Commit Graph

5344 Commits

Author SHA1 Message Date
Daniel P. Berrangé
2dfacbffea util: remove code spawning with systemd activation env vars
The only use of this code was removed by:

  commit be78814ae0
  Author: Michal Privoznik <mprivozn@redhat.com>
  Date:   Thu Apr 2 14:41:17 2015 +0200

    virNetSocketNewConnectUNIX: Use flocks when spawning a daemon

less than a year after it was first introduced in

  commit 1b807f92db
  Author: Martin Kletzander <mkletzan@redhat.com>
  Date:   Wed Jul 16 08:00:19 2014 +0200

    rpc: pass listen FD to the daemon being started

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
1519c55dc8 rpc: avoid unlinking sockets passed in from systemd
Currently the socket code will unlink any UNIX socket path which is
associated with a server socket. This is not fine grained enough, as we
need to avoid unlinking server sockets we were passed by systemd.

To deal with this we must explicitly track whether each socket needs to
be unlinked when closed, separately of the client vs server state.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
5b8569dd6e util: add APIs for facilitating use of systemd activation FDs
When receiving multiple FDs from systemd during service activation it is
neccessary to identify which purpose each FD is used for. While this
could be inferred by looking for the specific IP ports or UNIX socket
paths, this requires the systemd config to always match what is expected
by the code. Using systemd FD names we can remove this restriction and
simply identify FDs based on an arbitrary name.

The FD names are passed by systemd in the LISTEN_FDNAMES env variable
which is populated with the socket unit file names, unless overriden
by using the FileDescriptorName setting.

This is supported since the system 227 release and unfortunately RHEL7
lacks this version. Thus the code has some back compat support whereby
we look at the TCP ports or the UNIX socket paths to identify what
socket maps to which name. This back compat code is written such that
is it easly deleted when we are able to mandate newer systemd.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Ján Tomko
5d74619329 Revert "conf: Remove volOptions for VIR_STORAGE_POOL_RBD"
This reverts commit 035db37394

Even though we only allow using RBD with raw volumes,
removing the options and the default format causes our
parser not to fill out the volume format and the backend code
rejects creating a non-raw volume.

Re-introduce the volume options to fix volume creation while
erroring out on requests to use non-raw formats.

https://bugzilla.redhat.com/show_bug.cgi?id=1724065

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 17:09:43 +02:00
Daniel P. Berrangé
1939bcd539 rpc: always pass "-T -e none" args to ssh
Way back in the past, the "no_tty=1" option was added for the remote
driver to disable local password prompting by disabling use of the local
tty:

  commit b32f429849
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Fri Sep 21 20:17:09 2007 +0000

    Added a no_tty param to remote URIs to stop SSH prompting for password

This was done by adding "-T -o BatchMode=yes -e none" args to ssh. This
achieved the desired results but is none the less semantically flawed
because it is mixing up config parameters for the local tty vs the
remote tty.

The "-T" arg stops allocation of a TTY on the remote host. This is good
for all libvirt SSH tunnels as we never require a TTY for our usage
model, so we should have just passed this unconditionally.

The "-e none" option disables the escape character for sessions with a
TTY. If we pass "-T" this is not required, but it also not harmful to
add it, so we should just pass it unconditionally too.

Only the "-o BatchMode=yes" option is related to disabling local
password prompts and thus needs control via the no_tty URI param.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 15:26:54 +01:00
Ján Tomko
173a191cfe qemu: stop formatting json='1' in status XML
For quite some time now it is impossible to connect to a domain
using a HMP monitor, so there is no point in formatting it in the status
XML.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-11 16:19:12 +02:00
Eric Blake
95f8e3237e snapshot: Add VIR_DOMAIN_SNAPSHOT_CREATE_VALIDATE flag
We've been doing a terrible job of performing XML validation in our
various API that parse XML with a corresponding schema (we started
with domains back in commit dd69a14f, v1.2.12, but didn't catch all
domain-related APIs, didn't document the use of the flag, and didn't
cover other XML). New APIs (like checkpoints) should do the validation
unconditionally, but it doesn't hurt to continue retrofitting existing
APIs to at least allow the option.

While there are many APIs that could be improved, this patch focuses
on wiring up a new snapshot XML creation flag through all the
hypervisors that support snapshots, as well as exposing it in 'virsh
snapshot-create'.  For 'virsh snapshot-create-as', we blindly set the
flag without a command-line option, since the XML we create from the
command line should generally always comply (note that validation
might cause failures where it used to succeed, such as if we tighten
the RNG to reject a name of '../\n'); but blindly passing the flag
means we also have to add in fallback code to disable validation if
the server is too old to understand the flag.

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-10 17:34:58 -05:00
Andrea Bolognani
13f5b223c9 tests: Add getuid() to virnetdevbandwidthmock
When only geteuid() is mocked, the test crashes on Debian 10.

  Fatal: failed to reset uid: No such file or directory

  Program received signal SIGABRT, Aborted.
  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
  50      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
  (gdb) t a a bt

  Thread 1 (Thread 0x7ffff3b3e080 (LWP 12003)):
  #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
  #1  0x00007ffff7798535 in __GI_abort () at abort.c:79
  #2  0x00007ffff485ca20 in _gcry_logv (level=level@entry=40, fmt=fmt@entry=0x7ffff4929126 "failed to reset uid: %s\n", arg_ptr=arg_ptr@entry=0x7fffffffe4a0) at ../../src/misc.c:142
  #3  0x00007ffff485cd61 in _gcry_log_fatal (fmt=fmt@entry=0x7ffff4929126 "failed to reset uid: %s\n") at ../../src/misc.c:218
  #4  0x00007ffff48639d1 in lock_pool_pages (n=<optimized out>, p=<optimized out>) at ../../src/secmem.c:340
  #5  _gcry_secmem_init_internal (n=<optimized out>) at ../../src/secmem.c:563
  #6  0x00007ffff4863d78 in _gcry_secmem_init (n=4096) at ../../src/secmem.c:581
  #7  0x00007ffff485e4e6 in _gcry_vcontrol (cmd=<optimized out>, arg_ptr=arg_ptr@entry=0x7fffffffe5e0) at ../../src/global.c:506
  #8  0x00007ffff485a789 in gcry_control (cmd=cmd@entry=GCRYCTL_INIT_SECMEM) at ../../src/visibility.c:79
  #9  0x00007ffff71af10f in ssh_crypto_init () at ./src/libgcrypt.c:621
  #10 0x00007ffff7193796 in _ssh_init (constructor=constructor@entry=1) at ./src/init.c:79
  #11 0x00007ffff71834de in libssh_constructor () at ./src/init.c:116
  #12 0x00007ffff7fe437a in call_init (l=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7fffffffe778, env=env@entry=0x7fffffffe788) at dl-init.c:72
  #13 0x00007ffff7fe4476 in call_init (env=0x7fffffffe788, argv=0x7fffffffe778, argc=1, l=<optimized out>) at dl-init.c:30
  #14 _dl_init (main_map=0x7ffff7ffe190, argc=1, argv=0x7fffffffe778, env=0x7fffffffe788) at dl-init.c:119
  #15 0x00007ffff7fd60ca in _dl_start_user () from /lib64/ld-linux-x86-64.so.2
  #16 0x0000000000000001 in ?? ()
  #17 0x00007fffffffea26 in ?? ()
  #18 0x0000000000000000 in ?? ()

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-09 15:01:54 +02:00
Peter Krempa
d0924f8c80 tests: Drop sexpr2xmltest
Now that we no longer support sexpr conversion to the internal config we
can drop the test.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-09 10:27:19 +02:00
Peter Krempa
b8551d449c tests: Remove xml2sexprtest
The test was the only place calling 'xenFormatSxpr'. Drop it as there
are no other users of that code since we've dropped xend support in
commit 1dac5fbbbb.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-09 10:27:19 +02:00
Eric Blake
4d91ad1c59 snapshot: Rename qemu domain snapshot test files
Make it obvious that the domainsnapshotxml2xml test is only run when
compiling in support for qemu.

Suggested-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-08 16:10:22 -05:00
Daniel P. Berrangé
b5ee13e329 tests: fix mocking of virFileGetXAttrQuiet on FreeBSD
The qemusecuritytest is failing on FreeBSD 11/12, reporting that files
are not correctly restored. Debugging code printfs show that the
virFileGetXAttrQuiet mock is returning 0, but the virFileGetXAttr
function is seeing -1 as the return value.

Essentially there appears to be some kind of optimization between the
real virFileGetXAttrQuiet and the real virFileGetXAttr, which breaks
when we mock virFileGetXAttrQuiet. Rather than trying to figure out
how to avoid this, it is simpler to just mock virFileGetXAttr too
since it is very short code.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-05 18:19:19 +01:00
Andrea Bolognani
8033b4dec4 tests: Use the new DO_TEST_CAPS_*() macros
There are probably more situations where they could be taken
advantage of, but these are very obvious scenarios because we
either manage to get rid of a bunch of explicit capabilities,
or we make a bunch of related test cases all use the macros
by switching the only odd one out.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-03 10:18:41 +02:00
Andrea Bolognani
5a050f0191 tests: Add more DO_TEST_CAPS_*() macros
Right now we have macros such as DO_TEST_CAPS_LATEST_PARSE_ERROR()
and DO_TEST_CAPS_ARCH_VER(), but there is no concise way to say
"using this version of QEMU on this architecture will result in a
failure".

This commit adds

  DO_TEST_CAPS_ARCH_LATEST_FAILURE()
  DO_TEST_CAPS_ARCH_VER_FAILURE()
  DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR()
  DO_TEST_CAPS_ARCH_VER_PARSE_ERROR()

and reworks

  DO_TEST_CAPS_LATEST_FAILURE()
  DO_TEST_CAPS_LATEST_PARSE_ERROR()

to use the corresponding DO_CAPS_TEST_ARCH_*() macros instead of
using DO_TEST_CAPS_ARCH_LATEST_FULL() directly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-03 10:18:38 +02:00
Andrea Bolognani
daf17438a8 tests: Add DO_TEST_CAPS_ARCH_VER_FULL()
It mirrors the existing DO_TEST_CAPS_ARCH_LATEST_FULL(), and is
now used to implement DO_TEST_CAPS_ARCH_VER().

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-03 10:18:36 +02:00
Andrea Bolognani
a57d989430 tests: Reorder DO_TEST_CAPS_*() macros
Make sure the order is consistent between xml2argv and xml2xml,
and make room for more macros that are going to be introduced
shortly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-03 10:18:23 +02:00
Michal Privoznik
8b1660e530 security: Don't remember owner for shared resources
This effectively reverts d7420430ce and adds new code.

Here is the problem: Imagine a file X that is to be shared
between two domains as a disk. Let the first domain (vm1) have
seclabel remembering turned on and the other (vm2) has it turned
off. Assume that both domains will run under the same user, but
the original owner of X is different (i.e. trying to access X
without relabelling leads to EPERM).

Let's start vm1 first. This will cause X to be relabelled and to
gain new attributes:

  trusted.libvirt.security.ref_dac="1"
  trusted.libvirt.security.dac="$originalOwner"

When vm2 is started, X will again be relabelled, but since the
new label is the same as X already has (because of vm1) nothing
changes and vm1 and vm2 can access X just fine. Note that no
XATTR is changed (especially the refcounter keeps its value of 1)
because the vm2 domain has the feature turned off.

Now, vm1 is shut off and vm2 continues running. In seclabel
restore process we would get to X and since its refcounter is 1
we would restore the $originalOwner on it. But this is unsafe to
do because vm2 is still using X (remember the assumption that
$originalOwner and vm2's seclabel are distinct?).

The problem is that refcounter stored in XATTRs doesn't reflect
the actual times a resource is in use. Since I don't see any easy
way around it let's just not store original owner on shared
resources. Shared resource in world of domain disks is:

  - whole backing chain but the top layer,
  - read only disk (we don't require CDROM to be explicitly
    marked as shareable),
  - disk marked as shareable.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-07-03 08:36:04 +02:00
Michal Privoznik
760fa05436 qemusecuritymock: Allow some paths to be not restored
Some paths will not be restored. Because we can't possibly know
if they are still in use or not. Reflect this in the test so that
we can test more domains. Also see next commit for more detailed
explanation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-03 08:36:04 +02:00
Michal Privoznik
0d44d2876a virfile: Make virFileGetXAttr report errors
The way that security drivers use XATTR is kind of verbose. If
error reporting was left for caller then the caller would end up
even more verbose.

There are two places where we do not want to report error if
virFileGetXAttr fails. Therefore virFileGetXAttrQuiet is
introduced as an alternative that doesn't report errors.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-03 08:36:03 +02:00
Michal Privoznik
90540a37be qemusecuritytest: Fix capabilities loading
Having to enumerate all capabilities that we want domain to have
is too verbose and prevents us from adding more tests. Have the
domain always have the latest x86_64 capabilities. This means
that we have to drop two arm tests, but on the other hand, I'm
introducing 50 new cases. I've listed 50 biggest .args files and
added those:

  libvirt.git $ ls -Sr $(find tests/qemuxml2argvdata/ \
  -type f -iname "*.x86_64-latest.args") | tail -n 50

Except for two:
1) disk-backing-chains-noindex - this XML has some disks with
backing chain. And since set is done on the whole backing chain
and restore only on the top layer this would lead to instant test
failure. Don't worry, secdrivers will be fixed shortly too and
the test case will be added.

2) hostdev-mdev-display-spice-egl-headless - for this XML
secdriver tries to find IOMMU group that mdev lives in. Since we
are not mocking sysfs access this test case would fail.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-03 08:36:03 +02:00
Michal Privoznik
3c02d383f9 qemusecuritytest: Use AUTOFREE/AUTOUNREF
This simplifies the code a bit and removes the need for cleanup
label in one case. In the other case the label is kept because
it's going to be used later.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-03 08:36:03 +02:00
Michal Privoznik
1d34d2462e qemusecuritytest: Drop unused variable
The @securityManager variable in testDomain() is unused. Drop it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-03 08:36:03 +02:00
Michal Privoznik
8ffb5f2738 qemusecuritymock: Introduce and use freePaths()
Problem with current approach is that if
qemuSecuritySetAllLabel() fails, then the @chown_paths and
@xattr_paths hash tables are not freed and preserve values
already stored there into the next test case.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-03 08:36:03 +02:00
Michal Privoznik
80cf6ec6f2 qemusecuritymock: Actually set error on failure
I don't really know what happened when I was writing the original
code, but even if error was to be set the corresponding boolean
was set to false meaning no error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-03 08:36:03 +02:00
Michal Privoznik
854f0e85e4 qemusecuritymock: Fix bit arithmetic
One of the functions of this mock is that it spoofs chown() and
stat() calls. But it is doing so in a clever way: it stores the
new owner on chown() and reports it on subsequent stat(). This is
done by using a 32bit unsigned integer where one half is used to
store uid the other is for gid. Later, when stat() is called the
integer is fetched and split into halves again. Well, my bit
operation skills are poor and the code I've written does not do
that properly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-03 08:36:03 +02:00
Michal Privoznik
0a9dcfabf8 qemusecuritymock: Mock virProcessRunInFork
This test is beautiful. It checks if we haven't messed up
refcounting on security labels (well, XATTRs where the original
owner is stored). It does this by setting up tracking of XATTR
setting/removing into a hash table, then calling
qemuSecuritySetAllLabel() followed by immediate
qemuSecurityRestoreAllLabel() at which point, the hash table must
be empty. The test so beautifully written that no matter
what you do it won't fail. The reason is that all seclabel work
is done in a child process. Therefore, the hash table in the
parent is never changed and thus always empty.

There are two reasons for forking (only one of them makes sense
here though):

1) namespaces - when chown()-ing a file we have to fork() and
make the child enter desired namespace,
2) locking - because of exclusive access to XATTRs we lock the
files we chown() and this is done in a fork (see 207860927a for
more info).

While we want to fork in real world, we don't want that in a test
suite. Override virProcessRunInFork() then.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-03 08:36:03 +02:00
Peter Krempa
7d5b283065 qemu: Supply correct default type for 'dir' based VIR_STORAGE_TYPE_VOLUME
Our code would skip adding the default type in this cases, but since we
know that the only reasonable option here is 'fat' we can add it while
starting the VM.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-26 12:28:31 +02:00
Peter Krempa
99917ade0a qemu: domain: Allow 'VIR_STORAGE_TYPE_VOLUME' disks with 'fat' format
The storage volume may in fact convert into a directory when starting
the VM so that it may be actually possible to use it.

This is a regression caused by c9b27af32d as moving the check to
validation time without adjustment causes problems as the volumes are
not translated yet.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-26 12:28:31 +02:00
Andrea Bolognani
1e49d1ec79 tests: Enable *-headless and *-graphics in qemuxml2xml
We didn't do this earlier because the DO_TEST_CAPS_ARCH_LATEST()
macro was limited to qemuxml2argv until recently.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-26 10:37:54 +02:00
Andrea Bolognani
19c6ef2785 tests: Add riscv64-virt-graphics
Support for this has only relatively recently been added to
virt-manager.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-26 10:37:51 +02:00
Andrea Bolognani
c5fe779342 tests: Update *-headless and *-graphics
Use the latest virt-manager to regenerate the files.

The command line is once again along the lines of

  $ virt-install \
    --name guest --os-variant fedora29 \
    --vcpus 4 --memory 4096 --disk size=5 \
    --graphics (none|vnc) \
    --print-xml

with some minor tweaks performed afterwards.

This removes a number of inconsistencies between the files,
and makes it so the only differences are actually relevant
either to the architecture and machine type at hand, or to
having graphics rather than being headless.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-26 10:37:48 +02:00
Andrea Bolognani
e13e64f49a tests: Normalize quotes for *-graphics
Right now *-headless and *-graphics tests are using different
quoting styles, which results in the diff between them being
basically useless, whereas we would like it to be possible to
compare these files directly and easily spot the differences.

Convert all *-graphics tests to single quotes, which is the
style libvirt itself uses when formatting XML: this is a fact
that will come in handy later.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-26 10:36:58 +02:00
Ján Tomko
738dc3f4ad conf: storage: also sanitize source dir
Commit a7fb2258 added sanitization of storage pool target paths,
however source dir paths were left unsanitized.

A netfs pool with:
<source>
  <host name='10.20.30.40'/>
  <dir path='/nfs/'/>
</source>
will not be correctly detected as mounted by
virStorageBackendFileSystemIsMounted, because it shows up in the
mount list without the trailing slash.

Sanitize the source dir as well.

https://bugzilla.redhat.com/show_bug.cgi?id=1723247

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-25 17:11:56 +02:00
Peter Krempa
4fc8449691 conf: domain: Restore XPath context after virSecurityDeviceLabelDefParseXML
The function modifies the context but did not care to restore it back.
If a <seclabel> was used on a disk, the <privateData> would not be
parsed.

Use VIR_XPATH_NODE_AUTORESTORE and add a test case to validate that
everything works.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-25 16:42:28 +02:00
Peter Krempa
03f224cdd6 tests: qemuxml2argv: Test qemu namespace capability tweaking
Show that the capability tweaking stuff works by enabling blockdev in
the 'qemu-ns' test even in versions where it's not yet fully supported.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
47f42f74b2 tests: qemuxml2argv: Modernize and fork 'qemu-ns' test
Use the DO_TEST_CAPS_LATEST/VER infrastructure to run a more modern
version of this and also fork it to a pre-blockdev version so that we
can check the qemu namespace capability tweaking.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Peter Krempa
c6da5913d9 qemu: Add support for controling qemu capabilities via the qemu XML namespace
Similarly how we allow adding arbitrary command line arguments and
environment variables this patch introduces the ability to control
libvirt's perception of the qemu process by tweaking the capability bits
for testing purposes.

The idea is to allow developers and users either test a new feature by
enabling it early or disabling it to see whether it introduced
regressions.

This feature is not meant for production use though, so users should
handle it with care.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 15:24:06 +02:00
Daniel P. Berrangé
5a148ce846 remote: delete the avahi mDNS support
Libvirtd has long had integration with avahi for advertising libvirtd
using mDNS when TCP/TLS listening is enabled. For a long time the
virt-manager application had support for auto-detecting libvirtds
on the local network using mDNS, but this was removed last year

  commit fc8f8d5d7e3ba80a0771df19cf20e84a05ed2422
  Author: Cole Robinson <crobinso@redhat.com>
  Date:   Sat Oct 6 20:55:31 2018 -0400

    connect: Drop avahi support

    Libvirtd can advertise itself over avahi. The feature is disabled by
    default though and in practice I hear of no one actually using it
    and frankly I don't think it's all that useful

    The 'Open Connection' wizard has a disproportionate amount of code
    devoted to this feature, but I don't think it's useful or worth
    maintaining, so let's drop it

I've never heard of any other applications having support for using
mDNS to detect libvirtd instances. Though it is theoretically possible
something exists out there, it is clearly going to be a niche use case
in the virt ecosystem as a whole.

By removing avahi integration we can cut down the dependency chain for
the basic libvirtd install and reduce our code maint burden.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-21 12:59:42 +01:00
Peter Krempa
3203681e5e tests: domainsnapshotxml2xml: make 'disk-seclabel' test operational
Now that we added the seclabels to the schema we can test that they are
parsed and formatted correctly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2019-06-20 17:08:53 +02:00
Peter Krempa
ac88a8cfad docs: schemas: Add 'seclabel' for external disk snapshot
Allow using seclabels the same way as disk images allow it. Currently
the snapshot code copies the seclabels from the original image if no
seclabel is provided. Also there's no code change required as the
snapshot XML parser actually uses parts of the disk parser thus
seclabels are already parsed and formatted and even applied thus this is
just a formalization of our support for this.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2019-06-20 17:08:53 +02:00
Jiri Denemark
2674d00ed4 qemu: Drop MSR features from host-model with old QEMU
With QEMU versions which lack "unavailable-features" we use CPUID based
detection of features which were enabled or disabled once QEMU starts.
Thus using MSR features with host-model would result in all of them
being marked as disabled in the active domain definition even though
QEMU did not actually disable them.

Let's make sure we add MSR features to host-model only when
"unavailable-features" property is supported by QEMU.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 14:02:36 +02:00
Jiri Denemark
c8ec678fd9 cpu_map: Introduce IA32_ARCH_CAPABILITIES MSR features
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 14:02:36 +02:00
Ján Tomko
7bf679aec6 qemu: remove json argument from qemuMonitorOpen
Always assume JSON monitor was requested, since all the callers
pass true anyway.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Ján Tomko
466764346d qemu: domain: remove monJSON field
If we have a monitor, it is a JSON monitor.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Andrea Bolognani
54964f563d qemu: Format spapr-vio addresses as 32-bit
No reason not to be consistent with the user-visible value.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 12:50:05 +02:00
Andrea Bolognani
fb91763d41 conf: Format spapr-vio addresses as 32-bit
Using 8 hex digits all the time, regardless of whether the
actual value can fit in fewer, makes it more obvious to the
user what the limits are.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 12:50:03 +02:00
Andrea Bolognani
656d88f906 tests: Add pseries-spaprvio-invalid
This test case shows that we now reject invalid spapr-vio
addresses.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 12:50:01 +02:00
Peter Krempa
7b604379ba tests: Drop qemuargv2xmltest
Now that we no longer use that functionality we can also drop the tests.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-06-20 12:15:05 +02:00
Ján Tomko
2545f61e95 tests: qemuMonitorTest: drop the JSON field
Now that we no longer support testing HMP monitor,
the json field is pointless.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-06-20 12:12:34 +02:00
Ján Tomko
f5e275c6e2 tests: qemuMonitorTestProcessCommandDefaultValidate: simplify condition
We return success when running this function for either non-JSON monitor
testing or guest agent testing.

However we no longer test HMP monitor and we do not try to validate
the guest agent interaction.

Drop the test->json check and report a proper error if someone tries
to run this function for the guest agent without properly wiring it up.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-06-20 12:12:34 +02:00