SOURCES = $(XENCONFIG_SOURCES) endif WITH_XENCONFIG @@ -1094,7 +1094,7 @@ libvirt_driver_la_SOURCES = $(DRIVER_SOURCES) libvirt_driver_la_CFLAGS = \ $(GNUTLS_CFLAGS) $(CURL_CFLAGS) \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_driver_la_LIBADD = \ $(GNUTLS_LIBS) $(CURL_LIBS) $(DLOPEN_LIBS) @@ -1111,7 +1111,7 @@ if WITH_TEST noinst_LTLIBRARIES += libvirt_driver_test.la libvirt_la_BUILT_LIBADD += libvirt_driver_test.la libvirt_driver_test_la_CFLAGS = \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_driver_test_la_SOURCES = $(TEST_DRIVER_SOURCES) endif WITH_TEST @@ -1121,8 +1121,8 @@ libvirt_la_BUILT_LIBADD += libvirt_driver_remote.la libvirt_driver_remote_la_CFLAGS = \ $(GNUTLS_CFLAGS) \ $(XDR_CFLAGS) \ - -I$(top_srcdir)/src/conf \ - -I$(top_srcdir)/src/rpc \ + -I$(srcdir)/conf \ + -I$(srcdir)/rpc \ $(AM_CFLAGS) libvirt_driver_remote_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_remote_la_LIBADD = $(GNUTLS_LIBS) \ @@ -1159,9 +1159,9 @@ endif ! WITH_DRIVER_MODULES libvirt_driver_xen_impl_la_CFLAGS = \ $(XEN_CFLAGS) \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ - -I$(top_srcdir)/src/xenconfig \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ + -I$(srcdir)/xenconfig \ $(AM_CFLAGS) libvirt_driver_xen_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_xen_impl_la_LIBADD = $(XEN_LIBS) @@ -1173,7 +1173,7 @@ noinst_LTLIBRARIES += libvirt_driver_phyp.la libvirt_la_BUILT_LIBADD += libvirt_driver_phyp.la libvirt_driver_phyp_la_LIBADD = $(SSH2_LIBS) libvirt_driver_phyp_la_CFLAGS = $(SSH2_CFLAGS) \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_driver_phyp_la_SOURCES = $(PHYP_DRIVER_SOURCES) endif WITH_PHYP @@ -1181,7 +1181,7 @@ if WITH_OPENVZ noinst_LTLIBRARIES += libvirt_driver_openvz.la libvirt_la_BUILT_LIBADD += libvirt_driver_openvz.la libvirt_driver_openvz_la_CFLAGS = \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_driver_openvz_la_SOURCES = $(OPENVZ_DRIVER_SOURCES) endif WITH_OPENVZ @@ -1189,7 +1189,7 @@ if WITH_VMWARE noinst_LTLIBRARIES += libvirt_driver_vmware.la libvirt_la_BUILT_LIBADD += libvirt_driver_vmware.la libvirt_driver_vmware_la_CFLAGS = \ - -I$(top_srcdir)/src/conf -I$(top_srcdir)/src/vmx $(AM_CFLAGS) + -I$(srcdir)/conf -I$(srcdir)/vmx $(AM_CFLAGS) libvirt_driver_vmware_la_SOURCES = $(VMWARE_DRIVER_SOURCES) endif WITH_VMWARE @@ -1225,7 +1225,7 @@ libvirt_driver_vbox_la_LIBADD += libvirt_driver_vbox_network_impl.la \ endif ! WITH_DRIVER_MODULES libvirt_driver_vbox_impl_la_CFLAGS = \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/conf \ $(AM_CFLAGS) \ -DVBOX_DRIVER libvirt_driver_vbox_impl_la_LDFLAGS = $(AM_LDFLAGS) @@ -1235,7 +1235,7 @@ libvirt_driver_vbox_impl_la_LIBADD = $(DLOPEN_LIBS) \ libvirt_driver_vbox_impl_la_SOURCES = $(VBOX_DRIVER_SOURCES) libvirt_driver_vbox_network_impl_la_CFLAGS = \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/conf \ $(AM_CFLAGS) \ -DVBOX_NETWORK_DRIVER libvirt_driver_vbox_network_impl_la_LDFLAGS = $(AM_LDFLAGS) @@ -1246,7 +1246,7 @@ libvirt_driver_vbox_network_impl_la_LIBADD = $(DLOPEN_LIBS) \ libvirt_driver_vbox_network_impl_la_SOURCES = $(VBOX_NETWORK_DRIVER_SOURCES) libvirt_driver_vbox_storage_impl_la_CFLAGS = \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/conf \ $(AM_CFLAGS) \ -DVBOX_STORAGE_DRIVER libvirt_driver_vbox_storage_impl_la_LDFLAGS = $(AM_LDFLAGS) @@ -1261,7 +1261,7 @@ if WITH_XENAPI noinst_LTLIBRARIES += libvirt_driver_xenapi.la libvirt_la_BUILT_LIBADD += libvirt_driver_xenapi.la libvirt_driver_xenapi_la_CFLAGS = $(LIBXENSERVER_CFLAGS) $(CURL_CFLAGS) \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_driver_xenapi_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_xenapi_la_LIBADD = $(LIBXENSERVER_LIBS) $(CURL_LIBS) libvirt_driver_xenapi_la_SOURCES = $(XENAPI_DRIVER_SOURCES) @@ -1283,9 +1283,9 @@ endif ! WITH_DRIVER_MODULES libvirt_driver_libxl_impl_la_CFLAGS = \ $(LIBXL_CFLAGS) \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ - -I$(top_srcdir)/src/xenconfig \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ + -I$(srcdir)/xenconfig \ $(AM_CFLAGS) libvirt_driver_libxl_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_libxl_impl_la_LIBADD = $(LIBXL_LIBS) libvirt_xenconfig.la @@ -1309,8 +1309,8 @@ endif ! WITH_DRIVER_MODULES libvirt_driver_qemu_impl_la_CFLAGS = \ $(GNUTLS_CFLAGS) \ $(LIBNL_CFLAGS) \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ $(AM_CFLAGS) libvirt_driver_qemu_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_qemu_impl_la_LIBADD = $(CAPNG_LIBS) \ @@ -1348,8 +1348,8 @@ endif ! WITH_DRIVER_MODULES libvirt_driver_lxc_impl_la_CFLAGS = \ $(LIBNL_CFLAGS) \ $(FUSE_CFLAGS) \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ $(AM_CFLAGS) libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(FUSE_LIBS) if WITH_BLKID @@ -1383,8 +1383,8 @@ noinst_LTLIBRARIES += libvirt_driver_uml.la endif ! WITH_DRIVER_MODULES libvirt_driver_uml_impl_la_CFLAGS = \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ $(AM_CFLAGS) libvirt_driver_uml_impl_la_LDFLAGS = $(AM_LDFLAGS) # libvirt_driver_uml_impl_la_LIBADD = @@ -1412,7 +1412,7 @@ if WITH_ESX noinst_LTLIBRARIES += libvirt_driver_esx.la libvirt_la_BUILT_LIBADD += libvirt_driver_esx.la libvirt_driver_esx_la_CFLAGS = $(CURL_CFLAGS) \ - -I$(top_srcdir)/src/conf -I$(top_srcdir)/src/vmx $(AM_CFLAGS) + -I$(srcdir)/conf -I$(srcdir)/vmx $(AM_CFLAGS) libvirt_driver_esx_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_esx_la_LIBADD = $(CURL_LIBS) libvirt_driver_esx_la_SOURCES = $(ESX_DRIVER_SOURCES) @@ -1440,7 +1440,7 @@ if WITH_HYPERV noinst_LTLIBRARIES += libvirt_driver_hyperv.la libvirt_la_BUILT_LIBADD += libvirt_driver_hyperv.la libvirt_driver_hyperv_la_CFLAGS = $(OPENWSMAN_CFLAGS) \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_driver_hyperv_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_hyperv_la_LIBADD = $(OPENWSMAN_LIBS) libvirt_driver_hyperv_la_SOURCES = $(HYPERV_DRIVER_SOURCES) @@ -1450,7 +1450,7 @@ if WITH_PARALLELS noinst_LTLIBRARIES += libvirt_driver_parallels.la libvirt_la_BUILT_LIBADD += libvirt_driver_parallels.la libvirt_driver_parallels_la_CFLAGS = \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) \ + -I$(srcdir)/conf $(AM_CFLAGS) \ $(PARALLELS_SDK_CFLAGS) libvirt_driver_parallels_la_LIBADD = $(PARALLELS_SDK_LIBS) libvirt_driver_parallels_la_SOURCES = $(PARALLELS_DRIVER_SOURCES) @@ -1469,8 +1469,8 @@ noinst_LTLIBRARIES += libvirt_driver_bhyve.la endif ! WITH_DRIVER_MODULES libvirt_driver_bhyve_impl_la_CFLAGS = \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ $(AM_CFLAGS) libvirt_driver_bhyve_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_bhyve_impl_la_SOURCES = $(BHYVE_DRIVER_SOURCES) @@ -1496,8 +1496,8 @@ endif ! WITH_DRIVER_MODULES libvirt_driver_network_impl_la_CFLAGS = \ $(LIBNL_CFLAGS) \ $(DBUS_CFLAGS) \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ $(AM_CFLAGS) libvirt_driver_network_impl_la_SOURCES = $(NETWORK_DRIVER_SOURCES) libvirt_driver_network_impl_la_LIBADD = $(DBUS_LIBS) @@ -1514,8 +1514,8 @@ noinst_LTLIBRARIES += libvirt_driver_interface.la #libvirt_la_BUILT_LIBADD += libvirt_driver_interface.la endif ! WITH_DRIVER_MODULES libvirt_driver_interface_la_CFLAGS = \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ $(AM_CFLAGS) $(LIBNL_CFLAGS) libvirt_driver_interface_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_interface_la_LIBADD = @@ -1544,8 +1544,8 @@ noinst_LTLIBRARIES += libvirt_driver_secret.la #libvirt_la_BUILT_LIBADD += libvirt_driver_secret.la endif ! WITH_DRIVER_MODULES libvirt_driver_secret_la_CFLAGS = \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ $(AM_CFLAGS) if WITH_DRIVER_MODULES libvirt_driver_secret_la_LIBADD = ../gnulib/lib/libgnu.la @@ -1557,8 +1557,8 @@ endif WITH_SECRETS # Needed to keep automake quiet about conditionals libvirt_driver_storage_impl_la_SOURCES = libvirt_driver_storage_impl_la_CFLAGS = \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ $(AM_CFLAGS) libvirt_driver_storage_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_storage_impl_la_LIBADD = @@ -1637,8 +1637,8 @@ endif ! WITH_DRIVER_MODULES libvirt_driver_nodedev_la_SOURCES = $(NODE_DEVICE_DRIVER_SOURCES) libvirt_driver_nodedev_la_CFLAGS = \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ $(AM_CFLAGS) $(LIBNL_CFLAGS) libvirt_driver_nodedev_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_nodedev_la_LIBADD = @@ -1679,8 +1679,8 @@ libvirt_driver_nwfilter_impl_la_CFLAGS = \ $(LIBPCAP_CFLAGS) \ $(LIBNL_CFLAGS) \ $(DBUS_CFLAGS) \ - -I$(top_srcdir)/src/access \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ $(AM_CFLAGS) libvirt_driver_nwfilter_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_nwfilter_impl_la_LIBADD = \ @@ -1699,7 +1699,7 @@ libvirt_security_manager_la_SOURCES = $(SECURITY_DRIVER_SOURCES) noinst_LTLIBRARIES += libvirt_security_manager.la libvirt_la_BUILT_LIBADD += libvirt_security_manager.la libvirt_security_manager_la_CFLAGS = \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_security_manager_la_LDFLAGS = $(AM_LDFLAGS) libvirt_security_manager_la_LIBADD = $(SECDRIVER_LIBS) if WITH_SECDRIVER_SELINUX @@ -1716,7 +1716,7 @@ libvirt_driver_access_la_SOURCES = \ noinst_LTLIBRARIES += libvirt_driver_access.la libvirt_la_BUILT_LIBADD += libvirt_driver_access.la libvirt_driver_access_la_CFLAGS = \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(srcdir)/conf $(AM_CFLAGS) libvirt_driver_access_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_access_la_LIBADD = @@ -2257,8 +2257,8 @@ libvirt_setuid_rpc_client_la_LDFLAGS = \ $(NULL) libvirt_setuid_rpc_client_la_CFLAGS = \ -DLIBVIRT_SETUID_RPC_CLIENT \ - -I$(top_srcdir)/src/conf \ - -I$(top_srcdir)/src/rpc \ + -I$(srcdir)/conf \ + -I$(srcdir)/rpc \ $(AM_CFLAGS) \ $(SECDRIVER_CFLAGS) \ $(NULL) @@ -2273,7 +2273,7 @@ lockd_la_SOURCES = \ $(LOCK_DRIVER_LOCKD_SOURCES) \ $(LOCK_PROTOCOL_GENERATED) \ $(NULL) -lockd_la_CFLAGS = -I$(top_srcdir)/src/conf \ +lockd_la_CFLAGS = -I$(srcdir)/conf \ $(XDR_CFLAGS) \ $(AM_CFLAGS) lockd_la_LDFLAGS = -module -avoid-version @@ -2460,7 +2460,7 @@ virtlockd.socket: locking/virtlockd.socket.in $(top_builddir)/config.status if WITH_SANLOCK lockdriver_LTLIBRARIES += sanlock.la sanlock_la_SOURCES = $(LOCK_DRIVER_SANLOCK_SOURCES) -sanlock_la_CFLAGS = -I$(top_srcdir)/src/conf $(AM_CFLAGS) +sanlock_la_CFLAGS = -I$(srcdir)/conf $(AM_CFLAGS) sanlock_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS) sanlock_la_LIBADD = -lsanlock_client \ ../gnulib/lib/libgnu.la @@ -2656,7 +2656,7 @@ libexec_PROGRAMS += libvirt_sanlock_helper libvirt_sanlock_helper_SOURCES = $(LOCK_DRIVER_SANLOCK_HELPER_SOURCES) libvirt_sanlock_helper_CFLAGS = \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/conf \ $(AM_CFLAGS) \ $(PIE_CFLAGS) \ $(NULL) @@ -2692,7 +2692,7 @@ libvirt_lxc_LDADD += libvirt_probes.lo endif WITH_DTRACE_PROBES libvirt_lxc_LDADD += $(SECDRIVER_LIBS) libvirt_lxc_CFLAGS = \ - -I$(top_srcdir)/src/conf \ + -I$(srcdir)/conf \ $(AM_CFLAGS) \ $(PIE_CFLAGS) \ $(LIBNL_CFLAGS) \ @@ -2728,8 +2728,8 @@ if WITH_DTRACE_PROBES virt_aa_helper_LDADD += libvirt_probes.lo endif WITH_DTRACE_PROBES virt_aa_helper_CFLAGS = \ - -I$(top_srcdir)/src/conf \ - -I$(top_srcdir)/src/security \ + -I$(srcdir)/conf \ + -I$(srcdir)/security \ $(AM_CFLAGS) \ $(PIE_CFLAGS) \ $(NULL) -- 2.1.0

2 2

[libvirt] [PATCH] bootstrap.conf: add check for flex
by Pavel Hrdina 08 Jan '15

08 Jan '15

We need the flex to generate new xen_xl_disk parser. Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- Pushed under trivial rule. bootstrap.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bootstrap.conf b/bootstrap.conf index c06ee4c..22c1c06 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -1,6 +1,6 @@ # Bootstrap configuration. -# Copyright (C) 2010-2014 Red Hat, Inc. +# Copyright (C) 2010-2015 Red Hat, Inc. # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -204,6 +204,7 @@ buildreq="\ autoconf 2.59 automake 1.9.6 autopoint - +flex - gettext 0.17 git 1.5.5 gzip - -- 2.0.5

1 0

[libvirt] [PATCH v3] Makefile: Fix parallel build after Xen-xl parser introduction
by Pavel Hrdina 08 Jan '15

08 Jan '15

Well, the parallel build doesn't work as there are not dependencies set correctly. When running 'make -j' I see this error: make[2]: Entering directory '/home/zippy/work/libvirt/libvirt.git/src' GEN util/virkeymaps.h GEN locking/lock_protocol.h make[2]: *** No rule to make target 'xenconfig/xen_xl_disk.h', needed by 'all'. Stop. make[2]: *** Waiting for unfinished jobs.... GEN lxc/lxc_controller_dispatch.h The fix is to correctly set dependencies by letting make know that .c and .h are to be generated from .l. Moreover, the section is moved closer to the other section which uses it. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- src/Makefile.am | 44 +++++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index c6d736e..6e5f9c3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1000,23 +1000,6 @@ CPU_SOURCES = \ VMX_SOURCES = \ vmx/vmx.c vmx/vmx.h -AM_LFLAGS = -Pxl_disk_ --header-file=../$*.h -LEX_OUTPUT_ROOT = lex.xl_disk_ -BUILT_SOURCES += xenconfig/xen_xl_disk.c xenconfig/xen_xl_disk.h -# Generated header file is not implicitly added to dist -EXTRA_DIST += xenconfig/xen_xl_disk.h -CLEANFILES += xenconfig/xen_xl_disk.h xenconfig/xen_xl_disk.c - -XENXLDISKPARSER_SOURCES = xenconfig/xen_xl_disk.l - -XENCONFIG_SOURCES = \ - xenconfig/xenxs_private.h \ - xenconfig/xen_common.c xenconfig/xen_common.h \ - xenconfig/xen_sxpr.c xenconfig/xen_sxpr.h \ - xenconfig/xen_xm.c xenconfig/xen_xm.h \ - xenconfig/xen_xl.c xenconfig/xen_xl.h \ - xenconfig/xen_xl_disk.h - pkgdata_DATA = cpu/cpu_map.xml EXTRA_DIST += $(pkgdata_DATA) @@ -1070,6 +1053,31 @@ libvirt_vmx_la_SOURCES = $(VMX_SOURCES) endif WITH_VMX if WITH_XENCONFIG +# Disable the default rule for lex files because we need to generete the +# xen_xl_disk files into srcdir instread of builddir. +.l.c: + +$(XENXLDISKPARSER_GENERATED): $(XENXLDISKPARSER_SOURCES) + $(AM_V_LEX) $(SHELL) $(YLWRAP) $< lex.xl_disk_.c \ + $(abs_srcdir)/xenconfig/xen_xl_disk.c -- $(LEXCOMPILE) + +AM_LFLAGS = -Pxl_disk_ --header-file=$(abs_srcdir)/xenconfig/xen_xl_disk.h +XENXLDISKPARSER_GENERATED = xenconfig/xen_xl_disk.c xenconfig/xen_xl_disk.h + +BUILT_SOURCES += $(XENXLDISKPARSER_GENERATED) +EXTRA_DIST += $(XENXLDISKPARSER_GENERATED) +MAINTAINERCLEANFILES += $(XENXLDISKPARSER_GENERATED) + +XENXLDISKPARSER_SOURCES = xenconfig/xen_xl_disk.l + +XENCONFIG_SOURCES = \ + xenconfig/xenxs_private.h \ + xenconfig/xen_common.c xenconfig/xen_common.h \ + xenconfig/xen_sxpr.c xenconfig/xen_sxpr.h \ + xenconfig/xen_xm.c xenconfig/xen_xm.h \ + xenconfig/xen_xl.c xenconfig/xen_xl.h \ + xenconfig/xen_xl_disk_i.h + # Flex generated XL disk parser needs to be compiled without WARN_FLAGS # Add the generated object to its own library to control CFLAGS noinst_LTLIBRARIES += libvirt_xenxldiskparser.la @@ -1077,6 +1085,8 @@ libvirt_xenxldiskparser_la_CFLAGS = \ -I$(top_srcdir)/src/conf $(AM_CFLAGS) -Wno-unused-parameter libvirt_xenxldiskparser_la_SOURCES = \ $(XENXLDISKPARSER_SOURCES) +libvirt_xenxldiskparser_la_DEPENDENCIES = \ + $(XENXLDISKPARSER_GENERATED) noinst_LTLIBRARIES += libvirt_xenconfig.la libvirt_la_BUILT_LIBADD += libvirt_xenconfig.la -- 2.0.5

3 5

[libvirt] [libvirt-test-API][PATCH] Remove redundant colon in inteface list
by jiahu 08 Jan '15

08 Jan '15

The interface list should be: ['em1', 'lo', 'virbr0', 'wlp3s0'] rather than below: ['em1:', 'lo:', 'virbr0:', 'wlp3s0:'] --- repos/interface/iface_list.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/repos/interface/iface_list.py b/repos/interface/iface_list.py index 49f0c05..7041535 100644 --- a/repos/interface/iface_list.py +++ b/repos/interface/iface_list.py @@ -10,7 +10,8 @@ optional_params = {} VIRSH_QUIET_IFACE_LIST = "virsh --quiet iface-list %s | awk '{print ""$%s""}'" NETWORK_CONFIG = "/etc/sysconfig/network-scripts/" -IFCONFIG_DRIVER = "ifconfig %s | sed 's/[ \t].*//;/^$/d'" +IFCONFIG_DRIVER = "ifconfig %s | sed 's/[ \t].*//;/^$/d'\ +|awk -F\":\" '{print $1}'" GET_MAC = "ip link show %s |sed -n '2p'| awk '{print $2}'" VIRSH_IFACE_LIST = "virsh iface-list %s" -- 1.8.3.1

3 2

[libvirt] [PATCH] conf: Don't use the current state in def->data.network.actual when migrate
by Luyao Huang 08 Jan '15

08 Jan '15

https://bugzilla.redhat.com/show_bug.cgi?id=1177194 When migrate a vm, we will generate a xml via qemuDomainDefFormatLive and pass this xml to target libvirtd. Libvirt will use the current network state in def->data.network.actual to generate the xml, this will make migrate failed when we set a network type guest interface use a macvtap network as a source in a vm then migrate vm to another host(which has the different macvtap network settings: different interface name, bridge name...) Add a flag check in virDomainNetDefFormat, if we set a VIR_DOMAIN_XML_MIGRATABLE flag when call virDomainNetDefFormat, we won't get the current vm interface state. Signed-off-by: Luyao Huang <lhuang(a)redhat.com> --- src/conf/domain_conf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index aafc05e..fffd6cd 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -17436,7 +17436,9 @@ virDomainNetDefFormat(virBufferPtr buf, unsigned int actualType = virDomainNetGetActualType(def); bool publicActual = (def->type == VIR_DOMAIN_NET_TYPE_NETWORK && def->data.network.actual && - !(flags & (VIR_DOMAIN_XML_INACTIVE | VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET))); + !(flags & (VIR_DOMAIN_XML_INACTIVE | + VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET | + VIR_DOMAIN_XML_MIGRATABLE))); const char *typeStr; virDomainHostdevDefPtr hostdef = NULL; char macstr[VIR_MAC_STRING_BUFLEN]; -- 1.8.3.1

3 2

[libvirt] [PATCH] vmx: Fix a VMX parsing problem.
by Geoff Hickey 08 Jan '15

08 Jan '15

VMware ESX does not always set the "serialX.fileType" tag in VMX files. The default value for this tag is "device", and when adding a new serial port of this type VMware will omit the fileType tag. This caused libvirt to fail to parse the VMX file. Fixed by making this tag optional and using "device" as a default value. Also updated vmx2xmltest to test for this case. Conflicts: src/vmx/vmx.c --- src/vmx/vmx.c | 10 +++++++--- tests/vmx2xmldata/vmx2xml-serial-device.vmx | 2 ++ tests/vmx2xmldata/vmx2xml-serial-device.xml | 4 ++++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c index e6bf5c3..2a794c7 100644 --- a/src/vmx/vmx.c +++ b/src/vmx/vmx.c @@ -2697,7 +2697,7 @@ virVMXParseSerial(virVMXContext *ctx, virConfPtr conf, int port, goto ignore; /* vmx:fileType -> def:type */ - if (virVMXGetConfigString(conf, fileType_name, &fileType, false) < 0) + if (virVMXGetConfigString(conf, fileType_name, &fileType, true) < 0) goto cleanup; /* vmx:fileName -> def:data.file.path */ @@ -2710,8 +2710,12 @@ virVMXParseSerial(virVMXContext *ctx, virConfPtr conf, int port, goto cleanup; } - /* Setup virDomainChrDef */ - if (STRCASEEQ(fileType, "device")) { + /* + * Setup virDomainChrDef. The default fileType is "device", and vmware + * will sometimes omit this tag when adding a new serial port of this + * type. + */ + if (!fileType || STRCASEEQ(fileType, "device")) { (*def)->target.port = port; (*def)->source.type = VIR_DOMAIN_CHR_TYPE_DEV; (*def)->source.data.file.path = fileName; diff --git a/tests/vmx2xmldata/vmx2xml-serial-device.vmx b/tests/vmx2xmldata/vmx2xml-serial-device.vmx index 8c101e3..927f408 100644 --- a/tests/vmx2xmldata/vmx2xml-serial-device.vmx +++ b/tests/vmx2xmldata/vmx2xml-serial-device.vmx @@ -3,3 +3,5 @@ virtualHW.version = "4" serial0.present = "true" serial0.fileType = "device" serial0.fileName = "/dev/ttyS0" +serial1.present = "true" +serial1.fileName = "/dev/ttyS1" diff --git a/tests/vmx2xmldata/vmx2xml-serial-device.xml b/tests/vmx2xmldata/vmx2xml-serial-device.xml index 9ecd867..cc45c07 100644 --- a/tests/vmx2xmldata/vmx2xml-serial-device.xml +++ b/tests/vmx2xmldata/vmx2xml-serial-device.xml @@ -15,6 +15,10 @@ <source path='/dev/ttyS0'/> <target port='0'/> </serial> + <serial type='dev'> + <source path='/dev/ttyS1'/> + <target port='1'/> + </serial> <console type='dev'> <source path='/dev/ttyS0'/> <target type='serial' port='0'/> -- 1.9.1

2 2

[libvirt] [PATCH RFC] libxl: fix paths in capability string
by Wei Liu 07 Jan '15

07 Jan '15

Currently libxl driver hardcodes some paths in its capability string, which might not be the correct paths. This patch introduces --with-libxl-prefix, so that user can specify the prefix used to build Xen tools. The default value is /usr/local which is the default --prefix for Xen tools. Change emualtor from qemu-dm to qemu-system-i386 because libxl (in Xen) use this as the default emulator. No need to check hostarch to determine whether to use lib or lib64 anymore because we now always use lib. Signed-off-by: Wei Liu <wei.liu2(a)citrix.com> --- This patch is RFC because I introduce --with-libxl-prefix and I don't know whether it's acceptable. Right now libvirt's driver doesn't seem to use these default paths so everything just works. But it would be nice for libvirt to report the correct paths instead of hardcoded (and possibly wrong) ones. --- configure.ac | 4 ++++ src/libxl/libxl_conf.c | 6 ++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 167b875..8d10361 100644 --- a/configure.ac +++ b/configure.ac @@ -533,6 +533,9 @@ AC_ARG_WITH([libxl], [AS_HELP_STRING([--with-libxl], [add libxenlight support @<:@default=check@:>@])]) m4_divert_text([DEFAULTS], [with_libxl=check]) +AC_ARG_WITH([libxl-prefix], [AS_HELP_STRING([--with-libxl-prefix=path], + [prefix used to build libxl, default /usr/local])], + [LIBXL_PREFIX=$withval], [LIBXL_PREFIX="/usr/local"]) AC_ARG_WITH([vbox], [AS_HELP_STRING([--with-vbox=@<:@PFX@:>@], [VirtualBox XPCOMC location @<:@default=yes@:>@])]) @@ -893,6 +896,7 @@ fi if test "$with_libxl" = "yes"; then AC_DEFINE_UNQUOTED([WITH_LIBXL], 1, [whether libxenlight driver is enabled]) + AC_DEFINE_UNQUOTED([LIBXL_PREFIX], ["$LIBXL_PREFIX"], [libxl prefix]) fi AM_CONDITIONAL([WITH_LIBXL], [test "$with_libxl" = "yes"]) diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index 0555b91..fbb4e29 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -428,11 +428,9 @@ libxlCapsInitGuests(libxl_ctx *ctx, virCapsPtr caps) if ((guest = virCapabilitiesAddGuest(caps, guest_archs[i].hvm ? "hvm" : "xen", guest_archs[i].arch, - ((hostarch == VIR_ARCH_X86_64) ? - "/usr/lib64/xen/bin/qemu-dm" : - "/usr/lib/xen/bin/qemu-dm"), + LIBXL_PREFIX "/lib/xen/bin/qemu-system-i386", (guest_archs[i].hvm ? - "/usr/lib/xen/boot/hvmloader" : + LIBXL_PREFIX "/lib/xen/boot/hvmloader" : NULL), 1, machines)) == NULL) { -- 1.7.10.4

7 12

[libvirt] [PATCH v2] nwfilter: Add support for icmpv6 filtering
by Stefan Berger 07 Jan '15

07 Jan '15

Make use of the ebtables functionality to be able to filter certain parameters of icmpv6 packets. Extend the XML parser for icmpv6 types, type ranges, codes, and code ranges. Extend the nwfilter documentation, schema, and test cases. Being able to filter icmpv6 types and codes helps extending the DHCP snooper for IPv6 and filtering at least some parameters of IPv6's NDP (Neighbor Discovery Protocol) packets. However, the filtering will not be as good as the filtering of ARP packets since we cannot check on IP addresses in the payload of the NDP packets. Signed-off-by: Stefan Berger stefanb(a)linux.vnet.ibm.com --- docs/formatnwfilter.html.in | 20 +++++++ docs/schemas/nwfilter.rng | 26 +++++++++ src/conf/nwfilter_conf.c | 26 +++++++++ src/conf/nwfilter_conf.h | 4 ++ src/nwfilter/nwfilter_ebiptables_driver.c | 80 ++++++++++++++++++++++++++ tests/nwfilterxml2firewalldata/ipv6-linux.args | 16 ++++++ tests/nwfilterxml2firewalldata/ipv6.xml | 38 ++++++++++++ tests/nwfilterxml2xmlin/ipv6-test.xml | 38 ++++++++++++ tests/nwfilterxml2xmlout/ipv6-test.xml | 12 ++++ 9 files changed, 260 insertions(+) diff --git a/docs/formatnwfilter.html.in b/docs/formatnwfilter.html.in index 073b852..e403e33 100644 --- a/docs/formatnwfilter.html.in +++ b/docs/formatnwfilter.html.in @@ -1197,6 +1197,26 @@ <td>End of range of valid destination ports; requires <code>protocol</code></td> </tr> <tr> + <td>type(Since 1.2.11)</td> + <td>UINT8</td> + <td>ICMPv6 type; requires <code>protocol</code> to be set to <code>icmpv6</code></td> + </tr> + <tr> + <td>typeend(Since 1.2.11)</td> + <td>UINT8</td> + <td>ICMPv6 type end of range; requires <code>protocol</code> to be set to <code>icmpv6</code></td> + </tr> + <tr> + <td>code(Since 1.2.11)</td> + <td>UINT8</td> + <td>ICMPv6 code; requires <code>protocol</code> to be set to <code>icmpv6</code></td> + </tr> + <tr> + <td>code(Since 1.2.11)</td> + <td>UINT8</td> + <td>ICMPv6 code end of range; requires <code>protocol</code> to be set to <code>icmpv6</code></td> + </tr> + <tr> <td>comment (Since 0.8.5)</td> <td>STRING</td> <td>text with max. 256 characters</td> diff --git a/docs/schemas/nwfilter.rng b/docs/schemas/nwfilter.rng index 2b54fd5..9df39c0 100644 --- a/docs/schemas/nwfilter.rng +++ b/docs/schemas/nwfilter.rng @@ -90,6 +90,7 @@ <ref name="common-ipv6-attributes-p1"/> <ref name="common-port-attributes"/> <ref name="ip-attributes"/> + <ref name="icmp-attribute-ranges"/> <ref name="comment-attribute"/> </element> </zeroOrMore> @@ -588,6 +589,31 @@ </interleave> </define> + <define name="icmp-attribute-ranges"> + <interleave> + <optional> + <attribute name="type"> + <ref name="uint8range"/> + </attribute> + </optional> + <optional> + <attribute name="typeend"> + <ref name="uint8range"/> + </attribute> + </optional> + <optional> + <attribute name="code"> + <ref name="uint8range"/> + </attribute> + </optional> + <optional> + <attribute name="codeend"> + <ref name="uint8range"/> + </attribute> + </optional> + </interleave> + </define> + <define name="mac-attributes"> <interleave> <optional> diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c index 317792e..aed82ad 100644 --- a/src/conf/nwfilter_conf.c +++ b/src/conf/nwfilter_conf.c @@ -1445,6 +1445,26 @@ static const virXMLAttr2Struct ipv6Attributes[] = { .datatype = DATATYPE_UINT16 | DATATYPE_UINT16_HEX, .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.portData.dataDstPortEnd), }, + { + .name = "type", + .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX, + .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPTypeStart), + }, + { + .name = "typeend", + .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX, + .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPTypeEnd), + }, + { + .name = "code", + .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX, + .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPCodeStart), + }, + { + .name = "codeend", + .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX, + .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPCodeEnd), + }, COMMENT_PROP_IPHDR(ipv6HdrFilter), { .name = NULL, @@ -2219,6 +2239,12 @@ virNWFilterRuleDefFixup(virNWFilterRuleDefPtr rule) rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr); COPY_NEG_SIGN(rule->p.ipv6HdrFilter.ipHdr.dataDstIPMask, rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr); + COPY_NEG_SIGN(rule->p.ipv6HdrFilter.dataICMPTypeEnd, + rule->p.ipv6HdrFilter.dataICMPTypeStart); + COPY_NEG_SIGN(rule->p.ipv6HdrFilter.dataICMPCodeStart, + rule->p.ipv6HdrFilter.dataICMPTypeStart); + COPY_NEG_SIGN(rule->p.ipv6HdrFilter.dataICMPCodeEnd, + rule->p.ipv6HdrFilter.dataICMPTypeStart); virNWFilterRuleDefFixupIPSet(&rule->p.ipv6HdrFilter.ipHdr); break; diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index f81df60..6e68ecc 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -265,6 +265,10 @@ struct _ipv6HdrFilterDef { ethHdrDataDef ethHdr; ipHdrDataDef ipHdr; portDataDef portData; + nwItemDesc dataICMPTypeStart; + nwItemDesc dataICMPTypeEnd; + nwItemDesc dataICMPCodeStart; + nwItemDesc dataICMPCodeEnd; }; diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 377b59b..423d069 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -1826,6 +1826,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, bool hasMask = false; virFirewallRulePtr fwrule; int ret = -1; + virBuffer buf = VIR_BUFFER_INITIALIZER; if (STREQ(chainSuffix, virNWFilterChainSuffixTypeToString( @@ -2342,6 +2343,83 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, virFirewallRuleAddArg(fw, fwrule, number); } } + + if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeStart) || + HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeEnd) || + HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeStart) || + HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeEnd)) { + bool lo = false; + char *r; + + virFirewallRuleAddArg(fw, fwrule, + "--ip6-icmp-type"); + + if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeStart)) { + if (printDataType(vars, + number, sizeof(number), + &rule->p.ipv6HdrFilter.dataICMPTypeStart) < 0) + goto cleanup; + lo = true; + } else { + ignore_value(virStrcpyStatic(number, "0")); + } + + virBufferStrcat(&buf, number, ":", NULL); + + if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeEnd)) { + if (printDataType(vars, + numberalt, sizeof(numberalt), + &rule->p.ipv6HdrFilter.dataICMPTypeEnd) < 0) + goto cleanup; + } else { + if (lo) + ignore_value(virStrcpyStatic(numberalt, number)); + else + ignore_value(virStrcpyStatic(numberalt, "255")); + } + + virBufferStrcat(&buf, numberalt, "/", NULL); + + lo = false; + + if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeStart)) { + if (printDataType(vars, + number, sizeof(number), + &rule->p.ipv6HdrFilter.dataICMPCodeStart) < 0) + goto cleanup; + lo = true; + } else { + ignore_value(virStrcpyStatic(number, "0")); + } + + virBufferStrcat(&buf, number, ":", NULL); + + if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeEnd)) { + if (printDataType(vars, + numberalt, sizeof(numberalt), + &rule->p.ipv6HdrFilter.dataICMPCodeEnd) < 0) + goto cleanup; + } else { + if (lo) + ignore_value(virStrcpyStatic(numberalt, number)); + else + ignore_value(virStrcpyStatic(numberalt, "255")); + } + + virBufferStrcat(&buf, numberalt, NULL); + + if (ENTRY_WANT_NEG_SIGN(&rule->p.ipv6HdrFilter.dataICMPTypeStart)) + virFirewallRuleAddArg(fw, fwrule, "!"); + + if (virBufferCheckError(&buf) < 0) + goto cleanup; + + r = virBufferContentAndReset(&buf); + + virFirewallRuleAddArg(fw, fwrule, r); + + VIR_FREE(r); + } break; case VIR_NWFILTER_RULE_PROTOCOL_NONE: @@ -2376,6 +2454,8 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, ret = 0; cleanup: + virBufferFreeAndReset(&buf); + return ret; } diff --git a/tests/nwfilterxml2firewalldata/ipv6-linux.args b/tests/nwfilterxml2firewalldata/ipv6-linux.args index a42566c..735f663 100644 --- a/tests/nwfilterxml2firewalldata/ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/ipv6-linux.args @@ -18,3 +18,19 @@ ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ --ip6-source a:b:c::/65 --ip6-protocol 18 -j ACCEPT ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ --ip6-destination a:b:c::/65 --ip6-protocol 18 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:11/10:11 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:11/10:11 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/10:10 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/10:10 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 0:255/10:10 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 0:255/10:10 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/0:255 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/0:255 -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/ipv6.xml b/tests/nwfilterxml2firewalldata/ipv6.xml index 9f67bea..2400958 100644 --- a/tests/nwfilterxml2firewalldata/ipv6.xml +++ b/tests/nwfilterxml2firewalldata/ipv6.xml @@ -40,4 +40,42 @@ /> </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' typeend='11' + code='10' codeend='11' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' + code='10' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + code='10' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' + /> + </rule> + </filter> diff --git a/tests/nwfilterxml2xmlin/ipv6-test.xml b/tests/nwfilterxml2xmlin/ipv6-test.xml index 556796f..2daa3b9 100644 --- a/tests/nwfilterxml2xmlin/ipv6-test.xml +++ b/tests/nwfilterxml2xmlin/ipv6-test.xml @@ -40,4 +40,42 @@ /> </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' typeend='11' + code='10' codeend='11' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' + code='10' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + code='10' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' + /> + </rule> + </filter> diff --git a/tests/nwfilterxml2xmlout/ipv6-test.xml b/tests/nwfilterxml2xmlout/ipv6-test.xml index fcc5c0d..ce9dd06 100644 --- a/tests/nwfilterxml2xmlout/ipv6-test.xml +++ b/tests/nwfilterxml2xmlout/ipv6-test.xml @@ -12,4 +12,16 @@ <rule action='accept' direction='inout' priority='500'> <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='18'/> </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' type='1' typeend='11' code='10' codeend='11'/> + </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' type='1' code='10'/> + </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' code='10'/> + </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' type='1'/> + </rule> </filter> -- 1.9.3

2 2

[libvirt] [PATCH] Indentation
by Ján Tomko 07 Jan '15

07 Jan '15

--- Pushed as trivial. src/qemu/qemu_hotplug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index bfe1bd0..1714341 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -265,8 +265,8 @@ qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver, int qemuDomainCheckEjectableMedia(virQEMUDriverPtr driver, - virDomainObjPtr vm, - qemuDomainAsyncJob asyncJob) + virDomainObjPtr vm, + qemuDomainAsyncJob asyncJob) { qemuDomainObjPrivatePtr priv = vm->privateData; virHashTablePtr table = NULL; -- 2.0.4

1 0