Commit Graph

473 Commits

Author SHA1 Message Date
Daniel P. Berrange
950c2a550f Move examples/domain-events/event-c to examples/object-events
The domain events demo program isn't really tied to domain
events anymore, so rename it to object events.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:54 +00:00
Daniel P. Berrange
8edb622c93 Bump version to 1.2.1 for new dev cycle
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-12 14:53:14 +00:00
Adam Walters
62774afb6b configure: Resolve compile issue in configure.ac
This patch resolves a compile issue caused by the
removal of examples/domsuspend code in commit
5eb4b04211. This issue
is only seen in a fresh checkout, but causes the build
and configure to fail.
2013-12-05 16:06:59 +08:00
Daniel Veillard
4e41a2a370 Release of libvirt-1.2.0
* configure.ac docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: update and merge localizations from transifex
2013-12-02 12:17:51 +08:00
Jim Fehlig
56022a293c look for numad in /usr/sbin
When looking for numad with AC_PATH_PROG, include /usr/sbin in
the search path.
2013-11-26 21:32:43 -07:00
Eric Blake
318ea3cb77 storage: initial support for linking with libgfapi
We support gluster volumes in domain XML, so we also ought to
support them as a storage pool.  Besides, a future patch will
want to take advantage of libgfapi to handle the case of a
gluster device holding qcow2 rather than raw storage, and for
that to work, we need a storage backend that can read gluster
storage volume contents.  This sets up the framework.

Note that the new pool is named 'gluster' to match a
<disk type='network'><source protocol='gluster'> image source
already supported in a <domain>; it does NOT match the
<pool type='netfs'><source><target type='glusterfs'>,
since that uses a FUSE mount to a local file name rather than
a network name.

This and subsequent patches have been tested against glusterfs
3.4.1 (available on Fedora 19); there are likely bugs in older
versions that may prevent decent use of gfapi, so this patch
enforces the minimum version tested.  A future patch may lower
the minimum.  On the other hand, I hit at least two bugs in
3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
raising the minimum: glfs_readdir is nicer to use than
glfs_readdir_r [1], and glfs_fini should only return failure on
an actual failure [2].

[1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
[2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html

* configure.ac (WITH_STORAGE_GLUSTER): New conditional.
* m4/virt-gluster.m4: new file.
* libvirt.spec.in (BuildRequires): Support gluster in spec file.
* src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
type.
* src/conf/storage_conf.c (poolTypeInfo): Treat similar to
sheepdog and rbd.
(virStoragePoolDefFormat): Don't output target for gluster.
* src/storage/storage_backend_gluster.h: New file.
* src/storage/storage_backend_gluster.c: Likewise.
* po/POTFILES.in: Add new file.
* src/storage/storage_backend.c (backends): Register new type.
* src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
* src/storage/storage_backend.h (_virStorageBackend): Documet
assumption.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 11:02:52 -07:00
Daniel P. Berrange
a7a1244a73 Remove python binding
The python binding now lives in

  http://libvirt.org/git/?p=libvirt-python.git

that repo also provides an RPM which is upgrade compatible
with the old libvirt-python sub-RPM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-25 16:08:00 +00:00
Daniel Veillard
a4a7c7e9c4 Release of libvirt-1.1.4
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: update localizations from transifex and regenerate
2013-11-04 12:30:41 +08:00
Doug Goldstein
915c69365b MacOS: Re-add support for QEMU backend
The QEMU backend was disabled on Mac OS X without a reason in the code
and due to refactors its difficult to understand when/why it was
disabled. With QEMU being supported on Mac OS X there is no reason to
disable QEMU on this platform.
2013-10-29 23:35:06 -05:00
Daniel P. Berrange
3e2f27e13b Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Eric Blake
d6eac3f377 build: move readline check into its own macro
A future patch will allow disabling readline; doing this in an
isolated file instead of configure.ac will make the task easier.

* configure.ac: Move readline code...
* m4/virt-readline.m4: ...here.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-07 08:35:57 -06:00
Eric Blake
3fde7ad894 build: kill maintainer mode, always rebuild by default
The automake manual recommends against the use of disabling
maintainer mode by default:

https://www.gnu.org/software/automake/manual/automake.html#maintainer_002dmode

because when it is disabled, the user gets no indication if they
touch a file that would normally require a rebuild.  Automake
1.11 changed things so that AM_MAINTAINER_MODE([enable]) will set
the mode to enabled by default; but RHEL 5 still uses automake 1.9,
where AM_MAINTAINER_MODE did not recognize an argument, and
therefore disables maintainer mode by default.  Having the default
be different according to which version of automake built the
project is annoying, and I _have_ been bitten on RHEL 5 rebuilds
where the default disabled mode led to silently incorrect builds.

The automake manual admits that being able to disable maintainer
mode still makes sense for projects that still store generated
files from the autotools in version control; but we have dropped
that for several years now.  As such, it's finally time to just
ditch the whole idea of maintainer mode, and unconditionally
rebuild autotools files if a dependency changes, without offering
a configure option to disable that mode.

* configure.ac (AM_MAINTAINER_MODE): Drop.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-07 08:28:25 -06:00
Eric Blake
bdc55cc7d2 build: fix build --without-remote
I tried to test ./configure --without-lxc --without-remote.
First, the build failed with some odd errors, such as an
inability to build xen, or link failures for virNetTLSInit.
But when you think about it, once there is no remote code,
all of libvirtd is useless, any stateful driver that depends
on libvirtd is also not worth compiling, and any libraries
used only by RPC code are not needed.  So I patched
configure.ac to make for some saner defaults when an
explicit disable is attempted.  Similarly, since we have
migrated virnetdevbridge into generic code, the workaround
for Linux kernel stupidity must not depend on stateful
drivers being in use.

Then there's 'make check' that needs segregation.

Wow - quite a bit of cleanup to make --without-remote useful :)

* configure.ac: Let --without-remote toggle defaults on stateful
drivers and other libraries.  Pick up Linux kernel workarounds
even when qemu and lxc are not being compiled.
* tests/Makefile.am (test_programs): Factor out programs that
require remote.
* src/libvirt_private.syms (rpc/virnet*.h): Move...
* src/libvirt_remote.syms: ...into new file.
* src/Makefile.am (SYM_FILES): Ship new syms file.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-04 17:01:47 -06:00
Oskari Saarenmaa
532fef369f storage: fix file allocation behavior in file cloning
Fixed the safezero call for allocating the rest of the file after cloning
an existing volume; it used to always use a zero offset, causing it to
only allocate the beginning of the file.

Also modified file creation to try to use fallocate(2) to pre-allocate
disk space before copying any data to make sure it fails early on if disk
is full and makes sure we can skip zero blocks when copying file contents.

If fallocate isn't available we will zero out the rest of the file after
cloning and only use sparse cloning if client requested a lower allocation
than the input volume's capacity.

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-10-04 16:18:44 +02:00
Daniel Veillard
a72940f954 Release of libvirt-1.1.3
- configure.ac docs/news.html.in libvirt.spec.in: update for release
- po/*.po*: updated localization and regenerated
2013-10-01 15:04:14 +08:00
Daniel P. Berrange
922b7fda77 Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.

To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.

This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'

Signed-off-by: Colin Walters <walters@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-18 15:13:42 +01:00
Eric Blake
0e1f012c1d build: hoist system-specific checks before library checks
Commit f92c7e3 fixed a regression for native builds, but introduced
a regression for cross-compilation builds; in particular,
./autobuild.sh on a Fedora system with mingw cross-compiler fails
with:

checking for qemu-kvm... /usr/bin/qemu-kvm
checking for yajl_parse_complete in -lyajl... no
checking for yajl_tree_parse in -lyajl... no
configure: error: You must install the libyajl library & headers to compile libvirt

Since we default $with_qemu to 'yes' rather than 'check', and then
flip that default based on platform-specific checks, those platform
specifics need to come prior to any library checks that depend on
the value of $with_qemu.

* configure.ac: Ensure system defaults are sane before checking
for things that make decisions based on system default.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-17 10:25:42 -06:00
Eric Blake
e62e0094dc build: fix build with latest rawhide kernel headers
Bother those kernel developers.  In the latest rawhide, kernel
and glibc have now been unified so that <netinet/in.h> and
<linux/in6.h> no longer clash; but <linux/if_bridge.h> is still
not self-contained.  Because of the latest header change, the
build is failing with:

checking for linux/param.h... no
configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support

with details:

In file included from conftest.c:561:0:
/usr/include/linux/in6.h:71:18: error: field 'flr_dst' has incomplete type
  struct in6_addr flr_dst;

We need a workaround to avoid our workaround :)

* configure.ac (NETINET_LINUX_WORKAROUND): New test.
* src/util/virnetdevbridge.c (includes): Use it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-16 09:24:12 -06:00
Eric Blake
cf83adfb7d build: require libnl-3 if netcf uses it
Commits 9298bfb and f6c2951 both tried to make it possible to
select the correct libnl (1 vs. 3) according to what netcf
used, when both libraries are installed.  This works to avoid
libnl-3 when netcf used libnl-1.  But on the converse side, if
only libnl-1 development code is installed, while netcf uses
libnl-3, then configure happily uses libnl-1 anyways, leading
to a test failure:

$ VIR_TEST_DEBUG=1 ./virdrivermoduletest
TEST: virdrivermoduletest
 1) Test driver "network"                                             ... OK
 2) Test driver "storage"                                             ... OK
 3) Test driver "nodedev"                                             ... OK
 4) Test driver "secret"                                              ... OK
 5) Test driver "nwfilter"                                            ... OK
 6) Test driver "interface"
... lt-virdrivermoduletest: route/tc.c:973: rtnl_tc_register: Assertion
`0' failed.
Aborted

It's much nicer to prevent this at configure time, by requiring that
if we know what netcf used, then we want the same libnl version.  As
before, this can be bypassed by someone who knows what they are doing
by setting LIBNL_CFLAGS (perhaps useful to the rare person where the
build box has a different version of netcf than the installation box).

* configure.ac (LIBNL): If we can prove netcf used libnl-3, then
don't let configure succeed with libnl-1.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-11 14:10:33 -06:00
Eric Blake
f92c7e31fc build: fix regression in requiring yajl for new enough qemu
Jonathan Lebon reported an issue to me off-list about his build
failing to use qemu because he failed to install yajl-devel.  But
I recalled specifically tweaking configure.ac to die in that
situation (commits 350583c, ba9c38b).  After a bit more
head-scratching, we found the cause of the regression: commit
654c709 rearranged things so that the qemu version check now
occurs before AC_ARG_WITH has had a chance to set either
$with_qemu or $with_yajl.

Coincidentally, this fix aligns with a documentation patch that
was just posted to the autoconf mailing list :)
http://thread.gmane.org/gmane.comp.sysutils.autoconf.patches/8324

* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_LIB_ALT)
(LIBVIRT_CHECK_PKG): Populate defaults earlier.
* configure.ac (AC_ARG_WITH): Likewise for drivers.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-10 12:03:19 -06:00
Eric Blake
ff77742104 build: avoid obsolete AC_HELP_STRING
Autoconf states that AC_HELP_STRING is obsolete, and that new
programs should use AS_HELP_STRING.  We also had instances of
not properly quoting the macro usage, and not relying on autoconf's
word-wrapping abilities to avoid long lines.  I validated that this
commit has no impact to the generated configure file.

* configure.ac (AC_ARG_WITH, AC_ARG_ENABLE): Autoconf recommends
the use of AS_HELP_STRING.  Also, use proper quoting and wrap long
lines.
* m4/virt-apparmor.m4 (LIBVIRT_CHECK_APPARMOR): Likewise.
* m4/virt-selinux.m4 (LIBVIRT_CHECK_SELINUX): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-09 13:27:49 -06:00
Eric Blake
7f626e478d build: use automake subdir-objects
Automake 2.0 will enable subdir-objects by default; in preparation
for that change, automake 1.14 outputs LOADS of warnings:

daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
automake-1.14: warning: possible forward-incompatibility.
automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
automake-1.14: automake option hasn't been enabled.  For now, the corresponding output
automake-1.14: object file(s) will be placed in the top-level directory.  However,
automake-1.14: this behaviour will change in future Automake versions: they will
automake-1.14: unconditionally cause object files to be placed in the same subdirectory
automake-1.14: of the corresponding sources.
automake-1.14: You are advised to start using 'subdir-objects' option throughout your
automake-1.14: project, to avoid future incompatibilities.
daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
...

As automake 1.9 also supported this option, and the previous patches
fixed up the code base to work with it, it is safe to now turn it on
unconditionally.

* configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
* .gitignore: Ignore .dirstamp directories.
* src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
new subdir-object location of .lo files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-09 12:04:03 -06:00
Eric Blake
1ac24b3bac build: shut up automake warnings
I'm tired of seeing screenfuls of messages like these when using
automake 1.13 (Fedora 19):

configure.ac:2121: warning: The 'AM_PROG_MKDIR_P' macro is deprecated, and its use is discouraged.
configure.ac:2121: You should use the Autoconf-provided 'AC_PROG_MKDIR_P' macro instead,
configure.ac:2121: and use '$(MKDIR_P)' instead of '$(mkdir_p)'in your Makefile.am files.
daemon/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')

seeing as how we MUST use those constructs for the benefit of
automake 1.9 (RHEL 5).  Conversely, RHEL 5 automake complained:

aclocal:configure.ac:36: warning: macro `AM_SILENT_RULES' not found in library

Obviously, I tested this patch on both Fedora 19 and RHEL 5.

* configure.ac (AM_INIT_AUTOMAKE): Avoid obsoletion warnings.
(AM_SILENT_RULES): Avoid unknown macro warning.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-05 06:50:55 -06:00
Ian Main
9ba230d4f2 Use loop-control to allocate loop device.
This patch changes virFileLoopDeviceOpen() to use the new loop-control
device to allocate a new loop device.  If this behavior is unsupported
we fall back to the previous method of searching /dev for a free device.

With this patch you can start as many image based LXC domains as you
like (well almost).

Fixes bug https://bugzilla.redhat.com/show_bug.cgi?id=995543
2013-09-05 12:31:08 +01:00
Daniel Veillard
85240daba2 Release of libvirt-1.1.2
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: merged new localizations and regenerated
2013-09-02 09:47:37 +08:00
Guido Günther
3e2799add2 Check for --no-copy-dt-needed linker flag
and use it when available
2013-08-22 16:17:36 +02:00
Roman Bogorodskiy
f083ff82ed bridge driver: implement networkEnableIpForwarding for BSD
Implement networkEnableIpForwarding() using BSD style sysctl.
2013-08-21 16:28:19 -06:00
Roman Bogorodskiy
3f0d2ee95b BSD: implement virNetDev(Set|Clear)IPv4Address
Provide an implementation of virNetDev(Set|Clear)IPv4Address based on
BSD ifconfig tool in addition to 'ip' from Linux iproute2 package.
2013-08-21 15:49:40 -06:00
Eric Blake
70363ea9ff build: add configure option to disable gnulib tests
The gnulib testsuite is relatively stable - the only times it is
likely to have a test change from pass to fail is on a gnulib
submodule update or a major system change (such as moving from
Fedora 18 to 19, or other large change to libc).  While it is an
important test for end users on arbitrary machines (to make sure
that the portability glue works for their machine), it mostly
wastes time for development testing (as most developers aren't
making any of the major changes that would cause gnulib tests
to alter behavior).  Thus, it pays to make the tests optional
at configure time, defaulting to off for development, on for
tarballs, with autobuilders requesting it to be on.  It also
helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
(much the way automake sets up V=[01] for overriding the configure
time default of how verbose to be).

Automake has some pretty hard-coded magic with regards to the
TESTS variable; I had quite a job figuring out how to keep
'make distcheck' passing regardless of the configure option
setting in use, while still disabling the tests at runtime
when I did not configure them on and did not use the override
variable.  Thankfully, we require GNU make, which lets me
hide some information from Automake's magic handling of TESTS.

* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
* configure.ac (--enable-expensive-tests): Add new enable switch.
(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
witnesses.
* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
configure settings and the VIR_TEST_EXPENSIVE variable.
* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
to all tests.
* autobuild.sh: Enable all tests during autobuilds.
* libvirt.spec.in (%configure): Likewise.
* mingw-libvirt.spec.in (%mingw_configure): Likewise.
* docs/hacking.html.in: Document the option.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 10:02:38 -06:00
Eric Blake
6094b1ff19 build: avoid -lgcrypt with newer gnutls
https://bugzilla.redhat.com/show_bug.cgi?id=951637

Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization.  Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).

There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html

If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.

* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 09:58:48 -06:00
Eric Blake
70024dc919 build: more workarounds for if_bridge.h
This is a second attempt at fixing the problem first attempted
in commit 2df8d99; basically undoing the fact that it was
reverted in commit 43cee32f, plus fixing two more issues: the
code in configure.ac has to EXACTLY match virnetdevbridge.c
with regards to declaring in6 types before using if_bridge.h,
and the fact that RHEL 5 has even more conflicts:

In file included from util/virnetdevbridge.c:49:
/usr/include/linux/in6.h:47: error: conflicting types for 'in6addr_any'
/usr/include/netinet/in.h:206: error: previous declaration of 'in6addr_any' was here
/usr/include/linux/in6.h:49: error: conflicting types for 'in6addr_loopback'
/usr/include/netinet/in.h:207: error: previous declaration of 'in6addr_loopback' was here

The rest of this commit message borrows from the original try
of 2df8d99:

A fresh checkout on a RHEL 6 machine with these packages:
kernel-headers-2.6.32-405.el6.x86_64
glibc-2.12-1.128.el6.x86_64
failed to configure with this message:
checking for linux/if_bridge.h... no
configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support

Digging in config.log, we see that the problem is identical to
what we fixed earlier in commit d12c2811:

configure:98831: checking for linux/if_bridge.h
configure:98853: gcc -std=gnu99 -c -g -O2  conftest.c >&5
In file included from /usr/include/linux/if_bridge.h:17,
                 from conftest.c:559:
/usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr'
/usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6'
/usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq'
configure:98860: $? = 1

I had not hit it earlier because I was using incremental builds,
where config.cache had shielded me from the kernel-headers breakage.

* configure.ac (if_bridge.h): Avoid conflicting type definitions.
* src/util/virnetdevbridge.c (includes): Also sanitize for RHEL 5.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-09 09:57:24 -06:00
Daniel P. Berrange
43cee32ff5 Revert "build: fix configure detection of if_bridge.h on RHEL 6"
This reverts commit 2df8d99138.

The change breaks configure on any recent Fedora platform
2013-08-07 11:59:38 +01:00
Eric Blake
2df8d99138 build: fix configure detection of if_bridge.h on RHEL 6
A fresh checkout on a RHEL 6 machine with these packages:
kernel-headers-2.6.32-405.el6.x86_64
glibc-2.12-1.128.el6.x86_64
failed to configure with this message:
checking for linux/if_bridge.h... no
configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support

Digging in config.log, we see that the problem is identical to
what we fixed earlier in commit d12c2811:

configure:98831: checking for linux/if_bridge.h
configure:98853: gcc -std=gnu99 -c -g -O2  conftest.c >&5
In file included from /usr/include/linux/if_bridge.h:17,
                 from conftest.c:559:
/usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr'
/usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6'
/usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq'
configure:98860: $? = 1

I had not hit it earlier because I was using incremental builds,
where config.cache had shielded me from the kernel-headers breakage.

* configure.ac (if_bridge.h): Avoid conflicting type definitions.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-06 14:42:34 -06:00
Eric Blake
13c573740b maint: use modern autoconf idioms
Autoconf 2.59 says that AC_OUTPUT with arguments is obsolete,
and we are already using the replacement for some, but not all,
of our output files.

* configure.ac (AC_OUTPUT): Rewrite to use AC_CONFIG_FILES.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-01 07:31:53 -06:00
Daniel P. Berrange
5bb2a245ab Delete obsolete / unused python test files
The python/tests directory contains a number of so called
"tests" for the python API. These are all hardcoded to
look for Xen and cannot be run in any automated fashion,
and no one is ever manually running them. Given that they
don't meaningully contribute to the test coverage, delete
them.

For some reason these tests were also copied into the
filesystem as part of 'make install'. The change to the
RPM in commit 3347a42032
caused a build failure, since it removed the code which
deleted these installed tests.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-30 14:13:58 +01:00
Daniel Veillard
e9b8c9dc80 Release of libvirt-1.1.1
* configure.ac docs/news.html.in: update for the release
* po/*.po*: update localizations and regenerate
2013-07-30 17:38:35 +08:00
Roman Bogorodskiy
7e1208297d Fix link_addr detection
link_addr detection in configure always reports that
link_addr is missing because it uses link_addr(NULL, NULL) in
AC_LINK_IFELSE check with limited set of headers that doesn't
define NULL.

Fix by replacing 'NULL' with just '0'.
2013-07-24 15:31:34 +02:00
Guido Günther
c5d79fb0fc Use AC_LINK_IFELSE
instead of the deprecated AC_TRY_LINK
2013-07-18 23:14:08 +02:00
Guido Günther
77bac48b37 Check for link_addr more thoroughly
Some versions of kFreeBSD (like 9.0) declare link_addr in a header
but lack an implementation. This makes ./configure pass but breaks
compilation later with a

     undefined reference to `link_addr'

Althought that's a bug in the OS header we can detect it easily by also
trying to link.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715320
2013-07-18 17:10:04 +02:00
Eric Blake
ee777e9949 util: make virSetUIDGID async-signal-safe
https://bugzilla.redhat.com/show_bug.cgi?id=964358

POSIX states that multi-threaded apps should not use functions
that are not async-signal-safe between fork and exec, yet we
were using getpwuid_r and initgroups.  Although rare, it is
possible to hit deadlock in the child, when it tries to grab
a mutex that was already held by another thread in the parent.
I actually hit this deadlock when testing multiple domains
being started in parallel with a command hook, with the following
backtrace in the child:

 Thread 1 (Thread 0x7fd56bbf2700 (LWP 3212)):
 #0  __lll_lock_wait ()
     at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
 #1  0x00007fd5761e7388 in _L_lock_854 () from /lib64/libpthread.so.0
 #2  0x00007fd5761e7257 in __pthread_mutex_lock (mutex=0x7fd56be00360)
     at pthread_mutex_lock.c:61
 #3  0x00007fd56bbf9fc5 in _nss_files_getpwuid_r (uid=0, result=0x7fd56bbf0c70,
     buffer=0x7fd55c2a65f0 "", buflen=1024, errnop=0x7fd56bbf25b8)
     at nss_files/files-pwd.c:40
 #4  0x00007fd575aeff1d in __getpwuid_r (uid=0, resbuf=0x7fd56bbf0c70,
     buffer=0x7fd55c2a65f0 "", buflen=1024, result=0x7fd56bbf0cb0)
     at ../nss/getXXbyYY_r.c:253
 #5  0x00007fd578aebafc in virSetUIDGID (uid=0, gid=0) at util/virutil.c:1031
 #6  0x00007fd578aebf43 in virSetUIDGIDWithCaps (uid=0, gid=0, capBits=0,
     clearExistingCaps=true) at util/virutil.c:1388
 #7  0x00007fd578a9a20b in virExec (cmd=0x7fd55c231f10) at util/vircommand.c:654
 #8  0x00007fd578a9dfa2 in virCommandRunAsync (cmd=0x7fd55c231f10, pid=0x0)
     at util/vircommand.c:2247
 #9  0x00007fd578a9d74e in virCommandRun (cmd=0x7fd55c231f10, exitstatus=0x0)
     at util/vircommand.c:2100
 #10 0x00007fd56326fde5 in qemuProcessStart (conn=0x7fd53c000df0,
     driver=0x7fd55c0dc4f0, vm=0x7fd54800b100, migrateFrom=0x0, stdin_fd=-1,
     stdin_path=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
     flags=1) at qemu/qemu_process.c:3694
 ...

The solution is to split the work of getpwuid_r/initgroups into the
unsafe portions (getgrouplist, called pre-fork) and safe portions
(setgroups, called post-fork).

* src/util/virutil.h (virSetUIDGID, virSetUIDGIDWithCaps): Adjust
signature.
* src/util/virutil.c (virSetUIDGID): Add parameters.
(virSetUIDGIDWithCaps): Adjust clients.
* src/util/vircommand.c (virExec): Likewise.
* src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
(virDirCreate): Likewise.
* src/security/security_dac.c (virSecurityDACSetProcessLabel):
Likewise.
* src/lxc/lxc_container.c (lxcContainerSetID): Likewise.
* configure.ac (AC_CHECK_FUNCS_ONCE): Check for setgroups, not
initgroups.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-11 15:46:42 -06:00
Roman Bogorodskiy
8849fc387c Fix bridge routines detection on kFreeBSD
In order to properly detect bridge related definitions such as
BRDGSFD, BRDGADD and BRDGDEL on kFreeBSD we need to include
<stdint.h>.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715321

Reported by Laurent Bigonville.
2013-07-10 13:20:02 +02:00
Daniel Veillard
034d322978 Release of libvirt-1.1.0
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: updated localizations and regenerated
2013-07-01 17:22:49 +08:00
Roman Bogorodskiy
ce2400676d BSD: implement bridge add/remove port and set STP 2013-06-21 10:23:28 +02:00
Cole Robinson
f2eaef3f0e configure: Remove unused brctl check
brctl isn't used anywhere AFAICT
2013-06-12 11:50:06 -04:00
Daniel Veillard
4497ef50dc Release of libvirt 1.0.6
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: pull localization updates and regenerate the po
2013-06-03 12:09:56 +02:00
Eric Blake
7d21d6b697 build: fix build with newer gnutls
Building with gnutls 3.2.0 (such as shipped with current cygwin) fails
with:

rpc/virnettlscontext.c: In function 'virNetTLSSessionGetKeySize':
rpc/virnettlscontext.c:1358:5: error: implicit declaration of function 'gnutls_cipher_get_key_size' [-Wimplicit-function-declaration]

Yeah, it's stupid that gnutls broke API by moving their declaration
into a new header without including that header from the old one,
but it's easy enough to work around, all without breaking on gnutls
1.4.1 (hello RHEL 5) that lacked the new header.

* configure.ac (gnutls): Check for <gnutls/crypto.h>.
* src/rpc/virnettlscontext.c (includes): Include additional header.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-29 08:52:42 -06:00
Eric Blake
de483052a2 maint: follow recommended practice for using LGPL
https://www.gnu.org/licenses/gpl-howto.html states:

You should also include a copy of the license itself somewhere in the
distribution of your program. All programs, whether they are released
under the GPL or LGPL, should include the text version of the GPL. In
GNU programs the license is usually in a file called COPYING.

If you are releasing your program under the LGPL, you should also
include the text version of the LGPL, usually in a file called
COPYING.LESSER. Please note that, since the LGPL is a set of
additional permissions on top of the GPL, it's important to include
both licenses so users have all the materials they need to understand
their rights.

* configure.ac (COPYING): No more games with non-git file.
* COPYING: New file, copied from gnulib.
* COPYING.LIB: Rename...
* COPYING.LESSER: ...to this.
* .gitignore: Track licenses in git.
* cfg.mk (exclude_file_name_regexp--sc_copyright_address): Tweak
rule.
* libvirt.spec.in (daemon, client, python): Reflect rename.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-20 14:15:21 -06:00
Eric Blake
d7f53c7b97 maint: use LGPL correctly
Several files called out COPYING or COPYING.LIB instead of using
the normal boilerplate.  It's especially important that we don't
call out COPYING from an LGPL file, since COPYING is traditionally
used for the GPL.  A few files were lacking copyright altogether.

* src/rpc/gendispatch.pl: Add missing copyright.
* Makefile.nonreentrant: Likewise.
* src/check-symfile.pl: Likewise.
* src/check-symsorting.pl: Likewise.
* src/driver.h: Likewise.
* src/internal.h: Likewise.
* tools/libvirt-guests.sh.in: Likewise.
* tools/virt-pki-validate.in: Mention copyright in comment, not just code.
* tools/virt-sanlock-cleanup.in: Likewise.
* src/rpc/genprotocol.pl: Spell out license terms.
* src/xen/xend_internal.h: Likewise.
* src/xen/xend_internal.c: Likewise.
* Makefile.am: Likewise.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* docs/schemas/Makefile.am: Likewise.
* examples/apparmor/Makefile.am: Likewise.
* examples/domain-events/events-c/Makefile.am: Likewise.
* examples/dominfo/Makefile.am: Likewise.
* examples/domsuspend/Makefile.am: Likewise.
* examples/hellolibvirt/Makefile.am: Likewise.
* examples/openauth/Makefile.am: Likewise.
* examples/python/Makefile.am: Likewise.
* examples/systemtap/Makefile.am: Likewise.
* examples/xml/nwfilter/Makefile.am: Likewise.
* gnulib/lib/Makefile.am: Likewise.
* gnulib/tests/Makefile.am: Likewise.
* include/Makefile.am: Likewise.
* include/libvirt/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* python/tests/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.
* configure.ac: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-20 14:03:48 -06:00
Daniel P. Berrange
421846e4a3 Only pass -export-dynamic to linker, not compiler
Clang does not like the -export-dynamic flag. The compiler does
not need it in the first place, so we can avoid the problem by
only setting it for the linker

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-14 15:00:22 +01:00
Roman Bogorodskiy
bf87b99d72 build: avoid gcrypt deprecation warnings
When combining old gcc (4.2.1) and new gcrypt (1.5.2), such as
when using the Ports repository on FreeBSD, the build fails with:

  CC       libvirt_driver_la-libvirt.lo
cc1: warnings being treated as errors
In file included from libvirt.c:58:
/usr/local/include/gcrypt.h:1336: warning: 'gcry_ac_io_mode_t' is deprecated [-Wdeprecated-declarations]

Relevant part of gcrypt.h:
1333 typedef struct gcry_ac_io
1334 {
1335   /* This is an INTERNAL structure, do NOT use manually.  */
1336   gcry_ac_io_mode_t mode _GCRY_ATTR_INTERNAL;
1337   gcry_ac_io_type_t type _GCRY_ATTR_INTERNAL;
1338   union

The sad part is that we aren't even using the deprecated symbols - their
mere inclusion in the installed header is provoking the problems.  It
looks like newer gcc is a bit more tolerant (that is, this is a
shortcoming of FreeBSD's use of an older compiler).

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-13 16:07:26 -06:00
Roman Bogorodskiy
95934171fb portability: fix virNetDevSetMAC and virNetDevExists on BSD
- provide virNetDevSetMAC() implementation based on SIOCSIFLLADDR
  ioctl.
- adjust virNetDevExists() to check for ENXIO error because
  FreeBSD throws it when device doesn't exist

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-10 11:13:21 -06:00
Daniel Veillard
8e20a23fb6 Release of libvirt-1.0.5
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: pulled and merged a number of new localization updates
2013-05-02 15:04:50 +08:00
Roman Bogorodskiy
5295e35f58 portability: handle ifreq differences in virnetdev
FreeBSD (and maybe other BSDs) have different member
names in struct ifreq when compared to Linux, such as:

 - uses ifr_data instead of ifr_newname for setting
   interface names
 - uses ifr_index instead of ifr_ifindex for interface
   index

Also, add a check for SIOCGIFHWADDR for virNetDevValidateConfig().

Use AF_LOCAL if AF_PACKET is not available.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-04-30 09:42:22 -06:00
Laine Stump
776d49f492 util: new virCommandSetMax(MemLock|Processes|Files)
This patch adds two sets of functions:

1) lower level virProcessSet*() functions that will immediately set
the RLIMIT_MEMLOCK. RLIMIT_NPROC, or RLIMIT_NOFILE of either the
current process (using setrlimit()) or any other process (using
prlimit()). "current process" is indicated by passing a 0 for pid.

2) functions for virCommand* that will setup a virCommand object to
set those limits at a later time just after it has forked a new
process, but before it execs the new program.

configure.ac has prlimit and setrlimit added to the list of functions
to check for, and the low level functions log an "unsupported" error)
on platforms that don't support those functions.
2013-04-26 10:23:46 -04:00
Daniel P. Berrange
1da631ecf3 Add an API for re-mounting cgroups, to isolate the process location
Add a virCgroupIsolateMount method which looks at where the
current process is place in the cgroups (eg /system/demo.lxc.libvirt)
and then remounts the cgroups such that this sub-directory
becomes the root directory from the current process' POV.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:32 +01:00
Daniel P. Berrange
c78a2b13a6 Conditionalize use of symlink() function in test suite
On Win32 symlink() is not available, so virstoragetest.c
must be conditionalized to avoid compile failures.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:30 +01:00
Daniel P. Berrange
fc8c1787d8 Enable full RELRO mode
By passing the flags -z relro -z now to the linker, we can force
it to resolve all library symbols at startup, instead of on-demand.
This allows it to then make the global offset table (GOT) read-only,
which makes some security attacks harder.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 16:19:35 +01:00
Daniel P. Berrange
1150999ca4 Build all binaries with PIE
PIE (position independent executable) adds security to executables
by composing them entirely of position-independent code (PIC. The
.so libraries already build with -fPIC. This adds -fPIE which is
the equivalent to -fPIC, but for executables. This for allows Exec
Shield to use address space layout randomization to prevent attackers
from knowing where existing executable code is during a security
attack using exploits that rely on knowing the offset of the
executable code in the binary, such as return-to-libc attacks.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 16:19:35 +01:00
Daniel P. Berrange
ad42b34b1b Disable static libraries by default
Every source file is currently built twice by libtool, once for
the shared library and once for the static library. Static libs
are not commonly packaged by distros and slow down compilation
time by more than 50% compared to a shared-only build time.

Time for 'make -j 4':

      shared only: 2 mins  9 secs
  shared + static: 3 mins 26 secs

Time for non-parallel make

      shared only: 3 mins 32 secs
  shared + static: 5 mins 41 secs

Those few people who really want them, can pass --enable-static
to configure

Disabling them by default requires use of LT_INIT, but for
compat with RHEL5 we can't rely on that. So we conditionally
use LT_INIT, but fallback to AM_PROG_LIBTOOL if not present.
2013-04-03 11:02:27 +01:00
Daniel Veillard
89d730201f Release of libvirt-1.0.4
- configure.ac docs/news.html.in libvirt.spec.in: updates for the release
- po/*.po*: fetch translation updates from Transifex and regenerate
2013-04-01 10:57:04 +08:00
Daniel Veillard
be1c364d89 Release of libvirt 1.0.3
- configure.ac docs/news.html.in libvirt.spec.in: update for the release
- po/*.po*: merged in transifex updates for fr,hi,pl,ja,uk,it and
  regenerated
2013-03-05 12:00:53 +08:00
Daniel Veillard
4a824cdbc4 Release of libvirt-1.0.2
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: updated localizations
2013-01-30 10:42:05 +01:00
Guido Günther
2cebf84867 Make sure we only abort without libcurl if $with_esx = yes 2013-01-25 22:06:53 +01:00
Eric Blake
1bf661caf4 build: further fixes for broken if_bridge.h
Commit c308a9ae was incomplete; it resolved the configure failure,
but not a later build failure.

* src/util/virnetdevbridge.c: Include pre-req header.
* configure.ac (AC_CHECK_HEADERS): Prefer standard in.h over
non-standard ip6.h.
2013-01-14 21:08:23 -07:00
Daniel P. Berrange
688b3ecfe9 Fix typo LIBCURL_{CFLAGS,LIBS} to CURL_{CFLAGS,LIBS}
Some places missed the conversion from LIBCURL_{CFLAGS,LIBS} to
CURL_{CFLAGS,LIBS}, and a part of curl check was left in
configure.ac instead of m4/virt-curl.m4 by mistake
2013-01-14 17:22:31 +00:00
Eric Blake
c308a9ae15 build: work around broken kernel header
I got this scary warning during ./configure on rawhide:

checking linux/if_bridge.h usability... no
checking linux/if_bridge.h presence... yes
configure: WARNING: linux/if_bridge.h: present but cannot be compiled
configure: WARNING: linux/if_bridge.h:     check for missing prerequisite headers?
configure: WARNING: linux/if_bridge.h: see the Autoconf documentation
configure: WARNING: linux/if_bridge.h:     section "Present But Cannot Be Compiled"
configure: WARNING: linux/if_bridge.h: proceeding with the compiler's result
configure: WARNING:     ## ------------------------------------- ##
configure: WARNING:     ## Report this to libvir-list@redhat.com ##
configure: WARNING:     ## ------------------------------------- ##
checking for linux/if_bridge.h... no

* configure.ac (AC_CHECK_HEADERS): Provide struct in6_addr, since
linux/if_bridge.h uses it without declaring it.
2013-01-14 10:04:09 -07:00
Daniel P. Berrange
3d1596b048 Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.

The actual APIs are

  int virDomainLxcOpenNamespace(virDomainPtr domain,
                                int **fdlist,
                                unsigned int flags);

  int virDomainLxcEnterNamespace(virDomainPtr domain,
                                 unsigned int nfdlist,
                                 int *fdlist,
                                 unsigned int *noldfdlist,
                                 int **oldfdlist,
                                 unsigned int flags);

which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.

NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:58:34 +00:00
Daniel P. Berrange
907a39e735 Add a test suite for validating SELinux labelling
There are many aspects of the guest XML which result in the
SELinux driver applying file labelling. With the increasing
configuration options it is desirable to test this behaviour.
It is not possible to assume that the test suite has the
ability to set SELinux labels. Most filesystems though will
support extended attributes. Thus for the purpose of testing,
it is possible to extend the existing LD_PRELOAD hack to
override setfilecon() and getfilecon() to simply use the
'user.libvirt.selinux' attribute for the sake of testing.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:40:04 +00:00
Daniel P. Berrange
cf7ac00ebd Rename HAVE_POLKIT to WITH_POLKIT 2013-01-14 13:29:55 +00:00
Daniel P. Berrange
14e3d7d2a4 Remove unused XMLRPC_REQUIRED var 2013-01-14 13:29:55 +00:00
Daniel P. Berrange
a99bfb4b5e Convert openwsman check to use LIBVIRT_CHECK_PKG 2013-01-14 13:29:54 +00:00
Daniel P. Berrange
0eec69729d Convert ssh2 check to use LIBVIRT_CHECK_PKG
This converts the libssh2 configure check to use LIBVIRT_CHECK_PKG.
Previously it would check version 1.0 and 1.3, but this simplifies
things to just require version 1.3
2013-01-14 13:29:44 +00:00
Daniel P. Berrange
e1e94f2ed9 Rename HAVE_LIBSSH2 to WITH_SSH2 2013-01-14 13:29:35 +00:00
Daniel P. Berrange
40541c2a6b Convert curl check over to use LIBVIRT_CHECK_PKG 2013-01-14 13:29:34 +00:00
Daniel P. Berrange
d9a2a993dd Rename HAVE_LIBCURL to WITH_CURL 2013-01-14 13:29:19 +00:00
Daniel P. Berrange
e9f4c675e2 Convert fuse check over to use LIBVIRT_CHECK_PKG 2013-01-14 13:29:17 +00:00
Daniel P. Berrange
8c1e9be48f Rename HAVE_FUSE to WITH_FUSE 2013-01-14 13:26:47 +00:00
Daniel P. Berrange
bccd4a8cbc Rename HAVE_GNUTLS to WITH_GNUTLS 2013-01-14 13:26:47 +00:00
Daniel P. Berrange
19e285f1ae Convert blkid check over to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
7db9ac8260 Convert HAVE_LIBBLKID to WITH_BLKID
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
f488ddf4d8 Convert HAL check to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
24120066a4 Convert HAVE_HAL to WITH_HAL
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
04ac20df3f Convert udev/pciaccess checks to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
d3b05abfa9 Convert HAVE_UDEV to WITH_UDEV
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
bae47e4e30 Convert avahi check to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:46 +00:00
Daniel P. Berrange
2de152d20d Convert HAVE_AVAHI to WITH_AVAHI
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:34 +00:00
Daniel P. Berrange
832d140930 Convert DBus check to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:47 +00:00
Daniel P. Berrange
da77f04ed5 Convert HAVE_DBUS to WITH_DBUS
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:47 +00:00
Daniel P. Berrange
e763ad256d Convert netcf check to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:40 +00:00
Daniel P. Berrange
cf6f8811fb Convert cap-ng check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:06 +00:00
Daniel P. Berrange
ef38965c30 Convert HAVE_CAPNG to WITH_CAPNG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:06 +00:00
Daniel P. Berrange
c85e1dd71b Convert numactl checks to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:06 +00:00
Daniel P. Berrange
6f736c83e5 Convert HAVE_NUMACTL to WITH_NUMACTL
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:06 +00:00
Daniel P. Berrange
766ace80d6 Convert apparmor check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:05 +00:00
Daniel P. Berrange
98de5f3e5d Convert selinux check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:24:49 +00:00
Daniel P. Berrange
63f18f3786 Convert HAVE_SELINUX to WITH_SELINUX
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:24:49 +00:00
Daniel P. Berrange
054bbfcbaa Convert audit check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
e424220a0e Convert HAVE_AUDIT to WITH_AUDIT
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
c45fed8a63 Convert sasl check to use LIBVIRT_CHECK_LIB_ALT
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
321a7d53f3 Convert HAVE_SASL to WITH_SASL
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
a38dbf6673 Convert sanlock check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
4da3000c66 Convert HAVE_SANLOCK to WITH_SANLOCK
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
654c709baa Convert yajl check to use LIBVIRT_CHECK_LIB_ALT
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
49a1c16027 Convert HAVE_YAJL into WITH_YAJL
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:22 +00:00
Eric Blake
daa886b635 maint: don't distribute generated .def files
I ran 'make dist' in the directory left over from ./autobuild.sh
(which was configured for a mingw cross build); the resulting
tarball had more files than 'make dist' on a normal Linux build.
I traced it to the fact that we were distributing a generated
file, but only when configure said the end user had to generate
the file in the first place.  In the process, I noticed that
we had some difference in symbol file names; I added a comment
explaining why the difference exists (after first trying to
normalize the names and hitting VPATH build failures).

* configure.ac (LIBVIRT_QEMU_SYMBOL_FILE): Add some comments.
* src/Makefile.am (EXTRA_DIST): No need to ship a generated file;
particularly since which file is built depends on configure results.
2013-01-10 15:29:27 -07:00
Daniel P. Berrange
f587c27768 Make TLS support conditional
Add checks for existence of GNUTLS and automatically disable
it if not found.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 20:57:31 +00:00
Daniel P. Berrange
5f669ea976 Add internal APIs for dealing with namespaces
Add some APIs for acquiring namespace file descriptors and
switching namespaces

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 09:21:08 +00:00
Jim Fehlig
68e7bc4561 build: Add libxenctrl to LIBXL_LIBS
Commit dfa1e1dd removed libxenctrl from LIBXL_LIBS, but the libxl
driver uses a symbol from this library.  Explicitly link with
libxenctrl instead of relying on the build system to support
implicit DSO linking.
2013-01-07 10:15:56 -07:00
John Eckersberg
3c971c675a conf: Rename console-specific identifiers to be more generic
The functionality provided in virchrdev.c (previously virconsole.c) is
applicable to other types of character devices besides consoles, such
as channels.  This patch is just code motion, renaming things such as
"console" or "pty", instead using more general terms such as
"character device" or "device path".
2013-01-04 17:43:21 -07:00
Eric Blake
83aca30f1e build: use autobuild module to make build logs nicer
A recent build failure made me realize that we could usefully add
a bit more information to configure output, for aid in analysis of
failed builds.  Pulling in the autobuild module merely adds these
four lines to configure output:

configure: autobuild project... libvirt
configure: autobuild revision... v1.0.1-113-g7a74eea
configure: autobuild hostname... myhost
configure: autobuild timestamp... 20130102T233543Z

which can be useful even if not using the Autobuild project to parse
build logs.

* bootstrap.conf (gnulib_modules): Add autobuild.
* configure.ac: Favor git version over release version, when available.
2013-01-02 16:43:58 -07:00
Eric Blake
6e148567fd build: make broken -Wlogical-op test be gcc-only
Commit 8b8fcdea introduced a check for broken gcc -Wlogical-op,
but did not guard the check against non-gcc compilers, which might
lead to spurious failures when another compiler encounters an
unknown pragma.  Additionally, all of our compiler warning logic
should belong in a single file, and use cache variables to allow
overriding the decision at configure time if necessary.

* configure.ac (BROKEN_GCC_WLOGICALOP): Move...
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): ...here,
and update to modern autoconf idioms.
2012-12-19 12:21:09 -07:00
Viktor Mihajlovski
8b8fcdea6e build: Check for broken GCC -Wlogical-op in configure
Some older versions of GCC report a false positive on code like
  char * haystack, needle;
  strchr(haystack, needle);

Added an extra check in configure.ac which will
  #define BROKEN_GCC_WLOGICALOP 1
in this case, allowing to special handle "offending" code.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-12-17 17:36:56 +00:00
Daniel Veillard
34ca568497 Release of libvirt-1.0.1
- configure.ac docs/news.html.in: update for the release
- po/*.po: updated from transifex
2012-12-17 11:36:37 +08:00
Roman Bogorodskiy
0c94357f9d Socket identity support for FreeBSD.
This adds an implementation of virNetSocketGetUNIXIdentity()
using LOCAL_PEERCRED socket option and xucred struct, defined
in <sys/ucred.h> on systems that have it.
2012-12-14 11:49:31 -07:00
Guido Günther
238dba0f9c Require SANLK_INQ_WAIT for inq_lockspace support
since compilation breaks otherwise with older libsanlock.
2012-12-14 18:03:49 +01:00
Roman Bogorodskiy
9a2f36ec04 Qemu FreeBSD: fix compilation
* Autotools changes:
  - Don't assume Qemu is Linux-only
  - Check Linux headers only on Linux
  - Disable firewalld on FreeBSD
* Initctl:
  Initctl seem to present only on Linux, so stub it on other platforms
* Raw I/O: Linux-only as well
* Headers cleanup
2012-12-12 11:59:53 -07:00
Jim Fehlig
dfa1e1dd53 Convert libxl driver to Xen 4.2
Based on a patch originally authored by Daniel De Graaf

  http://lists.xen.org/archives/html/xen-devel/2012-05/msg00565.html

This patch converts the Xen libxl driver to support only Xen >= 4.2.
Support for Xen 4.1 libxl is dropped since that version of libxl is
designated 'technology preview' only and is incompatible with Xen 4.2
libxl.  Additionally, the default toolstack in Xen 4.1 is still xend,
for which libvirt has a stable, functional driver.
2012-12-06 16:15:54 -07:00
Gao feng
b6c37e5fb5 Add a configure option for fuse support in LXC driver
Add a configure option --with-fuse to prepare introduction
of fuse support for libvirt lxc.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2012-11-28 10:28:49 +00:00
Michal Privoznik
96a02703da sanlock: Retry after EINPROGRESS
It may take some time for sanlock to add a lockspace. And if user
restart libvirtd service meanwhile, the fresh daemon can fail adding
the same lockspace with EINPROGRESS. Recent sanlock has
sanlock_inq_lockspace() function which should block until lockspace
changes state. If we are building against older sanlock we should
retry a few times before claiming an error. This issue can be easily
reproduced:

for i in {1..1000} ; do echo $i; service libvirtd restart; sleep 2; done
20
Stopping libvirtd daemon:                                  [FAILED]
Starting libvirtd daemon:                                  [  OK  ]
21
Stopping libvirtd daemon:                                  [  OK  ]
Starting libvirtd daemon:                                  [  OK  ]
22
Stopping libvirtd daemon:                                  [  OK  ]
Starting libvirtd daemon:                                  [  OK  ]

 error : virLockManagerSanlockSetupLockspace:334 : Unable to add
 lockspace /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__: Operation now in
 progress
2012-11-16 08:00:11 +01:00
Daniel Veillard
2b435c153e Release of libvirt-1.0.0
* configure.ac docs/news.html.in libvirt.spec.in: update for the new release
* po/*.po*: update from transifex, a lot of added support e.g. Indian
  languages, and regenerate
2012-11-02 12:08:11 +08:00
Christophe Fergeau
662f8a2ab3 Fix disabling of apparmor/selinux security drivers
When using --without-$name --without-secdriver-$name with $name being
selinux or apparmor, configure will fail saying that AppArmor/SELinux
development package must be installed.
This is caused by a small bug in --with-secdriver-$name handling in
configure.ac which treats --without-secdriver-$name when $name as if the
user had requested to enable $name when $name couldn't be detected on
the system.

This commit also makes sure the detection checks for disabled
secdrivers do not needlessly get run, especially as this could
cause an error as well in --with-$name --without-secdriver-$name
situations.
2012-10-23 08:56:03 +02:00
Jiri Denemark
5ce6d95eed locking: Fix build with sanlock < 2.4
libvirt started using sanlock_killpath to implement on_lockfailure
action. Since sanlock_killpath was introduced in sanlock 2.4, libvirt
fails to build with older sanlock.
2012-10-16 21:32:05 +02:00
Martin Kletzander
9674f2c637 selinux: Use raw contexts
We are currently able to work only with non-translated SELinux
contexts, but we are using functions that work with translated
contexts throughout the code.  This patch swaps all SELinux context
translation relative calls with their raw sisters to avoid parsing
problems.

The problems can be experienced with mcstrans for example.  The
difference is that if you have translations enabled (yum install
mcstrans; service mcstrans start), fgetfilecon_raw() will get you
something like 'system_u:object_r:virt_image_t:s0', whereas
fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow'
that we cannot parse.

I was trying to confirm that the _raw variants were here since the dawn of
time, but the only thing I see now is that it was imported together in
the upstream repo [1] from svn, so before 2008.

Thanks Laurent Bigonville for finding this out.

[1] http://oss.tresys.com/git/selinux.git
2012-10-12 17:54:09 +02:00
Ján Tomko
149c87b49d Various typos and misspellings 2012-10-12 00:03:43 +02:00
Doug Goldstein
5a33366f5c interface: add udev based backend for virInterface
Add a read-only udev based backend for virInterface. Useful for distros
that do not have netcf support yet. Multiple libvirt based utilities use
a HAL based fallback when virInterface is not available which is less
than ideal. This implements:
* virConnectNumOfInterfaces()
* virConnectListInterfaces()
* virConnectNumOfDefinedInterfaces()
* virConnectListDefinedInterfaces()
* virConnectListAllInterfaces()
* virConnectInterfaceLookupByName()
* virConnectInterfaceLookupByMACString()
2012-10-09 09:39:43 -06:00
Matthias Bolte
458c499841 Call curl_global_init from virInitialize to avoid thread-safety issues
curl_global_init is not thread-safe. curl_easy_init might call
curl_global_init when it was no called before. But curl_easy_init
can be called from different threads by the ESX driver. Therefore,
call curl_global_init from virInitialize to stop curl_easy_init from
calling it.

Reported by Benjamin Wang.
2012-10-08 21:27:58 +02:00
Alexander Larsson
53d5ad94c0 Fix typo in HAVE_DBUS automake conditional
The variable that is set in the script is with_dbus, not have_dbus.
2012-10-08 10:33:48 -06:00
Eric Blake
cd1e8d1c47 build: avoid journald on rhel 5
Commit f6430390 broke builds on RHEL 5, where glibc (2.5) is too
old to support mkostemp (2.7) or htole64 (2.9).  While gnulib
has mkostemp, it still lacks htole64; and it's not worth dragging
in replacements on systems where journald is unlikely to exist
in the first place, so we just use an extra configure-time check
as our witness of whether to attempt compiling the code.

* src/util/logging.c (virLogParseOutputs): Don't attempt to
compile journald on older glibc.
* configure.ac (AC_CHECK_DECLS): Check for htole64.
2012-10-01 17:33:25 -06:00
Daniel J Walsh
aa696e1846 build: default selinuxfs mount point to /sys/fs/selinux
Currently if you build on a machine that does not support SELinux we end up
with the default mount point being /selinux, since this is moved to
/sys/fs/selinux, we should start defaulting there.

I believe this is causing a bug in libvirt-lxc when /selinux does not exists,
even though /sys/fs/selinux exists.
2012-09-28 13:50:06 -06:00
Jim Fehlig
416eca189b Fix compilation of legacy xen driver with Xen 4.2
In Xen 4.2, xs.h is deprecated in favor of xenstore.h.  xs.h now
contains

#warning xs.h is deprecated use xenstore.h instead
#include <xenstore.h>

which fails compilation when warnings are treated as errors.

Introduce a configure-time check for xenstore.h and if found,
use it instead of xs.h.
2012-09-27 10:27:33 -06:00
Christophe Fergeau
f6c2951566 build: fix detection of netcf linked with libnl1
Commit 9298bfbcb introduced code to detect if netcf is linked with
libnl1, and to prefer libnl1 over libnl3 when this is the case.
This behaviour can be disabled by setting LIBNL_CFLAGS to any value,
including the empty string.
However, configure.ac sets LIBNL_CFLAGS to "" before attempting
libnl detection, so the libnl1 detection code is always disabled.
This caused issues on my f17 system where netcf is linked with libnl1
but libvirt got built with libnl3.

This commit removes the setting of the LIBNL_* variables to "" as
this does not appear to be needed. After this change, libnl1 is
used when building libvirt on my f17 system.
2012-09-25 11:07:43 +02:00
Daniel Veillard
f8fbeb50d5 Release of libvirt-0.10.2
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: update from transifex and regenerate
2012-09-24 12:46:37 +08:00
Doug Goldstein
b95ad92e05 build: define WITH_INTERFACE for the driver
Based exclusively on work by Eric Blake in a patch posted with the same
subject. However some modifications related to comments and my plans to
add another backend.

Added WITH_INTERFACE as the only automake variable deciding whether to
build the driver and using WITH_NETCF to identify that we're wanting to
use the netcf library as the backend.

* configure.ac: Added with_interface
* src/interface/netcf_driver.c: Renamed..
* src/interface/interface_backend_netcf.c: ..to this to match storage.
* src/interface/netcf_driver.h: Renamed..
* src/interface/interface_driver.h: ..to this.
* daemon/Makefile.am: Respect WITH_INTERFACE and WITH_NETCF.
* libvirt.spec.in: Add RPM support for --with-interface
2012-09-19 08:27:01 -06:00
Richard W.M. Jones
5090c576e3 Add a ./run script for running programs from the local directory.
With this script you can run libvirt programs without needing to
install them first.  You just have to do for example:

  ./run ./tools/virsh [args ...]

If you are already in the tools/ subdirectory, then the following
command will also work:

  ../run ./virsh [...]

You can also run the C programs under valgrind like this:

  ./run valgrind [valgrind opts...] ./program

or under gdb:

  ./run gdb --args ./program

This also works with sudo (eg. if you need root access for libvirt):

  sudo ./run ./tools/virsh list --all

Derived from libguestfs and simplified.  The ./run script in
libguestfs is much more sophisticated:

https://github.com/libguestfs/libguestfs/blob/master/run.in
2012-09-18 10:59:16 +01:00
Guido Günther
615851dd19 Look in Debian's multiarch libs too
so we don't fail when libnetcf is built as multiarch lib.
2012-09-13 22:42:35 +02:00
Eric Blake
67936d1301 build: don't fail if libnl-3 is not found
Commit 9298bfb changed configure to split the libnl into two
separate pkg config checks instead of nesting the second check
on the failure path of the first.  But the default pkg config
behavior is to abort configure if a check fails.  Since we have
a second check lined up, we need an explicit failure case that
does not abort if the first check fails.

Meanwhile, commit 51b708c is reverted.  It did not fix any
behavior, and in fact, introduced a regression to the fallback
case when the user explicitly sets $LIBNL_CFLAGS.

* configure.ac: Don't abort if libnl-3 is not found.
2012-09-13 10:53:57 -06:00
Osier Yang
51b708c63e build: Fix typo which causes build failure
Pushed under build-breaker rule.
2012-09-13 12:44:19 +08:00
Eric Blake
9298bfbcb4 build: force libnl1 if netcf also used libnl1
Recent spec file changes ensure that in distro situations, netcf
and libvirt will link against the same libnl in order to avoid
dumping core.  But for every-day development, if you use F17 and
have the libnl3-devel headers available, libvirt was blindly
linking against libnl3 even though F17 netcf still links against
libnl1, making testing a self-built binary on F17 impossible.

By making configure a little bit smarter, we can avoid this
situation - we merely skip the probe of libnl-3 if we can prove
that netcf is still using libnl-1.  I intentionally wrote the
test so that we still favor libnl-3 if netcf is not installed or
if we couldn't use ldd to determine things.

Defaults being what they are, someone will invariably complain
that our smarts were wrong.  Never fear - in that case, just run
./configure LIBNL_CFLAGS=..., where the fact that you set
LIBNL_CFLAGS (even to the empty string) will go back to probing
for libnl-3, regardless of netcf's choice.

* configure.ac (LIBNL): Don't probe libnl3 if netcf doesn't use it.
2012-09-12 15:32:28 -06:00
Eric Blake
ccaf0beec8 build: improved handling of <execinfo.h>, BSD <net/if.h>
FreeBSD and OpenBSD have a <net/if.h> that is not self-contained;
and mingw lacks the header altogether.  But gnulib has just taken
care of that for us, so we might as well simplify our code.  In
the process, I got a syntax-check failure if we don't also take
the gnulib execinfo module.

* .gnulib: Update to latest, for execinfo and net_if.
* bootstrap.conf (gnulib_modules): Add execinfo and net_if modules.
* configure.ac: Let gnulib check for headers.  Simplify check for
'struct ifreq', while also including enough prereq headers.
* src/internal.h (IF_NAMESIZE): Drop, now that gnulib guarantees it.
* src/nwfilter/nwfilter_learnipaddr.h: Use correct header for
IF_NAMESIZE.
* src/util/virnetdev.c (includes): Assume <net/if.h> exists.
* src/util/virnetdevbridge.c (includes): Likewise.
* src/util/virnetdevtap.c (includes): Likewise.
* src/util/logging.c (includes): Assume <execinfo.h> exists.
(virLogStackTraceToFd): Handle gnulib's fallback implementation.
2012-09-06 10:08:47 -06:00
Eric Blake
d74e5a4dfc build: use correct libraries for clock_gettime
On OpenBSD, clock_gettime() exists in libc rather than librt, and
blindly linking with -lrt made the build fail.  Gnulib already
did the work for determining which libraries to use, so we should
reuse that work rather than doing it ourselves.

* bootstrap.conf (gnulib_modules): Pull in clock-time.
* configure.ac (RT_LIBS): Drop.
* src/Makefile.am (libvirt_util_la_LIBADD): Use gnulib variable
instead.
* src/util/virtime.c (includes): Simplify.
2012-09-04 10:57:25 -06:00
Daniel Veillard
383a41657f Release of libvirt-0.10.1
* configure.ac docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: pulled localization updates for sp,ja,mr,pa,uk,zh_CN,zh_TW
  and regenerated
2012-08-31 20:41:06 +08:00
Daniel Veillard
6540efa40d Release of libvirt-0.10.0
* configure.ac docs/news.html.in libvirt.spec.in: updates for the release
* po/*.po*: update localizations for zh_CN, uk, ja, pt_BR, as, sp, mr, zh_TW
2012-08-29 12:00:36 +08:00
Eric Blake
77de1f3573 build: work with older RHEL 5 kernel
We already skip out on building the LXC under RHEL 5, because the
kernel is too old (commits 4c18acf, 2dee896); but commit 9612e4b
moved some LXC-only code into common files, resulting in this
build failure:

util/virfile.c: In function 'virFileLoopDeviceAssociate':
util/virfile.c:580: error: 'LO_FLAGS_AUTOCLEAR' undeclared (first use in this function)

Unfortunately, the kernel folks only made it an enum, rather than
also a #define, so we have to modify configure.ac to record when
it is usable.

* configure.ac (with_lxc): Mark when LO_FLAGS_AUTOCLEAR was found.
* src/util/virfile.c (virFileLoopDeviceAssociate): Avoid
compilation when kernel is too old.
2012-08-21 12:07:00 -06:00
Thomas Woerner
bf156385a0 network: use firewalld instead of iptables, when available
* configure.ac, spec file: firewalld defaults to enabled if dbus is
  available, otherwise is disabled. If --with_firewalld is explicitly
  requested and dbus is not available, configure will fail.

* bridge_driver: add dbus filters to get the FirewallD1.Reloaded
  signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1.
  When these are encountered, reload all the iptables reuls of all
  libvirt's virtual networks (similar to what happens when libvirtd is
  restarted).

* iptables, ebtables: use firewall-cmd's direct passthrough interface
  when available, otherwise use iptables and ebtables commands. This
  decision is made once the first time libvirt calls
  iptables/ebtables, and that decision is maintained for the life of
  libvirtd.

* Note that the nwfilter part of this patch was separated out into
  another patch by Stefan in V2, so that needs to be revised and
  re-reviewed as well.

================

All the configure.ac and specfile changes are unchanged from Thomas'
V3.

V3 re-ran "firewall-cmd --state" every time a new rule was added,
which was extremely inefficient.  V4 uses VIR_ONCE_GLOBAL_INIT to set
up a one-time initialization function.

The VIR_ONCE_GLOBAL_INIT(x) macro references a static function called
vir(Ip|Eb)OnceInit(), which will then be called the first time that
the static function vir(Ip|Eb)TablesInitialize() is called (that
function is defined for you by the macro). This is
thread-safe, so there is no chance of any race.

IMPORTANT NOTE: I've left the VIR_DEBUG messages in these two init
functions (one for iptables, on for ebtables) as VIR_WARN so that I
don't have to turn on all the other debug message just to see
these. Even if this patch doesn't need any other modification, those
messages need to be changed to VIR_DEBUG before pushing.

This one-time initialization works well. However, I've encountered
problems with testing:

1) Whenever I have enabled the firewalld service, *all* attempts to
call firewall-cmd from within libvirtd end with firewall-cmd hanging
internally somewhere. This is *not* the case if firewall-cmd returns
non-0 in response to "firewall-cmd --state" (i.e. *that* command runs
and returns to libvirt successfully.)

2) If I start libvirtd while firewalld is stopped, then start
firewalld later, this triggers libvirtd to reload its iptables rules,
however it also spits out a *ton* of complaints about deletion failing
(I suppose because firewalld has nuked all of libvirt's rules). I
guess we need to suppress those messages (which is a more annoying
problem to fix than you might think, but that's another story).

3) I noticed a few times during this long line of errors that
firewalld made a complaint about "Resource Temporarily
unavailable. Having libvirtd access iptables commands directly at the
same time as firewalld is doing so is apparently problematic.

4) In general, I'm concerned about the "set it once and never change
it" method - if firewalld is disabled at libvirtd startup, causing
libvirtd to always use iptables/ebtables directly, this won't cause
*terrible* problems, but if libvirtd decides to use firewall-cmd and
firewalld is later disabled, libvirtd will not be able to recover.
2012-08-21 13:40:58 -04:00
Peter Krempa
1193fc5f44 libssh2_transport: add main libssh2 transport implementation
This patch adds helper functions that enable us to use libssh2 in
conjunction with libvirt's virNetSockets for ssh transport instead of
spawning "ssh" client process.

This implemetation supports tunneled plaintext, keyboard-interactive,
private key, ssh agent based and null authentication. Libvirt's Auth
callback is used for interaction with the user. (Keyboard interactive
authentication, adding of host keys, private key passphrases). This
enables seamless integration into the application using libvirt. No
helpers as "ssh-askpass" are needed.

Reading and writing of OpenSSH style "known_hosts" files is supported.

Communication is done using SSH exec channel, where the user may specify
arbitrary command to be executed on the remote side and reads and writes
to/from stdin/out are sent through the ssh channel. Usage of stderr is
not (yet) supported.
2012-08-21 14:47:09 +02:00
Eric Blake
ba9c38b430 build: fix build with autoconf 2.59
Commit 350583c8 broke development on a RHEL 5 box, where the
ancient Autoconf 2.59 lacks AS_VERSION_STRING.  Rather than
backport the complex awk script that newer autoconf uses for
true strverscmp comparisons from the shell, it was easier to
just open-code a shell case statement.

* configure.ac (qemu_version): Open-code a replacement for
AS_VERSION_CHECK.
2012-08-21 00:29:49 -06:00
Daniel P. Berrange
3b0cd660ef Fix timebomb in LIBVIRT_VERSION_INFO calculation
The way LIBVIRT_VERSION_INFO is calculated has a timebomb that
will cause us to accidentally break soname when we change the
major version number to a non-zero value !

Given CURRENT:REVISION:AGE, libtool will generate

   libvirt.so.($CURRENT-$AGE).$AGE.$REVISION

We set CURRENT to be MAJOR+MINOR and AGE to $MINOR, so as
soon as MAJOR changes to non-zero, we get libvirt.so.1
as the soname, eg  1.3.9 would create libvirt.so.1.3.9
Looks natural but is not ABI compatible with libvirt.so.0.x.y

The fix is to set CURRENT to always be exactly the same
as AGE. We want to have the major version reflected in
the so symlinks though. So then we set AGE to MAJOR*1000+MINOR
eg, so 1.3.9 would create libvirt.so.0.1003.9 and libvirt
2.51.3 would create libvirt.so.0.2051.3
2012-08-14 10:59:02 +01:00
Martin Kletzander
43bfa23e6f json: fix interface locale dependency
libvirt creates invalid commands if wrong locale is selected. For
example with locale that uses comma as a decimal point, JSON commands
created with decimal numbers are invalid because comma separates the
entries in JSON. Fortunately even when decimal point is affected,
thousands grouping is not, because for grouping to be enabled with
*printf, there has to be an apostrophe flag specified (and supported).

This patch adds specific internal function for converting doubles to
strings with C locale.
2012-08-14 07:30:14 +02:00
Eric Blake
1f6f723ce1 build: add stubs so mdns code can be unconditionally compiled
The recent changes to the testsuite to validate exported symbols
flushed out a case of unconditionally exporting symbols that
were only conditionally compiled under HAVE_AVAHI.

* src/Makefile.am (libvirt_net_rpc_server_la_SOURCES): Compile
virnetservermdns unconditionally.
* configure.ac (HAVE_AVAHI): Drop unused automake conditional.
* src/rpc/virnetservermdns.c: Add fallbacks when Avahi is not
present.
2012-08-02 13:35:21 -06:00
Daniel P. Berrange
7a054e99e2 Avoid clash of base64 symbols
On Debian/Ubuntu, one of the libraries libvirt (indirectly) links
with exports a symbol named 'base64_encode'. This takes precedence
over GNULIB's base64_encode function during linking. Unfortunately
they of course have different API semantics. To avoid this problem
use a few #defines in config.h to rename the GNULIB provided
function to have a 'libvirt_gl_' prefix
2012-08-02 14:22:47 +01:00