Commit Graph

20697 Commits

Author SHA1 Message Date
Michal Privoznik
00e5b96716 security_selinux: Take @privileged into account
https://bugzilla.redhat.com/show_bug.cgi?id=1124841

If running in session mode it may happen that we fail to set
correct SELinux label, but the image may still be readable to
the qemu process. Take this into account.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-15 11:30:14 +02:00
Michal Privoznik
307fb9044c virSecurityManager: Track if running as privileged
We may want to do some decisions in drivers based on fact if we
are running as privileged user or not. Propagate this info there.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-15 11:30:14 +02:00
Michal Privoznik
276c409163 security_selinux: Replace SELinuxSCSICallbackData with proper struct
We have plenty of callbacks in the driver. Some of these
callbacks require more than one argument to be passed. For that
we currently have a data type (struct) per each callback. Well,
so far for only one - SELinuxSCSICallbackData. But lets turn it
into more general name so it can be reused in other callbacks too
instead of each one introducing a new, duplicate data type.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-15 11:30:13 +02:00
Michal Privoznik
370461d1db virSecuritySELinuxSetSecurityAllLabel: drop useless virFileIsSharedFSType
The check is done in virSecuritySELinuxSetFilecon itself. There's
no need to check it again.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-15 11:30:13 +02:00
Christian Loehle
d3f6173086 Minor typo fixes in documentation
Signed-off-by: Christian Loehle <cloehle@linutronix.de>
2015-09-15 11:27:35 +02:00
Andrea Bolognani
17c4d2a17f util: Add space before comment end marker
This allows the Wikipedia link to be recognized correctly by eg.
gnome-terminal's Open Link and Copy Link Address features.
2015-09-14 11:32:44 +02:00
Martin Kletzander
f05f005c8b qemu: Allow others to browse /var/lib/libvirt/qemu
Commit f1f68ca334 tried fixing running multiple domains under various
users, but if the user can't browse the directory, it's hard for the
qemu running under that user to create the monitor socket.

The permissions need to be fixed in two places in the spec file due to
support for both installations with and without driver modules.

Creating a directory with '$(MKDIR_P) -m' shouldn't fail even on systems
where autoconf needs to fallback to 'install-sh -d'.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-14 10:06:00 +02:00
Martin Kletzander
192a139489 qemu: Do not allow others into per-VM subdirectories
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-14 10:06:00 +02:00
Peter Krempa
64c6695f1a qemu: hotplug: Properly clean up drive backend if frontend hotplug fails
Commit 8125113c added code that should remove the disk backend if the
fronted hotplug failed for any reason. The code had a bug though as it
used the disk string for unplug rather than the backend alias. Fix the
code by pre-creating an alias string and using it instead of the disk
string. In cases where qemu does not support QEMU_CAPS_DEVICE, we ignore
the unplug of the backend since we can't really create an alias in that
case.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1262399
2015-09-14 09:41:43 +02:00
Cole Robinson
db35beaa1d qemu: command: Report stderr from qemu-bridge-helper
There's a couple reports of things failing in this area (bug 1259070),
but it's tough to tell what's going wrong without stderr from
qemu-bridge-helper. So let's report stderr in the error message

Couple new examples:

virbr0 is inactive:
internal error: /usr/libexec/qemu-bridge-helper --use-vnet --br=virbr0 --fd=21: failed to communicate with bridge helper: Transport endpoint is not connected
stderr=failed to get mtu of bridge `virbr0': No such device

bridge isn't on the ACL:
internal error: /usr/libexec/qemu-bridge-helper --use-vnet --br=br0 --fd=21: failed to communicate with bridge helper: Transport endpoint is not connected
stderr=access denied by acl file
2015-09-11 12:57:42 -04:00
Daniel P. Berrange
427067f7ed xen: fix race in refresh of config cache
The xenXMConfigCacheRefresh method scans /etc/xen and loads
all config files it finds. It then scans its internal hash
table and purges any (previously) loaded config files whose
refresh timestamp does not match the timestamp recorded at
the start of xenXMConfigCacheRefresh(). There is unfortunately
a subtle flaw in this, because if loading the config files
takes longer than 1 second, some of the config files will
have a refresh timestamp that is 1 or more seconds different
(newer) than is checked for. So we immediately purge a bunch
of valid config files we just loaded.

To avoid this flaw, we must pass the timestamp we record at
the start of xenXMConfigCacheRefresh() into the
xenXMConfigCacheAddFile() method, instead of letting the
latter call time(NULL) again.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-09-11 17:25:29 +01:00
Martin Kletzander
cce83f1318 tests: Don't use testutils in mock libraries
Mock libraries are not built with testutils.c, but there's one which
uses VIR_TEST_DEBUG.  But because that debug should be an error, if we
change it, then it will not only be more semantically correct, but mingw
compiler will be happier as well.

It also follows suit with all other mock libraries.

For few other things, used in this file, need libvirt.la to be added
into LIBADD for mingw as well.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-11 13:34:02 +02:00
Ian Campbell
ee7758f09b libxl: don't end job for ephemeal domain on start failure
commit 4b53d0d4ac "libxl: don't remove persistent domain on start
failure" cleans up the vm object and sets it to NULL if the vm is not
persistent, however at end job vm (now NULL) is dereferenced via the call to
libxlDomainObjEndJob. Avoid this by skipping "endjob" and going
straight to "cleanup" in this case.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
2015-09-11 10:56:43 +02:00
Daniel P. Berrange
80dca1eba9 docs: Update devguide.html to point to the new Python dev guide
We have a new libvirt-appdev-guide-python which we need to
promote to users. Rewrite the existing page to mention it
too. Also use the new URL location which is automatically
refreshed once a day.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-09-10 12:15:45 +01:00
Andrea Bolognani
75036c69df qemu: Try several network devices when looking for a default
Up until now, the default has been rtl8139, but no check was in
place to make sure that device was actually available.

Now we try rtl8139, e1000 and virtio-net in turn, checking for
availability before using any of them: this means we have a much
better chance for the guest to be able to boot.
2015-09-10 11:15:38 +02:00
Andrea Bolognani
fedbb015a9 qemu: Introduce QEMU_CAPS_DEVICE_VIRTIO_NET
This capability can be used to detect whether or not the QEMU
binary supports the virtio-net-* network device.
2015-09-10 09:25:02 +02:00
Andrea Bolognani
fb58318d7f qemu: Introduce QEMU_CAPS_DEVICE_E1000
This capability can be used to detect whether or not the QEMU
binary supports the e1000 network device.
2015-09-10 09:25:01 +02:00
Andrea Bolognani
b8d545a8b8 qemu: Introduce QEMU_CAPS_DEVICE_RTL8139
This capability can be used to detect whether or not the QEMU
binary supports the rtl8139 network device.
2015-09-10 09:25:01 +02:00
Martin Kletzander
8370023730 qemu: Report error if per-VM directory cannot be created
Commit f1f68ca334 did not report an error if virFileMakePath()
returned -1.  Well, who would've guessed function with name starting
with 'vir' sets an errno instead of reporting an error the libvirt way.
Anyway, let's fix it, so the output changes from:

  $ virsh start arm
  error: Failed to start domain arm
  error: An error occurred, but the cause is unknown

to:

  $ virsh start arm
  error: Failed to start domain arm
  error: Cannot create directory '/var/lib/libvirt/qemu/domain-arm': Not
  a directory

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-09 13:38:18 +02:00
Martin Kletzander
6d91d70190 Revert "docs: Drop unused rule for internals/%.html.tmp target"
This reverts commit e5470dd0e0.

This has been ACK'd by the original author in the original mail thread:
https://www.redhat.com/archives/libvir-list/2015-September/msg00310.html

The reason to revert this is due to the patch breaking the generation of
internal subsites.  The original issue still needs to be dealt with,
though.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-09 11:52:24 +02:00
Peter Krempa
a98e5a7815 qemu: migration: Relax enforcement of memory hotplug support
If the current live definition does not have memory hotplug enabled, but
the persistent one does libvirt would reject migration if the
destination does not support memory hotplug even if the user didn't want
to persist the VM at the destination and thus the XML containing the
memory hotplug definition would not be used. To fix this corner case the
code will check for memory hotplug in the newDef only if
VIR_MIGRATE_PERSIST_DEST was used.
2015-09-09 09:39:55 +02:00
Martin Kletzander
0f3989c172 docs: Remove last use of double semicolon in Makefile
Double semicolons have special meaning in makefiles, but they would have
to be combined with other rules witch such separators in order to be
used as intended.  Since there are no other rules like that, let's
clean it up.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-08 15:07:08 +02:00
Martin Kletzander
26893ac6e0 util: Add win32 version of virFileUnlink
Commit 35847860f6 Added the virFileUnlink function, but failed to add
a version for mingw build, causing the following error:

  Cannot export virFileUnlink: symbol not defined

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-08 11:54:53 +02:00
Luyao Huang
83ae3ee39b conf: fix crash when parsing a unordered NUMA <cell/>
https://bugzilla.redhat.com/show_bug.cgi?id=1260846

Introduced by 8fedbbdb, if we parse an unordered NUMA cell, will
get a segfault. This is because of a check for overlapping @cpus
sets we have there. However, since the array to hold guest NUMA
cells is allocated upfront and therefore it contains all zeros,
an out of order cell will break our assumption that cell IDs have
increasing character. At this point we try to access yet NULL
bitmap and therefore segfault.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-09-08 10:40:20 +02:00
Erik Skultety
ccae95d50e admin: Resolve leaked reference to private data
Running valgrind on a very simplistic program consisting only of
opening and closing admin connection (virAdmConnect{Open,Close}) shows a
leak in remoteAdminPrivNew, because the last reference to privateData is
not decremented, thus the object won't be disposed. This patch unrefs
the privateData object once we closed the active connection to daemon,
making further use of this connection  useless.

==24577==    at 0x4A089C7: calloc (in /usr/lib64/valgrind/vgpreload_***linux.so)
==24577==    by 0x4E8835F: virAllocVar (viralloc.c:560)
==24577==    by 0x4EDFA5C: virObjectNew (virobject.c:193)
==24577==    by 0x4EDFBD4: virObjectLockableNew (virobject.c:219)
==24577==    by 0x4C14DAF: remoteAdminPrivNew (libvirt-admin.c:152)
==24577==    by 0x4C1537E: virAdmConnectOpen (libvirt-admin.c:308)
==24577==    by 0x400BAD: main (listservers.c:39)

==24577== LEAK SUMMARY:
==24577==    definitely lost: 80 bytes in 1 blocks
==24577==    indirectly lost: 840 bytes in 6 blocks
==24577==      possibly lost: 0 bytes in 0 blocks
==24577==    still reachable: 12,179 bytes in 199 blocks
==24577==         suppressed: 0 bytes in 0 blocks
2015-09-08 10:07:18 +02:00
Matthias Bolte
98d8c811ce vmx: Add handling for CDROM devices with SCSI passthru
https://bugzilla.redhat.com/show_bug.cgi?id=1172544
2015-09-07 22:19:42 +02:00
Matthias Bolte
7c959e0dc0 vmx: The virVMXParseDisk deviceType can be NULL, add some missing checks 2015-09-07 22:17:49 +02:00
Jiri Denemark
8720551256 cpu: Introduce IvyBridge CPU model
https://bugzilla.redhat.com/show_bug.cgi?id=1254420

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-09-07 12:36:06 +02:00
Michal Privoznik
0efe8f5065 virsh: Slightly rework cmdDomblklist
Let's move some variables from an inside loop to global function
declaration header block. It's going to be easier for next
patches. At the same time, order the cleanup calls at the
function's end so it's easier to track which variables are freed
and which not.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-07 11:01:11 +02:00
Michal Privoznik
ea65fdba7f .gitignore: Ignore the correct rename example binary
In e755186c5c we tried to introduce an example demonstrating
new virDomainRename API. Unfortunately, in the .gitignore we had
a different binary listed. It's 'rename' binary which we want git
to ignore, not 'test'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-07 10:40:55 +02:00
Martin Kletzander
732ce2789b examples: Add missing build data for 'rename'
Commit e755186c5c added the rename example, but forgot to build some
essential files in there as well as add it to the spec file.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-07 09:00:19 +02:00
Matthias Bolte
1d204cf196 vmx: Some whitespace cleanup 2015-09-05 13:58:03 +02:00
John Ferlan
62c6778495 conf: Remove need for a couple of sa_asserts
Remove the need for a couple of sa_asserts.
2015-09-04 15:19:04 -04:00
John Ferlan
c78e1cfcb5 util: Avoid Coverity FORWARD_NULL
Coverity claims it could be possible to call virDBusTypeStackFree with
*stack == NULL and although the two API's that call it don't appear to
allow that - I suppose it's better to be safe than sorry
2015-09-04 15:19:04 -04:00
John Ferlan
53caf99db6 virfile: Avoid Coverity IDENTICAL_BRANCHES error
In virFileNBDDeviceFindUnused if virFileNBDDeviceIsBusy returns 0,
then both branches jumped to cleanup, so just use ignore_value
since the function returns NULL or some memory and the caller
handles the error.
2015-09-04 15:19:04 -04:00
John Ferlan
11822fff28 lxc: Avoid Coverity SIZEOF_MISMATCH
Commit id '692e9fac7' used virProcessSetNamespaces instead of inlining
the similar functionality; however, Coverity notes that the function
prototype expects a size_t value and not an enum and complains. So,
just typecast the enum as a size_t to avoid the noise.
2015-09-04 15:19:04 -04:00
John Ferlan
ea3c5f25eb qemu: Check virGetLastError return value for migration finish failure
Commit id '2e7cea243' added a check for an error from Finish instead
of 'unexpected error'; however, if for some reason there wasn't an
error, then virGetLastError could return NULL resulting in the
NULL pointer deref to err->domain.
2015-09-04 15:19:04 -04:00
Martin Kletzander
53704bf24e Change name of the domain upon successful rename
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-04 18:55:01 +02:00
Martin Kletzander
e755186c5c Add example that renames domain there and back
And in the middle it prints out its name to demonstrate changes in later
patch(es).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-04 18:55:01 +02:00
Jiri Denemark
29b5167417 examples: Add example polkit ACL rules
Creating ACL rules is not exactly easy and existing examples are pretty
simple. This patch adds a somewhat complex example which defines several
roles. Admins can do everything, operators can do basic operations
on any domain and several groups of users who act as operators but only
on a limited set of domains.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-09-04 17:26:04 +02:00
John Ferlan
a39ab90908 qemu: Need to check for machine.os when using ADDRESS_TYPE_CCW
https://bugzilla.redhat.com/show_bug.cgi?id=1258361

When attaching a disk, controller, or rng using an address type ccw
or s390, we need to ensure the support is provided by both the machine.os
and the emulator capabilities (corollary to unconditional setting when
address was not provided for the correct machine.os and emulator.

For an inactive guest, an addition followed by a start would cause the
startup to fail after qemu_command builds the command line and attempts
to start the guest. For an active guest, libvirtd would crash.
2015-09-04 08:47:33 -04:00
John Ferlan
d334c91751 qemu: Introduce qemuDomainMachineIsS390CCW
Rather than have different usages of STR function in order to determine
whether the domain is s390-ccw or s390-ccw-virtio, make a single API
which will check the machine.os prefix. Then use the function.
2015-09-04 08:47:33 -04:00
Erik Skultety
682775fbb8 vsh: Make vshInitDebug static
There's no reason why debug initialization could not be made completely
hidden, just like readline initialization is. The point of the global
initializer vshInit is to make initialization of smaller features transparent
to the user/caller.
2015-09-04 14:12:34 +02:00
Erik Skultety
a02de849a0 virsh: Do not make interactive mode default
Currently, we set interactive mode as default possibly reverting the
setting after we parse the command line arguments. There's nothing
particulary wrong with that, but a call to vshReadlineInit is performed
always in the global initializer just because the default mode is interactive.
Rather than moving vshReadlineInit call somewhere else (because another client
might want to implement interactive mode only), we could make the decision
if we're about to run in interactive mode once the command line is parsed.
2015-09-04 14:12:34 +02:00
Erik Skultety
f59d51f518 vsh: Introduce vshInitReload
Commit a0b6a36f separated vshInitDebug from the original vshInit
(before virsh got split and vshInit became virshInit - commit 834c5720)
in order to be able to debug command line parsing.
After the parsing is finished, debugging is reinitialized to work properly.
There might as well be other features that require re-initialization as
the command line could specify parameters that override our defaults which
had been set prior to calling vshArgvParse.
2015-09-04 14:12:34 +02:00
Erik Skultety
57b8a38840 vsh: adjust vshInit signature and remove redundant error label
As part of the effort to stay consistent, change the vshInit signature
from returning int to returning bool. Moreover, remove the
unnecessary error label as there is no cleanup that would make use of
it.
2015-09-04 14:12:34 +02:00
Jim Fehlig
6ce939c247 libxl: don't overwrite error from virNetSocketNewConnectTCP()
Remove redundant error reporting in libxlDomainMigrationPerform().
virNetSocketNewConnectTCP() is perfectly capable of reporting
sensible errors.
2015-09-03 20:37:28 -06:00
Pavel Hrdina
e92e5ba128 domain-conf: escape string for socket attribute
Commit d091518b tried to escape all strings in produced XML, but missed
this one.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-09-03 18:14:42 +02:00
Laine Stump
46cf0cefa0 util: don't use netlink to save/set mac for macvtap+passthrough+802.1Qbh
Before libvirt sets the MAC address of the physdev (the physical
ethernet device) linked to a macvtap passthrough device, it always
saves the previous MAC address to restore when the guest is finished
(following a "leave nothing behind" policy). For a long time it
accomplished the save/restore with a combination of
ioctl(SIOCGIFHWADDR) and ioctl(SIOCSIFHWADDR), but in commit cbfe38c
(first in libvirt 1.2.15) this was changed to use netlink RTM_GETLINK
and RTM_SETLINK commands sent to the Physical Function (PF) of any
device that was detected to be a Virtual Function (VF).

We later found out that this caused problems with any devices using
the Cisco enic driver (e.g. vmfex cards) because the enic driver
hasn't implemented the function that is called to gather the
information in the IFLA_VFINFO_LIST attribute of RTM_GETLINK
(ndo_get_vf_config() for those keeping score), so we would never get
back a useful response.

In an ideal world, all drivers would implement all functions, but it
turns out that in this case we can work around this omission without
any bad side effects - since all macvtap passthrough <interface>
definitions pointing to a physdev that uses the enic driver *must*
have a <virtualport type='802.1Qbh'>, and since no other type of
ethernet devices use 802.1Qbh, libvirt can change its behavior in this
case to use the old-style.  ioctl(SIOC[GS]IFHWADDR).  That's what this
patch does.

Resolves:  https://bugzilla.redhat.com/show_bug.cgi?id=1257004
2015-09-03 11:38:17 -04:00
Laine Stump
3ce08fab84 util: make virNetDev(Replace|Restore)MacAddress public functions
These functions were made static as a part of commit cbfe38c since
they were no longer called from outside virnetdev.c. We once again
need to call them from another file, so this patch makes them once
again public.
2015-09-03 11:38:09 -04:00