Commit Graph

812 Commits

Author SHA1 Message Date
Michal Privoznik
272769becc qemu: Move close callbacks handling into util/virclosecallbacks.c 2013-07-18 14:16:53 +02:00
Daniel P. Berrange
040d996342 Merge virCommandPreserveFD / virCommandTransferFD
Merge the virCommandPreserveFD / virCommandTransferFD methods
into a single virCommandPasFD method, and use a new
VIR_COMMAND_PASS_FD_CLOSE_PARENT to indicate their difference
in behaviour

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-18 12:18:24 +01:00
Michal Privoznik
75f0fd5112 qemu: Implement chardev hotplug on config level
There are two levels on which a device may be hotplugged: config
and live. The config level requires just an insert or remove from
internal domain definition structure, which is exactly what this
patch does. There is currently no implementation for a chardev
update action, as there's not much to be updated. But more
importantly, the only thing that can be updated is path or socket
address by which chardevs are distinguished. So the update action
is currently not supported.
2013-07-16 11:47:39 +02:00
Peter Krempa
13cdd389ed cpu: Add virCPUDefUpdateFeature()
This new function updates or adds a feature to a existing cpu model
definition. This function will be helpful to allow tuning of
"host-model" features in later patches.
2013-07-16 10:49:50 +02:00
Michal Privoznik
8d4c3c3f81 domain_conf: Introduce chardev hotplug helpers
For now, only these three helpers are needed:
virDomainChrFind - to find a duplicate chardev within VM def
virDomainChrInsert - wrapper for inserting a new chardev into VM def
virDomainChrRemove - wrapper for removing chardev from VM def

There is, however, one internal helper as well:
virDomainChrGetDomainPtrs which sets given pointers to one of
vmdef->{parallels,serials,consoles,channels} based on passed
chardev type.
2013-07-12 10:59:52 +02:00
Eric Blake
75c125641a util: add virGetGroupList
Since neither getpwuid_r() nor initgroups() are safe to call in
between fork and exec (they obtain a mutex, but if some other
thread in the parent also held the mutex at the time of the fork,
the child will deadlock), we have to split out the functionality
that is unsafe.  At least glibc's initgroups() uses getgrouplist
under the hood, so the ideal split is to expose getgrouplist for
use before a fork.  Gnulib already gives us a nice wrapper via
mgetgroups; we wrap it once more to look up by uid instead of name.

* bootstrap.conf (gnulib_modules): Add mgetgroups.
* src/util/virutil.h (virGetGroupList): New declaration.
* src/util/virutil.c (virGetGroupList): New function.
* src/libvirt_private.syms (virutil.h): Export it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-11 15:25:53 -06:00
Michal Privoznik
dc6f2dadac Introduce OOM reporting to virAsprintf
Actually, I'm turning this function into a macro as filename,
function name and line number needs to be passed. The new
function virAsprintfInternal is introduced with the extended set
of arguments.
2013-07-10 11:07:31 +02:00
Marek Marczykowski-Górecki
8f65fcb4a4 conf: virDomainObjListRemoveLocked function
While iterating with virDomainObjListForEach it is safe to remove
current element. But while iterating, 'doms' lock is already taken, so
can't use standard virDomainObjListRemove. So introduce
virDomainObjListRemoveLocked for this purpose.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2013-07-03 14:42:51 -06:00
Daniel P. Berrange
323049a089 Add access control filtering of storage objects
Ensure that all APIs which list storage objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-03 15:54:53 +01:00
Daniel P. Berrange
b1f3029afd Add access control filtering of node device objects
Ensure that all APIs which list node device objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-03 15:54:53 +01:00
Daniel P. Berrange
bbaa4e1cba Add access control filtering of network objects
Ensure that all APIs which list network objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-03 15:54:53 +01:00
Roman Bogorodskiy
477a619e1b Drop iptablesContext
iptablesContext holds only 4 pairs of iptables
(table, chain) and there's no need to pass
it around.

This is a first step towards separating bridge_driver.c
in platform-specific parts.
2013-07-01 13:47:37 -04:00
Laine Stump
72c029d883 pci: new iommu_group functions
Any device which belongs to an "IOMMU group" (used by vfio) will
have links to all devices of its group listed in
/sys/bus/pci/$device/iommu_group/devices;
/sys/bus/pci/$device/iommu_group is actually a link to
/sys/kernel/iommu_groups/$n, where $n is the group number (there
will be a corresponding device node at /dev/vfio/$n once the
devices are bound to the vfio-pci driver)

The following functions are added:

virPCIDeviceGetIOMMUGroupList

  Gets a virPCIDeviceList with one virPCIDeviceList for each device
  in the same IOMMU group as the provided virPCIDevice (a copy of the
  original device object is included in the list.

virPCIDeviceAddressIOMMUGroupIterate

  Calls the function @actor once for each device in the group that
  contains the given virPCIDeviceAddress.

virPCIDeviceAddressGetIOMMUGroupAddresses

  Fills in a virPCIDeviceAddressPtr * with an array of
  virPCIDeviceAddress, one for each device in the iommu group of the
  provided virPCIDeviceAddress (including a copy of the original).

virPCIDeviceAddressGetIOMMUGroupNum

  Returns the group number as an int (a valid group number will always
  be 0 or greater).  If there is no iommu_group link in the device's
  directory (usually indicating that vfio isn't loaded), -2 will be
  returned. On any real error, -1 will be returned.
2013-06-26 14:10:09 -04:00
Laine Stump
0e89a543be pci: virPCIDeviceListAddCopy API
Make a copy of the device and add the copy to the
list. (virPCIDeviceListAdd() adds the original object to the list
instead).
2013-06-25 18:11:10 -04:00
Laine Stump
31a4a679b3 pci: rename virPCIParseDeviceAddress and make it public
This function has utility outside of virpci.c, so make it public.

Also the name didn't fit convention, so change it to
virPCIDeviceAddressParse.
2013-06-25 18:07:38 -04:00
Laine Stump
1d829e1306 pci: rename virPCIDeviceGetVFIOGroupDev to virPCIDeviceGetIOMMUGroupDev
I realized after the fact that it's probably better in the long run to
give this function a name that matches the name of the link used in
sysfs to hold the group (iommu_group).

I'm changing it now because I'm about to add several more functions
that deal with iommu groups.
2013-06-25 18:07:38 -04:00
Jiri Denemark
c0762b6518 New internal migration APIs with extensible parameters
This patch implements extensible variants of all internal migration APIs
used for v3 migration.
2013-06-25 01:13:16 +02:00
Jiri Denemark
d0d5acb511 Introduce virTypedParamsCopy internal API 2013-06-25 00:38:25 +02:00
Jiri Denemark
fefb0d5464 Introduce VIR_TYPED_PARAMS_DEBUG macro for dumping typed params
All APIs that take typed parameters are only using params address in
their entry point debug messages. With the new VIR_TYPED_PARAMS_DEBUG
macro, all functions can easily log all individual typed parameters
passed to them.
2013-06-25 00:38:24 +02:00
Jiri Denemark
8a7f1166e1 Introduce virTypedParamsReplaceString internal API 2013-06-25 00:38:24 +02:00
Jiri Denemark
637a7c865a Introduce virTypedParamsCheck internal API
This API is useful for checking whether only a specific subset of
supported typed parameters were passed.
2013-06-25 00:38:24 +02:00
Jiri Denemark
c40ed4168a Rename virTypedParameterArrayValidate as virTypedParamsValidate 2013-06-25 00:38:24 +02:00
Laine Stump
50a8d85035 pci: new utility functions
* virPCIDeviceFindByIDs - find a device on a list w/o creating an object
    This makes searching for an existing device on a list lighter weight.

* virPCIDeviceCopy - make a copy of an existing virPCIDevice object.

* virPCIDeviceGetDriverPathAndName - construct new strings containing
    1) the name of the driver bound to this device.
    2) the full path to the sysfs config for that driver.
    (This code was lifted from virPCIDeviceUnbindFromStub, and replaced
    there with a call to this new function).
2013-06-24 17:33:38 -04:00
Daniel P. Berrange
ed3bac713c Setup default access control manager in libvirtd
Add a new 'access_drivers' config parameter to the libvirtd.conf
configuration file. This allows admins to setup the default
access control drivers to use for API authorization. The same
driver is to be used by all internal drivers & APIs

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:24:36 +01:00
Daniel P. Berrange
a93cd08fd5 Define basic internal API for access control
This patch introduces the virAccessManagerPtr class as the
interface between virtualization drivers and the access
control drivers. The viraccessperm.h file defines the
various permissions that will be used for each type of object
libvirt manages

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:24:36 +01:00
Ján Tomko
31d42506fb conf: add features to volume target XML
Add <features> and <compat> elements to volume target XML.

<compat> is a string which for qcow2 represents the QEMU version
it should be compatible with. Valid values are 0.10 and 1.1.
1.1 is implicit if the <features> element is present, otherwise
qemu-img default is used. 0.10 can be specified to explicitly
create older images after the qemu-img default changes.

<features> contains optional features, so far
<lazy_refcounts/> is available, which enables caching of reference
counters, improving performance for snapshots.
2013-06-21 13:25:30 +02:00
Roman Bogorodskiy
9614d70b0c Make virNetDevSetupControl() public.
This method is useful not only in virnetdev.c.
2013-06-14 16:14:58 +02:00
Ján Tomko
f753dd62f9 udev: fix crash in libudev logging
Call virLogVMessage instead of virLogMessage, since libudev
called us with a va_list object, not a list of arguments.

Honor message priority and strip the trailing newline.

https://bugzilla.redhat.com/show_bug.cgi?id=969152
2013-06-14 13:17:27 +02:00
Ján Tomko
cbb3b71d3f libvirt_private.syms: add virProcessGetStartTime
https://bugzilla.redhat.com/show_bug.cgi?id=973543
2013-06-12 10:13:29 +02:00
Michal Privoznik
688994364f virsocket: Introduce virSocketAddrIsWildcard
This internal API checks, if passed address is a wildcard address.
2013-06-07 15:21:57 +02:00
Daniel P. Berrange
a261996255 Introduce virFilePrintf() as a portable fprintf()
We can't use GNULIB's fprintf-posix due to licensing
incompatibilities. We do already have a portable
formatting via virAsprintf() which we got from GNULIB
though. We can use to create a virFilePrintf() function.

But really gnulib could just provide a 'fprintf'
module, that depended on just its 'asprintf' module.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-31 10:51:33 -06:00
Guannan Ren
2a58d07654 conf: add 'sharePolicy' attribute to graphics element for vnc
-vnc :5900,share=allow-exclusive
allows clients to ask for exclusive access which is
implemented by dropping other connections Connecting
multiple clients in parallel requires all clients asking
for a shared session (vncviewer: -shared switch)

 -vnc :5900,share=force-shared
disables exclusive client access.  Useful for shared
desktop sessions, where you don't want someone forgetting
specify -shared disconnect everybody else.

 -vnc :5900,share=ignore
completely ignores the shared flag and allows everybody
connect unconditionally
2013-05-22 19:18:43 +08:00
Daniel P. Berrange
5ed5783bc7 Convert Xen domain lookup driver methods to use virDomainDefPtr
Introduce use of a virDomainDefPtr in the domain lookup
APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-21 16:11:38 +01:00
Osier Yang
28d3ad952f utils: Add a helper to get the device name that sg device mapped to
E.g.

% sg_map
/dev/sg0  /dev/sda
/dev/sg1  /dev/sr0

What the helper gets for /dev/sg0 is /dev/sda, it will be used by
later patch.
2013-05-16 23:50:00 +08:00
Osier Yang
a7c4202cdd qemu: Support discard for disk
QEMU introduced "discard" option for drive since commit a9384aff53,

<...>
@var{discard} is one of "ignore" (or "off") or "unmap" (or "on") and
controls whether @dfn{discard} (also known as @dfn{trim} or @dfn{unmap})
requests are ignored or passed to the filesystem.  Some machine types
may not support discard requests.
</...>

This patch exposes the support in libvirt.

QEMU supported "discard" for "-drive" since v1.5.0-rc0:

% git tag --contains a9384aff53
contains
v1.5.0-rc0
v1.5.0-rc1

So this only detects the capability bit using virQEMUCapsProbeQMPCommandLine.
2013-05-15 19:01:00 +08:00
Eric Blake
547a7c778a json: support removing a value from an object
In an upcoming patch, I need the way to safely transfer a nested
virJSON object out of its parent container for independent use,
even after the parent is freed.

* src/util/virjson.h (virJSONValueObjectRemoveKey): New function.
(_virJSONObject, _virJSONArray): Use correct type.
* src/util/virjson.c (virJSONValueObjectRemoveKey): Implement it.
* src/libvirt_private.syms (virjson.h): Export it.
* tests/jsontest.c (mymain): Test it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-13 15:15:54 -06:00
Gene Czarcinski
ccff335f83 Support for static routes on a virtual bridge
network: static route support for <network>

This patch adds the <route> subelement of <network> to define a static
route.  the address and prefix (or netmask) attribute identify the
destination network, and the gateway attribute specifies the next hop
address (which must be directly reachable from the containing
<network>) which is to receive the packets destined for
"address/(prefix|netmask)".

These attributes are translated into an "ip route add" command that is
executed when the network is started. The command used is of the
following form:

  ip route add <address>/<prefix> via <gateway> \
               dev <virbr-bridge> proto static metric <metric>

Tests are done to validate that the input data are correct.  For
example, for a static route ip definition, the address must be a
network address and not a host address.  Additional checks are added
to ensure that the specified gateway is directly reachable via this
network (i.e. that the gateway IP address is in the same subnet as one
of the IP's defined for the network).

prefix='0' is supported for both family='ipv4' address='0.0.0.0'
netmask='0.0.0.0' or prefix='0', and for family='ipv6' address='::',
prefix=0', although care should be taken to not override a desired
system default route.

Anytime an attempt is made to define a static route which *exactly*
duplicates an existing static route (for example, address=::,
prefix=0, metric=1), the following error message will be sent to
syslog:

    RTNETLINK answers: File exists

This can be overridden by decreasing the metric value for the route
that should be preferred, or increasing the metric for the route that
shouldn't be preferred (and is thus in place only in anticipation that
the preferred route may be removed in the future).  Caution should be
used when manipulating route metrics, especially for a default route.

Note: The use of the command-line interface should be replaced by
direct use of libnl so that error conditions can be handled better.  But,
that is being left as an exercise for another day.

Signed-off-by: Gene Czarcinski <gene@czarc.net>
Signed-off-by: Laine Stump <laine@laine.org>
2013-05-13 16:14:40 -04:00
Daniel P. Berrange
8aabd597b3 Add a helper API for setting up a NBD device with qemu-nbd
Add a virFileNBDDeviceAssociate method, which given a filename
will setup a NBD device, using qemu-nbd as the server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-13 13:15:19 +01:00
Han Cheng
7486584c9f utils: util functions for scsi hostdev
This patch adds util functions for scsi hostdev.

Signed-off-by: Han Cheng <hanc.fnst@cn.fujitsu.com>
Signed-off-by: Osier Yang <jyang@redhat.com>
2013-05-13 18:40:50 +08:00
Daniel P. Berrange
8ab7d8ee40 Allow the iohelper path to be customized by test programs
Currently the fdstream function hardcodes the location
of the iohelper to LIBEXECDIR "/libvirt_iohelper". This
is not convenient when trying to write test cases which
use this code. Add a virFDStreamSetIOHelper method to
allow the test cases to point to the location of the
un-installed iohelper binary.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-10 19:57:18 +01:00
Laine Stump
bfe7721d50 util: move virFile* functions from virutil.c to virfile.c
These all existed before virfile.c was created, and for some reason
weren't moved.

This is mostly straightfoward, although the syntax rule prohibiting
write() had to be changed to have an exception for virfile.c instead
of virutil.c.

This movement pointed out that there is a function called
virBuildPath(), and another almost identical function called
virFileBuildPath(). They really should be a single function, which
I'll take care of as soon as I figure out what the arglist should look
like.
2013-05-10 13:09:30 -04:00
Daniel P. Berrange
979e9c56a7 Include process start time when doing polkit checks
Since PIDs can be reused, polkit prefers to be given
a (PID,start time) pair. If given a PID on its own,
it will attempt to lookup the start time in /proc/pid/stat,
though this is subject to races.

It is safer if the client app resolves the PID start
time itself, because as long as the app has the client
socket open, the client PID won't be reused.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:45 +01:00
Daniel P. Berrange
b1d753fe40 Rename "security context" to "selinux context"
There are various methods named "virXXXXSecurityContext",
which are specific to SELinux. Rename them all to
"virXXXXSELinuxContext". They will still raise errors at
runtime if SELinux is not compiled in

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:21:01 +01:00
Michal Privoznik
c3abb5c459 virstring: Introduce VIR_STRDUP and VIR_STRNDUP
The code adaptation is not done right now, but in subsequent patches.
Hence I am not implementing syntax-check rule as it would break
compilation. Developers are strongly advised to use these new macros.
They are similar to VIR_ALLOC() logic: VIR_STRDUP(dst, src) returns zero
on success, -1 otherwise. In case you don't want to report OOM error,
use the _QUIET variant of a macro.
2013-05-05 12:08:54 +02:00
Michal Privoznik
7c9a2d88cd virutil: Move string related functions to virstring.c
The source code base needs to be adapted as well. Some files
include virutil.h just for the string related functions (here,
the include is substituted to match the new file), some include
virutil.h without any need (here, the include is removed), and
some require both.
2013-05-02 16:56:55 +02:00
Paolo Bonzini
740d98a17d virnetdevtap: add virNetDevTapGetName
This will be used on a tap file descriptor returned by the bridge helper
to populate the <target> element, because the helper does not provide
the interface name.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-26 15:37:15 -06:00
Laine Stump
776d49f492 util: new virCommandSetMax(MemLock|Processes|Files)
This patch adds two sets of functions:

1) lower level virProcessSet*() functions that will immediately set
the RLIMIT_MEMLOCK. RLIMIT_NPROC, or RLIMIT_NOFILE of either the
current process (using setrlimit()) or any other process (using
prlimit()). "current process" is indicated by passing a 0 for pid.

2) functions for virCommand* that will setup a virCommand object to
set those limits at a later time just after it has forked a new
process, but before it execs the new program.

configure.ac has prlimit and setrlimit added to the list of functions
to check for, and the low level functions log an "unsupported" error)
on platforms that don't support those functions.
2013-04-26 10:23:46 -04:00
Laine Stump
b210208f97 util: new function virPCIDeviceGetVFIOGroupDev
Given a virPCIDevice, this function returns the path for the device
that controls the vfio group the device belongs to,
e.g. "/dev/vfio/15".
2013-04-25 21:28:43 -04:00
Laine Stump
be64199e17 pci: keep a stubDriver in each virPCIDevice
This can be set when the virPCIDevice is created and placed on a list,
then used later when traversing the list to determine which stub
driver to bind/unbind for managed devices.

The existing Detach and Attach functions' signatures haven't been
changed (they still accept a stub driver name in the arg list), but if
the arg list has NULL for stub driver and one is available in the
device's object, that will be used. (we may later deprecate and remove
the arg from those functions).
2013-04-25 21:28:10 -04:00
Ján Tomko
b33eb0dca1 qemu: auto-add pci-root controller for pc machine types
<controller type='pci' index='0' model='pci-root'/>
is auto-added to pc* machine types.
Without this controller PCI bus 0 is not available and
no PCI addresses are assigned by default.

Since older libvirt supported PCI bus 0 even without
this controller, it is removed from the XML when migrating.
2013-04-25 13:05:10 +02:00
Ján Tomko
024e9af3e5 qemu: call post-parse callbacks when parsing command line too
Now we set the default disk driver name when parsing
the qemu command line too, hence all the test changes.

Assume format type is 'auto' when none is specified on
qemu command line.
2013-04-25 12:10:22 +02:00
Daniel P. Berrange
07a6b9aac4 Rename 'DeviceMonitor' to 'NodeDeviceDriver'
The driver.h struct for node devices used an inconsistent
naming scheme 'DeviceMonitor' instead of the more usual
'NodeDeviceDriver'. Fix this everywhere it has leaked
out to.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:59:53 +01:00
Daniel P. Berrange
abe038cfc0 Extend previous check to validate driver struct field names
Ensure that the driver struct field names match the public
API names. For an API virXXXX we must have a driver struct
field xXXXX. ie strip the leading 'vir' and lowercase any
leading uppercase letters.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:59:53 +01:00
Peter Krempa
fa006c4fdd qemu: Fix setting of memory tunables
Refactoring done in 19c6ad9ac7 didn't
correctly take into account the order cgroup limit modification needs to
be done in. This resulted into errors when decreasing the limits.

The operations need to take place in this order:

decrease hard limit
change swap hard limit

or

change swap hard limit
increase hard limit

This patch also fixes the check if the hard_limit is less than
swap_hard_limit to print better error messages. For this purpose I
introduced a helper function virCompareLimitUlong to compare limit
values where value of 0 is equal to unlimited. Additionally the check is
now applied also when the user does not provide all of the tunables
through the API and in that case the currently set values are used.

This patch resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=950478
2013-04-23 07:10:56 +02:00
Gene Czarcinski
bd7c7c1b3c create virSocketAddrGetIpPrefix utility function
Create the utility function virSocketAddrGetIpPrefix() to
determine the prefix for this network.  The code in this
function was adapted from virNetworkIpDefPrefix().

Update virNetworkIpDefPrefix() in src/conf/network_conf.c
to use the new utility function.

Signed-off-by: Gene Czarcinski <gene@czarc.net>
2013-04-22 14:10:53 -04:00
Peter Krempa
446dd66b7c network: bridge_driver: don't lose transient networks on daemon restart
Until now tranisent networks weren't really useful as libvirtd wasn't
able to remember them across restarts. This patch adds support for
loading status files of transient networks (that already were generated)
so that the status isn't lost.

This patch chops up virNetworkObjUpdateParseFile and turns it into
virNetworkLoadState and a few friends that will help us to load status
XMLs and refactors the functions that are loading the configs to use
them.
2013-04-19 16:43:47 +02:00
Daniel P. Berrange
1da631ecf3 Add an API for re-mounting cgroups, to isolate the process location
Add a virCgroupIsolateMount method which looks at where the
current process is place in the cgroups (eg /system/demo.lxc.libvirt)
and then remounts the cgroups such that this sub-directory
becomes the root directory from the current process' POV.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:32 +01:00
Daniel P. Berrange
aa8604dd45 Add a new virCgroupNewPartition for setting up resource partitions
A resource partition is an absolute cgroup path, ignoring the
current process placement. Expose a virCgroupNewPartition API
for constructing such cgroups

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:31 +01:00
Daniel P. Berrange
04c18d25f1 Rename virCgroupForXXX to virCgroupNewXXX
Rename all the virCgroupForXXX methods to use the form
virCgroupNewXXX since they are all constructors. Also
make sure the output parameter is the last one in the
list, and annotate all pointers as non-null. Fix up
all callers, and make sure they use true/false not 0/1
for the boolean parameters

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:31 +01:00
Daniel P. Berrange
035cdaa00b Introduce a virFileDeleteTree method
Introduce a method virFileDeleteTree for recursively deleting
an entire directory tree

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:31 +01:00
Stefan Berger
6ecff413e1 Parse TPM passthrough XML in the domain XML
Parse the domain XML with TPM passthrough support.
The TPM passthrough XML may look like this:

    <tpm model='tpm-tis'>
      <backend type='passthrough'>
        <device path='/dev/tpm0'/>
      </backend>
    </tpm>


Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
2013-04-12 16:55:45 -04:00
Stefan Berger
06ba4bff91 Helper functions for host TPM support
Implement helper function to create the TPM's sysfs cancel file.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
2013-04-12 16:55:45 -04:00
Stefan Berger
069219577b Add function to find a needle in a string array
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
2013-04-12 16:55:45 -04:00
Han Cheng
5bc5a44db9 conf: Change help function
The helper function to look up disk controller model may be used by scsi
hostdev. But it should be changed to use device info.

Signed-off-by: Han Cheng <hanc.fnst@cn.fujitsu.com>
2013-04-09 22:21:16 +08:00
Daniel P. Berrange
dca927c82f Rename virCgroupMounted to virCgroupHasController & make it more robust
The virCgroupMounted method is badly named, since a controller can be
mounted, but disabled in the current object. Rename the method to be
virCgroupHasController. Also make it tolerant to a  NULL virCgroupPtr
and out-of-range controller index, to avoid duplication of these
checks in all callers

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-08 14:49:12 +01:00
Osier Yang
f5a610872a storage: Guess the parent if it's not specified for vHBA
This finds the parent for vHBA by iterating over all the HBA
which supports vport_ops capability on the host, and return
the first one which is online, not saturated (vports in use
is less than max_vports).
2013-04-08 18:41:07 +08:00
Osier Yang
b52fbad150 util: Add helper to get the scsi host name by iterating over sysfs
The helper iterates over sysfs, to find out the matched scsi host
name by comparing the wwnn,wwpn pair. It will be used by checkPool
and refreshPool of storage scsi backend. New helper getAdapterName
is introduced in storage_backend_scsi.c, which uses the new util
helper virGetFCHostNameByWWN to get the fc_host adapter name.
2013-04-08 18:41:06 +08:00
Osier Yang
9f781da69d New XML attributes for storage pool source adapter
This introduces 4 new attributes for storage pool source adapter.
E.g.

<adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/>

Attribute 'type' can be either 'scsi_host' or 'fc_host', and defaults
to 'scsi_host' if attribute 'name' is specified. I.e. It's optional
for 'scsi_host' adapter, for back-compat reason. However, mandatory
for 'fc_host' adapter and any new future adapter types. Attribute
'parent' is to specify the parent for the fc_host adapter.

* docs/formatstorage.html.in:
  - Add documents for the 4 new attrs
* docs/schemas/storagepool.rng:
  - Add RNG schema
* src/conf/storage_conf.c:
  - Parse and format the new XMLs
* src/conf/storage_conf.h:
  - New struct virStoragePoolSourceAdapter, replace "char *adapter" with it;
  - New enum virStoragePoolSourceAdapterType
* src/libvirt_private.syms:
  - Export TypeToString and TypeFromString
* src/phyp/phyp_driver.c:
  - Replace "adapter" with "adapter.data.name", which is member of the union
    of the new struct virStoragePoolSourceAdapter now. Later patch will
    add the checking, as "adapter.data.name" is only valid for "scsi_host"
    adapter.
* src/storage/storage_backend_scsi.c:
  - Like above
* tests/storagepoolxml2xmlin/pool-scsi-type-scsi-host.xml:
* tests/storagepoolxml2xmlin/pool-scsi-type-fc-host.xml:
  - New test for 'fc_host' and "scsi_host" adapter
* tests/storagepoolxml2xmlout/pool-scsi.xml:
  - Change the expected output, as the 'type' defaults to 'scsi_host' if 'name"
    specified now
* tests/storagepoolxml2xmlout/pool-scsi-type-scsi-host.xml:
* tests/storagepoolxml2xmlout/pool-scsi-type-fc-host.xml:
  - New test
* tests/storagepoolxml2xmltest.c:
  - Include the test
2013-04-08 18:41:06 +08:00
Osier Yang
1acfc171da util: Add a helper to check if all bits of a bitmap are clear 2013-04-06 10:14:21 +08:00
Daniel P. Berrange
804a809a06 Rename virCgroupGetAppRoot to virCgroupForSelf
The virCgroupGetAppRoot is not clear in its meaning. Change
to virCgroupForSelf to highlight that this returns the
cgroup config for the caller's process

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-05 10:41:54 +01:00
Peter Krempa
46becc18ba virCaps: get rid of macPrefix field
Use the virDomainXMLConf structure to hold this data and tweak the code
to avoid semantic change.

Without configuration the KVM mac prefix is used by default. I chose it
as it's in the privately administered segment so it should be usable for
any purposes.
2013-04-04 22:42:38 +02:00
Peter Krempa
b5def001cc virCaps: get rid of emulatorRequired
This patch removes the emulatorRequired field and associated
infrastructure from the virCaps object. Instead the driver specific
callbacks are used as this field isn't enforced by all drivers.

This patch implements the appropriate callbacks in the qemu and lxc
driver and moves to check to that location.
2013-04-04 22:42:38 +02:00
Peter Krempa
e84b19316a maint: Rename xmlconf to xmlopt and virDomainXMLConfig to virDomainXMLOption
This patch is the result of running:

for i in $(git ls-files | grep -v html | grep -v \.po$ ); do
  sed -i -e "s/virDomainXMLConf/virDomainXMLOption/g" -e "s/xmlconf/xmlopt/g" $i
done

and a few manual tweaks.
2013-04-04 22:18:56 +02:00
Michal Privoznik
a919e6f776 libvirt_private.syms: Correctly export seclabel APIs
One of my previous patches manipulated virSecurityLabel* APIs,
some were added to header files, and some were renamed. However,
these changes were not reflected in libvirt_private.syms.
2013-03-28 10:39:25 +01:00
Michal Privoznik
6c4de11614 security_manager: Don't manipulate domain XML in virDomainDefGetSecurityLabelDef
The virDomainDefGetSecurityLabelDef was modifying the domain XML.
It tried to find a seclabel corresponding to given sec driver. If the
label wasn't found, the function created one which is wrong. In fact
it's security manager which should modify this part of domain XML.
2013-03-28 10:01:06 +01:00
Osier Yang
96d3086a4f nodedev: Abstract nodeDeviceVportCreateDelete as util function
This abstracts nodeDeviceVportCreateDelete as an util function
virManageVport, which can be further used by later storage patches
(to support persistent vHBA, I don't want to create the vHBA
using the public API, which is not good).
2013-03-25 20:46:05 +08:00
Osier Yang
4360a09844 nodedev: Refactor the helpers
This adds two util functions (virIsCapableFCHost and virIsCapableVport),
and rename helper check_fc_host_linux as detect_scsi_host_caps,
check_capable_vport_linux is removed, as it's abstracted to the util
function virIsCapableVport. detect_scsi_host_caps nows detect both
the fc_host and vport_ops capabilities. "stat(2)" is replaced with
"access(2)" for saving.

* src/util/virutil.h:
  - Declare virIsCapableFCHost and virIsCapableVport
* src/util/virutil.c:
  - Implement virIsCapableFCHost and virIsCapableVport
* src/node_device/node_device_linux_sysfs.c:
  - Remove check_capable_vport_linux
  - Rename check_fc_host_linux as detect_scsi_host_caps, and refactor
    it a bit to detect both fc_host and vport_os capabilities
* src/node_device/node_device_driver.h:
  - Change/remove the related declarations
* src/node_device/node_device_udev.c: (Use detect_scsi_host_caps)
* src/node_device/node_device_hal.c: (Likewise)
* src/node_device/node_device_driver.c (Likewise)
2013-03-25 20:46:05 +08:00
Osier Yang
244ce462e2 util: Add one helper virReadFCHost to read the value of fc_host entry
"open_wwn_file" in node_device_linux_sysfs.c is redundant, on one
hand it duplicates work of virFileReadAll, on the other hand, it's
waste to use a function for it, as there is no other users of it.
So I don't see why the file opening work cannot be done in
"read_wwn_linux".

"read_wwn_linux" can be abstracted as an util function. As what all
it does is to read the sysfs entry.

So this patch removes "open_wwn_file", and abstract "read_wwn_linux"
as an util function "virReadFCHost" (a more general name, because
after changes, it can read each of the fc_host entry now).

* src/util/virutil.h: (Declare virReadFCHost)
* src/util/virutil.c: (Implement virReadFCHost)
* src/node_device/node_device_linux_sysfs.c: (Remove open_wwn_file,
  and read_wwn_linux)
src/node_device/node_device_driver.h: (Remove the declaration of
  read_wwn_linux, and the related macros)
src/libvirt_private.syms: (Export virReadFCHost)
2013-03-25 20:46:05 +08:00
Michal Privoznik
70bc623b58 viralloc: Export virAllocTest*
If users build with --enable-test-oom configure option,
they get this error saying, virAllocTest* functions are
not defined within tests/testutils.c.
2013-03-22 12:45:14 +01:00
Paolo Bonzini
c820fbff9f qemu: support passthrough for iscsi disks
This enables usage of commands like persistent reservations.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-22 12:10:23 +08:00
Gao feng
8d19a9f578 cgroup: export virCgroupRemoveRecursively
We will use virCgroupRemoveRecursively to remove cgroup
directories in the coming patch.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-03-20 14:21:27 -06:00
Gao feng
45e9d27ad8 NUMA: cleanup for numa related codes
Intend to reduce the redundant code,use virNumaSetupMemoryPolicy
to replace virLXCControllerSetupNUMAPolicy and
qemuProcessInitNumaMemoryPolicy.

This patch also moves the numa related codes to the
file virnuma.c and virnuma.h

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-03-20 19:37:00 +08:00
Gao feng
763edb5ebe rename qemuGetNumadAdvice to virNumaGetAutoPlacementAdvice
qemuGetNumadAdvice will be used by LXC driver, rename
it to virNumaGetAutoPlacementAdvice and move it to virnuma.c

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-03-19 15:55:40 -06:00
Daniel P. Berrange
d5e83ad9b7 Add ability to get a virIdentity from a virNetServerClientPtr
Add APIs which allow creation of a virIdentity from the info
associated with a virNetServerClientPtr instance. This is done
based on the results of client authentication processes like
TLS, x509, SASL, SO_PEERCRED

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:52:02 +00:00
Daniel P. Berrange
3aabe27247 Define internal APIs for managing identities
Introduce a local object virIdentity for managing security
attributes used to form a client application's identity.
Instances of this object are intended to be used as if they
were immutable, once created & populated with attributes

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:37:37 +00:00
Daniel P. Berrange
51997e50fa Add APIs to get at more client security data
A socket object has various pieces of security data associated
with it, such as the SELinux context, the SASL username and
the x509 distinguished name. Add new APIs to virNetServerClient
and related modules to access this data.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:11:46 +00:00
Viktor Mihajlovski
e50a1bae9b S390: domain_conf support for CCW
Add necessary handling code for the new s390 CCW address type to
virDomainDeviceInfo. Further, introduce  memory management, XML
parsing, output formatting and range validation for the new
virDomainDeviceCCWAddress type.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-03-13 17:01:34 -06:00
Daniel P. Berrange
83d7e4e460 Use separate symbol file for GNUTLS symbols
A number of symbols are only present when GNUTLS is enabled.
Thus we must use a separate libvirt_gnutls.syms file for them
instead of libvirt_private.syms

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-13 15:21:33 +00:00
Peter Krempa
27cf98e2d1 virCaps: conf: start splitting out irrelevat data
The virCaps structure gathered a ton of irrelevant data over time that.
The original reason is that it was propagated to the XML parser
functions.

This patch aims to create a new data structure virDomainXMLConf that
will contain immutable data that are used by the XML parser. This will
allow two things we need:

1) Get rid of the stuff from virCaps

2) Allow us to add callbacks to check and add driver specific stuff
after domain XML is parsed.

This first attempt removes pointers to private data allocation functions
to this new structure and update all callers and function that require
them.
2013-03-13 09:27:14 +01:00
Daniel P. Berrange
be27de6e8d Remove hack using existance of an 'identity' string to disable auth
Currently the server determines whether authentication of clients
is complete, by checking whether an identity is set. This patch
removes that lame hack and replaces it with an explicit method
for changing the client auth code

* daemon/remote.c: Update for new APis
* src/libvirt_private.syms, src/rpc/virnetserverclient.c,
  src/rpc/virnetserverclient.h: Remove virNetServerClientGetIdentity
  and virNetServerClientSetIdentity, adding a new method
  virNetServerClientSetAuth.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-12 18:07:17 +00:00
Daniel P. Berrange
a299714295 Add API for thread cancellation
Add a virThreadCancel function. This functional is inherently
dangerous and not something we want to use in general, but
integration with SELinux requires that we provide this stub.
We leave out any Win32 impl to discourage further use and
because obviously SELinux isn't enabled on Win32

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-12 18:07:11 +00:00
Daniel P. Berrange
f3d312f6c8 Add method for checking if a string is (probably) a log message
When reading log output from QEMU/LXC we need to skip over any
libvirt log messages. Currently the QEMU driver checks for a
fixed string, but this is better done with a regex. Add a method
virLogProbablyLogMessage to do a regex check

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-07 18:56:52 +00:00
Eric Blake
d76f3e0643 Revert "S390: domain_conf support for CCW"
This reverts commit 0bbbd42c30.

The design for this feature is not complete, and may change the
name of the 'schid' attribute.  Revert requested by Viktor Mihajlovski.
2013-02-26 16:32:15 -07:00
Peter Krempa
e2a0dfcfe9 conf: Add support for RNG device configuration in XML
This patch adds basic configuration support for the RNG device
supporting the virtio model with the "random" and "egd" backend types as
described in the schema in the previous patch.
2013-02-25 10:36:31 +01:00
Osier Yang
d0172d2b1b qemu: Remove the shared disk entry if the operation is ejecting or updating
For both AttachDevice and UpdateDevice APIs, if the disk device
is 'cdrom' or 'floppy', the operations could be ejecting, updating,
and inserting. For either ejecting or updating, the shared disk
entry of the original disk src has to be removed, because it's
not useful anymore.

And since the original disk def will be changed, new disk def passed
as argument will be free'ed in qemuDomainChangeEjectableMedia, so
we need to copy the orignal disk def before
qemuDomainChangeEjectableMedia, to use it for qemuRemoveSharedDisk.
2013-02-21 00:31:24 +08:00
Eric Blake
6ea7b3e8d1 maint: enforce private symbol section sorting
Automating a sorting check is the only way to ensure we don't
regress.  Suggested by Dan Berrange.

* src/check-symsorting.pl (check_sorting): Add a parameter,
validate that groups are in order, and that files exist.
* src/Makefile.am (check-symsorting): Adjust caller.
* src/libvirt_private.syms: Fix typo.
* src/libvirt_linux.syms: Fix file name.
* src/libvirt_vmx.syms: Likewise.
* src/libvirt_xenxs.syms: Likewise.
* src/libvirt_sasl.syms: Likewise.
* src/libvirt_libssh2.syms: Likewise.
* src/libvirt_esx.syms: Mention file name.
* src/libvirt_openvz.syms: Likewise.
2013-02-20 08:27:03 -07:00
Eric Blake
f190a636e5 maint: sort private syms to reflect recent header renames
Purely mechanical (roughly, s/\n/~/; s/~~/\n/; sort by line;
s/~/\n/)

* src/libvirt_private.syms: Sort sections by header file name.
2013-02-19 14:59:05 -07:00
Eric Blake
8a256f3cb4 maint: fix header file owners of private symbols
Recent renames were not reflected into the comments of
libvirt_private.syms; furthermore, since we mix private headers from
several directories into this file, knowing where the file lives
can be helpful.

* src/libvirt_private.sym: Reflect recent names.
2013-02-19 14:59:05 -07:00
Laine Stump
e11451f42e util: virSetUIDGIDWithCaps - change uid while keeping caps
Normally when a process' uid is changed to non-0, all the capabilities
bits are cleared, even those explicitly set with calls to
capng_update()/capng_apply() made immediately before setuid. And
*after* the process' uid has been changed, it no longer has the
necessary privileges to add capabilities back to the process.

In order to set a non-0 uid while still maintaining any capabilities
bits, it is necessary to either call capng_change_id() (which
unfortunately doesn't currently call initgroups to setup auxiliary
group membership), or to perform the small amount of calisthenics
contained in the new utility function virSetUIDGIDWithCaps().

Another very important difference between the capabilities
setting/clearing in virSetUIDGIDWithCaps() and virCommand's
virSetCapabilities() (which it will replace in the next patch) is that
the new function properly clears the capabilities bounding set, so it
will not be possible for a child process to set any new
capabilities.

A short description of what is done by virSetUIDGIDWithCaps():

1) clear all capabilities then set all those desired by the caller (in
capBits) plus CAP_SETGID, CAP_SETUID, and CAP_SETPCAP (which is needed
to change the capabilities bounding set).

2) call prctl(), telling it that we want to maintain current
capabilities across an upcoming setuid().

3) switch to the new uid/gid

4) again call prctl(), telling it we will no longer want capabilities
maintained if this process does another setuid().

5) clear the capabilities that we added to allow us to
setuid/setgid/change the bounding set (unless they were also requested
by the caller via the virCommand API).

Because the modification/maintaining of capabilities is intermingled
with setting the uid, this is necessarily done in a single function,
rather than having two independent functions.

Note that, due to the way that effective capabilities are computed (at
time of execve) for a process that has uid != 0, the *file*
capabilities of the binary being executed must also have the desired
capabilities bit(s) set (see "man 7 capabilities"). This can be done
with the "filecap" command. (e.g. "filecap /usr/bin/qemu-kvm sys_rawio").
2013-02-13 16:11:16 -05:00
Laine Stump
7bf1aa0b9b security: add new virSecurityManagerSetChildProcessLabel API
The existing virSecurityManagerSetProcessLabel() API is designed so
that it must be called after forking the child process, but before
exec'ing the child. Due to the way the virCommand API works, that
means it needs to be put in a "hook" function that virCommand is told
to call out to at that time.

Setting the child process label is a basic enough need when executing
any process that virCommand should have a method of doing that. But
virCommand must be told what label to set, and only the security
driver knows the answer to that question.

The new virSecurityManagerSet*Child*ProcessLabel() API is the way to
transfer the knowledge about what label to set from the security
driver to the virCommand object. It is given a virCommandPtr, and each
security driver calls the appropriate virCommand* API to tell
virCommand what to do between fork and exec.

1) in the case of the DAC security driver, it calls
virCommandSetUID/GID() to set a uid and gid that must be set for the
child process.

2) for the SELinux security driver, it calls
virCommandSetSELinuxLabel() to save a copy of the char* that will be
sent to setexeccon_raw() *after forking the child process*.

3) for the AppArmor security drivers, it calls
virCommandSetAppArmorProfile() to save a copy of the char* that will
be sent to aa_change_profile() *after forking the child process*.

With this new API in place, we will be able to remove
virSecurityManagerSetProcessLabel() from any virCommand pre-exec
hooks.

(Unfortunately, the LXC driver uses clone() rather than virCommand, so
it can't take advantage of this new security driver API, meaning that
we need to keep around the older virSecurityManagerSetProcessLabel(),
at least for now.)
2013-02-13 16:11:16 -05:00