[libvirt] RFC: how to help to detect backing chain when no backing format info in images
by Nikolay Shirokovskiy
I create transient domain with disk based on qcow2 image with 2 backing images.
I specify qcow2 format explicitly for the top image and omit the backing
chain in xml for create becase libvirt does not utilize this data anyway.
Top image and its backing file don't have backing file format information
and format autodetection is off by default thus I get wrong backing chain
for the disk. Second image have format raw and there is no third backing
image obviously.
How can I get correct backing chain in domain xml in this case? I don't
want to set backing file format on this images because they are backup
images and I don't want to touch them in any way. Can we add option
to create API not to drop backing chain info that I can specify
on start? (Drop is forced on start in qemuDomainDetermineDiskChain)
7 years, 1 month
[libvirt] [PATCH] qemu: treat iso images as raw
by Nikolay Shirokovskiy
if image format probing is on and image format of iso file
is not specified qemu fail to start a domain or change disk
media giving errors like [1]. The problem is format is being
detected as 'iso' and qemu expect format to be raw for iso
images.
It makes sense to me because iso refers to filesystem format
in image not image format itself. Thus let's just convert
iso to raw in case of qemu.
There is a similar patch for storage pools - 0e5db762.
[1] Unknown driver 'iso'
---
ISO as image format was added right at the beginning by e266ded2f
without any further comments. Maybe we just can drop ISO from image
formats entirely as it is not image format or some hypervisors
treat it in a special way?
src/qemu/qemu_domain.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index c7c9e94..3da9271 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -6023,8 +6023,13 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr driver,
if (virStorageFileGetMetadata(disk->src,
uid, gid,
cfg->allowDiskFormatProbing,
- report_broken) < 0)
+ report_broken) < 0) {
ret = -1;
+ goto cleanup;
+ }
+
+ if (virDomainDiskGetFormat(disk) == VIR_STORAGE_FILE_ISO)
+ virDomainDiskSetFormat(disk, VIR_STORAGE_FILE_RAW);
cleanup:
virObjectUnref(cfg);
--
1.8.3.1
7 years, 1 month
[libvirt] [PATCH 0/4] misc virt-aa-helper fixes
by Christian Ehrhardt
Hi,
this was mostly created by clearing old libvirt bugs in Ubuntu.
USB passthrough so far often used workarounds but can be fixed in
virt-aa-helper.
I have some more changes planned but these seem to become longer term
activities so I didn't want to postpone those easier ones due to that and
submit them today.
Christian Ehrhardt (4):
virt-aa-helper: fix paths for usb hostdevs
virt-aa-helper: fix libusb access to udev usb data
virt-aa-helper: allow spaces in vm names
virt-aa-helper: put static rules in quotes
examples/apparmor/libvirt-qemu | 3 +++
src/security/virt-aa-helper.c | 12 ++++++++----
2 files changed, 11 insertions(+), 4 deletions(-)
--
2.7.4
7 years, 1 month
[libvirt] [PATCH] virt-aa-helper: grant locking permission on -f
by Christian Ehrhardt
Hot-adding disks does not parse the full XML to generate apparmor rules.
Instead it uses -f <PATH> to append a generic rule for that file path.
580cdaa7: "virt-aa-helper: locking disk files for qemu 2.10" implemented
the qemu 2.10 requirement to allow locking on disks images that are part of
the domain xml.
But on attach-device a user will still trigger an apparmor deny by going
through virt-aa-helper -f, to fix that add the lock "k" permission to the
append file case of virt-aa-helper.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
src/security/virt-aa-helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index ef1bf01..ee3913d 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1157,7 +1157,7 @@ get_files(vahControl * ctl)
}
if (ctl->newfile)
- if (vah_add_file(&buf, ctl->newfile, "rw") != 0)
+ if (vah_add_file(&buf, ctl->newfile, "rwk") != 0)
goto cleanup;
if (virBufferError(&buf)) {
@@ -1341,7 +1341,7 @@ main(int argc, char **argv)
vah_error(ctl, 1, _("profile exists"));
if (ctl->append && ctl->newfile) {
- if (vah_add_file(&buf, ctl->newfile, "rw") != 0)
+ if (vah_add_file(&buf, ctl->newfile, "rwk") != 0)
goto cleanup;
} else {
if (ctl->def->virtType == VIR_DOMAIN_VIRT_QEMU ||
--
2.7.4
7 years, 1 month
[libvirt] [PATCH] virt-aa-helper: fix libusb access to udev usb descriptions
by Christian Ehrhardt
In bf3a4140 "virt-aa-helper: fix libusb access to udev usb data" the
libusb access to properly detect the device/bus ids was fixed.
The path /run/udev/data/+usb* contains a subset of that information we
already allow to be read and are currently not needed for the function
qemu needs libusb for. But on the init of libusb all those files are
still read so a lot of apparmor denials can be seen when using usb host
devices, like:
apparmor="DENIED" operation="open" name="/run/udev/data/+usb:2-1.2:1.0"
comm="qemu-system-x86" requested_mask="r" denied_mask="r"
Today we could silence the warnings with a deny rule without breaking
current use cases. But since the data in there is only a subset of those
it can read already it is no additional information exposure. And on the
other hand a future udev/libusb/qemu combination might need it so allow
the access in the default apparmor profile.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
examples/apparmor/libvirt-qemu | 1 +
1 file changed, 1 insertion(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index b341e31..97dd2d4 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -32,6 +32,7 @@
# libusb needs udev data about usb devices (~equal to content of lsusb -v)
/run/udev/data/c16[6,7]* r,
/run/udev/data/c18[0,8,9]* r,
+ /run/udev/data/+usb* r,
# WARNING: this gives the guest direct access to host hardware and specific
# portions of shared memory. This is required for sound using ALSA with kvm,
--
2.7.4
7 years, 1 month
[libvirt] Libvirt xl to xml converter only picks up first occurrence of an option
by Wei Liu
Hi Jim
I discovered that libvirt's native config file to xml converter for
libxl only pick up the first occurrence of an option.
For example in a xl cfg file:
extra = "abc"
...
extra = "def"
xl will pick up "def" because that shows up later and takes precedence,
while the converter picks up "abc".
I think this is a bug in the converter and should be fixed.
Thanks
Wei.
7 years, 1 month
[libvirt] [PATCH] conf: Avoid leaking blockers from virDomainCapsCPUModel
by Jiri Denemark
When adding CPU usability blockers I forgot to properly free them when
in virDomainCapsCPUModelsDispose.
Reported-by: Marc Hartmayer <mhartmay(a)linux.vnet.ibm.com>
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/conf/domain_capabilities.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 729d905e2..7f96ff386 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -94,8 +94,10 @@ virDomainCapsCPUModelsDispose(void *obj)
virDomainCapsCPUModelsPtr cpuModels = obj;
size_t i;
- for (i = 0; i < cpuModels->nmodels; i++)
+ for (i = 0; i < cpuModels->nmodels; i++) {
VIR_FREE(cpuModels->models[i].name);
+ virStringListFree(cpuModels->models[i].blockers);
+ }
VIR_FREE(cpuModels->models);
}
--
2.14.3
7 years, 1 month
[libvirt] [PATCH 0/2] Further Increase default file handle limits
by Christian Ehrhardt
In 27cd7635 new default limits were set:
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Wed Mar 15 16:51:51 2017 +0000
Increase default file handle limits for daemons
But I faced some constraints with these values and think it is time to
reconsider the defaults to only have to be tweaked in really uncommon cases.
Christian Ehrhardt (2):
Increase default file handle limits for virtlogd
Increase default file handle limits for virtlockd
src/locking/virtlockd.service.in | 4 ++--
src/logging/virtlogd.service.in | 6 ++++--
2 files changed, 6 insertions(+), 4 deletions(-)
--
2.7.4
7 years, 1 month
[libvirt] [PATCH] docs: Drop mention that WWN for disks must be unique
by Peter Krempa
For multipath disks it might be useful to have the same WWN for multiple
disks. It's the users choice to do so. Since we dropped the check that
disallows using duplicate WWNs drop the docs as well.
https://bugzilla.redhat.com/show_bug.cgi?id=1464975
---
Pushed as trivial.
docs/formatdomain.html.in | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 4609e2ec2..4f28dce35 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -3184,8 +3184,7 @@
<dt><code>wwn</code></dt>
<dd>If present, this element specifies the WWN (World Wide Name)
of a virtual hard disk or CD-ROM drive. It must be composed
- of 16 hexadecimal digits and must be unique (at least among
- disks of a single domain)
+ of 16 hexadecimal digits.
<span class='since'>Since 0.10.1</span>
</dd>
<dt><code>vendor</code></dt>
--
2.13.6
7 years, 1 month