[libvirt] [PATCH 00/12] qemu: Add support for more migration parameters
by Jiri Denemark
QEMU is transforming existing special migration parameters (those which
need dedicated QMP commands to be set or queried) into proper parameters
handled by query-migrate-parameters and migrate-set-parameters. Even
though we may still want to use the existing commands adding support for
tha transformed parameters will help us clean all of them before
migration and reset them to their original values after a failed
migration. Thus we wouldn't need to add more ad-hoc code which resets
some of them and ignores some others.
Jiri Denemark (12):
qemu: Generalize PARSE macro in qemuMonitorJSONGetMigrationParams
qemu: Use macro for parsing string migration parameters
qemu: Use macro for parsing ull migration parameters
qemu: Generalize APPEND macro in qemuMonitorJSONSetMigrationParams
qemu: Use macro for setting string migration parameters
qemu: Drop giant if statement from qemuMonitorSetMigrationParams
qemumonitorjsontest: Rename 1st CHECK macro in migration params test
qemumonitorjsontest: Rename 2nd CHECK macro in migration params test
qemu: Add support for setting downtime-limit migration parameter
qemu: Rename TLS related migration parameters
qemu: Add support for max-bandwidth migration parameter
qemu: Add support for block-incremental migration parameter
src/qemu/qemu_migration.c | 23 +++++-----
src/qemu/qemu_monitor.c | 20 +++------
src/qemu/qemu_monitor.h | 10 ++++-
src/qemu/qemu_monitor_json.c | 104 +++++++++++++++++++++++++++----------------
tests/qemumonitorjsontest.c | 46 ++++++++++++-------
5 files changed, 123 insertions(+), 80 deletions(-)
--
2.14.3
6 years, 6 months
[libvirt] [PATCH v5 0/4] numa: describe sibling nodes distances
by Wim Ten Have
From: Wim ten Have <wim.ten.have(a)oracle.com>
This patch extends guest domain administration adding support to
advertise node sibling distances when configuring NUMA guests also
referred to as vNUMA (Virtual NUMA).
NUMA (Non-Uniform Memory Access), a method of configuring a cluster
of nodes within a single multiprocessing system such that it shares
processor local memory amongst others improving performance and the
ability of the system to be expanded.
A NUMA system could be illustrated as shown below. Within this 4-NODE
system, every socket is equipped with its own distinct memory and some
with I/O. Access to memory or I/O on remote nodes is only possible
through the "Interconnect". This results in different performance for
local and remote resources.
In contrast to NUMA we recognize the flat SMP system where no concept
of local or remote resource exists. The disadvantage of high socket
count SMP systems is that the shared bus can easily become a performance
bottleneck under high activity.
+-------------+-------+ +-------+-------------+
|NODE0| | | | | |NODE3|
| | CPU00 | CPU03 | | CPU12 | CPU15 | |
| | | | | | | |
| Mem +--- Socket0 ---<-------->--- Socket3 ---+ Mem |
| | | | | | | |
+-----+ CPU01 | CPU02 | | CPU13 | CPU14 | |
| I/O | | | | | | |
+-----+-------^-------+ +-------^-------+-----+
| |
| Interconnect |
| |
+-------------v-------+ +-------v-------------+
|NODE1| | | | | |NODE2|
| | CPU04 | CPU07 | | CPU08 | CPU11 | |
| | | | | | | |
| Mem +--- Socket1 ---<-------->--- Socket2 ---+ Mem |
| | | | | | | |
+-----+ CPU05 | CPU06 | | CPU09 | CPU10 | |
| I/O | | | | | | |
+-----+-------+-------+ +-------+-------+-----+
NUMA adds an intermediate level of memory shared amongst a few cores
per socket as illustrated above, so that data accesses do not have to
travel over a single bus.
Unfortunately the way NUMA does this adds its own limitations. This,
as visualized in the illustration above, happens when data is stored in
memory associated with Socket2 and is accessed by a CPU (core) in Socket0.
The processors use the "Interconnect" path to access resource on other
nodes. These "Interconnect" hops add data access delays. It is therefore
in our interest to describe the relative distances between nodes.
The relative distances between nodes are described in the system's SLIT
(System Locality Distance Information Table) which is part of the ACPI
(Advanced Configuration and Power Interface) specification.
On Linux systems the SLIT detail can be listed with help of the
'numactl -H' command. The above guest would show the following output.
[root@f25 ~]# numactl -H
available: 4 nodes (0-3)
node 0 cpus: 0 1 2 3
node 0 size: 2007 MB
node 0 free: 1931 MB
node 1 cpus: 4 5 6 7
node 1 size: 1951 MB
node 1 free: 1902 MB
node 2 cpus: 8 9 10 11
node 2 size: 1998 MB
node 2 free: 1910 MB
node 3 cpus: 12 13 14 15
node 3 size: 2015 MB
node 3 free: 1907 MB
node distances:
node 0 1 2 3
0: 10 21 31 21
1: 21 10 21 31
2: 31 21 10 21
3: 21 31 21 10
These patches extend core libvirt's XML description of NUMA cells to
include NUMA distance information and propagate it to Xen guests via
libxl. Recently qemu landed support for constructing the SLIT since
commit 0f203430dd ("numa: Allow setting NUMA distance for different NUMA
nodes"). The core libvirt extensions in this patch set could be used to
propagate NUMA distances to qemu quests in the future.
Wim ten Have (4):
numa: describe siblings distances within cells
xenconfig: add domxml conversions for xen-xl
libxl: vnuma support
xlconfigtest: add tests for numa cell sibling distances
docs/formatdomain.html.in | 63 +++-
docs/schemas/basictypes.rng | 7 +
docs/schemas/cputypes.rng | 18 ++
src/conf/numa_conf.c | 359 ++++++++++++++++++++-
src/conf/numa_conf.h | 20 ++
src/libvirt_private.syms | 5 +
src/libxl/libxl_conf.c | 121 +++++++
src/libxl/libxl_driver.c | 3 +-
src/xenconfig/xen_xl.c | 333 +++++++++++++++++++
.../test-fullvirt-vnuma-autocomplete.cfg | 26 ++
.../test-fullvirt-vnuma-autocomplete.xml | 85 +++++
.../test-fullvirt-vnuma-nodistances.cfg | 26 ++
.../test-fullvirt-vnuma-nodistances.xml | 53 +++
.../test-fullvirt-vnuma-partialdist.cfg | 26 ++
.../test-fullvirt-vnuma-partialdist.xml | 60 ++++
tests/xlconfigdata/test-fullvirt-vnuma.cfg | 26 ++
tests/xlconfigdata/test-fullvirt-vnuma.xml | 81 +++++
tests/xlconfigtest.c | 6 +
18 files changed, 1313 insertions(+), 5 deletions(-)
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma-autocomplete.cfg
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma-autocomplete.xml
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma-nodistances.cfg
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma-nodistances.xml
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma-partialdist.cfg
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma-partialdist.xml
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma.cfg
create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma.xml
--
2.13.6
6 years, 6 months
[libvirt] [PATCH v2 0/4] Predictable file names for memory-backend-file
by Michal Privoznik
v2 of:
https://www.redhat.com/archives/libvir-list/2017-October/msg01063.html
Patches are to be found here too:
https://github.com/zippy2/libvirt/tree/qemu_mem_path_v3
diff to v1:
-Dropped qemu.conf config knob
-s/rmdir/virFileDeleteTree/ in qemuProcessBuildDestroyMemoryPathsImpl() because
qemu leaves files behind and thus we need to unlink them too.
Michal Privoznik (4):
conf: s/virDomainObjGetShortName/virDomainDefGetShortName/
qemu: Move memPath generation from memoryBackingDir to a separate
function
qemu: Use predictable file names for memory-backend-file
news: Document predictable file names for memory-backend-file
docs/news.xml | 11 ++
src/conf/domain_conf.c | 4 +-
src/conf/domain_conf.h | 2 +-
src/libvirt_private.syms | 2 +-
src/qemu/qemu_command.c | 9 +-
src/qemu/qemu_conf.c | 71 ++++++++++-
src/qemu/qemu_conf.h | 10 ++
src/qemu/qemu_domain.c | 4 +-
src/qemu/qemu_driver.c | 19 ++-
src/qemu/qemu_hotplug.c | 2 +-
src/qemu/qemu_process.c | 137 +++++++++++++++------
src/qemu/qemu_process.h | 8 +-
.../qemuxml2argv-cpu-numa-memshared.args | 6 +-
.../qemuxml2argv-fd-memory-numa-topology.args | 3 +-
.../qemuxml2argv-fd-memory-numa-topology2.args | 6 +-
.../qemuxml2argv-fd-memory-numa-topology3.args | 9 +-
.../qemuxml2argv-hugepages-memaccess2.args | 9 +-
17 files changed, 244 insertions(+), 68 deletions(-)
--
2.13.6
6 years, 6 months
[libvirt] [PATCH go-xml] Add support for CPUTune in Domain
by Michal Rostecki
From: Michal Rostecki <michal.rostecki(a)gmail.com>
Signed-off-by: Victoria Efimova <neverpushthisbutton(a)yandex.ru>
Signed-off-by: Ivan Shvedunov <ischvedunov(a)mirantis.com>
Signed-off-by: Miha Pleško <miha.plesko(a)xlab.si>
Signed-off-by: Michal Rostecki <michal.rostecki(a)gmail.com>
---
domain.go | 19 +++++++++++++++++++
domain_test.go | 20 ++++++++++++++++++++
2 files changed, 39 insertions(+)
diff --git a/domain.go b/domain.go
index bacab11..3efd68c 100644
--- a/domain.go
+++ b/domain.go
@@ -722,6 +722,24 @@ type DomainFeatureList struct {
SMM *DomainFeatureState `xml:"smm"`
}
+type DomainCPUTuneShares struct {
+ Value uint `xml:",chardata"`
+}
+
+type DomainCPUTunePeriod struct {
+ Value uint64 `xml:",chardata"`
+}
+
+type DomainCPUTuneQuota struct {
+ Value int64 `xml:",chardata"`
+}
+
+type DomainCPUTune struct {
+ Shares *DomainCPUTuneShares `xml:"shares"`
+ Period *DomainCPUTunePeriod `xml:"period"`
+ Quota *DomainCPUTuneQuota `xml:"quota"`
+}
+
type DomainQEMUCommandlineArg struct {
Value string `xml:"value,attr"`
}
@@ -751,6 +769,7 @@ type Domain struct {
MemoryBacking *DomainMemoryBacking `xml:"memoryBacking"`
VCPU *DomainVCPU `xml:"vcpu"`
VCPUs *DomainVCPUs `xml:"vcpus"`
+ CPUTune *DomainCPUTune `xml:"cputune"`
Resource *DomainResource `xml:"resource"`
SysInfo *DomainSysInfo `xml:"sysinfo"`
OS *DomainOS `xml:"os"`
diff --git a/domain_test.go b/domain_test.go
index dbebe42..b427b50 100644
--- a/domain_test.go
+++ b/domain_test.go
@@ -1335,6 +1335,26 @@ var domainTestData = []struct {
`</domain>`,
},
},
+ {
+ Object: &Domain{
+ Name: "test",
+ CPUTune: &DomainCPUTune{
+ Shares: &DomainCPUTuneShares{Value: 1024},
+ Period: &DomainCPUTunePeriod{Value: 500000},
+ Quota: &DomainCPUTuneQuota{Value: -1},
+ },
+ },
+ Expected: []string{
+ `<domain>`,
+ ` <name>test</name>`,
+ ` <cputune>`,
+ ` <shares>1024</shares>`,
+ ` <period>500000</period>`,
+ ` <quota>-1</quota>`,
+ ` </cputune>`,
+ `</domain>`,
+ },
+ },
/* Tests for sub-documents that can be hotplugged */
{
--
2.13.6
6 years, 6 months
[libvirt] [PATCH go-xml] Add bootp option to NetworkDHCP
by Michal Rostecki
From: Michal Rostecki <michal.rostecki(a)gmail.com>
Support specyfing concrete file and TFTP server
for PXE boot.
Signed-off-by: Michal Rostecki <michal.rostecki(a)gmail.com>
---
network.go | 6 ++++++
network_test.go | 7 +++++++
2 files changed, 13 insertions(+)
diff --git a/network.go b/network.go
index 32f125a..10c4dfc 100644
--- a/network.go
+++ b/network.go
@@ -78,9 +78,15 @@ type NetworkDHCPHost struct {
IP string `xml:"ip,attr,omitempty"`
}
+type NetworkBootp struct {
+ File string `xml:"file,attr,omitempty"`
+ Server string `xml:"server,attr,omitempty"`
+}
+
type NetworkDHCP struct {
Ranges []NetworkDHCPRange `xml:"range"`
Hosts []NetworkDHCPHost `xml:"host"`
+ Bootp []NetworkBootp `xml:"bootp"`
}
type NetworkIP struct {
diff --git a/network_test.go b/network_test.go
index b1bd168..3efb278 100644
--- a/network_test.go
+++ b/network_test.go
@@ -100,6 +100,12 @@ var networkTestData = []struct {
IP: "192.168.122.10",
},
},
+ Bootp: []NetworkBootp{
+ NetworkBootp{
+ File: "pxelinux.0",
+ Server: "192.168.122.1",
+ },
+ },
},
},
NetworkIP{
@@ -179,6 +185,7 @@ var networkTestData = []struct {
` <dhcp>`,
` <range start="192.168.122.2" end="192.168.122.254"></range>`,
` <host mac="00:16:3e:77:e2:ed" name="foo.example.com" ip="192.168.122.10"></host>`,
+ ` <bootp file="pxelinux.0" server="192.168.122.1"></bootp>`,
` </dhcp>`,
` </ip>`,
` <ip address="2001:db8:ca2:2::1" family="ipv6" prefix="64">`,
--
2.13.6
6 years, 6 months
[libvirt] [PATCH go-xml] Add address support for memory device
by zhenwei.pi
Add Base element for DomainAddress.
Add address element for DomainMemorydev.
Add test code for new DomainMemorydev.
Signed-off-by: zhenwei.pi <zhenwei.pi(a)youruncloud.com>
---
domain.go | 2 ++
domain_test.go | 9 +++++++++
2 files changed, 11 insertions(+)
diff --git a/domain.go b/domain.go
index bacab11..3d9404f 100644
--- a/domain.go
+++ b/domain.go
@@ -297,6 +297,7 @@ type DomainAddress struct {
Function *HexUint `xml:"function,attr"`
Target *uint `xml:"target,attr"`
Unit *uint `xml:"unit,attr"`
+ Base *HexUint `xml:"base,attr"`
}
type DomainConsole struct {
@@ -450,6 +451,7 @@ type DomainMemorydev struct {
Model string `xml:"model,attr"`
Access string `xml:"access,attr"`
Target *DomainMemorydevTarget `xml:"target"`
+ Address *DomainAddress `xml:"address"`
}
type DomainDeviceList struct {
diff --git a/domain_test.go b/domain_test.go
index dbebe42..cbc5d7f 100644
--- a/domain_test.go
+++ b/domain_test.go
@@ -66,6 +66,9 @@ var vcpuId0 uint = 0
var vcpuOrder0 uint = 1
var vcpuId1 uint = 1
+var memorydevAddressSlot HexUint = 0
+var memorydevAddressBase HexUint = 4294967296
+
var domainTestData = []struct {
Object Document
Expected []string
@@ -385,6 +388,11 @@ var domainTestData = []struct {
Value: 0,
},
},
+ Address: &DomainAddress{
+ Type: "dimm",
+ Slot: &memorydevAddressSlot,
+ Base: &memorydevAddressBase,
+ },
},
},
},
@@ -434,6 +442,7 @@ var domainTestData = []struct {
` <size unit="GiB">1</size>`,
` <node>0</node>`,
` </target>`,
+ ` <address type="dimm" slot="0" base="4294967296"></address>`,
` </memory>`,
` </devices>`,
`</domain>`,
--
2.7.4
6 years, 6 months
[libvirt] [PATCH v2] spec: Restart libvirtd in posttrans
by Jiri Denemark
When upgrading libvirt packages, there's no strict ordering for the
installation or removal of the individual libvirt sub packages. Thus
libvirt-daemon may be upgraded (and its %postun scriptlet) started
before all sub packages with driver libraries are upgraded. When
libvirt-daemon's %postun scriptlet restarts the daemon old drivers may
still be laying around and the daemon may crash when it tries to use
them.
Let's restart the daemon in %posttrans to make sure libvirtd is
restarted only after all sub packages are at the same version.
https://bugzilla.redhat.com/show_bug.cgi?id=1464300
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
libvirt.spec.in | 37 ++++++++++++++++++++++++++++++-------
1 file changed, 30 insertions(+), 7 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 0123d0655..b00689cab 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1516,6 +1516,10 @@ fi
/sbin/chkconfig --add virtlockd
%endif
+# request daemon restart in posttrans
+mkdir -p %{_localstatedir}/lib/rpm-state/libvirt || :
+touch %{_localstatedir}/lib/rpm-state/libvirt/restart || :
+
%preun daemon
%if %{with_systemd}
%if %{with_systemd_macros}
@@ -1554,13 +1558,11 @@ fi
if [ $1 -ge 1 ] ; then
/bin/systemctl reload-or-try-restart virtlockd.service >/dev/null 2>&1 || :
/bin/systemctl reload-or-try-restart virtlogd.service >/dev/null 2>&1 || :
- /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
fi
%else
if [ $1 -ge 1 ]; then
/sbin/service virtlockd reload > /dev/null 2>&1 || :
/sbin/service virtlogd reload > /dev/null 2>&1 || :
- /sbin/service libvirtd condrestart > /dev/null 2>&1
fi
%endif
@@ -1570,7 +1572,6 @@ fi
if [ "$1" -ge "1" ]; then
/sbin/service virtlockd reload > /dev/null 2>&1 || :
/sbin/service virtlogd reload > /dev/null 2>&1 || :
- /sbin/service libvirtd condrestart > /dev/null 2>&1
fi
%endif
@@ -1593,6 +1594,16 @@ if [ $1 -ge 1 ] ; then
%endif
fi
+%posttrans daemon
+if [ -f %{_localstatedir}/lib/rpm-state/libvirt/restart ]; then
+%if %{with_systemd}
+ /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
+%else
+ /sbin/service libvirtd condrestart > /dev/null 2>&1 || :
+%endif
+fi
+rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
+
%post daemon-config-network
if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ; then
# see if the network used by default network creates a conflict,
@@ -1631,23 +1642,35 @@ if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ;
ln -s ../default.xml %{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
# Make sure libvirt picks up the new network defininiton
+ mkdir -p %{_localstatedir}/lib/rpm-state/libvirt || :
+ touch %{_localstatedir}/lib/rpm-state/libvirt/restart || :
+fi
+
+%posttrans daemon-config-network
+if [ -f %{_localstatedir}/lib/rpm-state/libvirt/restart ]; then
%if %{with_systemd}
- /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 ||:
+ /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
%else
/sbin/service libvirtd condrestart > /dev/null 2>&1 || :
%endif
-
fi
-
+rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
%post daemon-config-nwfilter
cp %{_datadir}/libvirt/nwfilter/*.xml %{_sysconfdir}/libvirt/nwfilter/
# Make sure libvirt picks up the new nwfilter defininitons
+mkdir -p %{_localstatedir}/lib/rpm-state/libvirt || :
+touch %{_localstatedir}/lib/rpm-state/libvirt/restart || :
+
+%posttrans daemon-config-nwfilter
+if [ -f %{_localstatedir}/lib/rpm-state/libvirt/restart ]; then
%if %{with_systemd}
- /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 ||:
+ /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
%else
/sbin/service libvirtd condrestart > /dev/null 2>&1 || :
%endif
+fi
+rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
%if %{with_systemd}
--
2.14.3
6 years, 6 months
[libvirt] [PATCH dbus v2] Run system instance as an unprivileged user account
by Daniel P. Berrange
There is no reason for the libvirt-dbus daemon to require root privileges. All
it actually needs is ability to connect to libvirtd, which can be achieved by
dropping in a polkit configuration file
Now a libvirt connection to the system bus gives you privileges equivalent to
root, so this doesn't really improve security on its own. It relies on there
being a dbus policy that prevents users from issuing elevated APIs.
For example, a DBus policy could allow non-root users to list VMs on the
system bus and get their status (aka virsh list equiv). In this case, the
security isolation does give some benefit.
Security can be further improved if the admin uses the libvirt polkit file to
restrict what libvirt-dbus is permitted to do.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
configure.ac | 5 ++++
data/Makefile.am | 33 ++++++++++++++++++----
data/system/libvirt-dbus.rules.in | 8 ++++++
.../{org.libvirt.conf => org.libvirt.conf.in} | 5 +++-
data/system/org.libvirt.service.in | 2 +-
libvirt-dbus.spec.in | 9 ++++++
src/main.c | 8 ++++++
7 files changed, 62 insertions(+), 8 deletions(-)
create mode 100644 data/system/libvirt-dbus.rules.in
rename data/system/{org.libvirt.conf => org.libvirt.conf.in} (87%)
diff --git a/configure.ac b/configure.ac
index 228ea11..aef3d37 100644
--- a/configure.ac
+++ b/configure.ac
@@ -70,6 +70,11 @@ else
fi
AC_SUBST(DBUS_SYSTEM_POLICIES_DIR)
+LIBVIRT_ARG_WITH([SYSTEM_USER], [username to run system instance as],
+ ['libvirtdbus'])
+SYSTEM_USER=$with_system_user
+AC_SUBST([SYSTEM_USER])
+
AC_OUTPUT(Makefile
data/Makefile
src/Makefile
diff --git a/data/Makefile.am b/data/Makefile.am
index 58e855f..3f27b02 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -9,18 +9,28 @@ system_servicedir = $(DBUS_SYSTEM_SERVICES_DIR)
system_service_DATA = $(system_service_in_files:.service.in=.service)
system_policy_files = \
- system/org.libvirt.conf
+ system/org.libvirt.conf.in
system_policydir = $(DBUS_SYSTEM_POLICIES_DIR)
-system_policy_DATA = $(system_policy_files)
+system_policy_DATA = $(system_policy_files:.conf.in=.conf)
+
+polkit_files = \
+ system/libvirt-dbus.rules.in
+polkit_policydir = $(sysconfdir)/polkit-1/rules.d
+polkit_policy_DATA = $(polkit_files:.rules.in=.rules)
EXTRA_DIST = \
$(service_in_files) \
$(system_service_in_files) \
- $(system_policy_files)
+ $(system_policy_files) \
+ $(polkit_files) \
+ $(NULL)
CLEANFILES = \
$(service_DATA) \
- $(system_service_DATA)
+ $(system_service_DATA) \
+ $(system_policy_DATA) \
+ $(polkit_DATA) \
+ $(NULL)
session/org.libvirt.service: session/org.libvirt.service.in
$(AM_V_GEN)$(MKDIR_P) session && \
@@ -29,5 +39,16 @@ session/org.libvirt.service: session/org.libvirt.service.in
system/org.libvirt.service: system/org.libvirt.service.in
$(AM_V_GEN)$(MKDIR_P) system && \
- sed -e 's|[@]bindir[@]|$(bindir)|g' < $< > $@-t && \
- mv $@-t $@
+ sed -e 's|[@]bindir[@]|$(bindir)|g' \
+ -e 's|[@]SYSTEM_USER[@]|$(SYSTEM_USER)|' \
+ < $< > $@-t && mv $@-t $@
+
+system/org.libvirt.conf: system/org.libvirt.conf.in
+ $(AM_V_GEN)$(MKDIR_P) system && \
+ sed -e 's|[@]SYSTEM_USER[@]|$(SYSTEM_USER)|' \
+ < $< > $@-t && mv $@-t $@
+
+system/libvirt-dbus.rules: system/libvirt-dbus.rules.in
+ $(AM_V_GEN)$(MKDIR_P) system && \
+ sed -e 's|[@]SYSTEM_USER[@]|$(SYSTEM_USER)|' \
+ < $< > $@-t && mv $@-t $@
diff --git a/data/system/libvirt-dbus.rules.in b/data/system/libvirt-dbus.rules.in
new file mode 100644
index 0000000..4eb4ee1
--- /dev/null
+++ b/data/system/libvirt-dbus.rules.in
@@ -0,0 +1,8 @@
+// Allow libvirt-dbus running in dedicated account to use libvirt
+
+polkit.addRule(function(action, subject) {
+ if (action.id == "org.libvirt.unix.manage" &&
+ subject.user == "@SYSTEM_USER@") {
+ return polkit.Result.YES;
+ }
+});
diff --git a/data/system/org.libvirt.conf b/data/system/org.libvirt.conf.in
similarity index 87%
rename from data/system/org.libvirt.conf
rename to data/system/org.libvirt.conf.in
index 5cbc732..fe61b70 100644
--- a/data/system/org.libvirt.conf
+++ b/data/system/org.libvirt.conf.in
@@ -4,8 +4,11 @@
<busconfig>
- <policy user="root">
+ <policy user="@SYSTEM_USER@">
<allow own="org.libvirt"/>
+ </policy>
+
+ <policy user="root">
<allow send_destination="org.libvirt"/>
</policy>
diff --git a/data/system/org.libvirt.service.in b/data/system/org.libvirt.service.in
index 08d32a2..0d3abdd 100644
--- a/data/system/org.libvirt.service.in
+++ b/data/system/org.libvirt.service.in
@@ -1,4 +1,4 @@
[D-BUS Service]
Name=org.libvirt
Exec=@bindir@/libvirt-dbus --system
-User=root
+User=@SYSTEM_USER@
diff --git a/libvirt-dbus.spec.in b/libvirt-dbus.spec.in
index 5be4c22..572300f 100644
--- a/libvirt-dbus.spec.in
+++ b/libvirt-dbus.spec.in
@@ -19,6 +19,7 @@ BuildRequires: systemd-devel >= %{systemd_version}
Requires: libvirt-libs >= %{libvirt_version}
Requires: systemd-libs >= %{systemd_version}
+Requires(pre): shadow-utils
%description
This package provides integration between libvirt and the DBus
@@ -37,9 +38,17 @@ rm -rf $RPM_BUILD_ROOT
%clean
rm -rf $RPM_BUILD_ROOT
+%pre
+getent group libvirtdbus >/dev/null || groupadd -r libvirtdbus
+getent passwd libvirtdbus >/dev/null || \
+ useradd -r -g libvirtdbus -d / -s /sbin/nologin \
+ -c "Libvirt DBus bridge" libvirtdbus
+exit 0
+
%files
%defattr(-,root,root,-)
%doc README COPYING AUTHORS NEWS
+%{_sysconfdir}/polkit-1/rules.d/libvirt-dbus.rules
%{_bindir}/libvirt-dbus
%{_datadir}/dbus-1/services/org.libvirt.service
%{_datadir}/dbus-1/system-services/org.libvirt.service
diff --git a/src/main.c b/src/main.c
index a6a0212..225fb46 100644
--- a/src/main.c
+++ b/src/main.c
@@ -143,6 +143,14 @@ main(int argc, char *argv[])
}
}
+ if (uri == NULL) {
+ if (system_bus) {
+ uri = "qemu:///system";
+ } else {
+ uri = "qemu:///session";
+ }
+ }
+
sigemptyset(&mask);
sigaddset(&mask, SIGTERM);
sigaddset(&mask, SIGINT);
--
2.13.6
6 years, 6 months
[libvirt] [PATCH v2 0/3] Allow users to define UUID for devices
by Michal Privoznik
v2 of:
https://www.redhat.com/archives/libvir-list/2017-September/msg01077.html
diff to v1:
- Switched from arbitrary string to UUID
- Moved UUID to separate element
- Added docs
Michal Privoznik (3):
virDomainDeviceInfoParseXML: Separate address parsing into separate
func
virDomainDeviceInfoParseXML: Clear whole @info on failure
conf: Allow users to define UUID for devices
docs/formatdomain.html.in | 21 +++
docs/schemas/domaincommon.rng | 21 ++-
src/conf/device_conf.c | 1 +
src/conf/device_conf.h | 1 +
src/conf/domain_conf.c | 201 ++++++++++++---------
tests/genericxml2xmlindata/generic-device-uuid.xml | 31 ++++
tests/genericxml2xmltest.c | 1 +
7 files changed, 189 insertions(+), 88 deletions(-)
create mode 100644 tests/genericxml2xmlindata/generic-device-uuid.xml
--
2.13.5
6 years, 6 months
