[libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles
by Stefan Bader
This had been on the Debian package list before but its time to take
this onwards. So the goal would be to have one set to rule them all
(when using apparmor) and drop the seperate set of definitions which
exist at least in the Ubuntu packaging.
Right now the patch would be at a state which adds all missing files
and rules to the current examples in libvirt and installs them when
using --with-apparmor-profiles.
One problem seems to be that some of the definitions might cause
parse failures on certain versions of apparmor. I checked this morning
and this looks a bit hairy. So some apparmor 2.8 versions potentially
have issues, but not all apparmor 2.8 are the same (gah).
I could imagine (but John, we really could use some guidance here ;))
that at least some changes could be related to version 2.8.95~2430:
+ debian/patches/mediate-signals.patch,
debian/patches/change-signal-syntax.patch: Parse signal rules with
apparmor_parser. See the apparmor.d(5) man page for syntax details.
+ debian/patches/change-ptrace-syntax.patch,
debian/patches/mediate-ptrace.patch: Parse ptrace rules with
apparmor_parser. See the apparmor.d(5) man page for syntax details.
But, regardless of the when, the apparmor rules maybe need a way to handle
versioned features of the parser. One proposal was to comment out problematic
rules and allow the packager to re-enable things. Maybe going one step
further and have some pre-processing that handles version based sections
(like #if (APPARMOR_VERSION >= xxx)).
So that is where we stand. Ideas are very welcome.
-Stefan
---
>From aec5cf8cc30c80492a37856626264c3d4c27a31f Mon Sep 17 00:00:00 2001
From: Stefan Bader <stefan.bader(a)canonical.com>
Date: Thu, 18 Sep 2014 14:15:17 +0200
Subject: [PATCH] Add missing delta from Ubuntu to apparmor profiles
This fixes up the upstream profiles and would allow to drop apparmor
related delta from the Ubuntu package.
Thanks to Serge Hallyn for the Makefile.am install hook that allows
to rename the local file.
Signed-off-by: Stefan Bader <stefan.bader(a)canonical.com>
---
examples/apparmor/Makefile.am | 10 ++++++++
examples/apparmor/libvirt-lxc | 15 +++++++++++-
examples/apparmor/libvirt-qemu | 31 +++++++++++++++++++++++-
examples/apparmor/local-usr.sbin.libvirtd | 2 ++
examples/apparmor/usr.lib.libvirt.virt-aa-helper | 25 ++++++++++++++++---
examples/apparmor/usr.sbin.libvirtd | 17 ++++++++++++-
6 files changed, 94 insertions(+), 6 deletions(-)
create mode 100644 examples/apparmor/local-usr.sbin.libvirtd
diff --git a/examples/apparmor/Makefile.am b/examples/apparmor/Makefile.am
index 7a20e16..aa46cb9 100644
--- a/examples/apparmor/Makefile.am
+++ b/examples/apparmor/Makefile.am
@@ -20,6 +20,7 @@ EXTRA_DIST= \
libvirt-qemu \
libvirt-lxc \
usr.lib.libvirt.virt-aa-helper \
+ local-usr.sbin.libvirtd \
usr.sbin.libvirtd
if WITH_APPARMOR_PROFILES
@@ -29,6 +30,15 @@ apparmor_DATA = \
usr.sbin.libvirtd \
$(NULL)
+localdir = $(apparmordir)/local
+local_DATA = \
+ local-usr.sbin.libvirtd \
+ $(NULL)
+
+install-data-hook:
+ mv $(DESTDIR)$(localdir)/local-usr.sbin.libvirtd \
+ $(DESTDIR)$(localdir)/usr.sbin.libvirtd
+
abstractionsdir = $(apparmordir)/abstractions
abstractions_DATA = \
libvirt-qemu \
diff --git a/examples/apparmor/libvirt-lxc b/examples/apparmor/libvirt-lxc
index 4bfb503..4705e0a 100644
--- a/examples/apparmor/libvirt-lxc
+++ b/examples/apparmor/libvirt-lxc
@@ -1,12 +1,18 @@
-# Last Modified: Fri Feb 7 13:01:36 2014
+# Last Modified: Thu, 18 Sep 2014 13:56:49 +0200
#include <abstractions/base>
umount,
+ dbus,
+ signal,
+ ptrace,
# ignore DENIED message on / remount
deny mount options=(ro, remount) -> /,
+ # support use of cgmanager proxy
+ mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
+
# allow tmpfs mounts everywhere
mount fstype=tmpfs,
@@ -33,8 +39,15 @@
mount fstype=fusectl -> /sys/fs/fuse/connections/,
mount fstype=securityfs -> /sys/kernel/security/,
mount fstype=debugfs -> /sys/kernel/debug/,
+ deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/,
mount fstype=proc -> /proc/,
mount fstype=sysfs -> /sys/,
+
+ mount options=(rw nosuid nodev noexec remount) -> /sys/,
+ mount options=(rw remount) -> /sys/kernel/security/,
+ mount options=(rw remount) -> /sys/fs/pstore/,
+ mount options=(ro remount) -> /sys/fs/pstore/,
+
deny /sys/firmware/efi/efivars/** rwklx,
deny /sys/kernel/security/** rwklx,
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index c6de6dd..b69e64c 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -1,4 +1,4 @@
-# Last Modified: Wed Sep 3 21:52:03 2014
+# Last Modified: Thu, 18 Sep 2014 16:41:21 +0200
#include <abstractions/base>
#include <abstractions/consoles>
@@ -13,15 +13,22 @@
capability setgid,
capability setuid,
+ # this is needed with libcap-ng support, however it breaks a lot of things
+ # atm, so just silence the denial until libcap-ng works right. LP: #522845
+ deny capability setpcap,
+
network inet stream,
network inet6 stream,
/dev/net/tun rw,
+ /dev/tap* rw,
/dev/kvm rw,
/dev/ptmx rw,
/dev/kqemu rw,
@{PROC}/*/status r,
@{PROC}/sys/kernel/cap_last_cap r,
+ owner @{PROC}/*/auxv r,
+ @{PROC}/sys/vm/overcommit_memory r,
# For hostdev access. The actual devices will be added dynamically
/sys/bus/usb/devices/ r,
@@ -38,6 +45,9 @@
/dev/snd/* rw,
capability ipc_lock,
# spice
+ /usr/bin/qemu-system-i386-spice rmix,
+ /usr/bin/qemu-system-x86_64-spice rmix,
+ /{dev,run}/shm/ r,
owner /{dev,run}/shm/spice.* rw,
# 'kill' is not required for sound and is a security risk. Do not enable
# unless you absolutely need it.
@@ -73,6 +83,7 @@
# the various binaries
/usr/bin/kvm rmix,
/usr/bin/qemu rmix,
+ /usr/bin/qemu-system-aarch64 rmix,
/usr/bin/qemu-system-arm rmix,
/usr/bin/qemu-system-cris rmix,
/usr/bin/qemu-system-i386 rmix,
@@ -91,6 +102,7 @@
/usr/bin/qemu-system-sparc rmix,
/usr/bin/qemu-system-sparc64 rmix,
/usr/bin/qemu-system-x86_64 rmix,
+ /usr/bin/qemu-system-x86_64-spice rmix,
/usr/bin/qemu-alpha rmix,
/usr/bin/qemu-arm rmix,
/usr/bin/qemu-armeb rmix,
@@ -117,6 +129,16 @@
/bin/dash rmix,
/bin/dd rmix,
/bin/cat rmix,
+ /etc/pki/CA/ r,
+ /etc/pki/CA/* r,
+ /etc/pki/libvirt/ r,
+ /etc/pki/libvirt/** r,
+
+ # for rbd
+ /etc/ceph/ceph.conf r,
+
+ # for access to hugepages
+ owner "/run/hugepages/kvm/libvirt/qemu/**" rw,
# for usb access
/dev/bus/usb/ r,
@@ -124,6 +146,13 @@
/sys/bus/ r,
/sys/class/ r,
+ signal (receive) peer=/usr/sbin/libvirtd,
+ ptrace (tracedby) peer=/usr/sbin/libvirtd,
+
+ # for ppc device-tree access
+ @{PROC}/device-tree/ r,
+ @{PROC}/device-tree/** r,
+
/usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
# child profile for bridge helper process
profile qemu_bridge_helper {
diff --git a/examples/apparmor/local-usr.sbin.libvirtd b/examples/apparmor/local-usr.sbin.libvirtd
new file mode 100644
index 0000000..6e19f20
--- /dev/null
+++ b/examples/apparmor/local-usr.sbin.libvirtd
@@ -0,0 +1,2 @@
+# Site-specific additions and overrides for usr.sbin.libvirtd.
+# For more details, please see /etc/apparmor.d/local/README.
diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
index bceaaff..4df86b0 100644
--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -1,8 +1,9 @@
-# Last Modified: Mon Apr 5 15:10:27 2010
+# Last Modified: Thu, 18 Sep 2014 14:05:36 +0200
#include <tunables/global>
/usr/lib/libvirt/virt-aa-helper {
#include <abstractions/base>
+ #include <abstractions/user-tmp>
# needed for searching directories
capability dac_override,
@@ -19,6 +20,12 @@
# for hostdev
/sys/devices/ r,
/sys/devices/** r,
+ /sys/bus/usb/devices/ r,
+ /sys/bus/usb/devices/** r,
+ deny /dev/sd* r,
+ deny /dev/dm-* r,
+ deny /dev/mapper/ r,
+ deny /dev/mapper/* r,
/usr/lib/libvirt/virt-aa-helper mr,
/sbin/apparmor_parser Ux,
@@ -26,8 +33,11 @@
/etc/apparmor.d/libvirt/* r,
/etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
- # for backingstore -- allow access to non-hidden files in @{HOME} as well
- # as storage pools
+ # For backingstore, virt-aa-helper needs to peek inside the disk image, so
+ # allow access to non-hidden files in @{HOME} as well as storage pools, and
+ # removable media and filesystems, and certain file extentions. A
+ # virt-aa-helper failure when checking a disk for backinsgstore is non-fatal
+ # (but obviously the backingstore won't be added).
audit deny @{HOME}/.* mrwkl,
audit deny @{HOME}/.*/ rw,
audit deny @{HOME}/.*/** mrwkl,
@@ -35,8 +45,17 @@
audit deny @{HOME}/bin/** mrwkl,
@{HOME}/ r,
@{HOME}/** r,
+ @{HOME}/.Private/** mrwlk,
+ @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk,
+
/var/lib/libvirt/images/ r,
/var/lib/libvirt/images/** r,
+ /var/lib/nova/images/** r,
+ /var/lib/nova/instances/_base/** r,
+ /var/lib/nova/instances/snapshots/** r,
+ /var/lib/eucalyptus/instances/**/disk* r,
+ /var/lib/eucalyptus/instances/**/loader* r,
+ /var/lib/uvtool/libvirt/images/** r,
/{media,mnt,opt,srv}/** r,
/**.img r,
diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
index 3011eff..814b4d81 100644
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -1,10 +1,12 @@
-# Last Modified: Mon Apr 5 15:03:58 2010
+# Last Modified: Tue, 23 Sep 2014 09:28:07 +0200
#include <tunables/global>
@{LIBVIRT}="libvirt"
/usr/sbin/libvirtd {
#include <abstractions/base>
#include <abstractions/dbus>
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.libvirtd>
capability kill,
capability net_admin,
@@ -23,6 +25,7 @@
capability setpcap,
capability mknod,
capability fsetid,
+ capability ipc_lock,
capability audit_write,
# Needed for vfio
@@ -33,6 +36,12 @@
network inet6 stream,
network inet6 dgram,
network packet dgram,
+ network netlink,
+
+ dbus bus=system,
+ signal,
+ ptrace,
+ unix,
# Very lenient profile for libvirtd since we want to first focus on confining
# the guests. Guests will have a very restricted profile.
@@ -45,6 +54,12 @@
/usr/sbin/* PUx,
/lib/udev/scsi_id PUx,
/usr/lib/xen-common/bin/xen-toolstack PUx,
+ /usr/lib/xen-*/bin/pygrub PUx,
+ /usr/lib/xen-*/bin/libxl-save-helper PUx,
+
+ # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
+ # write and run an ebtables script.
+ /var/lib/libvirt/virtd* ixr,
# force the use of virt-aa-helper
audit deny /sbin/apparmor_parser rwxl,
--
1.9.1
7 years, 12 months
[libvirt] [PATCH] qemu: don't refuse to undefine a guest with NVRAM file
by Daniel P. Berrange
The undefine operation should always be allowed to succeed
regardless of whether any NVRAM file exists. ie we should
not force the application to use the VIR_DOMAIN_UNDEFINE_NVRAM
flag. It is valid for the app to decide it wants the NVRAM
file left on disk, in the same way that disk images are left
on disk at undefine.
---
src/qemu/qemu_driver.c | 20 +++++++-------------
1 file changed, 7 insertions(+), 13 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index bec05d4..302bf48 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6985,19 +6985,13 @@ qemuDomainUndefineFlags(virDomainPtr dom,
if (!virDomainObjIsActive(vm) &&
vm->def->os.loader && vm->def->os.loader->nvram &&
- virFileExists(vm->def->os.loader->nvram)) {
- if (!(flags & VIR_DOMAIN_UNDEFINE_NVRAM)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("cannot delete inactive domain with nvram"));
- goto cleanup;
- }
-
- if (unlink(vm->def->os.loader->nvram) < 0) {
- virReportSystemError(errno,
- _("failed to remove nvram: %s"),
- vm->def->os.loader->nvram);
- goto cleanup;
- }
+ virFileExists(vm->def->os.loader->nvram) &&
+ (flags & VIR_DOMAIN_UNDEFINE_NVRAM) &&
+ (unlink(vm->def->os.loader->nvram) < 0)) {
+ virReportSystemError(errno,
+ _("failed to remove nvram: %s"),
+ vm->def->os.loader->nvram);
+ goto cleanup;
}
if (virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm) < 0)
--
2.1.0
7 years, 12 months
[libvirt] [PATCH 0/8] domain: Support <address type='pci'/> allocation
by Cole Robinson
This patch series allows the user to specify bare device
<address type='pci'/> to explicitly request PCI address allocation.
This has several uses, but the motivating one is providing an
easy way to request PCI address allocation where it normally isn't
the default address type, like for aarch64 VMs.
Cole Robinson (8):
domain: Add virDomainDefAddImplicitDevices
domain: conf: Export virDomainDefPostParseDevices
qemu: Assign device addresses in PostParse
util: xml: add virXMLPropertyCount
tests: Add failure flags to CompareDomainXML2XML
domain: Make <address type='pci'/> request address allocation
qemu: Wire up address type=pci auto_allocate
tests: qemu: test <address type='pci'/> with aarch64
docs/schemas/domaincommon.rng | 5 +-
src/conf/domain_conf.c | 81 +++++++++++++++++-----
src/conf/domain_conf.h | 8 ++-
src/libvirt_private.syms | 3 +-
src/qemu/qemu_domain.c | 13 +++-
src/qemu/qemu_domain_address.c | 47 +++++++++++++
src/qemu/qemu_driver.c | 6 +-
src/util/virxml.c | 17 +++++
src/util/virxml.h | 1 +
src/vmx/vmx.c | 2 +-
src/vz/vz_sdk.c | 2 +-
tests/bhyvexml2xmltest.c | 2 +-
.../generic-pci-autofill-addr.xml | 27 ++++++++
tests/genericxml2xmltest.c | 17 +++--
tests/lxcxml2xmltest.c | 2 +-
.../qemuargv2xmldata/qemuargv2xml-pseries-disk.xml | 4 +-
...l2argv-aarch64-virtio-pci-manual-addresses.args | 4 +-
...ml2argv-aarch64-virtio-pci-manual-addresses.xml | 5 ++
.../qemuxml2argv-pci-autofill-addr.args | 24 +++++++
.../qemuxml2argv-pci-autofill-addr.xml | 44 ++++++++++++
tests/qemuxml2argvtest.c | 21 +++---
...2xmlout-aarch64-virtio-pci-manual-addresses.xml | 5 ++
.../qemuxml2xmlout-pci-autofill-addr.xml | 46 ++++++++++++
tests/qemuxml2xmltest.c | 18 +++--
tests/testutils.c | 10 ++-
tests/testutils.h | 4 ++
26 files changed, 359 insertions(+), 59 deletions(-)
create mode 100644 tests/genericxml2xmlindata/generic-pci-autofill-addr.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pci-autofill-addr.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pci-autofill-addr.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-pci-autofill-addr.xml
--
2.5.0
8 years
[libvirt] [PATCH v2 0/8] Add support for fetching statistics of completed jobs
by Jiri Denemark
Using virDomainGetJobStats, we can monitor running jobs but sometimes it
may be useful to get statistics about a job that already finished, for
example, to get the final amount of data transferred during migration or
to get an idea about total downtime. This is what the following patches
are about.
Version 2:
- changed according to John's review (see individual patches for
details)
Jiri Denemark (8):
Refactor job statistics
qemu: Avoid incrementing jobs_queued if virTimeMillisNow fails
Add support for fetching statistics of completed jobs
qemu: Silence coverity on optional migration stats
virsh: Add support for completed job stats
qemu: Transfer migration statistics to destination
qemu: Recompute downtime and total time when migration completes
qemu: Transfer recomputed stats back to source
include/libvirt/libvirt.h.in | 11 ++
src/libvirt.c | 11 +-
src/qemu/qemu_domain.c | 189 ++++++++++++++++++++++++++-
src/qemu/qemu_domain.h | 32 ++++-
src/qemu/qemu_driver.c | 130 ++++--------------
src/qemu/qemu_migration.c | 304 ++++++++++++++++++++++++++++++++++++-------
src/qemu/qemu_monitor_json.c | 10 +-
src/qemu/qemu_process.c | 9 +-
tools/virsh-domain.c | 27 +++-
tools/virsh.pod | 10 +-
10 files changed, 557 insertions(+), 176 deletions(-)
--
2.1.0
8 years
[libvirt] [PATCH] send default USB controller in xml to destination during migration on PPC64
by Shivaprasad G Bhat
The default USB controller is not sent to destination as the older versions
of libvirt(0.9.4 or earlier as I see in commit log of 409b5f54) didn't
support them. For some archs where the support started much later can
safely send the USB controllers without this worry. For now, changing the
checks to allow PPC64 here. If we can track the historical support for
other archs, the changes can be extrapolated to them too.
The patch fixes a bug that, if the USB controller happens to occupy
a slot after disks/interfaces and one of them is hot-unplugged, then
the default USB controller added on destination takes the smallest slot
number and that would lead to savestate mismatch and migration
failure.
Signed-off-by: Shivaprasad G Bhat <sbhat(a)linux.vnet.ibm.com>
---
src/qemu/qemu_domain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 9044792..6ecc0e2 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2226,7 +2226,7 @@ qemuDomainDefFormatBuf(virQEMUDriverPtr driver,
usb = def->controllers[i];
}
}
- if (usb && usb->idx == 0 && usb->model == -1) {
+ if (!ARCH_IS_PPC64(def->os.arch) && usb && usb->idx == 0 && usb->model == -1) {
VIR_DEBUG("Removing default USB controller from domain '%s'"
" for migration compatibility", def->name);
toremove++;
8 years
[libvirt] RFC backup API
by Maxim Nestratov
Hi all,
It's been already quite a long time since qemu implemented QMP
"drive-backup" command to create block devices backups. Even more, since
qemu 2.4 there is a possibility to create incremental backups. Though it
is possible to backup all attached to a domain disk drives by combining
them into a single QMP transaction command, this way of creating them,
not to mention managing, remains inconvenient for an end user of
libvirt. Moreover, creating a single drive backup via QMP interface
isn't handy either. That said, it looks reasonable to introduce a *new
backup API* based on QMP "drive-backup" facilities.
Though we can start from a single simple function, allowing to create a
disk backup by means of QMP "drive-backup" command, I'd like to discuss
here the level of management libvirt could provide for backup
operations. To begin with, here is the preliminary list of possible
functions that I think make sense for libvirt API.
virDomainCreateBackup - which creates a backup full/incremental of
all/selected disks,
virListBackups - which lists all backups created for a particular
domain/target,
virRestoreBackup - which restores all/selected disks from a backup,
virDeleteBackup - which deletes all/selected disks from a backup.
It looks like backup management functions, except create one, shouldn't
be or might not be bound to a particular domain and we could possibly
leverage storage pool API with some extension. Specifically, volume
definition could be extended with necessary meta data related to backups.
The *question* is: if the whole idea about this new API as described
above or something similar makes sense?
If yes, then let's find out requirements for it (if any) and I will try
to prepare a patch set with the first RFC implementation to discuss the
API in more details. Looking forward for your opinions on the matter.
Maxim
8 years
[libvirt] [libvirt-glib] events: Mark 'eventlock' as static
by Christophe Fergeau
It's not used outside of the libvirt-glib-event.c file, so there is no
good reason for not having it static. As it was not listed in
libvirt-glib.sym, this will make no change to the publicly exported
symbols (ie this is not an ABI change).
---
libvirt-glib/libvirt-glib-event.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt-glib/libvirt-glib-event.c b/libvirt-glib/libvirt-glib-event.c
index f8227d6..4548aa6 100644
--- a/libvirt-glib/libvirt-glib-event.c
+++ b/libvirt-glib/libvirt-glib-event.c
@@ -110,7 +110,7 @@ struct gvir_event_timeout
virFreeCallback ff;
};
-GMutex *eventlock = NULL;
+static GMutex *eventlock = NULL;
static int nextwatch = 1;
static GPtrArray *handles;
--
2.5.0
8 years, 1 month
[libvirt] [PATCH v6 0/5] vz: add migration support
by Nikolay Shirokovskiy
Difference from v5
==================
1. managed case is implemented
2. p2p follows managed migration flow now
3. 'vz: fix const correctness case' is needed to implement managed case.
4. misc options that are always on for vz (--live, --compressed) are
not required to be set explicitly.
5. --offline is not supported anymore but migration of inactive
domains is possible without this option set.
Nikolay Shirokovskiy (5):
vz: save session uuid on login
vz: fix const correctness case
vz: implement managed migration
vz: implement p2p migration
vz: cleanup: define vz format of uuids
src/vz/vz_driver.c | 555 +++++++++++++++++++++++++++++++++++++++++++++++++++++
src/vz/vz_sdk.c | 89 +++++++--
src/vz/vz_sdk.h | 6 +
src/vz/vz_utils.c | 2 +-
src/vz/vz_utils.h | 6 +-
5 files changed, 641 insertions(+), 17 deletions(-)
--
1.8.3.1
8 years, 1 month
[libvirt] [PATCH 00/10] Convert secret driver to use hashed object
by John Ferlan
This series replaces the usage of linked list in secret driver with a
hashed object list as was suggested in the review in the last patch of
the previous secret driver changes series:
http://www.redhat.com/archives/libvir-list/2016-February/msg01274.html
Patch 1 - starts the ball rolling
Patch 2 - is yet another code optimization (as found in bridge_driver)
Patches 3-8 - Add the new API's "slowly" (for review purposes)
Patch 9 - replaces the usage of linked lists with the hashed object
Patch 10 - moves the secretLoadAllConfigs to secret_conf
The changes are loosely modeled after both virdomainobj and network_conf
functionality. The real meat and potato(e)s is found in patches 5 and 9.
Other functions should be relatively straightforward.
I've done testing of various virsh secret-* commands (both valid and invalid
options) as well as performing driver start, stop, and reload testing.
Each patch was built using 'check' and 'syntax-check'.
The end result is much more code in secret_conf and much less in secret_driver.
John Ferlan (10):
secret: Move virSecretObj to secret_conf.h
Add secretObjFromSecret
secret: Add hashed virSecretObj and virSecretObjList
secret: Introduce virSecretObjListFindBy{UUID|Usage} support
secret: Introduce virSecretObjListAdd* and virSecretObjListRemove
secret: Introduce virSecretObjListNumOfSecrets
secret: Introduce virSecretObjListExport
secret: Introduce virSecretObjListGetUUIDs
secret: Use the hashed virSecretObjList
secret: Move and rename secretLoadAllConfigs
src/conf/secret_conf.c | 819 ++++++++++++++++++++++++++++++++++++++++++++-
src/conf/secret_conf.h | 76 ++++-
src/libvirt_private.syms | 11 +
src/secret/secret_driver.c | 647 +++--------------------------------
4 files changed, 957 insertions(+), 596 deletions(-)
--
2.5.0
8 years, 1 month
