2010-02-22 17:01:34 -07:00
|
|
|
*#*#
|
|
|
|
*.#*#
|
2008-10-28 17:47:12 +00:00
|
|
|
*.a
|
2012-02-03 14:30:06 -07:00
|
|
|
*.cov
|
2010-04-28 21:36:03 -06:00
|
|
|
*.exe
|
2010-06-09 12:35:49 -06:00
|
|
|
*.gcda
|
|
|
|
*.gcno
|
|
|
|
*.gcov
|
2012-02-03 14:30:06 -07:00
|
|
|
*.html
|
|
|
|
*.i
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-01 17:57:06 +01:00
|
|
|
*.la
|
|
|
|
*.lo
|
2012-02-03 14:30:06 -07:00
|
|
|
*.loT
|
2008-10-28 17:47:12 +00:00
|
|
|
*.o
|
2010-02-22 17:01:34 -07:00
|
|
|
*.orig
|
2012-02-03 14:30:06 -07:00
|
|
|
*.pyc
|
2010-02-22 17:01:34 -07:00
|
|
|
*.rej
|
2012-02-03 14:30:06 -07:00
|
|
|
*.s
|
2008-10-28 17:47:12 +00:00
|
|
|
*~
|
2012-10-26 14:39:55 +02:00
|
|
|
.#*
|
2012-02-03 14:30:06 -07:00
|
|
|
.deps
|
build: use automake subdir-objects
Automake 2.0 will enable subdir-objects by default; in preparation
for that change, automake 1.14 outputs LOADS of warnings:
daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
automake-1.14: warning: possible forward-incompatibility.
automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
automake-1.14: automake option hasn't been enabled. For now, the corresponding output
automake-1.14: object file(s) will be placed in the top-level directory. However,
automake-1.14: this behaviour will change in future Automake versions: they will
automake-1.14: unconditionally cause object files to be placed in the same subdirectory
automake-1.14: of the corresponding sources.
automake-1.14: You are advised to start using 'subdir-objects' option throughout your
automake-1.14: project, to avoid future incompatibilities.
daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
...
As automake 1.9 also supported this option, and the previous patches
fixed up the code base to work with it, it is safe to now turn it on
unconditionally.
* configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
* .gitignore: Ignore .dirstamp directories.
* src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
new subdir-object location of .lo files.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-07 16:18:06 -06:00
|
|
|
.dirstamp
|
2012-09-14 10:09:51 +01:00
|
|
|
.gdb_history
|
2008-10-17 10:03:15 +00:00
|
|
|
.git
|
2009-07-10 10:01:04 +02:00
|
|
|
.git-module-status
|
2012-02-03 14:30:06 -07:00
|
|
|
.libs
|
2011-03-17 10:35:17 +08:00
|
|
|
.lvimrc
|
2012-02-03 14:30:06 -07:00
|
|
|
.memdump
|
2010-04-21 09:55:03 -06:00
|
|
|
.sc-start-sc_*
|
2010-11-16 12:29:09 -07:00
|
|
|
/ABOUT-NLS
|
2012-10-12 19:50:19 -04:00
|
|
|
/AUTHORS
|
2010-11-16 12:29:09 -07:00
|
|
|
/ChangeLog
|
2010-02-22 17:01:34 -07:00
|
|
|
/GNUmakefile
|
2010-11-16 12:29:09 -07:00
|
|
|
/INSTALL
|
|
|
|
/NEWS
|
|
|
|
/aclocal.m4
|
|
|
|
/autom4te.cache
|
2011-01-04 03:37:17 +01:00
|
|
|
/build-aux
|
2010-11-16 12:29:09 -07:00
|
|
|
/build-aux/
|
2010-04-30 08:52:54 -06:00
|
|
|
/build/
|
2010-11-16 12:29:09 -07:00
|
|
|
/config.cache
|
|
|
|
/config.guess
|
|
|
|
/config.h
|
|
|
|
/config.h.in
|
|
|
|
/config.log
|
|
|
|
/config.rpath
|
|
|
|
/config.status
|
|
|
|
/config.sub
|
|
|
|
/configure
|
|
|
|
/configure.lineno
|
2011-05-16 18:13:11 +01:00
|
|
|
/daemon/*_dispatch.h
|
2012-02-03 14:30:06 -07:00
|
|
|
/daemon/libvirt_qemud
|
|
|
|
/daemon/libvirtd
|
|
|
|
/daemon/libvirtd*.logrotate
|
|
|
|
/daemon/libvirtd.8
|
|
|
|
/daemon/libvirtd.8.in
|
2012-04-13 10:55:15 +02:00
|
|
|
/daemon/libvirtd.init
|
2012-02-03 14:30:06 -07:00
|
|
|
/daemon/libvirtd.pod
|
2012-10-12 10:51:48 -04:00
|
|
|
/daemon/libvirtd.policy
|
2012-04-13 10:55:15 +02:00
|
|
|
/daemon/libvirtd.service
|
Autogenerate augeas test case from default config files
When adding new config file parameters, the corresponding
additions to the augeas lens' are constantly forgotten.
Also there are augeas test cases, these don't catch the
error, since they too are never updated.
To address this, the augeas test cases need to be auto-generated
from the example config files.
* build-aux/augeas-gentest.pl: Helper to generate an
augeas test file, substituting in elements from the
example config files
* src/Makefile.am, daemon/Makefile.am: Switch to
auto-generated augeas test cases
* daemon/test_libvirtd.aug, daemon/test_libvirtd.aug.in,
src/locking/test_libvirt_sanlock.aug,
src/locking/test_libvirt_sanlock.aug.in,
src/lxc/test_libvirtd_lxc.aug,
src/lxc/test_libvirtd_lxc.aug.in,
src/qemu/test_libvirtd_qemu.aug,
src/qemu/test_libvirtd_qemu.aug.in: Remove example
config file data, replacing with a ::CONFIG:: placeholder
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-05-25 11:14:15 +01:00
|
|
|
/daemon/test_libvirtd.aug
|
2013-08-08 11:51:01 +01:00
|
|
|
/docs/aclperms.htmlinc
|
2012-04-27 12:05:12 -04:00
|
|
|
/docs/apibuild.py.stamp
|
2012-02-03 14:30:06 -07:00
|
|
|
/docs/devhelp/libvirt.devhelp
|
2011-05-16 09:33:56 -06:00
|
|
|
/docs/hvsupport.html.in
|
2012-02-03 14:30:06 -07:00
|
|
|
/docs/libvirt-api.xml
|
Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.
The actual APIs are
int virDomainLxcOpenNamespace(virDomainPtr domain,
int **fdlist,
unsigned int flags);
int virDomainLxcEnterNamespace(virDomainPtr domain,
unsigned int nfdlist,
int *fdlist,
unsigned int *noldfdlist,
int **oldfdlist,
unsigned int flags);
which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.
NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-21 13:15:19 +00:00
|
|
|
/docs/libvirt-lxc-*.xml
|
2013-01-15 13:30:30 +01:00
|
|
|
/docs/libvirt-qemu-*.xml
|
2012-02-03 14:30:06 -07:00
|
|
|
/docs/libvirt-refs.xml
|
2012-08-01 15:29:27 +02:00
|
|
|
/docs/search.php
|
2012-02-03 14:30:06 -07:00
|
|
|
/docs/todo.html.in
|
|
|
|
/examples/domain-events/events-c/event-test
|
|
|
|
/examples/dominfo/info1
|
|
|
|
/examples/domsuspend/suspend
|
|
|
|
/examples/hellolibvirt/hellolibvirt
|
|
|
|
/examples/openauth/openauth
|
2011-07-28 14:55:21 +02:00
|
|
|
/gnulib/lib/*
|
|
|
|
/gnulib/m4/*
|
|
|
|
/gnulib/tests/*
|
2012-02-03 14:30:06 -07:00
|
|
|
/include/libvirt/libvirt.h
|
2010-11-16 12:29:09 -07:00
|
|
|
/libtool
|
|
|
|
/libvirt-*.tar.gz
|
2010-05-19 16:16:47 -06:00
|
|
|
/libvirt-[0-9]*
|
2010-11-16 12:29:09 -07:00
|
|
|
/libvirt.pc
|
|
|
|
/libvirt.spec
|
|
|
|
/ltconfig
|
|
|
|
/ltmain.sh
|
2011-04-05 13:06:31 -06:00
|
|
|
/m4/*
|
2010-02-22 17:01:34 -07:00
|
|
|
/maint.mk
|
2012-06-15 17:13:11 +01:00
|
|
|
/mingw-libvirt.spec
|
2010-11-16 12:29:09 -07:00
|
|
|
/mkinstalldirs
|
2011-04-05 13:06:31 -06:00
|
|
|
/po/*
|
2010-11-09 11:45:14 +01:00
|
|
|
/proxy/
|
2012-02-03 14:30:06 -07:00
|
|
|
/python/generated.stamp
|
2011-07-19 07:34:34 -06:00
|
|
|
/python/generator.py.stamp
|
2012-02-03 14:30:06 -07:00
|
|
|
/python/libvirt-export.c
|
Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.
The actual APIs are
int virDomainLxcOpenNamespace(virDomainPtr domain,
int **fdlist,
unsigned int flags);
int virDomainLxcEnterNamespace(virDomainPtr domain,
unsigned int nfdlist,
int *fdlist,
unsigned int *noldfdlist,
int **oldfdlist,
unsigned int flags);
which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.
NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-21 13:15:19 +00:00
|
|
|
/python/libvirt-lxc-export.c
|
|
|
|
/python/libvirt-lxc.[ch]
|
2011-09-14 09:30:33 -06:00
|
|
|
/python/libvirt-qemu-export.c
|
|
|
|
/python/libvirt-qemu.[ch]
|
2012-02-03 14:30:06 -07:00
|
|
|
/python/libvirt.[ch]
|
|
|
|
/python/libvirt.py
|
Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.
The actual APIs are
int virDomainLxcOpenNamespace(virDomainPtr domain,
int **fdlist,
unsigned int flags);
int virDomainLxcEnterNamespace(virDomainPtr domain,
unsigned int nfdlist,
int *fdlist,
unsigned int *noldfdlist,
int **oldfdlist,
unsigned int flags);
which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.
NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-21 13:15:19 +00:00
|
|
|
/python/libvirt_lxc.py
|
2011-09-14 09:30:33 -06:00
|
|
|
/python/libvirt_qemu.py
|
2012-09-14 10:08:54 +01:00
|
|
|
/run
|
2011-08-18 17:03:26 -06:00
|
|
|
/sc_*
|
2012-07-23 15:45:20 +01:00
|
|
|
/src/.*.stamp
|
2012-01-23 15:12:57 +00:00
|
|
|
/src/access/org.libvirt.api.policy
|
Auto-generate helpers for checking access control rules
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.
- 'aclheader' - defines signatures of helper APIs for
doing authorization checks. There is one helper API
for each API requiring an auth check. Any @acl
annotations result in a method being generated with
a suffix of 'EnsureACL'. If the ACL check requires
examination of flags, an extra 'flags' param will be
present. Some examples
extern int virConnectBaselineCPUEnsureACL(void);
extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
Any @aclfilter annotations resuilt in a method being
generated with a suffix of 'CheckACL'.
extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
These are used for filtering individual objects from APIs
which return a list of objects
- 'aclbody' - defines the actual implementation of the
methods described above. This calls into the access
manager APIs. A complex example:
/* Returns: -1 on error (denied==error), 0 on allowed */
int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
virDomainDefPtr domain,
unsigned int flags)
{
virAccessManagerPtr mgr;
int rv;
if (!(mgr = virAccessManagerGetDefault()))
return -1;
if ((rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
virObjectUnref(mgr);
return 0;
}
- 'aclsyms' - generates a linker script to export the
APIs to drivers. Some examples
virConnectBaselineCPUEnsureACL;
virConnectCompareCPUEnsureACL;
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-18 17:49:41 +01:00
|
|
|
/src/access/viraccessapicheck.c
|
|
|
|
/src/access/viraccessapicheck.h
|
|
|
|
/src/access/viraccessapichecklxc.c
|
|
|
|
/src/access/viraccessapichecklxc.h
|
|
|
|
/src/access/viraccessapicheckqemu.c
|
|
|
|
/src/access/viraccessapicheckqemu.h
|
2012-02-03 14:30:06 -07:00
|
|
|
/src/esx/*.generated.*
|
2011-07-13 17:05:19 +02:00
|
|
|
/src/hyperv/*.generated.*
|
2012-02-03 14:30:06 -07:00
|
|
|
/src/libvirt*.def
|
|
|
|
/src/libvirt.syms
|
Auto-generate helpers for checking access control rules
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.
- 'aclheader' - defines signatures of helper APIs for
doing authorization checks. There is one helper API
for each API requiring an auth check. Any @acl
annotations result in a method being generated with
a suffix of 'EnsureACL'. If the ACL check requires
examination of flags, an extra 'flags' param will be
present. Some examples
extern int virConnectBaselineCPUEnsureACL(void);
extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
Any @aclfilter annotations resuilt in a method being
generated with a suffix of 'CheckACL'.
extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
These are used for filtering individual objects from APIs
which return a list of objects
- 'aclbody' - defines the actual implementation of the
methods described above. This calls into the access
manager APIs. A complex example:
/* Returns: -1 on error (denied==error), 0 on allowed */
int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
virDomainDefPtr domain,
unsigned int flags)
{
virAccessManagerPtr mgr;
int rv;
if (!(mgr = virAccessManagerGetDefault()))
return -1;
if ((rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
virObjectUnref(mgr);
return 0;
}
- 'aclsyms' - generates a linker script to export the
APIs to drivers. Some examples
virConnectBaselineCPUEnsureACL;
virConnectCompareCPUEnsureACL;
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-18 17:49:41 +01:00
|
|
|
/src/libvirt_access.syms
|
2013-08-07 13:03:50 +01:00
|
|
|
/src/libvirt_access.xml
|
Auto-generate helpers for checking access control rules
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.
- 'aclheader' - defines signatures of helper APIs for
doing authorization checks. There is one helper API
for each API requiring an auth check. Any @acl
annotations result in a method being generated with
a suffix of 'EnsureACL'. If the ACL check requires
examination of flags, an extra 'flags' param will be
present. Some examples
extern int virConnectBaselineCPUEnsureACL(void);
extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
Any @aclfilter annotations resuilt in a method being
generated with a suffix of 'CheckACL'.
extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
These are used for filtering individual objects from APIs
which return a list of objects
- 'aclbody' - defines the actual implementation of the
methods described above. This calls into the access
manager APIs. A complex example:
/* Returns: -1 on error (denied==error), 0 on allowed */
int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
virDomainDefPtr domain,
unsigned int flags)
{
virAccessManagerPtr mgr;
int rv;
if (!(mgr = virAccessManagerGetDefault()))
return -1;
if ((rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
virObjectUnref(mgr);
return 0;
}
- 'aclsyms' - generates a linker script to export the
APIs to drivers. Some examples
virConnectBaselineCPUEnsureACL;
virConnectCompareCPUEnsureACL;
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-18 17:49:41 +01:00
|
|
|
/src/libvirt_access_lxc.syms
|
2013-08-07 13:03:50 +01:00
|
|
|
/src/libvirt_access_lxc.xml
|
Auto-generate helpers for checking access control rules
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.
- 'aclheader' - defines signatures of helper APIs for
doing authorization checks. There is one helper API
for each API requiring an auth check. Any @acl
annotations result in a method being generated with
a suffix of 'EnsureACL'. If the ACL check requires
examination of flags, an extra 'flags' param will be
present. Some examples
extern int virConnectBaselineCPUEnsureACL(void);
extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
Any @aclfilter annotations resuilt in a method being
generated with a suffix of 'CheckACL'.
extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
These are used for filtering individual objects from APIs
which return a list of objects
- 'aclbody' - defines the actual implementation of the
methods described above. This calls into the access
manager APIs. A complex example:
/* Returns: -1 on error (denied==error), 0 on allowed */
int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
virDomainDefPtr domain,
unsigned int flags)
{
virAccessManagerPtr mgr;
int rv;
if (!(mgr = virAccessManagerGetDefault()))
return -1;
if ((rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
virObjectUnref(mgr);
return 0;
}
- 'aclsyms' - generates a linker script to export the
APIs to drivers. Some examples
virConnectBaselineCPUEnsureACL;
virConnectCompareCPUEnsureACL;
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-18 17:49:41 +01:00
|
|
|
/src/libvirt_access_qemu.syms
|
2013-08-07 13:03:50 +01:00
|
|
|
/src/libvirt_access_qemu.xml
|
2012-02-03 14:30:06 -07:00
|
|
|
/src/libvirt_*.stp
|
|
|
|
/src/libvirt_*helper
|
2012-05-24 20:43:43 -06:00
|
|
|
/src/libvirt_*probes.h
|
2012-02-03 14:30:06 -07:00
|
|
|
/src/libvirt_lxc
|
2012-08-03 10:27:07 +01:00
|
|
|
/src/locking/lock_daemon_dispatch_stubs.h
|
2011-07-06 17:20:04 +01:00
|
|
|
/src/locking/lock_protocol.[ch]
|
2011-07-06 17:30:08 +01:00
|
|
|
/src/locking/qemu-lockd.conf
|
2011-08-15 14:42:43 -06:00
|
|
|
/src/locking/qemu-sanlock.conf
|
Autogenerate augeas test case from default config files
When adding new config file parameters, the corresponding
additions to the augeas lens' are constantly forgotten.
Also there are augeas test cases, these don't catch the
error, since they too are never updated.
To address this, the augeas test cases need to be auto-generated
from the example config files.
* build-aux/augeas-gentest.pl: Helper to generate an
augeas test file, substituting in elements from the
example config files
* src/Makefile.am, daemon/Makefile.am: Switch to
auto-generated augeas test cases
* daemon/test_libvirtd.aug, daemon/test_libvirtd.aug.in,
src/locking/test_libvirt_sanlock.aug,
src/locking/test_libvirt_sanlock.aug.in,
src/lxc/test_libvirtd_lxc.aug,
src/lxc/test_libvirtd_lxc.aug.in,
src/qemu/test_libvirtd_qemu.aug,
src/qemu/test_libvirtd_qemu.aug.in: Remove example
config file data, replacing with a ::CONFIG:: placeholder
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-05-25 11:14:15 +01:00
|
|
|
/src/locking/test_libvirt_sanlock.aug
|
2012-07-17 15:54:08 +01:00
|
|
|
/src/lxc/lxc_controller_dispatch.h
|
|
|
|
/src/lxc/lxc_monitor_dispatch.h
|
2012-12-21 13:19:54 +00:00
|
|
|
/src/lxc/lxc_monitor_protocol.c
|
|
|
|
/src/lxc/lxc_monitor_protocol.h
|
2013-02-17 23:04:17 -06:00
|
|
|
/src/lxc/lxc_protocol.[ch]
|
2012-08-01 13:40:56 +02:00
|
|
|
/src/lxc/test_libvirtd_lxc.aug
|
Autogenerate augeas test case from default config files
When adding new config file parameters, the corresponding
additions to the augeas lens' are constantly forgotten.
Also there are augeas test cases, these don't catch the
error, since they too are never updated.
To address this, the augeas test cases need to be auto-generated
from the example config files.
* build-aux/augeas-gentest.pl: Helper to generate an
augeas test file, substituting in elements from the
example config files
* src/Makefile.am, daemon/Makefile.am: Switch to
auto-generated augeas test cases
* daemon/test_libvirtd.aug, daemon/test_libvirtd.aug.in,
src/locking/test_libvirt_sanlock.aug,
src/locking/test_libvirt_sanlock.aug.in,
src/lxc/test_libvirtd_lxc.aug,
src/lxc/test_libvirtd_lxc.aug.in,
src/qemu/test_libvirtd_qemu.aug,
src/qemu/test_libvirtd_qemu.aug.in: Remove example
config file data, replacing with a ::CONFIG:: placeholder
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-05-25 11:14:15 +01:00
|
|
|
/src/qemu/test_libvirtd_qemu.aug
|
2011-05-06 14:11:32 +01:00
|
|
|
/src/remote/*_client_bodies.h
|
|
|
|
/src/remote/*_protocol.[ch]
|
2011-09-22 12:51:55 +02:00
|
|
|
/src/rpc/virkeepaliveprotocol.[ch]
|
2010-12-06 17:03:10 +00:00
|
|
|
/src/rpc/virnetprotocol.[ch]
|
2012-05-29 15:49:13 -06:00
|
|
|
/src/test_libvirt*.aug
|
2013-08-08 16:06:31 +01:00
|
|
|
/src/test_virtlockd.aug
|
2011-07-21 15:32:34 +08:00
|
|
|
/src/util/virkeymaps.h
|
2012-02-03 14:30:06 -07:00
|
|
|
/src/virt-aa-helper
|
2012-08-02 20:06:50 +01:00
|
|
|
/src/virtlockd
|
2013-08-08 15:10:38 +01:00
|
|
|
/src/virtlockd.8
|
|
|
|
/src/virtlockd.8.in
|
2012-08-02 20:06:50 +01:00
|
|
|
/src/virtlockd.init
|
2010-11-16 12:29:09 -07:00
|
|
|
/tests/*.log
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/*.pid
|
2013-01-28 15:19:14 +01:00
|
|
|
/tests/*.trs
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/*xml2*test
|
|
|
|
/tests/commandhelper
|
2012-02-06 18:27:40 +01:00
|
|
|
/tests/commandtest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/conftest
|
2010-12-01 16:48:19 -07:00
|
|
|
/tests/cputest
|
2011-09-22 14:29:00 -06:00
|
|
|
/tests/domainsnapshotxml2xmltest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/esxutilstest
|
|
|
|
/tests/eventtest
|
2013-05-13 17:16:54 +02:00
|
|
|
/tests/fchosttest
|
2013-05-10 18:14:40 +01:00
|
|
|
/tests/fdstreamtest
|
2011-04-18 09:30:49 -06:00
|
|
|
/tests/hashtest
|
2011-06-30 12:13:51 -06:00
|
|
|
/tests/jsontest
|
2012-04-13 10:55:15 +02:00
|
|
|
/tests/libvirtdconftest
|
2013-09-17 10:24:41 -06:00
|
|
|
/tests/metadatatest
|
2011-06-24 15:30:00 -06:00
|
|
|
/tests/networkxml2argvtest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/nodeinfotest
|
2010-11-16 12:29:09 -07:00
|
|
|
/tests/nwfilterxml2xmltest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/object-locking
|
|
|
|
/tests/object-locking-files.txt
|
|
|
|
/tests/object-locking.cm[ix]
|
2011-05-31 11:35:32 -06:00
|
|
|
/tests/openvzutilstest
|
2013-07-24 10:15:37 +02:00
|
|
|
/tests/qemuagenttest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/qemuargv2xmltest
|
2013-09-19 13:44:41 +02:00
|
|
|
/tests/qemucapabilitiestest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/qemuhelptest
|
2013-06-21 16:27:59 +02:00
|
|
|
/tests/qemuhotplugtest
|
2012-08-20 13:31:29 +01:00
|
|
|
/tests/qemumonitorjsontest
|
2012-02-25 16:48:02 -08:00
|
|
|
/tests/qemumonitortest
|
2011-10-19 13:49:59 -06:00
|
|
|
/tests/qemuxmlnstest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/qparamtest
|
|
|
|
/tests/reconnect
|
|
|
|
/tests/secaatest
|
|
|
|
/tests/seclabeltest
|
2012-09-19 14:00:34 +01:00
|
|
|
/tests/securityselinuxlabeltest
|
2013-01-15 13:30:30 +01:00
|
|
|
/tests/securityselinuxtest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/sexpr2xmltest
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-01 17:57:06 +01:00
|
|
|
/tests/shunloadtest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/sockettest
|
|
|
|
/tests/ssh
|
|
|
|
/tests/statstest
|
2012-07-18 20:06:58 +01:00
|
|
|
/tests/storagebackendsheepdogtest
|
2012-12-17 14:40:48 -05:00
|
|
|
/tests/sysinfotest
|
2013-03-19 14:36:28 -04:00
|
|
|
/tests/test_conf
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/utiltest
|
2012-07-11 14:35:43 +01:00
|
|
|
/tests/viratomictest
|
2012-03-23 16:04:18 -06:00
|
|
|
/tests/virauthconfigtest
|
2012-09-14 15:46:57 +08:00
|
|
|
/tests/virbitmaptest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/virbuftest
|
2013-03-28 14:36:52 +00:00
|
|
|
/tests/vircgrouptest
|
2013-07-12 11:13:04 +01:00
|
|
|
/tests/virdbustest
|
2012-05-24 20:43:43 -06:00
|
|
|
/tests/virdrivermoduletest
|
2013-02-08 16:44:21 -07:00
|
|
|
/tests/virendiantest
|
2012-01-25 16:38:37 +00:00
|
|
|
/tests/virhashtest
|
2012-01-20 17:49:32 +00:00
|
|
|
/tests/viridentitytest
|
2013-04-05 17:49:27 +01:00
|
|
|
/tests/virkeycodetest
|
2012-03-23 16:04:18 -06:00
|
|
|
/tests/virkeyfiletest
|
Introduce an internal API for handling file based lockspaces
The previously introduced virFile{Lock,Unlock} APIs provide a
way to acquire/release fcntl() locks on individual files. For
unknown reason though, the POSIX spec says that fcntl() locks
are released when *any* file handle referring to the same path
is closed. In the following sequence
threadA: fd1 = open("foo")
threadB: fd2 = open("foo")
threadA: virFileLock(fd1)
threadB: virFileLock(fd2)
threadB: close(fd2)
you'd expect threadA to come out holding a lock on 'foo', and
indeed it does hold a lock for a very short time. Unfortunately
when threadB does close(fd2) this releases the lock associated
with fd1. For the current libvirt use case for virFileLock -
pidfiles - this doesn't matter since the lock is acquired
at startup while single threaded an never released until
exit.
To provide a more generally useful API though, it is necessary
to introduce a slightly higher level abstraction, which is to
be referred to as a "lockspace". This is to be provided by
a virLockSpacePtr object in src/util/virlockspace.{c,h}. The
core idea is that the lockspace keeps track of what files are
already open+locked. This means that when a 2nd thread comes
along and tries to acquire a lock, it doesn't end up opening
and closing a new FD. The lockspace just checks the current
list of held locks and immediately returns VIR_ERR_RESOURCE_BUSY.
NB, the API as it stands is designed on the basis that the
files being locked are not being otherwise opened and used
by the application code. One approach to using this API is to
acquire locks based on a hash of the filepath.
eg to lock /var/lib/libvirt/images/foo.img the application
might do
virLockSpacePtr lockspace = virLockSpaceNew("/var/lib/libvirt/imagelocks");
lockname = md5sum("/var/lib/libvirt/images/foo.img");
virLockSpaceAcquireLock(lockspace, lockname);
NB, in this example, the caller should ensure that the path
is canonicalized before calculating the checksum.
It is also possible to do locks directly on resources by
using a NULL lockspace directory and then using the file
path as the lock name eg
virLockSpacePtr lockspace = virLockSpaceNew(NULL);
virLockSpaceAcquireLock(lockspace, "/var/lib/libvirt/images/foo.img");
This is only safe to do though if no other part of the process
will be opening the files. This will be the case when this
code is used inside the soon-to-be-reposted virlockd daemon
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-02 17:02:40 +01:00
|
|
|
/tests/virlockspacetest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/virnet*test
|
2013-01-09 15:11:50 +00:00
|
|
|
/tests/virportallocatortest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/virshtest
|
2013-02-13 11:04:05 -07:00
|
|
|
/tests/virstoragetest
|
2012-11-30 15:21:02 +00:00
|
|
|
/tests/virstringtest
|
2013-07-18 10:54:21 +01:00
|
|
|
/tests/virsystemdtest
|
2012-02-06 18:27:40 +01:00
|
|
|
/tests/virtimetest
|
2012-03-23 16:04:18 -06:00
|
|
|
/tests/viruritest
|
2013-09-18 09:30:35 -05:00
|
|
|
/tests/vmwarevertest
|
2012-02-03 14:30:06 -07:00
|
|
|
/tests/vmx2xmltest
|
|
|
|
/tests/xencapstest
|
|
|
|
/tests/xmconfigtest
|
|
|
|
/tools/*.[18]
|
|
|
|
/tools/libvirt-guests.init
|
2012-06-26 18:13:46 +02:00
|
|
|
/tools/libvirt-guests.service
|
2012-10-20 22:29:51 -04:00
|
|
|
/tools/libvirt-guests.sh
|
2013-08-08 16:36:31 +01:00
|
|
|
/tools/virt-login-shell
|
2012-02-03 14:30:06 -07:00
|
|
|
/tools/virsh
|
|
|
|
/tools/virsh-*-edit.c
|
|
|
|
/tools/virt-*-validate
|
|
|
|
/tools/virt-sanlock-cleanup
|
2010-11-16 12:29:09 -07:00
|
|
|
/update.log
|
2008-10-17 10:03:15 +00:00
|
|
|
Makefile
|
2008-10-28 17:47:12 +00:00
|
|
|
Makefile.in
|
2010-12-01 16:48:19 -07:00
|
|
|
TAGS
|
2008-10-28 17:47:12 +00:00
|
|
|
coverage
|
2009-07-03 14:32:17 +00:00
|
|
|
cscope.files
|
2012-11-05 12:59:53 +08:00
|
|
|
cscope.in.out
|
2009-07-03 14:32:17 +00:00
|
|
|
cscope.out
|
2012-11-05 12:59:53 +08:00
|
|
|
cscope.po.out
|
2008-10-28 17:47:12 +00:00
|
|
|
results.log
|
|
|
|
stamp-h
|
|
|
|
stamp-h.in
|
|
|
|
stamp-h1
|
2012-10-31 16:47:34 +01:00
|
|
|
tags
|
2011-07-28 14:55:21 +02:00
|
|
|
!/gnulib/lib/Makefile.am
|
|
|
|
!/gnulib/tests/Makefile.am
|
2011-04-05 13:06:31 -06:00
|
|
|
!/m4/virt-*.m4
|
|
|
|
!/po/*.po
|
|
|
|
!/po/POTFILES.in
|
|
|
|
!/po/libvirt.pot
|