1093 Commits

Author SHA1 Message Date
Daniel P. Berrange
062ad8b2be Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 3e2f27e13b94f7302ad948bcacb5e02c859a25fc)
2013-10-21 14:19:05 +01:00
Daniel P. Berrange
6fc87e07a2 Close all non-stdio FDs in virt-login-shell (CVE-2013-4400)
We don't want to inherit any FDs in the new namespace
except for the stdio FDs. Explicitly close them all,
just in case some do not have the close-on-exec flag
set.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit b7fcc799ad5d8f3e55b89b94e599903e3c092467)
2013-10-21 14:18:59 +01:00
Hongwei Bi
0c500a4f2e virsh-volume: Add missing check when calling virStreamNew
Check return value of virStreamNew when called by cmdVolUpload and
cmdVolDownload.
2013-09-30 15:00:07 +02:00
Hongwei Bi
7db19ff9ab virsh-domain: Free dom before return false in cmdDump 2013-09-30 14:54:30 +02:00
Eric Blake
8771b947db build: fix build --without-lxc
'make distcheck' fails from a directory configured --without-lxc:

  GEN      virt-login-shell.1
Can't write-open ../../tools/virt-login-shell.1: Permission denied at /usr/bin/pod2man line 69.

* tools/Makefile.am (EXTRA_DIST): Ship pre-built man page.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-27 21:28:01 -06:00
Christophe Fergeau
9976c4b9a6 virsh: Fix domdisplay when domain only uses TLS
It's possible to create a domain which will only use a TLS port
and will not have a non-TLS port set by using:
<graphics type='spice' autoport='yes' defaultMode='secure'/>
In such a setup, the 'graphics' node for the running domain will be:
<graphics type='spice' tlsPort='5900'
          autoport='yes' listen='127.0.0.1'
          defaultMode='secure'>

However, cmdDomDisplay loops over all the 'graphics' node, and it
ignores nodes which don't have a 'port' attribute. This means
'virsh domdisplay' will only return an empty string for domains
as the one above.

This commit looks for both 'port' and 'tlsPort' before deciding
to ignore a graphics node. It also makes sure 'port' is not printed
when it's not set.
This makes 'virsh domdisplay' return
'spice://127.0.0.1?tls-port=5900' for domains using only a TLS
port.

Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2013-09-27 17:40:11 +02:00
Hongwei Bi
b80fff1444 virsh-domain: Add a missing check and fix leak in cmdScreenshot
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-25 09:34:24 -06:00
Giuseppe Scrivano
ea45b23cfc virsh: add function to get the CPU models for an arch
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 16:42:10 -06:00
Simone Gotti
fe64499dd1 virsh: add missing "async" option in opts_block_commit
After commit 8aecd351266a66efa59b7f7be77bf66693d99ce0 it'll detect
that a required option is not defined and it will assert and exit with:

virsh.c:1364: vshCommandOpt: Assertion `valid->name' failed.

Problem has been latent since commit ed23b106.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-19 12:14:03 -06:00
Tomas Meszaros
ffb7ccaa70 virsh: Add vshCompleter to each option
completer and completer_flags added to the _vshCmdOptDef
structure so it will be possible for completion generators to
conveniently call option completer functions with desired flags.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-17 17:47:33 -06:00
Peter Krempa
6bf4c77984 virsh: Don't shadow global variable "remove" in cmdMetadata
Some systems apparently have a global variable/function called remove
and thus break compilation of virsh-domain.c. Rename the variable to
avoid this.

Reported by GuanQiang.
2013-09-17 13:57:32 +02:00
Peter Krempa
01b03f59e7 virsh-domain: Add command to allow modifications of XML metadata
The metadata modification functions will support modification of the XML
metadata. Add a virsh command to allow using this approach.
2013-09-17 09:42:49 +02:00
Peter Krempa
3df33d7ad5 virsh-domain: use virXMLNodeToString instead of xmlNodeDump 2013-09-17 09:42:49 +02:00
Peter Krempa
cb356928a6 virsh-domain: Line up signal names array
Line up the array so that the grid is visible.
2013-09-17 09:42:49 +02:00
Peter Krempa
626d4dfc2e virsh-domain: Remove spurious ATTRIBUTE_UNUSED from cmdDesc
The "cmd" variable is actually used so remove the attribute.
2013-09-17 09:42:49 +02:00
Hongwei Bi
0925ad4e28 virsh: Fix a wrong check in cmdEcho()
What should be checked here is xmlbuf rather than buf.
2013-09-17 09:15:18 +02:00
yangdongsheng
6c038ee330 virsh: move command maxvcpus from domain group to host group.
Since the maxvcpus command query the maximum number of virtual
CPUs supported for a guest VM on this connection, it should be
in virsh-host.c but not virsh-domain.c.

Signed-off-by: yangdongsheng <yangds.fnst@cn.fujitsu.com>
2013-09-15 22:39:41 -05:00
Alex Jia
4583ccbcf7 tools: add missing 'interface' type and update man page
Signed-off-by: Alex Jia <ajia@redhat.com>
2013-09-13 14:57:52 +02:00
Jiri Denemark
f084caae7c virsh domjobinfo: Do not return 1 if job is NONE
https://bugzilla.redhat.com/show_bug.cgi?id=1006864

Commit 38ab1225 changed the default value of ret from true to false but
forgot to set ret = true when job is NONE. Thus, virsh domjobinfo
returned 1 when there was no job running for a domain but it used to
(and should) return 0 in this case.
2013-09-12 11:31:49 +02:00
Alex Jia
55fbbd4911 Docs: fix a typo in virt-login-shell.pod
Signed-off-by: Alex Jia <ajia@redhat.com>
2013-09-06 11:05:56 +08:00
Daniel P. Berrange
bbcdd9b5dc Stop free'ing 'const char *' strings
The VIR_FREE() macro will cast away any const-ness. This masked a
number of places where we passed a 'const char *' string to
VIR_FREE. Fortunately in all of these cases, the variable was not
in fact const data, but a heap allocated string. Fix all the
variable declarations to reflect this.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-05 11:28:01 +01:00
Eric Blake
7e1cbd14bb virsh: fix build on mingw, which lacks termios stuff
Recent patches to fix handling of Ctrl-C when interacting with
ssh are not portable to mingw, which lacks termios handling.
The simplest solution is to just compile that code out, and
if someone ever appears that has a serious interest in getting
virsh fully functional even with ssh connections, they can
provide patches at that time.

* tools/virsh.h (_vshControl): Make termattr conditional.
* tools/virsh.c (vshTTYIsInterruptCharacter)
(vshTTYDisableInterrupt, vshTTYRestore, cfmakeraw, vshTTYMakeRaw)
(main): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-04 16:00:36 -06:00
Eric Blake
ec81852f46 build: enforce makefile conditional style
Automake has builtin support to prevent botched conditional nesting,
but only if you use:
if FOO
else !FOO
endif !FOO

An example error message when using the wrong name:

daemon/Makefile.am:378: error: else reminder (LIBVIRT_INIT_SCRIPT_SYSTEMD_TRUE) incompatible with current conditional: LIBVIRT_INIT_SCRIPT_SYSTEMD_FALSE
daemon/Makefile.am:381: error: endif reminder (LIBVIRT_INIT_SCRIPT_SYSTEMD_TRUE) incompatible with current conditional: LIBVIRT_INIT_SCRIPT_SYSTEMD_FALSE

As our makefiles tend to have quite a bit of nested conditionals,
it's better to take advantage of the benefits of the build system
double-checking that our conditionals are well-nested, but that
requires a syntax check to enforce our usage style.

Alas, unlike C preprocessor and spec files, we can't use indentation
to make it easier to see how deeply nesting goes.

* cfg.mk (sc_makefile_conditionals): New rule.
* daemon/Makefile.am: Enforce the style.
* gnulib/tests/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-04 09:40:20 -06:00
Peter Krempa
3e29c77a26 virsh-console: Avoid using signal() in multithreaded application
Man page for signal states:

 "The effects of signal() in a multithreaded process are unspecified."

Switch signal() to sigaction in virsh console code.
2013-09-03 14:06:11 +02:00
Peter Krempa
02eaf1821c virsh: Rename vshMakeStdinRaw to vshTTYMakeRaw and move it to virsh.c
Move the function to virsh.c to the rest of the TTY managing functions
and change the code so that it mirrors the rest.
2013-09-03 14:06:11 +02:00
Peter Krempa
40f1d18fea tools: rename console.[ch] to virsh-console.[ch] and fix coding style 2013-09-03 14:06:11 +02:00
Peter Krempa
b46c4787dd virsh-domain: Avoid killing ssh transport tunnels when cancelling job
The vshWatchJob function registers a SIGINT handler that is used to
abort the active job and does not terminate virsh. Unfortunately, this
breaks when using the ssh transport as SIGINT is sent to the foreground
process group including the ssh transport processes which terminate.
This breaks the connection and migration is left in a insane state.

With this patch the terminal is modified to ignore key binding that
sends SIGINT and does the handling manually.

Resoves: https://bugzilla.redhat.com/show_bug.cgi?id=983348
2013-09-03 09:55:27 +02:00
Peter Krempa
ebef689363 virsh: Remember terminal state when starting and add helpers
This patch adds instrumentation to allow modification of config of the
terminal in virsh and successful reset of the state afterwards.

The added helpers allow to disable receiving of SIGINT when pressing the
key sequence (Ctrl+C usualy). This normally sends SIGINT to the
foreground process group which kills ssh processes used for transport of
the data.
2013-09-03 09:55:27 +02:00
Hongwei Bi
461b1c8b7b Fix memory leak in cmdAttachDisk
When virBufferError is ok in cmdAttachDisk, the latter
should 'goto cleanup', instead of returning a false to
prevent memory leaking.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-31 15:50:23 -06:00
Eric Blake
b9189c808b build: only create virt-login-shell for lxc builds
I noticed from an ./autobuild.sh run that we were installing a
virt-login-shell.exe binary when cross-building for mingw,
even though such a binary is necessarily worthless since the
code depends on lxc which is a Linux-only concept.

* tools/Makefile.am (conf_DATA, bin_PROGRAMS, dist_man1_MANS):
Make virt-login-shell installation conditional.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-30 14:00:56 -06:00
Peter Krempa
8c725cc10d virsh-domain: rename print_job_progress to vshPrintJobProgress 2013-08-30 09:38:51 +02:00
Eric Blake
8aecd35126 virsh: detect programming errors with option parsing
Noticed while reviewing another patch that had an accidental
mismatch due to refactoring.  An audit of the code showed that
very few callers of vshCommandOpt were expecting a return of
-2, indicating programmer error, and of those that DID check,
they just propagated that status to yet another caller that
did not check.  Fix this by making the code blatantly warn
the programmer, rather than silently ignoring it and possibly
doing the wrong thing downstream.

I know that we frown on assert()/abort() inside libvirtd
(libraries should NEVER kill the program that linked them),
but as virsh is an app rather than the library, and as this
is not the first use of assert() in virsh, I think this
approach is okay.

* tools/virsh.h (vshCommandOpt): Drop declaration.
* tools/virsh.c (vshCommandOpt): Make static, and add a
parameter.  Abort on programmer errors rather than making callers
repeat that logic.
(vshCommandOptInt, vshCommandOptUInt, vshCommandOptUL)
(vshCommandOptString, vshCommandOptStringReq)
(vshCommandOptLongLong, vshCommandOptULongLong)
(vshCommandOptBool): Adjust callers.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-28 14:48:24 -06:00
Jiri Denemark
74c5156f9d virt-sanlock-cleanup; Fix augtool usage
Surprisingly, augtool get (or print) returns "path = value" while we are
only interested in the value. We need to remove the "path = " part from
the augtool's output. The following is an example of the augtool command
as used in virt-sanlock-cleanup script:

$ augtool get /files/etc/libvirt/qemu-sanlock.conf/disk_lease_dir
/files/etc/libvirt/qemu-sanlock.conf/disk_lease_dir = /var/lib/libvirt/sanlock
2013-08-28 13:50:10 +02:00
Martin Kletzander
ac43da705f virsh: Fix debugging
Commit a0b6a36f "fixed" what abfff210 broke (URI precedence), but
there was still one more thing missing to fix.  When using virsh
parameters to setup debugging, those weren't honored, because at the
time debugging was initializing, arguments weren't parsed yet.  To
make ewerything work as expected, we need to initialize the debugging
twice, once before debugging (so we can debug option parsing properly)
and then again after these options are parsed.

As a side effect, this patch also fixes a leak when virsh is ran with
multiple '-l' parameters.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-08-28 09:38:04 +02:00
Michal Privoznik
2ab0948d0c virsh-pool.c: Don't jump over variable declaration
Since 785ff34bf8 we are using the outputStr variable in cleanup label.
However, there is a possibility to jump to the label before the variable
has been declared:

virsh-pool.c: In function 'cmdPoolList':
virsh-pool.c:1121:25: error: jump skips variable initialization [-Werror=jump-misses-init]
                         goto asprintf_failure;
                         ^
virsh-pool.c:1308:1: note: label 'asprintf_failure' defined here
 asprintf_failure:
 ^
virsh-pool.c:1267:11: note: 'outputStr' declared here
     char *outputStr = NULL;
2013-08-28 09:33:15 +02:00
Ján Tomko
14d5328681 virsh: free the caps list properly if one of them is invalid
VIR_FREE(caps) is not enough to free an array allocated
by vshStringToArray.

==17== 4 bytes in 1 blocks are definitely lost in loss record 4 of 728
==17==    by 0x4EFFC44: virStrdup (virstring.c:554)
==17==    by 0x128B10: _vshStrdup (virsh.c:125)
==17==    by 0x129164: vshStringToArray (virsh.c:218)
==17==    by 0x157BB3: cmdNodeListDevices (virsh-nodedev.c:409)

https://bugzilla.redhat.com/show_bug.cgi?id=1001536
2013-08-28 08:05:56 +02:00
Ján Tomko
785ff34bf8 virsh: free the formatting string when listing pool details
==23== 41 bytes in 1 blocks are definitely lost in loss record 626 of 727
==23==    by 0x4F0099F: virAsprintfInternal (virstring.c:358)
==23==    by 0x15D2C9: cmdPoolList (virsh-pool.c:1268)

https://bugzilla.redhat.com/show_bug.cgi?id=1001536
2013-08-28 08:05:56 +02:00
Ján Tomko
f733eac058 virsh: free the list from ListAll APIs even for 0 items
virsh secret-list leak when no secrets are defined:

==27== 8 bytes in 1 blocks are definitely lost in loss record 6 of 726
==27==    by 0x4E941DD: virAllocN (viralloc.c:183)
==27==    by 0x5037F1A: remoteConnectListAllSecrets (remote_driver.c:3076)
==27==    by 0x5004EC6: virConnectListAllSecrets (libvirt.c:16298)
==27==    by 0x15F813: vshSecretListCollect (virsh-secret.c:397)
==27==    by 0x15F0E1: cmdSecretList (virsh-secret.c:532)

And so do some other *-list commands.

https://bugzilla.redhat.com/show_bug.cgi?id=1001536
2013-08-28 08:05:56 +02:00
Ján Tomko
66d124b454 virsh: free messages after logging them to a file
The messages were only freed on error.

==12== 1,100 bytes in 1 blocks are definitely lost in loss record 698 of 729
==12==    by 0x4E98C22: virBufferAsprintf (virbuffer.c:294)
==12==    by 0x12C950: vshOutputLogFile (virsh.c:2440)
==12==    by 0x12880B: vshError (virsh.c:2254)
==12==    by 0x131957: vshCommandOptDomainBy (virsh-domain.c:109)
==12==    by 0x14253E: cmdStart (virsh-domain.c:3333)

https://bugzilla.redhat.com/show_bug.cgi?id=1001536
2013-08-28 08:05:56 +02:00
Guannan Ren
9eb444364e virsh: fix return value error of cpu-stats
virsh cpu-stats guest --start 0 --count 3
It outputs right but the return value is 1 rather than 0
echo $?
1

Found by running libvirt-autotest
./run -t libvirt --tests virsh_cpu_stats
2013-08-27 15:17:03 +08:00
Tomas Meszaros
a88924bc21 virsh: C99 style for info_domfstrim and opts_lxc_enter_namespace
Change info_domfstrim and opts_lxc_enter_namespace initialization style
to C99.
2013-08-26 10:23:16 -06:00
Ján Tomko
784cca89c5 Don't free NULL network in cmdNetworkUpdate
If the network has not been found, virNetworkFree(NULL)
was called, resulting in an extra error:
error: invalid network pointer in virNetworkFree

https://bugzilla.redhat.com/show_bug.cgi?id=1001094
2013-08-26 15:51:15 +02:00
Guido Günther
3e2799add2 Check for --no-copy-dt-needed linker flag
and use it when available
2013-08-22 16:17:36 +02:00
Guido Günther
d9527b6d56 Simplify RELRO_LDFLAGS
by adding it to AM_LDFLAGS instead of every linking rule and
by avoiding a forked grep.
2013-08-22 16:17:35 +02:00
Martin Kletzander
a0b6a36f94 Fix URI connect precedence
Commit abfff210 changed the order of vshParseArgv() and vshInit() in
order to make fix debugging of parameter parsing.  However, vshInit()
did a vshReconnect() even though ctl->name wasn't set according to the
'-c' parameter yet.  In order to keep both issues fixed, I've split
the vshInit() into vshInitDebug() and vshInit().

One simple memleak of ctl->name is fixed as a part of this patch,
since it is related to the issue it's fixing.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=999323
2013-08-22 09:54:41 +02:00
John Ferlan
db1382f322 virsh: Print cephx and iscsi usage
When using virsh secret-list - if the secret types are cephx or iscsi,
then allow fetch/print of the usage information. Prior to the change
the following would print:

UUID                                 Usage
-----------------------------------------------------------
1b40a534-8301-45d5-b1aa-11894ebb1735 Unused
a5ba3efe-6adf-4a6a-b243-f010a043e314 Unused

Afterwards:

UUID                                 Usage
-----------------------------------------------------------
1b40a534-8301-45d5-b1aa-11894ebb1735 ceph ceph_example
a5ba3efe-6adf-4a6a-b243-f010a043e314 iscsi libvirtiscsi
2013-08-20 13:27:44 -04:00
Peter Krempa
04898f60d2 virsh: Don't leak list of volumes when undefining domain with storage
Use the new semantics of vshStringToArray to avoid leaking the array of
volumes to be deleted. The array would be leaked in case the first
volume was found in the domain definition. Also refactor the code a bit
to sanitize naming of variables hoding arrays and dimensions of the
arrays.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050
2013-08-20 17:55:08 +02:00
Peter Krempa
5b5da08226 virsh-pool: Improve error message in cmdPoolList
Explicitly let the user know about the unknown pool type.
2013-08-20 17:55:08 +02:00
Peter Krempa
d64af6ce3c virsh: modify vshStringToArray to duplicate the elements too
At a slightly larger memory expense allow stealing of items from the
string array returned from vshStringToArray and turn the result into a
string list compatible with virStringSplit. This will allow to use the
common dealloc function.

This patch also fixes a few forgotten checks of return from
vshStringToArray and one memory leak.
2013-08-20 17:53:49 +02:00
Eric Blake
53924ad5d5 virt-pki-validate: add --help/--version option
Another program gains --help/--version :)

* tools/virt-pki-validate.in: Add option parsing.  Update
documentation to match.
* tools/Makefile.am (virt-pki-validate): Substitute version.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-19 20:25:53 -06:00