[libvirt] [PATCH] util: Fix Coverity RESOURCE_LEAK
by John Ferlan
Commit id 'e44b0269c9' in advertently checked !dir before calling closedir
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
Pushed as trivial
src/util/virprocess.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index f1924eb..8fa7a9b 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -638,7 +638,7 @@ int virProcessGetPids(pid_t pid, size_t *npids, pid_t **pids)
ret = 0;
cleanup:
- if (!dir)
+ if (dir)
closedir(dir);
VIR_FREE(taskPath);
if (ret < 0)
--
2.1.0
9 years, 6 months
[libvirt] [glib v2 0/4] Filesystem config improvements
by Cédric Bosdonnat
Hi all,
Here is the previous patch split into a series. The difference with v1 are:
* it adds test-gconfig test for file systems
* the gvir_config_domain_filesys_set_driver_type fix has been moved to its
own commit
* the gvir_config_domain_filesys_set_driver_format doesn't set the type, the
user "just" has to make sure he doesn't do stupid things
* a test for the new function has been added to test-gconfig
Cédric Bosdonnat (4):
test-gconfig: add filesystem test
gvir_config_domain_filesys_set_driver_type: replace the driver node
Add loop and nbd filesystem types
domain config: add API to set the filesystem image format
libvirt-gconfig/libvirt-gconfig-domain-filesys.c | 18 +++++++++++-
libvirt-gconfig/libvirt-gconfig-domain-filesys.h | 4 +++
libvirt-gconfig/libvirt-gconfig.sym | 5 ++++
tests/test-gconfig.c | 36 ++++++++++++++++++++++++
tests/xml/gconfig-domain-device-filesys.xml | 15 ++++++++++
5 files changed, 77 insertions(+), 1 deletion(-)
create mode 100644 tests/xml/gconfig-domain-device-filesys.xml
--
2.1.4
9 years, 6 months
[libvirt] [PATCH v2 0/2] lxc: properly clean up qemu-nbd (resent)
by Cédric Bosdonnat
Just resending the initial patch series as it went into a black hole.
> Hi all,
>
> Here is the very same patch, but split in two patches. Well, I also moved
> two comments around between v1 and v2.
Cédric Bosdonnat (2):
Add virProcessGetPids to get all tasks of a process
lxc: properly clean up qemu-nbd
src/libvirt_private.syms | 1 +
src/lxc/lxc_controller.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++
src/util/virprocess.c | 47 ++++++++++++++++++++++++++++++++++++++++
src/util/virprocess.h | 2 ++
4 files changed, 106 insertions(+)
--
2.1.4
9 years, 6 months
[libvirt] [PATCH] lxc: Rename daemon to dmn
by Martin Kletzander
On older systems it shadows global declaration of daemon() function.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
Pushed as a build-breaker
src/lxc/lxc_controller.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 5f59867408a3..828b8a8c0ee3 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -987,7 +987,7 @@ static bool wantReboot;
static virMutex lock = VIR_MUTEX_INITIALIZER;
-static void virLXCControllerSignalChildIO(virNetDaemonPtr daemon,
+static void virLXCControllerSignalChildIO(virNetDaemonPtr dmn,
siginfo_t *info ATTRIBUTE_UNUSED,
void *opaque)
{
@@ -998,7 +998,7 @@ static void virLXCControllerSignalChildIO(virNetDaemonPtr daemon,
ret = waitpid(-1, &status, WNOHANG);
VIR_DEBUG("Got sig child %d vs %lld", ret, (unsigned long long)ctrl->initpid);
if (ret == ctrl->initpid) {
- virNetDaemonQuit(daemon);
+ virNetDaemonQuit(dmn);
virMutexLock(&lock);
if (WIFSIGNALED(status) &&
WTERMSIG(status) == SIGHUP) {
--
2.4.3
9 years, 6 months
[libvirt] [PATCH] netserver: Remove duplicate forward declaration
by Martin Kletzander
Commit fa14207368820b264123ba8429927b62258f996e added forward
declaration of virNetServerPtr into virnetserver.h even though we are
keeping these in virnetserverprogram.h due to older compilers having
problems with duplicate ones.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
Pushed as a build-breaker
src/rpc/virnetserver.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h
index 5c28182ffd15..0e16e8fb1bf0 100644
--- a/src/rpc/virnetserver.h
+++ b/src/rpc/virnetserver.h
@@ -33,8 +33,6 @@
# include "virobject.h"
# include "virjson.h"
-typedef struct _virNetServer virNetServer;
-typedef virNetServer *virNetServerPtr;
virNetServerPtr virNetServerNew(size_t min_workers,
size_t max_workers,
--
2.4.3
9 years, 6 months
Re: [libvirt] [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2)
by Richard Weinberger
[CC'ing libvirt-lxc folks]
Am 28.05.2015 um 23:32 schrieb Eric W. Biederman:
> Richard Weinberger <richard(a)nod.at> writes:
>
>> Am 28.05.2015 um 21:57 schrieb Eric W. Biederman:
>>>> FWIW, it breaks also libvirt-lxc:
>>>> Error: internal error: guest failed to start: Failed to re-mount /proc/sys on /proc/sys flags=1021: Operation not permitted
>>>
>>> Interesting. I had not anticipated a failure there? And it is failing
>>> in remount? Oh that is interesting.
>>>
>>> That implies that there is some flag of the original mount of /proc that
>>> the remount of /proc/sys is clearing, and that previously
>>>
>>> The flags specified are current rdonly,remount,bind so I expect there
>>> are some other flags on proc that libvirt-lxc is clearing by accident
>>> and we did not fail before because the kernel was not enforcing things.
>>
>> Please see:
>> http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/lxc/lxc_container.c;h=...
>> lxcContainerMountBasicFS()
>>
>> and:
>> http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/lxc/lxc_container.c;h=...
>> lxcBasicMounts
>>
>>> What are the mount flags in a working libvirt-lxc?
>>
>> See:
>> test1:~ # cat /proc/self/mountinfo
>> 149 147 0:56 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
>> 150 149 0:56 /sys /proc/sys ro,nodev,relatime - proc proc rw
>
>> If you need more info, please let me know. :-)
>
> Oh interesting I had not realized libvirt-lxc had grown an unprivileged
> mode using user namespaces.
>
> This does appear to be a classic remount bug, where you are not
> preserving the permissions. It appears the fact that the code
> failed to enforce locked permissions on the fresh mount of proc
> was hiding this bug until now.
>
> I expect what you actually want is the code below:
>
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index 9a9ae5c2aaf0..f008a7484bfe 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -850,7 +850,7 @@ typedef struct {
>
> static const virLXCBasicMountInfo lxcBasicMounts[] = {
> { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false },
> - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false },
> + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
> { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true },
> { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true },
> { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
>
> Or possibly just:
>
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index 9a9ae5c2aaf0..a60ccbd12bfc 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -850,7 +850,7 @@ typedef struct {
>
> static const virLXCBasicMountInfo lxcBasicMounts[] = {
> { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false },
> - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false },
> + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, true, false, false },
> { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true },
> { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true },
> { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
>
> As the there is little point in making /proc/sys read-only in a
> user-namespace, as the permission checks are uid based and no-one should
> have the global uid 0 in your container. Making mounting /proc/sys
> read-only rather pointless.
Eric, using the patch below I was able to spawn a user-namespace enabled container
using libvirt-lxc. :-)
I had to:
1. Disable the read-only mount of /proc/sys which is anyway useless in the user-namespace case.
2. Disable the /proc/sys/net/ipv{4,6} bind mounts, this ugly hack is only needed for the non user-namespace case.
3. Remove MS_RDONLY from the sysfs mount (For the non user-namespace case we'd have to keep this, though).
Daniel, I'd take this as a chance to disable all the MS_RDONLY games if user-namespace are configured.
With Eric's fixes they hurt us. And as I wrote many times before if root within the user-namespace
is able to do nasty things in /sys and /proc that's a plain kernel bug which needs fixing. There is no
point in mounting these read-only. Except for the case then no user-namespace is used.
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 9a9ae5c..497e05f 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -850,10 +850,10 @@ typedef struct {
static const virLXCBasicMountInfo lxcBasicMounts[] = {
{ "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false },
- { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false },
- { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true },
- { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true },
- { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
+ { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, true, false, false },
+ { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, true, false, true },
+ { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, true, false, true },
+ { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false },
{ "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false },
#if WITH_SELINUX
{ SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false },
Thanks,
//richard
9 years, 6 months
[libvirt] [libvirt-python PATCH] Change livbirt version to 1.3.0 for the next release
by Martin Kletzander
Since the background for Admin API is merged upstream, we are bumping
the minor release version as discussed previously
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
Pushed as trivial
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index 8d34fde3e60d..04e3de41fc71 100755
--- a/setup.py
+++ b/setup.py
@@ -311,7 +311,7 @@ class my_clean(clean):
_c_modules, _py_modules = get_module_lists()
setup(name = 'libvirt-python',
- version = '1.2.17',
+ version = '1.3.0',
url = 'http://www.libvirt.org',
maintainer = 'Libvirt Maintainers',
maintainer_email = 'libvir-list(a)redhat.com',
--
2.4.3
9 years, 7 months
[libvirt] [PATCH] Change livbirt version to 1.3.0 for the next release
by Martin Kletzander
Since the background for Admin API is merged upstream, we are bumping
the minor release version as discussed previously
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
Pushed as trivial
configure.ac | 2 +-
docs/formatdomain.html.in | 2 +-
src/parallels/parallels_driver.c | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index dbaf2722f8f3..20fc564a8128 100644
--- a/configure.ac
+++ b/configure.ac
@@ -16,7 +16,7 @@ dnl You should have received a copy of the GNU Lesser General Public
dnl License along with this library. If not, see
dnl <http://www.gnu.org/licenses/>.
-AC_INIT([libvirt], [1.2.17], [libvir-list(a)redhat.com], [], [http://libvirt.org])
+AC_INIT([libvirt], [1.3.0], [libvir-list(a)redhat.com], [], [http://libvirt.org])
AC_CONFIG_SRCDIR([src/libvirt.c])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([config.h])
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 3ccc71c55918..4e85b51040cb 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4275,7 +4275,7 @@ qemu-kvm -net nic,model=? /dev/null
element. Each queue will potentially be handled by a different
processor, resulting in much higher throughput.
<span class="since">virtio-net since 1.0.6 (QEMU and KVM only)</span>
- <span class="since">vhost-user since 1.2.17 (QEMU and KVM only)</span>
+ <span class="since">vhost-user since 1.3.0 (QEMU and KVM only)</span>
</dd>
<dt><code>host</code> offloading options</dt>
<dd>
diff --git a/src/parallels/parallels_driver.c b/src/parallels/parallels_driver.c
index 706229d8486c..b0a19f32c820 100644
--- a/src/parallels/parallels_driver.c
+++ b/src/parallels/parallels_driver.c
@@ -1371,8 +1371,8 @@ static virHypervisorDriver vzDriver = {
.domainManagedSave = parallelsDomainManagedSave, /* 1.2.14 */
.domainManagedSaveRemove = parallelsDomainManagedSaveRemove, /* 1.2.14 */
.domainGetMaxMemory = parallelsDomainGetMaxMemory, /* 1.2.15 */
- .domainBlockStats = parallelsDomainBlockStats, /* 1.2.17 */
- .domainBlockStatsFlags = parallelsDomainBlockStatsFlags, /* 1.2.17 */
+ .domainBlockStats = parallelsDomainBlockStats, /* 1.3.0 */
+ .domainBlockStatsFlags = parallelsDomainBlockStatsFlags, /* 1.3.0 */
};
static virConnectDriver vzConnectDriver = {
--
2.4.3
9 years, 7 months
[libvirt] [PATCH 00/13] Admin API
by Martin Kletzander
This is a real post for an Admin API to get in. Everything discussed
in previous posts should be a addressed.
I'll start a discussion later on today about the ideas for the APIs to
be added and the general near-future desing moves.
I'm also keeping the last three example patches in so you can try that
it works.
Martin Kletzander (13):
Move daemon-related parts of virNetServer to virNetDaemon
tests: Adapt virnetservertest to daemon refactor
Teach gendispatch how to handle admin dispatching files
Add admin protocol
Build client headers for admin protocol
Add admin error domain
Add libvirt-admin library
Add XML files with admin API specification
Add configuration options for permissions on daemon's admin socket
Add support for admin API in libvirt daemon
rpc: Add virNetServerGetNClients
admin: Add virAdmHello function
Example virt-admin
.gitignore | 5 +
Makefile.am | 7 +-
cfg.mk | 9 +-
configure.ac | 12 +-
daemon/Makefile.am | 32 +-
daemon/admin_server.c | 140 ++++
daemon/admin_server.h | 36 +
daemon/libvirtd-config.c | 27 +-
daemon/libvirtd-config.h | 13 +-
daemon/libvirtd.aug | 13 +
daemon/libvirtd.c | 205 ++++--
daemon/libvirtd.conf | 24 +
daemon/libvirtd.h | 14 +-
daemon/test_libvirtd.aug.in | 9 +
docs/Makefile.am | 23 +-
docs/apibuild.py | 10 +-
docs/internals.html.in | 4 +-
docs/internals/rpc.html.in | 7 +
include/libvirt/Makefile.am | 4 +-
include/libvirt/libvirt-admin.h | 63 ++
include/libvirt/virterror.h | 3 +-
libvirt-admin.pc.in | 13 +
libvirt.spec.in | 21 +
po/POTFILES.in | 4 +
src/Makefile.am | 75 ++-
src/admin/admin_protocol.x | 91 +++
src/admin_protocol-structs | 15 +
src/datatypes.c | 30 +
src/datatypes.h | 37 +
src/internal.h | 1 +
src/libvirt-admin.c | 412 ++++++++++++
src/libvirt_admin.syms | 20 +
src/libvirt_remote.syms | 31 +-
src/locking/lock_daemon.c | 75 ++-
src/locking/lock_daemon_config.c | 2 +-
src/locking/lock_daemon_dispatch.c | 4 +-
src/lxc/lxc_controller.c | 65 +-
src/rpc/gendispatch.pl | 254 +++----
src/rpc/virnetdaemon.c | 749 +++++++++++++++++++++
src/rpc/virnetdaemon.h | 82 +++
src/rpc/virnetserver.c | 530 ++-------------
src/rpc/virnetserver.h | 46 +-
src/rpc/virnetserverprogram.h | 3 +
src/util/virerror.c | 1 +
tests/Makefile.am | 10 +-
tests/confdata/libvirtd.conf | 6 +
tests/confdata/libvirtd.out | 5 +
.../{virnetserverdata => virnetdaemondata}/README | 0
.../virnetdaemondata/input-data-admin-nomdns.json | 126 ++++
.../input-data-anon-clients.json | 0
.../input-data-initial-nomdns.json} | 1 -
.../input-data-initial.json | 0
.../virnetdaemondata/output-data-admin-nomdns.json | 128 ++++
.../virnetdaemondata/output-data-anon-clients.json | 66 ++
.../output-data-initial-nomdns.json | 66 ++
tests/virnetdaemondata/output-data-initial.json | 67 ++
tests/{virnetservertest.c => virnetdaemontest.c} | 70 +-
tests/virnetserverdata/output-data-initial.json | 63 --
tools/virt-admin/Makefile.am | 69 ++
tools/virt-admin/virt-admin.c | 72 ++
tools/virt-admin/virt-admin.pod | 43 ++
61 files changed, 3180 insertions(+), 833 deletions(-)
create mode 100644 daemon/admin_server.c
create mode 100644 daemon/admin_server.h
create mode 100644 include/libvirt/libvirt-admin.h
create mode 100644 libvirt-admin.pc.in
create mode 100644 src/admin/admin_protocol.x
create mode 100644 src/admin_protocol-structs
create mode 100644 src/libvirt-admin.c
create mode 100644 src/libvirt_admin.syms
create mode 100644 src/rpc/virnetdaemon.c
create mode 100644 src/rpc/virnetdaemon.h
rename tests/{virnetserverdata => virnetdaemondata}/README (100%)
create mode 100644 tests/virnetdaemondata/input-data-admin-nomdns.json
rename tests/{virnetserverdata => virnetdaemondata}/input-data-anon-clients.json (100%)
rename tests/{virnetserverdata/output-data-anon-clients.json => virnetdaemondata/input-data-initial-nomdns.json} (97%)
rename tests/{virnetserverdata => virnetdaemondata}/input-data-initial.json (100%)
create mode 100644 tests/virnetdaemondata/output-data-admin-nomdns.json
create mode 100644 tests/virnetdaemondata/output-data-anon-clients.json
create mode 100644 tests/virnetdaemondata/output-data-initial-nomdns.json
create mode 100644 tests/virnetdaemondata/output-data-initial.json
rename tests/{virnetservertest.c => virnetdaemontest.c} (84%)
delete mode 100644 tests/virnetserverdata/output-data-initial.json
create mode 100644 tools/virt-admin/Makefile.am
create mode 100644 tools/virt-admin/virt-admin.c
create mode 100644 tools/virt-admin/virt-admin.pod
--
2.4.3
9 years, 7 months
