The virNWFilterVarCombIterNext method will free its
parameter when it gets to the end of the iterator.
This is somewhat misleading design, making it appear
as if the caller has a memory leak. Remove the free'ing
of the parameter and ensure that the calling method
ebiptablesCreateRuleInstanceIterate free's it instead.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The ebiptablesAddRuleInst method would leak an instance
of ebiptablesRuleInstPtr if it hit OOM when adding it
to the list of instances. Remove the pointless helper
method virNWFilterRuleInstAddData and just inline the
call to VIR_APPEND_ELEMENT and free the instance on
failure.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The libxl driver reads /proc/xen/capabilities to see if it
is on a Dom0 kernel. If that file does not even exist though,
an error is logged. Check for the file existance before trying
to read its contents to avoid the log message.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Addition of the hostbridge device was mistakenly placed to
bhyveBuildNetArgStr(). This could result in hostbridge device not being
added to the commandline if there are no network devices specified, but
hostbridge device should be added unconditionally.
Fix by placing it to virBhyveProcessBuildBhyveCmd().
https://bugzilla.redhat.com/show_bug.cgi?id=992980
This config tunable allows users to determine the maximum number of
accepted but yet not authenticated users.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
The counter gets incremented on each unauthenticated client added to the
server and decremented whenever the client authenticates.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
- As of commit 2ff4c137, all virGet*() functions in datatypes.c always
return pointers to new objects. Objects are not cached in a
per-connection hashtable.
- Fix variable names in comments for all vir*Dispose() functions in
datatypes.c.
- Add comments for virGetStream(), virStreamDispose(),
virGetDomainSnapshot(), virDomainSnapshotDispose().
Signed-off-by: Michael Chapman <mike@very.puzzling.org>
Our current pidfile acquire APis (virPidFileAcquire) simply return -1 upon
failure to acquire a lock. This patch adds a parameter 'bool waitForLock'
which instructs the APIs if we want to make it block and wait for the lock
or not.
Thre was a syntax error in checking virRegisterStateDriver in
the remote driver, and bogus checking of a void return type
of virDomainConfNWFilterRegister in nwfilter.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit moves a few directories into more appropriate subpackages.
In a few cases a directory is owned by two subpackages, however this is
OK as long as the permissions and ownership for the directory are
consistent between them.
- %{_sysconfdir}/libvirt/qemu/
Used by the qemu and network drivers.
When building with separate driver modules, this directory is only
owned by l-d-d-network. l-d-d-qemu has a hard dependency on
l-d-d-network, which means this directory is created with the
correct permissions and ownership, however it's clearer if both
subpackages own the directory independently.
- %{_sysconfdir}/libvirt/nwfilter/
Used by the nwfilter driver only.
This directory is currently always owned by libvirt-daemon. This
commit moves it into l-d-d-nwfilter when building with separate
driver modules.
- %{_localstatedir}/run/libvirt/network/
Used by the network and nwfilter drivers.
When building without separate driver modules, this directory is
should be owned by libvirt-daemon only if either of these drivers
are enabled. When building with separate driver modules, this
directory should be owned by l-d-d-nwfilter in addition to
l-d-d-network.
- %{_datadir}/libvirt/networks/ and
%{_datadir}/libvirt/networks/default.xml
Used only by the %post scriptlet in libvirt-daemon-config-network.
Signed-off-by: Michael Chapman <mike@very.puzzling.org>
Coverity found an issue in lxc_driver and uml_driver that we don't
check the return value of register functions.
I've also updated all other places and unify the way we check the
return value.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Right now we are parsing the XML as though it's live, which for example
will choke on hardcoded XML like:
<seclabel type='dynamic' model='selinux' relabel='yes'/>
Erroring with:
$ sudo virsh domxml-to-native qemu-argv f
error: XML error: security label is missing
All drivers are fixed, but only qemu was tested.
We have to explicitly destroy TAP devices on FreeBSD because
they're not freed after being closed, otherwise we end up with
orphaned TAP devices after destroying a domain.
A recent change to openvz_driver.c caused Coverity to make additional
comparisons and find that the openvzRegister() was not checking the
status of virRegisterDriver() call like other callers and thus generated
a CHECKED_RETURN condition
This rule wouldn't be able to find any case of a hardcoded indent that
was in the middle of a string, but then virBuffer doesn't add
indentation in the middle of a string either.
There were a lot of changes here, but all very mechanical. For some
reason, the virBufferPtr had been named "xml" instead of "buf" in this
file, so since the indentation changing touched almost every line
using the buffer, I took this chance to change its name for "buf" for
consistency with every other file.
This file was using multiple virBuffers, inserting the contents of
buf3 into buf2, then inserting the contents of buf2 into buf1, rather
than the more conventional method of just passing around a single
virBufferPtr and streaming everything into that single buffer. This
was unnecessary, and also made it more difficult to make indentation
relative, because when you insert a string into a buffer, the
indentation of the buffer is only applied once at the beginning of the
string, *not* each time a newline is encountered in the string.
These format functions needed the ability to be indented by an
arbitrary amount, but were written before the introduction of
virBufferAdjustIndent(). They instead used the much more clunky method
of adding a "level" arg to every format function, and padding with
spaces using the "%*s" printf format specifier (giving it the level,
and "", which has the effect of adding level spaces to the output).
While eliminating the hardcoded indentation in other xml, I decided it
was finally time to also modernize the interface formatter code to
make it more consistent.
All leading spaces in domain snapshot xml format functions have been
replaced with appropriate calls to virBufferAdjustIndent(). This will
make it easier to call other similarly fixed format functions
(e.g. domain device format functions).
Many of the domain xml format functions (including all of the device
format functions) had hard-coded spaces, which made for incorrect
indentation when those functions were called in a different context
(for example, commit 2122cf39 added <interface> XML into the document
provided to a network hook script, and in this case it should have
been indented by 2 spaces, but was instead indented by 6 spaces).
To make it possible to insert a properly indented device anywhere into
an XML document, this patch removes hardcoded spaces from the
formatting functions, and calls virBufferAdjustIndent() at appropriate
places instead. (a regex search of domain_conf.c was done to assure
that all occurrences of hardcoded spaces were removed).
virDomainDiskSourceDefFormatInternal() is also called from
snapshot_conf.c, so two virBufferAdjustIndent() calls were temporarily
added around that call - those functions will have hardcoded spaces
removed in a separate patch.
This could cause some conflicts when backporting future changes to the
formatting functions to older branches, but fortunately the changes
are almost all trivial, so conflict resolution will be obvious.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=862887
Add a netmask for the source and destination IP address for the
ebtables --arp-ip-src and --arp-ip-dst options. Extend the XML
parser with support for XML attributes for these netmasks similar
to already supported netmasks. Extend the documentation.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1072292
Fix a problem related to rule priorities that did not allow to
have rules applied that had a higher priority than the chain they
were in. In this case the chain did not exist yet when the rule
was instantiated. The solution is to adjust the priority of rules
if the priority of the chain is of higher value. That way the chain
will be created before the rule.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Commit 6b306d66 converted virHostdevManager to a virObject, but
missed adding a virObject field to the virHostdevManager struct.
Result is memory corruption when taking a reference on an instance
of the object, where atomic inc is done on the stateDir field.
Later use of stateDir crashes libvirtd.
When I played with virtlockd I was stunned by lacking
documentation. My frustration got bigger when I had to
read the patches to get the correct value to set in
qemu.conf.
Moreover, from pure libvirt-pride I'm changing commented
value from sanlock to lockd. We want to favor our own
implementation after all.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
When ABI stability check fails, we only log the error message describing
the incompatibility. Let's log both XMLs in case of an error to make it
easier to analyze where and why the stability check failed.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
The kernel didn't support the unprivileged SGIO for SCSI generic
device finally, and since it's unknow whether the way to support
unprivileged SGIO for SCSI generic device will be similar as for
SCSI block device or not, even it's simliar (I.e. via sysfs, for
SCSI block device, it's /sys/dev/block/8\:0/queue/unpriv_sgio,
for example), the file name might be different, So it's better not
guess what it should be like currently.
This patch removes the related code (mainly about the "shareable"
checking on the "sgio" setting, it's not supported at all, why
we leave checking code there? :-), and error out if "sgio" is
specified in the domain config.
This is a request for adding a VMmanager application as requested and
described by Ksenya Phil.
Signed-off-by: Ksenya Phil <philka2003@mail.ru>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
As soon as any guest mounts xenfs to /proc/xen, there is a capabilities
file in that directory. However it returns nothing when reading from it.
Change the test to actually check the contents of the file.
BugLink: http://bugs.launchpad.net/bugs/1248025
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
While running vircryptotest, it was found that valgrind pointed out the
following error:
==27453== Invalid write of size 1
==27453== at 0x4C7D7C9: virCryptoHashString (vircrypto.c:76)
==27453== by 0x401C4E: testCryptoHash (vircryptotest.c:41)
==27453== by 0x402A11: virtTestRun (testutils.c:199)
==27453== by 0x401AD5: mymain (vircryptotest.c:76)
==27453== by 0x40318D: virtTestMain (testutils.c:782)
==27453== by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
==27453== Address 0x51f0541 is 0 bytes after a block of size 65 alloc'd
==27453== at 0x4A0577B: calloc (vg_replace_malloc.c:593)
==27453== by 0x4C69F2E: virAllocN (viralloc.c:189)
==27453== by 0x4C7D76B: virCryptoHashString (vircrypto.c:69)
==27453== by 0x401C4E: testCryptoHash (vircryptotest.c:41)
==27453== by 0x402A11: virtTestRun (testutils.c:199)
==27453== by 0x401AD5: mymain (vircryptotest.c:76)
==27453== by 0x40318D: virtTestMain (testutils.c:782)
==27453== by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
==27453==
...and many more. Two observations: hashstrlen was already set
to include the trailing NUL byte (so writing to hashstrlen as
the array offset was indeed writing one byte beyond bounds), and
VIR_ALLOC_N already guarantees zero-initialization (so we already
have a trailing NUL without needing to explicitly write one).
Signed-off-by: Eric Blake <eblake@redhat.com>