[PATCH v2 0/1] Expose availability of SEV-ES
by Takashi Kajinami
This introduces the new "model" field in sev elements so that clients can
check whether SEV-ES, the 2nd generation of AMD SEV, is available in
the taget hyprvisor. There is the maxESGuests field (along with the maxGuests
field) but this field does not explain whether SEV-ES is actually
enabled in KVM.
Takashi Kajinami (1):
Expose available AMD SEV models in domain capabilities
Changes since v1:
* Fixed one code path where available models are not added
* Fixed missing update of "report" flag
* Updated the documentation to explain the new model field in addition
to the existing but undocumanted cpu0Id field
Takashi Kajinami (1):
Expose available AMD SEV models in domain capabilities
docs/formatdomaincaps.rst | 5 ++
src/conf/domain_capabilities.c | 2 +
src/conf/domain_capabilities.h | 1 +
src/conf/domain_conf.c | 7 +++
src/conf/domain_conf.h | 8 ++++
src/qemu/qemu_capabilities.c | 84 +++++++++++++++++++++++++---------
6 files changed, 85 insertions(+), 22 deletions(-)
--
2.43.0
5 months
[PATCH] formatstorage: Document qcow2 default version change
by Peter Krempa
Based on discussion after commit f432114d9c was pushed it was pointed
out that the documentation still mentions the older version.
Fix the documentation to state the new version and introduce ambiguity
for future updates.
Fixes: f432114d9cf507a4047aa9dc1344b1c13356db08
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
Posting this documentation update to document what happened rather than
introduce (almost pointless) complication in adding a config file which
is unlikely to be ever used.
docs/formatstorage.rst | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/docs/formatstorage.rst b/docs/formatstorage.rst
index 86e167d9cb..9d9a4143eb 100644
--- a/docs/formatstorage.rst
+++ b/docs/formatstorage.rst
@@ -700,10 +700,15 @@ host filesystem. It can contain the following child elements:
Encryption <formatstorageencryption.html>`__ page for more information.
``compat``
Specify compatibility level. So far, this is only used for ``type='qcow2'``
- volumes. Valid values are ``0.10`` and ``1.1`` so far, specifying QEMU
- version the images should be compatible with. If the ``feature`` element is
- present, 1.1 is used. :since:`Since 1.1.0` If omitted, 0.10 is used.
- :since:`Since 1.1.2`
+ volumes. Valid values are ``0.10`` (QCOW2 v2) and ``1.1`` (QCOW2 v3) so far.
+ The values were meant to specify QEMU version the images should be compatible
+ with.
+
+ The default, if the ``feature`` element is present is ``1.1``. :since:`Since 1.1.0`
+ If ``feature`` is not present, ``0.10`` was used :since:`Since 1.1.2` and
+ :since:`Since 10.2.0` ``1.1`` is used as it's the default of ``qemu-img``.
+
+ Any tool depending on a specific version should specify this field explicitly.
``nocow``
Turn off COW of the newly created volume. So far, this is only valid for a
file image in btrfs file system. It will improve performance when the file
--
2.44.0
5 months
[libvirt PATCH 00/28] native support for nftables in virtual network driver
by Laine Stump
This patch series enables libvirt to use nftables rules rather than
iptables *when setting up virtual networks* (it does *not* add
nftables support to the nwfilter driver). It accomplishes this by
abstracting several iptables functions (from viriptables.[ch] called
by the virtual network driver into a rudimentary "virNetfilter API"
(in virnetfilter.[ch], having the virtual network driver call the
virNetFilter API rather than calling the existing iptables functions
directly, and then finally adding an equivalent virNftables backend
that can be used instead of iptables (selected manually via a
network.conf setting, or automatically if iptables isn't found on the
host).
A first look at the result may have you thinking that it's filled with
a lot of bad decisions. While I would agree with that in many cases, I
think that overall they are the "least bad" decisions, or at least
"bad within acceptable limits / no worse than something else", and
point out that it's been done in a way that minimizes (actually
eliminates) the need for immediate changes to nwfilter (the other
consumer of iptables, which *also* needs to be updated to use native
nftables), and makes it much easier to change our mind about the
details in the future.
When I first started on this (long, protracted, repeatedly interrupted
for extended periods - many of these patches are > a year old) task, I
considered doing an all-at-once complete replacement of iptables with
nftables, since all the Linux distros we support have had nftables for
several years, and I'm pretty sure nobody has it disabled (not even
sure if it's possible to disable nftables while still enabling
iptables, since they both use xtables in the kernel). But due to
libvirt's use of "-t mangle -j CHECKSUM --checksum-fill" (see commit
fd5b15ff all the way back in July 2010 for details) which has no
equivalent in nftables rules (and we don't *want* it to!!), and the
desire to be able to easily switch back to iptables in case of an
unforeseen regression, we decided that both iptables and nftables need
to be supported (for now), with the default (for now) remaining as
iptables.
Just allowing for dual backends complicated matters, since it means
that we have to have a config file, a setting, detection of which
backends are available, and of course some sort of concept of an
abstracted frontend that can use either backend based on the config
setting (and/or auto-detection). Combining that with the fact that it
would just be "too big" of a project to switch over nwfilter's
iptables usage at the same time means that we have to keep around a
lot of existing code for compatibility's sake rather than just wiping
it all away and starting over.
So, what I've ended up with is:
1) a network.conf file (didn't exist before) with a single setting
"firewall_backend". If unset, the network driver tries to use iptables
on the backend, and if that's missing, then tries to use nftables.
2) a new (internal-only, so transient!) virNetFilterXXX API that is
used by the network driver in place of the iptablesXXX API, and calls
either iptablesXXX or:
3) a virNftablesXXX API that exactly replicates the filtering rules of
the existing iptablesXXX API (except in the custom "libvirt" base
table rather than the system "filter" and "nat" tables). This means
that:
4) when the nftables backend is used, the rules added are *exactly the
same* (functionally speaking) as we currently add for iptables (except
they are in the "libvirt" table).
We had spent some time in IRC discussing different ways of using new
functionality available in nftables to make a more
efficient/performant implemention of the desired filtering, and there
are some really great possibilities that need to be explored, but in
the end there were too many details up in the air, and I decided that
it would be more "accomplishable" (coined a new word there!) to first
replicate existing behavior with nftables, but do it inside a
framework that makes it easy to modify the details in the future (in
particular making it painless to switch back and forth between builds
with differing filter models at runtime) - this way we'll be able to
separate the infrastructure work from the details of the rules (which
we can then more easily work on and experiment with). (This implies
that the main objective right now is "get rid of iptables
dependencies", not "make the filtering faster and more efficient").
Notable features of this patchset:
* allows switching between iptables/nftables backends without
rebooting or restarting networks/guests.
Because the commands required to remove a network's filter rules are
now saved in the network status XML, each time libvirtd (or
virtnetworkd) is restarted, it will execute exactly the commands
needed to remove the filter rules that had been added by the
previous libvirtd/virtnetworkd (rather than just making a guess, as
we've always done up until now), and then add new rules using the
current backend+binary's set of rules (while also saving the info
needed for future removal of these new rules back into the network's
status XML).
* firewall_backend can be explicitly set in (new)
/etc/libvirt/network.conf, but if it's not explicitly set, libvirt
will default to the iptables backend if the iptables binary is
found, and otherwise fall back to nftables as long as the nft
binary is found; otherwise the first attempt to start a network will
fail with an appropriate error.
Things that seem ugly / that I would like to clean up / that I think
are just fine as they are:
* virFirewall does *not* provide a backend-agnostic interface [this is fine]
* We need to maintain a backward-compatible API for virFirewall so
that we don't have to touch nwfilter code. Trying to make its API
backend-agnostic would require individually considering/changing
every nwfilter use of virFirewall.
* instead virFirewall objects are just a way to build a collection
of commands to execute to build a firewall, then execute them
while collecting info for and building a collection of commands
that will tear down that firewall in the future.
Do I want to "fix" this in the future by making virFirewall a higher
level interface that accepts tokens describing the type of rule to
add (rather than backend-specific arguments to a backend-specific
command)? No. I think I like the way virFirewall works (as
described in that previous bullet-point), instead I'm thinking that
it is just slightly mis-named - I've lately been thinking of it as a
"virNetFilterCmdList". Similarly, the virFirewallRules that it has a
list of aren't really "rules", they are better described as commands
or actions, so maybe they should be renamed to virNetfilterCmd or
virNetfilterAction. But that is just cosmetic, so I didn't want to
get into it in these patches (especially in case someone disagrees,
or has a better idea for naming).
* Speaking of renaming - I should probably rename all the
"iptablesXXX" functions to "virIptablesXXX" to be consistent with so
much of our other code. I lost the ambition to deal with it right
now though, so I'm leaving that for later cleanup (or I could do it
now if it really makes someone's day :-).
* I could have chosen a higher place in the callchain to make the
virNetfilter abstraction, e.g. at the level of
"networkAddXXXFirewallRules()" rather than at the lower level of
iptablesXXX(). That is actually probably what will happen in the
future (since it will be necessary in order for an nftables-based
firewall to be significantly different in structure from an
iptables-based firewall). But that's the beauty of an API being
private - we can freely add/remove things as needed. the important
thing is that we now have the basic structure there.
For now, the split is just above the existing iptablesXXX API
(util/viriptables.[ch], which seems like a "narrow" enough
place. Most iptablesXXX functions are written in terms of just 10
*other* iptablesXXX functions that add iptables-specific commands -
I've just moved those functions into virnetfilter.[ch]
(appropriately renamed), and changed them to call the 10
virNetfilterXXX functions that will in-turn call those 10
iptablesXXX (or equivalent virNftablesXXX) functions.
* Some people may dislike that the 10 virNetfilterXXX functions are
each written with a switch statement that has cases to directly call
each backend, rather than each backend driver having a table of
pointers to API functions, with the virNetfilter API function
calling backends[fwBackend]->XXX() (ie the pattern for so many
drivers in libvirt). But for just 2 backends, that really seemed
like overkill and unnecessary obfuscation.
* As implemented here, I am storing a "<fwRemoval>" element in the
network status XML - it contains a serialized virFirewall object
that directly contains the commands necessary to remove the
firewall. I could instead just store "<firewall>", which would
include all the commands that were used to *create* the firewall in
addition to the commands needed to remove the firewall. The way it's
done currently takes up less space; switching to storing the full
firewall *might* be more informative to somebody, but on the other
hand would make the network status XML *very* long. If anybody has
an opinion about this, now is the time to bring it up - do you think
it's worth having a separate list of all the commands that were used
to create a network's firewall (keeping in mind that there is no
public API to access it)? Or is it enough to just store what's
needed to remove the firewall?
* Several months ago Eric Garver posted patches for a pure firewalld
backend, and I requested that they not be pushed because I wanted
that to be integrated with my nftables backend support. Due to the
fact that the firewalld backend is almost entirely implemented by
putting the bridge into a new firewalld "zone", with no individual
rules added, that won't happen as just another backend driver file
in parallel to iptables and nftables; it will instead work by
checking firewall_backend at a higher level in the network driver,
thus avoiding the calls to virNetfilterXXX() entirely. I have
locally merged Eric's patches over the top of these patches, and
there are surprisingly few conflicts, but since his patches didn't
account for a user-settable config (but instead just always used the
firewalld backend if firewalld was active), some of the patches are
going to require a bit of rework, which I'll take care of after
getting these patches in.
Laine Stump (28):
util: add -w/--concurrent when applying the rule rather than when
building it
util: new virFirewallRuleGet*() APIs
util: determine ignoreErrors value when creating rule, not when
applying
util: rename iptables helpers that will become the frontend for
ip&nftables
util: move backend-agnostic virNetfilter*() functions to their own
file
util: make netfilter action a proper typedefed (virFirewall) enum
util: #define the names used for private packet filter chains
util: move/rename virFirewallApplyRuleDirect to
virIptablesApplyFirewallRule
util/network: reintroduce virFirewallBackend, but different
network: add (empty) network.conf file to distribution files
network: allow setting firewallBackend from network.conf
network: do not add DHCP checksum mangle rule unless using iptables
network: call backend agnostic function to init private filter chains
util: setup functions in virnetfilter which will call appropriate
backend
build: add nft to the list of binaries we attempt to locate
util: add nftables backend to virnetfilter API used by network driver
tests: test cases for nftables backend
util: new functions to support adding individual rollback rules
util: check for 0 args when applying iptables rule
util: implement rollback rule autosave for iptables backend
util: implement rollback rule autosave for nftables backend
network: turn on auto-rollback for the rules added for virtual
networks
util: new function virFirewallNewFromRollback()
util: new functions virFirewallParseXML() and virFirewallFormat()
conf: add a virFirewall object to virNetworkObj
network: use previously saved list of firewall rules when removing
network: save network status when firewall rules are reloaded
network: improve log message when reloading virtual network firewall
rules
libvirt.spec.in | 5 +
meson.build | 1 +
po/POTFILES | 2 +
src/conf/virnetworkobj.c | 40 +
src/conf/virnetworkobj.h | 11 +
src/libvirt_private.syms | 68 +-
src/network/bridge_driver.c | 40 +-
src/network/bridge_driver_conf.c | 44 +
src/network/bridge_driver_conf.h | 3 +
src/network/bridge_driver_linux.c | 241 +++--
src/network/bridge_driver_nop.c | 6 +-
src/network/bridge_driver_platform.h | 6 +-
src/network/libvirtd_network.aug | 39 +
src/network/meson.build | 11 +
src/network/network.conf | 24 +
src/network/test_libvirtd_network.aug.in | 5 +
src/nwfilter/nwfilter_ebiptables_driver.c | 16 +-
src/util/meson.build | 2 +
src/util/virebtables.c | 4 +-
src/util/virfirewall.c | 490 ++++++++--
src/util/virfirewall.h | 51 +-
src/util/viriptables.c | 762 ++++-----------
src/util/viriptables.h | 222 ++---
src/util/virnetfilter.c | 892 ++++++++++++++++++
src/util/virnetfilter.h | 159 ++++
src/util/virnftables.c | 698 ++++++++++++++
src/util/virnftables.h | 118 +++
.../{base.args => base.iptables} | 0
tests/networkxml2firewalldata/base.nftables | 256 +++++
...-linux.args => nat-default-linux.iptables} | 0
.../nat-default-linux.nftables | 248 +++++
...pv6-linux.args => nat-ipv6-linux.iptables} | 0
.../nat-ipv6-linux.nftables | 384 ++++++++
...rgs => nat-ipv6-masquerade-linux.iptables} | 0
.../nat-ipv6-masquerade-linux.nftables | 456 +++++++++
...linux.args => nat-many-ips-linux.iptables} | 0
.../nat-many-ips-linux.nftables | 472 +++++++++
...-linux.args => nat-no-dhcp-linux.iptables} | 0
.../nat-no-dhcp-linux.nftables | 384 ++++++++
...ftp-linux.args => nat-tftp-linux.iptables} | 0
.../nat-tftp-linux.nftables | 274 ++++++
...inux.args => route-default-linux.iptables} | 0
.../route-default-linux.nftables | 162 ++++
tests/networkxml2firewalltest.c | 56 +-
tests/virfirewalltest.c | 20 +-
45 files changed, 5718 insertions(+), 954 deletions(-)
create mode 100644 src/network/libvirtd_network.aug
create mode 100644 src/network/network.conf
create mode 100644 src/network/test_libvirtd_network.aug.in
create mode 100644 src/util/virnetfilter.c
create mode 100644 src/util/virnetfilter.h
create mode 100644 src/util/virnftables.c
create mode 100644 src/util/virnftables.h
rename tests/networkxml2firewalldata/{base.args => base.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/base.nftables
rename tests/networkxml2firewalldata/{nat-default-linux.args => nat-default-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-default-linux.nftables
rename tests/networkxml2firewalldata/{nat-ipv6-linux.args => nat-ipv6-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-ipv6-linux.nftables
rename tests/networkxml2firewalldata/{nat-ipv6-masquerade-linux.args => nat-ipv6-masquerade-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
rename tests/networkxml2firewalldata/{nat-many-ips-linux.args => nat-many-ips-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-many-ips-linux.nftables
rename tests/networkxml2firewalldata/{nat-no-dhcp-linux.args => nat-no-dhcp-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
rename tests/networkxml2firewalldata/{nat-tftp-linux.args => nat-tftp-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-tftp-linux.nftables
rename tests/networkxml2firewalldata/{route-default-linux.args => route-default-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/route-default-linux.nftables
--
2.39.2
6 months, 2 weeks
[PATCH-for-9.1 v2 0/3] rdma: Remove RDMA subsystem and pvrdma device
by Philippe Mathieu-Daudé
Since v1:
- split in 3 (Thomas)
- justify gluster removal
Philippe Mathieu-Daudé (3):
hw/rdma: Remove pvrdma device and rdmacm-mux helper
migration: Remove RDMA protocol handling
block/gluster: Remove RDMA protocol handling
MAINTAINERS | 17 -
docs/about/deprecated.rst | 9 -
docs/about/removed-features.rst | 4 +
docs/devel/migration/main.rst | 6 -
docs/pvrdma.txt | 345 --
docs/rdma.txt | 420 --
docs/system/device-url-syntax.rst.inc | 4 +-
docs/system/loongarch/virt.rst | 2 +-
docs/system/qemu-block-drivers.rst.inc | 1 -
meson.build | 59 -
qapi/machine.json | 17 -
qapi/migration.json | 31 +-
qapi/qapi-schema.json | 1 -
qapi/rdma.json | 38 -
contrib/rdmacm-mux/rdmacm-mux.h | 61 -
hw/rdma/rdma_backend.h | 129 -
hw/rdma/rdma_backend_defs.h | 76 -
hw/rdma/rdma_rm.h | 97 -
hw/rdma/rdma_rm_defs.h | 146 -
hw/rdma/rdma_utils.h | 63 -
hw/rdma/trace.h | 1 -
hw/rdma/vmw/pvrdma.h | 144 -
hw/rdma/vmw/pvrdma_dev_ring.h | 46 -
hw/rdma/vmw/pvrdma_qp_ops.h | 28 -
hw/rdma/vmw/trace.h | 1 -
include/hw/rdma/rdma.h | 37 -
include/monitor/hmp.h | 1 -
.../infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h | 685 ---
.../infiniband/hw/vmw_pvrdma/pvrdma_verbs.h | 348 --
.../standard-headers/rdma/vmw_pvrdma-abi.h | 310 --
migration/migration-stats.h | 6 +-
migration/migration.h | 9 -
migration/options.h | 2 -
migration/rdma.h | 69 -
block/gluster.c | 39 -
contrib/rdmacm-mux/main.c | 831 ----
hw/core/machine-qmp-cmds.c | 32 -
hw/rdma/rdma.c | 30 -
hw/rdma/rdma_backend.c | 1401 ------
hw/rdma/rdma_rm.c | 812 ----
hw/rdma/rdma_utils.c | 126 -
hw/rdma/vmw/pvrdma_cmd.c | 815 ----
hw/rdma/vmw/pvrdma_dev_ring.c | 141 -
hw/rdma/vmw/pvrdma_main.c | 735 ---
hw/rdma/vmw/pvrdma_qp_ops.c | 298 --
migration/migration-stats.c | 5 +-
migration/migration.c | 31 -
migration/options.c | 16 -
migration/qemu-file.c | 1 -
migration/ram.c | 86 +-
migration/rdma.c | 4184 -----------------
migration/savevm.c | 2 +-
monitor/qmp-cmds.c | 1 -
Kconfig.host | 3 -
contrib/rdmacm-mux/meson.build | 7 -
hmp-commands-info.hx | 13 -
hw/Kconfig | 1 -
hw/meson.build | 1 -
hw/rdma/Kconfig | 3 -
hw/rdma/meson.build | 12 -
hw/rdma/trace-events | 31 -
hw/rdma/vmw/trace-events | 17 -
meson_options.txt | 4 -
migration/meson.build | 1 -
migration/trace-events | 68 +-
qapi/meson.build | 1 -
qemu-options.hx | 6 -
.../org.centos/stream/8/build-environment.yml | 1 -
.../ci/org.centos/stream/8/x86_64/configure | 3 -
scripts/ci/setup/build-environment.yml | 4 -
scripts/coverity-scan/run-coverity-scan | 2 +-
scripts/meson-buildoptions.sh | 6 -
scripts/update-linux-headers.sh | 27 -
tests/lcitool/projects/qemu.yml | 3 -
tests/migration/guestperf/engine.py | 4 +-
75 files changed, 20 insertions(+), 12997 deletions(-)
delete mode 100644 docs/pvrdma.txt
delete mode 100644 docs/rdma.txt
delete mode 100644 qapi/rdma.json
delete mode 100644 contrib/rdmacm-mux/rdmacm-mux.h
delete mode 100644 hw/rdma/rdma_backend.h
delete mode 100644 hw/rdma/rdma_backend_defs.h
delete mode 100644 hw/rdma/rdma_rm.h
delete mode 100644 hw/rdma/rdma_rm_defs.h
delete mode 100644 hw/rdma/rdma_utils.h
delete mode 100644 hw/rdma/trace.h
delete mode 100644 hw/rdma/vmw/pvrdma.h
delete mode 100644 hw/rdma/vmw/pvrdma_dev_ring.h
delete mode 100644 hw/rdma/vmw/pvrdma_qp_ops.h
delete mode 100644 hw/rdma/vmw/trace.h
delete mode 100644 include/hw/rdma/rdma.h
delete mode 100644 include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h
delete mode 100644 include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h
delete mode 100644 include/standard-headers/rdma/vmw_pvrdma-abi.h
delete mode 100644 migration/rdma.h
delete mode 100644 contrib/rdmacm-mux/main.c
delete mode 100644 hw/rdma/rdma.c
delete mode 100644 hw/rdma/rdma_backend.c
delete mode 100644 hw/rdma/rdma_rm.c
delete mode 100644 hw/rdma/rdma_utils.c
delete mode 100644 hw/rdma/vmw/pvrdma_cmd.c
delete mode 100644 hw/rdma/vmw/pvrdma_dev_ring.c
delete mode 100644 hw/rdma/vmw/pvrdma_main.c
delete mode 100644 hw/rdma/vmw/pvrdma_qp_ops.c
delete mode 100644 migration/rdma.c
delete mode 100644 contrib/rdmacm-mux/meson.build
delete mode 100644 hw/rdma/Kconfig
delete mode 100644 hw/rdma/meson.build
delete mode 100644 hw/rdma/trace-events
delete mode 100644 hw/rdma/vmw/trace-events
--
2.41.0
6 months, 2 weeks
[PATCH] network: add modify-or-add feature to net-update
by Abhiram Tilak
The current way of updating a network configuration uses `virsh
net-update` to add, delete or modify entries. But with such a mechansim
one should know if an entry with current info already exists. Adding
modify-or-add option automatically performs either modify or add
depending on the current state.
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/363
Signed-off-by: Abhiram Tilak <atp.exp(a)gmail.com>
---
docs/manpages/virsh.rst | 5 +-
include/libvirt/libvirt-network.h | 2 +
src/conf/network_conf.c | 148 ++++++++++++++++++++++++------
tools/virsh-network.c | 4 +-
4 files changed, 126 insertions(+), 33 deletions(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 115b802c45..dc91ba895c 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -5908,7 +5908,10 @@ changes optionally taking effect immediately, without needing to
destroy and re-start the network.
*command* is one of "add-first", "add-last", "add" (a synonym for
-add-last), "delete", or "modify".
+add-last), "delete", "modify", "modify-or-add" (modify + add-last),
+"modify-or-add-first". The 'modify-or-add' commands perform modify or
+add operation depending on the given state, and can be useful for
+scripting.
*section* is one of "bridge", "domain", "ip", "ip-dhcp-host",
"ip-dhcp-range", "forward", "forward-interface", "forward-pf",
diff --git a/include/libvirt/libvirt-network.h b/include/libvirt/libvirt-network.h
index 58591be7ac..a6e132f407 100644
--- a/include/libvirt/libvirt-network.h
+++ b/include/libvirt/libvirt-network.h
@@ -181,6 +181,8 @@ typedef enum {
VIR_NETWORK_UPDATE_COMMAND_DELETE = 2, /* delete an existing element (Since: 0.10.2) */
VIR_NETWORK_UPDATE_COMMAND_ADD_LAST = 3, /* add an element at end of list (Since: 0.10.2) */
VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST = 4, /* add an element at start of list (Since: 0.10.2) */
+ VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_LAST = 5, /* if exists modify or add an element at end of list (Since: 0.10.2) */
+ VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST = 6, /* if exists modify or add an element at start of list (Since: 0.10.2) */
# ifdef VIR_ENUM_SENTINELS
VIR_NETWORK_UPDATE_COMMAND_LAST /* (Since: 0.10.2) */
# endif
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index cc92ed0b03..2835395385 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -2721,6 +2721,9 @@ virNetworkDefUpdateIPDHCPHost(virNetworkDef *def,
virNetworkDHCPHostDef host = { 0 };
bool partialOkay = (command == VIR_NETWORK_UPDATE_COMMAND_DELETE);
+ /* added for modify-or-add feature */
+ bool modified = false;
+
if (virNetworkDefUpdateCheckElementName(def, ctxt->node, "host") < 0)
goto cleanup;
@@ -2826,7 +2829,34 @@ virNetworkDefUpdateIPDHCPHost(virNetworkDef *def,
virNetworkDHCPHostDefClear(&ipdef->hosts[i]);
VIR_DELETE_ELEMENT(ipdef->hosts, i, ipdef->nhosts);
- } else {
+ } else if ((command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_LAST) ||
+ (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)) {
+
+ /* find entries with matching name/address/ip */
+ for (i = 0; i < ipdef->nhosts; i++) {
+ if ((host.mac && ipdef->hosts[i].mac &&
+ !virMacAddrCompare(host.mac, ipdef->hosts[i].mac)) ||
+ (host.name &&
+ STREQ_NULLABLE(host.name, ipdef->hosts[i].name)) ||
+ (VIR_SOCKET_ADDR_VALID(&host.ip) &&
+ virSocketAddrEqual(&host.ip, &ipdef->hosts[i].ip))) {
+
+ modified = true;
+ break;
+ }
+ }
+
+ /* if element is found then modify, or else add to beginning/end of list */
+ if (modified) {
+ virNetworkDHCPHostDefClear(&ipdef->hosts[i]);
+ ipdef->hosts[i] = host;
+ memset(&host, 0, sizeof(host));
+ } else if (VIR_INSERT_ELEMENT(ipdef->hosts,
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST
+ ? 0 : ipdef->nhosts,
+ ipdef->nhosts, host) < 0)
+ goto cleanup;
+ } else {
virNetworkDefUpdateUnknownCommand(command);
goto cleanup;
}
@@ -2885,7 +2915,9 @@ virNetworkDefUpdateIPDHCPRange(virNetworkDef *def,
}
if ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST) ||
- (command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST)) {
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST) ||
+ (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_LAST) ||
+ (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)) {
if (virNetworkDefUpdateCheckMultiDHCP(def, ipdef) < 0)
return -1;
@@ -2894,17 +2926,24 @@ virNetworkDefUpdateIPDHCPRange(virNetworkDef *def,
g_autofree char *startip = virSocketAddrFormat(&range.addr.start);
g_autofree char *endip = virSocketAddrFormat(&range.addr.end);
- virReportError(VIR_ERR_OPERATION_INVALID,
- _("there is an existing dhcp range entry in network '%1$s' that matches \"<range start='%2$s' end='%3$s'/>\""),
- def->name,
- startip ? startip : "unknown",
- endip ? endip : "unknown");
+
+ if ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST) ||
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST))
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("there is an existing dhcp range entry in network '%1$s' that matches \"<range start='%2$s' end='%3$s'/>\""),
+ def->name,
+ startip ? startip : "unknown",
+ endip ? endip : "unknown");
+ else
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("dhcp ranges cannot be modified, only added or deleted"));
return -1;
}
/* add to beginning/end of list */
if (VIR_INSERT_ELEMENT(ipdef->ranges,
- command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)
? 0 : ipdef->nranges,
ipdef->nranges, range) < 0)
return -1;
@@ -2981,18 +3020,26 @@ virNetworkDefUpdateForwardInterface(virNetworkDef *def,
}
if ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST) ||
- (command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST)) {
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST) ||
+ (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_LAST) ||
+ (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)) {
if (i < def->forward.nifs) {
- virReportError(VIR_ERR_OPERATION_INVALID,
- _("there is an existing interface entry in network '%1$s' that matches \"<interface dev='%2$s'>\""),
- def->name, iface.device.dev);
+ if ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST) ||
+ command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST)
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("there is an existing interface entry in network '%1$s' that matches \"<interface dev='%2$s'>\""),
+ def->name, iface.device.dev);
+ else
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("forward interface entries cannot be modified, only added or deleted"));
goto cleanup;
}
/* add to beginning/end of list */
if (VIR_INSERT_ELEMENT(def->forward.ifs,
- command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)
? 0 : def->forward.nifs,
def->forward.nifs, iface) < 0)
goto cleanup;
@@ -3056,6 +3103,9 @@ virNetworkDefUpdatePortGroup(virNetworkDef *def,
int ret = -1;
virPortGroupDef portgroup = { 0 };
+ /* added for modify-or-add feature */
+ bool modified = false;
+
if (virNetworkDefUpdateCheckElementName(def, ctxt->node, "portgroup") < 0)
goto cleanup;
@@ -3097,6 +3147,17 @@ virNetworkDefUpdatePortGroup(virNetworkDef *def,
goto cleanup;
}
+ /* modify found entries for modify-or-add command */
+ if (foundName >= 0 && (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_LAST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)) {
+
+ /* replace existing entry */
+ virPortGroupDefClear(&def->portGroups[foundName]);
+ def->portGroups[foundName] = portgroup;
+ memset(&portgroup, 0, sizeof(portgroup));
+ modified = true;
+ }
+
if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
/* replace existing entry */
@@ -3105,11 +3166,14 @@ virNetworkDefUpdatePortGroup(virNetworkDef *def,
memset(&portgroup, 0, sizeof(portgroup));
} else if ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST) ||
- (command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST)) {
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST) ||
+ (!modified && command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_LAST) ||
+ (!modified && command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)) {
/* add to beginning/end of list */
if (VIR_INSERT_ELEMENT(def->portGroups,
- command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)
? 0 : def->nPortGroups,
def->nPortGroups, portgroup) < 0)
goto cleanup;
@@ -3144,7 +3208,9 @@ virNetworkDefUpdateDNSHost(virNetworkDef *def,
virNetworkDNSDef *dns = &def->dns;
virNetworkDNSHostDef host = { 0 };
bool isAdd = (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
- command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST);
+ command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_LAST);
int foundCt = 0;
if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
@@ -3185,15 +3251,21 @@ virNetworkDefUpdateDNSHost(virNetworkDef *def,
if (isAdd) {
if (foundCt > 0) {
- virReportError(VIR_ERR_OPERATION_INVALID,
- _("there is already at least one DNS HOST record with a matching field in network %1$s"),
- def->name);
+ if ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST) ||
+ command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST)
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("there is already at least one DNS HOST record with a matching field in network %1$s"),
+ def->name);
+ else
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("DNS HOST records cannot be modified, only added or deleted"));
goto cleanup;
}
/* add to beginning/end of list */
if (VIR_INSERT_ELEMENT(dns->hosts,
- command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)
? 0 : dns->nhosts, dns->nhosts, host) < 0)
goto cleanup;
} else if (command == VIR_NETWORK_UPDATE_COMMAND_DELETE) {
@@ -3240,7 +3312,9 @@ virNetworkDefUpdateDNSSrv(virNetworkDef *def,
virNetworkDNSDef *dns = &def->dns;
virNetworkDNSSrvDef srv = { 0 };
bool isAdd = (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
- command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST);
+ command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_LAST);
int foundCt = 0;
if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
@@ -3268,15 +3342,21 @@ virNetworkDefUpdateDNSSrv(virNetworkDef *def,
if (isAdd) {
if (foundCt > 0) {
- virReportError(VIR_ERR_OPERATION_INVALID,
- _("there is already at least one DNS SRV record matching all specified fields in network %1$s"),
- def->name);
+ if ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST) ||
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST))
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("there is already at least one DNS SRV record matching all specified fields in network %1$s"),
+ def->name);
+ else
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("DNS SRV records cannot be modified, only added or deleted"));
goto cleanup;
}
/* add to beginning/end of list */
if (VIR_INSERT_ELEMENT(dns->srvs,
- command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)
? 0 : dns->nsrvs, dns->nsrvs, srv) < 0)
goto cleanup;
} else if (command == VIR_NETWORK_UPDATE_COMMAND_DELETE) {
@@ -3322,7 +3402,9 @@ virNetworkDefUpdateDNSTxt(virNetworkDef *def,
virNetworkDNSDef *dns = &def->dns;
virNetworkDNSTxtDef txt = { 0 };
bool isAdd = (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
- command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST);
+ command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_LAST);
if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
@@ -3344,15 +3426,21 @@ virNetworkDefUpdateDNSTxt(virNetworkDef *def,
if (isAdd) {
if (foundIdx < dns->ntxts) {
- virReportError(VIR_ERR_OPERATION_INVALID,
- _("there is already a DNS TXT record with name '%1$s' in network %2$s"),
- txt.name, def->name);
+ if ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST) ||
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST))
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ _("there is already a DNS TXT record with name '%1$s' in network %2$s"),
+ txt.name, def->name);
+ else
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("DNS TXT records cannot be modified, only added or deleted"));
goto cleanup;
}
/* add to beginning/end of list */
if (VIR_INSERT_ELEMENT(dns->txts,
- command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST
+ (command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST ||
+ command == VIR_NETWORK_UPDATE_COMMAND_MODIFY_OR_ADD_FIRST)
? 0 : dns->ntxts, dns->ntxts, txt) < 0)
goto cleanup;
} else if (command == VIR_NETWORK_UPDATE_COMMAND_DELETE) {
diff --git a/tools/virsh-network.c b/tools/virsh-network.c
index 597e3d4530..c30305ac50 100644
--- a/tools/virsh-network.c
+++ b/tools/virsh-network.c
@@ -1231,7 +1231,7 @@ static const vshCmdOptDef opts_network_update[] = {
.positional = true,
.required = true,
.completer = virshNetworkUpdateCommandCompleter,
- .help = N_("type of update (add-first, add-last (add), delete, or modify)")
+ .help = N_("type of update (add-first, add-last (add), delete, modify, modify-or-add, or modify-or-add-first)")
},
{.name = "section",
.type = VSH_OT_STRING,
@@ -1260,7 +1260,7 @@ static const vshCmdOptDef opts_network_update[] = {
VIR_ENUM_IMPL(virshNetworkUpdateCommand,
VIR_NETWORK_UPDATE_COMMAND_LAST,
- "none", "modify", "delete", "add-last", "add-first");
+ "none", "modify", "delete", "add-last", "add-first", "modify-or-add", "modify-or-add-first");
VIR_ENUM_IMPL(virshNetworkSection,
VIR_NETWORK_SECTION_LAST,
--
2.44.0
7 months, 1 week
[PATCH 00/35] vsh: Fix handling of commands and help - part 3 (virsh testing overhaul)
by Peter Krempa
Part 3 was supposed to be the refactor of the command parser but since
I wanted to add few tests I've noticed that there's a lot of old cruft
and many tests are skipped.
This series refactors virshtest and optimizes it to run multiple
commands with one virsh instance. Doing this allows us to do more
testing in the same run time allowing us to reduce the amount of
"expensive" tests.
Further down this removes all of the 'shell' test infra which was used
for virsh.
Peter Krempa (35):
virshtest: Prepare for testing against output files
virshtest: Allow to test failure of commands
virshtest: Filter multiple occurences of string to drop in
testFilterLine
virshtest: Add support for testing commands read from input file and
adapt alias tests
virshtest: Adapt 'echo --split' tests to DO_TEST_SCRIPT
virshtest: Drop some redundant 'echo' cases
virshtest: Adapt some 'escaping' tests via DO_TEST_SCRIPT
vrishtest: Prepare for simpler testing - echo tests
virshtest: Test against output files ("echo" tests)
virshtest: Drop string form of expected output data of "echo" tests
virshtest: Replace list and nodeinfo tests by equivalent
VIR_TEST_SCRIPT variant
virshtest: Adapt tests for domain id lookup and state query to
DO_TEST_SCRIPT
virshtest: Adapt 'blkiotune' tests to DO_TEST_SCRIPT
virshtest: Adapt 'iothread' tests to DO_TEST_SCRIPT
virshtest: Drop support for testing against hardcoded strings
virshtest: Adapt argument parsing tests from 'virsh-optparse'
virshtest: Adapt 'snapshot-create-as' arg handling tests from
'virsh-optparse'
virshtest: Adapt numeric option arg handling tests from
'virsh-optparse'
virshtest: Adapt 'event' option arg handling tests from
'virsh-optparse'
virshtest: Reimplement 'virsh-output' test
qemuxmlconftest: Adapt XMLs from 'virsh-cpuset' and
'virsh-define-dev-segfault' cases
virshtest: Adapt 'virsh-vcpupin' test
virshtest: Adapt 'virsh-int-overflow'
virshtest: Adapt 'virsh-schedinfo'
virshtest: Adapt 'virsh-start' and 'virsh-undefine' tests as
'lifecycle' case
virsh: Fix '--name' and '--parent' used together in
'(snapshot|checkpoint)-list' command
vsh: Allow non-interactive use of 'cd' command
virshtest: Adapt 'virsh-snapshot' test
virshtest: Adapt 'virsh-checkpoint' test
virshtest: Adapt 'virsh-read-bufsiz' and 'virsh-read-non-seekable'
virshtest: Adapt 'libvirtd-pool'
tests: Re-implement '(virsh|virt-admin)-self-test' directly in meson
tests: Reimplement 'libvirtd-fail' case directly in meson
virshtest: Adapt virsh-uriprecedence test case
tests: Drop 'test-lib.sh'
build-aux/syntax-check.mk | 6 +-
docs/manpages/virsh.rst | 17 +-
src/meson.build | 5 +
tests/libvirtd-fail | 16 -
tests/libvirtd-pool | 38 -
tests/meson.build | 39 +-
.../console-compat-crash.x86_64-latest.args | 46 +
.../console-compat-crash.x86_64-latest.xml | 65 ++
.../console-compat-crash.xml} | 36 +-
.../cpuset-invalid.x86_64-latest.err | 1 +
tests/qemuxmlconfdata/cpuset-invalid.xml | 12 +
tests/qemuxmlconftest.c | 2 +
tests/test-lib.sh | 280 ------
tests/virsh-checkpoint | 178 ----
tests/virsh-cpuset | 46 -
tests/virsh-int-overflow | 18 -
tests/virsh-optparse | 292 ------
tests/virsh-output | 29 -
tests/virsh-output-commands | 94 --
tests/virsh-output.out | 496 ----------
tests/virsh-read-bufsiz | 49 -
tests/virsh-read-non-seekable | 51 -
tests/virsh-schedinfo | 40 -
tests/virsh-self-test | 48 -
tests/virsh-snapshot | 233 -----
tests/virsh-start | 41 -
tests/virsh-undefine | 76 --
tests/virsh-uriprecedence | 97 --
tests/virsh-vcpupin | 100 --
tests/virshtest.c | 878 +++++++-----------
tests/virshtestdata/argument-assignment.in | 15 +
tests/virshtestdata/argument-assignment.out | 91 ++
tests/virshtestdata/attach-disk.in | 79 ++
tests/virshtestdata/attach-disk.out | 343 +++++++
tests/virshtestdata/blkiotune.in | 3 +
tests/virshtestdata/blkiotune.out | 15 +
tests/virshtestdata/checkpoint-c2.xml | 41 +
tests/virshtestdata/checkpoint-c3.xml | 38 +
tests/virshtestdata/checkpoint-redefine.out | 13 +
tests/virshtestdata/checkpoint.in | 35 +
tests/virshtestdata/checkpoint.out | 133 +++
tests/virshtestdata/dash-dash-argument-1.out | 1 +
tests/virshtestdata/dash-dash-argument-2.out | 1 +
tests/virshtestdata/dash-dash-argument-3.out | 1 +
tests/virshtestdata/dash-dash-argument-4.out | 1 +
tests/virshtestdata/dash-dash-argument-5.out | 1 +
tests/virshtestdata/dash-dash-argument-6.out | 1 +
tests/virshtestdata/domain-id-overflow.out | 3 +
tests/virshtestdata/domain-id.in | 18 +
tests/virshtestdata/domain-id.out | 73 ++
tests/virshtestdata/echo-alias-argv.out | 1 +
tests/virshtestdata/echo-alias.in | 3 +
tests/virshtestdata/echo-alias.out | 3 +
tests/virshtestdata/echo-escaping-1.out | 2 +
tests/virshtestdata/echo-escaping-2.out | 2 +
tests/virshtestdata/echo-escaping-3.out | 2 +
tests/virshtestdata/echo-escaping.in | 11 +
tests/virshtestdata/echo-escaping.out | 11 +
tests/virshtestdata/echo-quote-removal-1.out | 1 +
tests/virshtestdata/echo-quote-removal-2.out | 1 +
tests/virshtestdata/echo-quote-removal-3.out | 1 +
tests/virshtestdata/echo-quote-removal-4.out | 1 +
tests/virshtestdata/echo-quote-removal-5.out | 1 +
tests/virshtestdata/echo-quote-removal-6.out | 1 +
tests/virshtestdata/echo-quote-removal-7.out | 2 +
tests/virshtestdata/echo-quote-removal-8.out | 1 +
tests/virshtestdata/echo-split.in | 5 +
tests/virshtestdata/echo-split.out | 24 +
tests/virshtestdata/info-custom.in | 2 +
tests/virshtestdata/info-custom.out | 15 +
tests/virshtestdata/info-default.in | 2 +
tests/virshtestdata/info-default.out | 13 +
tests/virshtestdata/iothreads.in | 14 +
tests/virshtestdata/iothreads.out | 51 +
tests/virshtestdata/lifecycle.in | 23 +
tests/virshtestdata/lifecycle.out | 106 +++
tests/virshtestdata/multiple-commands-1.out | 2 +
tests/virshtestdata/multiple-commands-10.out | 1 +
tests/virshtestdata/multiple-commands-11.out | 1 +
tests/virshtestdata/multiple-commands-12.out | 1 +
tests/virshtestdata/multiple-commands-2.out | 2 +
tests/virshtestdata/multiple-commands-3.out | 2 +
tests/virshtestdata/multiple-commands-4.out | 2 +
tests/virshtestdata/multiple-commands-5.out | 3 +
tests/virshtestdata/multiple-commands-6.out | 1 +
tests/virshtestdata/multiple-commands-7.out | 2 +
tests/virshtestdata/multiple-commands-8.out | 2 +
tests/virshtestdata/multiple-commands-9.out | 1 +
tests/virshtestdata/numeric-parsing-event.in | 26 +
tests/virshtestdata/numeric-parsing-event.out | 10 +
tests/virshtestdata/numeric-parsing.in | 43 +
tests/virshtestdata/numeric-parsing.out | 12 +
tests/virshtestdata/pool-define-as.out | 12 +
tests/virshtestdata/read-big-pipe.out | 7 +
.../schedinfo-invalid-argument.out | 5 +
tests/virshtestdata/snapshot-create-args.in | 9 +
tests/virshtestdata/snapshot-create-args.out | 82 ++
tests/virshtestdata/snapshot-redefine.out | 17 +
tests/virshtestdata/snapshot-s2.xml | 43 +
tests/virshtestdata/snapshot-s3.xml | 40 +
tests/virshtestdata/snapshot.in | 54 ++
tests/virshtestdata/snapshot.out | 173 ++++
.../uriprecedence-LIBVIRT_DEFAULT_URI.out | 5 +
...riprecedence-VIRSH_DEFAULT_CONNECT_URI.out | 5 +
tests/virshtestdata/uriprecedence-param.out | 5 +
.../uriprecedence-xdg-config.out | 5 +
.../bad/libvirt/libvirt.conf | 1 +
.../good/libvirt/libvirt.conf | 1 +
tests/virshtestdata/vcpupin.in | 23 +
tests/virshtestdata/vcpupin.out | 26 +
tests/virt-admin-self-test | 1 -
tools/meson.build | 4 +-
tools/virsh-checkpoint.c | 18 +-
tools/virsh-snapshot.c | 18 +-
tools/vsh.c | 5 -
115 files changed, 2352 insertions(+), 2852 deletions(-)
delete mode 100755 tests/libvirtd-fail
delete mode 100755 tests/libvirtd-pool
create mode 100644 tests/qemuxmlconfdata/console-compat-crash.x86_64-latest.args
create mode 100644 tests/qemuxmlconfdata/console-compat-crash.x86_64-latest.xml
rename tests/{virsh-define-dev-segfault => qemuxmlconfdata/console-compat-crash.xml} (59%)
mode change 100755 => 100644
create mode 100644 tests/qemuxmlconfdata/cpuset-invalid.x86_64-latest.err
create mode 100644 tests/qemuxmlconfdata/cpuset-invalid.xml
delete mode 100644 tests/test-lib.sh
delete mode 100755 tests/virsh-checkpoint
delete mode 100755 tests/virsh-cpuset
delete mode 100755 tests/virsh-int-overflow
delete mode 100755 tests/virsh-optparse
delete mode 100755 tests/virsh-output
delete mode 100755 tests/virsh-output-commands
delete mode 100644 tests/virsh-output.out
delete mode 100755 tests/virsh-read-bufsiz
delete mode 100755 tests/virsh-read-non-seekable
delete mode 100755 tests/virsh-schedinfo
delete mode 100755 tests/virsh-self-test
delete mode 100755 tests/virsh-snapshot
delete mode 100755 tests/virsh-start
delete mode 100755 tests/virsh-undefine
delete mode 100755 tests/virsh-uriprecedence
delete mode 100755 tests/virsh-vcpupin
create mode 100644 tests/virshtestdata/argument-assignment.in
create mode 100644 tests/virshtestdata/argument-assignment.out
create mode 100755 tests/virshtestdata/attach-disk.in
create mode 100644 tests/virshtestdata/attach-disk.out
create mode 100644 tests/virshtestdata/blkiotune.in
create mode 100644 tests/virshtestdata/blkiotune.out
create mode 100644 tests/virshtestdata/checkpoint-c2.xml
create mode 100644 tests/virshtestdata/checkpoint-c3.xml
create mode 100644 tests/virshtestdata/checkpoint-redefine.out
create mode 100755 tests/virshtestdata/checkpoint.in
create mode 100644 tests/virshtestdata/checkpoint.out
create mode 100644 tests/virshtestdata/dash-dash-argument-1.out
create mode 100644 tests/virshtestdata/dash-dash-argument-2.out
create mode 100644 tests/virshtestdata/dash-dash-argument-3.out
create mode 100644 tests/virshtestdata/dash-dash-argument-4.out
create mode 100644 tests/virshtestdata/dash-dash-argument-5.out
create mode 100644 tests/virshtestdata/dash-dash-argument-6.out
create mode 100644 tests/virshtestdata/domain-id-overflow.out
create mode 100644 tests/virshtestdata/domain-id.in
create mode 100644 tests/virshtestdata/domain-id.out
create mode 100644 tests/virshtestdata/echo-alias-argv.out
create mode 100644 tests/virshtestdata/echo-alias.in
create mode 100644 tests/virshtestdata/echo-alias.out
create mode 100644 tests/virshtestdata/echo-escaping-1.out
create mode 100644 tests/virshtestdata/echo-escaping-2.out
create mode 100644 tests/virshtestdata/echo-escaping-3.out
create mode 100644 tests/virshtestdata/echo-escaping.in
create mode 100644 tests/virshtestdata/echo-escaping.out
create mode 100644 tests/virshtestdata/echo-quote-removal-1.out
create mode 100644 tests/virshtestdata/echo-quote-removal-2.out
create mode 100644 tests/virshtestdata/echo-quote-removal-3.out
create mode 100644 tests/virshtestdata/echo-quote-removal-4.out
create mode 100644 tests/virshtestdata/echo-quote-removal-5.out
create mode 100644 tests/virshtestdata/echo-quote-removal-6.out
create mode 100644 tests/virshtestdata/echo-quote-removal-7.out
create mode 100644 tests/virshtestdata/echo-quote-removal-8.out
create mode 100644 tests/virshtestdata/echo-split.in
create mode 100644 tests/virshtestdata/echo-split.out
create mode 100644 tests/virshtestdata/info-custom.in
create mode 100644 tests/virshtestdata/info-custom.out
create mode 100644 tests/virshtestdata/info-default.in
create mode 100644 tests/virshtestdata/info-default.out
create mode 100644 tests/virshtestdata/iothreads.in
create mode 100644 tests/virshtestdata/iothreads.out
create mode 100644 tests/virshtestdata/lifecycle.in
create mode 100644 tests/virshtestdata/lifecycle.out
create mode 100644 tests/virshtestdata/multiple-commands-1.out
create mode 100644 tests/virshtestdata/multiple-commands-10.out
create mode 100644 tests/virshtestdata/multiple-commands-11.out
create mode 100644 tests/virshtestdata/multiple-commands-12.out
create mode 100644 tests/virshtestdata/multiple-commands-2.out
create mode 100644 tests/virshtestdata/multiple-commands-3.out
create mode 100644 tests/virshtestdata/multiple-commands-4.out
create mode 100644 tests/virshtestdata/multiple-commands-5.out
create mode 100644 tests/virshtestdata/multiple-commands-6.out
create mode 100644 tests/virshtestdata/multiple-commands-7.out
create mode 100644 tests/virshtestdata/multiple-commands-8.out
create mode 100644 tests/virshtestdata/multiple-commands-9.out
create mode 100644 tests/virshtestdata/numeric-parsing-event.in
create mode 100644 tests/virshtestdata/numeric-parsing-event.out
create mode 100644 tests/virshtestdata/numeric-parsing.in
create mode 100644 tests/virshtestdata/numeric-parsing.out
create mode 100644 tests/virshtestdata/pool-define-as.out
create mode 100644 tests/virshtestdata/read-big-pipe.out
create mode 100644 tests/virshtestdata/schedinfo-invalid-argument.out
create mode 100644 tests/virshtestdata/snapshot-create-args.in
create mode 100644 tests/virshtestdata/snapshot-create-args.out
create mode 100644 tests/virshtestdata/snapshot-redefine.out
create mode 100644 tests/virshtestdata/snapshot-s2.xml
create mode 100644 tests/virshtestdata/snapshot-s3.xml
create mode 100755 tests/virshtestdata/snapshot.in
create mode 100644 tests/virshtestdata/snapshot.out
create mode 100644 tests/virshtestdata/uriprecedence-LIBVIRT_DEFAULT_URI.out
create mode 100644 tests/virshtestdata/uriprecedence-VIRSH_DEFAULT_CONNECT_URI.out
create mode 100644 tests/virshtestdata/uriprecedence-param.out
create mode 100644 tests/virshtestdata/uriprecedence-xdg-config.out
create mode 100644 tests/virshtestdata/uriprecedence-xdg/bad/libvirt/libvirt.conf
create mode 100644 tests/virshtestdata/uriprecedence-xdg/good/libvirt/libvirt.conf
create mode 100755 tests/virshtestdata/vcpupin.in
create mode 100644 tests/virshtestdata/vcpupin.out
delete mode 120000 tests/virt-admin-self-test
--
2.44.0
7 months, 2 weeks
[PATCH-for-9.1 v2 0/3] target/nios2: Remove the deprecated Nios II target
by Philippe Mathieu-Daudé
Since v1:
- Remove user emulation too
- Remove ALTERA_TIMER
Philippe Mathieu-Daudé (3):
fpu/softfloat: Remove mention of TILE-Gx target
target/nios2: Remove the deprecated Nios II target
hw/timer: Remove the ALTERA_TIMER model
MAINTAINERS | 13 -
docs/about/deprecated.rst | 11 -
docs/about/emulation.rst | 7 -
docs/about/removed-features.rst | 14 +
docs/system/replay.rst | 2 +-
docs/user/main.rst | 4 -
configure | 2 -
configs/devices/nios2-softmmu/default.mak | 6 -
configs/targets/nios2-linux-user.mak | 1 -
configs/targets/nios2-softmmu.mak | 2 -
meson.build | 2 -
qapi/machine.json | 2 +-
hw/nios2/boot.h | 10 -
include/disas/dis-asm.h | 5 -
include/exec/poison.h | 2 -
include/exec/user/abitypes.h | 3 +-
include/hw/intc/nios2_vic.h | 66 -
include/sysemu/arch_init.h | 1 -
linux-user/nios2/sockbits.h | 1 -
linux-user/nios2/syscall_nr.h | 333 --
linux-user/nios2/target_cpu.h | 49 -
linux-user/nios2/target_elf.h | 14 -
linux-user/nios2/target_errno_defs.h | 7 -
linux-user/nios2/target_fcntl.h | 11 -
linux-user/nios2/target_mman.h | 11 -
linux-user/nios2/target_prctl.h | 1 -
linux-user/nios2/target_proc.h | 1 -
linux-user/nios2/target_resource.h | 1 -
linux-user/nios2/target_signal.h | 9 -
linux-user/nios2/target_structs.h | 1 -
linux-user/nios2/target_syscall.h | 37 -
linux-user/nios2/termbits.h | 1 -
linux-user/syscall_defs.h | 4 +-
target/nios2/cpu-param.h | 20 -
target/nios2/cpu-qom.h | 18 -
target/nios2/cpu.h | 301 --
target/nios2/helper.h | 32 -
target/nios2/mmu.h | 52 -
tests/tcg/nios2/semicall.h | 28 -
disas/nios2.c | 3514 -----------------
hw/intc/nios2_vic.c | 313 --
hw/nios2/10m50_devboard.c | 181 -
hw/nios2/boot.c | 234 --
hw/nios2/generic_nommu.c | 101 -
hw/timer/altera_timer.c | 244 --
linux-user/elfload.c | 99 -
linux-user/nios2/cpu_loop.c | 157 -
linux-user/nios2/signal.c | 210 -
target/nios2/cpu.c | 410 --
target/nios2/helper.c | 371 --
target/nios2/mmu.c | 216 -
target/nios2/monitor.c | 35 -
target/nios2/nios2-semi.c | 230 --
target/nios2/op_helper.c | 119 -
target/nios2/translate.c | 1107 ------
tests/qtest/machine-none-test.c | 1 -
fpu/softfloat-specialize.c.inc | 2 +-
.gitlab-ci.d/buildtest.yml | 4 +-
.gitlab-ci.d/crossbuild-template.yml | 2 +-
.gitlab-ci.d/crossbuilds.yml | 2 +-
disas/meson.build | 1 -
hw/Kconfig | 1 -
hw/intc/Kconfig | 3 -
hw/intc/meson.build | 1 -
hw/meson.build | 1 -
hw/nios2/Kconfig | 13 -
hw/nios2/meson.build | 6 -
hw/timer/Kconfig | 4 -
hw/timer/meson.build | 1 -
qemu-options.hx | 8 +-
scripts/coverity-scan/COMPONENTS.md | 3 -
scripts/gensyscalls.sh | 1 -
scripts/probe-gdb-support.py | 1 -
target/Kconfig | 1 -
target/meson.build | 1 -
target/nios2/Kconfig | 3 -
target/nios2/meson.build | 17 -
target/nios2/trace-events | 10 -
tests/avocado/boot_linux_console.py | 8 -
tests/avocado/replay_kernel.py | 11 -
tests/docker/Makefile.include | 5 -
.../debian-nios2-cross.d/build-toolchain.sh | 87 -
tests/tcg/nios2/10m50-ghrd.ld | 70 -
tests/tcg/nios2/Makefile.softmmu-target | 32 -
tests/tcg/nios2/Makefile.target | 11 -
tests/tcg/nios2/boot.S | 218 -
tests/tcg/nios2/intr.S | 31 -
tests/tcg/nios2/test-shadow-1.S | 40 -
88 files changed, 28 insertions(+), 9198 deletions(-)
delete mode 100644 configs/devices/nios2-softmmu/default.mak
delete mode 100644 configs/targets/nios2-linux-user.mak
delete mode 100644 configs/targets/nios2-softmmu.mak
delete mode 100644 hw/nios2/boot.h
delete mode 100644 include/hw/intc/nios2_vic.h
delete mode 100644 linux-user/nios2/sockbits.h
delete mode 100644 linux-user/nios2/syscall_nr.h
delete mode 100644 linux-user/nios2/target_cpu.h
delete mode 100644 linux-user/nios2/target_elf.h
delete mode 100644 linux-user/nios2/target_errno_defs.h
delete mode 100644 linux-user/nios2/target_fcntl.h
delete mode 100644 linux-user/nios2/target_mman.h
delete mode 100644 linux-user/nios2/target_prctl.h
delete mode 100644 linux-user/nios2/target_proc.h
delete mode 100644 linux-user/nios2/target_resource.h
delete mode 100644 linux-user/nios2/target_signal.h
delete mode 100644 linux-user/nios2/target_structs.h
delete mode 100644 linux-user/nios2/target_syscall.h
delete mode 100644 linux-user/nios2/termbits.h
delete mode 100644 target/nios2/cpu-param.h
delete mode 100644 target/nios2/cpu-qom.h
delete mode 100644 target/nios2/cpu.h
delete mode 100644 target/nios2/helper.h
delete mode 100644 target/nios2/mmu.h
delete mode 100644 tests/tcg/nios2/semicall.h
delete mode 100644 disas/nios2.c
delete mode 100644 hw/intc/nios2_vic.c
delete mode 100644 hw/nios2/10m50_devboard.c
delete mode 100644 hw/nios2/boot.c
delete mode 100644 hw/nios2/generic_nommu.c
delete mode 100644 hw/timer/altera_timer.c
delete mode 100644 linux-user/nios2/cpu_loop.c
delete mode 100644 linux-user/nios2/signal.c
delete mode 100644 target/nios2/cpu.c
delete mode 100644 target/nios2/helper.c
delete mode 100644 target/nios2/mmu.c
delete mode 100644 target/nios2/monitor.c
delete mode 100644 target/nios2/nios2-semi.c
delete mode 100644 target/nios2/op_helper.c
delete mode 100644 target/nios2/translate.c
delete mode 100644 hw/nios2/Kconfig
delete mode 100644 hw/nios2/meson.build
delete mode 100644 target/nios2/Kconfig
delete mode 100644 target/nios2/meson.build
delete mode 100644 target/nios2/trace-events
delete mode 100755 tests/docker/dockerfiles/debian-nios2-cross.d/build-toolchain.sh
delete mode 100644 tests/tcg/nios2/10m50-ghrd.ld
delete mode 100644 tests/tcg/nios2/Makefile.softmmu-target
delete mode 100644 tests/tcg/nios2/Makefile.target
delete mode 100644 tests/tcg/nios2/boot.S
delete mode 100644 tests/tcg/nios2/intr.S
delete mode 100644 tests/tcg/nios2/test-shadow-1.S
--
2.41.0
8 months
[PATCH 00/10] qemu: Introduce shared_filesystems configuration option
by Andrea Bolognani
An alternative take on [1] based on review feedback.
The need to have something like this in the first place is driven by
KubeVirt (see [2] and [3]). A draft version of this series has been
integrated into KubeVirt and it has been confirmed that it was
effective in removing the need to use LD_PRELOAD hacks in the storage
provider.
CC'ing Stefan so he can have a look at the TPM part and shout if I've
gotten anything wrong :)
[1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/MM...
[2] https://issues.redhat.com/browse/CNV-34322
[3] https://issues.redhat.com/browse/CNV-39370
Andrea Bolognani (10):
security: Fix alignment
security: Fix name for _virSecurityDACChardevCallbackData
security: Drop virSecurity(DAC|SELinux)RestoreImageLabelSingle()
security: Drop virSecurity(DAC|SELinux)SetImageLabelRelative()
qemu: Tweak augeas schema
qemu: Introduce shared_filesystems configuration option
qemu: Propagate shared_filesystems
utils: Use overrides in virFileIsSharedFS()
qemu: Always set labels for TPM state
NEWS: Document qemu shared_filesystems option
NEWS.rst | 7 +++
src/lxc/lxc_controller.c | 2 +-
src/lxc/lxc_driver.c | 2 +-
src/lxc/lxc_process.c | 4 +-
src/qemu/libvirtd_qemu.aug | 11 ++--
src/qemu/qemu.conf.in | 17 ++++++
src/qemu/qemu_conf.c | 17 ++++++
src/qemu/qemu_conf.h | 2 +
src/qemu/qemu_domain.c | 2 +-
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_migration.c | 12 ++--
src/qemu/qemu_security.c | 14 ++++-
src/qemu/qemu_tpm.c | 36 ++++++------
src/qemu/qemu_tpm.h | 8 ++-
src/qemu/test_libvirtd_qemu.aug.in | 5 ++
src/security/security_apparmor.c | 2 +
src/security/security_dac.c | 67 +++++++++-------------
src/security/security_driver.h | 4 ++
src/security/security_manager.c | 34 +++++++-----
src/security/security_manager.h | 20 ++++---
src/security/security_nop.c | 4 ++
src/security/security_selinux.c | 58 ++++++++-----------
src/security/security_stack.c | 16 ++++--
src/util/virfile.c | 89 +++++++++++++++++++++++++-----
src/util/virfile.h | 3 +-
tests/securityselinuxlabeltest.c | 2 +-
tests/virfiletest.c | 2 +-
27 files changed, 289 insertions(+), 153 deletions(-)
--
2.44.0
8 months, 1 week
[PATCH-for-9.1 v2 00/21] hw/i386: Remove deprecated pc-i440fx-2.0 -> 2.3 machines
by Philippe Mathieu-Daudé
Missing review: 4-6, 10-12, 16, 19-20
Since v1:
- Addressed Zhao and Thomas review comments
- Removal around ICH9 acpi_memory_hotplug (Thomas)
Kill legacy code, because we need to evolve.
I ended there via dynamic machine -> ICH9 -> legacy ACPI...
This should also help Igor cleanups:
http://lore.kernel.org/qemu-devel/20240326171632.3cc7533d@imammedo.users....
Philippe Mathieu-Daudé (21):
hw/i386/pc: Remove deprecated pc-i440fx-2.0 machine
hw/usb/hcd-xhci: Remove XHCI_FLAG_FORCE_PCIE_ENDCAP flag
hw/usb/hcd-xhci: Remove XHCI_FLAG_SS_FIRST flag
hw/i386/acpi: Remove PCMachineClass::legacy_acpi_table_size
hw/acpi/ich9: Remove 'memory-hotplug-support' property
hw/acpi/ich9: Remove dead code related to 'acpi_memory_hotplug'
hw/i386/pc: Remove deprecated pc-i440fx-2.1 machine
target/i386/kvm: Remove x86_cpu_change_kvm_default() and 'kvm-cpu.h'
hw/i386/pc: Remove PCMachineClass::smbios_uuid_encoded
hw/smbios: Remove 'uuid_encoded' argument from smbios_set_defaults()
hw/smbios: Remove 'smbios_uuid_encoded', simplify smbios_encode_uuid()
hw/i386/pc: Remove PCMachineClass::enforce_aligned_dimm
hw/mem/pc-dimm: Remove legacy_align argument from pc_dimm_pre_plug()
hw/mem/memory-device: Remove legacy_align from
memory_device_pre_plug()
hw/i386/pc: Remove deprecated pc-i440fx-2.2 machine
hw/i386/pc: Remove PCMachineClass::resizable_acpi_blob
hw/i386/pc: Remove PCMachineClass::rsdp_in_ram
hw/i386/acpi: Remove AcpiBuildState::rsdp field
hw/i386/pc: Remove 2.3 and deprecate 2.4 to 2.7 pc-i440fx machines
target/i386: Remove X86CPU::kvm_no_smi_migration field
hw/i386/pc: Replace PCMachineClass::acpi_data_size by
PC_ACPI_DATA_SIZE
docs/about/deprecated.rst | 2 +-
docs/about/removed-features.rst | 2 +-
hw/usb/hcd-xhci.h | 4 +-
include/hw/firmware/smbios.h | 3 +-
include/hw/i386/pc.h | 22 ------
include/hw/mem/memory-device.h | 2 +-
include/hw/mem/pc-dimm.h | 3 +-
target/i386/cpu.h | 3 -
target/i386/kvm/kvm-cpu.h | 41 ----------
hw/acpi/ich9.c | 46 ++---------
hw/arm/virt.c | 5 +-
hw/i386/acpi-build.c | 95 ++---------------------
hw/i386/fw_cfg.c | 3 +-
hw/i386/pc.c | 107 ++++----------------------
hw/i386/pc_piix.c | 101 ------------------------
hw/loongarch/virt.c | 4 +-
hw/mem/memory-device.c | 12 +--
hw/mem/pc-dimm.c | 6 +-
hw/ppc/spapr.c | 2 +-
hw/riscv/virt.c | 2 +-
hw/smbios/smbios.c | 13 +---
hw/usb/hcd-xhci-nec.c | 4 -
hw/usb/hcd-xhci-pci.c | 4 +-
hw/usb/hcd-xhci.c | 42 ++--------
hw/virtio/virtio-md-pci.c | 2 +-
target/i386/cpu.c | 2 -
target/i386/kvm/kvm-cpu.c | 3 +-
target/i386/kvm/kvm.c | 7 +-
tests/avocado/mem-addr-space-check.py | 3 +-
29 files changed, 64 insertions(+), 481 deletions(-)
delete mode 100644 target/i386/kvm/kvm-cpu.h
--
2.41.0
8 months, 1 week
[PATCH] qemu: Add sysusers config file for qemu & kvm user/groups
by tim@siosm.fr
Install a systemd sysusers config file for the qemu & kvm user/groups.
We can not use the sysusers_create_compat macro in the RPM specfile to
create those users as we want to keep the specfile standalone and not
relying on additionnal files.
Update the specfile to make the commands closer to what is generated by
the current macro.
See: https://src.fedoraproject.org/rpms/libvirt/pull-request/22
See: https://gitlab.com/libvirt/libvirt/-/merge_requests/319
See: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/
Based on previous work by: Peter Krempa <pkrempa(a)redhat.com>
Signed-off-by: Timothée Ravier <tim(a)siosm.fr>
---
libvirt.spec.in | 21 +++++++++++++--------
src/qemu/libvirt-qemu.sysusers.conf | 4 ++++
src/qemu/meson.build | 7 +++++++
3 files changed, 24 insertions(+), 8 deletions(-)
create mode 100644 src/qemu/libvirt-qemu.sysusers.conf
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 8413e3c19a..a411ac6515 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1473,6 +1473,7 @@ chmod 600 $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter/*.xml
%if ! %{with_qemu}
rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_qemu.aug
rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
+rm -f $RPM_BUILD_ROOT%{_sysusersdir}/libvirt-qemu.conf
%endif
%find_lang %{name}
@@ -1834,16 +1835,19 @@ exit 0
%pre daemon-driver-qemu
%libvirt_sysconfig_pre virtqemud
%libvirt_systemd_unix_pre virtqemud
+
# We want soft static allocation of well-known ids, as disk images
-# are commonly shared across NFS mounts by id rather than name; see
-# https://fedoraproject.org/wiki/Packaging:UsersAndGroups
-getent group kvm >/dev/null || groupadd -f -g 36 -r kvm
-getent group qemu >/dev/null || groupadd -f -g 107 -r qemu
-if ! getent passwd qemu >/dev/null; then
- if ! getent passwd 107 >/dev/null; then
- useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
+# are commonly shared across NFS mounts by id rather than name.
+# See https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/
+# We can not use the sysusers_create_compat macro here as we want to keep the
+# specfile standalone and not relying on additionnal files.
+getent group 'kvm' >/dev/null || groupadd -f -g '36' -r 'kvm' || :
+getent group 'qemu' >/dev/null || groupadd -f -g '107' -r 'qemu' || :
+if ! getent passwd 'qemu' >/dev/null; then
+ if ! getent passwd '107' >/dev/null; then
+ useradd -r -u '107' -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user' 'qemu' || :
else
- useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
+ useradd -r -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user' 'qemu' || :
fi
fi
exit 0
@@ -2246,6 +2250,7 @@ exit 0
%{_bindir}/virt-qemu-run
%{_mandir}/man1/virt-qemu-run.1*
%{_mandir}/man8/virtqemud.8*
+%{_sysusersdir}/libvirt-qemu.conf
%endif
%if %{with_lxc}
diff --git a/src/qemu/libvirt-qemu.sysusers.conf b/src/qemu/libvirt-qemu.sysusers.conf
new file mode 100644
index 0000000000..3189191e73
--- /dev/null
+++ b/src/qemu/libvirt-qemu.sysusers.conf
@@ -0,0 +1,4 @@
+g kvm 36
+g qemu 107
+u qemu 107:qemu "qemu user" - -
+m qemu kvm
diff --git a/src/qemu/meson.build b/src/qemu/meson.build
index 4c3e1dee78..7a0e908a66 100644
--- a/src/qemu/meson.build
+++ b/src/qemu/meson.build
@@ -160,6 +160,13 @@ if conf.has('WITH_QEMU')
configuration: qemu_user_group_hack_conf,
)
+ # Install the sysuser config for the qemu driver
+ install_data(
+ 'libvirt-qemu.sysusers.conf',
+ install_dir: prefix / 'lib' / 'sysusers.d',
+ rename: [ 'libvirt-qemu.conf' ],
+ )
+
virt_conf_files += qemu_conf
virt_aug_files += files('libvirtd_qemu.aug')
virt_test_aug_files += {
--
2.43.0
8 months, 2 weeks