Commit Graph

1679 Commits

Author SHA1 Message Date
Daniel P. Berrange
f9d4280145 virt-login-shell: add ability to join the container cgroups
Prior to joining the namespaces of the container, move the
process into the containers' cgroups, so that the shell that
is subsequently launched is under the container resource
constraints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-10 11:03:02 +01:00
Daniel P. Berrange
18a10ddc16 virt-login-shell: add ability to auto-detect shell from container
Currently the shell must be looked up from the config setting in
/etc/libvirt/virt-login-shell.conf. This is inflexible if there
are containers where different users need different shells. Add
add a new 'auto-shell' config parameter which instructs us to
query the containers' /etc/passwd for the shell to be exec'd.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-10 11:03:02 +01:00
Daniel P. Berrange
ee877b8710 virt-login-shell: fully reset container environment
The virt-login-shell environment will be initialized with
an arbitrary number of environment variables determined
by the SSH daemon and PAM configuration. Most of these are
not relevant inside the container, and at best they are
noise and at worst they'll break apps. For example if
XDG_RUNTIME_DIR is leaked to the container, it'll break
any apps using it, since  the directory it points to is
only visible to the host OS filesystem, not the container
FS.

Use clearenv() to blank out everything and then set known
good values for PATH, SHELL, USER, LOGNAME HOME and TERM.
Everything else is left up to the login shell to initialize.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-10 11:03:02 +01:00
Daniel P. Berrange
1ebe6f2434 virt-login-shell: avoid loosing error during cleanup
The virDomainFree / virConnectClose methods will reset the
last error handle, so we must save the error during cleanup

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-10 11:03:02 +01:00
Daniel P. Berrange
730466081c virt-login-shell: allow shell to be a simple string argument
Currently the shell config file parameter must be a list
giving the shell path and args. Allow it to be a plain
string argument as well.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-10 11:03:01 +01:00
Daniel P. Berrange
8a95d3df48 virt-login-shell: change way we request a login shell
Currently we request a login shell by passing the -l argument
to the shell. This is either hardcoded, or required to be
specified by the user in the virt-login-shell.conf file.

The standard way for login programs to request a shell run
as a login shell is to modify the argv passed to execve()
so that argv[0] contains the relative shell filename
prefixed with a zero. eg instead of doing

  const char **shellargs = ["/bin/bash", "-l", NULL];
  execve(shellargs[0], shellargs, env);

We should be doing

  const char **shellargs = ["-bash", NULL];
  execve("/bin/bash", shellargs, env);

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-10 11:03:01 +01:00
Daniel P. Berrange
da7396605b virt-login-shell: honour the -c option to launch commands
The virt-login-shell program is supposed to look like a
regular shell to clients. Login services like sshd
expect the shell to accept a '-c cmdstring' argument to
specify a command to launch instead of presenting an
interactive prompt.

We can implement this by simply passing the '-c cmdstring'
data straight through to the real shell we use. This does
not open any security holes, since the command is not run
until we're inside the container namespaces. This allows
scp to work for users with virt-login-shell.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-10 11:03:01 +01:00
Daniel P. Berrange
291e1a470c virsh: make lxc-enter-namespace also join the cgroups
Extend the lxc-enter-namespace command so that it joins the
containers' cgroups before starting new namespaces. This
ensures that the commands run have the normal resource
limits applied

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-10 11:03:01 +01:00
Pavel Hrdina
b1f6792cb6 virsh-domain: fix memory leak in cmdDomDisplay
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 09:14:32 +02:00
Michal Privoznik
5ec2b0cca5 virsh-network: Avoid possible NULL deref in cmdNetworkDHCPLeases
Problem is, localtime_r() returns a pointer to converted time or
NULL in case of an error. But checking the glibc sources, error
will occur iff a NULL has been passed as an either of arguments
the function takes. But GCC fails to see that:

../../tools/virsh-network.c: In function 'cmdNetworkDHCPLeases':
../../tools/virsh-network.c:1370:12: error: potential null pointer dereference [-Werror=null-dereference]
         ts = *localtime_r(&expirytime_tmp, &ts);
         ~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-06-08 15:56:08 +02:00
Pavel Hrdina
4ddde38e2d virsh: domdisplay: if listen is 0.0.0.0 or [::] print address from URI
Currently if a guest has listen address 0.0.0.0 or [::] and you run
"virsh domdisplay $domain" you always get "spice://localhost:$port".

We want to print better address if someone is connected from a different
computer using "virsh -c qemu+ssh://some.host/system".  This patch fixes the
behavior of virsh to print in this case "spice://some.host:$port".

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1332446

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-08 13:54:25 +02:00
Erik Skultety
90d506e3e5 virt-admin: Introduce commands srv-clients-info and srv-clients-set
Finally wire-up virAdmServer{Get,Set}ClientLimits APIs into virt-admin client.
Update the virt-admin's man page accordingly.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-19 12:31:53 +02:00
Peter Krempa
cb2e3e50ee util: string: Introduce virStringEncodeBase64
Add a new helper that sanitizes error semantics of base64_encode_alloc.
2016-05-16 12:58:48 +02:00
Erik Skultety
898c0bbea7 headers: Remove unnecessary keyword extern from function declaration
Usage of this keyword in front of function declaration that is exported via a
header file is unnecessary, since internally, this has been the default for most
compilers for quite some time.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-11 09:06:32 +02:00
Erik Skultety
90b4babeb7 virt-admin: Introduce client-disconnect command
Enable the client disconnect within virt-admin. Also, update the man page
accordingly.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-10 16:05:17 +02:00
Nishith Shah
161713436e virsh: blkdeviotune: accept human readable values for bytes
https://bugzilla.redhat.com/show_bug.cgi?id=885380

Use vshCommandOptScaledInt instead of vshCommandOptULongLong so that
values with suffixes can be passed when bytes are being passed along.
Values for the iops parameters still need to be given in the absolute
form as they are not bytes but numbers.

Signed-off-by: Nishith Shah <nishithshah.2211@gmail.com>
2016-05-09 07:48:08 +02:00
Nitesh Konkar
aaf3ebf760 virsh: Pass the correct live/config xml to virshDomainDetachInterface.
cmdDetachInterface function checks for live config
flags and then passes the live/config domain xml
to virshDomainDetachInterface accordingly.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2016-05-04 11:33:22 -04:00
Nitesh Konkar
6289cebf40 virsh: Introduce virshDomainDetachInterface function
virshDomainDetachInterface handles virsh interface
detach from the specified live/config domain xml.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2016-05-04 11:30:46 -04:00
Bjoern Walk
71714e8549 tools: virt-host-validate: HW virt support on s390
Extend the detection of hardware virtualization to the s390 platform.

Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2016-05-04 16:30:30 +02:00
Bjoern Walk
efc23df251 tools: virt-host-validate: improve error handling
When virHostValidateCPUFlag returns NULL, that's more an unexpected
error than the sign of missing CPU flags. Let's react to this
appropriately.

Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2016-05-04 16:30:30 +02:00
Bjoern Walk
6391012852 tools: virt-host-validate: fix CPU flag detection
Let's fix CPU flag detection on s390, where the flags line begins with
a lower-case 'features'.

Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2016-05-04 16:30:30 +02:00
Bjoern Walk
45c2dcfb91 tools: virt-host-validate: fix missing translation marker
Fix a minor typo.

Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2016-05-04 16:30:30 +02:00
Peter Krempa
f4bdf2e3ab virsh: volume: Add --bytes to 'vol-info' 2016-05-04 10:03:04 +02:00
Erik Skultety
9662315df0 virt-admin: Introduce command client-info
Wire-up the client identity getter into virt-admin tool. This patch adjusts
man-page accordingly.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
de7703917d virt-admin: Introduce srv-clients-list command
Wire-up the public client listing API. Along with this change, a private time
simple conversion method to interpret client's timestamp obtained from server
has been added as well. Format used to for time output is as follows:
YYYY-mm-DD HH:MM:SS+ZZZZ.

Although libvirt exposes methods time-related methods through virtime.h
internally, it utilizes millisecond precision which we don't need in this case,
especially when connection timestamps use precision to seconds only.
This is just a convenience int to string conversion method.

To reflect the new API, man page has been adjusted accordingly.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 10:04:54 +02:00
Martin Kletzander
0c56d94318 tools: Fix connect command
The man page says: "(Re)-Connect to the hypervisor. When the shell is
first started, this is automatically run with the URI parameter
requested by the "-c" option on the command line."  However, if you run:

  virsh -c 'test://default' 'connect; uri'

the output will not be 'test://default'.  That's because the 'connect'
command does not care about any virsh-only related settings and if it is
run without parameters, it connects with @uri == NULL.  Not only that
doesn't comply to what the man page describes, but it also doesn't make
sense.  It also means you aren't able to reconnect to whatever you are
connected currently.

So let's fix that in both virsh and virt-admin add a test case for it.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-05-02 07:18:25 +02:00
Yuri Chornoivan
50fc4b4bdd Fix minor typos in messages
Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>
2016-04-30 15:37:31 +02:00
Nikolay Shirokovskiy
4d28d0931f virsh: Fix support for 64 migration options
Add ULL suffix to all related operands of << or shift will give
all zeros instead of correct mask.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-04-28 20:16:41 +02:00
Michal Privoznik
90bf5f5cb2 tools: Introduce install-nss targets
We do have something similar for installing init system files.
Basically I'm trying to avoid the following warning produced by
automake:

tools/Makefile.am:429: warning: uninstall-local was already defined in condition TRUE, which includes condition WITH_BSD_NSS ...
tools/Makefile.am:292: ... 'uninstall-local' previously defined here

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-04-25 18:56:48 +02:00
Andrea Bolognani
9538ecd52e man: Fix links
Use L<> instead of C<> for URLs and man pages.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
92b2c047d6 man: Fix SYNOPSIS section
Format the text properly.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
acd58c48c4 man: Fix NAME section
podchecker(1) complained about these, eg.

  *** WARNING: Verbatim paragraph in NAME section at line 3 in
               file tools/virt-host-validate.pod
2016-04-25 15:40:44 +02:00
Andrea Bolognani
6e742c7f18 build: Always ship virt-login-shell.conf
No need to special-case this one: we can add it to EXTRA_DIST so
that it will be shipped in any case, and if WITH_LOGIN_SHELL
happens to be enabled we mark it for installation as well.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
49ba028aed build: Replace variables in man pages
We can't use eg. @sysconfdir@ directly in the .pod file, because
pod2man(1) will interpret that as a variable name and format it
accordingly.

Instead, we use eg. SYSCONFDIR and use a subsequent sed(1) call
to turn it into the expected @sysconfdir@.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
f806febbdf build: Ensure intermediate files are cleaned up properly
All $(MANINFILES) should be deleted on distclean.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
7351f7fe68 build: Group files
Define $(PODFILES) and $(MANINFILES) so that adding a new man
page only requires changes in a few, well defined spots.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
378338ba28 build: Never ship man pages
The generated man pages may contain information that depend on
the build configuration, so they should not be shipped but
rather always built on the user's machine.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
5b479f3b5b build: Standardize on .pod -> .x.in -> .x
After this commit, all man pages are generated using the same two
steps:

  1. Process a source $command.pod file with pod2man(1) to obtain
     a valid man page in $command.$section.in

  2. Process $command.$section.in with sed(1) to obtain the final
     man page in $command.$section
2016-04-25 15:40:44 +02:00
Andrea Bolognani
9b77ce63f1 build: Perform post-processing on all man pages
Man pages in daemon/ and src/ are being already subjected to this
post-processing step: make it so those in tools/ are as well.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
90709d8d22 build: Build man pages in $(builddir)
No file should be created inside $(srcdir) during build.
2016-04-25 15:40:43 +02:00
Andrea Bolognani
94bf7e5d84 build: Extract pod from source files
Instead of embedding the pod information inside the respective
source files, store them in separate files.

This allows us to reduce the number of custom build rules as
most of the information can be inferred for the file name;
moreover, text editors are more likely to use proper syntax
highlighting for standalone pod files.
2016-04-25 15:40:43 +02:00
Andrea Bolognani
2d1269605c build: Ship virt-admin.pod
This is the source file for the virt-admin(1) manual page, so
it should be shipped.
2016-04-25 15:40:43 +02:00
Peter Krempa
3a703b8120 virsh: host: Use bitmap size in bytes rather than bit count
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1329819
2016-04-25 13:27:16 +02:00
Andrea Bolognani
d0062fb9b5 dist: ln(1) is not guaranteed to have a '-f' option
According to the autoconf manual, using '$(LN_S) -f' is not
portable; remove the target explicitly beforehand to work around
this limitation.

Adjust some slightly awkward indentation while at it.
2016-04-21 15:36:14 +02:00
Cole Robinson
a02a859be4 virsh: Don't clear old connection if 'connect $uri' fails
virsh # list --all
     Id    Name                           State
    ----------------------------------------------------
     1     test                           running

    virsh # connect frob
    error: Failed to connect to the hypervisor
    error: no connection driver available for frob

    virsh # list --all
    error: failed to connect to the hypervisor
    error: no valid connection
    error: no connection driver available for frob

Seems sensible IMO to just not clear out the old connection state
until the new virConnectOpen succeeds.

https://bugzilla.redhat.com/show_bug.cgi?id=829160
2016-04-21 09:29:20 -04:00
Roman Bogorodskiy
384dde557b virsh: re-fix help printing without connection
Re-do 0217089 so it does not add regression for commit c0726e0 that allowed to
print help without making a connection to the daemon.
2016-04-21 13:28:57 +03:00
Andrea Bolognani
ed5c929777 build: Use $(LN_S) safely
The autoconf documentation recommends to always use this
construct when creating symbolic links with $(LN_S) to avoid
unexpected behavior.
2016-04-21 10:02:36 +02:00
Andrea Bolognani
ce8379eedc build: Overwrite existing symbolic links
The current rule fails if the target already exists:

  cd /home/jenkins/build/libvirt/lib && \
    ln -s libnss_libvirt.so.1 nss_libvirt.so.1
  ln: nss_libvirt.so.1: File exists
  Makefile:3357: recipe for target 'install-exec-hook' failed

However, all other rules concerned with installation are
idempotent and will happily overwrite an existing target,
so this one should as well.
2016-04-21 10:02:36 +02:00
Peter Krempa
b4bc800cfc virsh: perf: Remove unnecessary 'error' label
The only place that uses it doesn't warrant a separate label.
2016-04-21 09:57:02 +02:00
Peter Krempa
f4f916a9e3 virsh: perf: Don't leak domain
After failing to parse the perf event list, the code would return
failure without freeing the previously acquired object. Rearrange the
code to avoid the problem.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1329046
2016-04-21 09:57:02 +02:00