Commit Graph

5359 Commits

Author SHA1 Message Date
Daniel P. Berrange
e6e90c8d70 Add auditing of filesystems
When passing through filesystems from the host to a guest, the
host filesystem passed must be audited

* src/conf/domain_audit.{c,h}: Add virDomainAuditFS
2011-07-12 17:05:30 +01:00
Daniel P. Berrange
b43070ebfc Move qemu_audit.h helpers into shared code
The LXC and UML drivers can both make use of auditing. Move
the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}

* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
  src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
  src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
  src/qemu/qemu_process.c: Update for changed audit API names
2011-07-12 17:05:25 +01:00
Matthias Bolte
38ea116eba esx: Initialize all instances of esxVMX_Data to zero
To avoid using or freeing uninitialized memory or pointers.
2011-07-12 17:08:36 +02:00
Matthias Bolte
b253452942 rpc: Fix compile error due to potentially unused parameter
connectDBus is only used if HAVE_DBUS is set. Therefore mark
it as potentially unused.
2011-07-12 17:06:16 +02:00
Jim Fehlig
b8adfcc60c Fix build when using polkit0
V2: Remove policy kit references from virNetServer and use DBus APIs
    directly, if available.
2011-07-12 08:44:55 -06:00
Daniel P. Berrange
109efd7941 Implement code to attach to external QEMU instances.
Given a PID, the QEMU driver reads /proc/$PID/cmdline and
/proc/$PID/environ to get the configuration. This is fed
into the ARGV->XML convertor to build an XML configuration
for the process.

/proc/$PID/exe is resolved to identify the full command
binary path

After checking for name/uuid uniqueness, an attempt is
made to connect to the monitor socket. If successful
then 'info status' and 'info kvm' are issued to determine
whether the CPUs are running and if KVM is enabled.

* src/qemu/qemu_driver.c: Implement virDomainQemuAttach
* src/qemu/qemu_process.h, src/qemu/qemu_process.c: Add
  qemuProcessAttach to connect to the monitor of an
  existing QEMU process
2011-07-12 15:39:04 +01:00
Daniel P. Berrange
7760eaa050 Add monitor API for checking whether KVM is enabled
When attaching to an external QEMU process, it is neccessary
to check if the process is using KVM or not. This can be done
using a monitor command

* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
  API for checking if KVM is enabled
2011-07-12 15:39:04 +01:00
Daniel P. Berrange
80a4ee4695 Add a method for extracting QEMU argv from /proc
To enable attaching to externally launched QEMU, we need
to be able to reverse engineer a guest XML config based
on the argv for a PID in /proc

* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Add
  qemuParseCommandLinePid which extracts QEMU config from
  argv in /proc, given a PID number
2011-07-12 15:39:04 +01:00
Daniel P. Berrange
ebbae359ff Change extract pidfile & monitor config from QEMU command line
When converting QEMU argv into a virDomainDefPtr, also extract
the pidfile, monitor character device config and the monitor
mode.

* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Extract
  pidfile & monitor config from QEMU argv
* src/qemu/qemu_driver.c, tests/qemuargv2xmltest.c: Add extra
  params when calling qemuParseCommandLineString
2011-07-12 15:39:04 +01:00
Daniel P. Berrange
accfe952eb Keep pidfile path in qemuDomainObjPrivate struct
Avoid re-formatting the pidfile path everytime we need it. Create
it once when starting the guest, and preserve it until the guest
is shutdown.

* src/libvirt_private.syms, src/util/util.c,
  src/util/util.h: Add virFileReadPidPath
* src/qemu/qemu_domain.h: Add pidfile field
* src/qemu/qemu_process.c: Store pidfile path in qemuDomainObjPrivate
2011-07-12 15:39:03 +01:00
Daniel P. Berrange
4403646001 Define remote wire protocol & impls for virDomainQemuAttach
This tweaks the RPC generator to cope with some naming
conventions used for the QEMU specific APIs

* daemon/remote.c: Server side dispatcher
* src/remote/remote_driver.c: Client side dispatcher
* src/remote/qemu_protocol.x: Wire protocol definition
* src/rpc/gendispatch.pl: Use '$structprefix' in method
  names, fix QEMU flags and fix dispatcher method names
2011-07-12 15:39:03 +01:00
Daniel P. Berrange
639f841346 Define a QEMU specific API to attach to a running QEMU process
Introduce a new API in libvirt-qemu.so

 virDomainPtr virDomainQemuAttach(virConnectPtr domain,
                                  unsigned long long pid,
                                  unsigned int flags);

This allows libvirtd to attach to an existing, externally
launched QEMU process. This is useful for QEMU developers who
prefer to launch QEMU themselves for debugging/devel reasons,
but still want the benefit of libvirt based tools like
virt-top, virt-viewer, etc

* include/libvirt/libvirt-qemu.h: Define virDomainQemuAttach
* src/driver.h, src/libvirt-qemu.c, src/libvirt_qemu.syms:
  Driver glue for virDomainQemuAttach
2011-07-12 15:39:03 +01:00
Alex Jia
9c5b190017 qemu: update configuration file
* src/qemu/qemu.conf: Add blkio controller into qemu.conf.
2011-07-12 07:24:43 -06:00
Eric Blake
f532bfa297 qemu: avoid fd leak on core dump failure
* src/qemu/qemu_driver.c (doCoreDump): Guarantee fd is closed.
2011-07-12 07:24:43 -06:00
Eric Blake
2ceb35e1cd maint: rename virtaudit to match file contents
* src/util/virtaudit.[ch]: Rename...
* src/util/viraudit.[ch]: ...to match virAudit* API.
* src/Makefile.am (UTIL_SOURCES): Reflect rename.
* daemon/libvirtd.c: Likewise.
* po/POTFILES.in: Likewise.
* src/libvirt_private.syms: Likewise.
* src/qemu/qemu_audit.c: Likewise.
2011-07-12 07:24:43 -06:00
Oskari Saarenmaa
9a0e6a8fae remote/ssh: support for no_verify.
Set StrictHostKeyChecking=no to auto-accept new ssh host keys if the
no_verify extra parameter was specified.  This won't disable host key
checking for already known hosts.  Includes a test and documentation.
2011-07-12 15:09:05 +02:00
Michal Privoznik
d50bb45b1a domain_conf: Free temporary variable
* src/conf/domain_conf.c: caller must free returned value of
  virXPathString in useserial
2011-07-12 17:25:36 +08:00
Osier Yang
6ddb83efcc esx: Fix a potential crash
Initialize ptr data.datastorePathWithoutFileName as NULL, otherwise
it might cause crash when trying to free it in cleanup.
2011-07-12 17:23:35 +08:00
Eric Blake
62dee6fa48 build: also check qemu_protocol for on-the-wire stability
Since we are going to add some libvirt-qemu.so entry points in
0.9.4, we might as well start checking for RPC stability, just
as for libvirt.so.

* src/Makefile.am (PROTOCOL_STRUCTS): New variable.
(remote_protocol-structs): Rename...
(%_protocol-structs): ...and make more generic.
* src/qemu_protocol-structs: New file.
2011-07-11 17:48:32 -06:00
Eric Blake
df94811f71 build: avoid requiring -lm
log2() is heavy when ffs() can do the same thing.  But ffs()
requires gnulib support for mingw.

This patch solves this linker error on Fedora 14.

/usr/bin/ld: libvirt_lxc-domain_conf.o: undefined reference to symbol 'log2@@GLIBC_2.2.5'
/usr/bin/ld: note: 'log2@@GLIBC_2.2.5' is defined in DSO /lib64/libm.so.6 so try adding it to the linker command line
/lib64/libm.so.6: could not read symbols: Invalid operation
collect2: ld returned 1 exit status

* .gnulib: Update to latest, for ffs.
* bootstrap.conf (gnulib_modules): Import ffs.
* src/conf/domain_conf.c (virDomainDefParseXML): Use ffs instead
of log2.
Reported by Dave Allan.
2011-07-11 17:32:11 -06:00
Matthias Bolte
aa14709a47 Add domain type checking
The drivers were accepting domain configs without checking if those
were actually meant for them. For example the LXC driver happily
accepts configs with type QEMU.

Add a check for the expected domain types to the virDomainDefParse*
functions.
2011-07-11 19:38:51 +02:00
Alex Jia
7518ad753f remote: Fix memory leak
Detected in valgrind run:

==9184== 1 bytes in 1 blocks are definitely lost in loss record 1 of 19
==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
==9184==    by 0x4CF97C9: xdr_remote_domain_get_security_label_ret (remote_protocol.c:1696)
==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
==9184==    by 0x4CE3887: call (remote_driver.c:3933)
==9184==    by 0x4CF71C6: remoteDomainGetSecurityLabel (remote_driver.c:1580)
==9184==    by 0x4CCA480: virDomainGetSecurityLabel (libvirt.c:7340)
==9184==    by 0x41993A: cmdDominfo (virsh.c:2414)
==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
==9184==    by 0x4211ED: main (virsh.c:14076)
==9184==
==9184== 2 bytes in 1 blocks are definitely lost in loss record 2 of 19
==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
==9184==    by 0x4CF974F: xdr_remote_node_get_security_model_ret (remote_protocol.c:1713)
==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
==9184==    by 0x4CE3887: call (remote_driver.c:3933)
==9184==    by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
==9184==    by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
==9184==    by 0x4197D7: cmdDominfo (virsh.c:2394)
==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
==9184==    by 0x4211ED: main (virsh.c:14076)
==9184==
==9184== 8 bytes in 1 blocks are definitely lost in loss record 3 of 19
==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
==9184==    by 0x4CF9729: xdr_remote_node_get_security_model_ret (remote_protocol.c:1710)
==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
==9184==    by 0x4CE3887: call (remote_driver.c:3933)
==9184==    by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
==9184==    by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
==9184==    by 0x4197D7: cmdDominfo (virsh.c:2394)
==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
==9184==    by 0x4211ED: main (virsh.c:14076)
==9184==
==9184== LEAK SUMMARY:
==9184==    definitely lost: 11 bytes in 3 blocks

* src/remote/remote_driver.c: Avoid leak on remoteDomainGetSecurityLabel
  and remoteNodeGetSecurityModel.
2011-07-11 09:50:07 -06:00
Jim Fehlig
eb3143154e Do not drop kernel cmdline for xen pv domains
Kernel cmdline args can be passed to xen pv domains even when a
bootloader is specified.  The current config-to-sxpr mapping
ignores cmdline when bootloader is present.

Since the xend sub-driver is used with many xen toolstack versions,
this patch takes conservative approach of adding an else block to
existing !def->os.bootloader, and only appends sxpr if def->os.cmdline
is non-NULL.

V2: Fix existing testcase broken by this patch and add new testcases
2011-07-11 09:11:15 -06:00
Wen Congyang
8a8b45b889 kill vm if saving config failed in v3 protocol
If virDomainSaveConfig() failed, we will return NULL to source,
and the vm is still available to restart during confirm() step in
v3 protocol. So we should kill it off in qemuMigrationFinish().

In v2 protocol, we should not set vm to NULL, because we hold
a reference of vm and should unrefernce it.
2011-07-11 20:53:35 +08:00
Wen Congyang
586765fb65 RPC: fix argument's name 2011-07-11 20:53:29 +08:00
Michal Privoznik
874e65aa15 bios: Add support for SGA
This patch creates new <bios> element which, at this time has only the
attribute useserial='yes|no'. This attribute allow users to use
Serial Graphics Adapter and see BIOS messages from the very first moment
domain boots up. Therefore, users can choose boot medium, set PXE, etc.
2011-07-11 11:47:14 +02:00
Matthias Bolte
1428029738 vbox: Fix logic in storage driver open function
If the main driver is the vbox driver, then the open function
has to return an error if the private data is invalid.
2011-07-09 15:52:14 +02:00
Matthias Bolte
6ca8d68d70 rpc: Fix whitespace problem in generated code
Add missing line break and fix indention level.

Reported by Cole Robinson.
2011-07-09 00:10:04 +02:00
Federico Simoncelli
de2aa6cfc7 sanlock: avoid lockspace setup when auto_disk_lease is off
When auto_disk_lease is off we should avoid the automatic lockspace
creation.

Signed-off-by: Federico Simoncelli <fsimonce@redhat.com>
2011-07-08 14:49:10 -06:00
Michael Santos
b0b85c454c qemu: clean up OOM checks 2011-07-08 09:39:23 -06:00
Daniel P. Berrange
3cfdc57b85 Fix sending of reply to final RPC message
The dispatch for the CLOSE RPC call was invoking the method
virNetServerClientClose(). This caused the client connection
to be immediately terminated. This meant the reply to the
final RPC message was never sent. Prior to the RPC rewrite
we merely flagged the connection for closing, and actually
closed it when the next RPC call dispatch had completed.

* daemon/remote.c: Flag connection for a delayed close
* daemon/stream.c: Update to use new API for closing
  failed connection
* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
  Add support for a delayed connection close. Rename the
  virNetServerClientMarkClose method to virNetServerClientImmediateClose
  to clarify its semantics
2011-07-08 16:19:57 +01:00
Daniel P. Berrange
afe8839f01 Fix leak of remote driver if final 'CLOSE' RPC call fails
When closing a remote connection we issue a (fairly pointless)
'CLOSE' RPC call to the daemon. If this fails we skip all the
cleanup of private data, but the virConnectPtr object still
gets released as normal. This causes a memory leak. Since the
CLOSE RPC call is pretty pointless, just carry on freeing the
remote driver if it fails.

* src/remote/remote_driver.c: Ignore failure to issue CLOSE
  RPC call
2011-07-08 16:19:57 +01:00
Daniel P. Berrange
2c85644b0b Fix release of outgoing stream confirmation/abort message
When sending back the final OK or ERROR message on completion
of a stream, we were not decrementing the 'nrequests' tracker
on the client. With the default requests limit of '5', this
meant once a client had created 5 streams, they are unable to
process any further RPC calls.  There was also a bug when
handling an error from decoding a message length header, which
meant a client connection would not immediately be closed.

* src/rpc/virnetserverclient.c: Fix release of request after
  stream completion & mark client for close on error
2011-07-08 16:19:57 +01:00
Daniel P. Berrange
927dfcf693 Fix leak of 'msg' object in client stream code
In one exit path we forgot to free the virNetMessage object causing
a large memory leak for streams which send a lot of data. Some other
paths were calling VIR_FREE directly instead of virNetMessageFree
although this was (currently) harmless.

* src/rpc/virnetclientstream.c: Fix leak of msg object
* src/rpc/virnetclientprogram.c: Call virNetMessageFree instead
  of VIR_FREE
2011-07-08 16:19:57 +01:00
Daniel P. Berrange
c2ddd53614 Fix mistaken order of server cert/key parameters in constructor
The virNetTLSContextNew was being passed key/cert parameters in
the wrong order. This wasn't immediately visible because if
virNetTLSContextNewPath was used, a second bug reversed the order
of those parameters again.

Only if the paths were manually specified in /etc/libvirt/libvirtd.conf
did the bug appear

* src/rpc/virnettlscontext.c: Fix order of params passed to
  virNetTLSContextNew
2011-07-08 16:19:57 +01:00
Michal Privoznik
30c43afd73 graphics: add support for action_if_connected in qemu
This option accepts 3 values:
-keep, to keep current client connected (Spice+VNC)
-disconnect, to disconnect client (Spice)
-fail, to fail setting password if there is a client connected (Spice)
2011-07-08 17:00:43 +02:00
Jiri Denemark
2f4d2496a8 util: Don't try to fchown files opened as non-root
When virFileOpenAs is called with VIR_FILE_OPEN_AS_UID flag and uid/gid
different from root/root while libvirtd is running as root, we fork a
new child, change its effective UID/GID to uid/gid and run
virFileOpenAsNoFork. It doesn't make any sense to fchown() the opened
file in this case since we already know that uid/gid can access the file
when open succeeds and one of the following situations may happen:

- the file is already owned by uid/gid and we skip fchown even before
  this patch
- the file is owned by uid but not gid because it was created in a
  directory with SETGID set, in which case it is desirable not to change
  the group
- the file may be owned by a completely different user and/or group
  because it was created on a root-squashed or even all-squashed NFS
  filesystem, in which case fchown would most likely fail anyway
2011-07-08 16:43:55 +02:00
Michal Privoznik
724819a10a qemu: Don't chown files on NFS share if dynamic_ownership is off
When dynamic ownership is disabled we don't want to chown any files,
not just local.
2011-07-08 10:05:59 +02:00
John Williams
a1092070d4 microblaze: Add architecture support
Add libvirt support for MicroBlaze architecture as a QEMU target.  Based on mips/mipsel pattern.

Signed-off-by: John Williams <john.williams@petalogix.com>
2011-07-07 17:49:21 -06:00
Eric Blake
17da0669e0 util: drop unused safezero argument
No caller was using the flags argument, and this function is internal
only, so we might as well skip it.

* src/util/util.h (safezero): Update signature.
* src/util/util.c (safezero): Update function.
* src/locking/lock_driver_sanlock.c
(virLockManagerSanlockSetupLockspace)
(virLockManagerSanlockCreateLease): Update all callers.
* src/storage/storage_backend.c (createRawFile): Likewise.
2011-07-07 14:15:38 -06:00
Eric Blake
7931639b7a conf: prefer unsigned int for flags
* src/conf/domain_conf.c (virDomainGraphicsDefParseXML)
(virDomainDeviceInfoFormat, virDomainDeviceInfoParseXML)
(virDomainDiskDefParseXML, virDomainControllerDefParseXML)
(virDomainFSDefParseXML, virDomainNetDefParseXML)
(virDomainChrDefParseTargetXML, virDomainChrDefParseXML)
(virDomainSmartcardDefParseXML, virDomainInputDefParseXML)
(virDomainTimerDefParseXML, virDomainSoundDefParseXML)
(virDomainWatchdogDefParseXML, virDomainMemballoonDefParseXML)
(virDomainVideoDefParseXML)
(virDomainHostdevSubsysUsbDefParseXML)
(virDomainHostdevSubsysPciDefParseXML)
(virDomainHostdevDefParseXML, virSecurityLabelDefParseXML)
(virDomainVcpuPinDefParseXML, virDomainDefParseXML)
(virDomainDefParse, virDomainDiskDefFormat)
(virDomainControllerDefFormat, virDomainFSDefFormat)
(virDomainNetDefFormat, virDomainChrSourceDefFormat)
(virDomainChrDefFormat, virDomainSmartcardDefFormat)
(virDomainSoundDefFormat, virDomainMemballoonDefFormat)
(virDomainWatchdogDefFormat, virDomainVideoDefFormat)
(virDomainInputDefFormat, virDomainGraphicsDefFormat)
(virDomainHostdevDefFormat, virDomainObjFormat): Switch signature.
(virDomainObjTaint, virDomainSaveStatus): Use unsigned flags.
2011-07-07 14:15:38 -06:00
Eric Blake
1740c38116 drivers: prefer unsigned int for flags
Now that the public APIs always use unsigned flags, the internal
driver callbacks might as well do likewise.

* src/driver.h (vrDrvOpen, virDrvDomainCoreDump)
(virDrvDomainGetXMLDesc, virDrvNetworkGetXMLDesc)
(virDrvNWFilterGetXMLDesc): Update type.
* src/remote/remote_protocol.x (remote_open_args)
(remote_domain_core_dump_args, remote_domain_get_xml_desc_args)
(remote_network_get_xml_desc_args)
(remote_nwfilter_get_xml_desc_args): Likewise.
* src/test/test_driver.c: Update clients.
* src/remote/remote_driver.c: Likewise.
* src/xen/xen_hypervisor.c: Likewise.
* src/xen/xen_hypervisor.h: Likewise.
* src/xen/xen_driver.c: Likewise.
* src/xen/xend_internal.c: Likewise.
* src/xen/xend_internal.h: Likewise.
* src/xen/xm_internal.c: Likewise.
* src/xen/xm_internal.h: Likewise.
* src/xen/xs_internal.c: Likewise.
* src/xen/xs_internal.h: Likewise.
* src/xen/xen_inotify.c: Likewise.
* src/xen/xen_inotify.h: Likewise.
* src/phyp/phyp_driver.c: Likewise.
* src/openvz/openvz_driver.c: Likewise.
* src/vmware/vmware_driver.c: Likewise.
* src/vbox/vbox_driver.c: Likewise.
* src/vbox/vbox_tmpl.c: Likewise.
* src/xenapi/xenapi_driver.c: Likewise.
* src/esx/esx_driver.c: Likewise.
* src/esx/esx_interface_driver.c: Likewise.
* src/esx/esx_network_driver.c: Likewise.
* src/esx/esx_storage_driver.c: Likewise.
* src/esx/esx_device_monitor.c: Likewise.
* src/esx/esx_secret_driver.c: Likewise.
* src/esx/esx_nwfilter_driver.c: Likewise.
* src/interface/netcf_driver.c: Likewise.
* src/nwfilter/nwfilter_driver.c: Likewise.
* src/libxl/libxl_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/lxc/lxc_driver.c: Likewise.
* src/uml/uml_driver.c: Likewise.
* src/network/bridge_driver.c: Likewise.
* src/secret/secret_driver.c: Likewise.
* src/storage/storage_driver.c: Likewise.
* src/node_device/node_device_hal.c: Likewise.
* src/node_device/node_device_udev.c: Likewise.
* src/remote_protocol-structs: Likewise.
2011-07-07 14:15:37 -06:00
Eric Blake
18d561c7a4 public API: prefer unsigned int for flags
Most APIs use 'unsigned int flags'; but a few stragglers were using
a signed value.  In particular, the vir*GetXMLDesc APIs were
split-brain, with inconsistent choice of types.  Although it is
an API break to use 'int' instead of 'unsigned int', it is ABI
compatible (pre-compiled apps will have no difference in behavior),
and generally apps can be recompiled without any issue (only rare
apps that compiled with extremely high warning levels, or which
pass libvirt API around as typed function pointers, would have to
make any code changes to deal with the change).

The migrate APIs use 'unsigned long flags', which can't be changed,
due to ABI constraints.

This patch intentionally touches only the public API, to prove the
claim that most existing code (including driver callbacks and virsh)
still compiles just fine in spite of the type change.

* include/libvirt/libvirt.h.in (virConnectOpenAuth)
(virDomainCoreDump, virDomainGetXMLDesc, virNetworkGetXMLDesc)
(virNWFilterGetXMLDesc): Use unsigned int for flags.
(virDomainHasCurrentSnapshot): Use consistent spelling.
* src/libvirt.c (virConnectOpenAuth, virDomainCoreDump)
(virDomainGetXMLDesc, virNetworkGetXMLDesc)
(virNWFilterGetXMLDesc, do_open): Update accordingly.
2011-07-07 14:15:32 -06:00
Eric Blake
313ac7fd39 maint: print flags in hex during debug
Debugging decimal flags is a pain.

* src/libvirt.c: Always print flags in hex.
2011-07-07 13:12:50 -06:00
Eric Blake
8437e738fa build: use gnulib pthread_sigmask
Gnulib finally learned how to do pthread_sigmask on mingw.

* .gnulib: Update to latest, for pthread_sigmask.
* bootstrap.conf (gnulib_modules): Add pthread_sigmask.
* configure.ac (AC_CHECK_FUNCS): Drop redundant check.
* src/rpc/virnetclient.c (virNetClientSetTLSSession)
(virNetClientIOEventLoop): Make code unconditional.
* src/util/command.c (virFork): Likewise.
* tools/virsh.c (doMigrate, cmdMigrate): Likewise.
2011-07-07 13:12:44 -06:00
Laine Stump
24442b60b9 util: close the ioctl socket at the end of if(Get|Set)MacAddress
Otherwise this will leak an fd each time one of these functions is
called.
2011-07-06 20:16:51 -04:00
Laine Stump
de796a328d util: rename err_exit to cleanup in interface.c
This brings it in line with the recommendations in HACKING.
2011-07-06 20:16:51 -04:00
Minoru Usui
107ee906ff sysinfo: delete unnecessary white space of sysinfo.
* Trim each element and delete null entry of sysinfo by
  virSkipSpacesBackwards().

Signed-off-by: Minoru Usui <usui@mxm.nes.nec.co.jp>
2011-07-06 15:19:28 -06:00
Eric Blake
01374ec8b1 util: add virTrimSpaces
The next patch wants to adjust an end pointer to trim trailing
spaces but without modifying the underlying string, but a more
generally useful ability to trim trailing spaces in place is
also worth providing.

* src/util/util.h (virTrimSpaces, virSkipSpacesBackwards): New
prototypes.
* src/util/util.c (virTrimSpaces, virSkipSpacesBackwards): New
functions.
* src/libvirt_private.syms (util.h): Export new functions.
Inspired by a patch by Minoru Usui.
2011-07-06 15:17:14 -06:00
Eric Blake
82162316b6 util: fix virSkipSpaces
Most clients of virSkipSpaces don't want to omit backslashes.
Also, open-coding the list of spaces is not as nice as using
c_isspace.

* src/util/util.c (virSkipSpaces): Use c_isspace.
(virSkipSpacesAndBackslash): New function.
* src/util/util.h (virSkipSpacesAndBackslash): New prototype.
* src/xen/xend_internal.c (sexpr_to_xend_topology): Update caller.
* src/libvirt_private.syms (util.h): Export new function.
2011-07-06 14:52:43 -06:00
Matthias Bolte
cd9a4232e5 Reduce code duplication in virFileMakePath(Helper)
Move stat and mkdir to virFileMakePathHelper.

Also use the stat result to detect whether the existing path
is a directory and set errno accordingly if it's not.
2011-07-06 16:03:12 +02:00
Matthias Bolte
2d2d6a01d7 apparmor: Finish incomplete renaming of relabel to norelabel
Commit 693eac388f was incomplete here.
2011-07-06 14:15:05 +02:00
Daniel P. Berrange
693eac388f Fix default value of security label 'relabel' attribute
When no <seclabel> is present in the XML, the virDomainSeclabelDef
struct is left as all zeros. Unfortunately, this means it gets setup
as type=dynamic, with relabel=no, which is an illegal combination.

Change the 'bool relabel' attribute in virDomainSeclabelDef to
the inverse 'bool norelabel' so that the default initialization
is sensible

* src/conf/domain_conf.c, src/conf/domain_conf.h,
  src/security/security_apparmor.c, src/security/security_selinux.c:
  Replace 'relabel' with 'norelabel'
2011-07-06 12:45:09 +01:00
Matthias Bolte
e123e1ee6b Fix return value semantic of virFileMakePath
Some callers expected virFileMakePath to set errno, some expected
it to return an errno value. Unify this to return 0 on success and
-1 on error. Set errno to report detailed error information.

Also optimize virFileMakePath if stat fails with an errno different
from ENOENT.
2011-07-06 09:27:06 +02:00
Matthias Bolte
c7694e3e50 nodedev: Let check_fc_host_linux report errors to the caller 2011-07-06 08:51:11 +02:00
Guannan Ren
416814e66a pci: initialize state values on reattach
add a new API pciDeviceReAttachInit() in pci.c to initialize state values for nodedev reattach

Initialize three state value of device driver to 1. This is just for a new call to
qemudNodeDeviceReAttach()
2011-07-05 11:42:38 -06:00
Laine Stump
834ce603f9 qemu: check flags in qemuDomainGetXMLDesc
Although most functions with flags check to verify no application is
passing in flag bits that are currently undefined, for some reason
this function wasn't.
2011-07-05 12:33:21 -04:00
Laine Stump
d3f7c7b151 conf: fix domain parse flags
* Change all flags args from int to unsigned int

* Allow passing flags in virDomainObjParseFile (and propogate those
  flags all the way down the call chain). Previously the flags were
  hardcoded (to VIR_DOMAIN_XML_INTERNAL_STATUS) several layers down
  the chain. Pass that value in at the one place that is currently
  calling virDomainObjParseFile.
2011-07-05 12:33:21 -04:00
Matthias Bolte
4a03db81cd qemu: Fix virFileMakePath error handling in snapshot creation
virFileMakePath returns an errno value on error, that will never
be negative. An virFileMakePath error would have been ignored here,
instead of being reported correctly.
2011-07-05 10:49:36 +02:00
Matthias Bolte
4a6d4d4285 conf: Fix declaration of virNetworkDNS(Hosts)Def struct
The struct A {} A; construct triggers a linker error on OSX about
duplicate symbols. This also differs from the common struct style.

Switch to common style to fix this.

Reported by Justin Clift.
2011-07-05 10:40:27 +02:00
Daniel P. Berrange
6321fd9798 Allow for resource relabelling with static labels
Add a new attribute to the <seclabel> XML to allow resource
relabelling to be enabled with static label usage.

  <seclabel model='selinux' type='static' relabel='yes'>
    <label>system_u:system_r:svirt_t:s0:c392,c662</label>
  </seclabel>

* docs/schemas/domain.rng: Add relabel attribute
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
  the 'relabel' attribute
* src/qemu/qemu_process.c: Unconditionally clear out the
  'imagelabel' attribute
* src/security/security_apparmor.c: Skip based on 'relabel'
  attribute instead of label type
* src/security/security_selinux.c: Skip based on 'relabel'
  attribute instead of label type and fill in <imagelabel>
  attribute if relabel is enabled.
2011-07-04 11:18:57 +01:00
Daniel P. Berrange
4ebfc42716 Allow a base label to be specified in dynamic labelling mode
Normally the dynamic labelling mode will always use a base
label of 'svirt_t' for VMs. Introduce a <baselabel> field
in the <seclabel> XML to allow this base label to be changed

eg

   <seclabel type='dynamic' model='selinux'>
     <baselabel>system_u:object_r:virt_t:s0</baselabel>
   </seclabel>

* docs/schemas/domain.rng: Add <baselabel>
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
  of base label
* src/qemu/qemu_process.c: Don't reset 'model' attribute if
  a base label is specified
* src/security/security_apparmor.c: Refuse to support base label
* src/security/security_selinux.c: Use 'baselabel' when generating
  label, if available
2011-07-04 11:17:19 +01:00
Osier Yang
49826eda7a storage: Do not override the exact error of createRawFile
virStorageBackendCreateRaw: createRawFile already reported the
exact error.

Before the fix:

error: Failed to create vol vol-create.img
error: cannot create path '/var/lib/libvirt/images/vol-create.img': Unknown error 18446744073709551597

After the fix:

error: Failed to create vol vol-create.img
error: cannot fill file '/var/lib/libvirt/images/vol-create.img': No space left on device
2011-07-04 16:13:23 +08:00
Wen Congyang
1aa5f85bb8 initialize pointer to NULL
cmd is not initialized to NULL, but we try to freed it if we
meet some error.
2011-07-04 14:00:28 +08:00
Eric Blake
5dc404b71d storage: avoid crash on parse error
Coverity detected that we could crash on bogus input.  Meanwhile,
strtok_r is rather heavy compared to strchr.

* src/storage/storage_backend_iscsi.c (virStorageBackendIQNFound):
  Check for parse failure, and use lighter-weight functions.
2011-07-04 10:41:38 +08:00
Eric Blake
222f6233b4 vmware: avoid null deref on failed lookup
* src/vmware/vmware_driver.c (vmwareDomainReboot): Check error
  before dereferencing memory.
2011-07-04 10:32:22 +08:00
Eric Blake
74d224fac3 qemu: avoid null deref on low memory
Detected by Coverity.  qemuDomainEventQueue requires a non-NULL
pointer; most callers silently drop the event if we encountered
and OOM situation trying to create the event.

* src/qemu/qemu_migration.c (qemuMigrationFinish): Check for OOM.
2011-07-04 10:30:43 +08:00
Eric Blake
3f81f8e4c1 cgroup: silence coverity warning
Coverity noted that most clients reacted to failure to hash; but in
a best-effort kill loop, we can ignore failure.

* src/util/cgroup.c (virCgroupKillInternal): Ignore hash failure.
2011-07-04 10:28:27 +08:00
Eric Blake
dd0c42abd4 rpc: silence coverity warning
Coverity noted that 4 out of 5 calls to virNetClientStreamRaiseError
checked the return value.  This case expects a particular value, so
warn if our expectations went wrong due to some bug elsewhere.

* src/rpc/virnetclient.c (virNetClientCallDispatchStream): Warn on
  unexpected scenario.
2011-07-04 10:26:05 +08:00
Eric Blake
aaea56dc99 qemu: silence coverity warnings
Coverity warns if the majority of callers check a function for
errors, but a few don't; but in qemu_audit and qemu_domain, the
choice to not check for failures was safe.  In qemu_command, the
failure to generate a uuid can only occur on a bad pointer.

* src/qemu/qemu_audit.c (qemuAuditCgroup): Ignore failure to get
  cgroup controller.
* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitor)
  (qemuDomainObjEnterMonitorWithDriver): Ignore failure to get
  timestamp.
* src/qemu/qemu_command.c (qemuParseCommandLine): Check for error.
2011-07-04 10:23:46 +08:00
Eric Blake
6e07f72ee5 rpc: avoid memory leak on error
Detected by Coverity.  The leak is on an error path, but I'm not
sure whether that path is likely to be triggered in practice.

* src/rpc/virnetserverservice.c (virNetServerServiceAccept): Plug leak.
2011-07-04 10:22:50 +08:00
Eric Blake
2aa83b43d3 rpc: fix logic bug
Spotted by Coverity.  If we don't update tmp each time through
the loop, then if the filter being removed was not the head of
the list, we accidentally lose all filters prior to the one we
wanted to remove.

* src/rpc/virnetserverclient.c (virNetServerClientRemoveFilter):
    Don't lose unrelated filters.
2011-07-04 09:45:21 +08:00
Eric Blake
95eaf7ba7f pci: avoid memory leak on error
Detected by Coverity.  Some, but not all, error paths were clean;
but they were repetitive so I refactored them.

* src/util/pci.c (pciGetDevice): Plug leak.
2011-07-01 16:46:20 -06:00
Eric Blake
9e8b7c1523 interface: avoid memory leak on parse error
Detected by Coverity.  Unlikely to hit unless the file contents
were corrupted.

* src/util/interface.c (ifaceRestoreMacAddress): Plug leak.
2011-07-01 16:46:20 -06:00
Eric Blake
8ce1afff88 util: choose whether to require micro in version strings
To avoid regressions, we let callers specify whether to require a
minor and micro version.  Callers that were parsing uname() output
benefit from defaulting to 0, whereas callers that were parsing
version strings from other sources should not change in behavior.

* src/util/util.c (virParseVersionString): Allow caller to choose
whether to fail if minor or micro is missing.
* src/util/util.h (virParseVersionString): Update signature.
* src/esx/esx_driver.c (esxGetVersion): Update callers.
* src/lxc/lxc_driver.c (lxcVersion): Likewise.
* src/openvz/openvz_conf.c (openvzExtractVersionInfo): Likewise.
* src/uml/uml_driver.c (umlGetVersion): Likewise.
* src/vbox/vbox_MSCOMGlue.c (vboxLookupVersionInRegistry):
Likewise.
* src/vbox/vbox_tmpl.c (vboxExtractVersion): Likewise.
* src/vmware/vmware_conf.c (vmwareExtractVersion): Likewise.
* src/xenapi/xenapi_driver.c (xenapiGetVersion): Likewise.
Reported by Matthias Bolte.
2011-07-01 11:22:11 -06:00
Eric Blake
6ae3052c06 build: consistently use CFLAGS
According to the automake manual, CPPFLAGS (aka INCLUDES, as spelled
in automake 1.9.6) should only include -I, -D, and -U directives; more
generic directives like -Wall belong in CFLAGS since they affect more
phases of the build process.  Therefore, we should be sticking CFLAGS
additions into a CFLAGS container, not a CPPFLAGS container.

* src/Makefile.am (libvirt_driver_vmware_la_CFLAGS): Use AM_CFLAGS.
(INCLUDES): Move CFLAGS items...
(AM_CFLAGS): ...to their proper location.
* python/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
* tests/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
(commandtest_CFLAGS, commandhelper_CFLAGS)
(virnetmessagetest_CFLAGS, virnetsockettest_CFLAGS): Use AM_CFLAGS.
2011-07-01 10:44:17 -06:00
Scott Moser
d42b749abf fix virParseVersionString with linux 3.0
linux 3.0 has no micro version number, and that is causing problems
for virParseVersionString.  The patch below should allow for:
  major
  major.minor
  major.minor.micro

If major or minor are not present they just default to zero.
We found this in Ubuntu (https://bugs.launchpad.net/bugs/802977)
2011-07-01 07:09:48 -06:00
Eric Blake
0ac385bd6c build: remove dead variables
Detected by Coverity.  No real harm in leaving these, but fixing
them cuts down on the noise for future analysis.

* src/rpc/virnetserver.c (virNetServerAddService): Delete unused
entry.
* src/util/sysinfo.c (virSysinfoRead): Delete dead assignment to
base.
2011-07-01 06:48:33 -06:00
Eric Blake
bf8fba1e75 build: simplify sanlock distribution
EXTRA_DIST files should unconditionally be part of the tarball,
rather than depending on the presence of sanlock-devel.

Meanwhile, parallel builds could fail if we don't use mkdir -p.

* src/Makefile.am (EXTRA_DIST): Always ship sanlock .aug and
template .conf files.
(%-sanlock.conf): Use MKDIR_P.
2011-06-30 17:26:15 -06:00
Eric Blake
0a8a79af53 rpc: avoid freeing uninitialized variable
Detected by Coverity.  Both are instances of bad things happening
if pipe2 fails; the virNetClientNew failure could free garbage,
and virNetSocketNewConnectCommand could close random fds.

Note: POSIX doesn't guarantee the contents of fd[0] and fd[1]
after pipe failure: http://austingroupbugs.net/view.php?id=467
We may need to introduce a virPipe2 wrapper that guarantees
that on pipe failure, the fds are explicitly set to -1, rather
than our current state of assuming the fds are unchanged from
their value prior to the failed pipe call.

* src/rpc/virnetclient.c (virNetClientNew): Initialize variable.
* src/rpc/virnetsocket.c (virNetSocketNewConnectCommand):
Likewise.
2011-06-30 11:36:52 -06:00
Daniel P. Berrange
1414cc5fdd Fix stream procedure number for virDomainMigratePrepareTunnel3
The virDomainMigratePrepareTunnel3 impl in the remote driver
was using the procedure number for the virDomainMigratePrepareTunnel
method. This doesn't work out so well, because it makes the server
ignore & drop all stream packets

* src/remote/remote_driver.c: Fix procedure for PrepareTunnel3
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
cfd4370ad0 Send back an error if we get unexpected stream control message
We ignore any stream data packets which come in for streams which
are not registered, since these packets are async and do not have
a reply. If we get a stream control packet though we must send back
an actual error, otherwise a (broken) client may hang forever
making it hard to diagnose the client bug.

* src/rpc/virnetserverprogram.c: Send back error for unexpected
  stream control messages
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
c69ba67032 Fix release of virNetMessagePtr instances in streams processing
If a message packet for a invalid stream is received it is just
free'd. This is not good because it doesn't let the client RPC
request counter decrement. If a stream is shutdown with pending
packets the message also isn't released properly because of an
incorrect header type

* daemon/stream.c: Fix message header type
* src/rpc/virnetserverprogram.c: Send dummy reply instead of
  free'ing ignored stream message
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
f1c2c0e2dc Add missing include of signal.h in virnetsocket.c
virNetSocketFree uses kill(SIGTERM) so we must include
signal.h for the definitions

* src/rpc/virnetsocket.c: Include signal.h
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
e44bec2e34 Fix potential crash when saving guests
The qemudDomainSaveFlag method will call EndJob on the 'vm'
object it is passed in. This can result in the 'vm' object
being free'd if the last reference is removed. Thus no caller
of 'qemudDomainSaveFlag' must *ever* reference 'vm' again
upon return.

Unfortunately qemudDomainSave and qemuDomainManagedSave
both call 'virDomainObjUnlock', which can result in a
crash. This is non-deterministic since it involves a race
with the monitor I/O thread.

Fix this by making qemudDomainSaveFlag responsible for
calling virDomainObjUnlock instead.

* src/qemu/qemu_driver.c: Fix potential use after free
  when saving guests
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
f870c99b45 Fix uninitialized value in QEMU monitor FD sending code
The 'char control[CMSG_SPACE(sizeof(int))];' was not being
wiped, so could potentially contain uninitialized bytes.
While this was harmless in this case, it caused complaints
from valgrind

* src/qemu/qemu_monitor.c: memset 'control' variable
  in qemuMonitorIOWriteWithFD
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
5ab8746f69 Fix leak of JSON object for events
The event handler functions do not free the virJSONValuePtr
object. Every event received from a VM thus caused a memory
leak

* src/qemu/qemu_monitor_json.c: Fix leak of event object
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
09a882bd4d Remove bogus warning message in JSON code
* src/util/json.c: Remove warning message
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
56a77b4920 Fix use of uninitialized memory when releasing PCI slots
The 'function' field in the PCI address was not correctly
initialized, so it was building the wrong address address
string and so not removing all functions from the in use
list.

* src/qemu/qemu_command.c: Fix initialization of PCI function
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
9f40b80ba8 Fix leak of virStreamPtr object with callback added in fdstream impl
When adding a callback to an FD stream, we take an extra reference
on the virStreamPtr instance. We forgot to registered a free function
with the callback, so when the callback was removed, the extra
reference held on virStreamPtr was not released.

* src/fdstream.c: Use a free callback to release reference on
  virStreamPtr when removing callback
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
92fa2e58fd Fix leak of mdnsGroupName in virNetServer object
* src/rpc/virnetserver.c: Free mdnsGroupName
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
d840fe93b0 Ensure RPC message is cleared before being reused
To save on memory reallocation, virNetMessage instances that
have been transmitted, may be reused for a subsequent incoming
message. We forgot to clear out the old data of the message
fully, which caused later confusion upon read.

* src/rpc/virnetserverclient.c: memset entire message before
  reusing it
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
27111b350f Fix hardcoded limit on client requests in RPC code
The virNetServerClient object had a hardcoded limit of 10 requests
per client. Extend constructor to allow it to be passed in as a
configurable variable. Wire this up to the 'max_client_requests'
config parameter in libvirtd

* daemon/libvirtd.c: Pass max_client_requests into services
* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Pass
  nrequests_client_max to clients
* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h: Allow
  configurable request limit
2011-06-30 18:04:01 +01:00
Wen Congyang
cd13dbb147 lock qemu_driver early in qemuGetSchedulerParametersFlags()
If we pass VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG to
qemuGetSchedulerParametersFlags() or *nparams is less than 1,
we will unlock qemu_driver without locking it. It's very dangerous.

We should lock qemu_driver after calling virCheckFlags().
2011-06-30 13:27:00 +08:00
Wen Congyang
fb2a2e2611 save domain status after modifing vcpupin
We should save domain status after modifing vcpupin. If not,
we will get wrong vcpupin information after rebooting libvirtd.
2011-06-30 13:26:56 +08:00
Wen Congyang
53d03ba837 Fix memory leak in virDomainVcpuPinDel()
virDomainVcpuPinDefFree() does not free def->cputune.vcpupin if nvcpupin
is 0, and does not set def->cputune.vcpupin to NULL.

If we set nvcpupin to 0 but do not free vcpupin, vcpupin will not be freed
when vm->def is freed.

Use VIR_FREE() instead of virDomainVcpuPinDefFree() to free the memory
and set def->cputune.vcpupint to NULL.
2011-06-30 13:26:51 +08:00
Minoru Usui
72882bc9d9 sysinfo: fix illegal NULL return
If virSysinfoParse{BIOS,System,Processor,Memory}()
can't find newline('\n'), these return NULL.
This patch fixes this.

Signed-off-by: Minoru Usui <usui@mxm.nes.nec.co.jp>
2011-06-29 09:12:38 -06:00
Daniel P. Berrange
516235c037 Ensure that EOF is dispatched to the stream callback
When the remote client receives end of file on the stream
it never invokes the stream callback. Applications relying
on async event driven I/O will thus never see the EOF
condition on the stream

* src/rpc/virnetclient.c, src/rpc/virnetclientstream.c:
  Ensure EOF is dispatched
2011-06-29 11:08:59 +01:00
Daniel P. Berrange
8a4e28743e Fix locking wrt virNetClientStreamPtr object
The client stream object can be used independently of the
virNetClientPtr object, so must have full locking of its
own and not rely on any caller.

* src/remote/remote_driver.c: Remove locking around stream
  callback
* src/rpc/virnetclientstream.c: Add locking to all APIs
  and callbacks
2011-06-29 11:08:59 +01:00
Daniel P. Berrange
7a779ef6a2 Avoid referencing NULL pointer when copying stream error
* src/rpc/virnetclientstream.c: Avoid referencing NULL
2011-06-29 11:08:59 +01:00
Daniel P. Berrange
c9ede1cfba Avoid free'ing a filtered RPC message in the server
When a filter steals an RPC message, that message must
not be freed, except by the filter code itself

* src/rpc/virnetserverclient.c: Don't free stolen RPC
  messages
2011-06-29 11:08:59 +01:00
Daniel P. Berrange
b7337d03ec Improve two log messages in virNetMessage
Improve log messages issued when encountering a bogus
message length to include the actual length and the
limit violated

* src/rpc/virnetmessage.c: Improve log messages
2011-06-29 11:08:59 +01:00
Daniel P. Berrange
59b877b609 Ensure empty payload is written upon stream completion
On stream completion it is neccessary to send back a
message with an empty payload. The message header was
not being filled out correctly, since we were not writing
any payload. Add a method for encoding an empty payload
which updates the message headers correctly.

* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Add
  a virNetMessageEncodePayloadEmpty method
* src/rpc/virnetserverprogram.c: Write empty payload on
  stream completion
2011-06-29 11:08:59 +01:00
Daniel P. Berrange
d550277ca7 Lower logging level when failing to register socket watch
The RPC client treats failure to register a socket watch
as non-fatal, since we do not mandate that a libvirt client
application provide an event loop implementation. It is
thus inappropriate to a log a message at VIR_LOG_WARN

* src/rpc/virnetsocket.c: Lower logging level
2011-06-29 11:08:59 +01:00
Daniel P. Berrange
16c6e2b41e Fix propagation of RPC errors from streams
If a streams error is raised, virNetClientIOEventLoop
returns 0, but an error is set. Check for this and
propagate it if present

* src/rpc/virnetclient.c: Propagate streams error
2011-06-29 11:08:59 +01:00
Daniel P. Berrange
d97093437f Fix crash when aborting a stream from a I/O callback
If a callback being invoked from a stream issues a virStreamAbort
operation, the stream data will be free'd but the callback will
then still try to use this. Delay free'ing of the stream data when
a callback is dispatching

* src/fdstream.c: Delay stream free when callback is active
2011-06-29 11:08:59 +01:00
Michal Privoznik
c72aecc5fc screenshot: Set access rights to temporary file
Although we create a temporary file, it is owned by root:root and have
rights 0600. In case qemu does not run under root, it is unable to write
to that file and thus we transfer 0B sized file.
2011-06-29 12:05:34 +02:00
Matthias Bolte
8cce5436dd dnsmasq: Fix errno handling and don't unlink non-existing files
addnhostsSave and hostsfileSave expect < 0 return value on error from
addnhostsWrite and hostsfileWrite but then pass err instead of -err
to virReportSystemError that expects an errno value.

Also addnhostsWrite returns -ENOMEM and errno, change this to -errno.

addnhostsWrite and hostsfileWrite tried to unlink the tempfile after
renaming it, making both fail on the final step. Remove the unnecessary
unlink calls.
2011-06-29 11:38:36 +02:00
Eric Blake
9fdeaeef89 maint: improve makefile whitespace
None of these instances cause any semantic differences, but
consistency is nice.

* src/Makefile.am: Replace leading spaces with tabs.
2011-06-28 22:06:48 -06:00
Osier Yang
c9f604fc4c conf: Fix memory leak in virNetworkDNSDefFormat 2011-06-29 10:45:01 +08:00
Matthias Bolte
eb9dee2b10 network: Don't ignore errors in dnsmasq config file creation 2011-06-29 02:04:55 +02:00
Matthias Bolte
9523b3c320 network: Fix dnsmasq hostsfile creation logic and related tests
networkSaveDnsmasqHostsfile was added in 8fa9c22142 (Apr 2010).
It has a force flag. If the dnsmasq hostsfile already exists force
needs to be true to overwrite it. networkBuildDnsmasqArgv sets force
to false, networkDefine sets it to true. This results in the
hostsfile being written only in networkDefine in the common case.
If no error occurred networkSaveDnsmasqHostsfile returns true and
networkBuildDnsmasqArgv adds the --dhcp-hostsfile to the dnsmasq
command line.

networkSaveDnsmasqHostsfile was changed in 89ae9849f7 (24 Jun 2011)
to return a new dnsmasqContext instead of reusing one. This change broke
the logic of the force flag as now networkSaveDnsmasqHostsfile returns
NULL on error, but the early return -- if force was not set and the
hostsfile exists -- returns 0. This turned the early return in an error
case and networkBuildDnsmasqArgv didn't add the --dhcp-hostsfile option
anymore if the hostsfile already exists. It did because networkDefine
created the hostsfile already.

Then 9d4e2845d4 fixed the return 0 case in networkSaveDnsmasqHostsfile
but didn't apply the force option correctly to the new addnhosts file.
Now force doesn't control an early return anymore, but influences the
handling of the hostsfile context creation and dnsmasqSave is always
called now. This commit also added test cases that reveal several
problems. First, the tests now calls functions that try to write the
dnsmasq config files to disk. If someone runs this tests as root this
might overwrite actively used dnsmasq config files, this is a no-go. Also
the tests depend on configure --localstatedir, this needs to be fixed as
well, because it makes the tests fail when localstatedir is different
from /var.

This patch does several things to fix this:

1) Move dnsmasqContext creation and saving out of networkBuildDnsmasqArgv
to the caller to separate the command line generation from the config
file writing. This makes the command line generation testable without the
risk of interfering with system files, because the tests just don't call
dnsmasqSave.

2) This refactoring of networkSaveDnsmasqHostsfile makes the force flag
useless as the saving happens somewhere else now. This fixes the wrong
usage of the force flag in combination with then newly added addnhosts
file by removing the force flag.

3) Adapt the wrong test cases to the correct behavior, by adding the
missing --dhcp-hostsfile option. Both affected tests contain DHCP host
elements but missed the necessary --dhcp-hostsfile option.

4) Rename networkSaveDnsmasqHostsfile to networkBuildDnsmasqHostsfile,
because it doesn't save the dnsmasqContext anymore.

5) Move all directory creations in dnsmasq context handling code from
the *New functions to dnsmasqSave to avoid directory creations in system
paths in the test cases.

6) Now that networkBuildDnsmasqArgv doesn't create the dnsmasqContext
anymore the test case can create one with the localstatedir that is
expected by the tests instead of the configure --localstatedir given one.
2011-06-29 01:59:34 +02:00
Eric Blake
c8eaba6491 sysinfo: fix parsing regression
Detected by gcc -O2, introduced in commit 532ce9c2.  If dmidecode
outputs a field unrecognized by the parsers, then the code would
dereference an uninitialized eol variable.

* src/util/sysinfo.c (virSysinfoParseBIOS)
(virSysinfoParseSystem, virSysinfoParseProcessor)
(virSysinfoParseMemory): Avoid uninitialized variable.
2011-06-28 13:49:51 -06:00
Eric Blake
cf2affffcc remote: fix uninitialized variable
Detected by gcc -O2:

remote/remote_driver.c: In function 'doRemoteOpen':
remote/remote_driver.c:2753:26: error: 'sasl' may be used uninitialized in this function [-Werror=uninitialized]

* src/remote/remote_driver.c (remoteAuthSASL): Initialize sasl.
2011-06-28 12:25:31 -06:00
Eric Blake
c65fcce8ed build: fix 'make check' when pdwtags is available
Problem introduced in commit 6818cf86.

* src/remote_protocol-structs: Delete unused struct.
2011-06-28 11:44:01 -06:00
Daniel P. Berrange
97e4f21782 Support automatic creation of leases for disks in sanlock
The current sanlock plugin requires a central management
application to manually add <lease> elements to each guest,
to protect resources that are assigned to it (eg writable
disks). This makes the sanlock plugin useless for usage
in more ad hoc deployment environments where there is no
central authority to associate disks with leases.

This patch adds a mode where the sanlock plugin will
automatically create leases for each assigned read-write
disk, using a md5 checksum of the fully qualified disk
path. This can work pretty well if guests are using
stable disk paths for block devices eg /dev/disk/by-path/XXXX
symlinks, or if all hosts have NFS volumes mounted in
a consistent pattern.

The plugin will create one lockspace for managing disks
with filename /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__.
For each VM disks, there will be another file to hold
a lease /var/lib/libvirt/sanlock/5903e5d25e087e60a20fe4566fab41fd
Each VM disk lease is usually 1 MB in size. The script
virt-sanlock-cleanup should be run periodically to remove
unused lease files from the lockspace directory.

To make use of this capability the admin will need to do
several tasks:

 - Mount an NFS volume (or other shared filesystem)
   on /var/lib/libvirt/sanlock
 - Configure 'host_id' in /etc/libvirt/qemu-sanlock.conf
   with a unique value for each host with the same NFS
   mount
 - Toggle the 'auto_disk_leases' parameter in qemu-sanlock.conf

Technically the first step can be skipped, in which case
sanlock will only protect against 2 vms on the same host
using the same disk (or the same VM being started twice
due to error by libvirt).

* src/locking/libvirt_sanlock.aug,
  src/locking/sanlock.conf,
  src/locking/test_libvirt_sanlock.aug: Add config params
  for configuring auto lease setup
* libvirt.spec.in: Add virt-sanlock-cleanup program, man
  page
* tools/virt-sanlock-cleanup.in: Script to purge unused
  disk resource lease files
2011-06-28 18:18:06 +01:00
Daniel P. Berrange
58eb4f2cbb Support loading a configuration file for sanlock plugin
Introduce a configuration file with a single parameter
'require_lease_for_disks', which is used to decide whether
it is allowed to start a guest which has read/write disks,
but without any leases.

* libvirt.spec.in: Add sanlock config file and augeas
  lens
* src/Makefile.am: Install sanlock config file and
  augeas lens
* src/locking/libvirt_sanlock.aug: Augeas master lens
* src/locking/test_libvirt_sanlock.aug: Augeas test file
* src/locking/sanlock.conf: Example sanlock config
* src/locking/lock_driver_sanlock.c: Wire up loading
  of configuration file
2011-06-28 18:07:06 +01:00
Daniel P. Berrange
5df29ebc25 Allow per-driver config file for lock manager plugins
Allow a 'configFile' parameter to be passed into the lock
drivers to provide configuration. Wire up the QEMU driver
to pass in file names '/etc/libvirt/qemu-$NAME.conf
eg qemu-sanlock.conf

* src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
  src/locking/lock_manager.h: Add configFile parameter
* src/qemu/qemu_conf.c: Pass in configuration file path to
  lock driver plugins
2011-06-28 18:07:06 +01:00
Laine Stump
25171f607c network: add domain to unqualified names defined with <host>
If a domain name is defined for a network, add the --expand-hosts
option to the dnsmasq commandline. This results in the domain being
added to any hostname that is defined in a dns <host> element and
contains no '.' characters (i.e. it is an "unqualified"
hostname). Since PTR records are automatically created for any name
defined in <host>, the result of a PTR request will change from the
unqualified name to the qualified name.

This also has the same effect on any hostnames that dnsmasq reads
from the host's /etc/hosts file.

(In the case of guest hostnames that were learned by dnsmasq via DHCP
requests, they were already getting the domain name added on, even
without --expand-hosts).
2011-06-28 12:57:14 -04:00
Daniel P. Berrange
6818cf8690 Cleanup remote protocol definitions
The standard remote protocol for libvirtd no longer needs to
include definitions of the generic message header/error structs
or status codes. This is all defined in the generic RPC protocol

* src/remote/remote_protocol.x: Remove all RPC message definitions
* src/remote/remote_protocol.h, src/remote/remote_protocol.c:
  Re-generate
* daemon/remote_generate_stubs.pl: Delete obsolete script
2011-06-28 17:33:31 +01:00
Daniel P. Berrange
df0b57a95a Convert libvirtd over to the new RPC handling APIs
This guts the libvirtd daemon, removing all its networking and
RPC handling code. Instead it calls out to the new virServerPtr
APIs for all its RPC & networking work

As a fallout all libvirtd daemon error reporting now takes place
via the normal internal error reporting APIs. There is no need
to call separate error reporting APIs in RPC code, nor should
code use VIR_WARN/VIR_ERROR for reporting fatal problems anymore.

* daemon/qemu_dispatch_*.h, daemon/remote_dispatch_*.h: Remove
  old generated dispatcher code
* daemon/qemu_dispatch.h, daemon/remote_dispatch.h: New dispatch
  code
* daemon/dispatch.c, daemon/dispatch.h: Remove obsoleted code
* daemon/remote.c, daemon/remote.h: Rewrite for new dispatch
  APIs
* daemon/libvirtd.c, daemon/libvirtd.h: Remove all networking
  code
* daemon/stream.c, daemon/stream.h: Update for new APIs
* daemon/Makefile.am: Link to libvirt-net-rpc-server.la
2011-06-28 17:33:19 +01:00
Daniel P. Berrange
c1b2264477 Convert the remote driver to new RPC client APIs
This guts the current remote driver, removing all its networking
handling code. Instead it calls out to the new virClientPtr and
virClientProgramPtr APIs for all RPC & networking work.

* src/Makefile.am: Link remote driver with generic RPC code
* src/remote/remote_driver.c: Gut code, replacing with RPC
  API calls
* src/rpc/gendispatch.pl: Update for changes in the way
  streams are handled
2011-06-28 17:33:12 +01:00
Daniel P. Berrange
51ae69be69 Add XDR_CFLAGS to libvirt-net-rpc.la library
* src/Makefile.am: Add XDR_CFLAGS
2011-06-28 17:33:06 +01:00
Daniel P. Berrange
5247b0695a Ensure sanlock socket is labelled with the VM process label
The libvirt sanlock plugin is intentionally leaking a file
descriptor to QEMU. To enable QEMU to use this FD under
SELinux, it must be labelled correctly. We dont want to use
the svirt_image_t for this, since QEMU must not be allowed
to actually use the FD. So instead we label it with svirt_t
using virSecurityManagerSetProcessFDLabel

* src/locking/domain_lock.c, src/locking/domain_lock.h,
  src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
  src/locking/lock_manager.h: Optionally pass an FD back to
  the hypervisor for security driver labelling
* src/qemu/qemu_process.c: label the lock manager plugin
  FD with the process label
2011-06-28 16:41:46 +01:00
Daniel P. Berrange
8e3c6fbbe6 Add a virSecurityManagerSetProcessFDLabel
Add a new security driver method for labelling an FD with
the process label, rather than the image label

* src/libvirt_private.syms, src/security/security_apparmor.c,
  src/security/security_dac.c, src/security/security_driver.h,
  src/security/security_manager.c, src/security/security_manager.h,
  src/security/security_selinux.c, src/security/security_stack.c:
  Add virSecurityManagerSetProcessFDLabel & impl
2011-06-28 16:39:30 +01:00
Daniel P. Berrange
4438c63e71 Rename virSecurityManagerSetFDLabel method
The virSecurityManagerSetFDLabel method is used to label
file descriptors associated with disk images. There will
shortly be a need to label other file descriptors in a
different way. So the current name is ambiguous. Rename
the method to virSecurityManagerSetImageFDLabel to clarify
its purpose

* src/libvirt_private.syms,
  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
  src/security/security_apparmor.c, src/security/security_dac.c,
  src/security/security_driver.h, src/security/security_manager.c,
  src/security/security_manager.h, src/security/security_selinux.c,
  src/security/security_stack.c: s/FDLabel/ImageFDLabel/
2011-06-28 16:39:22 +01:00
Matthias Bolte
f0739fc579 Add node prefix to virNodeGet(CPU|Memory)Stats structs and defines 2011-06-28 17:18:33 +02:00
Jiri Denemark
ad7b327690 qemu: Fix update device for CURRENT + FORCE flags
When CURRENT and FORCE flags were used together, UpdateDeviceFlags did
nothing because it failed to transform CURRENT into either LIVE or
CONFIG.
2011-06-28 14:21:50 +02:00
Stefan Berger
ecfbf79541 nwfilter: Return error message about unresolvable variables
This is in response to bugzilla 664629

https://bugzilla.redhat.com/show_bug.cgi?id=664629

The patch below returns an appropriate error message if the chain of
nwfilters is found to contain unresolvable variables and therefore
cannot be instantiated.

Example: The following XMl added to a domain:

    <interface type='bridge'>
      <mac address='52:54:00:9f:80:45'/>
      <source bridge='virbr0'/>
      <model type='virtio'/>
      <filterref filter='test'/>
    </interface>

that references the following filter

<filter name='test' chain='root'>
  <filterref filter='clean-traffic'/>
  <filterref filter='allow-dhcp-server'/>
</filter>

now displays upon 'virsh start mydomain'

error: Failed to start domain mydomain
error: internal error Cannot instantiate filter due to unresolvable variable: DHCPSERVER

'DHPCSERVER' is contained in allow-dhcp-server.
2011-06-27 12:53:59 -04:00
Eric Blake
28e45afc3f build: rename Vcpupin to VcpuPin
We already have a public virDomainPinVcpu, which implies that
Pin and Vcpu are treated as separate words.  Unreleased commit
e261987c introduced virDomainGetVcpupinInfo as the first public
API that used Vcpupin, although we had prior internal uses of
that spelling.  For consistency, change the spelling to be two
words everywhere, regardless of whether pin comes first or last.

* daemon/remote.c: Treat vcpu and pin as separate words.
* include/libvirt/libvirt.h.in: Likewise.
* src/conf/domain_conf.c: Likewise.
* src/conf/domain_conf.h: Likewise.
* src/driver.h: Likewise.
* src/libvirt.c: Likewise.
* src/libvirt_private.syms: Likewise.
* src/libvirt_public.syms: Likewise.
* src/libxl/libxl_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/remote/remote_driver.c: Likewise.
* src/xen/xend_internal.c: Likewise.
* tools/virsh.c: Likewise.
* src/remote/remote_protocol.x: Likewise.
* src/remote_protocol-structs: Likewise.
Suggested by Matthias Bolte.
2011-06-27 09:55:11 -06:00
Minoru Usui
0a755f66d5 sysinfo: cleanup function/struct names.
Fix lack of 'virSysinfo' prefix of functions/structs in src/util/sysinfo.[ch]
2011-06-27 09:41:03 -06:00
Minoru Usui
a6c85d44e0 sysinfo: fix lack of error check in virSysinfoFormat().
Fix lack of error check in virSysinfoFormat().

Signed-off-by: Minoru Usui <usui@mxm.nes.nec.co.jp>
2011-06-27 09:40:38 -06:00
Matthias Bolte
072ea80ff2 tests: Partly fix networkxml2argvtest being configure result dependent
Convert networkDnsmasqLeaseFileName to a replaceable function pointer
that allow the testsuite to use a version of that function that is not
depending on configure --localstatedir.

This fixes 5 of 6 test failures, when configure --localstatedir isn't
set to /var.
2011-06-27 17:22:25 +02:00
Osier Yang
79306739db qemu: Remove bogus error codes for NUMA memory tuning
This is no code between virSaveLastError and virGetLastError will
set an error, remove the bogus codes.
2011-06-27 23:20:15 +08:00
Laine Stump
8e49ade18a network: fix indentation in networkBuildDnsmasqArgv
This block was inadvertently added with the wrong indentation.
2011-06-27 11:06:30 -04:00
Eric Blake
2bebf93846 build: avoid uninitialized variable
Caught by gcc -O2, during autobuild.sh.

* src/qemu/qemu_driver.c (qemudDomainGetVcpupinInfo): Initialize vm.
2011-06-24 20:55:32 -06:00
Eric Blake
481e4d795c build: fix VPATH builds
The build currently fails when trying to create virnetprotocol.c
into $(builddir)/rpc, which doesn't exist.  But since the file
is part of the tarball, it should be generated into $(srcdir).
Caught by autobuild.sh.

* src/Makefile.am (VIR_NET_RPC_GENERATED): Generate into srcdir.
2011-06-24 20:55:23 -06:00
Taku Izumi
291162abf4 vcpupin: implement the remote protocol to address the new API
This patch implements the remote protocol to address the new API
(virDomainGetVcpupinInfo).

Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
2011-06-24 17:00:22 -06:00
Taku Izumi
96414c4ed1 vcpupin: implement the code to support new API for the qemu driver
This patch implements the code to address the new API (virDomainGetVcpupinInfo)
in the qemu driver.

Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
2011-06-24 17:00:22 -06:00
Taku Izumi
e261987c5a vcpupin: introduce the new libvirt API (virDomainGetVcpupinInfo)
This patch introduces a new libvirt API (virDomainGetVcpupinInfo),
as a counterpart to virDomainPinVcpuFlags.

We can use virDomainGetVcpus API to retrieve CPU affinity information,
but can't use this API against inactive domains (at least in case of KVM),
as it lacks a flags parameter.
The usual thing is to add a new virDomainGetVcpusFlags, but that API name
is already occupied by the counterpart to virDomainGetMaxVcpus, which
has a completely different signature.

The virDomainGetVcpupinInfo is the new API to retrieve CPU affinity
information of active and inactive domains.  While the usual convention
is to list an array before its length, this API violates that rule
in order to be more like virDomainGetVcpus (where maxinfo was doing
double-duty as the length of two different arrays).

Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
2011-06-24 17:00:22 -06:00
Eric Blake
4a27eb1398 buf: protect against integer overflow
It's unlikely that we'll ever want to escape a string as long as
INT_MAX/6, but adding this check can't hurt.

* src/util/buf.c (virBufferEscapeSexpr, virBufferEscapeString):
Check for (unlikely) overflow.
2011-06-24 16:01:56 -06:00
Eric Blake
774b21c163 remote: protect against integer overflow
Integer overflow and remote code are never a nice mix.

This has existed since commit 56cd414.

* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
on sending rpc.
* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
receiving rpc.
2011-06-24 15:57:23 -06:00
Eric Blake
89d994ad6b build: update gnulib for intprops
Done as a separate commit to make backporting the next patch easier.
We are already using "intprops.h", but this makes it explicit.

* .gnulib: Update, for syntax-check fix.
* bootstrap.conf (gnulib_modules): Make intprops use explicit.
* src/locking/domain_lock.c (includes): Drop unused header.
* src/nwfilter/nwfilter_learnipaddr.c (includes): Use "", not <>,
for gnulib.
2011-06-24 15:52:52 -06:00
Matthias Bolte
d95f673ad2 Rename iface(G|S)etMacaddr to iface(G|S)etMacAddress for consistency 2011-06-24 23:06:56 +02:00
Matthias Bolte
a800d66b72 Fix typo in libvirt_private.syms
Triggered a linker error on MinGW.
2011-06-24 22:39:48 +02:00
Michal Novotny
9d4e2845d4 Network: Add support for DNS hosts definition to the network XML
This commit introduces names definition for the DNS hosts file using
the following syntax:

  <dns>
    <host ip="192.168.1.1">
      <name>alias1</name>
      <name>alias2</name>
    </host>
  </dns>

Some of the improvements and fixes were done by Laine Stump so
I'm putting him into the SOB clause again ;-)

Signed-off-by: Michal Novotny <minovotn@redhat.com>
Signed-off-by: Laine Stump <laine@laine.org>
2011-06-24 16:15:36 -04:00
Michal Novotny
91b7924eee Network: Add additional hosts internal infrastructure
Signed-off-by: Michal Novotny <minovotn@redhat.com>
2011-06-24 16:15:33 -04:00
Michal Novotny
89ae9849f7 Network: modify dnsmasq commandline build function to allow testing
The dnsmasq commandline was being built as a part of running
dnsmasq. This patch puts the commandline build into a separate
function (and exports it as a private API) making it possible to build
a dnsmasq commandline without executing it, so that we can write a
test program to verify that the proper commandlines are being created.

Signed-off-by: Michal Novotny <minovotn@redhat.com>
2011-06-24 16:15:17 -04:00
Michal Novotny
5dd986dbd7 Add TXT record support for virtual DNS service
This commit introduces the <dns> element and <txt> record for the
virtual DNS network. The DNS TXT record can be defined using following
syntax in the network XML file:

  <dns>
    <txt name="example" value="example value" />
  </dns>

Also, the Relax-NG scheme has been altered to allow the texts without
spaces only for the name element and some nitpicks about memory
free'ing have been fixed by Laine so therefore I'm adding Laine to the
SOB clause ;-)

Signed-off-by: Michal Novotny <minovotn@redhat.com>
Signed-off-by: Laine Stump <laine@laine.org>
2011-06-24 16:15:12 -04:00
Jamie Strandboge
0b501bd4e1 Move load of AppArmor profile to GenLabel()
Commit 12317957ec introduced an incompatible
architectural change for the AppArmor security driver. Specifically,
virSecurityManagerSetAllLabel() is now called much later in
src/qemu/qemu_process.c:qemuProcessStart(). Previously, SetAllLabel() was
called immediately after GenLabel() such that after the dynamic label (profile
name) was generated, SetAllLabel() would be called to create and load the
AppArmor profile into the kernel before qemuProcessHook() was executed. With
12317957ec, qemuProcessHook() is now called
before SetAllLabel(), such that aa_change_profile() ends up being called
before the AppArmor profile is loaded into the kernel (via ProcessLabel() in
qemuProcessHook()).

This patch addresses the change by making GenLabel() load the AppArmor
profile into the kernel after the label (profile name) is generated.
SetAllLabel() is then adjusted to only reload_profile() and append stdin_fn to
the profile when it is specified. This also makes the AppArmor driver work
like its SELinux counterpart with regard to SetAllLabel() and stdin_fn.
Bug-Ubuntu: https://launchpad.net/bugs/801569
2011-06-24 10:09:44 -06:00