/usr/bin/qemu-system-x86_64 -S -no-user-config -nodefaults -nographic -machine none,accel=kvm:tcg -qmp unix:/var/lib/libvirt/qemu/capabilities.monitor.sock,server,nowait -pidfile /var/lib/libvirt/qemu/capabilities.pidfile -daemonize
libvirtd needs to be allowed to kill these processes, otherwise they
remain running.
Required to generate correct profiles when using usb passthrough.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/565691
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: Jamie Strandboge <jamie@ubuntu.com>
Acked-by: Intrigeri <intrigeri@boum.org>
While libvirtd might do so, qemu itself as a guest will not need
to call qemu-nbd so remove it from the profile.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Adding the PKI path that is used as default suggestion in src/qemu/qemu.conf
If people use non-default paths they should use local overrides but the
suggested defaults we should open up.
This is the default path as referenced by src/qemu/qemu.conf in libvirt.
While doing so merge the several places we have to cover PKI access into
one.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1690140
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Allows (multi-arch enabled) access to libraries under the
/usr/lib/@{multiarch}/qemu/*.so path in the Debian/Ubuntu
qemu-block-extra package and all such libs for the paths
of rpm qemu-block-* packages.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1554761
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Prevent denial messages related to attempted reads on lttng
files from spamming the logs.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1432644
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
On live migration with --p2p like:
$ virsh migrate --live --p2p kvmguest-bionic-normal \
qemu+ssh://10.6.221.80/system
We hit an apparmor deny like:
apparmor="DENIED" operation="file_inherit"
profile="/usr/sbin/libvirtd" pid=23477 comm="ssh" family="unix"
sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send" addr=none peer_addr=none peer="unconfined"
The rule is not perfect, but can't be restricted further at the moment
(new upstream kernel features needed). For now the lack of a profile on the
peer as well as comm not being a conditional on rules do not allow to filter
further.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
virt-aa-helper needs read access to the disk image to resolve symlinks
and add the proper rules to the profile. Its profile whitelists a few
common paths, but users can place their images anywhere.
This commit helps users allowing access to their images by adding their
own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
This commit also adds rules to allow reading files named:
- *.raw as this is a rather common disk image extension
- /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox
Noticed the following denial in audit.log when shutting down
an apparmor confined domain
type=AVC msg=audit(1512002299.742:131): apparmor="DENIED"
operation="open" profile="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff"
name="/proc/1475/cmdline" pid=2958 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=469 ouid=0
Squelch the denial by allowing read access to /proc/<pid>/cmdline.
Since qemu 2.9 via 9103f1ce "file-posix: Consider max_segments for
BlockLimits.max_transfer" this is a new access that is denied by the
qemu profile.
It is non fatal, but prevents the fix mentioned to actually work.
It should be safe to allow reading from that path.
Since qemu opens a symlink path we need to translate that for apparmor from
"/sys/dev/block/*/queue/max_segments" to
"/sys/devices/**/block/*/queue/max_segments"
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Right-aligning backslashes when defining macros or using complex
commands in Makefiles looks cute, but as soon as any changes is
required to the code you end up with either distractingly broken
alignment or unnecessarily big diffs where most of the changes
are just pushing all backslashes a few characters to one side.
Generated using
$ git grep -El '[[:blank:]][[:blank:]]\\$' | \
grep -E '*\.([chx]|am|mk)$$' | \
while read f; do \
sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \
done
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
In bf3a4140 "virt-aa-helper: fix libusb access to udev usb data" the
libusb access to properly detect the device/bus ids was fixed.
The path /run/udev/data/+usb* contains a subset of that information we
already allow to be read and are currently not needed for the function
qemu needs libusb for. But on the init of libusb all those files are
still read so a lot of apparmor denials can be seen when using usb host
devices, like:
apparmor="DENIED" operation="open" name="/run/udev/data/+usb:2-1.2:1.0"
comm="qemu-system-x86" requested_mask="r" denied_mask="r"
Today we could silence the warnings with a deny rule without breaking
current use cases. But since the data in there is only a subset of those
it can read already it is no additional information exposure. And on the
other hand a future udev/libusb/qemu combination might need it so allow
the access in the default apparmor profile.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Commit b482925c added ptrace rule for the apparmor profiles,
but one was missed in the libvirtd profile for dnsmasq. It was
overlooked since the test machine did not have an active libvirt
network requiring dnsmasq that was also set to autostart. With
one active and set to autostart, the following denial is observed
in audit.log when restarting libvirtd
type=AVC msg=audit(1507320136.306:298): apparmor="DENIED" \
operation="ptrace" profile="/usr/sbin/libvirtd" pid=5472 \
comm="libvirtd" requested_mask="trace" denied_mask="trace" \
peer="/usr/sbin/dnsmasq"
With an active network, I suspect a libvirtd restart causes access
to /proc/<dnsmasq-pid>/*, hence the resulting denial. As a nasty
side affect of the denial, libvirtd thinks it needs to spawn a
dnsmasq process even though one is already running for the network.
E.g. after two libvirtd restarts
dnsmasq 1683 0.0 0.0 51188 2612 ? S 12:03 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root 1684 0.0 0.0 51160 576 ? S 12:03 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
dnsmasq 4706 0.0 0.0 51188 2572 ? S 13:54 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root 4707 0.0 0.0 51160 572 ? S 13:54 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
dnsmasq 4791 0.0 0.0 51188 2580 ? S 13:56 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root 4792 0.0 0.0 51160 572 ? S 13:56 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
A simple fix is to add a ptrace rule for dnsmasq.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-By: Guido Günther <agx@sigxcpu.org>
libusb as used by qemu needs to read data from /run/udev/data/ about usb
devices. That is read once on the first initialization of libusb_init by
qemu.
Therefore generating just the device we need would not be sufficient as
another hotplug later can need another device which would fail as the
data is no more re-read at this point.
But we can restrict the paths very much to just the major number of
potential usb devices which will make it match approximately the detail
that e.g. an lsusb -v would reveal - that is much safer than the
"/run/udev/data/* r" blanket many users are using now as a workaround.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
This commit adds new events for two methods and operations: *PoolBuild() and
*PoolDelete(). Using the event-test and the commands set below we have the
following outputs:
$ sudo ./event-test
Registering event callbacks
myStoragePoolEventCallback EVENT: Storage pool test Defined 0
myStoragePoolEventCallback EVENT: Storage pool test Created 0
myStoragePoolEventCallback EVENT: Storage pool test Started 0
myStoragePoolEventCallback EVENT: Storage pool test Stopped 0
myStoragePoolEventCallback EVENT: Storage pool test Deleted 0
myStoragePoolEventCallback EVENT: Storage pool test Undefined 0
Another terminal:
$ sudo virsh pool-define test.xml
Pool test defined from test.xml
$ sudo virsh pool-build test
Pool test built
$ sudo virsh pool-start test
Pool test started
$ sudo virsh pool-destroy test
Pool test destroyed
$ sudo virsh pool-delete test
Pool test deleted
$ sudo virsh pool-undefine test
Pool test has been undefined
This commits can be a solution for RHBZ #1475227.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1475227
Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
When setting up VncTLS according to the official Libvirt documentation,
only one certificate for libvirt/libvirt-vnc is used. The document
indicates to use the following directories :
/etc/pki/CA
/etc/pki/libvirt
/etc/pki/libvirt/private
in order to manage the certificates used by libvirt-vnc.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/901272
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
On Debian/Ubuntu the libxl-save-helper (used when saving/restoring
a domain through libxl) is located under /usr/lib/xen-<version>/bin.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1334195
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Updates profile to allow running on ppc64el.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
The split firmware and variables files introduced by
https://bugs.debian.org/764918 are in a different directory for
some reason. Let the virtual machine read both.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
QEMU will likely report the details of it shutting down, particularly
whether the shutdown was initiated by the guest or host. We should
forward that information along, at least for shutdown events. Reset
has that as well, however that is not a lifecycle event and would add
extra constants that might not be used. It can be added later on.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1384007
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Add explicit denies for disk devices to avoid cluttering dmesg with
(acceptable) denials.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Guido Günther <agx@sigxcpu.org>
When using thin provisioning, management tools need to resize the disk
in certain cases. To avoid having them to poll disk usage introduce an
event which will be fired when a given offset of the storage is written
by the hypervisor. Together with the API which will be added later, it
will allow registering thresholds for given storage backing volumes and
this event will then notify management if the threshold is exceeded.
When changing the metadata via virDomainSetMetadata, we now
emit an event to notify the app of changes. This is useful
when co-ordinating different applications read/write of
custom metadata.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
For instance:
hellolibvirt/hellolibvirt.c: In function 'showDomains':
hellolibvirt/hellolibvirt.c💯19: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
for (i = 0; i < numNames; i++) {
^
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Due to a missing entries in Makefile, we were not distributing
all the systemtap scripts we have.
Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
This event is emitted when a nodedev XML definition is updated,
like when cdrom media is changed in a cdrom block device.
Also includes node device update event implementation for udev
backend, virsh nodedev-event support, and event-test support
On error, asprintf returns -1 and the contents of the string
pointer is undefined. In the rest of the libvirt code,
the virAsprintf wrapper takes care of that.
Check the return value and report a generic error, since we
purposefully avoid linking to virutil.
Some of the examples make use of asprintf and strtol functions (to keep
things simple) which are prohibited to use within our code (enforced by
syntax-check). Therefore besides adding some examples, this patch also updates
cfg.mk to exclude examples directory from asprintf and strtol rules, as well as
updates .gitignore to exclude all the new admin binaries created in the
'examples' dir.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
The VIR_STORAGE_POOL_EVENT_REFRESHED constant does not
reflect any change in the lifecycle of the storage pool.
It should thus not be part of the storage pool lifecycle
event set, but rather be a top level event in its own
right. Thus we introduce VIR_STORAGE_POOL_EVENT_ID_REFRESH
to replace it.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
We have this code in our Makefile that tries to remove
/etc/libvirt/nwfilter if directory is left empty after all our
example nwfilters were uninstalled. However, the check for that
is missing quotation marks thus rendering the test useless:
test -z allow-arp.xml allow-dhcp-server.xml .. qemu-announce-self.xml || \
rmdir "/some/path/libvirt.git/_install/etc/libvirt/nwfilter"
/bin/sh: line 0: test: too many arguments
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
The event test does not try to include libvirt internals. Using a macro
named VIR_DEBUG might hint to such usage. Additionally it's useless
since it's used only in the main() function.
Modernize the message strings while touching them.
In an unlikely event of virConnectRegisterCloseCallback failing,
the error is ignored. This is an example file and we shouldn't
get a bad example.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Like in the rest of our code we tend to prefer 'goto' and
'cleanup' over 'if else' code structure. Do the same here.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY and VIR_DOMAIN_PAUSED_POSTCOPY are
used on the source host once migration enters post-copy mode (which
means the domain gets paused on the source. After the destination host
takes over the execution of the domain, its virtual CPUs are resumed and
the domain enters VIR_DOMAIN_RUNNING_POSTCOPY state and
VIR_DOMAIN_EVENT_RESUMED_POSTCOPY event is emitted.
In case migration fails during post-copy mode and none of the hosts have
complete state of the domain, both domains will remain paused with
VIR_DOMAIN_PAUSED_POSTCOPY_FAILED reason and an upper layer may decide
what to do.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Commit d82170d introduced a workaround for domtop: in that example
program, we define a symbol called ERROR for our own use, but since
a symbol with the same name is already defined in one of mingw's
header files, we get a warning when using that compiler.
domsuspend defines the same problematic symbol, so the workaround
has been copied over.
So after da176bf6b7 and friend we have switched to $(wildcard
some/path/*.xml) instead of enumerating the files explicitly.
This is nice, however it makes distcheck build from VPATH fail.
The reason is that it's is not obvious to what does the wildcard
refer to: srcdir or builddir?
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Using one Makefile per example subdirectory essentially serializes 'make'
calls. Convert to one example/Makefile that builds and distributes
all the subdir files. This reduces example/ rebuild time from about 5.8
seconds to 1.5 seconds on my machine.
One slight difference is that we no longer ship Makefile.am with the
examples in the rpm. This was virtually useless anyways since the Makefile
was very specific to libvirt infrastructure, so wasn't generically
reusable anyways.
Tested with 'make distcheck' and 'make rpm'
Creating ACL rules is not exactly easy and existing examples are pretty
simple. This patch adds a somewhat complex example which defines several
roles. Admins can do everything, operators can do basic operations
on any domain and several groups of users who act as operators but only
on a limited set of domains.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
So, in the example the cpu stats are collected within a function
called do_top. At the beginning of the function we ask the daemon for
how much vCPUs can we get stats, and how many stats for a vCPU can we
get. This is because it's how our API works - users are required to
preallocate a chunk of memory for the results. Now, at the end, we try
to free the allocated array, but we are not doing it correctly.
There's this virTypedParamsFree() function which gets a pointer to the
array and the length of the array. However, if there was an error in
getting vCPU stats we pass a negative number instead of the originally
computed value. This flaw results in SIGSEGV:
libvirt: QEMU Driver error : Requested operation is not valid: domain is not running
ERROR do_top:333 : Unable to get cpu stats
==29201== Invalid read of size 4
==29201== at 0x4F1DF8B: virTypedParamsClear (virtypedparam.c:1145)
==29201== by 0x4F1DFEB: virTypedParamsFree (virtypedparam.c:1165)
==29201== by 0x4023C3: do_top (domtop.c:349)
==29201== by 0x40260B: main (domtop.c:386)
==29201== Address 0x131cd7c0 is 16 bytes after a block of size 768 alloc'd
==29201== at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29201== by 0x401FF1: do_top (domtop.c:295)
==29201== by 0x40260B: main (domtop.c:386)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Wikipedia's list of common misspellings [1] has a machine-readable
version. This patch fixes those misspellings mentioned in the list
which don't have multiple right variants (as e.g. "accension", which can
be both "accession" and "ascension"), such misspellings are left
untouched. The list of changes was manually re-checked for false
positives.
[1] https://en.wikipedia.org/wiki/Wikipedia:Lists_of_common_misspellings/For_machines
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Apparmor must not prevent access to required helper programs. The following
helpers should be allowed to run in unconfined execution mode:
- libvirt_parthelper
- libvirt_iohelper
The network and nwfilter tests contained in the libvirt-TCK testkit can fail
unless access to raw network packets is granted. Without this access, the
following apparmor error can be seen while running the tests:
apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/libvirtd"
pid=94731 comm="libvirtd" family="packet" sock_type="raw" protocol=768
In order for apparmor to work properly in Xen environments, the following
access rights need to be allowed:
- Allow CAP_SYS_PACCT, which is required when resetting some multi-port
Broadcom cards by writting to the PCI config space
- Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without
this setting, an error 'Resource temporarily unavailable' can be seen
while attempting to mmap memory. At the same time, the following
apparmor message is seen:
apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd"
pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14
capname="ipc_lock"
- Allow access to distribution specific directories:
/usr/{lib,lib64}/xen/bin
As discussed before, this simple script should help with debugging
deadlocks, although there are still some caveats. RWLocks are not
handled by this and if your deadlock if very racy, it may not lock
up when running with this script due to the slowdown.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
When building on mingw the format string for long long/unsigned long
long have to be I64d/I64u instead of lld/llu.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
and thus running a qemu guest fails.
Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
On some places in the libvirt code we have:
f(a,z)
instead of
f(a, z)
This trivial patch fixes couple of such occurrences.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
The "maxMemory" element was never supported by libvirt. Remove it from
the test XMLs. (Found while actually trying to add support for a
identically named element).
The variable 'k' in the print_cpu_usage function is not used anywhere
and can fire a warning on some compilers.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Currently, the function follows the usual pattern used in our code:
int ret = -1;
...
ret = 0;
cleanup:
return ret;
However, the function always call exit() on error, so the cleanup
label is never jumped onto. Therefore, it doesn't make any sense to
have the parse_argv function return an integer value, if it
effectively can return only value of zero.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Firstly, there's no sigaction() nor struct sigaction on mingw. We have
to use the one implemented by gnulib (and hence link with gnulib).
Then, for some reason one header file from windows defines ERROR
symbol. Yes it does. Sigh.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Use the virTypedParamsFree unconditionally as it handles NULL well and
has the benefit of freeing a typed parameter array even if it wasn't yet
assigned, but only allocated.
There's this question on the list that is asked over and over again.
How do I get {cpu, memory, ...} usage in percentage? Or its modified
version: How do I plot nice graphs like virt-manager does?
It would be nice if we have an example to inspire people. And that's
what domtop should do. Yes, it could be written in different ways, but
I've chosen this one as I think it show explicitly what users need to
implement in order to imitate virt-manager's graphing.
Note: The usage is displayed from host perspective. That is, how much
host CPUs the domain is using. But it should be fairly simple to
switch do just guest CPU usage if needed.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default.
This profile allows quite a lot, but strives to restrict access to
dangerous resources.
Removing the explicit authorizations to bash, systemd and cron files,
forces them to keep the lxc profile for all applications inside the
container. PUx permissions where leading to running systemd (and others
tasks) unconfined.
Put the generic files, network and capabilities restrictions directly
in the TEMPLATE.lxc: this way, users can restrict them on a per
container basis.
Tiny fix for virt-lxc-convert: we are setting memory values in bytes, while
free may give us values in a different unit by default: force free to output
bytes with -b flag.
This commit adds a new example to illustrate peer to
peer domain migration with virDomainMigrateToURI.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com>
See lp#1276719 for the bug description. As virt-aa-helper doesn't know
the VFIO groups to use for the guest, allow access to all
/dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need
for vfio
Signed-off-by: Eric Blake <eblake@redhat.com>
use_apparmor() was first designed to be called from withing libvirtd,
but libvirt_lxc also uses it. in libvirt_lxc, there is no need to check
whether to use apparmor or not: just use it if possible.
The security driver expects /etc/apparmor.d/libvirt/TEMPLATE but we
installed it to /etc/apparmor.d/libvirtd/TEMPLATE. Move the template to
the expected place since that code was here long before.
Make it easy to install the shipped examples. The aim is to have
reasonably working templates so that distros only need to minimally
patch these and can feed things upstream more easily.
This was prompted by http://bugs.debian.org/725144
When registering a close callback, the connection refcount is increased
as the connection object is passed to the callback and hence we must
prevent deleting it too soon. However, when closing the connection, the
connection object is just unrefed. So whenever a connection with a close
callback is closed, we end up with the connection object which has
exactly one reference. Leaving the code as-is doesn't mean the end of
the world as we know it, but why give a bad example?
==14531== 288 bytes in 1 blocks are still reachable in loss record 695 of 762
==14531== at 0x4C2BDE4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14531== by 0x4E9FE09: virAllocVar (viralloc.c:558)
==14531== by 0x4EDBE45: virObjectNew (virobject.c:190)
==14531== by 0x4F71AAC: virGetConnect (datatypes.c:116)
==14531== by 0x4F78511: do_open (libvirt.c:1136)
==14531== by 0x4F7B3AC: virConnectOpenAuth (libvirt.c:1481)
==14531== by 0x4011D2: main (event-test.c:499)
(and other leaks tied to virGetConnect())
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
This partially reverts 5eb4b04211 and 62774afb6b.
Rewrite the domsuspend example from scratch. This time do it right.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
The domain events demo program isn't really tied to domain
events anymore, so rename it to object events.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The domsuspend example code is a really old and bad exmample of (how not
to use) the libvirt API. Remove it as it's apparent that nobody tried to
use it. It was broken and nobody complained.
The python binding now lives in
http://libvirt.org/git/?p=libvirt-python.git
that repo also provides an RPM which is upgrade compatible
with the old libvirt-python sub-RPM.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.
The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.
Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
'make rpm' with client_local set to 1 (by manual modification,
or with RHEL 5 on s390) warns:
RPM build errors:
Installed (but unpackaged) file(s) found:
/etc/libvirt/nwfilter/allow-arp.xml
/etc/libvirt/nwfilter/allow-dhcp-server.xml
/etc/libvirt/nwfilter/allow-dhcp.xml
/etc/libvirt/nwfilter/allow-incoming-ipv4.xml
/etc/libvirt/nwfilter/allow-ipv4.xml
/etc/libvirt/nwfilter/clean-traffic.xml
/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml
/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml
/etc/libvirt/nwfilter/no-arp-spoofing.xml
/etc/libvirt/nwfilter/no-ip-multicast.xml
/etc/libvirt/nwfilter/no-ip-spoofing.xml
/etc/libvirt/nwfilter/no-mac-broadcast.xml
/etc/libvirt/nwfilter/no-mac-spoofing.xml
/etc/libvirt/nwfilter/no-other-l2-traffic.xml
/etc/libvirt/nwfilter/no-other-rarp-traffic.xml
/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml
/etc/libvirt/nwfilter/qemu-announce-self.xml
/usr/share/polkit-1/actions/org.libvirt.api.policy
The bulk of these are fixed with this patch.
* examples/xml/nwfilter/Makefile.am (install-data-local)
(uninstall-local): Make conditional.
Signed-off-by: Eric Blake <eblake@redhat.com>
Consistently use "is" or "is not" to compare variables to None,
because doing so is preferrable, as per PEP 8
(http://www.python.org/dev/peps/pep-0008/#programming-recommendations):
> Comparisons to singletons like None should always be done with is or
> is not, never the equality operators.
Mingw *printf is a moving target; newer mingw now provides a version
of asprintf() that fails to understand %lld:
CC event_test-event-test.o
../../../../examples/domain-events/events-c/event-test.c: In function 'myDomainEventRTCChangeCallback':
../../../../examples/domain-events/events-c/event-test.c:270:18: error: unknown conversion type character 'l' in format [-Werror=format=]
virDomainGetID(dom), offset) < 0)
^
But since our examples already admitted that they were hacking around
a mingw deficiency, it is easier to just use printf() directly, coupled
with <inttypes.h> macros, for a more portable work-around.
* examples/domain-events/events-c/event-test.c
(myDomainEventRTCChangeCallback): Use PRIdMAX instead of asprintf.
Signed-off-by: Eric Blake <eblake@redhat.com>
Convert the type of loop iterators named 'i', 'j', k',
'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
'unsigned int', also santizing 'ii', 'jj', 'kk' to use
the normal 'i', 'j', 'k' naming
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
I noticed several unusual spacings in for loops, and decided to
fix them up. See the next commit for the syntax check that found
all of these.
* examples/domsuspend/suspend.c (main): Fix spacing.
* python/libvirt-override.c: Likewise.
* src/conf/interface_conf.c: Likewise.
* src/security/virt-aa-helper.c: Likewise.
* src/util/virconf.c: Likewise.
* src/util/virhook.c: Likewise.
* src/util/virlog.c: Likewise.
* src/util/virsocketaddr.c: Likewise.
* src/util/virsysinfo.c: Likewise.
* src/util/viruuid.c: Likewise.
* src/vbox/vbox_tmpl.c: Likewise.
* src/xen/xen_hypervisor.c: Likewise.
* tools/virsh-domain-monitor.c (vshDomainStateToString): Drop
default case, to let compiler check us.
* tools/virsh-domain.c (vshDomainVcpuStateToString): Likewise.
Signed-off-by: Eric Blake <eblake@redhat.com>
Update the hellolibvirt example program to demonstrate use of
the virGetLastErrorMessage() API for quick error reporting
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
In the domain-events example C code virEventRegisterDefaultImpl was being
called before virConnectOpen without first calling virInitialize. While this
code worked, it is incorrect. Adding a call to g_string_new prior to the call
to virEventRegisterDefaultImpl would cause the code to break. This fix will
help avoid unintentional misue of the API.
Relates to: Ret Hat Bugzilla - Bug 961155
When converting to virObject, the probes on the 'Free' functions
were removed on the basis that there is a probe on virObjectFree
that suffices. This puts a burden on people writing probe scripts
to identify which object is being dispose. This adds back probes
in the 'Dispose' functions and updates the rpc monitor systemtap
example to use them
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Change the order of some conditions and use the AllDomains API to get
a list of all the active and defined domains, then use the Active and
Name API's in order to print.
This changes here adjust the output from:
Attempting to connect to hypervisor
Connected to hypervisor at "qemu:///system"
Hypervisor: "QEMU" version: 0.32.656
There are 0 active and 2 inactive domains
Inactive domains:
foo
bar
Disconnected from hypervisor
to
Attempting to connect to hypervisor
Connected to hypervisor at "qemu:///system"
Hypervisor: "QEMU" version: 0.32.656
There are 0 active and 2 inactive domains
foo (non-active)
bar (non-active)
Disconnected from hypervisor
Add code in the python binding to cope with the new APIs
virConnectRegisterCloseCallback and
virConnectUnregisterCloseCallback. Also demonstrate their
use in the python domain events demo
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>