Commit Graph

405 Commits

Author SHA1 Message Date
Michal Privoznik
4da534c0b9 qemu: Enforce qemuSecurity wrappers
Now that we have some qemuSecurity wrappers over
virSecurityManager APIs, lets make sure everybody sticks with
them. We have them for a reason and calling virSecurityManager
API directly instead of wrapper may lead into accidentally
labelling a file on the host instead of namespace.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-03-06 08:54:28 +01:00
Peter Krempa
b4c7310633 Disallow inclusion of files from src/conf into src/utils
The utils code should stay separated from other code (except for very
well justified cases). Unfortunately commit 272769becc
made it trivial to break the separation (and not get slapped by the
syntax-check rule) by adding -I src/conf to the CFLAGS for utils.

Remove this shortcut and except the two offenders from the syntax check
so that the codebase can be kept separated.
2017-02-20 15:12:07 +01:00
Michal Privoznik
1ef3ac82a3 nssmock: Prefer free() over VIR_FREE()
Problem with VIR_FREE() is that we are not linking
libvirt-utils.so to our mock libs therefore there will be an
unresolved symbol. Fortunately, nsstest that eventually links
with the nssmock links also with libvirt-utils.so and thus the
symbol is resolved after all. However, if one wants to run the
test binary under valgrind it is impossible to do so. Because of
the unresolved symbol.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-06 13:33:18 +01:00
Daniel P. Berrange
b17a97f223 docs: rewrite content on front page to be more useful
The front page contains a bunch of content that is either
outdated (eg links to libvirt qpid) or not particularly
useful (links to vendor hypervisor sites).

This rewrites it to be more directly useful to visitors,
providing a updated intro to libvirt project, direct
links to key pieces of website content (new contributors
guide, security process, bug reporting, XML formats), and
feed showing recent 5 blog posts on the virt tools planet.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-11-11 12:15:05 +00:00
Daniel P. Berrange
fb2236f9f7 Revert "syntax-check: Enforce <code> inside <dt> elements"
This reverts commit 1f29f3da06.

Assuming <dt> is always used to document symbols is way too
broad, requiring far too many exemptions to be marked to
avoid syntax check rules.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-11-11 12:15:05 +00:00
Daniel P. Berrange
628e343e79 docs: use overpass font for website
The original libvirt logo was built using what appears to be
either Overpass font, or one stylistically very similar (the
slanted top of letters like 'l', 't', etc). The newly recreated
libvirt logo will use Overpass. Use this font for the website
text too, to provide a consistent style.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-11-11 09:31:10 +00:00
Daniel P. Berrange
ac9bf93941 docs: remove obsolete library.xen file
The library.xen file contains a braindump of thoughts dating
from the very first days of libvirt, when it was briefly
called libxen. This is not useful and potentially misleading
or confusing for people.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-11-01 11:49:56 +00:00
Michal Privoznik
b7d2d4af2b src: Treat PID as signed
This initially started as a fix of some debug printing in
virCgroupDetect. However it turned out that other places suffer
from the similar problem. While dealing with pids, esp. in cases
where we cannot use pid_t for ABI stability reasons, we often
chose an unsigned integer type. This makes no sense as pid_t is
signed.
Also, new syntax-check rule is introduced so we won't repeat this
mistake.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-10-13 17:58:56 +08:00
Martin Kletzander
1827f2ac5d Change virDomainEventState to virObjectLockable
This way we get reference counting and we can get rid of locking
function.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-10-12 12:54:47 +02:00
Ján Tomko
f9785569de cfg.mk: join not_streq and not_strneq tests
The marginally nicer error message is not worth the extra lines in
cfg.mk.

Also drop the excludes since there was only one offender in the tests.
2016-08-18 13:37:08 +02:00
Ján Tomko
b3e3fc3257 cfg.mk: drop redundant sc_prohibit_gethostby
Both gethostbyaddr and gethostbyname* are already checked
by sc_prohibit_nonreentrant.
2016-08-18 13:37:08 +02:00
Ján Tomko
1fe77f9f7f cfg.mk: use subst instead of tr
GNU make is able to replace characters, no need to call tr.
2016-08-18 13:37:08 +02:00
Erik Skultety
fbb8205de3 examples: admin: Add some examples for the new admin APIs
Some of the examples make use of asprintf and strtol functions (to keep
things simple) which are prohibited to use within our code (enforced by
syntax-check). Therefore besides adding some examples, this patch also updates
cfg.mk to exclude examples directory from asprintf and strtol rules, as well as
updates .gitignore to exclude all the new admin binaries created in the
'examples' dir.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-06-26 00:21:06 +02:00
Ján Tomko
32d0a57812 Prohibit opendir in syntax-check
Prefer virDirOpen.
2016-06-24 14:20:57 +02:00
Ján Tomko
a4e6f1eb9c Introduce VIR_DIR_CLOSE
Introduce a helper that only calls closedir if DIR* is non-NULL
and sets it to NULL afterwards.
2016-06-23 21:58:33 +02:00
Ján Tomko
a9179d78bf syntax-check: rewrite prohibit-duplicate-header in perl
Invoke the script only once instead of once for every file.
2016-06-23 12:48:40 +02:00
Ján Tomko
c9c03ea24d test-wrap-argv: add --check parameter
This script can already operate on a list of files.
Add a --check parameter to check if multiple files are wrapped
correctly with a single invocation of the script.
2016-06-21 18:13:07 +02:00
Ján Tomko
3a9d1f3701 syntax-check: drop prohibit_undesirable_word_seq
This checks forbids using "can not" and checks the placement
of some texinfo tags.

Drop it since we do not use texinfo and the check takes almost
twice as much as the rest of the checks.
2016-06-16 07:57:53 +02:00
Ján Tomko
4e1a7dbb31 Rename bracket-spacing.pl to check-spacing.pl
We test whitespace with lots of other characters now.
2016-06-15 15:07:47 +02:00
Ján Tomko
e26098a1f4 cfg.mk: use a single regex for all non-reentrant functions
The prohibit_nonreentrant syntax-check rule spawns a new shell
for every non-reentrant function we know, to make it easier
to mention the function name in the error message, with the _r
appended.

Since the line with the offending function is already printed
and some of the functions on our list do not have a _r counterpart,
compile them into one big regex and use a more generic error message
to save time.
2016-06-15 15:00:56 +02:00
Daniel P. Berrange
eaf18f4c2b nodeinfo: move host CPU APIs out into virhostcpu.c file
Move all APIs with a virHostCPU name prefix out into new
util/virhostcpu.h & util/virhostcpu.c files

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-09 18:31:11 +01:00
Pavel Hrdina
a94efa50e2 maint: fix syntax-check sc_prohibit_int_ijk exclude rule
Fix the regex for excluding files for this syntax-rule.  The rule "include/"
will not work, because we are matching the whole line like this
"^(...|include/|...)$ so we need to use "include/libvirt/libvirt.+".  The second
issue is that we are using only one '$' but there should be two of those at the
end.  The last small adjustment is to escape dots '.' so it match only dot.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-24 13:36:11 +02:00
Michal Privoznik
49c1a078c2 virtestmock: Mock stat() properly
There is a lot to explain, but I try to make it as short as
possible. I'd start by pasting some parts of sys/stat.h:

extern int stat (const char *__restrict __file,
		 struct stat *__restrict __buf) __THROW __nonnull ((1, 2));

extern int __REDIRECT_NTH (stat, (const char *__restrict __file,
				  struct stat *__restrict __buf), stat64)
     __nonnull ((1, 2));

__extern_inline int
__NTH (stat (const char *__path, struct stat *__statbuf))
{
  return __xstat (_STAT_VER, __path, __statbuf);
}

Only one of these is effective at once, due to some usage of
the mess we are dealing with in here. So, basically, while
compiling or linking stat() in our code can be transformed into
some other func. Or a dragon.
Now, if you read stat(2) manpage, esp. "C library/kernel
differences" section, you'll learn that glibc uses some tricks
for older applications to work. I haven't gotten around actual
code that does this, but based on my observations, if 'stat'
symbol is found, glibc assumes it's dealing with ancient
application. Unfortunately, it can be just ours stat coming from
our mock. Therefore, calling stat() from a test will end up in
our mock. But since glibc is not exposing the symbol anymore, our
call of real_stat() will SIGSEGV immediately as the pointer to
function is NULL. Therefore, we should expose only those symbols
we know glibc has.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-20 17:16:21 +02:00
Michal Privoznik
47d2dc831a tests: Introduce global mock library
The intent is that this library is going to be called every time
to check if we are not touching anything outside srcdir or
builddir.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:30:25 +02:00
Andrea Bolognani
1f29f3da06 syntax-check: Enforce <code> inside <dt> elements
Commit 61b070cf20 cleaned up a number of cases where the <dt>
element was used to document symbols, but the symbol itself was
not inside a <code> element.

To make sure we don't end up having to clean up again a few
months from now, introduce a syntax-check rule that can spot
such mistakes.

All existing exceptions are marked as such, with either file
or line granularity depending on the case.
2016-04-25 12:09:34 +02:00
Cole Robinson
4839822faf tests: rename test_conf -> virconftest
And confdata to virconfdata, since 'conf' can mean a few different
things in libvirt
2016-04-21 18:14:07 -04:00
Cole Robinson
3cc2a9e0d4 virconf: Handle conf file without ending newline
$ echo -n 'log_level=1' > ~/.config/libvirt/libvirtd.conf
$ libvirtd --timeout=10
2014-10-10 10:30:56.394+0000: 6626: info : libvirt version: 1.1.3.6, package: 1.fc20 (Fedora Project, 2014-09-08-17:50:42, buildvm-05.phx2.fedoraproject.org)
2014-10-10 10:30:56.394+0000: 6626: error : main:1261 : Can't load config file: configuration file syntax error: /home/rjones/.config/libvirt/libvirtd.conf:1: expecting a value: /home/rjones/.config/libvirt/libvirtd.conf

Rather than try to fix this in the depths of the parser, just catch
the case when a config file doesn't end in a newline, and manually
append a newline to the content before parsing

https://bugzilla.redhat.com/show_bug.cgi?id=1151409
2016-04-21 18:14:07 -04:00
Erik Skultety
84d21591a8 admin: Enable usage of typed parameters
Make all relevant changes to admin protocol, in order to achieve $(subj)

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-04-18 17:06:19 +02:00
Andrea Bolognani
294d22c8d6 cfg.mk: Get rid of quotation tricks
To prevent the error messages in cfg.mk from triggering the very
same rules they're supposed to explain, we split the message in
the middle of a symbol name, ending up with stuff like

  'I am a me'ssage

Instead of relying on these quotation tricks, simply exclude
cfg.mk from the relevant checks.
2016-04-15 16:05:41 +02:00
Cole Robinson
e7db227810 util: Add virGettextInitialize, convert the code
Take setlocale/gettext error handling pattern from tools/virsh-*
and use it for all standalone binaries via a new shared
virGettextInitialize routine. The virsh* pattern differed slightly
from other callers. All users now consistently:

* Ignore setlocale errors. virsh has done this forever, presumably for
  good reason. This has been partially responsible for some bug reports:

  https://bugzilla.redhat.com/show_bug.cgi?id=1312688
  https://bugzilla.redhat.com/show_bug.cgi?id=1026514
  https://bugzilla.redhat.com/show_bug.cgi?id=1016158

* Report the failed function name
* Report strerror
2016-04-14 13:22:40 -04:00
Andrea Bolognani
2af7abfc74 cfg.mk: Use single quotes wherever possible
Being consistent is nice, especially when it comes to defining our
regular expression, where using single quotes instead of double
quotes allows us to leave out a few backslashes.

Changing this required altering a few error messages.

The only remaining use of double quotes is one where they are
actually required for the check to work.
2016-04-12 10:30:10 +02:00
Andrea Bolognani
e595089484 cfg.mk: Remove spurious whitespace 2016-04-12 10:30:10 +02:00
Michal Privoznik
6008b065fa docs: Document NSS module
While we have a wiki page describing the feature [1] since the
feature is distributed in our .tar.gz we ought to document it. So
I went ahead, copied the wiki page and reformatted so it fits our
docs coding style.

1: http://wiki.libvirt.org/page/NSS_module

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-29 13:45:33 +02:00
Michal Privoznik
950a90d489 qemuxml2argvtest: Adapt to ethernet automatic tap creation
After 9c17d665fd the tap device for ethernet network type is
automatically precreated before spawning qemu. Problem is, the
qemuxml2argvtest wasn't updated and thus is failing. Because of
all the APIs that new code is calling, I had to mock a lot. Also,
since the tap FDs are labeled separately from the rest of the
devices/files I had to enable NOP security driver for the test
too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-24 07:38:46 +01:00
Michal Privoznik
38e32d4ac1 nss: Introduce a test
A small test to see how is the nss module working.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-18 17:29:53 +01:00
Andrea Bolognani
b4ddb8835c tests: Allow use of close() in mock libraries
As mock libraries are not to be linked against libvirt, the
sc_prohibit_close syntax-check rule does not apply.

This fixes a syntax-check failure introduced by commit a03cbfe0fb.
2016-02-11 18:24:31 +01:00
Ján Tomko
28e5655de3 Prohibit verbose strcat
Using strcat directly is more readable than passing strlen
of the copied string to strncat.
2016-02-11 08:05:16 +01:00
Erik Skultety
1fe6d8bfa8 cfg.mk: Adjust sc_prohibit_int_ijk to support 'exempt from syntax-check'
There might be cases, like with typed params, where triggering this check isn't
desirable. But including the whole module in the exception regex is not always
to right way of doing things. By adding an option to manually disable this check
on a specific occurrence, the module itself will still be checked against the
rule.
2016-02-03 10:58:01 +01:00
Cole Robinson
03569fda63 cfg.mk: Drop period after filename for indent failures
The period makes it more difficult to copy/paste the errant filename
for manual fixup
2016-01-09 16:33:10 -05:00
Erik Skultety
a20b623748 libvirt: introduce libvirt/libvirt-common.h.in
As it turned out, we need to share some enums and declarations between
libvirt.h and libvirt-admin.h, but since our policy forbids direct includes of
libvirt*.h, there has to be some header exempt from this rule. This patch moves
the relevant part of code from libvirt.h.in to libvirt-common.h.in. Moreover,
since there is no need to have libvirt.h generated anymore, introduce a new
header libvirt.h which was previosly ignored from git and make the common
header ignored and generated instead.
2015-11-30 09:36:19 +01:00
Daniel P. Berrange
0d968ad715 qemu: add support for sending QEMU stdout/stderr to virtlogd
Currently the QEMU stdout/stderr streams are written directly to
a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those
can be rotated by logrotate (using copytruncate option) this is
not very efficient. It also leaves open a window of opportunity
for a compromised/broken QEMU to DOS the host filesystem by
writing lots of text to stdout/stderr.

This makes it possible to connect the stdout/stderr file handles
to a pipe that is provided by virtlogd. The virtlogd daemon will
read from this pipe and write data to the log file, performing
file rotation whenever a pre-determined size limit is reached.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-26 14:30:16 +00:00
Daniel P. Berrange
323a329b26 Import stripped down virtlockd code as basis of virtlogd
Copy the virtlockd codebase across to form the initial virlogd
code. Simple search & replace of s/lock/log/ and gut the remote
protocol & dispatcher. This gives us a daemon that starts up
and listens for connections, but does nothing with them.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-26 14:28:55 +00:00
Andrea Bolognani
c9014a0df6 syntax-check: Add prohibit_space_in_label rule
This guards against code such as

 cleanup :

which is happily accepted by the compiler but does not conform
to our style guidelines.
2015-11-16 17:49:36 +01:00
Daniel P. Berrange
8afd34f2d8 tests: redo test argv file line wrapping
Back in

  commit bd6c46fa0c
  Author: Juerg Haefliger <juerg.haefliger@hp.com>
  Date:   Mon Jan 31 06:42:57 2011 -0500

    tests: handle backspace-newline pairs in test input files

all the test argv files were line wrapped so that the args
were less than 80 characters.

The way the line wrapping was done turns out to be quite
undesirable, because it often leaves multiple parameters
on the same line. If we later need to add or remove
individual parameters, then it leaves us having to redo
line wrapping.

This commit changes the line wrapping so that every
single "-param value" is one its own new line. If the
"value" is still too long, then we break on ',' or ':'
or ' ' as needed.

This means that when we come to add / remove parameters
from the test files line, the patch diffs will only
ever show a single line added/removed which will greatly
simplify review work.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-09 15:50:39 +00:00
Ishmanpreet Kaur Khera
32cee5b2f0 Avoid using !STREQ and !STRNEQ
We have macros for both positive and negative string matching.
Therefore there is no need to use !STREQ or !STRNEQ. At the same
time as we are dropping this, new syntax-check rule is
introduced to make sure we won't introduce it again.

Signed-off-by: Ishmanpreet Kaur Khera <khera.ishman@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-10-21 15:03:35 +02:00
Andrea Bolognani
ba4689e081 NEWS: Split releases by year
Update cfg.mk to ignore the split files during
syntax-check (thanks Martin).
2015-10-20 17:29:03 +02:00
Erik Skultety
834c5720e4 tools: Introduce new client generic module vsh
In order to share as much virsh' logic as possible with upcomming
virt-admin client we need to split virsh logic into virsh specific and
client generic features.

Since majority of virsh methods should be generic enough to be used by
other clients, it's much easier to rename virsh specific data to virshX
than doing this vice versa. It moved generic virsh commands (including info
and opts structures) to generic module vsh.c.

Besides renaming methods and structures, this patch also involves introduction
of a client specific control structure being referenced as private data in the
original control structure, introduction of a new global vsh Initializer,
which currently doesn't do much, but there is a potential for added
functionality in the future.
Lastly it introduced client hooks which are especially necessary during
client connecting phase.
2015-08-14 15:45:44 +02:00
Martin Kletzander
d5f4241bbc Add support for admin API in libvirt daemon
For this to pe properly separated from other protocols used by the
server, there is second server added which allows access to the whole
virNetDaemon to its clients.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:21 +02:00
Martin Kletzander
55e0c840af Add libvirt-admin library
Initial scratch of the admin library.  It has its own virAdmConnectPtr
that inherits from virAbstractConnectPtr and thus trivially supports
error reporting.

There's pkg-config file added and spec-file adjusted as well.

Since the library should be "minimalistic" and not depend on any other
library, the list of files is especially crafted for it.  Most of them
could've been put to it's own sub-libraries that would be LIBADD'd to
libvirt_util, libvirt_net_rpc and libvirt_setuid_rpc_client to minimize
the number of object files being built, but that's a refactoring that
isn't the orginal aim of this commit.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:20 +02:00
Martin Kletzander
fb5a0d3388 Build client headers for admin protocol
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:20 +02:00