Introduce Wireshark dissector plugin which adds support to Wireshark
for dissecting libvirt RPC protocol.
Added following files to build Wireshark dissector from libvirt source
tree.
* tools/wireshark/*: Source tree of Wireshark dissector plugin.
Added followings to configure.ac or Makefile.am.
configure.ac
* --with-wireshark-dissector: Enable support for building Wireshark
dissector.
* --with-ws-plugindir: Specify wireshark plugin directory that dissector
will installed.
* Added tools/wireshark/{Makefile,src/Makefile} to AC_CONFIG_FILES.
Makefile.am
* Added tools/wireshark/ to SUBDIR.
On my Fedora 20 box with mingw cross-compiler, the build failed with:
../../src/rpc/virnetclient.c: In function 'virNetClientSetTLSSession':
../../src/rpc/virnetclient.c:745:14: error: unused variable 'oldmask' [-Werror=unused-variable]
sigset_t oldmask, blockedsigs;
^
I traced it to the fact that mingw64-winpthreads installs a header
that does #define pthread_sigmask(...) 0, which means any argument
only ever passed to pthread_sigmask is reported as unused. This
patch works around the compilation failure, with behavior no worse
than what mingw already gives us regarding the function being a
no-op.
* configure.ac (pthread_sigmask): Probe for broken mingw macro.
* src/util/virutil.h (pthread_sigmask): Rewrite to something that
avoids unused variables.
Signed-off-by: Eric Blake <eblake@redhat.com>
Make it easy to install the shipped examples. The aim is to have
reasonably working templates so that distros only need to minimally
patch these and can feed things upstream more easily.
This was prompted by http://bugs.debian.org/725144
This partially reverts 5eb4b04211 and 62774afb6b.
Rewrite the domsuspend example from scratch. This time do it right.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Old versions of CIL did not understand the 'bool' data type,
but at least 1.7.3 does now cope. We can remove the old hack
which redefined bool and no longer compiles successfully.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Our option '--with-test-suite' could have never worked since it was
defined as AC_ARG_ENABLE([with-test-suite], ...), thus working only as
'--enable-with-test-suite', but documented in configure.ac as
AC_HELP_STRING([--with-test-suite], ...).
In my opinion, the help string is as it should be, but the option is
wrong.
The option has been broken since the introduction in commit 3a2fc27.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
As the python generator scripts are written in python2,
the ./configure script must check for python2 before checking for python
otherwise, on platforms where both python2 and python3 are available and
on which the default python points to python3, ./configure will try to use
the wrong one.
Signed-off-by: Lénaïc Huard <lenaic@lhuard.fr.eu.org>
The domain events demo program isn't really tied to domain
events anymore, so rename it to object events.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This patch resolves a compile issue caused by the
removal of examples/domsuspend code in commit
5eb4b04211. This issue
is only seen in a fresh checkout, but causes the build
and configure to fail.
We support gluster volumes in domain XML, so we also ought to
support them as a storage pool. Besides, a future patch will
want to take advantage of libgfapi to handle the case of a
gluster device holding qcow2 rather than raw storage, and for
that to work, we need a storage backend that can read gluster
storage volume contents. This sets up the framework.
Note that the new pool is named 'gluster' to match a
<disk type='network'><source protocol='gluster'> image source
already supported in a <domain>; it does NOT match the
<pool type='netfs'><source><target type='glusterfs'>,
since that uses a FUSE mount to a local file name rather than
a network name.
This and subsequent patches have been tested against glusterfs
3.4.1 (available on Fedora 19); there are likely bugs in older
versions that may prevent decent use of gfapi, so this patch
enforces the minimum version tested. A future patch may lower
the minimum. On the other hand, I hit at least two bugs in
3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
raising the minimum: glfs_readdir is nicer to use than
glfs_readdir_r [1], and glfs_fini should only return failure on
an actual failure [2].
[1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
[2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html
* configure.ac (WITH_STORAGE_GLUSTER): New conditional.
* m4/virt-gluster.m4: new file.
* libvirt.spec.in (BuildRequires): Support gluster in spec file.
* src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
type.
* src/conf/storage_conf.c (poolTypeInfo): Treat similar to
sheepdog and rbd.
(virStoragePoolDefFormat): Don't output target for gluster.
* src/storage/storage_backend_gluster.h: New file.
* src/storage/storage_backend_gluster.c: Likewise.
* po/POTFILES.in: Add new file.
* src/storage/storage_backend.c (backends): Register new type.
* src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
* src/storage/storage_backend.h (_virStorageBackend): Documet
assumption.
Signed-off-by: Eric Blake <eblake@redhat.com>
The python binding now lives in
http://libvirt.org/git/?p=libvirt-python.git
that repo also provides an RPM which is upgrade compatible
with the old libvirt-python sub-RPM.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The QEMU backend was disabled on Mac OS X without a reason in the code
and due to refactors its difficult to understand when/why it was
disabled. With QEMU being supported on Mac OS X there is no reason to
disable QEMU on this platform.
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.
The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.
Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
A future patch will allow disabling readline; doing this in an
isolated file instead of configure.ac will make the task easier.
* configure.ac: Move readline code...
* m4/virt-readline.m4: ...here.
Signed-off-by: Eric Blake <eblake@redhat.com>
The automake manual recommends against the use of disabling
maintainer mode by default:
https://www.gnu.org/software/automake/manual/automake.html#maintainer_002dmode
because when it is disabled, the user gets no indication if they
touch a file that would normally require a rebuild. Automake
1.11 changed things so that AM_MAINTAINER_MODE([enable]) will set
the mode to enabled by default; but RHEL 5 still uses automake 1.9,
where AM_MAINTAINER_MODE did not recognize an argument, and
therefore disables maintainer mode by default. Having the default
be different according to which version of automake built the
project is annoying, and I _have_ been bitten on RHEL 5 rebuilds
where the default disabled mode led to silently incorrect builds.
The automake manual admits that being able to disable maintainer
mode still makes sense for projects that still store generated
files from the autotools in version control; but we have dropped
that for several years now. As such, it's finally time to just
ditch the whole idea of maintainer mode, and unconditionally
rebuild autotools files if a dependency changes, without offering
a configure option to disable that mode.
* configure.ac (AM_MAINTAINER_MODE): Drop.
Signed-off-by: Eric Blake <eblake@redhat.com>
I tried to test ./configure --without-lxc --without-remote.
First, the build failed with some odd errors, such as an
inability to build xen, or link failures for virNetTLSInit.
But when you think about it, once there is no remote code,
all of libvirtd is useless, any stateful driver that depends
on libvirtd is also not worth compiling, and any libraries
used only by RPC code are not needed. So I patched
configure.ac to make for some saner defaults when an
explicit disable is attempted. Similarly, since we have
migrated virnetdevbridge into generic code, the workaround
for Linux kernel stupidity must not depend on stateful
drivers being in use.
Then there's 'make check' that needs segregation.
Wow - quite a bit of cleanup to make --without-remote useful :)
* configure.ac: Let --without-remote toggle defaults on stateful
drivers and other libraries. Pick up Linux kernel workarounds
even when qemu and lxc are not being compiled.
* tests/Makefile.am (test_programs): Factor out programs that
require remote.
* src/libvirt_private.syms (rpc/virnet*.h): Move...
* src/libvirt_remote.syms: ...into new file.
* src/Makefile.am (SYM_FILES): Ship new syms file.
Signed-off-by: Eric Blake <eblake@redhat.com>
Fixed the safezero call for allocating the rest of the file after cloning
an existing volume; it used to always use a zero offset, causing it to
only allocate the beginning of the file.
Also modified file creation to try to use fallocate(2) to pre-allocate
disk space before copying any data to make sure it fails early on if disk
is full and makes sure we can skip zero blocks when copying file contents.
If fallocate isn't available we will zero out the rest of the file after
cloning and only use sparse cloning if client requested a lower allocation
than the input volume's capacity.
Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.
To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.
This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'
Signed-off-by: Colin Walters <walters@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Commit f92c7e3 fixed a regression for native builds, but introduced
a regression for cross-compilation builds; in particular,
./autobuild.sh on a Fedora system with mingw cross-compiler fails
with:
checking for qemu-kvm... /usr/bin/qemu-kvm
checking for yajl_parse_complete in -lyajl... no
checking for yajl_tree_parse in -lyajl... no
configure: error: You must install the libyajl library & headers to compile libvirt
Since we default $with_qemu to 'yes' rather than 'check', and then
flip that default based on platform-specific checks, those platform
specifics need to come prior to any library checks that depend on
the value of $with_qemu.
* configure.ac: Ensure system defaults are sane before checking
for things that make decisions based on system default.
Signed-off-by: Eric Blake <eblake@redhat.com>
Bother those kernel developers. In the latest rawhide, kernel
and glibc have now been unified so that <netinet/in.h> and
<linux/in6.h> no longer clash; but <linux/if_bridge.h> is still
not self-contained. Because of the latest header change, the
build is failing with:
checking for linux/param.h... no
configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support
with details:
In file included from conftest.c:561:0:
/usr/include/linux/in6.h:71:18: error: field 'flr_dst' has incomplete type
struct in6_addr flr_dst;
We need a workaround to avoid our workaround :)
* configure.ac (NETINET_LINUX_WORKAROUND): New test.
* src/util/virnetdevbridge.c (includes): Use it.
Signed-off-by: Eric Blake <eblake@redhat.com>
Commits 9298bfb and f6c2951 both tried to make it possible to
select the correct libnl (1 vs. 3) according to what netcf
used, when both libraries are installed. This works to avoid
libnl-3 when netcf used libnl-1. But on the converse side, if
only libnl-1 development code is installed, while netcf uses
libnl-3, then configure happily uses libnl-1 anyways, leading
to a test failure:
$ VIR_TEST_DEBUG=1 ./virdrivermoduletest
TEST: virdrivermoduletest
1) Test driver "network" ... OK
2) Test driver "storage" ... OK
3) Test driver "nodedev" ... OK
4) Test driver "secret" ... OK
5) Test driver "nwfilter" ... OK
6) Test driver "interface"
... lt-virdrivermoduletest: route/tc.c:973: rtnl_tc_register: Assertion
`0' failed.
Aborted
It's much nicer to prevent this at configure time, by requiring that
if we know what netcf used, then we want the same libnl version. As
before, this can be bypassed by someone who knows what they are doing
by setting LIBNL_CFLAGS (perhaps useful to the rare person where the
build box has a different version of netcf than the installation box).
* configure.ac (LIBNL): If we can prove netcf used libnl-3, then
don't let configure succeed with libnl-1.
Signed-off-by: Eric Blake <eblake@redhat.com>
Jonathan Lebon reported an issue to me off-list about his build
failing to use qemu because he failed to install yajl-devel. But
I recalled specifically tweaking configure.ac to die in that
situation (commits 350583c, ba9c38b). After a bit more
head-scratching, we found the cause of the regression: commit
654c709 rearranged things so that the qemu version check now
occurs before AC_ARG_WITH has had a chance to set either
$with_qemu or $with_yajl.
Coincidentally, this fix aligns with a documentation patch that
was just posted to the autoconf mailing list :)
http://thread.gmane.org/gmane.comp.sysutils.autoconf.patches/8324
* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_LIB_ALT)
(LIBVIRT_CHECK_PKG): Populate defaults earlier.
* configure.ac (AC_ARG_WITH): Likewise for drivers.
Signed-off-by: Eric Blake <eblake@redhat.com>
Autoconf states that AC_HELP_STRING is obsolete, and that new
programs should use AS_HELP_STRING. We also had instances of
not properly quoting the macro usage, and not relying on autoconf's
word-wrapping abilities to avoid long lines. I validated that this
commit has no impact to the generated configure file.
* configure.ac (AC_ARG_WITH, AC_ARG_ENABLE): Autoconf recommends
the use of AS_HELP_STRING. Also, use proper quoting and wrap long
lines.
* m4/virt-apparmor.m4 (LIBVIRT_CHECK_APPARMOR): Likewise.
* m4/virt-selinux.m4 (LIBVIRT_CHECK_SELINUX): Likewise.
Signed-off-by: Eric Blake <eblake@redhat.com>
Automake 2.0 will enable subdir-objects by default; in preparation
for that change, automake 1.14 outputs LOADS of warnings:
daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
automake-1.14: warning: possible forward-incompatibility.
automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
automake-1.14: automake option hasn't been enabled. For now, the corresponding output
automake-1.14: object file(s) will be placed in the top-level directory. However,
automake-1.14: this behaviour will change in future Automake versions: they will
automake-1.14: unconditionally cause object files to be placed in the same subdirectory
automake-1.14: of the corresponding sources.
automake-1.14: You are advised to start using 'subdir-objects' option throughout your
automake-1.14: project, to avoid future incompatibilities.
daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
...
As automake 1.9 also supported this option, and the previous patches
fixed up the code base to work with it, it is safe to now turn it on
unconditionally.
* configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
* .gitignore: Ignore .dirstamp directories.
* src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
new subdir-object location of .lo files.
Signed-off-by: Eric Blake <eblake@redhat.com>
I'm tired of seeing screenfuls of messages like these when using
automake 1.13 (Fedora 19):
configure.ac:2121: warning: The 'AM_PROG_MKDIR_P' macro is deprecated, and its use is discouraged.
configure.ac:2121: You should use the Autoconf-provided 'AC_PROG_MKDIR_P' macro instead,
configure.ac:2121: and use '$(MKDIR_P)' instead of '$(mkdir_p)'in your Makefile.am files.
daemon/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
seeing as how we MUST use those constructs for the benefit of
automake 1.9 (RHEL 5). Conversely, RHEL 5 automake complained:
aclocal:configure.ac:36: warning: macro `AM_SILENT_RULES' not found in library
Obviously, I tested this patch on both Fedora 19 and RHEL 5.
* configure.ac (AM_INIT_AUTOMAKE): Avoid obsoletion warnings.
(AM_SILENT_RULES): Avoid unknown macro warning.
Signed-off-by: Eric Blake <eblake@redhat.com>
This patch changes virFileLoopDeviceOpen() to use the new loop-control
device to allocate a new loop device. If this behavior is unsupported
we fall back to the previous method of searching /dev for a free device.
With this patch you can start as many image based LXC domains as you
like (well almost).
Fixes bug https://bugzilla.redhat.com/show_bug.cgi?id=995543
The gnulib testsuite is relatively stable - the only times it is
likely to have a test change from pass to fail is on a gnulib
submodule update or a major system change (such as moving from
Fedora 18 to 19, or other large change to libc). While it is an
important test for end users on arbitrary machines (to make sure
that the portability glue works for their machine), it mostly
wastes time for development testing (as most developers aren't
making any of the major changes that would cause gnulib tests
to alter behavior). Thus, it pays to make the tests optional
at configure time, defaulting to off for development, on for
tarballs, with autobuilders requesting it to be on. It also
helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
(much the way automake sets up V=[01] for overriding the configure
time default of how verbose to be).
Automake has some pretty hard-coded magic with regards to the
TESTS variable; I had quite a job figuring out how to keep
'make distcheck' passing regardless of the configure option
setting in use, while still disabling the tests at runtime
when I did not configure them on and did not use the override
variable. Thankfully, we require GNU make, which lets me
hide some information from Automake's magic handling of TESTS.
* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
* configure.ac (--enable-expensive-tests): Add new enable switch.
(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
witnesses.
* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
configure settings and the VIR_TEST_EXPENSIVE variable.
* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
to all tests.
* autobuild.sh: Enable all tests during autobuilds.
* libvirt.spec.in (%configure): Likewise.
* mingw-libvirt.spec.in (%mingw_configure): Likewise.
* docs/hacking.html.in: Document the option.
* HACKING: Regenerate.
Signed-off-by: Eric Blake <eblake@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=951637
Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).
There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html
If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.
* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.
Signed-off-by: Eric Blake <eblake@redhat.com>
This is a second attempt at fixing the problem first attempted
in commit 2df8d99; basically undoing the fact that it was
reverted in commit 43cee32f, plus fixing two more issues: the
code in configure.ac has to EXACTLY match virnetdevbridge.c
with regards to declaring in6 types before using if_bridge.h,
and the fact that RHEL 5 has even more conflicts:
In file included from util/virnetdevbridge.c:49:
/usr/include/linux/in6.h:47: error: conflicting types for 'in6addr_any'
/usr/include/netinet/in.h:206: error: previous declaration of 'in6addr_any' was here
/usr/include/linux/in6.h:49: error: conflicting types for 'in6addr_loopback'
/usr/include/netinet/in.h:207: error: previous declaration of 'in6addr_loopback' was here
The rest of this commit message borrows from the original try
of 2df8d99:
A fresh checkout on a RHEL 6 machine with these packages:
kernel-headers-2.6.32-405.el6.x86_64
glibc-2.12-1.128.el6.x86_64
failed to configure with this message:
checking for linux/if_bridge.h... no
configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support
Digging in config.log, we see that the problem is identical to
what we fixed earlier in commit d12c2811:
configure:98831: checking for linux/if_bridge.h
configure:98853: gcc -std=gnu99 -c -g -O2 conftest.c >&5
In file included from /usr/include/linux/if_bridge.h:17,
from conftest.c:559:
/usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr'
/usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6'
/usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq'
configure:98860: $? = 1
I had not hit it earlier because I was using incremental builds,
where config.cache had shielded me from the kernel-headers breakage.
* configure.ac (if_bridge.h): Avoid conflicting type definitions.
* src/util/virnetdevbridge.c (includes): Also sanitize for RHEL 5.
Signed-off-by: Eric Blake <eblake@redhat.com>
A fresh checkout on a RHEL 6 machine with these packages:
kernel-headers-2.6.32-405.el6.x86_64
glibc-2.12-1.128.el6.x86_64
failed to configure with this message:
checking for linux/if_bridge.h... no
configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support
Digging in config.log, we see that the problem is identical to
what we fixed earlier in commit d12c2811:
configure:98831: checking for linux/if_bridge.h
configure:98853: gcc -std=gnu99 -c -g -O2 conftest.c >&5
In file included from /usr/include/linux/if_bridge.h:17,
from conftest.c:559:
/usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr'
/usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6'
/usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq'
configure:98860: $? = 1
I had not hit it earlier because I was using incremental builds,
where config.cache had shielded me from the kernel-headers breakage.
* configure.ac (if_bridge.h): Avoid conflicting type definitions.
Signed-off-by: Eric Blake <eblake@redhat.com>
Autoconf 2.59 says that AC_OUTPUT with arguments is obsolete,
and we are already using the replacement for some, but not all,
of our output files.
* configure.ac (AC_OUTPUT): Rewrite to use AC_CONFIG_FILES.
Signed-off-by: Eric Blake <eblake@redhat.com>
The python/tests directory contains a number of so called
"tests" for the python API. These are all hardcoded to
look for Xen and cannot be run in any automated fashion,
and no one is ever manually running them. Given that they
don't meaningully contribute to the test coverage, delete
them.
For some reason these tests were also copied into the
filesystem as part of 'make install'. The change to the
RPM in commit 3347a42032
caused a build failure, since it removed the code which
deleted these installed tests.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
link_addr detection in configure always reports that
link_addr is missing because it uses link_addr(NULL, NULL) in
AC_LINK_IFELSE check with limited set of headers that doesn't
define NULL.
Fix by replacing 'NULL' with just '0'.
Some versions of kFreeBSD (like 9.0) declare link_addr in a header
but lack an implementation. This makes ./configure pass but breaks
compilation later with a
undefined reference to `link_addr'
Althought that's a bug in the OS header we can detect it easily by also
trying to link.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715320
https://bugzilla.redhat.com/show_bug.cgi?id=964358
POSIX states that multi-threaded apps should not use functions
that are not async-signal-safe between fork and exec, yet we
were using getpwuid_r and initgroups. Although rare, it is
possible to hit deadlock in the child, when it tries to grab
a mutex that was already held by another thread in the parent.
I actually hit this deadlock when testing multiple domains
being started in parallel with a command hook, with the following
backtrace in the child:
Thread 1 (Thread 0x7fd56bbf2700 (LWP 3212)):
#0 __lll_lock_wait ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
#1 0x00007fd5761e7388 in _L_lock_854 () from /lib64/libpthread.so.0
#2 0x00007fd5761e7257 in __pthread_mutex_lock (mutex=0x7fd56be00360)
at pthread_mutex_lock.c:61
#3 0x00007fd56bbf9fc5 in _nss_files_getpwuid_r (uid=0, result=0x7fd56bbf0c70,
buffer=0x7fd55c2a65f0 "", buflen=1024, errnop=0x7fd56bbf25b8)
at nss_files/files-pwd.c:40
#4 0x00007fd575aeff1d in __getpwuid_r (uid=0, resbuf=0x7fd56bbf0c70,
buffer=0x7fd55c2a65f0 "", buflen=1024, result=0x7fd56bbf0cb0)
at ../nss/getXXbyYY_r.c:253
#5 0x00007fd578aebafc in virSetUIDGID (uid=0, gid=0) at util/virutil.c:1031
#6 0x00007fd578aebf43 in virSetUIDGIDWithCaps (uid=0, gid=0, capBits=0,
clearExistingCaps=true) at util/virutil.c:1388
#7 0x00007fd578a9a20b in virExec (cmd=0x7fd55c231f10) at util/vircommand.c:654
#8 0x00007fd578a9dfa2 in virCommandRunAsync (cmd=0x7fd55c231f10, pid=0x0)
at util/vircommand.c:2247
#9 0x00007fd578a9d74e in virCommandRun (cmd=0x7fd55c231f10, exitstatus=0x0)
at util/vircommand.c:2100
#10 0x00007fd56326fde5 in qemuProcessStart (conn=0x7fd53c000df0,
driver=0x7fd55c0dc4f0, vm=0x7fd54800b100, migrateFrom=0x0, stdin_fd=-1,
stdin_path=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
flags=1) at qemu/qemu_process.c:3694
...
The solution is to split the work of getpwuid_r/initgroups into the
unsafe portions (getgrouplist, called pre-fork) and safe portions
(setgroups, called post-fork).
* src/util/virutil.h (virSetUIDGID, virSetUIDGIDWithCaps): Adjust
signature.
* src/util/virutil.c (virSetUIDGID): Add parameters.
(virSetUIDGIDWithCaps): Adjust clients.
* src/util/vircommand.c (virExec): Likewise.
* src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
(virDirCreate): Likewise.
* src/security/security_dac.c (virSecurityDACSetProcessLabel):
Likewise.
* src/lxc/lxc_container.c (lxcContainerSetID): Likewise.
* configure.ac (AC_CHECK_FUNCS_ONCE): Check for setgroups, not
initgroups.
Signed-off-by: Eric Blake <eblake@redhat.com>
In order to properly detect bridge related definitions such as
BRDGSFD, BRDGADD and BRDGDEL on kFreeBSD we need to include
<stdint.h>.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715321
Reported by Laurent Bigonville.
