Commit Graph

47862 Commits

Author SHA1 Message Date
김인수
963f9a25b4 Translated using Weblate (Korean)
Currently translated at 100.0% (10416 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Co-authored-by: 김인수 <simmon@nplob.com>
Signed-off-by: 김인수 <simmon@nplob.com>
2023-02-27 15:20:28 +01:00
Michal Privoznik
d427102fbd qemu: Don't error out on 'unknown' memory model in qemuMonitorJSONGetMemoryDeviceInfo()
When starting QEMU (or when reconnecting to a running one),
qemuMonitorJSONGetMemoryDeviceInfo() is called to refresh info on
memory devices. In here, query-memory-devices is called which
returns info on all memory devices. The result is then iterated
over and for some memory models runtime information is updated.
The rest is to be ignored. Except, when introducing SGX support,
this was turned into an error leaving us unable to start any
domain with virtio-pmem memory device (as virtio-pmem is to be
ignored).

Fixes: ddb1bc0519
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
2023-02-27 14:05:13 +01:00
Temuri Doghonadze
e37e1b018e Translated using Weblate (Georgian)
Currently translated at 3.6% (376 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ka/

Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
2023-02-25 11:20:29 +01:00
Yuri Chornoivan
e66469095d Translated using Weblate (Ukrainian)
Currently translated at 100.0% (10416 of 10416 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/uk/

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>
2023-02-23 18:20:29 +01:00
Weblate
6af048339f Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/

Co-authored-by: Weblate <noreply@weblate.org>
Signed-off-by: Fedora Weblate Translation <i18n@lists.fedoraproject.org>
2023-02-22 15:22:29 +01:00
Jiri Denemark
5e406bdaef po: Refresh potfile for v9.1.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2023-02-22 15:16:26 +01:00
Daniel P. Berrangé
9541ce080a docs/kbase: fix example for SEV validation
The offline validation example needs to include the firmware path,
and is also missing line continuation markers.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-22 13:48:49 +00:00
Daniel P. Berrangé
a020a2541a rpm: add missing deps for the virt-qemu-sev-validate
The RPM automatic deps generator for python does not pick these up

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-22 13:48:48 +00:00
Daniel P. Berrangé
4d3b2d77d0 docs: refer to --firmware instead of --loader
The --loader syntax was left over from an earlier version of the code
before it was renamed to --firmware.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-22 13:48:48 +00:00
Laine Stump
f62ce81b8a qemu: respond to NETDEV_STREAM_DISCONNECTED event
When a QEMU netdev is of type "stream", if the socket it uses for
connectivity to the host network gets closed, then QEMU will send a
NETDEV_STREAM_DISCONNECTED event. We know that any stream netdev we've
created is backed by a passt process, and if the socket was closed,
that means the passt process has disappeared.

When we receive this event, we can respond by starting a new passt
process with the same options (including socket path) we originally
used. If we have previously created the stream netdev device with a
"reconnect" option, then QEMU will automatically reconnect to this new
passt process. (If we hadn't used "reconnect", then QEMU will never
try to reconnect to the new passt process, so there's no point in
starting it.)

Note that NETDEV_STREAM_DISCONNECTED is an event sent for the netdev
(ie "host side") of the network device, and so it sends the
"netdev-id" to specify which device was disconnected. But libvirt's
virDomainNetDef (the object used to keep track of network devices) is
the internal representation of both the host-side "netdev", and the
guest side device, and virDomainNetDef doesn't directly keep track of
the netdev-id, only of the device's "alias" (which is the "id"
parameter of the *guest* side of the device). Fortunately, by convention
libvirt always names the host-side of devices as "host" + alias, so in
order to search for the affected NetDef, all we need to do is trim the
1st 4 characters from the netdev-id and look for the NetDef having
that resulting trimmed string as its alias. (Contrast this to
NIC_RX_FILTER_CHANGED, which is an event received for the guest side
of the device, and so directly contains the device alias.)

Resolves: https://bugzilla.redhat.com/2172098
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-22 08:36:13 -05:00
Laine Stump
acd8333f76 qemu: add reconnect=5 to passt qemu commandline options when available
QEMU's "reconnect" option of "-netdev stream" tells QEMU to
periodically (period is given in seconds as an argument to the option)
attempt to reconnect to the same passt socket to which it had
originally connected to. This is useful in cases where the passt
process terminates, and libvirtd starts a new passt process in its
place (which doesn't happen yet, but will happen automatically after
an upcoming patch in this series).

Since there is no real hueristic for determining the "best" value of
the reconnect interval, rather than clutter up config with a knob that
nobody knows how to properly twiddle, we just set the reconnect timer
to 5 seconds.

"-netdev stream" first appeared in QEMU 7.2.0, but the reconnect
option won't be available until QEMU 8.0.0, so we need to check QEMU
capabilities just in case someone is using QEMU 7.2.0 (and thus can
support passt backend, but not reconnect)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-22 08:26:01 -05:00
Peter Krempa
70747222a7 qemu: capabilities: Introduce QEMU_CAPS_NETDEV_STREAM_RECONNECT
Detect that the 'stream' netdev backend supports reconnecting.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-22 08:25:36 -05:00
Laine Stump
771992363e qemu: remove extraneous error log when qemuPasstStart() fails during hotplug
qemuPasstStart() already logs any error that occurs, so having the
caller log a generic error message only serves to obscure the actual
problem.

Fixes: a56f0168d5
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-22 08:21:48 -05:00
Laine Stump
dffc40db69 qemu: add check for QEMU_CAPS_NETDEV_STREAM during validation
In commit 5af6134e I had added a new capability that is true if QEMU
allows "-netdev stream", but somehow neglected to actually check it in
commit a56f0168d when hooking up passt support to qemu. This isn't
catastrophic, since QEMU itself will still report an error, but that
error isn't as easy to understand as a libvirt-generated error.

Fixes: a56f0168d5
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-22 07:36:45 -05:00
Stefano Brivio
b7a18787de qemu_passt: Remove passt socket file on exit
Just like it can't remove its own PID files, passt can't unlink its
own socket upon exit (unless the initialisation fails), because it
has no access to the filesystem at runtime.

Remove the socket file in qemuPasstKill().

Fixes: a56f0168d5 ("qemu: hook up passt config to qemu domains")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-22 07:36:31 -05:00
Temuri Doghonadze
4938954ed3 Translated using Weblate (Georgian)
Currently translated at 3.5% (367 of 10405 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ka/

Translated using Weblate (Georgian)

Currently translated at 2.1% (223 of 10405 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ka/

Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
2023-02-21 20:45:12 +01:00
Laine Stump
110d209263 qemu: forbid updating any attributes of an interface <backend> with update-device
Changing any of the attributes of an <interface>'s <backend> would
require removing and re-adding the interface for the new setting to
take effect, so fail any update-device that changes anything in
<backend>

Resolves: https://bugzilla.redhat.com/2169245
Signed-off-by: Laine Stump <laine@redhat.com>
2023-02-21 14:44:54 -05:00
Pavel Hrdina
9445a8e398 NEWS: document external memory snapshot bug fixes
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-21 18:27:22 +01:00
Pavel Hrdina
e3957c2246 qemu_snapshot: refactor qemuSnapshotDeleteExternalPrepare
When user creates external snapshot with making only memory snapshot
without any disks deleting that snapshot failed without reporting any
meaningful error.

The issue is that the qemuSnapshotDeleteExternalPrepare function
returns NULL because the returned list is empty. This will not change
so to make it clear if the function fails or not return int instead and
have another parameter where we can pass the list.

With the fixed memory snapshot deletion it will now correctly delete
memory only snapshot as well.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2170826

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-21 18:27:22 +01:00
Pavel Hrdina
356e227208 qemu_snapshot: remove memory snapshot when deleting external snapshot
When deleting external snapshot we should remove the memory snapshot
file as well.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-21 18:27:22 +01:00
Zhenguo Yao
0261c2ab42 qemu: fix reconnect of unix socket is wrong
'reconnect' parameter doesn't pass to qemu properly when
hotplug vhost-user device to vm. Fix this by making
'reconnect' to get correct value.

Signed-off-by: Zhenguo Yao <yaozhenguo1@gmail.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2023-02-21 10:58:00 -06:00
Kristina Hanicova
4bae0c8ae4 NEWS: Document new pvpanic-pci device
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-02-21 17:51:32 +01:00
Kristina Hanicova
c98e49f82e docs: document panic device 'pvpanic-pci'
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-02-21 17:51:30 +01:00
Kristina Hanicova
78744415fe tests: add case for pvpanic-pci without address
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-02-21 17:51:28 +01:00
Kristina Hanicova
9f52df3a70 qemu: assign PCI address to device pvpanic-pci
It makes sense to accept pvpanic-pci also without specified PCI
address and assign one if possible.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1961326

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-02-21 17:51:26 +01:00
Kristina Hanicova
f4367059d2 tests: add test cases for device pvpanic-pci
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-02-21 17:51:24 +01:00
Kristina Hanicova
46ef87e10e conf: add panic model 'pvpanic'
This patch introduces optional device pvpanic-pci, validates its
address and generates command line.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-02-21 17:51:23 +01:00
Kristina Hanicova
741624a1a6 qemu: introduce QEMU_CAPS_DEVICE_PANIC_PCI
This capability detects the availability of the pvpanic-pci
device that is required in order to use pvpanic on Arm (original
pvpanic is an emulated ISA device, for which Arm does not have
support).

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-02-21 17:51:19 +01:00
Peter Krempa
6db7b2d2ca tests: qemucapabilitiesdata: Update for the qemu-8.0 development cycle
Update to v7.2.0-1550-g79b677d658:

Notable changes:
 - the 'stream' netdev backend supports 'reconnect'
 - 'ide-cf' device added
 - 'sgx-aex-notify' and 'sgx-edeccssa' cpu properties added
 - 'pvrdma' device added
 - 'qio-channel-rdma' channel added
 - 'query-audiodevs` command added
 - block graph info changes
   - added specific information for 'file' node ('extent-size-hint')
   - format specific info for 'vmdk' nodes changed
 - 'query-migrationthreads' command added
 - deprecated 'sga' device removed
 - deprecated 'password' option of SPICE protocol removed
 - deprecated 'section-size' property of return value of 'query-sgx'
   removed
 - 'x-early-migration' property for 'virtio-mem' added
 - 'x-native-hotplug' renamed to 'x-do-not-expose-native-hotplug-cap'

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-02-21 16:01:37 +01:00
Temuri Doghonadze
da6277d8e9 Translated using Weblate (Georgian)
Currently translated at 2.1% (223 of 10405 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ka/

Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
2023-02-21 11:20:29 +00:00
Martin Kletzander
bb47ce4ac4 Remove unused member upstream from virDomainNetBackend
It was used briefly and subsequently removed in 3592b81c4c.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-21 12:05:41 +01:00
Martin Kletzander
a834735898 docs: Convert 404 page to rST
There is no markup equivalent for any of the <s/> or <del/> HTML tags, so this
is the only thing I came up with and it looks like it works.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-21 10:58:59 +01:00
Andrea Bolognani
f0c1ce4382 syntax-check: Ensure Python is called via env(1)
The syntax-check rule that calls flake8 on Python scripts
expects this to be the case, and it's the best practice anyway.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-02-20 18:33:16 +01:00
Andrea Bolognani
5af19e530e docs: Recommend better python3 shebang
Python scripts should always invoked the interpreter through
env(1) to ensure that they work on macOS and the BSDs, and at
this point not explicitly asking for Python 3 doesn't really
make sense.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-02-20 18:33:01 +01:00
Peter Krempa
91d890bdce docs/html: Properly generate ACL permissions into API reference
The 'newapi.xsl' stylesheet was referencing non-existing paths to the
XML files holding ACL permission flags for individual APIs. Additionally
the 'document()' XSL function doesn't even allow concatenation of the
path as it was done via '{$builddir}/src..', but requires either direct
argument or use of the 'concat()' function.

This meant that the 'acls' variable was always empty and thus none of
our API documentation was actually generated with the 'acl' section.

Fix it by passing the path to the XML via an argument to the stylesheet
as the files differ based on which document is being generated.

Since the 'admin' API does not have ACL we need to handle it separately
now in the build system.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 18:26:53 +01:00
Peter Krempa
e0def8d587 gendispatch: Add proper XML header to ACL permissions XML file
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 18:26:51 +01:00
Peter Krempa
c9ee6f1d57 docs: ACL: Mention the ACL object name along with the corresponding libvirt object name
It's not trivial to figure out the ACL object name from our
documentation. Add it above the table outlining existing permissions.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 18:26:47 +01:00
Peter Krempa
0b69e2b995 docs: Fix generated names for ACL objects
Both the object name and permission name in ACL use '-' instead of '_'
separator when referring to them in the docs or even when used inside of
polkit. Unfortunately the generators used for generating our docs don't
honour this in certain cases which would result in broken names in the
API docs (once they will be generated).

Rename both object and permission name to use dash and reflect that in
the anchor names in the documentation.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-02-20 18:26:16 +01:00
Temuri Doghonadze
91431db94b Translated using Weblate (Georgian)
Currently translated at 1.7% (185 of 10405 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ka/

Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
2023-02-20 11:05:43 +01:00
Michal Privoznik
fbd36ae01b selinux: Don't ignore ENOENT in Permissive mode
In selinux driver there's virSecuritySELinuxSetFileconImpl()
which is responsible for actual setting of SELinux label on given
file and handling possible failures. In fhe failure handling code
we decide whether failure is fatal or not. But there is a bug:
depending on SELinux mode (Permissive vs. Enforcing) the ENOENT
is either ignored or considered fatal. This not correct - ENOENT
must always be fatal for couple of reasons:

- In virSecurityStackTransactionCommit() the seclabels are set
  for individual secdrivers (e.g. SELinux first and then DAC),
  but if one secdriver succeeds and another one fails, then no
  rollback is performed for the successful one leaking remembered
  labels.

- QEMU would fail opening the file anyways (if neither of
  secdrivers reported error and thus cancelled domain startup)

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2004850
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-02-20 11:04:21 +01:00
Michal Privoznik
466920ea1d selinux: Swap two blocks handling setfilecon_raw() failure
In virSecuritySELinuxSetFileconImpl() we have code that handles
setfilecon_raw() failure. The code consists of two blocks: one
for dealing with shared filesystem like NFS (errno is ENOTSUP or
EROFS) and the other block that's dealing with EPERM for
privileged daemon. Well, the order of these two blocks is a bit
confusing because the comment above them mentions the NFS case
but EPERM block follows. Swap these two blocks to make it less
confusing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-02-20 11:02:51 +01:00
Michal Privoznik
029a892abd qemu_passt: Let passt write the PID file
The way we start passt currently is: we use
virCommandSetPidFile() to use our virCommand machinery to acquire
the PID file and leak opened FD into passt. Then, we use
virPidFile*() APIs to read the PID file (which is needed when
placing it into CGroups or killing it). But this does not fly
really because passt daemonizes itself. Thus the process we
started dies soon and thus the PID file is closed and unlocked.

We could work around this by passing '--foreground' argument, but
that weakens passt as it can't create new PID namespace (because
it doesn't fork()).

The solution is to let passt write the PID file, but since it
does not lock the file and closes it as soon as it is written, we
have to switch to those virPidFile APIs which don't expect PID
file to be locked.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-20 09:43:14 +01:00
Michal Privoznik
e5bfc661bc qemu_passt: Deduplicate passt killing code
There are two places where we kill passt:

1) qemuPasstStop() - called transitively from qemuProcessStop(),
2) qemuPasstStart() - after failed start.

Now, the code from 2) lack error preservation (so if there's
another error during cleanup we might overwrite the original
error). Therefore, move the internals of qemuPasstStop() into a
separate function and call it from both places.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-20 09:43:14 +01:00
Michal Privoznik
02355840ce qemu_passt: Report passt's error on failed start
When starting passt, it may write something onto its stderr
(convincing it to print even more is addressed later). Pass this
string we read to user.

Since we're not daemonizing passt anymore (see previous commit),
we can let virCommand module do all the heavy lifting and switch
to virCommandSetErrorBuffer() instead of reading error from an
FD.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-20 09:43:14 +01:00
Michal Privoznik
c0efdbdb9f qemu_passt: Avoid double daemonizing passt
When passt is started, it daemonizes itself by default. There's
no point in having our virCommand module daemonize it too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-20 09:43:14 +01:00
Peter Krempa
ecca805336 docs: ACL: Show which permissions are allowed for unauthenticated connections
Certain APIs are allowed also without authentication but the ACL page
didn't outline which. Generate a new column with the information.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 09:22:51 +01:00
Peter Krempa
74bdc2abb9 libvirt-nodedev: Allow read-only access to virNodeDeviceGetAutostart
Fetching whether a node-device is marked for autostart can be allowed
from read-only connections similarly to other objects.

Fixes: c6607a25b9
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 09:22:51 +01:00
Peter Krempa
87ed6ff7cd access: Allow 'node-device.read' permission for anonymous users
For all other objects we allow the 'read' permission for anonymous
users. In fact the idea is to allow all permissions users using the
readonly connection would have.

This impacts the following APIs (in terms of RPC procedure names):

  $ git grep -A 3 node_device:read | grep REMOTE
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_GET_XML_DESC = 114,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_GET_PARENT = 115,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_NUM_OF_CAPS = 116,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_LIST_CAPS = 117,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_GET_AUTOSTART = 433,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_IS_PERSISTENT = 435,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_IS_ACTIVE = 436,

Fixes: a93cd08f
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 09:22:51 +01:00
Michal Privoznik
15e5eb8a76 qemu_extdevice: Add a comment into qemuExtDevicesSetupCgroup()
The way setting up CGroups for external helpers work, is:
qemuExtDevicesHasDevice() is called first to determine whether
there is a helper process running, the CGroup controller is
created and then qemuExtDevicesSetupCgroup() is called to place
helpers into the CGroup. But when one reads just
qemuExtDevicesSetupCgroup() it's easy to miss this hidden logic.
Therefore, add a warning at the beginning of the function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-16 10:50:39 +01:00
Michal Privoznik
598a73335d qemu_passt: Report error when getting passt PID failed
If qemuPasstGetPid() fails, or the passt's PID is -1 then
qemuPasstSetupCgroup() returns early without any error message
set. Report an appropriate error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-02-15 16:21:26 +01:00