[libvirt] [PATCH 0/5] domainRename API implementation
by Tomas Meszaros
This is an effort to implement domain rename API. Presented patch series
consists of the following: virDomainRename API implementation for qemu,
implementation of the virsh command domrename and the additional support
code.
The idea behind this endeavor is to provide convenient and safe way to rename
a domain.
Instead of the:
virsh dumpxml domain > domain.xml
(change domain name in domain.xml)
virsh undefine domain
virsh define domain.xml
user can simply type:
virsh domrename foo bar
or call virDomainRename() API and domain "foo" will be renamed to "bar".
We currently support only renaming inactive domains without snapshots.
Renaming procedure takes care of domain log, config, guest agent path and should
be able to recover in case of failure.
I've been working on this functionality in collaboration with Michal Privoznik
who is my mentor during the GSoC 2015. If you have any questions, ideas
or criticism feel free to join the discussion.
Tomas Meszaros (5):
Introduce virDomainRename API
virsh: Implement "domrename" command
domain_conf: Introducde virDomainObjListRenameAddNew() &
virDomainObjListRenameRemove()
Introduce new VIR_DOMAIN_EVENT_DEFINED_RENAMED event
qemu: Implement virDomainRename
examples/object-events/event-test.c | 2 +
include/libvirt/libvirt-domain.h | 3 +
src/access/viraccessperm.c | 3 +-
src/access/viraccessperm.h | 6 ++
src/conf/domain_conf.c | 35 ++++++++
src/conf/domain_conf.h | 5 ++
src/driver-hypervisor.h | 5 ++
src/libvirt-domain.c | 31 +++++++
src/libvirt_private.syms | 2 +
src/libvirt_public.syms | 5 ++
src/qemu/qemu_driver.c | 172 ++++++++++++++++++++++++++++++++++++
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 18 +++-
src/remote_protocol-structs | 8 ++
tools/virsh-domain.c | 60 ++++++++++++-
tools/virsh.pod | 7 ++
16 files changed, 360 insertions(+), 3 deletions(-)
--
2.1.0
9 years, 4 months
[libvirt] [PATCHv2 0/2] Added waiting for DAD to finish for bridge address.
by Maxim Perevedentsev
This is a fix for commit db488c79173b240459c7754f38c3c6af9b432970
dnsmasq main process which is relied on when waiting for DAD to complete
exits without actually waiting for DAD. This is dnsmasq daemon's task.
It seems to be a race that DAD finished before dnsmasq main process exited.
The above commit needs the execution to block until DAD finishes
for bridge IPv6 address because then it closes dummy tap device.
Thus we need to ensure this ourselves.
So we periodically poll the kernel using netlink and
check whether there are any IPv6 addresses assigned to bridge
which have 'tentative' state. After DAD is finished, execution continues.
I guess that is what dnsmasq was assumed to do.
We use netlink to dump information about existing IPv6 addresses. Netlink's
response is a multi-part message. Unfortunately, the current implementation
of virNetlink treats such messages as faulty and throws an error. So the patch 2/2
adds multi-part nelink response support.
Update v2: fixed syntax.
Maxim Perevedentsev (2):
network: added waiting for DAD to finish for bridge address.
Add support for multi-part netlink messages.
src/network/bridge_driver.c | 113 +++++++++++++++++++++++++++++++++++++++++++-
src/util/virnetlink.c | 4 +-
2 files changed, 115 insertions(+), 2 deletions(-)
--
Sincerely,
Maxim Perevedentsev
9 years, 4 months
[libvirt] [PATCH] virsh: fix domfsinfo wrong output in quiet mode
by Luyao Huang
https://bugzilla.redhat.com/show_bug.cgi?id=1250287
When run domfsinfo in quiet mode, we cannot get any
useful information (just get \n), this is because
we didn't use vshPrint to print useful information.
Signed-off-by: Luyao Huang <lhuang(a)redhat.com>
---
tools/virsh-domain.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index a61656f..4988ba2 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -12848,10 +12848,10 @@ cmdDomFSInfo(vshControl *ctl, const vshCmd *cmd)
_("Mountpoint"), _("Name"), _("Type"), _("Target"));
vshPrintExtra(ctl, "-------------------------------------------------------------------\n");
for (i = 0; i < ret; i++) {
- vshPrintExtra(ctl, "%-36s %-8s %-8s ",
- info[i]->mountpoint, info[i]->name, info[i]->fstype);
+ vshPrint(ctl, "%-36s %-8s %-8s ",
+ info[i]->mountpoint, info[i]->name, info[i]->fstype);
for (j = 0; j < info[i]->ndevAlias; j++) {
- vshPrintExtra(ctl, "%s", info[i]->devAlias[j]);
+ vshPrint(ctl, "%s", info[i]->devAlias[j]);
if (j != info[i]->ndevAlias - 1)
vshPrint(ctl, ",");
}
--
1.8.3.1
9 years, 4 months
[libvirt] [PATCH] conf: Resolve Coverity FORWARD_NULL
by John Ferlan
The recent changes to perform SCSI device address checks during the
post parse callbacks ran afoul of the Coverity checker since the changes
assumed that the 'xmlopt' parameter to virDomainDeviceDefPostParse
would be non NULL (commit id 'ca2cf74e87'); however, what was missed
is there was an "if (xmlopt &&" check being made, so Coverity believed
that it could be possible for a NULL 'xmlopt'.
Checking the various calling paths seemingly disproves that. If called
from virDomainDeviceDefParse, there were two other possible calls that
would end up dereffing, so that path could not be NULL. If called via
virDomainDefPostParseDeviceIterator via virDomainDefPostParse there
are two callers (virDomainDefParseXML and qemuParseCommandLine)
which deref xmlopt either directly or through another call.
So I'm removing the check for non-NULL xmlopt.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/conf/domain_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 77a50c3..dd5ebd7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4145,7 +4145,7 @@ virDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
{
int ret;
- if (xmlopt && xmlopt->config.devicesPostParseCallback) {
+ if (xmlopt->config.devicesPostParseCallback) {
ret = xmlopt->config.devicesPostParseCallback(dev, def, caps,
xmlopt->config.priv);
if (ret < 0)
--
2.1.0
9 years, 4 months
[libvirt] tc ingress rule of VM B disappear when reboot VM A
by ychen
hi:
when I use openstack devstack to test QOS, wired phenomenon appeared,
I set qos ingress rule in tapB, but when I reboot tapA, the ingress rule of tapB automatically removed, but the egress rule is still exist.
Test enviroment:
Linux: ubuntu 14.04.1 LTS
kernel: 3.13.0-32-generic
libvirt: 1.2.2
openstack: havana
1. use nova to create vm A and vm B. for the configuration of the libvirt xml, see the last paragraph in the end.
2. use tc cmd to create qos rule for vm A and vm B
tc qdisc add dev tap3d0d2c4a-0b ingress //vmA
tc qdisc add dev tap896d5066-69 ingress //vmB
3. then use cmd
"sudo virsh destory 142a08db-6e25-4a03-be13-7073104b0745 " to first shutdown vm1
then I see ingress rule of vmB disappeared :(
configurations:
vmA:-------------------------------------------
<domain type='qemu' id='15'>
<name>instance-00000001</name>
<uuid>142a08db-6e25-4a03-be13-7073104b0745</uuid>
<memory unit='KiB'>524288</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<vcpu placement='static'>1</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<sysinfo type='smbios'>
<system>
<entry name='manufacturer'>OpenStack Foundation</entry>
<entry name='product'>OpenStack Nova</entry>
<entry name='version'>2013.2.3</entry>
<entry name='serial'>5fd079ed-5bc3-45ed-8de5-8bf9b8533d82</entry>
<entry name='uuid'>142a08db-6e25-4a03-be13-7073104b0745</entry>
</system>
</sysinfo>
<os>
<type arch='x86_64' machine='pc-i440fx-trusty'>hvm</type>
<boot dev='hd'/>
<smbios mode='sysinfo'/>
</os>
<features>
<acpi/>
<apic/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='none'/>
<source file='/opt/stack/data/nova/instances/142a08db-6e25-4a03-be13-7073104b0745/disk'/>
<target dev='vda' bus='virtio'/>
<alias name='virtio-disk0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<controller type='usb' index='0'>
<alias name='usb0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'>
<alias name='pci.0'/>
</controller>
<interface type='bridge'>
<mac address='fa:16:3e:22:68:6a'/>
<source bridge='br-int'/>
<virtualport type='openvswitch'>
<parameters interfaceid='3d0d2c4a-0b72-4f91-b393-413e0c5a335b'/>
</virtualport>
<target dev='tap3d0d2c4a-0b'/>
<model type='virtio'/>
<driver name='qemu'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='file'>
<source path='/opt/stack/data/nova/instances/142a08db-6e25-4a03-be13-7073104b0745/console.log'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<serial type='pty'>
<source path='/dev/pts/31'/>
<target port='1'/>
<alias name='serial1'/>
</serial>
<console type='file'>
<source path='/opt/stack/data/nova/instances/142a08db-6e25-4a03-be13-7073104b0745/console.log'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<input type='tablet' bus='usb'>
<alias name='input0'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='vnc' port='5900' autoport='yes' listen='127.0.0.1' keymap='en-us'>
<listen type='address' address='127.0.0.1'/>
</graphics>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='apparmor' relabel='yes'>
<label>libvirt-142a08db-6e25-4a03-be13-7073104b0745</label>
<imagelabel>libvirt-142a08db-6e25-4a03-be13-7073104b0745</imagelabel>
</seclabel>
</domain>
vmB:-------------------------------------------
<domain type='qemu' id='13'>
<name>instance-00000002</name>
<uuid>fbd69f7b-83f1-45fe-818b-2021d5cb2e61</uuid>
<memory unit='KiB'>524288</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<vcpu placement='static'>1</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<sysinfo type='smbios'>
<system>
<entry name='manufacturer'>OpenStack Foundation</entry>
<entry name='product'>OpenStack Nova</entry>
<entry name='version'>2013.2.3</entry>
<entry name='serial'>5fd079ed-5bc3-45ed-8de5-8bf9b8533d82</entry>
<entry name='uuid'>fbd69f7b-83f1-45fe-818b-2021d5cb2e61</entry>
</system>
</sysinfo>
<os>
<type arch='x86_64' machine='pc-i440fx-trusty'>hvm</type>
<boot dev='hd'/>
<smbios mode='sysinfo'/>
</os>
<features>
<acpi/>
<apic/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='none'/>
<source file='/opt/stack/data/nova/instances/fbd69f7b-83f1-45fe-818b-2021d5cb2e61/disk'/>
<target dev='vda' bus='virtio'/>
<alias name='virtio-disk0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<controller type='usb' index='0'>
<alias name='usb0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'>
<alias name='pci.0'/>
</controller>
<interface type='bridge'>
<mac address='fa:16:3e:c0:43:88'/>
<source bridge='br-int'/>
<virtualport type='openvswitch'>
<parameters interfaceid='896d5066-694d-4f15-9abe-f587439f279b'/>
</virtualport>
<target dev='tap896d5066-69'/>
<model type='virtio'/>
<driver name='qemu'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='file'>
<source path='/opt/stack/data/nova/instances/fbd69f7b-83f1-45fe-818b-2021d5cb2e61/console.log'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<serial type='pty'>
<source path='/dev/pts/32'/>
<target port='1'/>
<alias name='serial1'/>
</serial>
<console type='file'>
<source path='/opt/stack/data/nova/instances/fbd69f7b-83f1-45fe-818b-2021d5cb2e61/console.log'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<input type='tablet' bus='usb'>
<alias name='input0'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='vnc' port='5901' autoport='yes' listen='127.0.0.1' keymap='en-us'>
<listen type='address' address='127.0.0.1'/>
</graphics>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='apparmor' relabel='yes'>
<label>libvirt-fbd69f7b-83f1-45fe-818b-2021d5cb2e61</label>
<imagelabel>libvirt-fbd69f7b-83f1-45fe-818b-2021d5cb2e61</imagelabel>
</seclabel>
</domain>
9 years, 4 months
[libvirt] Libvirt error in Openstack Tempest attaching disk on arm64 system
by Clark Laughlin
I am running Openstack Tempest on an arm64 platform and am seeing some
test failures related to attaching volumes to an instance. This is an
example of the disk XML generated by one of the tests:
<disk type="block" device="disk"><driver name="qemu" type="raw"
cache="none"/<source
dev="/dev/disk/by-path/ip-10.7.1.2:3260-iscsi-iqn.2010-10.org.openstack:volume-5a204339-80cb-4d06-aecf-2a8a2c970b0e-lun-1"/><target
bus="virtio" dev="vdb"/><serial>5a204339-80cb-4d06-aecf-2a8a2c970b0e</serial></disk>
The test is failing with the error "XML error: No PCI buses
available". I am trying to find the relevent source locations for
this functionality in either in the nova libvirt driver or in the
libvirt source itself. I am not sure why I am getting an error about
no PCI buses when the bus specified in the XML is "virtio".
I would appreciate any pointers / help.
Thank you,
Clark L
9 years, 4 months
[libvirt] [PATCH] examples: Add example polkit ACL rules
by Jiri Denemark
Creating ACL rules is not exactly easy and existing examples are pretty
simple. This patch adds a somewhat complex example which defines three
roles (user, operator, admin) with different permissions.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
Makefile.am | 2 +-
configure.ac | 1 +
examples/polkit/Makefile.am | 17 ++++++
examples/polkit/libvirt-acl.rules | 124 ++++++++++++++++++++++++++++++++++++++
libvirt.spec.in | 3 +
5 files changed, 146 insertions(+), 1 deletion(-)
create mode 100644 examples/polkit/Makefile.am
create mode 100644 examples/polkit/libvirt-acl.rules
diff --git a/Makefile.am b/Makefile.am
index 91b943b..d338d5a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -23,7 +23,7 @@ SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \
tests po examples/object-events examples/hellolibvirt \
examples/dominfo examples/domsuspend examples/apparmor \
examples/xml/nwfilter examples/openauth examples/systemtap \
- tools/wireshark examples/dommigrate \
+ tools/wireshark examples/dommigrate examples/polkit \
examples/lxcconvert examples/domtop
ACLOCAL_AMFLAGS = -I m4
diff --git a/configure.ac b/configure.ac
index 46c80ce..d506c28 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2805,6 +2805,7 @@ AC_CONFIG_FILES([\
examples/systemtap/Makefile \
examples/xml/nwfilter/Makefile \
examples/lxcconvert/Makefile \
+ examples/polkit/Makefile \
tools/wireshark/Makefile \
tools/wireshark/src/Makefile])
AC_OUTPUT
diff --git a/examples/polkit/Makefile.am b/examples/polkit/Makefile.am
new file mode 100644
index 0000000..4d213e8
--- /dev/null
+++ b/examples/polkit/Makefile.am
@@ -0,0 +1,17 @@
+## Copyright (C) 2015 Red Hat, Inc.
+##
+## This library is free software; you can redistribute it and/or
+## modify it under the terms of the GNU Lesser General Public
+## License as published by the Free Software Foundation; either
+## version 2.1 of the License, or (at your option) any later version.
+##
+## This library is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+## Lesser General Public License for more details.
+##
+## You should have received a copy of the GNU Lesser General Public
+## License along with this library. If not, see
+## <http://www.gnu.org/licenses/>.
+
+EXTRA_DIST = libvirt-acl.rules
diff --git a/examples/polkit/libvirt-acl.rules b/examples/polkit/libvirt-acl.rules
new file mode 100644
index 0000000..6a93206
--- /dev/null
+++ b/examples/polkit/libvirt-acl.rules
@@ -0,0 +1,124 @@
+function Role(name) {
+ this.name = name;
+
+ this.actions = [];
+ this.users = [];
+ this.groups = [];
+
+ this.lookup = function(subject) {
+ if (this.users.indexOf(subject.user) >= 0)
+ return true;
+
+ for (var i = 0; i < subject.groups.length; i++) {
+ if (this.groups.indexOf(subject.groups[i]) >= 0)
+ return true;
+ }
+
+ return false;
+ };
+
+ this.lookupAction = function(action) {
+ action = action.id.replace("org.libvirt.api.", "");
+ if (this.actions.indexOf(action) >= 0)
+ return true;
+ else
+ return false;
+ };
+}
+
+
+/* Basic operations and monitoring. */
+var user = new Role("user");
+user.users = ["user1", "user2", "user3"];
+user.groups = ["group1", "group2"];
+
+/* Same as users plus some privileged operations. */
+var operator = new Role("operator");
+operator.users = ["powerUser1", "powerUser2"];
+operator.groups = ["powerGroup1", "powerGroup2", "powerGroup3"];
+
+/* Full access. */
+var admin = new Role("admin");
+admin.users = ["adminUser1"];
+admin.groups = ["adminGroup1"];
+
+
+user.actions = [
+ "domain.core-dump",
+ "domain.fs-freeze",
+ "domain.fs-trim",
+ "domain.getattr",
+ "domain.hibernate",
+ "domain.init-control",
+ "domain.inject-nmi",
+ "domain.open-device",
+ "domain.open-graphics",
+ "domain.pm-control",
+ "domain.read",
+ "domain.reset",
+ "domain.save",
+ "domain.screenshot",
+ "domain.send-input",
+ "domain.send-signal",
+ "domain.set-password",
+ "domain.set-time",
+ "domain.snapshot",
+ "domain.start",
+ "domain.stop",
+ "domain.suspend"
+];
+operator.actions = [
+ "domain.delete",
+ "domain.migrate",
+ "domain.read-secure",
+ "domain.write",
+ "network.delete",
+ "network.getattr",
+ "network.read",
+ "network.save",
+ "network.start",
+ "network.stop",
+ "network.write",
+ "nwfilter.delete",
+ "nwfilter.getattr",
+ "nwfilter.read",
+ "nwfilter.save",
+ "nwfilter.write",
+ "secret.delete",
+ "secret.getattr",
+ "secret.read",
+ "secret.read-secure",
+ "secret.save",
+ "secret.write",
+ "storage-pool.refresh",
+ "storage-vol.create",
+ "storage-vol.data-read",
+ "storage-vol.data-write",
+ "storage-vol.delete",
+ "storage-vol.format",
+ "storage-vol.getattr",
+ "storage-vol.read",
+ "storage-vol.resize"
+];
+
+polkit.addRule(function(action, subject) {
+ if (action.id.indexOf("org.libvirt.api.") != 0)
+ return polkit.Result.NOT_HANDLED;
+
+ if (admin.lookup(subject))
+ return polkit.Result.YES;
+
+ if (operator.lookupAction(action)) {
+ if (operator.lookup(subject))
+ return polkit.Result.YES;
+ else
+ return polkit.Result.NO;
+ } else if (user.lookupAction(action)) {
+ if (operator.lookup(subject) || user.lookup(subject))
+ return polkit.Result.YES;
+ else
+ return polkit.Result.NO;
+ } else {
+ return polkit.Result.NOT_HANDLED;
+ }
+});
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 9a6139a..845efd2 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -2039,6 +2039,9 @@ exit 0
%endif # ! %{with_driver_modules}
%if %{with_network}
+
+%doc examples/polkit/*.rules
+
%files daemon-config-network
%defattr(-, root, root)
%dir %{_datadir}/libvirt/networks/
--
2.5.0
9 years, 4 months
[libvirt] [PATCH] qemuProcessStart: Be tolerant to relabel errors for session mode
by Michal Privoznik
https://bugzilla.redhat.com/show_bug.cgi?id=1124841
When the daemon is running under unprivileged user, that is under
qemu:///session, there are plenty of operations we can't do. What
we can do is to go with best effort. One of such cases is
relabeling domain resources (be it disks, sockets, regular files,
etc.) during domain startup process. While we may successfully set
DAC labels, we can be fairly certain that any attempt to change
SELinux labels will fail. Therefore we should tolerate relabelling
errors and just let qemu to try access the resources. If it fails,
our error reporting system is strong enough to articulate the
exact error to the user anyway.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_process.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 1c0c734..58ed631 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4856,8 +4856,13 @@ int qemuProcessStart(virConnectPtr conn,
VIR_DEBUG("Setting domain security labels");
if (virSecurityManagerSetAllLabel(driver->securityManager,
- vm->def, stdin_path) < 0)
- goto cleanup;
+ vm->def, stdin_path) < 0) {
+ /* Be tolerant to relabel errors if we are running unprivileged. */
+ if (virQEMUDriverIsPrivileged(driver))
+ goto cleanup;
+ else
+ VIR_DEBUG("Ignoring relabel errors for unprivileged daemon");
+ }
/* Security manager labeled all devices, therefore
* if any operation from now on fails and we goto cleanup,
--
2.3.6
9 years, 4 months
[libvirt] mass create vm errors
by Vasiliy Tolstov
Hi again =). I have another problem then testing libvirt with massive vm start:
2015-07-18 08:25:21.687+0000: 36893: error : qemuMonitorIO:750 :
internal error: early end of file from monitor: possible problem:
2015-07-18T08:25:21.586487Z qemu-system-x86_64: -vnc [::]:4,password:
Failed to start VNC server: Failed to bind socket: Address already in
use
As i understand, when libvirt try to detect free port for vnc it
fails, because another process already binds to it. How can i avoid
this errors? Does it fixed in never libvirt releases?
libvirt 1.216
qemu 2.4.0-rc0
--
Vasiliy Tolstov,
e-mail: v.tolstov(a)selfip.ru
9 years, 4 months
[libvirt] [PATCH 0/2] Adjustments for configuring volume lun device
by John Ferlan
Resolve a couple of issues regarding failures seen configuring a disk
to be a type='volume' device='lun'. The doc patch just indicates that
using an NPIV storage/source pool is a valid option. The second patch
allows for a "clearer" error message to be reported.
John Ferlan (2):
docs: Add Fibre Channel NPIV supported option for volume lun config
conf: Allow error reporting in virDomainDiskSourceIsBlockType
docs/formatdomain.html.in | 6 ++++--
src/conf/domain_conf.c | 21 ++++++++++++++++++---
src/conf/domain_conf.h | 2 +-
src/lxc/lxc_cgroup.c | 2 +-
src/lxc/lxc_driver.c | 6 ++----
src/qemu/qemu_command.c | 5 +----
src/qemu/qemu_conf.c | 6 +++---
7 files changed, 30 insertions(+), 18 deletions(-)
--
2.1.0
9 years, 4 months