June 2015 - Devel - libvirt List Archives

[libvirt] [PATCH v2 0/3] Fix and tweak 'uknown cause' error in virDirCreate
by Erik Skultety 16 Jun '15

16 Jun '15

Erik Skultety (3): util: virfile: Fix 'unknown cause' error if NFS mount point creation fails util: virDirCreate: Child now exits with positive errno-code virfile: virDirCreate: Insert blank lines to assure slightly better readability src/util/virfile.c | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) -- 1.9.3

2 5

[libvirt] [PATCH] util: Fix Coverity RESOURCE_LEAK
by John Ferlan 16 Jun '15

16 Jun '15

Commit id 'e44b0269c9' in advertently checked !dir before calling closedir Signed-off-by: John Ferlan <jferlan(a)redhat.com> --- Pushed as trivial src/util/virprocess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virprocess.c b/src/util/virprocess.c index f1924eb..8fa7a9b 100644 --- a/src/util/virprocess.c +++ b/src/util/virprocess.c @@ -638,7 +638,7 @@ int virProcessGetPids(pid_t pid, size_t *npids, pid_t **pids) ret = 0; cleanup: - if (!dir) + if (dir) closedir(dir); VIR_FREE(taskPath); if (ret < 0) -- 2.1.0

1 0

[libvirt] [glib v2 0/4] Filesystem config improvements
by Cédric Bosdonnat 16 Jun '15

16 Jun '15

Hi all, Here is the previous patch split into a series. The difference with v1 are: * it adds test-gconfig test for file systems * the gvir_config_domain_filesys_set_driver_type fix has been moved to its own commit * the gvir_config_domain_filesys_set_driver_format doesn't set the type, the user "just" has to make sure he doesn't do stupid things * a test for the new function has been added to test-gconfig Cédric Bosdonnat (4): test-gconfig: add filesystem test gvir_config_domain_filesys_set_driver_type: replace the driver node Add loop and nbd filesystem types domain config: add API to set the filesystem image format libvirt-gconfig/libvirt-gconfig-domain-filesys.c | 18 +++++++++++- libvirt-gconfig/libvirt-gconfig-domain-filesys.h | 4 +++ libvirt-gconfig/libvirt-gconfig.sym | 5 ++++ tests/test-gconfig.c | 36 ++++++++++++++++++++++++ tests/xml/gconfig-domain-device-filesys.xml | 15 ++++++++++ 5 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 tests/xml/gconfig-domain-device-filesys.xml -- 2.1.4

3 7

[libvirt] [PATCH v2 0/2] lxc: properly clean up qemu-nbd (resent)
by Cédric Bosdonnat 16 Jun '15

16 Jun '15

Just resending the initial patch series as it went into a black hole. > Hi all, > > Here is the very same patch, but split in two patches. Well, I also moved > two comments around between v1 and v2. Cédric Bosdonnat (2): Add virProcessGetPids to get all tasks of a process lxc: properly clean up qemu-nbd src/libvirt_private.syms | 1 + src/lxc/lxc_controller.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ src/util/virprocess.c | 47 ++++++++++++++++++++++++++++++++++++++++ src/util/virprocess.h | 2 ++ 4 files changed, 106 insertions(+) -- 2.1.4

3 5

[libvirt] [PATCH] lxc: Rename daemon to dmn
by Martin Kletzander 16 Jun '15

16 Jun '15

On older systems it shadows global declaration of daemon() function. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- Pushed as a build-breaker src/lxc/lxc_controller.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 5f59867408a3..828b8a8c0ee3 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -987,7 +987,7 @@ static bool wantReboot; static virMutex lock = VIR_MUTEX_INITIALIZER; -static void virLXCControllerSignalChildIO(virNetDaemonPtr daemon, +static void virLXCControllerSignalChildIO(virNetDaemonPtr dmn, siginfo_t *info ATTRIBUTE_UNUSED, void *opaque) { @@ -998,7 +998,7 @@ static void virLXCControllerSignalChildIO(virNetDaemonPtr daemon, ret = waitpid(-1, &status, WNOHANG); VIR_DEBUG("Got sig child %d vs %lld", ret, (unsigned long long)ctrl->initpid); if (ret == ctrl->initpid) { - virNetDaemonQuit(daemon); + virNetDaemonQuit(dmn); virMutexLock(&lock); if (WIFSIGNALED(status) && WTERMSIG(status) == SIGHUP) { -- 2.4.3

1 0

[libvirt] [PATCH] netserver: Remove duplicate forward declaration
by Martin Kletzander 16 Jun '15

16 Jun '15

Commit fa14207368820b264123ba8429927b62258f996e added forward declaration of virNetServerPtr into virnetserver.h even though we are keeping these in virnetserverprogram.h due to older compilers having problems with duplicate ones. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- Pushed as a build-breaker src/rpc/virnetserver.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h index 5c28182ffd15..0e16e8fb1bf0 100644 --- a/src/rpc/virnetserver.h +++ b/src/rpc/virnetserver.h @@ -33,8 +33,6 @@ # include "virobject.h" # include "virjson.h" -typedef struct _virNetServer virNetServer; -typedef virNetServer *virNetServerPtr; virNetServerPtr virNetServerNew(size_t min_workers, size_t max_workers, -- 2.4.3

1 0

Re: [libvirt] [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2)
by Richard Weinberger 16 Jun '15

16 Jun '15

[CC'ing libvirt-lxc folks] Am 28.05.2015 um 23:32 schrieb Eric W. Biederman: > Richard Weinberger <richard(a)nod.at> writes: > >> Am 28.05.2015 um 21:57 schrieb Eric W. Biederman: >>>> FWIW, it breaks also libvirt-lxc: >>>> Error: internal error: guest failed to start: Failed to re-mount /proc/sys on /proc/sys flags=1021: Operation not permitted >>> >>> Interesting. I had not anticipated a failure there? And it is failing >>> in remount? Oh that is interesting. >>> >>> That implies that there is some flag of the original mount of /proc that >>> the remount of /proc/sys is clearing, and that previously >>> >>> The flags specified are current rdonly,remount,bind so I expect there >>> are some other flags on proc that libvirt-lxc is clearing by accident >>> and we did not fail before because the kernel was not enforcing things. >> >> Please see: >> http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/lxc/lxc_container.c;h=9a… >> lxcContainerMountBasicFS() >> >> and: >> http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/lxc/lxc_container.c;h=9a… >> lxcBasicMounts >> >>> What are the mount flags in a working libvirt-lxc? >> >> See: >> test1:~ # cat /proc/self/mountinfo >> 149 147 0:56 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw >> 150 149 0:56 /sys /proc/sys ro,nodev,relatime - proc proc rw > >> If you need more info, please let me know. :-) > > Oh interesting I had not realized libvirt-lxc had grown an unprivileged > mode using user namespaces. > > This does appear to be a classic remount bug, where you are not > preserving the permissions. It appears the fact that the code > failed to enforce locked permissions on the fresh mount of proc > was hiding this bug until now. > > I expect what you actually want is the code below: > > diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c > index 9a9ae5c2aaf0..f008a7484bfe 100644 > --- a/src/lxc/lxc_container.c > +++ b/src/lxc/lxc_container.c > @@ -850,7 +850,7 @@ typedef struct { > > static const virLXCBasicMountInfo lxcBasicMounts[] = { > { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false }, > - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false }, > + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false }, > { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true }, > { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true }, > { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false }, > > Or possibly just: > > diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c > index 9a9ae5c2aaf0..a60ccbd12bfc 100644 > --- a/src/lxc/lxc_container.c > +++ b/src/lxc/lxc_container.c > @@ -850,7 +850,7 @@ typedef struct { > > static const virLXCBasicMountInfo lxcBasicMounts[] = { > { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false }, > - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false }, > + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, true, false, false }, > { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true }, > { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true }, > { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false }, > > As the there is little point in making /proc/sys read-only in a > user-namespace, as the permission checks are uid based and no-one should > have the global uid 0 in your container. Making mounting /proc/sys > read-only rather pointless. Eric, using the patch below I was able to spawn a user-namespace enabled container using libvirt-lxc. :-) I had to: 1. Disable the read-only mount of /proc/sys which is anyway useless in the user-namespace case. 2. Disable the /proc/sys/net/ipv{4,6} bind mounts, this ugly hack is only needed for the non user-namespace case. 3. Remove MS_RDONLY from the sysfs mount (For the non user-namespace case we'd have to keep this, though). Daniel, I'd take this as a chance to disable all the MS_RDONLY games if user-namespace are configured. With Eric's fixes they hurt us. And as I wrote many times before if root within the user-namespace is able to do nasty things in /sys and /proc that's a plain kernel bug which needs fixing. There is no point in mounting these read-only. Except for the case then no user-namespace is used. diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 9a9ae5c..497e05f 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -850,10 +850,10 @@ typedef struct { static const virLXCBasicMountInfo lxcBasicMounts[] = { { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false }, - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false }, - { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true }, - { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true }, - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false }, + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, true, false, false }, + { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, true, false, true }, + { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, true, false, true }, + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false }, { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false }, #if WITH_SELINUX { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false }, Thanks, //richard

3 4

[libvirt] [libvirt-python PATCH] Change livbirt version to 1.3.0 for the next release
by Martin Kletzander 16 Jun '15

16 Jun '15

Since the background for Admin API is merged upstream, we are bumping the minor release version as discussed previously Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- Pushed as trivial setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 8d34fde3e60d..04e3de41fc71 100755 --- a/setup.py +++ b/setup.py @@ -311,7 +311,7 @@ class my_clean(clean): _c_modules, _py_modules = get_module_lists() setup(name = 'libvirt-python', - version = '1.2.17', + version = '1.3.0', url = 'http://www.libvirt.org', maintainer = 'Libvirt Maintainers', maintainer_email = 'libvir-list(a)redhat.com', -- 2.4.3

1 0

[libvirt] [PATCH] Change livbirt version to 1.3.0 for the next release
by Martin Kletzander 16 Jun '15

16 Jun '15

Since the background for Admin API is merged upstream, we are bumping the minor release version as discussed previously Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- Pushed as trivial configure.ac | 2 +- docs/formatdomain.html.in | 2 +- src/parallels/parallels_driver.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index dbaf2722f8f3..20fc564a8128 100644 --- a/configure.ac +++ b/configure.ac @@ -16,7 +16,7 @@ dnl You should have received a copy of the GNU Lesser General Public dnl License along with this library. If not, see dnl <http://www.gnu.org/licenses/>. -AC_INIT([libvirt], [1.2.17], [libvir-list(a)redhat.com] [], [http://libvirt.org] +AC_INIT([libvirt], [1.3.0], [libvir-list(a)redhat.com] [], [http://libvirt.org] AC_CONFIG_SRCDIR([src/libvirt.c]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 3ccc71c55918..4e85b51040cb 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -4275,7 +4275,7 @@ qemu-kvm -net nic,model=? /dev/null element. Each queue will potentially be handled by a different processor, resulting in much higher throughput. virtio-net since 1.0.6 (QEMU and KVM only) - vhost-user since 1.2.17 (QEMU and KVM only) + vhost-user since 1.3.0 (QEMU and KVM only) </dd> <dt><code>host</code> offloading options</dt> <dd> diff --git a/src/parallels/parallels_driver.c b/src/parallels/parallels_driver.c index 706229d8486c..b0a19f32c820 100644 --- a/src/parallels/parallels_driver.c +++ b/src/parallels/parallels_driver.c @@ -1371,8 +1371,8 @@ static virHypervisorDriver vzDriver = { .domainManagedSave = parallelsDomainManagedSave, /* 1.2.14 */ .domainManagedSaveRemove = parallelsDomainManagedSaveRemove, /* 1.2.14 */ .domainGetMaxMemory = parallelsDomainGetMaxMemory, /* 1.2.15 */ - .domainBlockStats = parallelsDomainBlockStats, /* 1.2.17 */ - .domainBlockStatsFlags = parallelsDomainBlockStatsFlags, /* 1.2.17 */ + .domainBlockStats = parallelsDomainBlockStats, /* 1.3.0 */ + .domainBlockStatsFlags = parallelsDomainBlockStatsFlags, /* 1.3.0 */ }; static virConnectDriver vzConnectDriver = { -- 2.4.3

1 0

[libvirt] [PATCH 0/3] Couple of storage_backend_scsi.c fixes
by Michal Privoznik 16 Jun '15

16 Jun '15

As promised here [1] I'm proposing my own patch to fix the problem referenced here [2]. 1: https://www.redhat.com/archives/libvir-list/2015-June/msg00621.html 2: https://www.redhat.com/archives/libvir-list/2015-June/msg00567.html John Ferlan (1): scsi: Adjust return status from getBlockDevice Michal Privoznik (2): getNewStyleBlockDevice: Adjust formatting getOldStyleBlockDevice: Adjust formatting src/storage/storage_backend_scsi.c | 91 ++++++++++++++++++++++---------------- 1 file changed, 53 insertions(+), 38 deletions(-) -- 2.3.6

2 5