Commit Graph

361 Commits

Author SHA1 Message Date
Andrea Bolognani
81c2486ab7 examples: Move and install shell examples
The virt-lxc-convert shell script is at this point the
only example we don't install on the target system.

Create a sh/ subdirectory, following the example set by
the existing polkit/, systemtap/ and xml/, and move the
script there; then add rules that will install all example
shell scripts as documentation.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:35 +02:00
Andrea Bolognani
bc43533e53 examples: Install remaining XML examples
We already install nwfilters separately.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:32 +02:00
Andrea Bolognani
a37b59c39f examples: Install SystemTap examples
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:30 +02:00
Andrea Bolognani
925bfbd809 examples: Install Polkit examples
Right now we install the files in RPMs only, and we include
them in the -daemon package which is probably not the best
option either. Start installing them via autotools; the RPMs
will get them automatically in the -docs package.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:28 +02:00
Andrea Bolognani
db4529c5ee examples: Install nwfilters without shell scripting
We're doing nothing more than copying files to a target
directory, so we don't need any custom shell commands and
can just use the standard autotools data installation
support instead.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:25 +02:00
Andrea Bolognani
24f62f7bf1 examples: Drop unnecessary $(mkinstalldirs) call
$(mkinstalldirs) works like 'mkdir -p' in that it will
create all the necessary parts of the path leading up to
the actual directory, which means creating $(examplesdir)
beforehand is not necessary.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:23 +02:00
Andrea Bolognani
a5544e021f examples: Move $(WARN_CFLAGS) to $(AM_CFLAGS)
$(AM_CPPFLAGS) is for passing options to the C preprocessor,
not the C compiler, and the stuff in $(WARN_CFLAGS) belongs
to the latter category.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:21 +02:00
Andrea Bolognani
0a7b5b6e10 examples: Move $(STATIC_BINARIES) to $(AM_LDFLAGS)
$(LDADD) is for object files that should be added during
linking, not for options that should be passed to the
linker: that's what $(AM_LDFLAGS) is for.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:19 +02:00
Andrea Bolognani
9469bb3710 examples: Don't look for headers in $(top_srcdir)
The C programs in this directory are supposed to be only
using public functions, so having $(top_srcdir) in the
header search path is unnecessary at best and actively
harmful at worst.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:17 +02:00
Andrea Bolognani
40d4aaf928 examples: Remove $(WARN_CFLAGS) from $(LDADD)
$(WARN_CFLAGS) contains options intended for the compiler,
whereas $(LDADD) is supposed to list additional objects
required during linking, so the former clearly doesn't
belong in the latter.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:15 +02:00
Andrea Bolognani
40c230fa2a examples: Reformat $(AM_CPPFLAGS) and $(LDADDS)
This will make further changes easier to review.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:13 +02:00
Andrea Bolognani
f91dfc4890 examples: Drop object_events_event_test_CFLAGS
$(AM_CPPFLAGS) already includes $(WARN_CFLAGS), so this is
not doing anything useful.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:11 +02:00
Andrea Bolognani
6d3ac4f722 examples: Fix installation on Windows
We can't rely on $(noinst_PROGRAMS) retaining its original
value, so let's use a separate $(EXAMPLES) variable instead.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-05-17 16:05:51 +02:00
Andrea Bolognani
4faaaa8b27 examples: Install under $(docdir)
Our build system doesn't currently install the various
example programs provided along libvirt; however, both the
upstream .spec file and the Debian packaging go out of
their way to make sure these useful demos are included in
the respective documentation packages.

Moreover, doing so without help from the upstream build
system is easy to get wrong: the libvirt-docs RPM package,
for example, ends up missing one of the examples and
including a bunch of empty .deps/ directories.

Install the examples in $(docdir) as part of our regular
procedure, so that users and downstreams don't have to do
anything special about them.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-05-13 12:02:17 +02:00
Martin Kletzander
6a6453fb56 examples: Initialize @pos in domtop.c
This is a zero-cost workaround for a bug in GCC 8.3.0 which causes the
compilation to fail, because the compiler thinks that the value might be used
uninitialized even though it clearly cannot be.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2019-04-15 11:39:26 +02:00
Daniel P. Berrangé
dfa0011826 examples: enable all compiler warnings
Now that all the examples are warning free, keep it that way by enabling
all the normal compiler warning flags.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-05 15:33:36 +01:00
Daniel P. Berrangé
b69e14fed6 dominfo: make example more useful
The example currently assumes that a NULL URI will open Xen and thus
also assumes that a domain with ID 0 exists. Change it to require the
URI and a domain name as command line arguments.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-05 15:33:33 +01:00
Daniel P. Berrangé
54fd8d5e52 domtop: remove unused domain name parameter
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-05 15:33:30 +01:00
Daniel P. Berrangé
a80ba80891 examples: avoid goto jump over initialization of variable
Jumping over the declaration and initialization of a variable is bad as
it means the jump target sees a potentially non-initialized variable.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-05 15:33:25 +01:00
Daniel P. Berrangé
11ea62665c examples: fix 64-bit integer formatting on Windows
The Windows printf functions don't support %llu/%lld for printing 64-bit
integers. For most of libvirt this doesn't matter as we rely on gnulib
which provides a replacement printf that is sane.

The example code is designed to compile against the normal OS headers,
with no use of gnulib and thus has to use the platform specific printf.
To deal with this we must use the macros PRI* macros from inttypes.h
to get the platform specific format string.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-03 11:34:25 +01:00
Cole Robinson
f38d553e2d configure: Remove --enable-test-coverage
We provide a custom configure option --enable-test-coverage and
'make cov' target to generate code coverage reports. However gnulib
already provides a 'make coverage' which 'just works' and doesn't
require a special configure option.

This drops our custom implementation in favor of 'make coverage'.
Reports are now output to cov/index.html

Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-14 20:47:15 -04:00
Michal Privoznik
ab2e90006d Drop some useless comparisons and checks
In these cases the check that is removed has been done a few
lines above already (as can even be seen in the context). Drop
them.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-03-07 09:22:47 +01:00
Andrea Bolognani
6ee53e54dc apparmor: Move static data out of examples/
These files need to be installed on the system for apparmor
support to work, so they don't belong with examples.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-01-10 16:48:12 +01:00
Eric Blake
45b439c3af examples: Work around lack of mingw localtime_r()
mingw lacks localtime_r(); we were getting it from gnulib. But since
commit acf522e8 stopped linking examples against gnulib, we are
getting a build failure. Keep the examples standalone, and work
around mingw by using the non-reentrant localtime() (safe since our
examples are single-threaded), and add a necessary exemption to our
syntax check.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-08 14:47:21 -06:00
Eric Blake
414afc8dbe examples: Work around lack of mingw sigaction()
mingw lacks sigaction(); we were getting it from gnulib. But since
commit acf522e8 stopped linking examples against gnulib, we are
getting a build failure. Keep the examples standalone, and work
around mingw by using signal() instead.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-08 14:47:04 -06:00
Eric Blake
358b6b593e examples: Work around mingw printf() weakness
mingw lacks %lld and %zu support in printf(); we were getting it
from gnulib. But since commit acf522e8 stopped linking examples
against gnulib, we are getting a build failure due to -Wformat
flagging these strings. Keep the examples standalone, and work
around mingw by using manual casts to types we can portably print.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-08 14:46:35 -06:00
Eric Blake
acf522e85a examples: Avoid gnulib, have standalone examples
Commit 0c6ad476 updated gnulib, which rearranged some of the
conditions in gnulib wrapper headers such that compilation
started failing on BSD systems when the normal system <unistd.h>
tried to include another system header but instead got a
gnulib wrapper header in an incomplete state; this is because
gnulib headers only work if <config.h> is included first.

Commit b6f78259 papered over the symptoms of that by including
<config.h> in all the examples.  But this logic is backwards -
if our examples are truly meant to be stand-alone, they should
NOT depend on how libvirt was configured, and should NOT
depend on the gnulib fixes for system quirks.  In particular,
if an example does not need to link against libgnulib.la,
then it also does not need to use -Ignulib in its compile
flags, and likewise does not need to include <config.h> since
none of the gnulib wrapper headers should be interfering.

So, revert (most of) b6f78259 (except for the bogus pre-patch
use of "config.h" in admin/logging.c: if config.h is included,
it should be via <> rather than "", and must be before any
system headers); then additionally nuke all mention of
<config.h>, -Ignulib, and -llibgnu.la, making all of the
examples truly standalone.

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-01-08 09:26:51 -06:00
Eric Blake
6933ebc497 examples: Drop event-test.c dependency on gnulib <verify.h>
Pulling in gnulib just for the <verify.h> header is rather
expensive, especially since that header does not require us
to link against gnulib.  It's better to make the event-test
example be standalone by just open-coding a more limited form
of a verify() macro that depends on modern gcc (we have enough
CI coverage that even though the verify is now a no-op in
older setups, we will still notice if we fail to add an event
- as a quick test, I was still able to provoke a compile
failure on Fedora 29 when deleting a line from domainEvents).

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-01-08 09:26:18 -06:00
Eric Blake
1862a55462 maint: Prefer AM_CPPFLAGS over INCLUDES
Our use of INCLUDES in Makefile.am hearkens back to when we had to
cater to automake 1.9.6 (thanks, RHEL 5) which lacked AM_CPPFLAGS.
Modern Automake flags a warning that INCLUDES is deprecated, and
now that we mandate RHEL 7 or better (see commit c1bc9c66), we no
longer have to cater to the old spelling.  This change will also
make it easier to do per-binary CPPFLAGS.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-01-07 16:46:55 -06:00
Ján Tomko
b6f7825992 examples: include config.h
Since gnulib commit 6954995d unistd.h is included via stdlib.h
on BSD systems, which requires config.h to be included first.

Add config.h to the files that use it.

Part of this commit reverts commit 6ee918de74

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-01-07 09:21:32 +01:00
Ján Tomko
31903c4a5d examples: add spaces after #include
Lead by example in examples/

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-01-07 09:21:32 +01:00
Michal Privoznik
c99e954973 Remove even more Author(s): lines from source files
In 600462834f we've tried to remove Author(s): lines
from comments at the beginning of our source files. Well, in some
files while we removed the "Author" line we did not remove the
actual list of authors.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-01-03 13:24:18 +01:00
Daniel P. Berrangé
600462834f Remove all Author(s): lines from source file headers
In many files there are header comments that contain an Author:
statement, supposedly reflecting who originally wrote the code.
In a large collaborative project like libvirt, any non-trivial
file will have been modified by a large number of different
contributors. IOW, the Author: comments are quickly out of date,
omitting people who have made significant contribitions.

In some places Author: lines have been added despite the person
merely being responsible for creating the file by moving existing
code out of another file. IOW, the Author: lines give an incorrect
record of authorship.

With this all in mind, the comments are useless as a means to identify
who to talk to about code in a particular file. Contributors will always
be better off using 'git log' and 'git blame' if they need to  find the
author of a particular bit of code.

This commit thus deletes all Author: comments from the source and adds
a rule to prevent them reappearing.

The Copyright headers are similarly misleading and inaccurate, however,
we cannot delete these as they have legal meaning, despite being largely
inaccurate. In addition only the copyright holder is permitted to change
their respective copyright statement.

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-13 16:08:38 +00:00
Jim Fehlig
b0d4365a7f build: Fix uninstall when WITH_APPARMOR_PROFILES is defined
When libvirt configuration includes '--with-apparmor-profiles', the
make uninstall target fails

make[1]: Entering directory '/home/jim/upstream/libvirt/examples'
 ( cd '/etc/apparmor.d//abstractions' && rm -f libvirt-qemu libvirt-lxc )
 ( cd '/etc/apparmor.d/' && rm -f usr.lib.libvirt.virt-aa-helper usr.sbin.libvirtd )
make[1]: *** No rule to make target 'uninstall-apparmor-local', needed by
'uninstall-local'.  Stop.

Add missing 'uninstall-apparmor-local' target to the examples Makefile.am.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-11-13 11:47:10 -07:00
Andrea Bolognani
167ce7117b examples: Add missing quotes
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2018-11-13 18:13:04 +01:00
Christian Ehrhardt
8741b94351
apparmor: fix ptrace rules with kernel 4.18
Due to kernel upstream change 338d0be4 ("apparmor: fix ptrace read check")
libvirt now hits apparmor denies like:
  apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd"
  pid=4409 comm="libvirtd" requested_mask="read" denied_mask="read"
  peer="libvirt-14e92a75-7668-4b97-8f92-322fc1b9c78a"

Extend the ptrace rule to also allow 'ptrace (read)' for libvirtd to work
with these newer kernels.

Fixes: https://bugs.launchpad.net/bugs/1788603

Reported-by: Thadeu Lima de Souza Cascardo <thadeu.cascardo@canonical.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-08-27 10:46:45 +02:00
Christian Ehrhardt
84f30010a9
apparmor: allow to preserve /dev mountpoints into qemu namespaces
Libvirt now tries to preserve all mounts under /dev in qemu namespaces.
The old rules only listed a set of known paths but those are no more enough.

I found some due to containers like /dev/.lxc/* and such but also /dev/console
and /dev/net/tun.

Libvirt is correct to do so, but we can no more predict the names properly, so
we modify the rule to allow a wildcard based pattern matching what libvirt does.

Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-08-16 13:10:09 +02:00
Christian Ehrhardt
aa9e3354ef
apparmor: allow expected /tmp access patterns
Several cases were found needing /tmp, for example ceph will try to list /tmp
This is a compromise of security and usability:
 - we only allow generally enumerating the base dir
 - enumerating anything deeper in the dir is at least guarded by the
   "owner" restriction, but while that protects files of other services
   it won't protect qemu instances against each other as they usually run
   with the same user.
 - even with the owner restriction we only allow read for the wildcard
   path

Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-08-16 13:07:37 +02:00
Christian Ehrhardt
a2028ae716
apparmor: add mediation rules for unconfined guests
If a guest runs unconfined <seclabel type='none'>, but libvirtd is
confined then the peer for signal can only be detected as
'unconfined'. That triggers issues like:
   apparmor="DENIED" operation="signal"
   profile="/usr/sbin/libvirtd" pid=22395 comm="libvirtd"
   requested_mask="send" denied_mask="send" signal=term peer="unconfined"

To fix this add unconfined as an allowed peer for those operations.

I discussed with the apparmor folks, right now there is no better
separation to be made in this case. But there might be further down the
road with "policy namespaces with scope and view control + stacking"

This is more a use-case addition than a fix to the following two changes:
- 3b1d19e6 AppArmor: add rules needed with additional mediation features
- b482925c apparmor: support ptrace checks

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Acked-by: intrigeri <intrigeri+libvirt@boum.org>
2018-08-16 12:58:56 +02:00
Christian Ehrhardt
1262cbf3a0
apparmor: allow openGraphicsFD for virt manager >1.4
virt-manager's UI connection will need socket access for openGraphicsFD
to work - otherwise users will face a failed connection error when
opening the UI view.

Depending on the exact versions of libvirt and qemu involved this needs
either a rule from qemu to libvirt or vice versa.

Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-08-16 12:58:56 +02:00
Michal Privoznik
cfdc0c771a Forget last daemon/ dir artefacts
The most important part is LIBVIRTD_PATH env var fix. It is used
in virFileFindResourceFull() from tests. The libvirtd no longer
lives under daemon/.

Then, libvirtd-fail test was still failing (as expected) but not
because of missing config file but because it was trying to
execute (nonexistent) top_builddir/daemon/libvirtd which
fulfilled expected outcome and thus test did not fail.

Thirdly, lcov was told to generate coverage for daemon/ dir too.

Fourthly, our compiling documentation was still suggesting to run
daemonn/libvirtd.

And finally, some comments in a systemtap file and a probes file
were still referring to daemon/libvirtd.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-07-27 15:44:38 +02:00
Ales Musil
ac01fbc90b examples: Add clean-traffic-gateway into nwfilters
The filter purpose is to simulate isolated private VLAN.

The behavior can be achieved by limiting network traffic
to traffic between VM and gateway. Because there is no
concept of the PVLAN in the linux bridge.

The filter also contains parts from clean-traffic
to prevent VM from spoofing its IP and MAC address.

To use this filter the user just needs to set
the GATEWAY_MAC variable to gateway MAC address.

Signed-off-by: Ales Musil <amusil@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2018-07-18 14:03:47 +02:00
Marcos Paulo de Souza
6ee918de74 examples: Remove config.h from hellolibvirt and openauth
These two examples do not use any definition from config.h, and by
removing it these examples can be compiled standalone.

Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-09 08:53:11 +02:00
Michal Privoznik
0b5caa0dc3 apparmor: Fix forgotten comma at EOL
The commit of 1fff379ff6 forgot comma at the end of the line
rendering the file invalid in syntax.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-07-04 07:59:29 +02:00
Stefan Berger
43b0b4f834 security: Add swtpm paths to the domain's AppArmor profile
This patch extends the AppArmor domain profile with file paths
the swtpm accesses for state, log, pid, and socket files.

Both, QEMU and swtpm, use this AppArmor profile.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-06-28 06:50:43 -04:00
Christian Ehrhardt
a15bab0c68
apparmor: fix vfio usage without initial hostdev
The base vfio has not much functionality but to provide a custom
container by opening this path.
See https://www.kernel.org/doc/Documentation/vfio.txt for more.

Systems with static hostdevs will get /dev/vfio/vfio by virt-aa-hotplug
right from the beginning. But if the guest initially had no hostdev at
all it will run into the following deny before the security module
labelling callbacks will make the actual vfio device (like /dev/vfio/93)
known.

Example of such a deny:
[ 2652.756712] audit: type=1400 audit(1491303691.719:25):
  apparmor="DENIED" operation="open"
  profile="libvirt-17a61b87-5132-497c-b928-421ac2ee0c8a"
  name="/dev/vfio/vfio" pid=8486 comm="qemu-system-x86"
  requested_mask="wr" denied_mask="wr" fsuid=64055 ouid=0

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1678322
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1775777

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-06-12 16:09:25 +02:00
intrigeri
1fff379ff6 AppArmor: allow virt-aa-helper read access to Nova's qcow backing files.
As reported on https://bugs.debian.org/892431, without this rule, when launching
a QEMU KVM instance, an error occurs immediately upon launching the QEMU
process such as:

  Could not open backing file: Could not open
  '/var/lib/nova/instances/_base/affe96668a4c64ef380ff1c71b4caec17039080e':
  Permission denied

The other instance disk images are already covered by the existing rule:

  /**/disk{,.*} r

Signed-off-by: intrigeri <intrigeri@boum.org>
2018-06-12 10:43:37 +02:00
Daniel P. Berrangé
a2fd657b86 lxc: allow use of lxc:///system URI as preferred format
Historically we have used a bare lxc:/// URI for connecting to LXC. This
is different from our practice with QEMU, UML, Parallels, Libxl, BHyve
and VirtualBox drivers, which all use a path of '/system' or '/session'
or both.

By making LXC allow '/system', we have fully standardized on the use of
either '/system' or '/session' for all the stateful drivers that run
inside libvirtd.

Support for lxc:/// is of course maintained for back-compat.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-12 16:52:01 +01:00
Christian Ehrhardt
6a9bdf3f25
apparmor: add rules to use qemu_bridge_helper
Due to mediation of socket and signal activity currently qemu:///session
connections calling qemu_bridge_helper fail.

We need the profile for libvirtd itself and the subprofile for
qemu-bridge-helper to be able to talk/notify to each other via unix socket and
signals.

Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1754871

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2018-04-12 11:09:29 +02:00
Christian Ehrhardt
dadfba923a
apparmor: add ro rule for sasl GSSAPI plugin on /etc/gss/mech.d/
If a system has sasl GSSAPI plugin available qemu with sasl support will
try to read /etc/gss/mech.d/.

It is required to allow that to let the modules fully work and it should
be safe to do so as it only registers/configures plugins but has no secrets.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-03-08 17:35:36 +01:00
Guido Günther
7edcbd02aa apparmor: allow libvirt to send term signal to unconfined
Otherwise stopping domains with qemu://session fails like

[164012.338157] audit: type=1400 audit(1516202208.784:99): apparmor="DENIED" operation="signal" profile="/usr/sbin/libvirtd" pid=18835 comm="libvirtd" requested_mask="send" denied_mask="send" signal=term peer="unconfined"
2018-02-06 17:26:29 +01:00
intrigeri
904cdd09bc On startup libvirtd runs a number of QEMU processes unconfined such as:
/usr/bin/qemu-system-x86_64 -S -no-user-config -nodefaults -nographic -machine none,accel=kvm:tcg -qmp unix:/var/lib/libvirt/qemu/capabilities.monitor.sock,server,nowait -pidfile /var/lib/libvirt/qemu/capabilities.pidfile -daemonize

libvirtd needs to be allowed to kill these processes, otherwise they
remain running.
2018-01-17 16:28:27 +01:00
Jamie Strandboge
5924977870 apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
Required to generate correct profiles when using usb passthrough.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/565691

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: Jamie Strandboge <jamie@ubuntu.com>
Acked-by: Intrigeri <intrigeri@boum.org>
2018-01-09 10:08:57 +01:00
Jamie Strandboge
dfd960bca6 apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
This is required for the ebtables functionality added in
libvirt 0.8.0.

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2018-01-09 10:08:22 +01:00
Christian Ehrhardt
39cb94e575 apparmor, libvirt-qemu: qemu won't call qemu-nbd
While libvirtd might do so, qemu itself as a guest will not need
to call qemu-nbd so remove it from the profile.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2018-01-09 10:06:32 +01:00
Christian Ehrhardt
e24d01cb33 apparmor, libvirt-qemu: add default pki path of libvirt-spice
Adding the PKI path that is used as default suggestion in src/qemu/qemu.conf
If people use non-default paths they should use local overrides but the
suggested defaults we should open up.

This is the default path as referenced by src/qemu/qemu.conf in libvirt.

While doing so merge the several places we have to cover PKI access into
one.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1690140

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-01-09 10:06:04 +01:00
Jamie Strandboge
aa889e412d apparmor, libvirt-qemu: Allow qemu-block-extra libraries
Allows (multi-arch enabled) access to libraries under the
/usr/lib/@{multiarch}/qemu/*.so path in the Debian/Ubuntu
qemu-block-extra package and all such libs for the paths
of rpm qemu-block-* packages.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1554761

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-01-09 10:02:33 +01:00
Stefan Bader
50ce59b616 apparmor, libvirt-qemu: Silence lttng related deny messages
Prevent denial messages related to attempted reads on lttng
files from spamming the logs.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1432644

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2018-01-09 09:59:29 +01:00
Serge Hallyn
27199d8664 apparmor, libvirt-qemu: Allow use of sgabios
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1393548

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2018-01-09 09:57:59 +01:00
Cédric Bosdonnat
259a2cc34e apparmor: fix virt-aa-helper profile
Fix rule introduced by commit 0f33025a:
  * to handle /var/run not being a symlink to /run
  * to be properly parsed: missing comma at the end.
2018-01-03 17:33:28 +01:00
Christian Ehrhardt
8f882cf36e apparmor: allow unix stream for p2p migrations
On live migration with --p2p like:
 $ virsh migrate --live --p2p kvmguest-bionic-normal \
       qemu+ssh://10.6.221.80/system

We hit an apparmor deny like:
  apparmor="DENIED" operation="file_inherit"
  profile="/usr/sbin/libvirtd" pid=23477 comm="ssh" family="unix"
  sock_type="stream" protocol=0 requested_mask="send receive"
  denied_mask="send" addr=none peer_addr=none peer="unconfined"

The rule is not perfect, but can't be restricted further at the moment
(new upstream kernel features needed). For now the lack of a profile on the
peer as well as comm not being a conditional on rules do not allow to filter
further.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-01-03 09:45:21 +01:00
Cédric Bosdonnat
0f33025a43 virt-aa-helper: handle more disk images
virt-aa-helper needs read access to the disk image to resolve symlinks
and add the proper rules to the profile. Its profile whitelists a few
common paths, but users can place their images anywhere.

This commit helps users allowing access to their images by adding their
own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.

This commit also adds rules to allow reading files named:
  - *.raw as this is a rather common disk image extension
  - /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox
2017-12-20 11:05:54 +01:00
Jim Fehlig
0af5ced4b8 apparmor: allow qemu abstraction to read /proc/pid/cmdline
Noticed the following denial in audit.log when shutting down
an apparmor confined domain

type=AVC msg=audit(1512002299.742:131): apparmor="DENIED"
operation="open" profile="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff"
name="/proc/1475/cmdline" pid=2958 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=469 ouid=0

Squelch the denial by allowing read access to /proc/<pid>/cmdline.
2017-12-04 07:00:14 -07:00
intrigeri
3343ab0cd9 AppArmor: add mount rules needed with additional mediation features brought by Linux 4.14
This set of rules was proposed by Christian Boltz <apparmor@cboltz.de>
on https://bugzilla.opensuse.org/show_bug.cgi?id=1065123.
2017-11-19 19:16:27 +01:00
intrigeri
3b1d19e6c9 AppArmor: add rules needed with additional mediation features brought by Linux 4.14. 2017-11-19 19:16:27 +01:00
Christian Ehrhardt
b4470515f6 apparmor, virt-aa-helper: allow ipv6
In case ipv6 is used the network inet6 permission is required for
virt-aa-helper.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-11-07 16:57:32 +01:00
Christian Ehrhardt
37a4e6d430 apparmor: allow qemu to read max_segments
Since qemu 2.9 via 9103f1ce "file-posix: Consider max_segments for
BlockLimits.max_transfer" this is a new access that is denied by the
qemu profile.

It is non fatal, but prevents the fix mentioned to actually work.
It should be safe to allow reading from that path.

Since qemu opens a symlink path we need to translate that for apparmor from
"/sys/dev/block/*/queue/max_segments" to
"/sys/devices/**/block/*/queue/max_segments"

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-11-07 16:57:32 +01:00
Andrea Bolognani
3e7db8d3e8 Remove backslash alignment attempts
Right-aligning backslashes when defining macros or using complex
commands in Makefiles looks cute, but as soon as any changes is
required to the code you end up with either distractingly broken
alignment or unnecessarily big diffs where most of the changes
are just pushing all backslashes a few characters to one side.

Generated using

  $ git grep -El '[[:blank:]][[:blank:]]\\$' | \
    grep -E '*\.([chx]|am|mk)$$' | \
    while read f; do \
      sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \
    done

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 13:24:12 +01:00
Christian Ehrhardt
d4d50bcc79 virt-aa-helper: fix libusb access to udev usb descriptions
In bf3a4140 "virt-aa-helper: fix libusb access to udev usb data" the
libusb access to properly detect the device/bus ids was fixed.

The path /run/udev/data/+usb* contains a subset of that information we
already allow to be read and are currently not needed for the function
qemu needs libusb for. But on the init of libusb all those files are
still read so a lot of apparmor denials can be seen when using usb host
devices, like:
  apparmor="DENIED" operation="open" name="/run/udev/data/+usb:2-1.2:1.0"
  comm="qemu-system-x86" requested_mask="r" denied_mask="r"

Today we could silence the warnings with a deny rule without breaking
current use cases. But since the data in there is only a subset of those
it can read already it is no additional information exposure. And on the
other hand a future udev/libusb/qemu combination might need it so allow
the access in the default apparmor profile.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-10-26 12:48:32 +02:00
Jim Fehlig
c44b29aacb apparmor: add dnsmasq ptrace rule to libvirtd profile
Commit b482925c added ptrace rule for the apparmor profiles,
but one was missed in the libvirtd profile for dnsmasq. It was
overlooked since the test machine did not have an active libvirt
network requiring dnsmasq that was also set to autostart. With
one active and set to autostart, the following denial is observed
in audit.log when restarting libvirtd

type=AVC msg=audit(1507320136.306:298): apparmor="DENIED" \
operation="ptrace" profile="/usr/sbin/libvirtd" pid=5472 \
comm="libvirtd" requested_mask="trace" denied_mask="trace" \
peer="/usr/sbin/dnsmasq"

With an active network, I suspect a libvirtd restart causes access
to /proc/<dnsmasq-pid>/*, hence the resulting denial. As a nasty
side affect of the denial, libvirtd thinks it needs to spawn a
dnsmasq process even though one is already running for the network.
E.g. after two libvirtd restarts

dnsmasq   1683  0.0  0.0  51188  2612 ?        S    12:03   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root      1684  0.0  0.0  51160   576 ?        S    12:03   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
dnsmasq   4706  0.0  0.0  51188  2572 ?        S    13:54   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root      4707  0.0  0.0  51160   572 ?        S    13:54   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
dnsmasq   4791  0.0  0.0  51188  2580 ?        S    13:56   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root      4792  0.0  0.0  51160   572 ?        S    13:56   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper

A simple fix is to add a ptrace rule for dnsmasq.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-By: Guido Günther <agx@sigxcpu.org>
2017-10-06 16:39:15 -06:00
Christian Ehrhardt
bf3a414087 virt-aa-helper: fix libusb access to udev usb data
libusb as used by qemu needs to read data from /run/udev/data/ about usb
devices. That is read once on the first initialization of libusb_init by
qemu.

Therefore generating just the device we need would not be sufficient as
another hotplug later can need another device which would fail as the
data is no more re-read at this point.

But we can restrict the paths very much to just the major number of
potential usb devices which will make it match approximately the detail
that e.g. an lsusb -v would reveal - that is much safer than the
"/run/udev/data/* r" blanket many users are using now as a workaround.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-10-06 11:14:49 +02:00
Jim Fehlig
b482925c22 apparmor: support ptrace checks
Kernel 4.13 introduced finer-grained ptrace checks

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.13.2&id=290f458a4f16f9cf6cb6562b249e69fe1c3c3a07

With kernel 4.13 and apparmor 2.11, simply starting libvirtd
results in the following apparmor denial

type=AVC msg=audit(1506112085.645:954): apparmor="DENIED"
operation="ptrace" profile="/usr/sbin/libvirtd" pid=6984
comm="libvirtd" requested_mask="trace" denied_mask="trace"
peer="unconfined"

Attempting to start an unconfined domain results in

type=AVC msg=audit(1506112301.227:1112): apparmor="DENIED"
operation="ptrace" profile="/usr/sbin/libvirtd" pid=7498
comm="libvirtd" requested_mask="trace" denied_mask="trace"
peer="/usr/sbin/libvirtd"

And attempting to start a confined domain results in

type=AVC msg=audit(1506112631.408:1312): apparmor="DENIED"
operation="open" profile="virt-aa-helper" name="/etc/libnl/classid"
pid=8283 comm="virt-aa-helper" requested_mask="r" denied_mask="r"
fsuid=0 ouid=0
type=AVC msg=audit(1506112631.530:1319): apparmor="DENIED"
operation="open" profile="virt-aa-helper" name="/etc/libnl/classid"
pid=8289 comm="virt-aa-helper" requested_mask="r" denied_mask="r"
fsuid=0 ouid=0
type=AVC msg=audit(1506112632.186:1324): apparmor="DENIED"
operation="ptrace" profile="/usr/sbin/libvirtd" pid=8342
comm="libvirtd" requested_mask="trace" denied_mask="trace"
peer="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff"

Add ptrace rules to allow the trace operations.

Resolves: https://bugzilla.suse.com/show_bug.cgi?id=1058847
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Guido Günther <agx@sigxcpu.org>
2017-09-25 12:03:35 +02:00
Julio Faracco
b06521928c storage: Add new events for *PoolBuild() and *PoolDelete().
This commit adds new events for two methods and operations: *PoolBuild() and
*PoolDelete(). Using the event-test and the commands set below we have the
following outputs:

$ sudo ./event-test
Registering event callbacks
myStoragePoolEventCallback EVENT: Storage pool test Defined 0
myStoragePoolEventCallback EVENT: Storage pool test Created 0
myStoragePoolEventCallback EVENT: Storage pool test Started 0
myStoragePoolEventCallback EVENT: Storage pool test Stopped 0
myStoragePoolEventCallback EVENT: Storage pool test Deleted 0
myStoragePoolEventCallback EVENT: Storage pool test Undefined 0

Another terminal:
$ sudo virsh pool-define test.xml
Pool test defined from test.xml

$ sudo virsh pool-build test
Pool test built

$ sudo virsh pool-start test
Pool test started

$ sudo virsh pool-destroy test
Pool test destroyed

$ sudo virsh pool-delete test
Pool test deleted

$ sudo virsh pool-undefine test
Pool test has been undefined

This commits can be a solution for RHBZ #1475227.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1475227

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-20 11:52:56 +02:00
Guido Günther
f305d8a191 apparmor: add attach_disconnected
Otherwise we fail to reconnect to /dev/net/tun opened by libvirtd
like

    [ 8144.507756] audit: type=1400 audit(1505488162.386:38069121): apparmor="DENIED" operation="file_perm" info="Failed name lookup - disconnected path" error=-13 profile="libvirt-5dfcc8a7-b79a-4fa9-a41f-f6271651934c" name="dev/net/tun" pid=9607 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=117 ouid=0

Reviewed-By: Jamie Strandboge <jamie@canonical.com>
Acked-By: Michal Privoznik <mprivozn@redhat.com>
2017-09-18 19:06:52 +02:00
intrigeri
e7f5d627f9 apparmor, libvirt-qemu: Allow QEMU to gather information about available host resources. 2017-08-11 16:57:59 -03:00
Serge Hallyn
ba326c8699 apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
When setting up VncTLS according to the official Libvirt documentation,
only one certificate for libvirt/libvirt-vnc is used. The document
indicates to use the following directories :

 /etc/pki/CA
 /etc/pki/libvirt
 /etc/pki/libvirt/private

in order to manage the certificates used by libvirt-vnc.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/901272

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Serge Hallyn
78769b8bd9 apparmor, libvirt-qemu: Allow access to ceph config
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Stefan Bader
5b4d46a95e apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
On Debian/Ubuntu the libxl-save-helper (used when saving/restoring
a domain through libxl) is located under /usr/lib/xen-<version>/bin.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1334195

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Serge Hallyn
233e08c057 apparmor, libvirt-qemu: Add ppc64el related changes
Updates profile to allow running on ppc64el.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
William Grant
f3b0f324eb apparmor, virt-aa-helper: Allow aarch64 UEFI.
Allow access to aarch64 UEFI images.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Guido Günther <agx@sigxcpu.org>
2017-06-16 10:38:52 +02:00
Simon McVittie
8d4aad6412 virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
The split firmware and variables files introduced by
https://bugs.debian.org/764918 are in a different directory for
some reason. Let the virtual machine read both.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Martin Kletzander
a8eba5036c qemu: Report shutdown event details
QEMU will likely report the details of it shutting down, particularly
whether the shutdown was initiated by the guest or host.  We should
forward that information along, at least for shutdown events.  Reset
has that as well, however that is not a lifecycle event and would add
extra constants that might not be used.  It can be added later on.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1384007

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-05-26 15:01:15 +02:00
Felix Geyer
dd875fb326 apparmor, virt-aa-helper: Explicit denies for host devices
Add explicit denies for disk devices to avoid cluttering dmesg with
(acceptable) denials.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Guido Günther <agx@sigxcpu.org>
2017-05-19 09:48:23 +02:00
Felix Geyer
95740052ea apparmor, virt-aa-helper: Allow access to libnl-3 config files
Allow access to libnl-3 config files

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Guido Günther <agx@sigxcpu.org>
2017-05-19 09:48:23 +02:00
Michal Privoznik
1a4a4ffa3e lib: Fix c99 style comments
We prefer c89 style of comments.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-04-27 14:13:19 +02:00
Peter Krempa
085e794a86 lib: Introduce event for tracking disk backing file write threshold
When using thin provisioning, management tools need to resize the disk
in certain cases. To avoid having them to poll disk usage introduce an
event which will be fired when a given offset of the storage is written
by the hypervisor. Together with the API which will be added later, it
will allow registering thresholds for given storage backing volumes and
this event will then notify management if the threshold is exceeded.
2017-03-27 09:29:57 +02:00
Guido Günther
123cc3e11c apparmor: allow /usr/lib/qemu/qemu-bridge-helper
This is where e.g. Debian puts it.
2017-03-17 09:59:42 +01:00
Daniel P. Berrange
42241208d9 secret: add support for value change events
Emit an event whenever a secret value changes

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-01-09 16:42:04 +00:00
Daniel P. Berrange
dabaa05d27 examples: add secret events to event demo program
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-01-09 15:53:49 +00:00
Daniel P. Berrange
c50070173d Add domain event for metadata changes
When changing the metadata via virDomainSetMetadata, we now
emit an event to notify the app of changes. This is useful
when co-ordinating different applications read/write of
custom metadata.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-01-09 15:53:00 +00:00
Guido Günther
1a9148fbdf apparmor: pass attach_disconnected
to cure

 + virsh lxc-enter-namespace --noseclabel sl /bin/ls /bin/ls
 libvirt:  error : Expected at least one file descriptor
 error: internal error: Child process (2714) unexpected exit status 125

caused by

 apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2016-12-21 06:26:31 +01:00
Michal Privoznik
3b67fc9f9f examples: Resolve sign-compare warnings
For instance:

hellolibvirt/hellolibvirt.c: In function 'showDomains':
hellolibvirt/hellolibvirt.c💯19: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
     for (i = 0; i < numNames; i++) {
                   ^

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-20 13:11:25 +01:00
Erik Skultety
0c169930c0 admin: Add an example demonstrating how to use the logging APIs
Provide a simple C example demonstrating the use of both query APIs as
well as setter APIs.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-12-15 10:36:23 +01:00
intrigeri
a73e7037e5 AppArmor: allow QEMU to set_process_name.
https://bugzilla.redhat.com/show_bug.cgi?id=1369281

Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.co>
2016-12-12 14:08:45 +00:00
intrigeri
de79efdeb8 AppArmor policy: support merged-/usr.
Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.co>
2016-12-12 14:08:35 +00:00
Luyao Huang
aafa297044 examples: Distribute all systemtap scripts.
Due to a missing entries in Makefile, we were not distributing
all the systemtap scripts we have.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-10-10 15:02:38 +08:00
Cédric Bosdonnat
f03013c212 apparmor: move qemu-bridge-helper to libvirtd profile
qemu-bridge-helper is only called from libvirtd, it has to be moved
from the qemu domain abstraction to the usr.sbin.libvirtd profile.
2016-09-26 13:23:01 +02:00
Jovanka Gulicoska
43a6b37b24 Introduce node device update event as top level event
This event is emitted when a nodedev XML definition is updated,
like when cdrom media is changed in a cdrom block device.

Also includes node device update event implementation for udev
backend, virsh nodedev-event support, and event-test support
2016-08-15 08:30:56 -04:00
Jovanka Gulicoska
f803f5ff34 event-test: support node device lifecycle event APIs 2016-08-02 09:52:00 -04:00
Ján Tomko
aa7bb4f36d examples: check asprintf return value in client_info.c
On error, asprintf returns -1 and the contents of the string
pointer is undefined. In the rest of the libvirt code,
the virAsprintf wrapper takes care of that.

Check the return value and report a generic error, since we
purposefully avoid linking to virutil.
2016-07-01 15:39:01 +02:00