August 2015 - Devel - libvirt List Archives

[libvirt] [PATCH v2 0/3] virt-aa-helper: allow to add R/O files in restricted dirs
by Guido Günther 24 Aug '15

24 Aug '15

Hi, the purpose of these patches is to make it possible to put files in restricted_rw that are under a directory that is already in restricted. It was only possible to add the to overrides before so they ended up being rw. Sorry for the incomplete series this morning, hopefully this looks better. The tests pass here and I've added an additional patch checking the new file. Cheers, -- Guido Guido Günther (2): virt-aa-helper: document --probing and --dry-run virt-aa-helper: Simplify restriction logic intrigeri (1): virt-aa-helper: allow access to /usr/share/ovmf/ src/security/virt-aa-helper.c | 34 ++++++++++++++++++++++------------ tests/virt-aa-helper-test | 9 +++++++++ 2 files changed, 31 insertions(+), 12 deletions(-) -- 2.1.4

3 7

[libvirt] [PATCH v2 0/9] qemu: Make it possible to run domains with dirrefent seclabels
by Martin Kletzander 24 Aug '15

24 Aug '15

We offer setting seclabel for the whole domain, but we never fixed the fact that the domain will not be able to even create its monitor socket because the directory is owned by the default preconfigured user and group. Moreover the selinux context can be off as well. So this patch series fixes few preliminary problems and then changes autogenerating so that it creates path per-domain. That way we can start do mains with any seclabels we want without that annoying error message (or similar ones, depends on your configuration): error: Failed to start domain dummy error: internal error: process exited while connecting to monitor: 2015-08-13T15:26:01.474941Z qemu-system-x86_64: -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/dummy.monitor,server,nowait: Failed to unlink socket /var/lib/libvirt/qemu/dummy.monitor: Permission denied The idea is mentioned in this thread in which I tried fixing it pretty badly without thinking it through (feel free to read the patch for your amusement): https://www.redhat.com/archives/libvir-list/2015-February/msg01051.htmlA One thing to note here is that tests for patch 7/9 are in a separate patch 8/9 and only minimal. We can also use qemuxml2argvtest to test for the same thing and indeed that is patch 9/9 that I haven't sent. I will send it if anyone wants to have that been done as well, but I believe the qemuxml2argvtest can be left as it currently is because the patch itself has around 350KiB. It's also enough if you just tell me in the review that I should squash it in the previous commit (which I don't suppose anyone will do). Or another idea, I made it available on my github: https://github.com/nertpinx/libvirt.git (branch bz1146886) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886 Martin Kletzander (9): security_selinux: Use proper structure to access socket data security_dac: Label non-listening sockets security: Add virSecurityDomainSetDirLabel security_stack: Add SetDirLabel support security_selinux: Add SetDirLabel support security_dac: Add SetDirLabel support qemu: Fix access to auto-generated socket paths tests: Use qemuProcessPrepareMonitorChr in qemuxmlnstest tests: Use qemuProcessPrepareMonitorChr in qemuxml2argvtest src/libvirt_private.syms | 1 + src/qemu/qemu_command.c | 2 +- src/qemu/qemu_domain.c | 16 +++--- src/qemu/qemu_process.c | 57 +++++++++++++++++++++- src/security/security_dac.c | 30 +++++++++++- src/security/security_driver.h | 5 ++ src/security/security_manager.c | 17 +++++++ src/security/security_manager.h | 4 ++ src/security/security_selinux.c | 19 +++++++- src/security/security_stack.c | 20 ++++++++ .../qemuxml2argv-aarch64-aavmf-virtio-mmio.args | 3 +- .../qemuxml2argv-aarch64-cpu-passthrough.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-aarch64-gic.args | 3 +- .../qemuxml2argv-aarch64-kvm-32-on-64.args | 2 +- .../qemuxml2argv-aarch64-virt-default-nic.args | 3 +- .../qemuxml2argv-aarch64-virt-virtio.args | 3 +- .../qemuxml2argv-arm-vexpressa9-basic.args | 3 +- .../qemuxml2argv-arm-vexpressa9-nodevs.args | 3 +- .../qemuxml2argv-arm-vexpressa9-virtio.args | 3 +- .../qemuxml2argv-arm-virt-virtio.args | 3 +- .../qemuxml2argv-balloon-device-auto.args | 3 +- .../qemuxml2argv-balloon-device-period.args | 3 +- .../qemuxml2argv-balloon-device.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-bios-nvram.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-bios.args | 3 +- .../qemuxml2argv-blkdeviotune-max.args | 3 +- .../qemuxml2argv-blkdeviotune.args | 3 +- .../qemuxml2argv-blkiotune-device.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-blkiotune.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-boot-cdrom.args | 3 +- .../qemuxml2argv-boot-complex-bootindex.args | 2 +- .../qemuxml2argv-boot-complex.args | 2 +- .../qemuxml2argv-boot-floppy-q35.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-boot-floppy.args | 3 +- ...xml2argv-boot-menu-disable-drive-bootindex.args | 2 +- .../qemuxml2argv-boot-menu-disable-drive.args | 2 +- .../qemuxml2argv-boot-menu-disable.args | 3 +- ...qemuxml2argv-boot-menu-enable-with-timeout.args | 2 +- .../qemuxml2argv-boot-menu-enable.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-boot-multi.args | 3 +- .../qemuxml2argv-boot-network.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-boot-order.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-boot-strict.args | 2 +- .../qemuxml2argv-bootindex-floppy-q35.args | 2 +- .../qemuxml2argv-channel-guestfwd.args | 3 +- .../qemuxml2argv-channel-spicevmc-old.args | 3 +- .../qemuxml2argv-channel-spicevmc.args | 3 +- .../qemuxml2argv-channel-virtio-auto.args | 2 +- .../qemuxml2argv-channel-virtio-autoadd.args | 2 +- .../qemuxml2argv-channel-virtio-autoassign.args | 2 +- .../qemuxml2argv-channel-virtio-default.args | 2 +- .../qemuxml2argv-channel-virtio-state.args | 2 +- .../qemuxml2argv-channel-virtio-unix.args | 9 ++-- .../qemuxml2argv-channel-virtio.args | 2 +- .../qemuxml2argv-clock-catchup.args | 3 +- .../qemuxml2argv-clock-france.args | 3 +- .../qemuxml2argv-clock-hpet-off.args | 3 +- ...muxml2argv-clock-localtime-basis-localtime.args | 3 +- .../qemuxml2argv-clock-localtime.args | 3 +- .../qemuxml2argv-clock-timer-hyperv-rtc.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-clock-utc.args | 2 +- .../qemuxml2argv-clock-variable.args | 3 +- .../qemuxml2argv-console-compat-auto.args | 3 +- .../qemuxml2argv-console-compat-chardev.args | 3 +- .../qemuxml2argv-console-compat.args | 3 +- .../qemuxml2argv-console-sclp.args | 2 +- .../qemuxml2argv-console-virtio-ccw.args | 2 +- .../qemuxml2argv-console-virtio-many.args | 2 +- .../qemuxml2argv-console-virtio-s390.args | 2 +- .../qemuxml2argv-console-virtio.args | 2 +- .../qemuxml2argv-controller-order.args | 2 +- .../qemuxml2argv-cpu-Haswell-noTSX.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-cpu-Haswell.args | 3 +- .../qemuxml2argv-cpu-Haswell2.args | 3 +- .../qemuxml2argv-cpu-Haswell3.args | 3 +- .../qemuxml2argv-cpu-eoi-disabled.args | 3 +- .../qemuxml2argv-cpu-eoi-enabled.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-cpu-exact1.args | 3 +- .../qemuxml2argv-cpu-exact2-nofallback.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-cpu-exact2.args | 3 +- .../qemuxml2argv-cpu-fallback.args | 2 +- .../qemuxml2argv-cpu-host-kvmclock.args | 3 +- .../qemuxml2argv-cpu-host-model-fallback.args | 2 +- .../qemuxml2argv-cpu-host-model-vendor.args | 2 +- .../qemuxml2argv-cpu-host-model.args | 2 +- ...qemuxml2argv-cpu-host-passthrough-features.args | 2 +- .../qemuxml2argv-cpu-host-passthrough.args | 2 +- .../qemuxml2argv-cpu-kvmclock.args | 3 +- .../qemuxml2argv-cpu-minimum1.args | 3 +- .../qemuxml2argv-cpu-minimum2.args | 3 +- .../qemuxml2argv-cpu-numa-disjoint.args | 3 +- .../qemuxml2argv-cpu-numa-no-memory-element.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-cpu-numa1.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-cpu-numa2.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-cpu-strict1.args | 3 +- .../qemuxml2argv-cpu-topology1.args | 3 +- .../qemuxml2argv-cpu-topology2.args | 3 +- .../qemuxml2argv-cpu-topology3.args | 3 +- .../qemuxml2argv-cputune-numatune.args | 2 +- .../qemuxml2argv-cputune-zero-shares.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-cputune.args | 3 +- .../qemuxml2argv-default-kvm-host-arch.args | 3 +- .../qemuxml2argv-default-qemu-host-arch.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-disk-aio.args | 3 +- .../qemuxml2argv-disk-blockio.args | 3 +- .../qemuxml2argv-disk-cdrom-empty.args | 3 +- .../qemuxml2argv-disk-cdrom-network-ftp.args | 3 +- .../qemuxml2argv-disk-cdrom-network-ftps.args | 3 +- .../qemuxml2argv-disk-cdrom-network-http.args | 3 +- .../qemuxml2argv-disk-cdrom-network-https.args | 3 +- .../qemuxml2argv-disk-cdrom-network-tftp.args | 3 +- ...qemuxml2argv-disk-cdrom-tray-no-device-cap.args | 3 +- .../qemuxml2argv-disk-cdrom-tray.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-cdrom.args | 3 +- .../qemuxml2argv-disk-copy_on_read.args | 2 +- .../qemuxml2argv-disk-drive-boot-cdrom.args | 3 +- .../qemuxml2argv-disk-drive-boot-disk.args | 3 +- .../qemuxml2argv-disk-drive-cache-directsync.args | 3 +- .../qemuxml2argv-disk-drive-cache-unsafe.args | 3 +- .../qemuxml2argv-disk-drive-cache-v1-none.args | 3 +- .../qemuxml2argv-disk-drive-cache-v1-wb.args | 3 +- .../qemuxml2argv-disk-drive-cache-v1-wt.args | 3 +- .../qemuxml2argv-disk-drive-cache-v2-none.args | 3 +- .../qemuxml2argv-disk-drive-cache-v2-wb.args | 3 +- .../qemuxml2argv-disk-drive-cache-v2-wt.args | 3 +- .../qemuxml2argv-disk-drive-copy-on-read.args | 3 +- .../qemuxml2argv-disk-drive-discard.args | 3 +- ...uxml2argv-disk-drive-error-policy-enospace.args | 2 +- .../qemuxml2argv-disk-drive-error-policy-stop.args | 2 +- ...gv-disk-drive-error-policy-wreport-rignore.args | 2 +- .../qemuxml2argv-disk-drive-fat.args | 3 +- .../qemuxml2argv-disk-drive-fmt-qcow.args | 3 +- .../qemuxml2argv-disk-drive-network-gluster.args | 3 +- ...qemuxml2argv-disk-drive-network-iscsi-auth.args | 3 +- .../qemuxml2argv-disk-drive-network-iscsi-lun.args | 3 +- .../qemuxml2argv-disk-drive-network-iscsi.args | 3 +- ...qemuxml2argv-disk-drive-network-nbd-export.args | 3 +- ...ml2argv-disk-drive-network-nbd-ipv6-export.args | 3 +- .../qemuxml2argv-disk-drive-network-nbd-ipv6.args | 3 +- .../qemuxml2argv-disk-drive-network-nbd-unix.args | 3 +- .../qemuxml2argv-disk-drive-network-nbd.args | 3 +- .../qemuxml2argv-disk-drive-network-rbd-auth.args | 3 +- ...muxml2argv-disk-drive-network-rbd-ceph-env.args | 3 +- .../qemuxml2argv-disk-drive-network-rbd-ipv6.args | 3 +- .../qemuxml2argv-disk-drive-network-rbd.args | 3 +- .../qemuxml2argv-disk-drive-network-sheepdog.args | 3 +- .../qemuxml2argv-disk-drive-no-boot.args | 2 +- .../qemuxml2argv-disk-drive-readonly-disk.args | 3 +- ...qemuxml2argv-disk-drive-readonly-no-device.args | 3 +- .../qemuxml2argv-disk-drive-shared.args | 3 +- .../qemuxml2argv-disk-floppy-pseries.args | 3 +- ...emuxml2argv-disk-floppy-tray-no-device-cap.args | 3 +- .../qemuxml2argv-disk-floppy-tray.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-floppy.args | 3 +- .../qemuxml2argv-disk-geometry.args | 3 +- .../qemuxml2argv-disk-ide-drive-split.args | 3 +- .../qemuxml2argv-disk-ide-wwn.args | 3 +- .../qemuxml2argv-disk-ioeventfd.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-disk-iscsi.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-disk-many.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-order.args | 2 +- .../qemuxml2argv-disk-sata-device.args | 3 +- .../qemuxml2argv-disk-scsi-device-auto.args | 3 +- .../qemuxml2argv-disk-scsi-device.args | 3 +- .../qemuxml2argv-disk-scsi-disk-split.args | 3 +- .../qemuxml2argv-disk-scsi-disk-vpd.args | 3 +- .../qemuxml2argv-disk-scsi-disk-wwn.args | 3 +- .../qemuxml2argv-disk-scsi-lun-passthrough.args | 3 +- .../qemuxml2argv-disk-scsi-megasas.args | 3 +- .../qemuxml2argv-disk-scsi-virtio-scsi.args | 3 +- .../qemuxml2argv-disk-scsi-vscsi.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-serial.args | 3 +- .../qemuxml2argv-disk-snapshot.args | 3 +- .../qemuxml2argv-disk-source-pool-mode.args | 3 +- .../qemuxml2argv-disk-source-pool.args | 3 +- .../qemuxml2argv-disk-usb-device-removable.args | 3 +- .../qemuxml2argv-disk-usb-device.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-disk-usb.args | 3 +- .../qemuxml2argv-disk-virtio-ccw-many.args | 3 +- .../qemuxml2argv-disk-virtio-ccw.args | 3 +- .../qemuxml2argv-disk-virtio-s390.args | 3 +- .../qemuxml2argv-disk-virtio-scsi-ccw.args | 3 +- .../qemuxml2argv-disk-virtio-scsi-cmd_per_lun.args | 3 +- .../qemuxml2argv-disk-virtio-scsi-ioeventfd.args | 3 +- .../qemuxml2argv-disk-virtio-scsi-max_sectors.args | 3 +- .../qemuxml2argv-disk-virtio-scsi-num_queues.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-virtio.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-disk-xenvbd.args | 3 +- .../qemuxml2argv-eoi-disabled.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-eoi-enabled.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-event_idx.args | 2 +- .../qemuxml2argv-fips-enabled.args | 3 +- .../qemuxml2argv-floppy-drive-fat.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-fs9p-ccw.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-fs9p.args | 3 +- .../qemuxml2argv-graphics-sdl-fullscreen.args | 3 +- .../qemuxml2argv-graphics-sdl.args | 3 +- ...emuxml2argv-graphics-spice-agent-file-xfer.args | 3 +- .../qemuxml2argv-graphics-spice-agentmouse.args | 3 +- .../qemuxml2argv-graphics-spice-compression.args | 3 +- .../qemuxml2argv-graphics-spice-qxl-vga.args | 3 +- .../qemuxml2argv-graphics-spice-sasl.args | 3 +- .../qemuxml2argv-graphics-spice-timeout.args | 3 +- .../qemuxml2argv-graphics-spice-usb-redir.args | 2 +- .../qemuxml2argv-graphics-spice.args | 3 +- .../qemuxml2argv-graphics-vnc-policy.args | 3 +- .../qemuxml2argv-graphics-vnc-sasl.args | 3 +- .../qemuxml2argv-graphics-vnc-socket.args | 3 +- .../qemuxml2argv-graphics-vnc-tls.args | 3 +- .../qemuxml2argv-graphics-vnc-websocket.args | 3 +- .../qemuxml2argv-graphics-vnc.args | 3 +- .../qemuxml2argv-hostdev-pci-address-device.args | 2 +- .../qemuxml2argv-hostdev-pci-address.args | 3 +- .../qemuxml2argv-hostdev-scsi-boot.args | 2 +- .../qemuxml2argv-hostdev-scsi-lsi-iscsi-auth.args | 2 +- .../qemuxml2argv-hostdev-scsi-lsi-iscsi.args | 2 +- .../qemuxml2argv-hostdev-scsi-lsi.args | 2 +- .../qemuxml2argv-hostdev-scsi-readonly.args | 2 +- ...emuxml2argv-hostdev-scsi-virtio-iscsi-auth.args | 2 +- .../qemuxml2argv-hostdev-scsi-virtio-iscsi.args | 2 +- .../qemuxml2argv-hostdev-scsi-virtio-scsi.args | 2 +- ...muxml2argv-hostdev-usb-address-device-boot.args | 3 +- .../qemuxml2argv-hostdev-usb-address-device.args | 3 +- .../qemuxml2argv-hostdev-usb-address.args | 3 +- .../qemuxml2argv-hostdev-vfio-multidomain.args | 2 +- .../qemuxml2argv-hostdev-vfio.args | 2 +- .../qemuxml2argv-hotplug-base.args | 2 +- .../qemuxml2argv-hugepages-numa.args | 2 +- .../qemuxml2argv-hugepages-pages.args | 3 +- .../qemuxml2argv-hugepages-pages2.args | 3 +- .../qemuxml2argv-hugepages-pages3.args | 3 +- .../qemuxml2argv-hugepages-pages5.args | 3 +- .../qemuxml2argv-hugepages-pages6.args | 3 +- .../qemuxml2argv-hugepages-shared.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-hugepages.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-hyperv-off.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-hyperv.args | 3 +- .../qemuxml2argv-input-usbmouse-addr.args | 3 +- .../qemuxml2argv-input-usbmouse.args | 3 +- .../qemuxml2argv-input-usbtablet.args | 3 +- .../qemuxml2argv-iothreads-disk-virtio-ccw.args | 3 +- .../qemuxml2argv-iothreads-disk.args | 3 +- .../qemuxml2argv-iothreads-ids-partial.args | 3 +- .../qemuxml2argv-iothreads-ids.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-iothreads.args | 3 +- .../qemuxml2argv-kvm-features-off.args | 2 +- .../qemuxml2argv-kvm-features.args | 3 +- .../qemuxml2argv-kvm-pit-delay.args | 2 +- .../qemuxml2argv-kvm-pit-device.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-kvm.args | 3 +- .../qemuxml2argv-kvmclock+eoi-disabled.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-kvmclock.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-lease.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-off-argv.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-off-cap.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-off-caps.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-on-argv.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-on-cap.args | 3 +- .../qemuxml2argv-machine-aeskeywrap-on-caps.args | 3 +- .../qemuxml2argv-machine-aliases1.args | 3 +- .../qemuxml2argv-machine-aliases2.args | 3 +- .../qemuxml2argv-machine-core-off.args | 3 +- .../qemuxml2argv-machine-core-on.args | 3 +- .../qemuxml2argv-machine-deakeywrap-off-argv.args | 3 +- .../qemuxml2argv-machine-deakeywrap-off-cap.args | 3 +- .../qemuxml2argv-machine-deakeywrap-off-caps.args | 3 +- .../qemuxml2argv-machine-deakeywrap-on-argv.args | 3 +- .../qemuxml2argv-machine-deakeywrap-on-cap.args | 3 +- .../qemuxml2argv-machine-deakeywrap-on-caps.args | 3 +- .../qemuxml2argv-machine-keywrap-none-argv.args | 3 +- .../qemuxml2argv-machine-keywrap-none-caps.args | 3 +- .../qemuxml2argv-machine-keywrap-none.args | 3 +- .../qemuxml2argv-machine-usb-opt.args | 3 +- .../qemuxml2argv-machine-vmport-opt.args | 3 +- .../qemuxml2argv-memory-hotplug-dimm-addr.args | 3 +- .../qemuxml2argv-memory-hotplug-dimm.args | 3 +- .../qemuxml2argv-memory-hotplug.args | 3 +- .../qemuxml2argv-memtune-unlimited.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-memtune.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-metadata.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-migrate.args | 3 +- .../qemuxml2argv-minimal-msg-timestamp.args | 2 +- .../qemuxml2argv-minimal-s390.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-minimal.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-misc-acpi.args | 3 +- .../qemuxml2argv-misc-disable-s3.args | 3 +- .../qemuxml2argv-misc-disable-suspends.args | 3 +- .../qemuxml2argv-misc-enable-s4.args | 3 +- .../qemuxml2argv-misc-no-reboot.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-misc-uuid.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-mlock-off.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-mlock-on.args | 3 +- .../qemuxml2argv-mlock-unsupported.args | 3 +- .../qemuxml2argv-monitor-json.args | 3 +- .../qemuxml2argv-multifunction-pci-device.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-net-client.args | 3 +- .../qemuxml2argv-net-eth-ifname.args | 3 +- .../qemuxml2argv-net-eth-names.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-net-eth.args | 3 +- .../qemuxml2argv-net-hostdev-multidomain.args | 2 +- .../qemuxml2argv-net-hostdev-vfio-multidomain.args | 2 +- .../qemuxml2argv-net-hostdev-vfio.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-net-hostdev.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-net-mcast.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-net-server.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-net-user.args | 3 +- .../qemuxml2argv-net-vhostuser-multiq.args | 3 +- .../qemuxml2argv-net-vhostuser.args | 3 +- .../qemuxml2argv-net-virtio-ccw.args | 3 +- .../qemuxml2argv-net-virtio-device.args | 3 +- .../qemuxml2argv-net-virtio-disable-offloads.args | 3 +- .../qemuxml2argv-net-virtio-netdev.args | 3 +- .../qemuxml2argv-net-virtio-s390.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-net-virtio.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-no-shutdown.args | 2 +- .../qemuxml2argv-nographics-vga.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-nographics.args | 3 +- .../qemuxml2argv-nosharepages.args | 2 +- ...qemuxml2argv-numad-auto-memory-vcpu-cpuset.args | 3 +- ...d-auto-memory-vcpu-no-cpuset-and-placement.args | 3 +- ...muxml2argv-numad-auto-vcpu-static-numatune.args | 3 +- ...qemuxml2argv-numad-static-memory-auto-vcpu.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-numad.args | 3 +- ...qemuxml2argv-numatune-auto-nodeset-invalid.args | 3 +- .../qemuxml2argv-numatune-auto-prefer.args | 2 +- .../qemuxml2argv-numatune-memnode-no-memory.args | 2 +- .../qemuxml2argv-numatune-memnode.args | 2 +- .../qemuxml2argv-numatune-memory.args | 3 +- .../qemuxml2argv-panic-no-address.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-panic.args | 3 +- .../qemuxml2argv-parallel-parport-chardev.args | 3 +- .../qemuxml2argv-parallel-tcp-chardev.args | 3 +- .../qemuxml2argv-parallel-tcp.args | 3 +- .../qemuxml2argv-pci-autoadd-addr.args | 2 +- .../qemuxml2argv-pci-autoadd-idx.args | 2 +- .../qemuxml2argv-pci-bridge-many-disks.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-pci-many.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-pci-rom.args | 2 +- .../qemuxml2argv-pci-serial-dev-chardev.args | 2 +- .../qemuxml2argv-pcie-root-port.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-pcie-root.args | 3 +- .../qemuxml2argv-pcie-switch-downstream-port.args | 3 +- .../qemuxml2argv-pcie-switch-upstream-port.args | 3 +- .../qemuxml2argv-pcihole64-none.args | 3 +- .../qemuxml2argv-pcihole64-q35.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-pcihole64.args | 2 +- .../qemuxml2argv-pmu-feature-off.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-pmu-feature.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-ppc-dtb.args | 3 +- .../qemuxml2argv-ppce500-serial.args | 2 +- .../qemuxml2argv-pseries-basic.args | 2 +- .../qemuxml2argv-pseries-cpu-compat.args | 2 +- .../qemuxml2argv-pseries-cpu-exact.args | 2 +- .../qemuxml2argv-pseries-cpu-le.args | 2 +- .../qemuxml2argv-pseries-nvram.args | 2 +- .../qemuxml2argv-pseries-panic-missing.args | 2 +- .../qemuxml2argv-pseries-panic-no-address.args | 2 +- .../qemuxml2argv-pseries-usb-default.args | 2 +- .../qemuxml2argv-pseries-usb-kbd.args | 2 +- .../qemuxml2argv-pseries-usb-multi.args | 2 +- .../qemuxml2argv-pseries-vio-user-assigned.args | 2 +- .../qemuxml2argvdata/qemuxml2argv-pseries-vio.args | 2 +- .../qemuxml2argv-pv-spinlock-disabled.args | 3 +- .../qemuxml2argv-pv-spinlock-enabled.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-q35.args | 3 +- .../qemuxml2argv-qemu-ns-no-env.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-qemu-ns.args | 3 +- .../qemuxml2argv-reboot-timeout-disabled.args | 3 +- .../qemuxml2argv-reboot-timeout-enabled.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-restore-v1.args | 3 +- .../qemuxml2argv-restore-v2-fd.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-restore-v2.args | 3 +- ...muxml2argv-s390-allow-bogus-usb-controller.args | 2 +- .../qemuxml2argv-s390-allow-bogus-usb-none.args | 2 +- .../qemuxml2argv-seclabel-dac-none.args | 3 +- .../qemuxml2argv-seclabel-dynamic-baselabel.args | 3 +- .../qemuxml2argv-seclabel-dynamic-labelskip.args | 3 +- .../qemuxml2argv-seclabel-dynamic-override.args | 3 +- .../qemuxml2argv-seclabel-dynamic-relabel.args | 3 +- .../qemuxml2argv-seclabel-dynamic.args | 3 +- .../qemuxml2argv-seclabel-none.args | 3 +- .../qemuxml2argv-seclabel-static-labelskip.args | 3 +- .../qemuxml2argv-seclabel-static-relabel.args | 2 +- .../qemuxml2argv-seclabel-static.args | 3 +- .../qemuxml2argv-serial-dev-chardev-iobase.args | 3 +- .../qemuxml2argv-serial-dev-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-dev.args | 3 +- .../qemuxml2argv-serial-file-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-file.args | 3 +- .../qemuxml2argv-serial-many-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-many.args | 3 +- .../qemuxml2argv-serial-pty-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-pty.args | 3 +- .../qemuxml2argv-serial-spiceport-nospice.args | 2 +- .../qemuxml2argv-serial-spiceport.args | 2 +- .../qemuxml2argv-serial-tcp-chardev.args | 3 +- .../qemuxml2argv-serial-tcp-telnet-chardev.args | 3 +- .../qemuxml2argv-serial-tcp-telnet.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-tcp.args | 3 +- .../qemuxml2argv-serial-udp-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-udp.args | 3 +- .../qemuxml2argv-serial-unix-chardev.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-serial-unix.args | 3 +- .../qemuxml2argv-serial-vc-chardev.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-serial-vc.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-shmem.args | 3 +- .../qemuxml2argv-smartcard-controller.args | 2 +- .../qemuxml2argv-smartcard-host-certificates.args | 2 +- .../qemuxml2argv-smartcard-host.args | 2 +- ...emuxml2argv-smartcard-passthrough-spicevmc.args | 2 +- .../qemuxml2argv-smartcard-passthrough-tcp.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-smbios.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-smp.args | 3 +- .../qemuxml2argv-sound-device.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-sound.args | 3 +- .../qemuxml2argv-tpm-passthrough.args | 3 +- .../qemuxml2argv-usb-controller.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-usb-hub.args | 2 +- .../qemuxml2argv-usb-ich9-companion.args | 2 +- .../qemuxml2argv-usb-ich9-ehci-addr.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-usb-none.args | 2 +- .../qemuxml2argv-usb-piix3-controller.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-usb-ports.args | 2 +- .../qemuxml2argv-usb-redir-boot.args | 2 +- .../qemuxml2argv-usb-redir-filter-version.args | 2 +- .../qemuxml2argv-usb-redir-filter.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-usb-redir.args | 2 +- tests/qemuxml2argvdata/qemuxml2argv-usb1-usb2.args | 2 +- .../qemuxml2argv-video-device-pciaddr-default.args | 3 +- .../qemuxml2argv-video-qxl-device-vgamem.args | 3 +- .../qemuxml2argv-video-qxl-device.args | 3 +- .../qemuxml2argv-video-qxl-nodevice.args | 3 +- .../qemuxml2argv-video-qxl-sec-device-vgamem.args | 3 +- .../qemuxml2argv-video-qxl-sec-device.args | 3 +- .../qemuxml2argv-video-vga-device-vgamem.args | 3 +- .../qemuxml2argv-video-vga-device.args | 3 +- .../qemuxml2argv-video-vga-nodevice.args | 3 +- .../qemuxml2argvdata/qemuxml2argv-virtio-lun.args | 2 +- .../qemuxml2argv-virtio-rng-ccw.args | 2 +- .../qemuxml2argv-virtio-rng-default.args | 3 +- .../qemuxml2argv-virtio-rng-egd.args | 3 +- .../qemuxml2argv-virtio-rng-multiple.args | 3 +- .../qemuxml2argv-virtio-rng-random.args | 3 +- .../qemuxml2argv-watchdog-device.args | 3 +- .../qemuxml2argv-watchdog-diag288.args | 2 +- .../qemuxml2argv-watchdog-dump.args | 3 +- .../qemuxml2argv-watchdog-injectnmi.args | 3 +- tests/qemuxml2argvdata/qemuxml2argv-watchdog.args | 3 +- tests/qemuxml2argvtest.c | 19 +++++--- .../qemuxmlns-qemu-ns-commandline-ns0.args | 2 +- .../qemuxmlns-qemu-ns-commandline-ns1.args | 2 +- .../qemuxmlns-qemu-ns-commandline.args | 2 +- .../qemuxmlns-qemu-ns-domain-commandline-ns0.args | 2 +- .../qemuxmlns-qemu-ns-domain-commandline.args | 2 +- .../qemuxmlns-qemu-ns-domain-ns0.args | 2 +- tests/qemuxmlnsdata/qemuxmlns-qemu-ns-domain.args | 2 +- tests/qemuxmlnstest.c | 19 +++++--- 457 files changed, 952 insertions(+), 474 deletions(-) -- 2.5.0

2 20

[libvirt] [PATCH v2 0/7] vz: add migration support
by nshirokovskiy＠virtuozzo.com 24 Aug '15

24 Aug '15

NOTE that minimal command to migrate vz domain is like next: virsh -c vz:///system migrate 200 vz+ssh://shiny0/system -p2p --live --persistent --compressed Difference from v1: 1. Patch is quite different. First patchset implements migration thru managed migration scheme. This one goes thru p2p scheme. I belive this is a better approach. Vz migration is done via vz sdk and first patchset uses 5 phased migration only to get a token from destination on prepare phase which is kind a misuse. This patch just adds vz specific function to driver interface to archive the same goal. 2. Offline migration is supported as there is no more dependency on current flow of managed migration scheme. daemon/remote.c | 30 +++++ docs/apibuild.py | 1 + docs/hvsupport.pl | 1 + src/driver-hypervisor.h | 4 + src/libvirt-domain.c | 30 +++++ src/libvirt_internal.h | 2 + src/libvirt_private.syms | 1 + src/remote/remote_driver.c | 26 +++++ src/remote/remote_protocol.x | 12 ++- src/remote_protocol-structs | 1 + src/vz/vz_driver.c | 256 ++++++++++++++++++++++++++++++++++++++++++ src/vz/vz_sdk.c | 86 ++++++++++++--- src/vz/vz_sdk.h | 6 + src/vz/vz_utils.h | 4 +- 14 files changed, 444 insertions(+), 16 deletions(-)

3 10

[libvirt] [sandbox PATCH v2 00/19] *** Virt-sandbox-image ***
by Eren Yagdiran 24 Aug '15

24 Aug '15

virt-sandbox-image.py is a python script that lets you download and run templates from supported sources using virt-sandbox. Component-based archictecture is accomplished through Source base class. Docker image support is added through DockerSource. DockerSource is capable of downloading and running Docker images by consuming Docker Registry API. **Changes for v2** *Trailing spaces are gone forever. make syntax-check now is ok. *Python version < 2.7.9 or < 3.4.3 now gives a warring when downloading a docker image from ssl. *Dynamic resource loader has been changed. Now it uses class naming convention in order to load custom sources. In previous patch series, custom sources used to register themselves into a common area, so we can load from them * -c/--connect parameter is for providing URI to the libvirt. * Private methods now starts with a single underscore instead of double underscores * virt-sandbox-image/sources/__init__.py is added * Network params can be passed to running sandbox. * Custom volume support is added through host-bind. * Custom environment variables can be passed into virt-sandbox * Custom environment support for virt-sandbox-image Daniel P Berrange (1): Add virt-sandbox-image Eren Yagdiran (18): Fix virt-sandbox-image Image: Add Hooking Mechanism Image: Add download function Image: Refactor create function Image: Add delete function Image: Add get_command function to Source Image: Add run args Image: Add check_connect function Image: Add get_disk function to Source Image: Add run function Image: Add network support Image: Add Volume Support Image: man file for virt-sandbox-image Add configuration object for environment variables Add environment parameter to virt-sandbox Common-init: Exporting custom environment variables Add testcase for custom environment variables Image: Add custom environment support .gitignore | 1 + bin/Makefile.am | 21 +- bin/virt-sandbox-image.in | 3 + bin/virt-sandbox-image.pod | 172 +++++++++++ bin/virt-sandbox.c | 14 + configure.ac | 2 + libvirt-sandbox/Makefile.am | 2 + libvirt-sandbox/libvirt-sandbox-config-all.h | 1 + libvirt-sandbox/libvirt-sandbox-config-env.c | 199 ++++++++++++ libvirt-sandbox/libvirt-sandbox-config-env.h | 78 +++++ libvirt-sandbox/libvirt-sandbox-config.c | 187 +++++++++++- libvirt-sandbox/libvirt-sandbox-config.h | 12 + libvirt-sandbox/libvirt-sandbox-init-common.c | 30 ++ libvirt-sandbox/libvirt-sandbox.h | 1 + libvirt-sandbox/libvirt-sandbox.sym | 6 + libvirt-sandbox/tests/test-config.c | 10 + po/POTFILES.in | 1 + virt-sandbox-image/Makefile.am | 14 + virt-sandbox-image/sources/DockerSource.py | 425 ++++++++++++++++++++++++++ virt-sandbox-image/sources/Source.py | 59 ++++ virt-sandbox-image/sources/__init__.py | 29 ++ virt-sandbox-image/virt-sandbox-image.py | 267 ++++++++++++++++ 22 files changed, 1529 insertions(+), 5 deletions(-) create mode 100644 bin/virt-sandbox-image.in create mode 100644 bin/virt-sandbox-image.pod create mode 100644 libvirt-sandbox/libvirt-sandbox-config-env.c create mode 100644 libvirt-sandbox/libvirt-sandbox-config-env.h create mode 100644 virt-sandbox-image/Makefile.am create mode 100644 virt-sandbox-image/sources/DockerSource.py create mode 100644 virt-sandbox-image/sources/Source.py create mode 100644 virt-sandbox-image/sources/__init__.py create mode 100755 virt-sandbox-image/virt-sandbox-image.py -- 2.1.0

3 33

[libvirt] [libvirt-test-api][PATCH 1/3] add new test case for getMemoryStats
by Luyao Huang 24 Aug '15

24 Aug '15

Signed-off-by: Luyao Huang <lhuang(a)redhat.com> --- cases/test_connection.conf | 4 ++ repos/virconn/connection_getMemoryStats.py | 96 ++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 repos/virconn/connection_getMemoryStats.py diff --git a/cases/test_connection.conf b/cases/test_connection.conf index 3c08a95..336b1ad 100644 --- a/cases/test_connection.conf +++ b/cases/test_connection.conf @@ -73,3 +73,7 @@ virconn:connection_getCellsFreeMemory virconn:connection_getMemoryParameters conn qemu:///system + +virconn:connection_getMemoryStats + conn + qemu:///system diff --git a/repos/virconn/connection_getMemoryStats.py b/repos/virconn/connection_getMemoryStats.py new file mode 100644 index 0000000..fcc146b --- /dev/null +++ b/repos/virconn/connection_getMemoryStats.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +import libvirt +from libvirt import libvirtError +from utils import utils + +required_params = () +optional_params = {'conn': ''} + +NODE_ONLINE = '/sys/devices/system/node/online' +MEMINFO = '/proc/meminfo' + +def getsysmem(a): + return open(a[0]).read().splitlines()[a[1]].split()[a[2]] + +def virtgetmem(a): + return a[0].getMemoryStats(a[1])[a[2]] + +def connection_getMemoryStats(params): + """ + test API for getMemoryStats in class virConnect + """ + logger = params['logger'] + fail=0 + + nodeset = utils.file_read(NODE_ONLINE) + logger.info("host exist node is %s" % nodeset) + + node_tuple = utils.param_to_tuple_nolength(nodeset) + if not node_tuple: + logger.info("error in function param_to_tuple_nolength") + return 1 + + try: + conn = libvirt.open(params['conn']) + + logger.info("get connection cells memory status") + for n in range(len(node_tuple)): + if not node_tuple[n]: + continue + + D = utils.get_standard_deviation(getsysmem, virtgetmem, \ + ['/sys/devices/system/node/node%d/meminfo' % n,1,3], [conn,n,'free']) + logger.info("Standard Deviation for free memory in node %d is %d" % (n, D)) + + + """ expectations 177 is a average collected in a x86_64 low load machine""" + if D > 177*5: + fail=1 + logger.info("FAIL: Standard Deviation is too big \ + (biger than %d) for node %d free memory" % (177*5, n)) + + a1 = ['/sys/devices/system/node/node%d/meminfo' % n, 0, 3] + a2 = [conn,n,'total'] + if long(getsysmem(a1)) != long(virtgetmem(a2)): + fail=1 + logger.info("FAIL: Total memory in node %d is not right" % n) + + + D = utils.get_standard_deviation(getsysmem, virtgetmem, \ + [MEMINFO, 3, 1], [conn, -1, 'buffers']) + logger.info("Standard Deviation for host buffers is %d" % D) + + """ expectations 30 is a average collected in a x86_64 low load machine""" + if D > 30*5: + fail=1 + logger.info("FAIL: Standard Deviation is too big \ + (biger than %d) for host buffers" % 30*5) + + D = utils.get_standard_deviation(getsysmem, virtgetmem, \ + [MEMINFO,4,1], [conn,-1,'cached']) + logger.info("Standard Deviation for host cached is %d" % D) + + """ expectations 32 is a average collected in a x86_64 low load machine""" + if D > 32*5: + fail=1 + logger.info("FAIL: Standard Deviation is too big \ + (biger than %d) for host cached" % 32*5) + + D = utils.get_standard_deviation(getsysmem, virtgetmem, \ + [MEMINFO,1,1], [conn,-1,'free']) + logger.info("Standard Deviation for host free memory is %d" % D) + + """ expectations 177 is a average collected in a x86_64 low load machine""" + if D > 177*5: + fail=1 + logger.info("FAIL: Standard Deviation is too big \ + (biger than %d) for host free memory" % 177*5) + + if long(getsysmem([MEMINFO,0,1])) != long(virtgetmem([conn,-1,'total'])): + fail=1 + logger.info("FAIL: Total memory for host is not right" % n) + + except libvirtError, e: + logger.error("API error message: %s" % e.message) + fail=1 + return fail -- 1.8.3.1

4 6

[libvirt] [PATCH 0/4] Improve handling of ppc64 compatibility modes
by Andrea Bolognani 22 Aug '15

22 Aug '15

This series fixes an issue that prevented save / restore from working when using compatibility modes; it also introduces some new checks to make sure the requested compability configuration is actually supported and a few test cases. Cheers. Andrea Bolognani (4): cpu: Don't update host-model guest CPUs on ppc64 cpu: Better support for ppc64 compatibility modes cpu: Move check for NULL CPU model inside the driver tests: Add some compatibility-related cases to the CPU tests src/cpu/cpu.c | 12 --- src/cpu/cpu_generic.c | 6 ++ src/cpu/cpu_ppc64.c | 98 ++++++++++++++++++++-- src/cpu/cpu_x86.c | 6 ++ tests/cputest.c | 14 ++++ .../ppc64-guest-compat-incompatible.xml | 3 + tests/cputestdata/ppc64-guest-compat-invalid.xml | 3 + tests/cputestdata/ppc64-guest-compat-none.xml | 1 + tests/cputestdata/ppc64-guest-compat-valid.xml | 3 + tests/cputestdata/ppc64-guest-host-model.xml | 3 + .../ppc64-host+guest-compat-incompatible.xml | 3 + .../ppc64-host+guest-compat-invalid.xml | 3 + tests/cputestdata/ppc64-host+guest-compat-none.xml | 3 + .../cputestdata/ppc64-host+guest-compat-valid.xml | 3 + tests/cputestdata/ppc64-host+guest-host-model.xml | 3 + .../ppc64-host+guest-legacy-incompatible.xml | 3 + .../ppc64-host+guest-legacy-invalid.xml | 3 + tests/cputestdata/ppc64-host+guest-legacy.xml | 3 + tests/cputestdata/ppc64-host+guest-nofallback.xml | 3 + tests/cputestdata/ppc64-host+guest.xml | 3 + 20 files changed, 162 insertions(+), 17 deletions(-) create mode 100644 tests/cputestdata/ppc64-guest-compat-incompatible.xml create mode 100644 tests/cputestdata/ppc64-guest-compat-invalid.xml create mode 100644 tests/cputestdata/ppc64-guest-compat-none.xml create mode 100644 tests/cputestdata/ppc64-guest-compat-valid.xml create mode 100644 tests/cputestdata/ppc64-guest-host-model.xml create mode 100644 tests/cputestdata/ppc64-host+guest-compat-incompatible.xml create mode 100644 tests/cputestdata/ppc64-host+guest-compat-invalid.xml create mode 100644 tests/cputestdata/ppc64-host+guest-compat-none.xml create mode 100644 tests/cputestdata/ppc64-host+guest-compat-valid.xml create mode 100644 tests/cputestdata/ppc64-host+guest-host-model.xml create mode 100644 tests/cputestdata/ppc64-host+guest-legacy-incompatible.xml create mode 100644 tests/cputestdata/ppc64-host+guest-legacy-invalid.xml create mode 100644 tests/cputestdata/ppc64-host+guest-legacy.xml create mode 100644 tests/cputestdata/ppc64-host+guest-nofallback.xml create mode 100644 tests/cputestdata/ppc64-host+guest.xml -- 2.4.3

2 13

[libvirt] Guidelines for implementing a hypervisor driver
by Christian Loehle 21 Aug '15

21 Aug '15

Hey, I couldn't find any documentation about how to implement a driver for a new hypervisor, does something like that exist? Best regards, Christian Loehle

3 3

[libvirt] Plans for next release
by Daniel Veillard 21 Aug '15

21 Aug '15

Seems we should push 1.2.19 at the end of the month, we are right now at around 150 commits so not a big release. Thus I suggest to enter freeze Wed next week for a release around Sep 1st. I hope this works for everybody, Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

1 0

[libvirt] [PATCH 1/2] virt-aa-helper: Simplify restriction logic
by Guido Günther 21 Aug '15

21 Aug '15

First check overrides, then read only files then restricted access itself. as proposed by Martin Kletzander --- src/security/virt-aa-helper.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 4ce1e7a..963cba6 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -544,7 +544,7 @@ array_starts_with(const char *str, const char * const *arr, const long size) static int valid_path(const char *path, const bool readonly) { - int npaths, opaths; + int npaths; const char * const restricted[] = { "/bin/", "/etc/", @@ -594,19 +594,20 @@ valid_path(const char *path, const bool readonly) if (!virFileExists(path)) vah_warning(_("path does not exist, skipping file type checks")); - opaths = sizeof(override)/sizeof(*(override)); - - npaths = sizeof(restricted)/sizeof(*(restricted)); - if (array_starts_with(path, restricted, npaths) == 0 && - array_starts_with(path, override, opaths) != 0) - return 1; + npaths = sizeof(override)/sizeof(*(override)); + if (array_starts_with(path, override, npaths) == 0) + return 0; npaths = sizeof(restricted_rw)/sizeof(*(restricted_rw)); - if (!readonly) { + if (readonly) { if (array_starts_with(path, restricted_rw, npaths) == 0) - return 1; + return 0; } + npaths = sizeof(restricted)/sizeof(*(restricted)); + if (array_starts_with(path, restricted, npaths) != 0) + return 1; + return 0; } -- 2.1.4

2 3

[libvirt] [PATCH] Add generated libvirt_admin.syms into .gitignore
by Martin Kletzander 21 Aug '15

21 Aug '15

Commit a2c5d16a70a6161449c687be74db2813b362cf5e switched to generating libvirt_admin.syms, but forgot to add the generated file into .gitignore, hence causing tree pollution post-build. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- Pushed as trivial .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 0b40f4aac110..6bd41be9db89 100644 --- a/.gitignore +++ b/.gitignore @@ -124,6 +124,7 @@ /src/libvirt_access_lxc.xml /src/libvirt_access_qemu.syms /src/libvirt_access_qemu.xml +/src/libvirt_admin.syms /src/libvirt_*.stp /src/libvirt_*helper /src/libvirt_*probes.h -- 2.5.0

2 1