The libvirtd daemon has some arbitrary logic to drop privileges, but
only on Solaris platforms. This was added during Xen days, when Xen was
the only driver running in libvirtd. There's no expectation or testing
that this works with the new libxl stack, nor whether dropping
privileges breaks any of the secondary drivers. Finally, we'll be
splitting drivers out into their own independant daemons, so this won't
be applicable to libvirtd in future anyway.
The remote driver client meanwhile arbitrarily disables daemon
auto-spawn when connecting as non-root, breaking a key feature of
libvirt unprivileged connections.
Since we've not had any contributions for Solaris since circa 2012
and we don't do any CI testing we should consider this platform
unmaintained and thus reasonable to remove this cruft. If someone steps
forward to maintain Solaris again, this code would need re-evaluating to
come up with something more targetted.
There's various __sun conditionals in the Xen driver code, but those are
not touched. This is all for the legacy Xen driver, which will be
entirely removed at some point in future, so not benefit to hacking out
just the Solaris parts.
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1558317
Similarly to b133fac356 we need to look up alias of CCID
controller when constructing smartcard command line instead of
relying on broken assumption it will always be 'ccid0'. After
user aliases it can be anything.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Starting with commit id 'fab9d6e1' the formatting of:
{ "command-name", QEMU_CAPS_NAME },
was altered to:
{ "command-name", QEMU_CAPS_NAME},
and then commit id 'e2b05c9a' altered that to:
{ "command-name", QEMU_CAPS_NAME}
So, let's just fix that up to make things consistent with the
rest of the structures.
Signed-off-by: John Ferlan <jferlan@redhat.com>
The 'simple' monitor tests were quite useless, since the code did not
even check whether the correct command was called.
This patch uses the QAPI schema validator to validate that the arguments
are in format according to the schema.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Add infrastructure that will allow testing schema of the commands we
pass to the fake monitor object, so that we can make sure that it
actually does something.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Prepare for testing of the schema of used commands by changing few
arguments to values which will not be rejected.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Add a function which will allow to test whether a JSON object conforms
to the QAPI schema. This greatly helps when developing formatters for
new JSON objects and will help make sure that the code will not break in
cases which have unit tests but were actually not function-tested
(mostly various disk access protocols).
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Add the QAPI schema (returned by 'query-qmp-schema' command) which will
be used for QAPI schema testing in upcoming patches.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
virQEMUQAPISchemaTraverse would return previous-to-last queried item on
a query. It would not be a problem if checking if the given path exists
since error reporting works properly but if the caller is interested in
the result, it would be wrong.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
The JSON array was processed to the hash table used by the query apis in
the monitor code. Move it to a new helper in qemu_qapi.c.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Change the prefix of the functions to 'virQEMUQapi' and rename the two
public APIs so that the verb is put last.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
The code that calls VIR_WARN after a function fails, doesn't
report the error message raised by the failing function.
Such error messages are now reported in lxc/lxc_driver.c
Signed-off-by: Prafullkumar Tale <talep158@gmail.com>
libvirt-dbus is a new binding that wraps libvirt API into D-Bus calls.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Most of the augeas test files use ::CONFIG:: to pull in the master
config file for testing. This ensures that entries added to the config
file are actually tested by augeas.
This identified the missing admin_max_clients example in the virtlogd
config file, which in turn prompted a change in description of the
max_clients parameter, since these daemons don't have separate
readonly & readwrite sockets.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The global log buffer feature was deleted in:
commit c0c8c1d7bb
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Mon Mar 3 14:54:33 2014 +0000
Remove global log buffer feature entirely
A earlier commit changed the global log buffer so that it only
records messages that are explicitly requested via the log
filters setting. This removes the performance burden, and
improves the signal/noise ratio for messages in the global
buffer. At the same time though, it is somewhat pointless, since
all the recorded log messages are already going to be sent to an
explicit log output like syslog, stderr or the journal. The
global log buffer is thus just duplicating this data on stderr
upon crash.
The log_buffer_size config parameter is left in the augeas
lens to prevent breakage for users on upgrade. It is however
completely ignored hereafter.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This was in the 1.2.3 release, and 4 years is sufficient time for a
graceful upgrade path for augeas, so all remaining traces are now
removed.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
So far the virt-aa-helper tests only checked the return code and thereby
catched aborts like issues failing to parse the XML. But there is one
category of virt-aa-helper issues so far untested - not generating the
expected rule.
This adds a basic grep based checks after each test to match against the
rule that is expected to be added by the test.
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
nvdimm memory is backed by a path on the host. This currently works only via
hotplug where the AppArmor label is created via the domain label callbacks.
This adds the virt-aa-helper support for nvdimm memory devices to generate
rules for the needed paths from the initial guest definition as well.
Example in domain xml:
<memory model='nvdimm'>
<source>
<path>/tmp/nvdimm-base</path>
</source>
<target>
<size unit='KiB'>524288</size>
<node>0</node>
</target>
</memory>
Works to start now and creates:
"/tmp/nvdimm-base" rw,
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Input devices can passthrough an event device. This currently works only via
hotplug where the AppArmor label is created via the domain label callbacks.
This adds the virt-aa-helper support for passthrough input devices to generate
rules for the needed paths from the initial guest definition as well.
Example in domain xml:
<input type='passthrough' bus='virtio'>
<source evdev='/dev/input/event0' />
</input>
Works to start now and creates:
"/dev/input/event0" rw,
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
d8116b5a "security: Introduce functions for input device hot(un)plug"
implemented the code (Set|Restore)InputLabel for several security modules,
this patch adds an AppArmor implementation for it as well.
That fixes hot-plugging event input devices by generating a rule for the
path that needs to be accessed.
Example hot adding:
<input type='passthrough' bus='virtio'>
<source evdev='/dev/input/event0' />
</input>
Creates now:
"/dev/input/event0" rwk,
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1755153
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Recent changes have made implementing this mandatory to hot add any
memory.
Implementing this in apparmor fixes this as well as allows hot-add of nvdimm
tpye memory with an nvdimmPath set generating a AppArmor rule for that
path.
Example hot adding:
<memory model='nvdimm'>
<source>
<path>/tmp/nvdimm-test</path>
</source>
<target>
<size unit='KiB'>524288</size>
<node>0</node>
</target>
</memory>
Creates now:
"/tmp/nvdimm-test" rwk,
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1755153
Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
The set of arguments was changed a long time ago (040d996342
which dates back to July 2013) but the corresponding
documentation was not updated.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
The flags passed to virCommandPassFD() are unnamed and
documentation to this function doesn't list them either.
Give them name and mention it in documentation to functions
using them.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@laine.org>
Also describe a possible side-affect due to changes in the default
(unspecified) value from 1000 to 256.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Long ago in commit dfa1e1dd53 the scheduler weight was accidentally
hardcoded to 1000. Weight is a setting with no unit since it is
relative to the weight of other domains. If no weight is specified,
libxl defaults to 256.
Instead of hardcoding the weight to 1000, honor any <shares> specified
in <cputune>. libvirt's notion of shares is synonomous to libxl's
scheduler weight setting. If shares is unspecified, defer default
weight setting to libxl.
Removing the hardcoded weight required some test fixup. While at it,
add an explicit test for <shares> conversion to scheduler weight.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Inspired by commit ffb7954f to improve readability of the libxl
migration APIs.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
In libxlDomainMigrationPrepare it is possible to dereference a NULL
libxlDomainObjPrivatePtr in early error paths. Check for a valid
'priv' before using it.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Similar to other uses of virDomainObjListAdd, on success add a ref to the
virDomainObj so that virDomainObjEndAPI can be called as usual.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
If starting the domain fails in libxlDomainCreateXML, we mistakenly
jumped to cleanup without calling libxlDomainObjEndJob. Remove the
jump to 'cleanup'.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Most libxl driver API use the pattern of lock and add a ref to
virDomainObj, perform API, then decrement ref and unlock in
virDomainEndAPI. In some cases the API may call
virDomainObjListRemove, which unlocks the virDomainObj. Relock
the object in such cases so EndAPI is called with a locked object.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
The QEMU binary is compiled from the v2.12.0-rc0 tag.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
We're going to use the same test case to exercise all optional
pSeries features, so a more generic name is needed.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
The https:// protocol is much more reliably usable than git:// when
faced with unreasonably strict firewalls. The libvirt.org web server is
now setup to support the smart https:// protocol, which is just as fast
as git://, so change all the docs to use https://
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The gitorious.org service went away a long time ago now, and our main
download.html page tells people where all the official mirrors are
for every component.
Meanwhile telling people about CVS is a bad joke in 2018, and the CVS
server no longer exists on libvirt.org
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Macros in RPMs are expanded before line continuations, so when we write
%systemd_preun foo \
bar
What happens is that it expands to
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
systemctl --no-reload disable --now foo \ > /dev/null 2>&1 || :
fi
bar
which is obviously complete garbage and not what we expected. It is
simply not safe to ever use line continuations in combination with
macros.
Reviewed-by: Laine Stump <laine@laine.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Fix comments for virConnectListAllNodeDevices and
virConnectListAllSecrets.
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1556828
When defining a domain that has <interface type='hostdev'/> our
parser creates two entries in virDomainDef: one for <interface/>
and one for <hostdev/>. However, some info is shared between the
two which makes user alias validation fail because alias belongs
to the set of shared info.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
While RHEL / CentOS are still using Python 2 for the time being,
Fedora has already switched to Python 3 as the default Python
interpreter a while ago, so on that OS it doesn't make sense to
drag in Python 2 anymore.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
While RHEL / CentOS are still using Python 2 for the time being,
Fedora has already switched to Python 3 as the default Python
interpreter a while ago, so on that OS it doesn't make sense to
drag in Python 2 anymore; the same applies to future RHEL versions.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Our build process no longer depends on Python 2, so we can
finally allow Python 3 to satisfy our requirement for a Python
interpreter.
Since several distributions have now switched to installing
Python 3 by default and Python 2 is on its way out, prefer the
former when both are available.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Although it was never formally specified, it was always expected
that the mingw RPM build would happen on Fedora, if anything
because RHEL / CentOS don't ship the necessary mingw dependencies.
Make this fact explicit by erroring out if that's not the case,
the same way we already do in the main spec file.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>