QEMU supports serving VNC over a unix domain socket rather than traditional
TCP host/port. This is specified with:
<graphics type='vnc' socket='/foo/bar/baz'/>
This provides better security access control than VNC listening on
127.0.0.1, but will cause issues with tools that rely on the lax security
(virt-manager in fedora runs as regular user by default, and wouldn't be
able to access a socket owned by 'qemu' or 'root').
Also not currently supported by any clients, though I have patches for
virt-manager, and virt-viewer should be simple to update.
v2:
schema: Make listen vs. socket a <choice>
This will allow us to record transient runtime state in vm->def, like
default VNC parameters. Accomplish this by adding an extra 'live' parameter
to SetDefTransient, with similar semantics to the 'live' flag for
AssignDef.
https://bugzilla.redhat.com/show_bug.cgi?id=562743
Also, fixes gnulib bug in dealing with strerror_r from glibc 2.13.
* .gnulib: Update to latest, for improved bootstrap.
* bootstrap: Resync from gnulib.
* autogen.sh (bootstrap): Add --bootstrap-sync, to make it easier
to keep bootstrap up-to-date. Pass optional --no-git through.
Reported by Aleksey Avdeev.
When restoring a saved qemu instance via JSON monitor, the vm is
left in a paused state. Turns out the 'cont' cmd was failing with
"MigrationExpected" error class and "An incoming migration is
expected before this command can be executed" error description
due to migration (restore) not yet complete.
Detect if 'cont' cmd fails with "MigrationExpecte" error class and
retry 'cont' cmd.
V2: Fix potential double-free noted by Laine Stump
Report VIR_ERR_CONFIG_UNSUPPORTED instead of VIR_ERR_INTERNAL_ERROR,
as it's valid in our domain schema, just unsupported by hypervisor
here.
* src/qemu/qemu_command.c
The code which set VNC passwords correctly had fallback for
the set_password command, but was lacking it for the
expire_password command. This made it impossible to start
a guest. It also failed to check whether QEMU was still
running after the initial 'set_password' command completed
* src/qemu/qemu_hotplug.c: Fix error handling when
password expiry fails
* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
return code for missing expire_password command
Avoid overwriting the real error message with a generic
OOM failure message, when machine type probe fails
* src/qemu/qemu_driver.c: Don't overwrite error
If the XML security model is NULL, it is assumed that the current
model will be used with dynamic labelling. The verify step is
meaningless and potentially crashes if dereferencing NULL
* src/security/security_manager.c: Skip NULL model on verify
The function virUnrefConnect() may call virReleaseConnect() to release
the dest connection, and the function virReleaseConnect() will call
conn->driver->close().
So the function virUnrefConnect() should be surrounded by
qemuDomainObjEnterRemoteWithDriver() and
qemuDomainObjExitRemoteWithDriver() to prevent possible deadlock between
two communicating libvirt daemons.
See commit f0c8e1cb37 for further details.
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
In some circumstances, libvirtd would issue two STOPPED events after it
stopped a domain. This was because an EOF event can arrive after a qemu
process is killed but before qemuMonitorClose() is called.
qemuHandleMonitorEOF() should ignore EOF when the domain is not running.
I wasn't able to reproduce this bug directly, only after adding an
artificial sleep() into qemudShutdownVMDaemon().
A large number of return values used 'return (0)' instead
of simply 'return 0'. Remove all these redundant brackets
so the style is consistent throughout the file
* src/libvirt.c: Remove redundant brackets
The driver table only has 10 slots, but there are potentially
11 drivers that need activating. Improve the error message
when driver registration fails
* src/libvirt.c: Increase driver table size & improve errors
The virLibConnError() function (and related ones) do not correctly
report line number info. Turn them all into macros so line numbers
are reported correctly. Drop the connection object in all of them
since it is no longer used.
Also from the virLibConnWarning() equivalents completely. Now
that the Xen driver is running 100% inside libvirtd, those
codepaths for secondary drivers cannot be reached.
* src/libvirt.c: Replace error functions with macros
* .gnulib: Update to latest, for sigpipe and sigaction modules.
* bootstrap.conf (gnulib_modules): Add siaction, sigpipe, strerror_r.
* tools/virsh.c (vshSetupSignals) [!SIGPIPE]: Delete, now that
gnulib guarantees it.
(SA_SIGINFO): Define for mingw fallback.
* src/util/virterror.c (virStrerror): Simplify, now that gnulib
guarantees the POSIX interface.
* configure.ac (AC_CHECK_FUNCS_ONCE): Drop redundant check.
(AM_PROG_CC_STDC): Move earlier, to keep autoconf happy.
The public object is called NWFilter but the corresponding private
object is called NWFilterPool. I don't see compelling reasons for this
Pool suffix. One might argue that an NWFilter is a "pool" of rules, etc.
Remove the Pool suffix from NWFilterPool. No functional change included.
Fixes regression introduced in commit 2211518, where all qemu 0.12.x
fails to start, as does qemu 0.13.x lacking the pci-assign device.
Prior to 2211518, the code was just ignoring a non-zero exit status
from the qemu child, but the virCommand code checked this to avoid
masking any other issues, which means the real bug of provoking
non-zero exit status has been latent for a longer time.
* src/qemu/qemu_capabilities.c (qemuCapsExtractVersionInfo): Check
for -device driver,? support.
(qemuCapsExtractDeviceStr): Avoid failure if all probed devices
are unsupported.
Reported by Ken Congyang.
https://bugzilla.redhat.com/show_bug.cgi?id=620363
When using -incoming stdio or -incoming exec:, qemu keeps the
stdin fd open long after the migration is complete. Not to
mention that exec:cat is horribly inefficient, by doubling the
I/O and going through a popen interface in qemu.
The new -incoming fd: of qemu 0.12.0 closes the fd after using
it, and allows us to bypass an intermediary cat process for
less I/O.
* src/qemu/qemu_command.h (qemuBuildCommandLine): Add parameter.
* src/qemu/qemu_command.c (qemuBuildCommandLine): Support
migration via fd: when possible. Consolidate migration handling
into one spot, now that it is more complex.
* src/qemu/qemu_driver.c (qemudStartVMDaemon): Update caller.
* tests/qemuxml2argvtest.c (mymain): Likewise.
* tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.args: New file.
* tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.xml: Likewise.
Currently, boot order can be specified per device class but there is no
way to specify exact disk/NIC device to boot from.
This patch adds <boot order='N'/> element which can be used inside
<disk/> and <interface/>. This is incompatible with the older os/boot
element. Since not all hypervisors support per-device boot
specification, new deviceboot flag is included in capabilities XML for
hypervisors which understand the new boot element. Presence of the flag
allows (but doesn't require) users to use the new style boot order
specification.
* tools/libvirt-guests.init.in: Rename...
* tools/libvirt-guests.init.sh: ...so that xgettext's language
detection via suffix will work.
* po/POTFILES.in: Update all references.
* tools/Makefile.am (EXTRA_DIST, libvirt-guests.init): Likewise.
* tools/libvirt-guests.init.sh: Use only POSIX shell features, which
includes using gettext.sh for translation rather than $"".
* tools/Makefile.am (libvirt-guests.init): Supply a few more substitutions.
* po/POTFILES.in: Mark that libvirt-guests.init needs translation.
Signed-off-by: Eric Blake <eblake@redhat.com>
Before the security driver was refactored in d6623003 seclabeltest and
secaatest were basically the same. seclabeltest was meant for SELinux
and secaatest for AppArmor. Both tests exited early when the specific
security driver backend wasn't enabled.
With the new security manager trying to initialize a disabled security
driver backend is an error that can't be distinguished from other errors
anymore. Therefore, the updated seclabeltest just asks for the first
available backend as this will always work even with SELinux and AppArmor
backend being disabled due to the new Nop backend.
Remove the obsolete secaatest and compile and run the seclabeltest
unconditional.
This fixes make check on systems that support AppArmor.
Display or set unlimited values for memory parameters. Unlimited is
represented by INT64_MAX in memory cgroup.
Signed-off-by: Nikunj A. Dadhania <nikunj@linux.vnet.ibm.com>
Reported-by: Justin Clift <jclift@redhat.com>
* .gnulib: Update, for sc_prohibit_strcmp fix.
* cfg.mk: Adjust copyright; the only FSF portions come from when
this file was copied from coreutils.
(sc_prohibit_strncmp): Copy bug-fixes from sc_prohibit_strcmp.
* .x-sc_prohibit_strcmp: Delete, now that rule is smarter.
* .x-sc_prohibit_strncmp: Likewise.
* Makefile.am (syntax_check_exceptions): Track deletion.
virLibConnError already includes __FUNCTION__ in its output, so we
were redundant. Furthermore, clang warns that __FUNCTION__ is not
a string literal (at least __FUNCTION__ will never contain %, so
it was not a security risk).
* src/datatypes.c: Replace __FUNCTION__ with a descriptive string.
This is in response to a request in:
https://bugzilla.redhat.com/show_bug.cgi?id=665293
In short, under heavy load, it's possible for qemu's networking to
lock up due to the tap device's default 1MB sndbuf being
inadequate. adding "sndbuf=0" to the qemu commandline -netdevice
option will alleviate this problem (sndbuf=0 actually sets it to
0xffffffff).
Because we must be able to explicitly specify "0" as a value, the
standard practice of "0 means not specified" won't work here. Instead,
virDomainNetDef also has a sndbuf_specified, which defaults to 0, but
is set to 1 if some value was given.
The sndbuf value is put inside a <tune> element of each <interface> in
the domain. The intent is that further tunable settings will also be
placed inside this element.
<interface type='network'>
...
<tune>
<sndbuf>0</sndbuf>
...
</tune>
</interface>
This patch is in response to
https://bugzilla.redhat.com/show_bug.cgi?id=643050
The existing libvirt support for the vhost-net backend to the virtio
network driver happens automatically - if the vhost-net device is
available, it is always enabled, otherwise the standard userland
virtio backend is used.
This patch makes it possible to force whether or not vhost-net is used
with a bit of XML. Adding a <driver> element to the interface XML, eg:
<interface type="network">
<model type="virtio"/>
<driver name="vhost"/>
will force use of vhost-net (if it's not available, the domain will
fail to start). if driver name="qemu", vhost-net will not be used even
if it is available.
If there is no <driver name='xxx'/> in the config, libvirt will revert
to the pre-existing automatic behavior - use vhost-net if it's
available, and userland backend if vhost-net isn't available.
We try to use that command first when setting a VNC/SPICE password. If
that doesn't work we fallback to the legacy VNC only password
Allow an expiry time to be set, if that doesn't work, throw an error
if they try to use SPICE.
Change since v1:
- moved qemuInitGraphicsPasswords to qemu_hotplug, renamed
to qemuDomainChangeGraphicsPasswords.
- updated what looks like a typo (that appears to work anyway) in
initial patch from Daniel:
- ret = qemuInitGraphicsPasswords(driver, vm,
- VIR_DOMAIN_GRAPHICS_TYPE_SPICE,
- &vm->def->graphics[0]->data.vnc.auth,
- driver->vncPassword);
+ ret = qemuInitGraphicsPasswords(driver, vm,
+ VIR_DOMAIN_GRAPHICS_TYPE_SPICE,
+ &vm->def->graphics[0]->data.spice.auth,
+ driver->spicePassword);
Based on patch by Daniel P. Berrange <berrange@redhat.com>.
I broke 'make check' with commit 04197350 by unconditionally
emitting 'hap=' in xen xm driver. Only emit 'hap=' if
xendConfigVersion >= 3. I've tested sending 'hap=' to a Xen 3.2
machine without support for hap setting and verified that xend
silently drops the unrecognized setting.
