Commit Graph

361 Commits

Author SHA1 Message Date
Guido Günther
7edcbd02aa apparmor: allow libvirt to send term signal to unconfined
Otherwise stopping domains with qemu://session fails like

[164012.338157] audit: type=1400 audit(1516202208.784:99): apparmor="DENIED" operation="signal" profile="/usr/sbin/libvirtd" pid=18835 comm="libvirtd" requested_mask="send" denied_mask="send" signal=term peer="unconfined"
2018-02-06 17:26:29 +01:00
intrigeri
904cdd09bc On startup libvirtd runs a number of QEMU processes unconfined such as:
/usr/bin/qemu-system-x86_64 -S -no-user-config -nodefaults -nographic -machine none,accel=kvm:tcg -qmp unix:/var/lib/libvirt/qemu/capabilities.monitor.sock,server,nowait -pidfile /var/lib/libvirt/qemu/capabilities.pidfile -daemonize

libvirtd needs to be allowed to kill these processes, otherwise they
remain running.
2018-01-17 16:28:27 +01:00
Jamie Strandboge
5924977870 apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
Required to generate correct profiles when using usb passthrough.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/565691

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: Jamie Strandboge <jamie@ubuntu.com>
Acked-by: Intrigeri <intrigeri@boum.org>
2018-01-09 10:08:57 +01:00
Jamie Strandboge
dfd960bca6 apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
This is required for the ebtables functionality added in
libvirt 0.8.0.

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2018-01-09 10:08:22 +01:00
Christian Ehrhardt
39cb94e575 apparmor, libvirt-qemu: qemu won't call qemu-nbd
While libvirtd might do so, qemu itself as a guest will not need
to call qemu-nbd so remove it from the profile.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2018-01-09 10:06:32 +01:00
Christian Ehrhardt
e24d01cb33 apparmor, libvirt-qemu: add default pki path of libvirt-spice
Adding the PKI path that is used as default suggestion in src/qemu/qemu.conf
If people use non-default paths they should use local overrides but the
suggested defaults we should open up.

This is the default path as referenced by src/qemu/qemu.conf in libvirt.

While doing so merge the several places we have to cover PKI access into
one.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1690140

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-01-09 10:06:04 +01:00
Jamie Strandboge
aa889e412d apparmor, libvirt-qemu: Allow qemu-block-extra libraries
Allows (multi-arch enabled) access to libraries under the
/usr/lib/@{multiarch}/qemu/*.so path in the Debian/Ubuntu
qemu-block-extra package and all such libs for the paths
of rpm qemu-block-* packages.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1554761

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-01-09 10:02:33 +01:00
Stefan Bader
50ce59b616 apparmor, libvirt-qemu: Silence lttng related deny messages
Prevent denial messages related to attempted reads on lttng
files from spamming the logs.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1432644

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2018-01-09 09:59:29 +01:00
Serge Hallyn
27199d8664 apparmor, libvirt-qemu: Allow use of sgabios
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1393548

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2018-01-09 09:57:59 +01:00
Cédric Bosdonnat
259a2cc34e apparmor: fix virt-aa-helper profile
Fix rule introduced by commit 0f33025a:
  * to handle /var/run not being a symlink to /run
  * to be properly parsed: missing comma at the end.
2018-01-03 17:33:28 +01:00
Christian Ehrhardt
8f882cf36e apparmor: allow unix stream for p2p migrations
On live migration with --p2p like:
 $ virsh migrate --live --p2p kvmguest-bionic-normal \
       qemu+ssh://10.6.221.80/system

We hit an apparmor deny like:
  apparmor="DENIED" operation="file_inherit"
  profile="/usr/sbin/libvirtd" pid=23477 comm="ssh" family="unix"
  sock_type="stream" protocol=0 requested_mask="send receive"
  denied_mask="send" addr=none peer_addr=none peer="unconfined"

The rule is not perfect, but can't be restricted further at the moment
(new upstream kernel features needed). For now the lack of a profile on the
peer as well as comm not being a conditional on rules do not allow to filter
further.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-01-03 09:45:21 +01:00
Cédric Bosdonnat
0f33025a43 virt-aa-helper: handle more disk images
virt-aa-helper needs read access to the disk image to resolve symlinks
and add the proper rules to the profile. Its profile whitelists a few
common paths, but users can place their images anywhere.

This commit helps users allowing access to their images by adding their
own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.

This commit also adds rules to allow reading files named:
  - *.raw as this is a rather common disk image extension
  - /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox
2017-12-20 11:05:54 +01:00
Jim Fehlig
0af5ced4b8 apparmor: allow qemu abstraction to read /proc/pid/cmdline
Noticed the following denial in audit.log when shutting down
an apparmor confined domain

type=AVC msg=audit(1512002299.742:131): apparmor="DENIED"
operation="open" profile="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff"
name="/proc/1475/cmdline" pid=2958 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=469 ouid=0

Squelch the denial by allowing read access to /proc/<pid>/cmdline.
2017-12-04 07:00:14 -07:00
intrigeri
3343ab0cd9 AppArmor: add mount rules needed with additional mediation features brought by Linux 4.14
This set of rules was proposed by Christian Boltz <apparmor@cboltz.de>
on https://bugzilla.opensuse.org/show_bug.cgi?id=1065123.
2017-11-19 19:16:27 +01:00
intrigeri
3b1d19e6c9 AppArmor: add rules needed with additional mediation features brought by Linux 4.14. 2017-11-19 19:16:27 +01:00
Christian Ehrhardt
b4470515f6 apparmor, virt-aa-helper: allow ipv6
In case ipv6 is used the network inet6 permission is required for
virt-aa-helper.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-11-07 16:57:32 +01:00
Christian Ehrhardt
37a4e6d430 apparmor: allow qemu to read max_segments
Since qemu 2.9 via 9103f1ce "file-posix: Consider max_segments for
BlockLimits.max_transfer" this is a new access that is denied by the
qemu profile.

It is non fatal, but prevents the fix mentioned to actually work.
It should be safe to allow reading from that path.

Since qemu opens a symlink path we need to translate that for apparmor from
"/sys/dev/block/*/queue/max_segments" to
"/sys/devices/**/block/*/queue/max_segments"

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-11-07 16:57:32 +01:00
Andrea Bolognani
3e7db8d3e8 Remove backslash alignment attempts
Right-aligning backslashes when defining macros or using complex
commands in Makefiles looks cute, but as soon as any changes is
required to the code you end up with either distractingly broken
alignment or unnecessarily big diffs where most of the changes
are just pushing all backslashes a few characters to one side.

Generated using

  $ git grep -El '[[:blank:]][[:blank:]]\\$' | \
    grep -E '*\.([chx]|am|mk)$$' | \
    while read f; do \
      sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \
    done

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 13:24:12 +01:00
Christian Ehrhardt
d4d50bcc79 virt-aa-helper: fix libusb access to udev usb descriptions
In bf3a4140 "virt-aa-helper: fix libusb access to udev usb data" the
libusb access to properly detect the device/bus ids was fixed.

The path /run/udev/data/+usb* contains a subset of that information we
already allow to be read and are currently not needed for the function
qemu needs libusb for. But on the init of libusb all those files are
still read so a lot of apparmor denials can be seen when using usb host
devices, like:
  apparmor="DENIED" operation="open" name="/run/udev/data/+usb:2-1.2:1.0"
  comm="qemu-system-x86" requested_mask="r" denied_mask="r"

Today we could silence the warnings with a deny rule without breaking
current use cases. But since the data in there is only a subset of those
it can read already it is no additional information exposure. And on the
other hand a future udev/libusb/qemu combination might need it so allow
the access in the default apparmor profile.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-10-26 12:48:32 +02:00
Jim Fehlig
c44b29aacb apparmor: add dnsmasq ptrace rule to libvirtd profile
Commit b482925c added ptrace rule for the apparmor profiles,
but one was missed in the libvirtd profile for dnsmasq. It was
overlooked since the test machine did not have an active libvirt
network requiring dnsmasq that was also set to autostart. With
one active and set to autostart, the following denial is observed
in audit.log when restarting libvirtd

type=AVC msg=audit(1507320136.306:298): apparmor="DENIED" \
operation="ptrace" profile="/usr/sbin/libvirtd" pid=5472 \
comm="libvirtd" requested_mask="trace" denied_mask="trace" \
peer="/usr/sbin/dnsmasq"

With an active network, I suspect a libvirtd restart causes access
to /proc/<dnsmasq-pid>/*, hence the resulting denial. As a nasty
side affect of the denial, libvirtd thinks it needs to spawn a
dnsmasq process even though one is already running for the network.
E.g. after two libvirtd restarts

dnsmasq   1683  0.0  0.0  51188  2612 ?        S    12:03   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root      1684  0.0  0.0  51160   576 ?        S    12:03   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
dnsmasq   4706  0.0  0.0  51188  2572 ?        S    13:54   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root      4707  0.0  0.0  51160   572 ?        S    13:54   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
dnsmasq   4791  0.0  0.0  51188  2580 ?        S    13:56   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root      4792  0.0  0.0  51160   572 ?        S    13:56   0:00 \
 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
 --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper

A simple fix is to add a ptrace rule for dnsmasq.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-By: Guido Günther <agx@sigxcpu.org>
2017-10-06 16:39:15 -06:00
Christian Ehrhardt
bf3a414087 virt-aa-helper: fix libusb access to udev usb data
libusb as used by qemu needs to read data from /run/udev/data/ about usb
devices. That is read once on the first initialization of libusb_init by
qemu.

Therefore generating just the device we need would not be sufficient as
another hotplug later can need another device which would fail as the
data is no more re-read at this point.

But we can restrict the paths very much to just the major number of
potential usb devices which will make it match approximately the detail
that e.g. an lsusb -v would reveal - that is much safer than the
"/run/udev/data/* r" blanket many users are using now as a workaround.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-10-06 11:14:49 +02:00
Jim Fehlig
b482925c22 apparmor: support ptrace checks
Kernel 4.13 introduced finer-grained ptrace checks

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.13.2&id=290f458a4f16f9cf6cb6562b249e69fe1c3c3a07

With kernel 4.13 and apparmor 2.11, simply starting libvirtd
results in the following apparmor denial

type=AVC msg=audit(1506112085.645:954): apparmor="DENIED"
operation="ptrace" profile="/usr/sbin/libvirtd" pid=6984
comm="libvirtd" requested_mask="trace" denied_mask="trace"
peer="unconfined"

Attempting to start an unconfined domain results in

type=AVC msg=audit(1506112301.227:1112): apparmor="DENIED"
operation="ptrace" profile="/usr/sbin/libvirtd" pid=7498
comm="libvirtd" requested_mask="trace" denied_mask="trace"
peer="/usr/sbin/libvirtd"

And attempting to start a confined domain results in

type=AVC msg=audit(1506112631.408:1312): apparmor="DENIED"
operation="open" profile="virt-aa-helper" name="/etc/libnl/classid"
pid=8283 comm="virt-aa-helper" requested_mask="r" denied_mask="r"
fsuid=0 ouid=0
type=AVC msg=audit(1506112631.530:1319): apparmor="DENIED"
operation="open" profile="virt-aa-helper" name="/etc/libnl/classid"
pid=8289 comm="virt-aa-helper" requested_mask="r" denied_mask="r"
fsuid=0 ouid=0
type=AVC msg=audit(1506112632.186:1324): apparmor="DENIED"
operation="ptrace" profile="/usr/sbin/libvirtd" pid=8342
comm="libvirtd" requested_mask="trace" denied_mask="trace"
peer="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff"

Add ptrace rules to allow the trace operations.

Resolves: https://bugzilla.suse.com/show_bug.cgi?id=1058847
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Guido Günther <agx@sigxcpu.org>
2017-09-25 12:03:35 +02:00
Julio Faracco
b06521928c storage: Add new events for *PoolBuild() and *PoolDelete().
This commit adds new events for two methods and operations: *PoolBuild() and
*PoolDelete(). Using the event-test and the commands set below we have the
following outputs:

$ sudo ./event-test
Registering event callbacks
myStoragePoolEventCallback EVENT: Storage pool test Defined 0
myStoragePoolEventCallback EVENT: Storage pool test Created 0
myStoragePoolEventCallback EVENT: Storage pool test Started 0
myStoragePoolEventCallback EVENT: Storage pool test Stopped 0
myStoragePoolEventCallback EVENT: Storage pool test Deleted 0
myStoragePoolEventCallback EVENT: Storage pool test Undefined 0

Another terminal:
$ sudo virsh pool-define test.xml
Pool test defined from test.xml

$ sudo virsh pool-build test
Pool test built

$ sudo virsh pool-start test
Pool test started

$ sudo virsh pool-destroy test
Pool test destroyed

$ sudo virsh pool-delete test
Pool test deleted

$ sudo virsh pool-undefine test
Pool test has been undefined

This commits can be a solution for RHBZ #1475227.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1475227

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-09-20 11:52:56 +02:00
Guido Günther
f305d8a191 apparmor: add attach_disconnected
Otherwise we fail to reconnect to /dev/net/tun opened by libvirtd
like

    [ 8144.507756] audit: type=1400 audit(1505488162.386:38069121): apparmor="DENIED" operation="file_perm" info="Failed name lookup - disconnected path" error=-13 profile="libvirt-5dfcc8a7-b79a-4fa9-a41f-f6271651934c" name="dev/net/tun" pid=9607 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=117 ouid=0

Reviewed-By: Jamie Strandboge <jamie@canonical.com>
Acked-By: Michal Privoznik <mprivozn@redhat.com>
2017-09-18 19:06:52 +02:00
intrigeri
e7f5d627f9 apparmor, libvirt-qemu: Allow QEMU to gather information about available host resources. 2017-08-11 16:57:59 -03:00
Serge Hallyn
ba326c8699 apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
When setting up VncTLS according to the official Libvirt documentation,
only one certificate for libvirt/libvirt-vnc is used. The document
indicates to use the following directories :

 /etc/pki/CA
 /etc/pki/libvirt
 /etc/pki/libvirt/private

in order to manage the certificates used by libvirt-vnc.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/901272

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Serge Hallyn
78769b8bd9 apparmor, libvirt-qemu: Allow access to ceph config
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Stefan Bader
5b4d46a95e apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
On Debian/Ubuntu the libxl-save-helper (used when saving/restoring
a domain through libxl) is located under /usr/lib/xen-<version>/bin.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1334195

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Serge Hallyn
233e08c057 apparmor, libvirt-qemu: Add ppc64el related changes
Updates profile to allow running on ppc64el.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
William Grant
f3b0f324eb apparmor, virt-aa-helper: Allow aarch64 UEFI.
Allow access to aarch64 UEFI images.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Guido Günther <agx@sigxcpu.org>
2017-06-16 10:38:52 +02:00
Simon McVittie
8d4aad6412 virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
The split firmware and variables files introduced by
https://bugs.debian.org/764918 are in a different directory for
some reason. Let the virtual machine read both.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2017-06-16 10:38:52 +02:00
Martin Kletzander
a8eba5036c qemu: Report shutdown event details
QEMU will likely report the details of it shutting down, particularly
whether the shutdown was initiated by the guest or host.  We should
forward that information along, at least for shutdown events.  Reset
has that as well, however that is not a lifecycle event and would add
extra constants that might not be used.  It can be added later on.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1384007

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-05-26 15:01:15 +02:00
Felix Geyer
dd875fb326 apparmor, virt-aa-helper: Explicit denies for host devices
Add explicit denies for disk devices to avoid cluttering dmesg with
(acceptable) denials.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Guido Günther <agx@sigxcpu.org>
2017-05-19 09:48:23 +02:00
Felix Geyer
95740052ea apparmor, virt-aa-helper: Allow access to libnl-3 config files
Allow access to libnl-3 config files

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Guido Günther <agx@sigxcpu.org>
2017-05-19 09:48:23 +02:00
Michal Privoznik
1a4a4ffa3e lib: Fix c99 style comments
We prefer c89 style of comments.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-04-27 14:13:19 +02:00
Peter Krempa
085e794a86 lib: Introduce event for tracking disk backing file write threshold
When using thin provisioning, management tools need to resize the disk
in certain cases. To avoid having them to poll disk usage introduce an
event which will be fired when a given offset of the storage is written
by the hypervisor. Together with the API which will be added later, it
will allow registering thresholds for given storage backing volumes and
this event will then notify management if the threshold is exceeded.
2017-03-27 09:29:57 +02:00
Guido Günther
123cc3e11c apparmor: allow /usr/lib/qemu/qemu-bridge-helper
This is where e.g. Debian puts it.
2017-03-17 09:59:42 +01:00
Daniel P. Berrange
42241208d9 secret: add support for value change events
Emit an event whenever a secret value changes

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-01-09 16:42:04 +00:00
Daniel P. Berrange
dabaa05d27 examples: add secret events to event demo program
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-01-09 15:53:49 +00:00
Daniel P. Berrange
c50070173d Add domain event for metadata changes
When changing the metadata via virDomainSetMetadata, we now
emit an event to notify the app of changes. This is useful
when co-ordinating different applications read/write of
custom metadata.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-01-09 15:53:00 +00:00
Guido Günther
1a9148fbdf apparmor: pass attach_disconnected
to cure

 + virsh lxc-enter-namespace --noseclabel sl /bin/ls /bin/ls
 libvirt:  error : Expected at least one file descriptor
 error: internal error: Child process (2714) unexpected exit status 125

caused by

 apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2016-12-21 06:26:31 +01:00
Michal Privoznik
3b67fc9f9f examples: Resolve sign-compare warnings
For instance:

hellolibvirt/hellolibvirt.c: In function 'showDomains':
hellolibvirt/hellolibvirt.c💯19: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
     for (i = 0; i < numNames; i++) {
                   ^

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-20 13:11:25 +01:00
Erik Skultety
0c169930c0 admin: Add an example demonstrating how to use the logging APIs
Provide a simple C example demonstrating the use of both query APIs as
well as setter APIs.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-12-15 10:36:23 +01:00
intrigeri
a73e7037e5 AppArmor: allow QEMU to set_process_name.
https://bugzilla.redhat.com/show_bug.cgi?id=1369281

Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.co>
2016-12-12 14:08:45 +00:00
intrigeri
de79efdeb8 AppArmor policy: support merged-/usr.
Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.co>
2016-12-12 14:08:35 +00:00
Luyao Huang
aafa297044 examples: Distribute all systemtap scripts.
Due to a missing entries in Makefile, we were not distributing
all the systemtap scripts we have.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-10-10 15:02:38 +08:00
Cédric Bosdonnat
f03013c212 apparmor: move qemu-bridge-helper to libvirtd profile
qemu-bridge-helper is only called from libvirtd, it has to be moved
from the qemu domain abstraction to the usr.sbin.libvirtd profile.
2016-09-26 13:23:01 +02:00
Jovanka Gulicoska
43a6b37b24 Introduce node device update event as top level event
This event is emitted when a nodedev XML definition is updated,
like when cdrom media is changed in a cdrom block device.

Also includes node device update event implementation for udev
backend, virsh nodedev-event support, and event-test support
2016-08-15 08:30:56 -04:00
Jovanka Gulicoska
f803f5ff34 event-test: support node device lifecycle event APIs 2016-08-02 09:52:00 -04:00
Ján Tomko
aa7bb4f36d examples: check asprintf return value in client_info.c
On error, asprintf returns -1 and the contents of the string
pointer is undefined. In the rest of the libvirt code,
the virAsprintf wrapper takes care of that.

Check the return value and report a generic error, since we
purposefully avoid linking to virutil.
2016-07-01 15:39:01 +02:00
Erik Skultety
fbb8205de3 examples: admin: Add some examples for the new admin APIs
Some of the examples make use of asprintf and strtol functions (to keep
things simple) which are prohibited to use within our code (enforced by
syntax-check). Therefore besides adding some examples, this patch also updates
cfg.mk to exclude examples directory from asprintf and strtol rules, as well as
updates .gitignore to exclude all the new admin binaries created in the
'examples' dir.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-06-26 00:21:06 +02:00
Daniel P. Berrange
0330848207 Promote storage pool refresh lifecycle event to top level event
The VIR_STORAGE_POOL_EVENT_REFRESHED constant does not
reflect any change in the lifecycle of the storage pool.

It should thus not be part of the storage pool lifecycle
event set, but rather be a top level event in its own
right. Thus we introduce VIR_STORAGE_POOL_EVENT_ID_REFRESH
to replace it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-24 18:26:11 +01:00
Jovanka Gulicoska
028c56631f event-test: support storage lifecycle event APIs 2016-06-16 12:22:11 -04:00
Guido Günther
2e34cb5463 apparmor: Don't scrub environment of virtlogd process
otherwise we drop variables like XDG_RUNTIME_DIR with qemu:///session
and libvirtd faild to find virtlogd's socket.
2016-06-12 13:36:28 +02:00
Jovanka Gulicoska
b29e08dbe3 More usage of virGetLastErrorMessage
Convert to virGetLastErrorMessage() in the rest of the code
2016-05-19 15:17:03 -04:00
Michal Privoznik
25866ec6a6 examples: Try harder to uninstall nwfilter
We have this code in our Makefile that tries to remove
/etc/libvirt/nwfilter if directory is left empty after all our
example nwfilters were uninstalled. However, the check for that
is missing quotation marks thus rendering the test useless:

test -z allow-arp.xml allow-dhcp-server.xml .. qemu-announce-self.xml || \
  rmdir "/some/path/libvirt.git/_install/etc/libvirt/nwfilter"
/bin/sh: line 0: test: too many arguments

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-04-20 17:33:55 +02:00
Peter Krempa
dc7aeeade1 event-test: Enforce domain event sync
Use verify to force adding new events by means of static assertions.
2016-04-18 16:31:30 +02:00
Peter Krempa
09b28782de event-test: Add VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON
When adding the static check I've noticed that one other event is
missing.
2016-04-18 16:31:29 +02:00
Peter Krempa
cecbb0642e event-test: Add VIR_DOMAIN_EVENT_ID_DEVICE_REMOVAL_FAILED 2016-04-18 16:31:29 +02:00
Peter Krempa
9e9a5cf0f4 event-test: Add VIR_DOMAIN_EVENT_ID_JOB_COMPLETED 2016-04-18 16:31:29 +02:00
Peter Krempa
bb25001a5b event-test: Add VIR_DOMAIN_EVENT_ID_MIGRATION_ITERATION callback 2016-04-18 16:31:29 +02:00
Peter Krempa
9da32b368e event-test: Add VIR_DOMAIN_EVENT_ID_BLOCK_JOB and VIR_DOMAIN_EVENT_ID_BLOCK_JOB_2 2016-04-18 16:31:29 +02:00
Peter Krempa
e55b149169 event-test: make domain event registration declarative
Rather than copying loads of ugly code, let's help out by a few C
tricks.
2016-04-18 16:31:29 +02:00
Peter Krempa
16dfe015f9 event-test: warn on unhandled enum values
Avoid forgetting to add the correct fields to the switches in
event-test.
2016-04-18 16:31:29 +02:00
Peter Krempa
ab48005f10 event-test: make few switch statements future proof
Make them return "uknown" for invalid values without breaking compiler
checks to add new values.
2016-04-18 16:31:28 +02:00
Peter Krempa
5ffc742c17 event-test: Use switch instead of if/else if chains for lifecycle event translation 2016-04-18 16:31:28 +02:00
Peter Krempa
f3f01f771b event-test: Use typecasted enum to convert graphics event phase 2016-04-18 16:31:28 +02:00
Peter Krempa
09ddd86027 event-test: Force compiler check in switch for connectClose callback 2016-04-18 16:31:28 +02:00
Peter Krempa
e1128b3a4c event-test: Use functions with typecasted switch to convert enums
Arrays would induce crash if a new value was introduced without adding
it here. This could happen for
VIR_DOMAIN_EVENT_DISK_DROP_MISSING_ON_START
2016-04-18 16:31:27 +02:00
Peter Krempa
2e0f34530b event-test: touch up coding style
Break long lines and format headers correctly.
2016-04-18 16:31:27 +02:00
Peter Krempa
6e71d1e824 event-test: Remove unnecessary 'usage' function 2016-04-18 16:31:27 +02:00
Peter Krempa
e1389f3983 event-test: Get rid of useless and ambiguous VIR_DEBUG macro
The event test does not try to include libvirt internals. Using a macro
named VIR_DEBUG might hint to such usage. Additionally it's useless
since it's used only in the main() function.

Modernize the message strings while touching them.
2016-04-18 16:31:27 +02:00
Peter Krempa
fda27347d5 event-test: Remove forward declarations
Most of the functions are no longer in this file. 'usage' does not need
a declaration.
2016-04-18 16:31:27 +02:00
Michal Privoznik
cbe289d814 event-test: Check for virConnectRegisterCloseCallback return value
In an unlikely event of virConnectRegisterCloseCallback failing,
the error is ignored. This is an example file and we shouldn't
get a bad example.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-24 10:49:39 +01:00
Michal Privoznik
bde75a895d event-test: Use goto cleanup instead of if else jungle
Like in the rest of our code we tend to prefer 'goto' and
'cleanup' over 'if else' code structure. Do the same here.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-24 10:49:39 +01:00
Jiri Denemark
5a9cbc6265 Add event and state details for post-copy
VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY and VIR_DOMAIN_PAUSED_POSTCOPY are
used on the source host once migration enters post-copy mode (which
means the domain gets paused on the source. After the destination host
takes over the execution of the domain, its virtual CPUs are resumed and
the domain enters VIR_DOMAIN_RUNNING_POSTCOPY state and
VIR_DOMAIN_EVENT_RESUMED_POSTCOPY event is emitted.

In case migration fails during post-copy mode and none of the hosts have
complete state of the domain, both domains will remain paused with
VIR_DOMAIN_PAUSED_POSTCOPY_FAILED reason and an upper layer may decide
what to do.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-03-21 15:15:46 +01:00
Dmitry Andreev
8047d45704 Introduce new VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT sub-event
VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT event should be emitted
when domain configuration was changed on revert to snapshot.
2016-03-15 14:57:26 -04:00
Andrea Bolognani
9a457be18b domsuspend: Fix warning on mingw build
Commit d82170d introduced a workaround for domtop: in that example
program, we define a symbol called ERROR for our own use, but since
a symbol with the same name is already defined in one of mingw's
header files, we get a warning when using that compiler.

domsuspend defines the same problematic symbol, so the workaround
has been copied over.
2016-02-12 16:36:34 +01:00
Michal Privoznik
8c67ab6684 Expand $(wildcard) correctly
So after da176bf6b7 and friend we have switched to $(wildcard
some/path/*.xml) instead of enumerating the files explicitly.
This is nice, however it makes distcheck build from VPATH fail.
The reason is that it's is not obvious to what does the wildcard
refer to: srcdir or builddir?

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-12 17:16:33 +01:00
Cole Robinson
da176bf6b7 examples: Use one top level makefile
Using one Makefile per example subdirectory essentially serializes 'make'
calls. Convert to one example/Makefile that builds and distributes
all the subdir files. This reduces example/ rebuild time from about 5.8
seconds to 1.5 seconds on my machine.

One slight difference is that we no longer ship Makefile.am with the
examples in the rpm. This was virtually useless anyways since the Makefile
was very specific to libvirt infrastructure, so wasn't generically
reusable anyways.

Tested with 'make distcheck' and 'make rpm'
2016-01-09 21:14:12 -05:00
Guido Günther
d8ca0cbd4b apparmor: add missing qemu binaries
This adds the qemu binaries as of 1.2.4 in Debian. It also removes a
duplicate sparc64 entry.
2015-11-25 08:35:06 +01:00
Martin Kletzander
e755186c5c Add example that renames domain there and back
And in the middle it prints out its name to demonstrate changes in later
patch(es).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-04 18:55:01 +02:00
Jiri Denemark
29b5167417 examples: Add example polkit ACL rules
Creating ACL rules is not exactly easy and existing examples are pretty
simple. This patch adds a somewhat complex example which defines several
roles. Admins can do everything, operators can do basic operations
on any domain and several groups of users who act as operators but only
on a limited set of domains.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-09-04 17:26:04 +02:00
Tomas Meszaros
9877d8406c Introduce new VIR_DOMAIN_EVENT_DEFINED_RENAMED event
This should be emitted whenever a domain is renamed.

Signed-off-by: Tomas Meszaros <exo@tty.sk>
2015-08-14 10:50:20 +02:00
Cédric Bosdonnat
ec5c1dcb53 Apparmor: allow reading block-rbd.so 2015-04-24 10:47:42 +02:00
Michal Privoznik
498d7b2bf5 domtop: Properly free cpu status
So, in the example the cpu stats are collected within a function
called do_top. At the beginning of the function we ask the daemon for
how much vCPUs can we get stats, and how many stats for a vCPU can we
get. This is because it's how our API works - users are required to
preallocate a chunk of memory for the results. Now, at the end, we try
to free the allocated array, but we are not doing it correctly.
There's this virTypedParamsFree() function which gets a pointer to the
array and the length of the array. However, if there was an error in
getting vCPU stats we pass a negative number instead of the originally
computed value. This flaw results in SIGSEGV:

libvirt: QEMU Driver error : Requested operation is not valid: domain is not running
ERROR do_top:333 : Unable to get cpu stats
==29201== Invalid read of size 4
==29201==    at 0x4F1DF8B: virTypedParamsClear (virtypedparam.c:1145)
==29201==    by 0x4F1DFEB: virTypedParamsFree (virtypedparam.c:1165)
==29201==    by 0x4023C3: do_top (domtop.c:349)
==29201==    by 0x40260B: main (domtop.c:386)
==29201==  Address 0x131cd7c0 is 16 bytes after a block of size 768 alloc'd
==29201==    at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29201==    by 0x401FF1: do_top (domtop.c:295)
==29201==    by 0x40260B: main (domtop.c:386)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-21 10:56:50 +02:00
Cédric Bosdonnat
e4725cdb12 Apparmor: removed duplicate nscd rules 2015-04-20 09:32:04 +02:00
Ján Tomko
a809c4749e Add an example for EVENT_ID_DEVICE_ADDED 2015-04-15 17:06:01 +02:00
Cédric Bosdonnat
9e7b1e646d Apparmor qemu abstraction fixes for SLES
SLES 11 has legacy qemu-kvm package, /usr/bin/qemu-kvm and
/usr/share/qemu-kvm need to be accessed to domains.
2015-04-09 11:18:16 +02:00
Martin Kletzander
0e7457e501 Fix common misspellings
Wikipedia's list of common misspellings [1] has a machine-readable
version.  This patch fixes those misspellings mentioned in the list
which don't have multiple right variants (as e.g. "accension", which can
be both "accession" and "ascension"), such misspellings are left
untouched.  The list of changes was manually re-checked for false
positives.

[1] https://en.wikipedia.org/wiki/Wikipedia:Lists_of_common_misspellings/For_machines

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-03-23 09:01:30 +01:00
Mike Latimer
338b07afa9 Grant access to helpers
Apparmor must not prevent access to required helper programs. The following
helpers should be allowed to run in unconfined execution mode:

 - libvirt_parthelper
 - libvirt_iohelper
2015-01-23 11:12:44 +01:00
Mike Latimer
c0273cd6f2 Fix apparmor issues for tck
The network and nwfilter tests contained in the libvirt-TCK testkit can fail
unless access to raw network packets is granted. Without this access, the
following apparmor error can be seen while running the tests:

  apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/libvirtd"
  pid=94731 comm="libvirtd" family="packet" sock_type="raw" protocol=768
2015-01-23 11:12:04 +01:00
Mike Latimer
b61fb8e8af Fix apparmor issues for Xen
In order for apparmor to work properly in Xen environments, the following
access rights need to be allowed:

 - Allow CAP_SYS_PACCT, which is required when resetting some multi-port
   Broadcom cards by writting to the PCI config space

 - Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without
   this setting, an error 'Resource temporarily unavailable' can be seen
   while attempting to mmap memory. At the same time, the following
   apparmor message is seen:

   apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd"
   pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14
   capname="ipc_lock"

 - Allow access to distribution specific directories:
     /usr/{lib,lib64}/xen/bin
2015-01-23 11:11:53 +01:00
Cedric Bosdonnat
30c6aecc44 Teach AppArmor, that /usr/lib64 may exist.
The apparmor profiles forgot about /usr/lib64 folders, just add lib64
as a possible alternative to lib in the paths
2015-01-05 09:46:35 +01:00
Peter Krempa
4ca2744e8b examples: Add support for the guest agent lifecycle event
Add code to support the event in the object-event example.
2014-11-24 15:47:01 +01:00
Martin Kletzander
cfd9c02802 Remove unnecessary curly brackets in daemon/ and examples/
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-11-14 17:13:00 +01:00
Martin Kletzander
4480cd2837 examples: add systemtap script to ease lock debugging
As discussed before, this simple script should help with debugging
deadlocks, although there are still some caveats.  RWLocks are not
handled by this and if your deadlock if very racy, it may not lock
up when running with this script due to the slowdown.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-11-03 16:43:23 +01:00
Pavel Hrdina
f06a6257d5 event_example: cleanup example code for tunable event
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-26 09:33:58 +02:00
Pavel Hrdina
b8b3c56566 Fix MinGW build
When building on mingw the format string for long long/unsigned long
long have to be I64d/I64u instead of lld/llu.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-24 17:16:32 +02:00
Pavel Hrdina
9e734ab73e add an example how to use tunable event
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-23 21:55:31 +02:00
Felix Geyer
2311e5c4ea apparmor: allow reading cap_last_cap
libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
and thus running a qemu guest fails.

Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-04 14:24:47 +02:00
Michal Privoznik
66eaa887e9 Fix spacing around commas
On some places in the libvirt code we have:

  f(a,z)

instead of

  f(a, z)

This trivial patch fixes couple of such occurrences.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-08-22 15:03:39 +02:00
Peter Krempa
d88f9027ae examples: test: Kill unsupported maxMemory element
The "maxMemory" element was never supported by libvirt. Remove it from
the test XMLs. (Found while actually trying to add support for a
identically named element).
2014-08-20 15:27:18 +02:00
Michal Privoznik
dc64be90b5 domtop: Remove unused variable
The variable 'k' in the print_cpu_usage function is not used anywhere
and can fire a warning on some compilers.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-08-04 14:40:52 +02:00
Michal Privoznik
859aa405e1 domtop: Turn parse_argv into void
Currently, the function follows the usual pattern used in our code:

  int ret = -1;
  ...
  ret = 0;
 cleanup:
  return ret;

However, the function always call exit() on error, so the cleanup
label is never jumped onto. Therefore, it doesn't make any sense to
have the parse_argv function return an integer value, if it
effectively can return only value of zero.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-08-04 14:37:14 +02:00
Michal Privoznik
d82170d757 domtop: Fix build on mingw
Firstly, there's no sigaction() nor struct sigaction on mingw. We have
to use the one implemented by gnulib (and hence link with gnulib).
Then, for some reason one header file from windows defines ERROR
symbol. Yes it does. Sigh.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-07-22 09:53:18 +02:00
Peter Krempa
ba2b4da02d examples: domtop: Avoid leaking memory
Use the virTypedParamsFree unconditionally as it handles NULL well and
has the benefit of freeing a typed parameter array even if it wasn't yet
assigned, but only allocated.
2014-07-21 15:20:59 +02:00
Peter Krempa
abab113bd2 examples: domtop: Fix uninitialized variable use
max_id could be used uninitialized in the cleanup section after the
domain wasn't found.

Discovered by Coverity.
2014-07-21 15:20:59 +02:00
Michal Privoznik
28d54aab05 examples: Introduce domtop
There's this question on the list that is asked over and over again.
How do I get {cpu, memory, ...} usage in percentage? Or its modified
version: How do I plot nice graphs like virt-manager does?

It would be nice if we have an example to inspire people. And that's
what domtop should do. Yes, it could be written in different ways, but
I've chosen this one as I think it show explicitly what users need to
implement in order to imitate virt-manager's graphing.

Note: The usage is displayed from host perspective. That is, how much
host CPUs the domain is using. But it should be fairly simple to
switch do just guest CPU usage if needed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-07-18 16:39:54 +02:00
Cédric Bosdonnat
9265f8ab67 Rework lxc apparmor profile
Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default.
This profile allows quite a lot, but strives to restrict access to
dangerous resources.

Removing the explicit authorizations to bash, systemd and cron files,
forces them to keep the lxc profile for all applications inside the
container. PUx permissions where leading to running systemd (and others
tasks) unconfined.

Put the generic files, network and capabilities restrictions directly
in the TEMPLATE.lxc: this way, users can restrict them on a per
container basis.
2014-07-15 12:57:05 -06:00
Cédric Bosdonnat
dba3432b88 virt-lxc-convert: make free return values in bytes
Tiny fix for virt-lxc-convert: we are setting memory values in bytes, while
free may give us values in a different unit by default: force free to output
bytes with -b flag.
2014-07-07 12:37:23 +02:00
Cédric Bosdonnat
b73aafd6dd Added example script on how to convert LXC container config 2014-06-17 22:08:13 -06:00
Sahid Orentino Ferdjaoui
b21795bb5b Add a new example to illustrate domain migration
This commit adds a new example to illustrate peer to
peer domain migration with virDomainMigrateToURI.

Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com>
2014-04-30 14:29:07 +01:00
Cédric Bosdonnat
74e86b6b25 Fix apparmor profile to make vfio pci passthrough work
See lp#1276719 for the bug description. As virt-aa-helper doesn't know
the VFIO groups to use for the guest, allow access to all
/dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need
for vfio

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-27 09:09:23 -06:00
Ján Tomko
56e5a9177e Indent top-level labels by one space in examples/ 2014-03-25 14:58:38 +01:00
Martin Kletzander
95aed7febc Use K&R style for curly braces in remaining files
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-20 17:27:17 +01:00
Cédric Bosdonnat
ef7dc7d429 add support for apparmor in lxc-enter-namespace 2014-03-04 11:15:47 +00:00
Cédric Bosdonnat
43c030f046 LXC driver: generate apparmor profiles for guests
use_apparmor() was first designed to be called from withing libvirtd,
but libvirt_lxc also uses it. in libvirt_lxc, there is no need to check
whether to use apparmor or not: just use it if possible.
2014-03-04 11:07:05 +00:00
Cédric Bosdonnat
4f20084b12 AppArmor: Fix the place where the template should be installed
The security driver expects /etc/apparmor.d/libvirt/TEMPLATE but we
installed it to /etc/apparmor.d/libvirtd/TEMPLATE. Move the template to
the expected place since that code was here long before.
2014-02-12 06:34:32 -07:00
Felix Geyer
f88a3d9b0c apparmor: Improve profiles
Tested on Debian unstable.
The profile updates are partly taken from the Ubuntu trusty libvirt package.

Signed-off-by: Guido Günther <agx@sigxcpu.org>
2014-02-07 19:16:51 +01:00
Thorsten Behrens
721949059b maint: align whitespaces with project conventions. 2014-01-20 14:35:08 +01:00
Guido Günther
37705c12be Allow to install apparmor profiles
Make it easy to install the shipped examples. The aim is to have
reasonably working templates so that distros only need to minimally
patch these and can feed things upstream more easily.

This was prompted by http://bugs.debian.org/725144
2014-01-07 23:10:24 +01:00
Michal Privoznik
f7fee15ae8 event-test: Unregister close callback
When registering a close callback, the connection refcount is increased
as the connection object is passed to the callback and hence we must
prevent deleting it too soon. However, when closing the connection, the
connection object is just unrefed. So whenever a connection with a close
callback is closed, we end up with the connection object which has
exactly one reference. Leaving the code as-is doesn't mean the end of
the world as we know it, but why give a bad example?

==14531== 288 bytes in 1 blocks are still reachable in loss record 695 of 762
==14531==    at 0x4C2BDE4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14531==    by 0x4E9FE09: virAllocVar (viralloc.c:558)
==14531==    by 0x4EDBE45: virObjectNew (virobject.c:190)
==14531==    by 0x4F71AAC: virGetConnect (datatypes.c:116)
==14531==    by 0x4F78511: do_open (libvirt.c:1136)
==14531==    by 0x4F7B3AC: virConnectOpenAuth (libvirt.c:1481)
==14531==    by 0x4011D2: main (event-test.c:499)

(and other leaks tied to virGetConnect())

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:18:34 +01:00
Michal Privoznik
e26cae6b85 examples: Resurrect domsuspend example
This partially reverts 5eb4b04211 and 62774afb6b.

Rewrite the domsuspend example from scratch. This time do it right.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-12-24 17:17:35 +01:00
Daniel P. Berrange
447d55c138 Update event demo program to support network events too 2013-12-13 16:07:54 +00:00
Daniel P. Berrange
950c2a550f Move examples/domain-events/event-c to examples/object-events
The domain events demo program isn't really tied to domain
events anymore, so rename it to object events.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-13 16:07:54 +00:00
Peter Krempa
5eb4b04211 examples: Remove broken bad example
The domsuspend example code is a really old and bad exmample of (how not
to use) the libvirt API. Remove it as it's apparent that nobody tried to
use it. It was broken and nobody complained.
2013-12-04 18:56:06 +01:00
Daniel P. Berrange
a7a1244a73 Remove python binding
The python binding now lives in

  http://libvirt.org/git/?p=libvirt-python.git

that repo also provides an RPM which is upgrade compatible
with the old libvirt-python sub-RPM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-25 16:08:00 +00:00
Daniel P. Berrange
3e2f27e13b Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Eric Blake
b420df72a8 build: only install nwfilter examples when building nwfilter
'make rpm' with client_local set to 1 (by manual modification,
or with RHEL 5 on s390) warns:

RPM build errors:
    Installed (but unpackaged) file(s) found:
   /etc/libvirt/nwfilter/allow-arp.xml
   /etc/libvirt/nwfilter/allow-dhcp-server.xml
   /etc/libvirt/nwfilter/allow-dhcp.xml
   /etc/libvirt/nwfilter/allow-incoming-ipv4.xml
   /etc/libvirt/nwfilter/allow-ipv4.xml
   /etc/libvirt/nwfilter/clean-traffic.xml
   /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml
   /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml
   /etc/libvirt/nwfilter/no-arp-spoofing.xml
   /etc/libvirt/nwfilter/no-ip-multicast.xml
   /etc/libvirt/nwfilter/no-ip-spoofing.xml
   /etc/libvirt/nwfilter/no-mac-broadcast.xml
   /etc/libvirt/nwfilter/no-mac-spoofing.xml
   /etc/libvirt/nwfilter/no-other-l2-traffic.xml
   /etc/libvirt/nwfilter/no-other-rarp-traffic.xml
   /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml
   /etc/libvirt/nwfilter/qemu-announce-self.xml
   /usr/share/polkit-1/actions/org.libvirt.api.policy

The bulk of these are fixed with this patch.

* examples/xml/nwfilter/Makefile.am (install-data-local)
(uninstall-local): Make conditional.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-04 13:48:27 -06:00
Eric Blake
11e80ddfe4 build: fix typo that broke 'make dist'
Bug introduced in commit 5c6ff42; 'make dist' fails:

make[3]: Entering directory `/home/eblake/libvirt-tmp/build3/examples/python'
make[3]: *** No rule to make target `topoology.py', needed by `distdir'.  Stop.
make[3]: Leaving directory `/home/eblake/libvirt-tmp/build3/examples/python'

* examples/python/Makefile.am (EXTRA_DIST): Spell topology right.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-03 16:38:29 -06:00
Peter Krempa
5c6ff42254 examples: Add script to parse topology from capabilities output
Add a demo script originally written by Amador Pahim to parse topology
of the host from data provided in the capabilities XML.
2013-09-03 14:27:58 +02:00
Claudio Bley
2a40951148 Test for object identity when checking for None in Python
Consistently use "is" or "is not" to compare variables to None,
because doing so is preferrable, as per PEP 8
(http://www.python.org/dev/peps/pep-0008/#programming-recommendations):

> Comparisons to singletons like None should always be done with is or
> is not, never the equality operators.
2013-08-23 08:12:26 +02:00
Giuseppe Scrivano
2576f17805 examples: support crash events in event-test.py
commit 14e7e0ae8d adds the support for
crash events.

Solves: https://bugzilla.redhat.com/show_bug.cgi?id=994317

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-08-14 15:59:21 -06:00
Eric Blake
6f4458a017 examples: fix mingw build vs. printf
Mingw *printf is a moving target; newer mingw now provides a version
of asprintf() that fails to understand %lld:

  CC       event_test-event-test.o
../../../../examples/domain-events/events-c/event-test.c: In function 'myDomainEventRTCChangeCallback':
../../../../examples/domain-events/events-c/event-test.c:270:18: error: unknown conversion type character 'l' in format [-Werror=format=]
                  virDomainGetID(dom), offset) < 0)
                  ^

But since our examples already admitted that they were hacking around
a mingw deficiency, it is easier to just use printf() directly, coupled
with <inttypes.h> macros, for a more portable work-around.

* examples/domain-events/events-c/event-test.c
(myDomainEventRTCChangeCallback): Use PRIdMAX instead of asprintf.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-29 12:53:36 -06:00
Jiri Denemark
ee023f6c1f examples: Handle VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED event 2013-07-18 15:28:45 +02:00
John Ferlan
0776809659 hellolibvirt: Resolve Coverity issues
Recent changes uncovered a NEGATIVE_RETURNS when processing 'numNames'
in 'showDomains' in the for loop after a possible -1 return.
2013-07-11 14:18:11 -04:00
Daniel P. Berrange
75825494c7 Convert 'int i' to 'size_t i' in examples/ files
Convert the type of loop iterators named 'i', 'j', k',
'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
'unsigned int', also santizing 'ii', 'jj', 'kk' to use
the normal 'i', 'j', 'k' naming

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-10 17:55:17 +01:00
Chen Fan
14e7e0ae8d libvirt: Define domain crash event types
This patch introduces domain crashed types and crashed reasons which
will be used while guest panicked.
2013-07-02 12:02:27 -06:00
Eric Blake
146ba114a5 syntax: prefer space after semicolon in for loop
I noticed several unusual spacings in for loops, and decided to
fix them up.  See the next commit for the syntax check that found
all of these.

* examples/domsuspend/suspend.c (main): Fix spacing.
* python/libvirt-override.c: Likewise.
* src/conf/interface_conf.c: Likewise.
* src/security/virt-aa-helper.c: Likewise.
* src/util/virconf.c: Likewise.
* src/util/virhook.c: Likewise.
* src/util/virlog.c: Likewise.
* src/util/virsocketaddr.c: Likewise.
* src/util/virsysinfo.c: Likewise.
* src/util/viruuid.c: Likewise.
* src/vbox/vbox_tmpl.c: Likewise.
* src/xen/xen_hypervisor.c: Likewise.
* tools/virsh-domain-monitor.c (vshDomainStateToString): Drop
default case, to let compiler check us.
* tools/virsh-domain.c (vshDomainVcpuStateToString): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-28 07:56:07 -06:00
Osier Yang
6da965692c examples: Remove the whitespace before ';' 2013-05-21 23:41:45 +08:00
Eric Blake
d7f53c7b97 maint: use LGPL correctly
Several files called out COPYING or COPYING.LIB instead of using
the normal boilerplate.  It's especially important that we don't
call out COPYING from an LGPL file, since COPYING is traditionally
used for the GPL.  A few files were lacking copyright altogether.

* src/rpc/gendispatch.pl: Add missing copyright.
* Makefile.nonreentrant: Likewise.
* src/check-symfile.pl: Likewise.
* src/check-symsorting.pl: Likewise.
* src/driver.h: Likewise.
* src/internal.h: Likewise.
* tools/libvirt-guests.sh.in: Likewise.
* tools/virt-pki-validate.in: Mention copyright in comment, not just code.
* tools/virt-sanlock-cleanup.in: Likewise.
* src/rpc/genprotocol.pl: Spell out license terms.
* src/xen/xend_internal.h: Likewise.
* src/xen/xend_internal.c: Likewise.
* Makefile.am: Likewise.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* docs/schemas/Makefile.am: Likewise.
* examples/apparmor/Makefile.am: Likewise.
* examples/domain-events/events-c/Makefile.am: Likewise.
* examples/dominfo/Makefile.am: Likewise.
* examples/domsuspend/Makefile.am: Likewise.
* examples/hellolibvirt/Makefile.am: Likewise.
* examples/openauth/Makefile.am: Likewise.
* examples/python/Makefile.am: Likewise.
* examples/systemtap/Makefile.am: Likewise.
* examples/xml/nwfilter/Makefile.am: Likewise.
* gnulib/lib/Makefile.am: Likewise.
* gnulib/tests/Makefile.am: Likewise.
* include/Makefile.am: Likewise.
* include/libvirt/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* python/tests/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.
* configure.ac: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-20 14:03:48 -06:00
Daniel P. Berrange
0902f696a9 Update hellolibvirt to demo virGetLastErrorMessage()
Update the hellolibvirt example program to demonstrate use of
the virGetLastErrorMessage() API for quick error reporting

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-10 19:57:18 +01:00
Jesse J. Cook
854b91cd9f dom event example: Add error check to impl call
Added error checking to virEventRegisterDefaultImpl call for consistency.
2013-05-10 11:21:08 +02:00
Jesse J. Cook
90ebc54e9d dom event example: init before register event impl
In the domain-events example C code virEventRegisterDefaultImpl was being
called before virConnectOpen without first calling virInitialize. While this
code worked, it is incorrect. Adding a call to g_string_new prior to the call
to virEventRegisterDefaultImpl would cause the code to break. This fix will
help avoid unintentional misue of the API.

Relates to: Ret Hat Bugzilla - Bug 961155
2013-05-10 11:21:08 +02:00
Daniel P. Berrange
ad9ea4a9fd Re-add DTrace probes on 'dispose' functions
When converting to virObject, the probes on the 'Free' functions
were removed on the basis that there is a probe on virObjectFree
that suffices. This puts a burden on people writing probe scripts
to identify which object is being dispose. This adds back probes
in the 'Dispose' functions and updates the rpc monitor systemtap
example to use them

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:21 +00:00
John Ferlan
b421c35c98 hellolibvirt: Adjust code to use new APIs
Change the order of some conditions and use the AllDomains API to get
a list of all the active and defined domains, then use the Active and
Name API's in order to print.

This changes here adjust the output from:

Attempting to connect to hypervisor
Connected to hypervisor at "qemu:///system"
Hypervisor: "QEMU" version: 0.32.656
There are 0 active and 2 inactive domains
Inactive domains:
  foo
  bar
Disconnected from hypervisor

to

Attempting to connect to hypervisor
Connected to hypervisor at "qemu:///system"
Hypervisor: "QEMU" version: 0.32.656
There are 0 active and 2 inactive domains
       foo (non-active)
       bar (non-active)
Disconnected from hypervisor
2013-03-04 17:36:03 -05:00
Guido Günther
3591f79b7e Remove more trailing semicolons in Python files 2013-02-07 19:52:44 +01:00
Jiri Denemark
d648b05678 examples: Fix balloon event callback 2012-12-11 13:25:50 +01:00
Daniel P. Berrange
1465876a04 Bind connection close callback APIs to python binding
Add code in the python binding to cope with the new APIs
virConnectRegisterCloseCallback and
virConnectUnregisterCloseCallback. Also demonstrate their
use in the python domain events demo

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-04 13:50:11 +00:00