https://bugzilla.redhat.com/show_bug.cgi?id=1124841
If running in session mode it may happen that we fail to set
correct SELinux label, but the image may still be readable to
the qemu process. Take this into account.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
We may want to do some decisions in drivers based on fact if we
are running as privileged user or not. Propagate this info there.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
We have plenty of callbacks in the driver. Some of these
callbacks require more than one argument to be passed. For that
we currently have a data type (struct) per each callback. Well,
so far for only one - SELinuxSCSICallbackData. But lets turn it
into more general name so it can be reused in other callbacks too
instead of each one introducing a new, duplicate data type.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Commit f1f68ca334 tried fixing running multiple domains under various
users, but if the user can't browse the directory, it's hard for the
qemu running under that user to create the monitor socket.
The permissions need to be fixed in two places in the spec file due to
support for both installations with and without driver modules.
Creating a directory with '$(MKDIR_P) -m' shouldn't fail even on systems
where autoconf needs to fallback to 'install-sh -d'.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Commit 8125113c added code that should remove the disk backend if the
fronted hotplug failed for any reason. The code had a bug though as it
used the disk string for unplug rather than the backend alias. Fix the
code by pre-creating an alias string and using it instead of the disk
string. In cases where qemu does not support QEMU_CAPS_DEVICE, we ignore
the unplug of the backend since we can't really create an alias in that
case.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1262399
There's a couple reports of things failing in this area (bug 1259070),
but it's tough to tell what's going wrong without stderr from
qemu-bridge-helper. So let's report stderr in the error message
Couple new examples:
virbr0 is inactive:
internal error: /usr/libexec/qemu-bridge-helper --use-vnet --br=virbr0 --fd=21: failed to communicate with bridge helper: Transport endpoint is not connected
stderr=failed to get mtu of bridge `virbr0': No such device
bridge isn't on the ACL:
internal error: /usr/libexec/qemu-bridge-helper --use-vnet --br=br0 --fd=21: failed to communicate with bridge helper: Transport endpoint is not connected
stderr=access denied by acl file
The xenXMConfigCacheRefresh method scans /etc/xen and loads
all config files it finds. It then scans its internal hash
table and purges any (previously) loaded config files whose
refresh timestamp does not match the timestamp recorded at
the start of xenXMConfigCacheRefresh(). There is unfortunately
a subtle flaw in this, because if loading the config files
takes longer than 1 second, some of the config files will
have a refresh timestamp that is 1 or more seconds different
(newer) than is checked for. So we immediately purge a bunch
of valid config files we just loaded.
To avoid this flaw, we must pass the timestamp we record at
the start of xenXMConfigCacheRefresh() into the
xenXMConfigCacheAddFile() method, instead of letting the
latter call time(NULL) again.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Mock libraries are not built with testutils.c, but there's one which
uses VIR_TEST_DEBUG. But because that debug should be an error, if we
change it, then it will not only be more semantically correct, but mingw
compiler will be happier as well.
It also follows suit with all other mock libraries.
For few other things, used in this file, need libvirt.la to be added
into LIBADD for mingw as well.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
commit 4b53d0d4ac "libxl: don't remove persistent domain on start
failure" cleans up the vm object and sets it to NULL if the vm is not
persistent, however at end job vm (now NULL) is dereferenced via the call to
libxlDomainObjEndJob. Avoid this by skipping "endjob" and going
straight to "cleanup" in this case.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
We have a new libvirt-appdev-guide-python which we need to
promote to users. Rewrite the existing page to mention it
too. Also use the new URL location which is automatically
refreshed once a day.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Up until now, the default has been rtl8139, but no check was in
place to make sure that device was actually available.
Now we try rtl8139, e1000 and virtio-net in turn, checking for
availability before using any of them: this means we have a much
better chance for the guest to be able to boot.
Commit f1f68ca334 did not report an error if virFileMakePath()
returned -1. Well, who would've guessed function with name starting
with 'vir' sets an errno instead of reporting an error the libvirt way.
Anyway, let's fix it, so the output changes from:
$ virsh start arm
error: Failed to start domain arm
error: An error occurred, but the cause is unknown
to:
$ virsh start arm
error: Failed to start domain arm
error: Cannot create directory '/var/lib/libvirt/qemu/domain-arm': Not
a directory
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
This reverts commit e5470dd0e0.
This has been ACK'd by the original author in the original mail thread:
https://www.redhat.com/archives/libvir-list/2015-September/msg00310.html
The reason to revert this is due to the patch breaking the generation of
internal subsites. The original issue still needs to be dealt with,
though.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
If the current live definition does not have memory hotplug enabled, but
the persistent one does libvirt would reject migration if the
destination does not support memory hotplug even if the user didn't want
to persist the VM at the destination and thus the XML containing the
memory hotplug definition would not be used. To fix this corner case the
code will check for memory hotplug in the newDef only if
VIR_MIGRATE_PERSIST_DEST was used.
Double semicolons have special meaning in makefiles, but they would have
to be combined with other rules witch such separators in order to be
used as intended. Since there are no other rules like that, let's
clean it up.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Commit 35847860f6 Added the virFileUnlink function, but failed to add
a version for mingw build, causing the following error:
Cannot export virFileUnlink: symbol not defined
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1260846
Introduced by 8fedbbdb, if we parse an unordered NUMA cell, will
get a segfault. This is because of a check for overlapping @cpus
sets we have there. However, since the array to hold guest NUMA
cells is allocated upfront and therefore it contains all zeros,
an out of order cell will break our assumption that cell IDs have
increasing character. At this point we try to access yet NULL
bitmap and therefore segfault.
Signed-off-by: Luyao Huang <lhuang@redhat.com>
Running valgrind on a very simplistic program consisting only of
opening and closing admin connection (virAdmConnect{Open,Close}) shows a
leak in remoteAdminPrivNew, because the last reference to privateData is
not decremented, thus the object won't be disposed. This patch unrefs
the privateData object once we closed the active connection to daemon,
making further use of this connection useless.
==24577== at 0x4A089C7: calloc (in /usr/lib64/valgrind/vgpreload_***linux.so)
==24577== by 0x4E8835F: virAllocVar (viralloc.c:560)
==24577== by 0x4EDFA5C: virObjectNew (virobject.c:193)
==24577== by 0x4EDFBD4: virObjectLockableNew (virobject.c:219)
==24577== by 0x4C14DAF: remoteAdminPrivNew (libvirt-admin.c:152)
==24577== by 0x4C1537E: virAdmConnectOpen (libvirt-admin.c:308)
==24577== by 0x400BAD: main (listservers.c:39)
==24577== LEAK SUMMARY:
==24577== definitely lost: 80 bytes in 1 blocks
==24577== indirectly lost: 840 bytes in 6 blocks
==24577== possibly lost: 0 bytes in 0 blocks
==24577== still reachable: 12,179 bytes in 199 blocks
==24577== suppressed: 0 bytes in 0 blocks
Let's move some variables from an inside loop to global function
declaration header block. It's going to be easier for next
patches. At the same time, order the cleanup calls at the
function's end so it's easier to track which variables are freed
and which not.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
In e755186c5c we tried to introduce an example demonstrating
new virDomainRename API. Unfortunately, in the .gitignore we had
a different binary listed. It's 'rename' binary which we want git
to ignore, not 'test'.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Commit e755186c5c added the rename example, but forgot to build some
essential files in there as well as add it to the spec file.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Coverity claims it could be possible to call virDBusTypeStackFree with
*stack == NULL and although the two API's that call it don't appear to
allow that - I suppose it's better to be safe than sorry
In virFileNBDDeviceFindUnused if virFileNBDDeviceIsBusy returns 0,
then both branches jumped to cleanup, so just use ignore_value
since the function returns NULL or some memory and the caller
handles the error.
Commit id '692e9fac7' used virProcessSetNamespaces instead of inlining
the similar functionality; however, Coverity notes that the function
prototype expects a size_t value and not an enum and complains. So,
just typecast the enum as a size_t to avoid the noise.
Commit id '2e7cea243' added a check for an error from Finish instead
of 'unexpected error'; however, if for some reason there wasn't an
error, then virGetLastError could return NULL resulting in the
NULL pointer deref to err->domain.
Creating ACL rules is not exactly easy and existing examples are pretty
simple. This patch adds a somewhat complex example which defines several
roles. Admins can do everything, operators can do basic operations
on any domain and several groups of users who act as operators but only
on a limited set of domains.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1258361
When attaching a disk, controller, or rng using an address type ccw
or s390, we need to ensure the support is provided by both the machine.os
and the emulator capabilities (corollary to unconditional setting when
address was not provided for the correct machine.os and emulator.
For an inactive guest, an addition followed by a start would cause the
startup to fail after qemu_command builds the command line and attempts
to start the guest. For an active guest, libvirtd would crash.
Rather than have different usages of STR function in order to determine
whether the domain is s390-ccw or s390-ccw-virtio, make a single API
which will check the machine.os prefix. Then use the function.
There's no reason why debug initialization could not be made completely
hidden, just like readline initialization is. The point of the global
initializer vshInit is to make initialization of smaller features transparent
to the user/caller.
Currently, we set interactive mode as default possibly reverting the
setting after we parse the command line arguments. There's nothing
particulary wrong with that, but a call to vshReadlineInit is performed
always in the global initializer just because the default mode is interactive.
Rather than moving vshReadlineInit call somewhere else (because another client
might want to implement interactive mode only), we could make the decision
if we're about to run in interactive mode once the command line is parsed.
Commit a0b6a36f separated vshInitDebug from the original vshInit
(before virsh got split and vshInit became virshInit - commit 834c5720)
in order to be able to debug command line parsing.
After the parsing is finished, debugging is reinitialized to work properly.
There might as well be other features that require re-initialization as
the command line could specify parameters that override our defaults which
had been set prior to calling vshArgvParse.
As part of the effort to stay consistent, change the vshInit signature
from returning int to returning bool. Moreover, remove the
unnecessary error label as there is no cleanup that would make use of
it.
Before libvirt sets the MAC address of the physdev (the physical
ethernet device) linked to a macvtap passthrough device, it always
saves the previous MAC address to restore when the guest is finished
(following a "leave nothing behind" policy). For a long time it
accomplished the save/restore with a combination of
ioctl(SIOCGIFHWADDR) and ioctl(SIOCSIFHWADDR), but in commit cbfe38c
(first in libvirt 1.2.15) this was changed to use netlink RTM_GETLINK
and RTM_SETLINK commands sent to the Physical Function (PF) of any
device that was detected to be a Virtual Function (VF).
We later found out that this caused problems with any devices using
the Cisco enic driver (e.g. vmfex cards) because the enic driver
hasn't implemented the function that is called to gather the
information in the IFLA_VFINFO_LIST attribute of RTM_GETLINK
(ndo_get_vf_config() for those keeping score), so we would never get
back a useful response.
In an ideal world, all drivers would implement all functions, but it
turns out that in this case we can work around this omission without
any bad side effects - since all macvtap passthrough <interface>
definitions pointing to a physdev that uses the enic driver *must*
have a <virtualport type='802.1Qbh'>, and since no other type of
ethernet devices use 802.1Qbh, libvirt can change its behavior in this
case to use the old-style. ioctl(SIOC[GS]IFHWADDR). That's what this
patch does.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1257004
These functions were made static as a part of commit cbfe38c since
they were no longer called from outside virnetdev.c. We once again
need to call them from another file, so this patch makes them once
again public.