This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.
The actual APIs are
int virDomainLxcOpenNamespace(virDomainPtr domain,
int **fdlist,
unsigned int flags);
int virDomainLxcEnterNamespace(virDomainPtr domain,
unsigned int nfdlist,
int *fdlist,
unsigned int *noldfdlist,
int **oldfdlist,
unsigned int flags);
which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.
NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
There are many aspects of the guest XML which result in the
SELinux driver applying file labelling. With the increasing
configuration options it is desirable to test this behaviour.
It is not possible to assume that the test suite has the
ability to set SELinux labels. Most filesystems though will
support extended attributes. Thus for the purpose of testing,
it is possible to extend the existing LD_PRELOAD hack to
override setfilecon() and getfilecon() to simply use the
'user.libvirt.selinux' attribute for the sake of testing.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This converts the libssh2 configure check to use LIBVIRT_CHECK_PKG.
Previously it would check version 1.0 and 1.3, but this simplifies
things to just require version 1.3
When parsing the top level comment of a file, apibuild.py used
to split on any ':' character of a line regarding the first part
as a key for a setting, e.g. "Summary". The second part would then
be assigned as the value for that key.
This means you could not use a ':' character inside those comments
without ill effects.
Now, a key must consist solely of alphanumeric characters, '_' or '.'.
Problem introduced in commit cd699ed.
* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_PKG): Set up
direct expansions, since autoconf 2.59 lacked m4_expand.
I've noticed a number of people sending patches with file
renames not compressed, so we might as well document how to
set this up. (Git won't do it by default, for back-compat
reasons)
* docs/hacking.html.in: Add git config tip.
* HACKING: Regenerate.
If addition of rules in networkAddIptablesRules() failed the real error
was masked by error reported when trying to clean up the remaining
rules.
With this patch the original error message is saved and set back after
the removal is complete.
This patch changes whitespace and the length of the separation line from
this format:
$ virsh net-list --all
Name State Autostart Persistent
--------------------------------------------------
default inactive yes yes
to
$ virsh net-list --all
Name State Autostart Persistent
----------------------------------------------------------
default inactive yes yes
to match the output of virsh list.
Commit 0211fd6e04 introduced regression
where newly defined networks were not made persistent.
This patch makes the network persistent on each successful definition.
Most checks for libraries take the same format
* --with-libFOO=yes|no|check|/some/path argument
* check for a function NNN in libFOO.so
* check for a header file DDD/HHH.h
* Define a WITH_FOO config.h symbol
* Define a WITH_FOO make conditional
* Substitute FOO_CFLAGS and FOO_LIBS make variables
* Print CFLAGS & LIBS summary at the end
Doing all this correctly is rather difficult, typically
done by copy+paste of a previous usage. Further small
improvements people make are not applied to all previous
usages.
Improve this by creating some helper macros to apply
good practice. First, to perform the actual checks:
LIBVIRT_CHECK_LIB([SELINUX], [selinux],
[getfilecon], [selinux/selinux.h])
This checks for 'getfilecon' in -lselinux, and the
existence of 'selinux/selinux.h' header file. If successful
it sets SELINUX_CFLAGS and SELINUX_LIBS. The WITH_SELINUX
config.h macro and WITH_SELINUX make conditional are also
defined.
In some cases we need to check two variants of the same
library
LIBVIRT_CHECK_LIB_ALT([SASL], [sasl2],
[sasl_client_init], [sasl/sasl.h],
[SASL1], [sasl],
[sasl_client_init], [sasl/sasl.h])
This checks for sasl_client_init in libsasl2, and if that
is not found, checks sasl_client_init in libsasl. If the
first check succeeds WITH_SASL is set, while if the second
check succeeds *both* WITH_SASL and WITH_SASL1 are set.
If the library supports pkg-config, then another variant
is available
LIBVIRT_CHECK_PKG([AVAHI], [avahi-client], [0.6.0])
This checks for avahi-client >= 0.6.0 via pkg-config
and sets WITH_AVAHI if found.
Finally to print a summary of CFLAGS & LIBs found (if any):
LIBVIRT_RESULT_LIB([SELINUX])
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
