* src/Makefile.am: Add processinfo.h/processinfo.c
* src/util/processinfo.c, src/util/processinfo.h: Module providing
APIs for getting/setting process CPU affinity
* src/qemu/qemu_driver.c: Switch over to new APIs for schedular
affinity
* src/libvirt_private.syms: Export virProcessInfoSetAffinity
and virProcessInfoGetAffinity to internal drivers
0.7.3 was broken
* configure.in docs/news.html.in: release of 0.7.4
* configure.in libvirt.spec.in: require netcf >= 0.1.4
* src/Makefile.am: node_device/node_device_udev.h was missing from
NODE_DEVICE_DRIVER_UDEV_SOURCES breaking compilation on platforms with
udev
HAL has been deprecated since F12 and RHEL-6, so if building on
these platforms, switch on the udev driver instead
* libvirt.spec.in: Activate udev on F12/RHEL6
* python/generator.py python/libvirt-override-api.xml
python/libvirt-override.c: implement the bindings for
virConnectListInterfaces() and virConnectListDefinedInterfaces()
* tools/virsh.pod: the man page was stating that most operations
are asynchronous while in fact most of them are synchronous except
domain shutdown, setvcpus and setmem.
For backward compatibility we used to add the tty path as
a tty attribute on console of type pty, duplicating the value
now found in source/@path, but the Relax-NG grammar wasn't
extended for this
<console type='pty' tty='/dev/pts/8'>
<source path='/dev/pts/8'/>
<target port='0'/>
</console>
* docs/schemas/domain.rng: allow an optional tty attribute
containing a devicePath
Recent qemu releases require command option '-enable-qemu' in order
for the kvm functionality be activated. Libvirt needs to pass this flag
to qemu when starting a domain. Note that without the option,
even if both the kernel and qemu support KVM, KVM will not be activated
and VMs will be very slow.
* src/qemu/qemu_conf.h src/qemu/qemu_conf.c: parse the extra command
line option from help and add it when running kvm
* tests/qemuhelptest.c: this modified the flags output for qemu-0.10.5
and qemu-kvm-0.11.0-rc2 regression tests
Erroneously included the sysfs_path and parent_sysfs_path elements in
the node device xml, they were not supposed to show up there
* src/conf/node_device_conf.c: remove the output of the 2 fields
I realized that I inadvertently added a member to the def struct to
contain each device's sysfs path when there was an existing member in the
dev struct for "OS specific path to device metadat, eg sysfs" Since the
udev backend needs to record the sysfs path while it's in the process of
creating the device, before the dev struct gets allocated, I chose to
remove the member from the dev struct.
* src/conf/node_device_conf.c src/conf/node_device_conf.h
src/node_device/node_device_driver.c src/node_device/node_device_hal.c
src/node_device/node_device_udev.c: remove devicePath from the
structure and use def->sysfs_path instead
The qemudStartVMDaemon() and several functions it calls use
the QEMU monitor. The QEMU driver is locked while this function
is executing, so it is rquired to release the driver lock and
reacquire it either side of issuing a monitor command. It
failed todo so, leading to deadlock
* qemu/qemu_driver.c: Release driver when in qemudStartVMDaemon
and things it calls
VMware uses two MAC address prefixes: 00:0c:29 and 00:50:56. The 00:0c:29
prefix is used for ESX server generated addresses. The 00:50:56 prefix is
split into two parts. MAC addresses above 00:50:56:3f:ff:ff are generated
by a vCenter. The rest of the 00:50:56 prefix can be assigned manually.
Any MAC address within the 00:0c:29 and 00:50:56 prefix can be specified
in a domain XML config and the driver will handle the details internally.
* src/esx/esx_vmx.c: fix MAC address formatting
* tests/xml2vmxdata/*: update test files accordingly
* docs/drivers.html.in: list the ESX driver
* docs/drvesx.html.in: the new ESX driver documentation
* docs/hvsupport.html.in: add the ESX driver to the matrix
* docs/index.html.in, docs/sitemap.html.in: list the ESX driver
* src/esx/esx_driver.c: fix and cleanup some comments
Debian's /etc/xml/catalog doesn't contain system identifiers, so use
public identifiers instead.
* docs/Makefile.am: use public instead of system identifier
* docs/site.xsl: use matching public identifier
* src/xen/xen_hypervisor.c: xen-unstable changeset 19788 removed
MAX_VIRT_CPUS from public headers, breaking compilation of libvirt
on -unstable. Its semanitc was retained with XEN_LEGACY_MAX_VCPUS.
Ensure MAX_VIRT_CPUS is defined accordingly.
If 'with_udev=check' then missing pciaccess should not be a fatal
error. It should merely disable the udev driver.
* configure.in: Fix pciaccess check to be non-fatal
Device kit support was removed, but the configure.ac checks were
left in place. A number of the XXX_REQUIRED=X.Y.Z variables were
not declared in the correct location (ie top of the file)
* configure.in: Remove device kit checks & move mis-placed variables
to correct location
The QEMU monitor open method would not take a reference on
the virDomainObjPtr until it had successfully opened the
monitor. The cleanup code upon failure to open though would
call qemuMonitorClose() which would in turn decrement the
reference count. This caused the virDoaminObjPtr to be mistakenly
freed and then the whole driver crashes
* src/qemu/qemu_monitor.c: Fix reference counting in
qemuMonitorOpen
The HAL driver returns a fatal error code in the case where HAL
is not running. This causes the entire libvirtd daemon to quit
which isn't desirable. Instead it should simply disable the HAL
driver
* src/node_device/node_device_hal.c: Quietly disable HAL if it is
not running
Fixes https://launchpad.net/bugs/453335
* src/security/virt-aa-helper.c: suppress confusing and misleading
apparmor denied message when kvm/qemu tries to open a libvirt specified
readonly file (such as a cdrom) with write permissions. libvirt uses
the readonly attribute for the security driver only, and has no way
of telling kvm/qemu that the device should be opened readonly
Fixes https://launchpad.net/bugs/460271
* src/security/virt-aa-helper.c: require absolute path for dynamic added
files. This is required by AppArmor and conveniently prevents adding
tcp consoles to the profile
* examples/apparmor/libvirt-qemu: adds pulseaudio, alsa and preliminary
save/restore to the example apparmor abstraction
* examples/apparmor/usr.sbin.libvirtd: allows libvirtd access to inet
dgram, inet6 dgram, inet6 stream and /usr/lib/libvirt/*
The 'virsh console' command did not check if the domain was
already running before attempting to fetch the XML and extract
the console PTY path. This caused a slightly unhelpful / misleading
error message for the user. The explicit check ensures the user
gets an explicit 'domain is not running' message.
* tools/virsh.c: Validate that state != VIR_DOMAIN_SHUTOFF in
virsh console command
The wrong variable was being passed in with the LXC event callback
resulting in a later deadlock or crash
* src/lxc/lxc_driver.c: Pass 'vm' instead of 'driver' to event
callback
In the scenario where the cgroups were mounted but the
particular group did not exist, and the caller had not
requested auto-creation, the code would fail to return
an error condition. This caused the lxc_controller to
think the cgroup existed, and it then later failed when
attempting to use it
* src/util/cgroup.c: Raise an error if the cgroup path does not
exist
There is a race condition in HAL driver startup where the callback
can get triggered before we have finished startup. This then causes
a deadlock in the driver.
* src/node_device/node_device_hal.c: RElease driver lock before
registering DBus callbacks
If the virDomainDefPtr object has an 'id' of -1, then forcably
set the VIR_DOMAIN_XML_INACTIVE flag to ensure generated XML
does not include any cruft from the previously running guest
such as console PTY path, or VNC port.
* src/conf/domain_conf.c: Set VIR_DOMAIN_XML_INACTIVE if
def->id is -1. Replace checks for def->id == -1 with
check against flags & VIR_DOMAIN_XML_INACTIVE.
The capng_lock() call sets the SECURE_NO_SETUID_FIXUP and SECURE_NOROOT
bits on the process. This prevents the kernel granting capabilities to
processes with an effective UID of 0, or with setuid programs. This is
not actually what we want in the container init process. It should be
allowed to run setuid processes & keep capabilities when root. All that
is required is masking a handful of dangerous capabilities from the
bounding set.
* src/lxc/lxc_container.c: Remove bogus capng_lock() call.
The libvirtd initscript could get confused between the system and
session instances of the daemon. To avoid this it is neccessary
to check the pidfile explicitly.
* daemon/libvirtd.init.in: Always check the pidfile of the system
daemon to avoid confusion with the session daemons
* src/security/virt-aa-helper.c: get_definition() now calls the new
caps_mockup() function which will parse the XML for os.type,
os.type.arch and then sets the wordsize. These attributes are needed
only to get a valid virCapsPtr for virDomainDefParseString(). The -H
and -b options are now removed from virt-aa-helper (they weren't used
yet anyway).
* tests/virt-aa-helper-test: extend and fixes tests, chmod'ed 755
uses libpciaccess to provide human readable names for PCI vendor and
device IDs
* configure.in: add a requirement for libpciaccess >= 0.10.0
* src/Makefile.am: add the associated compilation flags and link
* src/node_device/node_device_udev.c: lookup the libpciaccess for
vendor name and product name based on their ids
