[libvirt] [PATCH] security: Don't skip relabel for all chardevs
by Michal Privoznik
Our commit e13e8808f9 was way too generic. Currently, virtlogd is
used only for chardevs type of file and nothing else. True, we
must not relabel the path in this case, but we have to in all
other cases. For instance, if you want to have a physical console
attached to your guest:
<console type='dev'>
<source path='/dev/ttyS0'/>
<target type='virtio' port='1'/>
</console>
Starting such domain fails because qemu doesn't have access to
/dev/ttyS0 because we haven't relabelled the path.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/security_dac.c | 8 ++++++--
src/security/security_selinux.c | 8 ++++++--
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 79941f480..ca7a6af6d 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1179,7 +1179,9 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
if (chr_seclabel && !chr_seclabel->relabel)
return 0;
- if (!chr_seclabel && chardevStdioLogd)
+ if (!chr_seclabel &&
+ dev_source->type == VIR_DOMAIN_CHR_TYPE_FILE &&
+ chardevStdioLogd)
return 0;
if (chr_seclabel && chr_seclabel->label) {
@@ -1261,7 +1263,9 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr,
if (chr_seclabel && !chr_seclabel->relabel)
return 0;
- if (!chr_seclabel && chardevStdioLogd)
+ if (!chr_seclabel &&
+ dev_source->type == VIR_DOMAIN_CHR_TYPE_FILE &&
+ chardevStdioLogd)
return 0;
switch ((virDomainChrType) dev_source->type) {
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 26137f6d8..2e3082b7a 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2199,7 +2199,9 @@ virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr,
if (chr_seclabel && !chr_seclabel->relabel)
return 0;
- if (!chr_seclabel && chardevStdioLogd)
+ if (!chr_seclabel &&
+ dev_source->type == VIR_DOMAIN_CHR_TYPE_FILE &&
+ chardevStdioLogd)
return 0;
if (chr_seclabel)
@@ -2274,7 +2276,9 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityManagerPtr mgr,
if (chr_seclabel && !chr_seclabel->relabel)
return 0;
- if (!chr_seclabel && chardevStdioLogd)
+ if (!chr_seclabel &&
+ dev_source->type == VIR_DOMAIN_CHR_TYPE_FILE &&
+ chardevStdioLogd)
return 0;
switch (dev_source->type) {
--
2.13.0
7 years, 6 months
[libvirt] [PATCH] qemu: Remove duplicated code in qemuBuildSerialChrDeviceStr()
by Andrea Bolognani
The call to qemuBuildDeviceAddressStr() happens no matter
what, so we can move it outside of the switch. We can also
move the call to virBufferAsprintf() closer to it to avoid
having formatting - error checking - more formatting.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/qemu/qemu_command.c | 20 +++++++-------------
1 file changed, 7 insertions(+), 13 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index c53ab97..9bb0163 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -10296,10 +10296,6 @@ qemuBuildSerialChrDeviceStr(char **deviceStr,
goto error;
}
} else {
- virBufferAsprintf(&cmd, "%s,chardev=char%s,id=%s",
- virDomainChrSerialTargetTypeToString(serial->targetType),
- serial->info.alias, serial->info.alias);
-
switch (serial->targetType) {
case VIR_DOMAIN_CHR_SERIAL_TARGET_TYPE_USB:
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_USB_SERIAL)) {
@@ -10314,9 +10310,6 @@ qemuBuildSerialChrDeviceStr(char **deviceStr,
_("usb-serial requires address of usb type"));
goto error;
}
-
- if (qemuBuildDeviceAddressStr(&cmd, def, &serial->info, qemuCaps) < 0)
- goto error;
break;
case VIR_DOMAIN_CHR_SERIAL_TARGET_TYPE_ISA:
@@ -10326,9 +10319,6 @@ qemuBuildSerialChrDeviceStr(char **deviceStr,
_("isa-serial requires address of isa type"));
goto error;
}
-
- if (qemuBuildDeviceAddressStr(&cmd, def, &serial->info, qemuCaps) < 0)
- goto error;
break;
case VIR_DOMAIN_CHR_SERIAL_TARGET_TYPE_PCI:
@@ -10344,11 +10334,15 @@ qemuBuildSerialChrDeviceStr(char **deviceStr,
_("pci-serial requires address of pci type"));
goto error;
}
-
- if (qemuBuildDeviceAddressStr(&cmd, def, &serial->info, qemuCaps) < 0)
- goto error;
break;
}
+
+ virBufferAsprintf(&cmd, "%s,chardev=char%s,id=%s",
+ virDomainChrSerialTargetTypeToString(serial->targetType),
+ serial->info.alias, serial->info.alias);
+
+ if (qemuBuildDeviceAddressStr(&cmd, def, &serial->info, qemuCaps) < 0)
+ goto error;
}
if (virBufferCheckError(&cmd) < 0)
--
2.7.5
7 years, 6 months
[libvirt] [PATCH] tests: virstoragetest: fix --without-yajl
by Cole Robinson
Recently added JSON tests should be skipped if compiled --without-yajl
https://bugzilla.redhat.com/show_bug.cgi?id=1463435
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
tests/virstoragetest.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c
index 6c1287380..f34408395 100644
--- a/tests/virstoragetest.c
+++ b/tests/virstoragetest.c
@@ -1359,6 +1359,8 @@ mymain(void)
"<source protocol='nbd' name='blah'>\n"
" <host name='example.org' port='6000'/>\n"
"</source>\n");
+
+#ifdef WITH_YAJL
TEST_BACKING_PARSE("json:", NULL);
TEST_BACKING_PARSE("json:asdgsdfg", NULL);
TEST_BACKING_PARSE("json:{}", NULL);
@@ -1573,6 +1575,7 @@ mymain(void)
"<source protocol='sheepdog' name='test'>\n"
" <host name='example.com' port='321'/>\n"
"</source>\n");
+#endif /* WITH_YAJL */
cleanup:
/* Final cleanup */
--
2.13.0
7 years, 6 months
[libvirt] [PATCH 0/7] Add new APIs to edit xml configuration of managed save state of a domain
by Kothapally Madhu Pavan
managedsave command offloads the user from managing the save state file.
It does not need the user to specify saved state file location, all it takes
is domain name to identify. This makes it much more comfortable to use in
emergency where immediate shutdowm is needed. But it doesn't provide a way
to edit XML description of the save state file without user going through an
extra effort to search manually where the file actually exists.
The series aims to overcome the above constraints by adding new APIs and
commands to seemlessly edit the managed save state XML description using
just the domain name. The Patches mainly make use of the save-image-edit
code flow only to simplify the above use case.
This patch set provides capability to Dump and Edit the XML configuration
associated with a saved state file of a domain which was created by the
managedsave command.
The new command carry the similar options as the save-image-<XXX> commands
to change the running state as to paused state or running on start.
This is equivalent to:
virsh managedsave-dumpxml domain-name > state-file.xml
vi state-file.xml (or make changes with your other text editor)
virsh managedsave-define domain-name state-file-xml
or you can simply use:
virsh managedsave-edit domain-name
It is always better when we get more.
Kothapally Madhu Pavan (7):
lib: Add API to dump xml configuration of managed save state domain
lib: Add API to edit domain's managed save state xml configuration
qemu: Implement qemuDomainManagedSaveGetXMLDesc
qemu: Implement qemuDomainManagedSaveDefineXML
virsh: Implement managedsave-define command
virsh: Implement managedsave-dumpxml command
virsh: Implement managedsave-edit command
include/libvirt/libvirt-domain.h | 6 ++
src/driver-hypervisor.h | 11 +++
src/libvirt-domain.c | 107 ++++++++++++++++++++
src/libvirt_public.syms | 6 ++
src/qemu/qemu_driver.c | 78 +++++++++++++++
src/remote/remote_driver.c | 2 +
src/remote/remote_protocol.x | 31 +++++-
src/remote_protocol-structs | 14 +++
tools/virsh-domain.c | 207 +++++++++++++++++++++++++++++++++++++++
tools/virsh.pod | 41 ++++++++
10 files changed, 502 insertions(+), 1 deletion(-)
--
1.8.3.1
7 years, 6 months
[libvirt] [PATCH] qemu: Do not skip virCPUUpdateLive if priv->origCPU is set
by Jiri Denemark
Even though we got both the original CPU (used for starting a domain)
and the updated version (the CPU really provided by QEMU) during
incoming migration, restore, or snapshot revert, we still need to update
the CPU according to the data we got from the freshly started QEMU.
Otherwise we don't know whether the CPU we got from QEMU matches the one
before migration. We just need to keep the original CPU in
priv->origCPU.
Messed up by me in v3.4.0-58-g8e34f4781.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/qemu/qemu_process.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 63119396b..d669dfb32 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3989,20 +3989,16 @@ qemuProcessUpdateLiveGuestCPU(virQEMUDriverPtr driver,
if (qemuProcessVerifyCPUFeatures(def, cpu) < 0)
goto cleanup;
- /* Don't update the CPU if we already did so when starting a domain
- * during migration, restore or snapshot revert. */
- if (priv->origCPU) {
- ret = 0;
- goto cleanup;
- }
-
if (!(orig = virCPUDefCopy(def->cpu)))
goto cleanup;
if ((rc = virCPUUpdateLive(def->os.arch, def->cpu, cpu, disabled)) < 0) {
goto cleanup;
} else if (rc == 0) {
- if (!virCPUDefIsEqual(def->cpu, orig, false))
+ /* Store the original CPU in priv if QEMU changed it and we didn't
+ * get the original CPU via migration, restore, or snapshot revert.
+ */
+ if (!priv->origCPU && !virCPUDefIsEqual(def->cpu, orig, false))
VIR_STEAL_PTR(priv->origCPU, orig);
def->cpu->check = VIR_CPU_CHECK_FULL;
--
2.13.1
7 years, 6 months
[libvirt] [PATCH] qemuProcessBuildDestroyHugepagesPath: Don't warn on destroying non-existent path
by Michal Privoznik
This function is called unconditionally from qemuProcessStop to
make sure we leave no dangling dirs behind. However, whenever the
directory we want to rmdir() is not there (e.g. because it hasn't
been created in the first place because domain doesn't use
hugepages at all), we produce a warning like this:
2017-06-20 15:58:23.615+0000: 32638: warning :
qemuProcessBuildDestroyHugepagesPath:3363 : Unable to remove
hugepage path: /dev/hugepages/libvirt/qemu/1-instance-00000001
(errno=2)
Fix this by not producing the warning on ENOENT.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_process.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index fa9990e5d..3b7f20be4 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3358,7 +3358,8 @@ qemuProcessBuildDestroyHugepagesPath(virQEMUDriverPtr driver,
goto cleanup;
}
} else {
- if (rmdir(hugepagePath) < 0)
+ if (rmdir(hugepagePath) < 0 &&
+ errno != ENOENT)
VIR_WARN("Unable to remove hugepage path: %s (errno=%d)",
hugepagePath, errno);
}
--
2.13.0
7 years, 6 months
[libvirt] [RFC] duplicate suspend/resume lifecycle events with QEMU
by Philipp Hahn
Hello,
I'm using the libvirt event mechanism and noticed, that several events
are reported twice:
> $ python examples/event-test.py qemu:///session
> Using uri:qemu:///session
> myDomainEventCallback1 EVENT: Domain installer(2) Resumed Unpaused
> myDomainEventCallback2 EVENT: Domain installer(2) Resumed Unpaused
> myDomainEventCallback1 EVENT: Domain installer(2) Resumed Unpaused
> myDomainEventCallback2 EVENT: Domain installer(2) Resumed Unpaused
> myDomainEventCallback1 EVENT: Domain installer(2) Suspended Paused
> myDomainEventCallback2 EVENT: Domain installer(2) Suspended Paused
> myDomainEventCallback1 EVENT: Domain installer(2) Suspended Paused
> myDomainEventCallback2 EVENT: Domain installer(2) Suspended Paused
> myDomainEventCallback1 EVENT: Domain installer(-1) Stopped Destroyed
> myDomainEventCallback2 EVENT: Domain installer(-1) Stopped Destroyed
(the Python example program registers 2 handlers, so each event is
printed twice, but each handler gets the suspend/resume event twice itself.)
Interestingly enough it only "suspend" and "resume", but not "created"
or "destroyed".
But it isn't Python specific, virsh shows the same behaviour:
> $ virsh event --loop --event lifecycle
> event 'lifecycle' for domain installer: Started Booted
> event 'lifecycle' for domain installer: Suspended Paused
> event 'lifecycle' for domain installer: Resumed Unpaused
> event 'lifecycle' for domain installer: Resumed Unpaused
> event 'lifecycle' for domain installer: Suspended Paused
> event 'lifecycle' for domain installer: Suspended Paused
> event 'lifecycle' for domain installer: Stopped Destroyed
After shutting down libvirtd I used `socat stdio unix-connect:...` to
connect the the qemu UNIX socket and used
{"execute": "stop"}
and
{"execute": "cont"}
to verify, that QEMU only send one event. So to me it looks like libvirt
is duplicating the event.
Enabling DEBUG for »log_filters="1:qemu_monitor_json"« shows noting
wrong with QEMU:
> qemuMonitorJSONCommandWithFd:286 : Send command '{"execute":"cont","id":"libvirt-9"}' for write with FD -1
> qemuMonitorSend:972 : QEMU_MONITOR_SEND_MSG: mon=0x7f1940000910 msg={"execute":"cont","id":"libvirt-9"}
> fd=-1
> qemuMonitorIOWrite:503 : QEMU_MONITOR_IO_WRITE: mon=0x7f1940000910 buf={"execute":"cont","id":"libvirt-9"}
> len=37 ret=37 errno=11
> qemuMonitorIOProcess:399 : QEMU_MONITOR_IO_PROCESS: mon=0x7f1940000910 buf={"timestamp": {"seconds": 1497326279, "microseconds": 688619}, "event": "RESUME"}
> {"return": {}, "id": "libvirt-9"}
> len=118
> qemuMonitorJSONIOProcessLine:179 : Line [{"timestamp": {"seconds": 1497326279, "microseconds": 688619}, "event": "RESUME"}]
> qemuMonitorJSONIOProcessLine:194 : QEMU_MONITOR_RECV_EVENT: mon=0x7f1940000910 event={"timestamp": {"seconds": 1497326279, "microseconds": 688619}, "event": "RESUME"}
> qemuMonitorJSONIOProcessEvent:138 : mon=0x7f1940000910 obj=0x5636fa1f1f00
> qemuMonitorEmitEvent:1186 : mon=0x7f1940000910 event=RESUME
> qemuMonitorJSONIOProcessEvent:165 : handle RESUME handler=0x7f19535903d0 data=(nil)
> qemuMonitorEmitResume:1237 : mon=0x7f1940000910
Looking at src/qemu/qemu_monitor_json.c:qemuMonitorJSONIOProcessEvent:
> 141 qemuMonitorJSONIOProcessEvent(qemuMonitorPtr mon,
> 142 virJSONValuePtr obj)
> 143 {
...
> 170 qemuMonitorEmitEvent(mon, type, seconds, micros, details);
This seems to send the first event
> 171 VIR_FREE(details);
> 172
> 173 handler = bsearch(type, eventHandlers, ARRAY_CARDINALITY(eventHandlers),
> 174 sizeof(eventHandlers[0]), qemuMonitorEventCompare);
> 175 if (handler) {
> 176 VIR_DEBUG("handle %s handler=%p data=%p", type,
> 177 handler->handler, data);
> 178 (handler->handler)(mon, data);
and this the second instance.
> 179 }
> 180 return 0;
> 181 }
Looking deeper into the GIT source code I see this:
> 98 static qemuEventHandler eventHandlers[] = {
...
> 113 { "RESUME", qemuMonitorJSONHandleResume, },
> 544 static void qemuMonitorJSONHandleResume(qemuMonitorPtr mon, virJSONValuePtr data ATTRIBUTE_UNUSED)
> 546 qemuMonitorEmitResume(mon);
...
> 1267 qemuMonitorEmitEvent(qemuMonitorPtr mon, const char *event,
> 1268 long long seconds, unsigned int micros,
> 1269 const char *details)
...
> 1274 QEMU_MONITOR_CALLBACK(mon, ret, domainEvent, mon->vm, event, seconds,
> 1275 micros, details);
...
> 1325 qemuMonitorEmitResume(qemuMonitorPtr mon)
> 1330 QEMU_MONITOR_CALLBACK(mon, ret, domainResume, mon->vm);
but this doesn't yet completely explain, why only some events are
reported twice.
Is there some way to get rid of the duplication (in Python) or at least
to distinguish them, so I can ignore the second one?
I've observed this behaviour with both Debian-Jessie
> Compiled against library: libvirt 1.2.9
> Using library: libvirt 1.2.9
> Using API: QEMU 1.2.9
> Running hypervisor: QEMU 2.6.0
and also with the newer Debian-Sid
> Compiled against library: libvirt 3.0.0
> Using library: libvirt 3.0.0
> Using API: QEMU 3.0.0
> Running hypervisor: QEMU 2.8.1
Thank you in advance.
Philipp
--
Philipp Hahn
Open Source Software Engineer
Univention GmbH
be open.
Mary-Somerville-Str. 1
D-28359 Bremen
Tel.: +49 421 22232-0
Fax : +49 421 22232-99
hahn(a)univention.de
http://www.univention.de/
Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876
7 years, 6 months
[libvirt] [PATCH] Revert "qemu: Check duplicate WWNs also for hotplugged disks"
by Peter Krempa
Similarly to commit 5da28cc3069b573f54f0bcaf8eb75476bcfdc6e9 this check
actually does not make sense since duplicate WWNs are used e.g. when
multipathing disks.
This reverts commit 780fe4e4baf7e2f10f65ba1a34f9274fc547cad2.
---
src/conf/domain_conf.c | 37 -------------------------------------
1 file changed, 37 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 0409c62ef..fdf85d5dd 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -25510,34 +25510,6 @@ virDomainDeviceInfoCheckBootIndex(virDomainDefPtr def ATTRIBUTE_UNUSED,
return 0;
}
-
-/**
- * virDomainDefGetDiskByWWN:
- * @def: domain definition
- * @wwn: wwn of a disk to find
- *
- * Returns a disk definition pointer corresponding to the given WWN identifier
- * or NULL either if @wwn was NULL or if disk with given WWN is not present in
- * the domain definition.
- */
-static virDomainDiskDefPtr
-virDomainDefGetDiskByWWN(virDomainDefPtr def,
- const char *wwn)
-{
- size_t i;
-
- if (!wwn)
- return NULL;
-
- for (i = 0; i < def->ndisks; i++) {
- if (STREQ_NULLABLE(def->disks[i]->wwn, wwn))
- return def->disks[i];
- }
-
- return NULL;
-}
-
-
int
virDomainDefCompatibleDevice(virDomainDefPtr def,
virDomainDeviceDefPtr dev,
@@ -25581,15 +25553,6 @@ virDomainDefCompatibleDevice(virDomainDefPtr def,
}
}
- if (dev->type == VIR_DOMAIN_DEVICE_DISK) {
- if (!!virDomainDefGetDiskByWWN(def, dev->data.disk->wwn)) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("Domain already has a disk with wwn '%s'"),
- dev->data.disk->wwn);
- return -1;
- }
- }
-
return 0;
}
--
2.12.2
7 years, 6 months
[libvirt] [PATCH] qemu: Change coalesce settings on hotplug when they are different
by Martin Kletzander
Part of the condition was reverted so no value update was propagated
through.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1414627
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
Notes:
Pushed as trivial
src/qemu/qemu_hotplug.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 5247c065711d..a486fb4fe334 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3283,8 +3283,8 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
if (!!olddev->coalesce != !!newdev->coalesce ||
(olddev->coalesce && newdev->coalesce &&
- !memcmp(olddev->coalesce, newdev->coalesce,
- sizeof(*olddev->coalesce))))
+ memcmp(olddev->coalesce, newdev->coalesce,
+ sizeof(*olddev->coalesce))))
needCoalesceChange = true;
/* FINALLY - actually perform the required actions */
--
2.13.1
7 years, 6 months