October 2018 - Devel - libvirt List Archives

[libvirt] [RFC] cgroup settings and systemd daemon-reload conflict
by Nikolay Shirokovskiy 03 Oct '18

03 Oct '18

Hi, all. It turns out that systemd daemon-reload reset settings that are managable thru 'systemctl set-property' interface. > virsh schedinfo tst3 | grep global_quota global_quota : -1 > virsh schedinfo tst3 --set global_quota=50000 | grep global_quota global_quota : 50000 > systemctl daemon-reload > virsh schedinfo tst3 | grep global_quota global_quota : -1 This behaviour does not limited to cpu controller, same for blkio for example. I checked different versions of systemd (219 - Feb 15, and quite recent 236 - Dec 17) to make sure it is not kind of bug of old version. So systemd does not play well with direct writes to cgroup parameters that managable thru systemd. Looks like libvirtd needs to use systemd's dbus interface to change all such parameters. I only wonder how this can be unnoticed for such long time (creating cgroup for domain thru systemd - Jul 2013) as daemon-reload is called upon libvirtd package update. May be I miss something? Nikolay

2 4

[libvirt] [glib PATCH 0/2] Add ns to the node's children when setting a custom XML
by Fabiano Fidêncio 03 Oct '18

03 Oct '18

This work is preparing the field for adding and using metadata.libosinfo in GNOME Boxes (in a similar way that's already done for virt-manager) so we can have a cross-app schema for tracking libosinfo OS ID in the domain <metadata> XML. The tests added are from real cases as: - current Boxes' metadata (so, we ensure we won't break anything there); - the new Boxes' metadata.libosinfo; - Nova's XML example; Fabiano Fidêncio (2): object: Also add the ns to the node's children domain: Introduce gvir_config_domain_set_custom_xml_ns_children() libvirt-gconfig/libvirt-gconfig-domain.c | 41 ++++++++++++--- libvirt-gconfig/libvirt-gconfig-domain.h | 5 ++ .../libvirt-gconfig-object-private.h | 3 +- libvirt-gconfig/libvirt-gconfig-object.c | 51 +++++++++++++++---- libvirt-gconfig/libvirt-gconfig.sym | 5 ++ tests/test-gconfig.c | 3 ++ tests/xml/gconfig-domain.xml | 12 +++++ 7 files changed, 103 insertions(+), 17 deletions(-) -- 2.19.0

2 3

[libvirt] [PATCH] qemu: fix up permissions for pre-created UNIX sockets
by Ján Tomko 03 Oct '18

03 Oct '18

My commit d6b8838 fixed the uid:gid for the pre-created UNIX sockets but did not account for the different umask of libvirtd and QEMU. Since commit 0e1a1a8c we set umask to '0002' for the QEMU process. Manually tune-up the permissions to match what we would have gotten if QEMU had created the socket. https://bugzilla.redhat.com/show_bug.cgi?id=1633389 Signed-off-by: Ján Tomko <jtomko(a)redhat.com> --- src/qemu/qemu_command.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 887947dc11..d77cf8c2d6 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5034,6 +5034,12 @@ qemuOpenChrChardevUNIXSocket(const virDomainChrSourceDef *dev) goto error; } + /* We run QEMU with umask 0002. Compensate for the umask + * libvirtd might be running under to get the same permission + * QEMU would have. */ + if (virFileUpdatePerm(dev->data.nix.path, 0002, 0664) < 0) + goto error; + return fd; error: -- 2.17.1

2 1

[libvirt] [glib PATCH] gconfig, gobject: Use G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE
by Fabiano Fidêncio 03 Oct '18

03 Oct '18

Commit 7190c5024d introduced the usage of new GObject define macros with private. However as the conversion hasn't been done for abstract types (G_DEFINE_ABSTRACT_TYPE) and the addition of the private classes for the abstract types has been removed as part of the commit, crashes can be seen in Apps consuming libvirt-glib, as this one from GNOME Boxes: Thread 1 "gnome-boxes" received signal SIGSEGV, Segmentation fault. 0x00007ffff7ef2b35 in g_type_check_instance_is_fundamentally_a () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 (gdb) bt #0 0x00007ffff7ef2b35 in g_type_check_instance_is_fundamentally_a () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #1 0x00007ffff7ed2e75 in g_object_unref () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #2 0x00007ffff6ef094e in gvir_domain_device_set_property (object=0x555556680950, prop_id=2, value=0x7fffffffcbe0, pspec=0x555556772540) at libvirt-gobject-domain-device.c:89 #3 0x00007ffff7ed3b19 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #4 0x00007ffff7ed5624 in g_object_new_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #5 0x00007ffff7ed5959 in g_object_new () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #6 0x00005555555d8257 in boxes_libvirt_machine_get_domain_disk (self=0x5555560e6790, error=0x55555615a630) at /run/build/gnome-boxes/src/libvirt-machine.vala:547 #7 0x00005555555d0e7e in boxes_libvirt_machine_update_io_stat_co (_data_=0x55555615a320) at /run/build/gnome-boxes/src/libvirt-machine.vala:280 #8 0x00005555555d09b2 in boxes_libvirt_machine_update_io_stat (self=0x5555560e6790, info=0x555555f25990, stat=0x555556736a90, _callback_=0x5555555d2992 <boxes_libvirt_machine_update_stats_ready>, _user_data_=0x555556736a50) at /run/build/gnome-boxes/src/libvirt-machine.vala:5 #9 0x00005555555d3120 in boxes_libvirt_machine_update_stats_co (_data_=0x555556736a50) at /run/build/gnome-boxes/src/libvirt-machine.vala:332 #10 0x00005555555d29dd in boxes_libvirt_machine_update_stats_ready (source_object=0x5555567bb840, _res_=0x55555677ae00, _user_data_=0x555556736a50) at /run/build/gnome-boxes/src/libvirt-machine.vala:328 #11 0x00007ffff72adc89 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 #12 0x00007ffff72adcc9 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 #13 0x00007ffff7dec948 in g_main_context_dispatch () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #14 0x00007ffff7decd38 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #15 0x00007ffff7decdcc in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #16 0x00007ffff72c2dbd in g_application_run () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 #17 0x00005555556004b6 in _vala_main (args=0x7fffffffd4f8, args_length1=1) at /run/build/gnome-boxes/src/main.vala:84 #18 0x0000555555600517 in main (argc=1, argv=0x7fffffffd4f8) at /run/build/gnome-boxes/src/main.vala:68 In order to solve the issue, let's just replace G_DEFINE_ABSTRACT_TYPE by G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE. Signed-off-by: Fabiano Fidêncio <fidencio(a)redhat.com> --- libvirt-gconfig/libvirt-gconfig-domain-address.c | 2 +- libvirt-gconfig/libvirt-gconfig-domain-chardev-source.c | 2 +- libvirt-gconfig/libvirt-gconfig-domain-chardev.c | 2 +- libvirt-gconfig/libvirt-gconfig-domain-controller.c | 2 +- libvirt-gconfig/libvirt-gconfig-domain-graphics.c | 2 +- libvirt-gconfig/libvirt-gconfig-domain-hostdev.c | 2 +- libvirt-gconfig/libvirt-gconfig-domain-interface.c | 2 +- libvirt-gconfig/libvirt-gconfig-domain-smartcard.c | 2 +- libvirt-gconfig/libvirt-gconfig-domain-timer.c | 2 +- libvirt-gobject/libvirt-gobject-domain-device.c | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/libvirt-gconfig/libvirt-gconfig-domain-address.c b/libvirt-gconfig/libvirt-gconfig-domain-address.c index b070a1f..a9eefd8 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain-address.c +++ b/libvirt-gconfig/libvirt-gconfig-domain-address.c @@ -33,7 +33,7 @@ struct _GVirConfigDomainAddressPrivate gboolean unused; }; -G_DEFINE_ABSTRACT_TYPE(GVirConfigDomainAddress, gvir_config_domain_address, GVIR_CONFIG_TYPE_OBJECT); +G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE(GVirConfigDomainAddress, gvir_config_domain_address, GVIR_CONFIG_TYPE_OBJECT); static void gvir_config_domain_address_class_init(GVirConfigDomainAddressClass *klass G_GNUC_UNUSED) diff --git a/libvirt-gconfig/libvirt-gconfig-domain-chardev-source.c b/libvirt-gconfig/libvirt-gconfig-domain-chardev-source.c index 50d4030..fe22290 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain-chardev-source.c +++ b/libvirt-gconfig/libvirt-gconfig-domain-chardev-source.c @@ -34,7 +34,7 @@ struct _GVirConfigDomainChardevSourcePrivate gboolean unused; }; -G_DEFINE_ABSTRACT_TYPE(GVirConfigDomainChardevSource, gvir_config_domain_chardev_source, GVIR_CONFIG_TYPE_OBJECT); +G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE(GVirConfigDomainChardevSource, gvir_config_domain_chardev_source, GVIR_CONFIG_TYPE_OBJECT); static void gvir_config_domain_chardev_source_class_init(GVirConfigDomainChardevSourceClass *klass G_GNUC_UNUSED) diff --git a/libvirt-gconfig/libvirt-gconfig-domain-chardev.c b/libvirt-gconfig/libvirt-gconfig-domain-chardev.c index a5ebc9c..aa7e3e9 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain-chardev.c +++ b/libvirt-gconfig/libvirt-gconfig-domain-chardev.c @@ -34,7 +34,7 @@ struct _GVirConfigDomainChardevPrivate gboolean unused; }; -G_DEFINE_ABSTRACT_TYPE(GVirConfigDomainChardev, gvir_config_domain_chardev, GVIR_CONFIG_TYPE_DOMAIN_DEVICE) +G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE(GVirConfigDomainChardev, gvir_config_domain_chardev, GVIR_CONFIG_TYPE_DOMAIN_DEVICE) static void gvir_config_domain_chardev_class_init(GVirConfigDomainChardevClass *klass G_GNUC_UNUSED) { diff --git a/libvirt-gconfig/libvirt-gconfig-domain-controller.c b/libvirt-gconfig/libvirt-gconfig-domain-controller.c index a2d40c3..0c880f8 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain-controller.c +++ b/libvirt-gconfig/libvirt-gconfig-domain-controller.c @@ -33,7 +33,7 @@ struct _GVirConfigDomainControllerPrivate gboolean unused; }; -G_DEFINE_ABSTRACT_TYPE(GVirConfigDomainController, gvir_config_domain_controller, GVIR_CONFIG_TYPE_DOMAIN_DEVICE); +G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE(GVirConfigDomainController, gvir_config_domain_controller, GVIR_CONFIG_TYPE_DOMAIN_DEVICE); static void gvir_config_domain_controller_class_init(GVirConfigDomainControllerClass *klass G_GNUC_UNUSED) diff --git a/libvirt-gconfig/libvirt-gconfig-domain-graphics.c b/libvirt-gconfig/libvirt-gconfig-domain-graphics.c index e35976f..8c24adc 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain-graphics.c +++ b/libvirt-gconfig/libvirt-gconfig-domain-graphics.c @@ -33,7 +33,7 @@ struct _GVirConfigDomainGraphicsPrivate gboolean unused; }; -G_DEFINE_ABSTRACT_TYPE(GVirConfigDomainGraphics, gvir_config_domain_graphics, GVIR_CONFIG_TYPE_DOMAIN_DEVICE); +G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE(GVirConfigDomainGraphics, gvir_config_domain_graphics, GVIR_CONFIG_TYPE_DOMAIN_DEVICE); static void gvir_config_domain_graphics_class_init(GVirConfigDomainGraphicsClass *klass G_GNUC_UNUSED) diff --git a/libvirt-gconfig/libvirt-gconfig-domain-hostdev.c b/libvirt-gconfig/libvirt-gconfig-domain-hostdev.c index ade2dc3..465490e 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain-hostdev.c +++ b/libvirt-gconfig/libvirt-gconfig-domain-hostdev.c @@ -34,7 +34,7 @@ struct _GVirConfigDomainHostdevPrivate gboolean unused; }; -G_DEFINE_ABSTRACT_TYPE(GVirConfigDomainHostdev, gvir_config_domain_hostdev, GVIR_CONFIG_TYPE_DOMAIN_DEVICE); +G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE(GVirConfigDomainHostdev, gvir_config_domain_hostdev, GVIR_CONFIG_TYPE_DOMAIN_DEVICE); static void gvir_config_domain_hostdev_class_init(GVirConfigDomainHostdevClass *klass G_GNUC_UNUSED) diff --git a/libvirt-gconfig/libvirt-gconfig-domain-interface.c b/libvirt-gconfig/libvirt-gconfig-domain-interface.c index 2b841b3..7c5c8e4 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain-interface.c +++ b/libvirt-gconfig/libvirt-gconfig-domain-interface.c @@ -35,7 +35,7 @@ struct _GVirConfigDomainInterfacePrivate gboolean unused; }; -G_DEFINE_ABSTRACT_TYPE(GVirConfigDomainInterface, gvir_config_domain_interface, GVIR_CONFIG_TYPE_DOMAIN_DEVICE); +G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE(GVirConfigDomainInterface, gvir_config_domain_interface, GVIR_CONFIG_TYPE_DOMAIN_DEVICE); static void gvir_config_domain_interface_class_init(GVirConfigDomainInterfaceClass *klass G_GNUC_UNUSED) diff --git a/libvirt-gconfig/libvirt-gconfig-domain-smartcard.c b/libvirt-gconfig/libvirt-gconfig-domain-smartcard.c index f7c65f0..0d000e7 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain-smartcard.c +++ b/libvirt-gconfig/libvirt-gconfig-domain-smartcard.c @@ -33,7 +33,7 @@ struct _GVirConfigDomainSmartcardPrivate gboolean unused; }; -G_DEFINE_ABSTRACT_TYPE(GVirConfigDomainSmartcard, gvir_config_domain_smartcard, GVIR_CONFIG_TYPE_DOMAIN_DEVICE); +G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE(GVirConfigDomainSmartcard, gvir_config_domain_smartcard, GVIR_CONFIG_TYPE_DOMAIN_DEVICE); static void gvir_config_domain_smartcard_class_init(GVirConfigDomainSmartcardClass *klass G_GNUC_UNUSED) diff --git a/libvirt-gconfig/libvirt-gconfig-domain-timer.c b/libvirt-gconfig/libvirt-gconfig-domain-timer.c index f33a56f..d6d98dd 100644 --- a/libvirt-gconfig/libvirt-gconfig-domain-timer.c +++ b/libvirt-gconfig/libvirt-gconfig-domain-timer.c @@ -33,7 +33,7 @@ struct _GVirConfigDomainTimerPrivate gboolean unused; }; -G_DEFINE_ABSTRACT_TYPE(GVirConfigDomainTimer, gvir_config_domain_timer, GVIR_CONFIG_TYPE_OBJECT); +G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE(GVirConfigDomainTimer, gvir_config_domain_timer, GVIR_CONFIG_TYPE_OBJECT); static void gvir_config_domain_timer_class_init(GVirConfigDomainTimerClass *klass G_GNUC_UNUSED) diff --git a/libvirt-gobject/libvirt-gobject-domain-device.c b/libvirt-gobject/libvirt-gobject-domain-device.c index 4ed846c..ce199c5 100644 --- a/libvirt-gobject/libvirt-gobject-domain-device.c +++ b/libvirt-gobject/libvirt-gobject-domain-device.c @@ -40,7 +40,7 @@ struct _GVirDomainDevicePrivate GVirConfigDomainDevice *config; }; -G_DEFINE_ABSTRACT_TYPE(GVirDomainDevice, gvir_domain_device, G_TYPE_OBJECT); +G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE(GVirDomainDevice, gvir_domain_device, G_TYPE_OBJECT); enum { PROP_0, -- 2.19.0

2 1

[libvirt] [PATCH v2] virFileIsSharedFSType: Check for fuse.glusterfs too
by Michal Privoznik 03 Oct '18

03 Oct '18

https://bugzilla.redhat.com/show_bug.cgi?id=1632711 GlusterFS is typically safe when it comes to migration. It's a network FS after all. However, it can be mounted via FUSE driver they provide. If that is the case we fail to identify it and think migration is not safe and require VIR_MIGRATE_UNSAFE flag. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- diff to v1: - fixed the function name - switched from for() loop into virStringListHasString - ignoring retval of the function in the caller src/util/virfile.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 75 insertions(+), 2 deletions(-) diff --git a/src/util/virfile.c b/src/util/virfile.c index f8ae07fe4a..2a7e87102a 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -3458,6 +3458,76 @@ int virFilePrintf(FILE *fp, const char *msg, ...) # ifndef HUGETLBFS_MAGIC # define HUGETLBFS_MAGIC 0x958458f6 # endif +# ifndef FUSE_SUPER_MAGIC +# define FUSE_SUPER_MAGIC 0x65735546 +# endif + +# define PROC_MOUNTS "/proc/mounts" + +static int +virFileIsSharedFixFUSE(const char *path, + long *f_type) +{ + char *dirpath = NULL; + const char **mounts = NULL; + size_t nmounts = 0; + char *p; + FILE *f = NULL; + struct mntent mb; + char mntbuf[1024]; + int ret = -1; + + if (VIR_STRDUP(dirpath, path) < 0) + return -1; + + if (!(f = setmntent(PROC_MOUNTS, "r"))) { + virReportSystemError(errno, + _("Unable to open %s"), + PROC_MOUNTS); + goto cleanup; + } + + while (getmntent_r(f, &mb, mntbuf, sizeof(mntbuf))) { + if (STRNEQ("fuse.glusterfs", mb.mnt_type)) + continue; + + if (VIR_APPEND_ELEMENT_COPY(mounts, nmounts, mb.mnt_dir) < 0) + goto cleanup; + } + + /* Add NULL sentinel so that this is a virStringList */ + if (VIR_REALLOC_N(mounts, nmounts + 1) < 0) + goto cleanup; + mounts[nmounts] = NULL; + + do { + if ((p = strrchr(dirpath, '/')) == NULL) { + virReportSystemError(EINVAL, + _("Invalid relative path '%s'"), path); + goto cleanup; + } + + if (p == dirpath) + *(p+1) = '\0'; + else + *p = '\0'; + + if (virStringListHasString(mounts, dirpath)) { + VIR_DEBUG("Found gluster FUSE mountpoint=%s for path=%s. " + "Fixing shared FS type", dirpath, path); + *f_type = GFS2_MAGIC; + break; + } + } while (p != dirpath); + + ret = 0; + cleanup: + endmntent(f); + VIR_FREE(mounts); + VIR_FREE(dirpath); + return ret; +} + int virFileIsSharedFSType(const char *path, @@ -3503,6 +3573,11 @@ virFileIsSharedFSType(const char *path, return -1; } + if (sb.f_type == FUSE_SUPER_MAGIC) { + VIR_DEBUG("Found FUSE mount for path=%s. Trying to fix it", path); + virFileIsSharedFixFUSE(path, (long *) &sb.f_type); + } + VIR_DEBUG("Check if path %s with FS magic %lld is shared", path, (long long int)sb.f_type); @@ -3594,8 +3669,6 @@ virFileGetDefaultHugepageSize(unsigned long long *size) return 0; } -# define PROC_MOUNTS "/proc/mounts" - int virFileFindHugeTLBFS(virHugeTLBFSPtr *ret_fs, size_t *ret_nfs) -- 2.16.4

2 1

[libvirt] [PATCH] cpu_map: Use and install Icelake model definitions
by Jiri Denemark 03 Oct '18

03 Oct '18

In commit v4.7.0-168-g993d85ae5e I introduced two Icelake CPU models, but failed to actually include them in the CPU map index. Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- src/cpu_map/Makefile.inc.am | 2 ++ src/cpu_map/index.xml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/cpu_map/Makefile.inc.am b/src/cpu_map/Makefile.inc.am index 76bcfbc703..9eeb33e4be 100644 --- a/src/cpu_map/Makefile.inc.am +++ b/src/cpu_map/Makefile.inc.am @@ -27,6 +27,8 @@ cpumap_DATA = \ cpu_map/x86_Haswell-IBRS.xml \ cpu_map/x86_Haswell-noTSX.xml \ cpu_map/x86_Haswell-noTSX-IBRS.xml \ + cpu_map/x86_Icelake-Client.xml \ + cpu_map/x86_Icelake-Server.xml \ cpu_map/x86_IvyBridge.xml \ cpu_map/x86_IvyBridge-IBRS.xml \ cpu_map/x86_kvm32.xml \ diff --git a/src/cpu_map/index.xml b/src/cpu_map/index.xml index db82980dd4..dccda3919d 100644 --- a/src/cpu_map/index.xml +++ b/src/cpu_map/index.xml @@ -46,6 +46,8 @@ <include filename="x86_Skylake-Client-IBRS.xml"/> <include filename="x86_Skylake-Server.xml"/> <include filename="x86_Skylake-Server-IBRS.xml"/> + <include filename="x86_Icelake-Client.xml"/> + <include filename="x86_Icelake-Server.xml"/>  <include filename="x86_athlon.xml"/> -- 2.19.0

2 1

[libvirt] [PATCH 00/11] Implement alternative metadata locking
by Michal Privoznik 02 Oct '18

02 Oct '18

The latest events (and bugs reported on the list) got me thinking. I went back to the drawing board and relized we don't need virtlockd if we fork() for every transaction. The whole reason for offloading file locking to virtlockd is that there is no good version of file locking in POSIX. flock() locks entire file which would clash with qemu and therefore we can't use it. Then, fcntl(F_SETLK) (which we expose as virFileLock()) allows us to lock only some bytes, but it has few critical problems: a) the lock is not shared across fork() (only the parent has all the locks, not the child), b) the lock is not owned by file descriptor, but (pid,inode) pair. Therefore, if one thread holds the lock and the other close()-s any FD referring to the inode, it releases all the locks on that inode [1]. Since we can't guarantee this won't happen in multithreaded app like libvirtd we created a separate, single threaded binary (virtlockd) to work around those problems [2]. However, since namespaces are on by default (and therefore arguably more of our users use them than don't), we are fork()-ing anyway when setting up security labels. But the child runs single threaded, so it can do the locking instead of offloading it to a separate process. All that we need to do is: 1) make sure to fork() every time (even when namespaces are disabled), 2) make sure the child won't create any threads (trivial). I tried to write patches to make virtlockd work, but turns out it would be another 10+ patches which looks like worthless work to me given that we have cleaner solution. Having said that, I'm also reverting some patches that modified virtlockd because we will not need it after all. 1: Worse, imagine two file names for the same inode, aka file2 is a hardlink to file1. Locking file1 and closing file2 results in releasing the lock. 2: There are sane locks, so called Open File Description locks, which work well even in aforementioned cases. The lock is associated with the FD and not (pid,inode) pair. But they are Linux only. Michal Prívozník (11): security: Always spawn process for transactions security_manager: Rework metadata locking Revert "security_manager: Load lock plugin on init" Revert "qemu_conf: Introduce metadata_lock_manager" Revert "lock_manager: Allow disabling configFile for virLockManagerPluginNew" Revert "lock_driver: Introduce VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK" Revert "lock_driver: Introduce VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA" Revert "_virLockManagerLockDaemonPrivate: Move @hasRWDisks into dom union" Revert "lock_driver: Introduce new VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON" Revert "lock_driver_lockd: Introduce VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA flag" Revert "virlockspace: Allow caller to specify start and length offset in virLockSpaceAcquireResource" cfg.mk | 4 +- src/locking/lock_daemon_dispatch.c | 11 +- src/locking/lock_driver.h | 12 -- src/locking/lock_driver_lockd.c | 421 ++++++++++++------------------------- src/locking/lock_driver_lockd.h | 1 - src/locking/lock_driver_sanlock.c | 44 ++-- src/locking/lock_manager.c | 10 +- src/lxc/lxc_controller.c | 3 +- src/lxc/lxc_driver.c | 2 +- src/qemu/qemu_conf.c | 1 - src/qemu/qemu_conf.h | 1 - src/qemu/qemu_driver.c | 3 - src/security/security_dac.c | 18 +- src/security/security_manager.c | 218 ++++++++----------- src/security/security_manager.h | 19 +- src/security/security_selinux.c | 18 +- src/util/virlockspace.c | 15 +- src/util/virlockspace.h | 4 - tests/seclabeltest.c | 2 +- tests/securityselinuxlabeltest.c | 2 +- tests/securityselinuxtest.c | 2 +- tests/testutilsqemu.c | 2 +- tests/virlockspacetest.c | 29 +-- 23 files changed, 287 insertions(+), 555 deletions(-) -- 2.16.4

1 11

[libvirt] [tck PATCH] Fix runtime "undefined global" error in 100-disk-encryption.t
by Laine Stump 02 Oct '18

02 Oct '18

Commit 3836a38c added a $secret-undefine call at the end of 100-disk-encryption.t because the presence of the secret was reportedly causing an error when the test was run a 2nd time. Unfortunately the definition of "my $secret" was inside a SKIP: { ... } block, but the $secret->undefine was added just outside that block, so the test failed when it was run. Signed-off-by: Laine Stump <laine(a)laine.org> --- NB: this test is disabled unconditionally at the start of the SKIP block anyway, so I'm not sure how Jim encountered the error leading to the original patch. scripts/qemu/100-disk-encryption.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/qemu/100-disk-encryption.t b/scripts/qemu/100-disk-encryption.t index 1a36650..12386ae 100644 --- a/scripts/qemu/100-disk-encryption.t +++ b/scripts/qemu/100-disk-encryption.t @@ -117,6 +117,6 @@ diag "Undefining the inactive domain config"; $dom->undefine; ok_error(sub { $conn->get_domain_by_name("tck") }, "NO_DOMAIN error raised from missing domain", 42); -} $secret->undefine; +} -- 2.17.1

3 2

[libvirt] question about syntax of storage volume <target> element
by Jim Fehlig 02 Oct '18

02 Oct '18

I've attempted to use virt-manager to create a new VM that uses a volume from an rbd-based network pool, but have not been able to progress past step 4/5 where VM storage is selected. It appears virt-manager has problems properly detecting the volume as network-based storage, but before investigating those further I have a question about the syntax of the <target> element of a storage volume. The storage management page [0] of the website describing rbd volumes claims that the <path> subelement contains an 'rbd:rbd/' prefix in the volume path. But the page describing pool and volume format [1] syntax does not contain any info wrt specifying network URLs in the <path> subelement. What is the expectation wrt the <path> subelement of the <target> element within rbd volume config? In general, should the <path> subelement encode the scheme (e.g. rbd://) of a network-based volume? And if so, should it be formatted in the traditional 'rbd://' vs 'rbd:rbd/' syntax? Regards, Jim [0] https://libvirt.org/storage.html#StorageBackendRBD [1] https://libvirt.org/formatstorage.html#StorageVolTarget

4 4

[libvirt] [PATCH 0/8] qemu: Fix disk hotplug/media change regression
by Peter Krempa 02 Oct '18

02 Oct '18

Few of my recent patches (see the first two reverts) introduced a regression when adding disks. The disk alias is needed when creating names of certain backend objects (secrets/TLS). The code preparing those was moved prior to alias formatting. Revert those patches and fix it in a different way. Peter Krempa (8): Revert "qemu: hotplug: Prepare disk source in qemuDomainAttachDeviceDiskLive" Revert "qemu: hotplug: consolidate media change code paths" qemu: hotplug: Use new source when preparing/translating for media change qemu: hotplug: Prepare disk source for media changing qemu: hotplug: Add wrapper for disk hotplug code qemu: conf: Export qemuAddSharedDisk qemu: hotplug: Split out media change code from disk hotplug qemu: hotplug: Refactor qemuDomainAttachDeviceDiskLiveInternal src/qemu/qemu_conf.c | 2 +- src/qemu/qemu_conf.h | 5 ++ src/qemu/qemu_driver.c | 7 +- src/qemu/qemu_hotplug.c | 188 ++++++++++++++++++++++------------------ src/qemu/qemu_hotplug.h | 9 +- tests/qemuhotplugtest.c | 2 +- 6 files changed, 123 insertions(+), 90 deletions(-) -- 2.17.1

2 18