Commit Graph

294 Commits

Author SHA1 Message Date
Martin Kletzander
8f0b731d22 util: Add virStringTrimOptionalNewline
And use it in virFileRead*

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-04-07 08:49:34 +02:00
Martin Kletzander
b11e893224 util: Fix virDirRead() description
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-04-07 08:49:34 +02:00
Martin Kletzander
9fdd077de7 virfile: Add helpers for reading simple values
These helpers are doing just a read and covert the value, but they
properly size the read limit, handle additional whitespace characters,
and unify error reporting.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-03-27 13:13:29 +02:00
Erik Skultety
38a8489c01 virfile: Fix virFileExists commentary
Arguably though, function returning only on success is a very
interesting, although quite impractical concept. Also, the errno isn't
and shouldn't be preserved in this case, since the errno can be directly
fed to the virReportSystemError.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-02-24 14:46:50 +01:00
Erik Skultety
875894245a util: Introduce virFileComparePaths
So rather than comparing 2 paths (strings) as they are, which can very
easily lead to unnecessary errors (e.g. in storage driver) that the paths
are not the same when in fact they'd be e.g. just symlinks to the same
location, we should put our best effort into resolving any symlinks and
canonicalizing the path and only then compare the 2 paths for equality.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-02-10 17:01:12 +01:00
Michal Privoznik
6094169b83 util: Introduce virFileReadLink
We will need to traverse the symlinks one step at the time.
Therefore we need to see where a symlink is pointing to.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-07 10:40:53 +01:00
Michal Privoznik
41816751a7 util: Introduce virFileMoveMount
This is a simple wrapper over mount(). However, not every system
out there is capable of moving a mount point. Therefore, instead
of having to deal with this fact in all the places of our code we
can have a simple wrapper and deal with this fact at just one
place.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-01-11 18:06:30 +01:00
Martin Kletzander
08ad8f9fe2 util: Don't lie in virFileGetMount*Subtree's docstrings
The resulting function virFileGetMountSubtreeImpl() just uses
virStringSortRevCompare or virStringSortCompare which uses strcmp().

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-01-05 16:23:25 +01:00
Michal Privoznik
50b2a2375a virfile: Support bind mount only on linux
Other systems (despite having sys/mount.h) do not support bind
mounts.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-16 11:51:06 +00:00
Michal Privoznik
654b4d48bc virfile: Introduce ACL helpers
Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and
virFileCopyACLs. These functions are going to be required when we
are creating /dev for qemu. We have copy anything that's in
host's /dev exactly as is. Including ACLs.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-15 09:25:16 +01:00
Michal Privoznik
1a7c9a5d50 virfile: Introduce virFileSetupDev
This part of code that LXC currently uses will be reused so move
to a generic function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-15 09:25:16 +01:00
Michal Privoznik
b9b664c5a8 util: Introduce virFileRewriteStr
There are couple of places where we have a string and want to
save it to a file. Atomically. In all those places we use
virFileRewrite() but also implement the very same callback which
takes the string and write it into temp file. This makes no
sense. Unify the callbacks and move them to one place.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-06 13:33:18 +01:00
Laine Stump
e026563f01 util: new function virFileLength()
This new function just calls fstat() (if provided with a valid fd) or
stat() (if fd is -1) and returns st_size (or -1 if there is an
error). We may decide we want this function to be more complex, and
handle things like block devices - this is a placeholder (that works)
for any more complicated function.
2016-11-30 15:18:57 -05:00
Michal Privoznik
c2a5a4e7ea virstring: Unify string list function names
We have couple of functions that operate over NULL terminated
lits of strings. However, our naming sucks:

virStringJoin
virStringFreeList
virStringFreeListCount
virStringArrayHasString
virStringGetFirstWithPrefix

We can do better:

virStringListJoin
virStringListFree
virStringListFreeCount
virStringListHasString
virStringListGetFirstWithPrefix

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-11-25 13:54:05 +01:00
Marc Hartmayer
7ab1fd91a4 virfile: Only generate a warning if there is something to report
Only generate a warning if there is something to report.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-11-23 12:33:38 -05:00
Ján Tomko
32d0a57812 Prohibit opendir in syntax-check
Prefer virDirOpen.
2016-06-24 14:20:57 +02:00
Ján Tomko
7a5df06e10 Introduce virDirOpenQuiet
A helper function that does not report any errors.
2016-06-24 14:20:57 +02:00
Ján Tomko
941ccbc174 Add virDirOpenIfExists
Just like virDirOpen, but it returns 0 without reporting an error
on ENOENT.
2016-06-24 14:20:57 +02:00
Ján Tomko
e81de04c10 Use virDirOpen
Switch from opendir to virDirOpen everywhere we need to report an error.
2016-06-24 14:20:57 +02:00
Ján Tomko
f0ced7086a Introduce virDirOpen
A helper that calls opendir and reports an error if it fails.
2016-06-24 14:20:57 +02:00
Ján Tomko
fe79c3f2c1 Do not check for '.' and '..' after virDirRead
It skips those directory entries.
2016-06-23 21:58:38 +02:00
Ján Tomko
7cecfba139 Skip '.' and '..' in virDirRead
All of the callers either skip these explicitly, skip all entries
starting with a dot or match the entry name against stricter patterns.
2016-06-23 21:58:38 +02:00
Ján Tomko
a4e6f1eb9c Introduce VIR_DIR_CLOSE
Introduce a helper that only calls closedir if DIR* is non-NULL
and sets it to NULL afterwards.
2016-06-23 21:58:33 +02:00
Chen Hanxiao
a7822ba3f6 util: fix a typo
s/succcess/success

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
2016-06-20 15:20:09 +02:00
Michal Privoznik
7fccf12482 virfile: Introduce virFileRemoveLastComponent
Move some parts of virStorageFileRemoveLastPathComponent
into a separate function so they can be reused.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-13 14:17:15 +02:00
Nikolay Shirokovskiy
3506ad7f0a util: factor out reading file into preallocated buffer
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-05-03 08:58:30 -04:00
Cole Robinson
487d211d20 storage: remove support for /usr/bin/kvm-img
This an ubuntu/debian packaging convention. At one point it may have
been an actually different binary, but at least as of ubuntu precise
(the oldest supported ubuntu distro, released april 2012) kvm-img is
just a symlink to qemu-img for back compat.

I think it's safe to drop support for it
2016-04-20 08:55:36 -04:00
Michal Privoznik
7dbcb26f7f nss: Implement _nss_libvirt_gethostbyname3_r
The implementation is pretty straightforward. Moreover, because
of the nature of things, gethostbyname_r and gethostbyname2_r can
be implemented at the same time too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-18 17:29:53 +01:00
Cole Robinson
adefc561cc util: virfile: Only setuid for virFileRemove if on NFS
NFS with root-squash is the only reason we need to do setuid/setgid
crazyness in virFileRemove, so limit that behavior to the NFS case.
2016-03-09 16:07:18 -05:00
Cole Robinson
7cf5343709 util: virfile: Clarify setuid usage for virFileRemove
Break these checks out into their own function, and clearly document
each one. This shouldn't change behavior
2016-03-09 16:06:56 -05:00
Jiri Denemark
e4ee043636 Remove new lines from log messages
VIR_DEBUG and VIR_WARN will automatically add a new line to the message,
having "\n" at the end or at the beginning of the message results in
empty lines.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-11-04 13:09:35 +01:00
Ishmanpreet Kaur Khera
32cee5b2f0 Avoid using !STREQ and !STRNEQ
We have macros for both positive and negative string matching.
Therefore there is no need to use !STREQ or !STRNEQ. At the same
time as we are dropping this, new syntax-check rule is
introduced to make sure we won't introduce it again.

Signed-off-by: Ishmanpreet Kaur Khera <khera.ishman@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-10-21 15:03:35 +02:00
John Ferlan
21eb897241 storage: On error rmdir created directory in virDirCreate[NoFork]
After a successful creation of a directory, if some other call results
in returning a failure, let's remove the directory we created to
prevent another round trip or confusion in the caller. In particular, this
function can be called during a storage backend buildVol, so in order
to ensure that caller doesn't need to distinguish between failed create
or some other failure after create, just remove the directory we created.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-10-13 18:03:55 -04:00
John Ferlan
695562154f storage: On error unlink created file in virFileOpen{As|Forked}
After a successful creation of a file, if some other call results
in returning a failure, let's unlink the file we created to prevent
another round trip or confusion in the caller. In particular, this
function can be called during a storage backend buildVol, so in order
to ensure that caller doesn't need to distinguish between failed create
or some other failure after create, just remove the volume we created.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-10-13 18:03:55 -04:00
John Ferlan
cb19cff468 virfile: Fix error path for forked virFileRemove
As it turns out the caller in this case expects a return < 0 for failure
and to get/use "errno" rather than using the negative of returned status.
Again different than the create path.

If someone "deleted" a file from the pool without using virsh vol-delete,
then the unlink/rmdir would return an error (-1) and set errno to ENOENT.
The caller checks errno for ENOENT when determining whether to throw an
error message indicating the failure.  Without the change, the error
message is:

error: Failed to delete vol $vol
error: cannot unlink file '/$pathto/$vol': Success

This patch thus allows the fork path to follow the non-fork path
where unlink/rmdir return -1 and errno.
2015-10-05 08:14:44 -04:00
John Ferlan
c6b32d6801 virfile: Add extra check for direct delete in virFileRemove
Unlike create options, if the file to be removed is already in the
pool, then the uid/gid will come from the pool. If it's the same as the
currently running process, then just do the unlink/rmdir directly
rather than going through the fork processing unnecessarily
2015-10-05 08:14:44 -04:00
John Ferlan
9ced219a68 virfile: Use virProcessWait in virDirCreate
Rather than inlining the code, use the common API.
2015-09-21 08:24:16 -04:00
John Ferlan
b01c68d9bc virfile: Use virProcessWait in virFileUnlink
Rather than inlining the code, use the common API.
2015-09-21 08:24:16 -04:00
John Ferlan
89b9b6d35a virfile: Use virProcessWait in virFileOpenForked
Rather than inlining the code, use the common API
2015-09-21 08:24:16 -04:00
John Ferlan
1b046a6837 virfile: Rename virFileUnlink to virFileRemove
Similar to commit id '35847860', it's possible to attempt to create
a 'netfs' directory in an NFS root-squash environment which will cause
the 'vol-delete' command to fail.  It's also possible error paths from
the 'vol-create' would result in an error to remove a created directory
if the permissions were incorrect (and disallowed root access).

Thus rename the virFileUnlink to be virFileRemove to match the C API
functionality, adjust the code to following using rmdir or unlink
depending on the path type, and then use/call it for the VIR_STORAGE_VOL_DIR
2015-09-21 08:24:16 -04:00
John Ferlan
b421a70811 virfile: Check for existence of dir in virFileDeleteTree
Commit id 'f1f68ca33' added code to remove the directory paths for
auto-generated sockets, but that code could be called before the
paths were created resulting in generating error messages from
virFileDeleteTree indicating that the file doesn't exist.

Rather than "enforce" all callers to make the non-NULL and existence
checks, modify the virFileDeleteTree API to silently ignore NULL on
input and non-existent directory trees.
2015-09-16 11:23:16 -04:00
Martin Kletzander
26893ac6e0 util: Add win32 version of virFileUnlink
Commit 35847860f6 Added the virFileUnlink function, but failed to add
a version for mingw build, causing the following error:

  Cannot export virFileUnlink: symbol not defined

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-08 11:54:53 +02:00
John Ferlan
53caf99db6 virfile: Avoid Coverity IDENTICAL_BRANCHES error
In virFileNBDDeviceFindUnused if virFileNBDDeviceIsBusy returns 0,
then both branches jumped to cleanup, so just use ignore_value
since the function returns NULL or some memory and the caller
handles the error.
2015-09-04 15:19:04 -04:00
John Ferlan
35847860f6 virfile: Introduce virFileUnlink
In an NFS root-squashed environment the 'vol-delete' command will fail to
'unlink' the target volume since it was created under a different uid:gid.

This code continues the concepts introduced in virFileOpenForked and
virDirCreate[NoFork] with respect to running the unlink command under
the uid/gid of the child. Unlike the other two, don't retry on EACCES
(that's why we're here doing this now).
2015-09-02 08:59:53 -04:00
John Ferlan
1fafc1bc1c virfile: Add error for root squash change mode failure
This will only be seen when debugging, but in order to help determine
whether a virFileOpenForceOwnerMode failed during an NFS root-squash
volume/file creation, add an error message from the child.
2015-09-02 08:59:53 -04:00
Cédric Bosdonnat
e5e8406e9c Fix syntax-check: missing "%s" 2015-07-30 11:10:48 +02:00
Cédric Bosdonnat
0aedcbd37c Load nbd module before running qemu-nbd
So far qemu-nbd is run even if the nbd kernel module isn't loaded. This
leads to errors when the user starts his lxc container while libvirt
could easily load the nbd module automatically.
2015-07-30 09:55:37 +02:00
Erik Skultety
4e6ee877d4 virfile: virDirCreate: Insert blank lines to assure slightly better readability 2015-06-16 16:26:20 +02:00
Erik Skultety
e9478d9a8b util: virfile: Fix 'unknown cause' error if NFS mount point creation fails
This happens if user requires creation of a directory with specified
UID/GID permissions. To accomplish this, we use fork approach and
set particular UID/GID permissions in child process. However, child
process doesn't have a valid descriptor to a logfile (this is prohibited
explicitly) and since parent process doesn't handle negative exit codes from
child in any way, 'uknown cause' error is returned to the user.

Commit 92d9114e tweaked the way we handle child errors when using fork
approach to set specific permissions (features originally introduced
by 98f6f381). The same logic should be used to create directories with
specified permissions as well.

https://bugzilla.redhat.com/show_bug.cgi?id=1230137
2015-06-16 16:26:20 +02:00
Erik Skultety
fdcb057a28 util: virDirCreate: Child now exits with positive errno-code
Previous patch of this series proposed a fix to virDirCreate, so that parent
process reports an error if child process failed its task.
However our logic still permits the child to exit with negative errno followed
by a check of the status on the parent side using WEXITSTATUS which, being
POSIX compliant, takes the lower 8 bits of the exit code and returns is to
the caller. However, by taking 8 bits from a negative exit code
(two's complement) the status value we read and append to stream is
'2^8 - abs(original exit code)' which doesn't quite reflect the real cause when
compared to the meaning of errno values.
2015-06-16 16:26:20 +02:00
Cole Robinson
db1140f117 storage: fs: Only force directory permissions if required
Only set directory permissions at pool build time, if:

- User explicitly requested a mode via the XML
- The directory needs to be created
- We need to do the crazy NFS root-squash workaround

This allows qemu:///session to call build on an existing directory
like /tmp.
2015-05-25 20:52:57 -04:00
Cole Robinson
9ce409561a virfile: virDirCreate: Drop redundant FORCE_PERMS flag
The only two virDirCreate callers already use it
2015-05-19 19:29:39 -04:00
Cole Robinson
c8661a1a7e virfile: virDirCreate: Fix ALLOW_EXIST conditional
I screwed this up in the previous (post 1.2.16) commits
2015-05-19 19:24:42 -04:00
Cole Robinson
28c547ed6d storage: fs: Don't try to chown directory unless user requested
Currently we try to chown any directory passed to virDirCreate,
even if the user didn't request any explicit owner/group via the
pool/vol XML.

This causes issues with qemu:///session: try to build a pool of
a root owned directory like /tmp, and it fails trying to chown the
directory to the session user. Instead it should just leave things
as they are, unless the user requests changing permissions via
the pool XML.

Similarly this is annoying if creating a storage pool via system
libvirtd of an existing directory in user $HOME, it's now owned
by root.

The virDirCreate function is pretty convoluted, since it needs to
fork off in certain specific cases. Try to document that, to make
it clear where exactly we are changing behavior.
2015-05-04 12:56:38 -04:00
Cole Robinson
262b3c05dd storage: fs: Don't attempt directory creation if it already exists
The current code attempts to handle this, but it only catches mkdir
failing with EEXIST. However if say trying to build /tmp for an
unprivileged qemu:///session, mkdir will fail with EPERM.

Rather than catch any errors, just don't attempt mkdir if the directory
already exists.
2015-05-04 12:56:38 -04:00
Peter Krempa
fac04598bb util: file: Don't carelessly sanitize URIs
rfc3986 states that the separator in URI path is a single slash.
Multiple slashes may potentially lead to different resources and thus we
should not remove them.
2015-04-09 09:43:36 +02:00
Jiri Denemark
bc6e206322 Search for schemas and cpu_map.xml in source tree
Not all files we want to find using virFileFindResource{,Full} are
generated when libvirt is built, some of them (such as RNG schemas) are
distributed with sources. The current API was not able to find source
files if libvirt was built in VPATH.

Both RNG schemas and cpu_map.xml are distributed in source tarball.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-02-19 15:25:04 +01:00
John Ferlan
92d9114eac virfile: Adjust error path for virFileOpenForked
Rather than have a dummy waitpid loop and return of the failure status
from recvfd, adjust the logic to save the recvfd error & fd and then
in priority order:

- if waitpid failed, use that errno value
- waitpid succeeded, but if the child exited abnormally, report failure
(use EACCES to report as return failure, since either EACCES or EPERM is
what caused us to fall into the fork+setuid path)
- waitpid succeeded, but if the child reported non-zero status, report
failure (use the errno value that the child encoded into exit status)
- waitpid succeeded, but if recvfd failed, report recvfd_errno
- waitpid and recvfd succeeded, use the fd

NOTE: Original logic to retry the open and force owner mode was
"documented" as only being attempted if we had already tried opening
with the fork+setuid, but checked flags vs. VIR_FILE_OPEN_NOFORK which
is counter to how we would get to that point. So that code was removed.
2015-02-11 07:28:58 -05:00
Daniel P. Berrange
b38da58423 Make tests independant of system page size
Some code paths have special logic depending on the page size
reported by sysconf, which in turn affects the test results.
We must mock this so tests always have a consistent page size.
2015-02-02 20:27:43 +00:00
John Ferlan
29946e3e53 virfile: Need to check for ENOTCONN from recvfd failure
A gnulib change (commit id 'beae0bdc') causes ENOTCONN to be returned
from recvfd which causes us to fall into the throwaway waitpid() call
and return ENOTCONN to the caller, this then gets displayed during
a 'virsh save' when using a root squashed NFS environment that's trying
to save the file as something other than root:root.

This patch will add the additional check for ENOTCONN to force the code
into the waitpid loop looking for the actual status from the _exit()'d
child fork.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-01-29 15:37:09 -05:00
Ján Tomko
1390c26847 safezero: fall back to writing zeroes even when resizing
Remove the resize flag and use the same code path for all callers.
This flag was added by commit 18f0316 to allow virStorageFileResize
use 'safezero' while preserving the behavior.

Explicitly return -2 when a fallback to a different method should
be done, to make the code path more obvious.

Fail immediately when ftruncate fails in the mmap method,
as we did before commit 18f0316.
2015-01-09 13:48:23 +01:00
Eric Blake
9d128a203b build: fix typo in previous patch
* src/util/virfile.c (safezero_mmap): Fix missing semicolon.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-12-16 12:55:57 -07:00
Martin Kletzander
9bce4386e9 util: Fix fallocate stubs for mingw build
When any of the functions modified in commit 214c687b took false branch,
the function itself used none of its parameters resulting in "unused
parameter" error.  Rewriting these functions to the stubs we use
elsewhere should fix the problem.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-12-16 20:45:35 +01:00
John Ferlan
18f03166fd virstoragefile: Have virStorageFileResize use safezero
Currently virStorageFileResize() function uses build conditionals to
choose either the posix_fallocate() or syscall(SYS_fallocate) with no
fallback in order to preallocate the space in the newly resized file.

Since the safezero code has a similar set of conditionals modify the
resize and safezero code in order to allow the resize logic to make use
of safezero to unify the look/feel of the code paths.

Add a new boolean (resize) to safezero() to make the optional decision
whether to try syscall(SYS_fallocate) if the posix_fallocate fails because
HAVE_POSIX_FALLOCATE is not defined (eg, return -1 and errno == 0).

Create a local safezero_sys_fallocate in order to handle the resize
code paths that support that.  If not present, the set errno = ENOSYS
in order to allow the caller to handle the failure scenarios.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2014-12-16 13:11:35 -05:00
John Ferlan
214c687b97 virfile: Refactor safezero
Currently build conditionals decide which of two safezero() functions
should be built - either the posix_fallocate() or mmap() with a fallback
to a slower safewrite() algorithm in order to preallocate space in a raw file.

This patch will refactor safezero to utilize static functions for either
posix_fallocate or mmap/safewrite. The build conditional still exist, but
are only for shorter sections of code.

The posix_fallocate path will make use of the ret/errno setting to contain
the logic for safezero to decide whether it needs to fallback to other
algorithms. A return of -1 with errno not changed will indicate the conditional
is not present; otherwise, a return of -1 with errno change indicates the
call was made and it failed (no functional difference to current algorithm).

The mmap/safewrite option changes only slightly to handle the ftruncate
failure for mmap. That is, previously if the ftruncate failed, there was
no fallback to the slow safewrite option.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2014-12-16 13:11:35 -05:00
Martin Kletzander
1b7f8ca6bd Remove unnecessary curly brackets in src/util/
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-11-14 17:13:35 +01:00
Eric Blake
39871fce1a maint: avoid static zero init in core files
C guarantees that static variables are zero-initialized.  Some older
compilers (and also gcc -fno-zero-initialized-in-bss) create larger
binaries if you explicitly zero-initialize a static variable.

* src/libvirt.c: Fix initialization.
* src/util/viralloc.c: Likewise.
* src/util/virdbus.c: Likewise.
* src/util/virevent.c: Likewise.
* src/util/virfile.c (safezero): Likewise.
* src/util/virlog.c: Likewise.
* src/util/virnetlink.c: Likewise.
* src/util/virthread.h (VIR_ONCE_GLOBAL_INIT): Likewise.
* src/util/virprocess.c (virProcessGetStartTime): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-10-29 09:55:09 -06:00
Peter Krempa
92427948b3 maint: Prohibit "devname" by a syntax check rules
and tweak the code to avoid using it.
2014-10-01 16:39:01 +02:00
John Ferlan
8d44f924ce virfile: Resolve Coverity RESOURCE_LEAK
With the virGetGroupList() change in place - Coverity further complains
that if we fail to virFork(), the groups will be leaked - which aha seems
to be the case. Adjust the logic to save off the -errno, free the groups,
and then return the value we saved

Signed-off-by: John Ferlan <jferlan@redhat.com>
2014-09-12 06:12:50 -04:00
John Ferlan
6825bdad13 virfile: Resolve Coverity DEADCODE
Adjust the parentheses in/for the waitpid loops; otherwise, Coverity
points out:

(1) Event assignment:   Assigning: "waitret" = "waitpid(pid, &status, 0) == -1"
(2) Event between:      At condition "waitret == -1", the value of "waitret"
                        must be between 0 and 1.
(3) Event dead_error_condition:     The condition "waitret == -1" cannot
                        be true.
(4) Event dead_error_begin:     Execution cannot reach this statement:
                        "ret = -*__errno_location();".

Signed-off-by: John Ferlan <jferlan@redhat.com>
2014-09-11 08:03:37 -04:00
Eric Blake
625e04a86e maint: use hanging curly braces
Our style overwhelmingly uses hanging braces (the open brace
hangs at the end of the compound condition, rather than on
its own line), with the primary exception of the top level function
body.  Fix the few remaining outliers, before adding a syntax
check in a later patch.

* src/interface/interface_backend_netcf.c (netcfStateReload)
(netcfInterfaceClose, netcf_to_vir_err): Correct use of { in
compound statement.
* src/conf/domain_conf.c (virDomainHostdevDefFormatSubsys)
(virDomainHostdevDefFormatCaps): Likewise.
* src/network/bridge_driver.c (networkAllocateActualDevice):
Likewise.
* src/util/virfile.c (virBuildPathInternal): Likewise.
* src/util/virnetdev.c (virNetDevGetVirtualFunctions): Likewise.
* src/util/virnetdevmacvlan.c
(virNetDevMacVLanVPortProfileCallback): Likewise.
* src/util/virtypedparam.c (virTypedParameterAssign): Likewise.
* src/util/virutil.c (virGetWin32DirectoryRoot)
(virFileWaitForDevices): Likewise.
* src/vbox/vbox_common.c (vboxDumpNetwork): Likewise.
* tests/seclabeltest.c (main): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-09-04 15:18:43 -06:00
Guido Günther
ee2a7c5483 Don't fail qemu driver intialization if we can't determine hugepage size
Otherwise we fail like

  libvirt version: 1.2.7, package: 6 (root 2014-08-08-16:09:22 bogon)
  virAuditOpen:62 : Unable to initialize audit layer: Protocol not supported
  virFileGetDefaultHugepageSize:2958 : internal error: Unable to parse /proc/meminfo
  virStateInitialize:749 : Initialization of QEMU state driver failed: internal error: Unable to parse /proc/meminfo
  daemonRunStateInit:922 : Driver state initialization failed

if the data can't be determined.

Reference: http://bugs.debian.org/757609
2014-08-11 22:23:48 +02:00
Michal Privoznik
d26e810838 qemu: Make virFileFindHugeTLBFS fault tolerant
Since commit be0782e1 we are parsing /proc/meminfo to find out the
default huge page size. However, if the host we are running at does
not support any huge pages (e.g. CONFIG_HUGETLB_PAGE is turned off),
we will not successfully parse the meminfo file and hence the whole
qemu driver init process fails. Moreover, the default huge page size
is needed if and only if there's at least one hugetlbfs mount point.
So the fix consists of moving the virFileGetDefaultHugepageSize
function call after the first hugetlbfs mount point is found.

With this fix, we fail to start with one or more hugetlbfs mounts and
malformed meminfo file, but that's expected (how can one mount
hugetlbfs without kernel supporting huge pages?). Workaround in that
case is to umount all the hugetlbfs mounts.

Reported-by: Jim Fehlig <jfehlig@suse.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-08-06 17:31:08 +02:00
Michal Privoznik
be0782e199 Introduce virFileFindHugeTLBFS
This should iterate over mount tab and search for hugetlbfs among with
looking for the default value of huge pages.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-07-29 11:25:16 +01:00
Ján Tomko
f638c13ea4 Introduce virFileReadAllQuiet
Just like virFileReadAll, but returns -errno instead
of reporting errors. Useful for ignoring some errors.
2014-07-01 16:32:29 +02:00
Julio Faracco
1b14c449b8 util: use typedefs for enums in "src/util/" directory
In "src/util/" there are many enumeration (enum) declarations.
Sometimes, it's better using a typedef for variable types,
function types and other usages. Other enumeration will be
changed to typedef's in the future.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-05 14:30:01 -06:00
Eric Blake
eae00fb59a enforce sane readdir usage
Now that all clients have been adjusted, ensure that no future
misuse of readdir is introduced into the code base.

* cfg.mk (sc_prohibit_readdir): New rule.
* src/util/virfile.c (virDirRead): Exempt the wrapper.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-28 17:52:46 -06:00
Eric Blake
ac1d42ac72 util: use virDirRead API
In making the conversion to the new API, I fixed a couple bugs:
virSCSIDeviceGetSgName would leak memory if a directory
unexpectedly contained multiple entries;
virNetDevTapGetRealDeviceName could report a spurious error
from a stale errno inherited before starting the readdir search.

The decision on whether to store the result of virDirRead into
a variable is based on whether the end of the loop falls through
to cleanup code automatically.  In some cases, we have loops that
are documented to return NULL on failure, and which raise an
error on most failure paths but not in the case where the directory
was unexpectedly empty; it may be worth a followup patch to
explicitly report an error if readdir was successful but the
directory was empty, so that a NULL return always has an error set.

* src/util/vircgroup.c (virCgroupRemoveRecursively): Use new
interface.
(virCgroupKillRecursiveInternal, virCgroupSetOwner): Report
readdir failures.
* src/util/virfile.c (virFileLoopDeviceOpenSearch)
(virFileNBDDeviceFindUnused, virFileDeleteTree): Use new
interface.
* src/util/virnetdevtap.c (virNetDevTapGetRealDeviceName):
Properly check readdir errors.
* src/util/virpci.c (virPCIDeviceIterDevices)
(virPCIDeviceFileIterate, virPCIGetNetName): Report readdir
failures.
(virPCIDeviceAddressIOMMUGroupIterate): Use new interface.
* src/util/virscsi.c (virSCSIDeviceGetSgName): Report readdir
failures, and avoid memory leak.
(virSCSIDeviceGetDevName): Report readdir failures.
* src/util/virusb.c (virUSBDeviceSearch): Report readdir
failures.
* src/util/virutil.c (virGetFCHostNameByWWN)
(virFindFCHostCapableVport): Report readdir failures.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-28 17:52:45 -06:00
Natanael Copa
1ce2f1a434 util: introduce virDirRead wrapper for readdir
Introduce a wrapper for readdir. This helps us make sure that we always
set errno before calling readdir and it will make sure errors are
properly logged.

Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-28 17:52:45 -06:00
Nehal J Wani
7d84ca4649 Use virFileFindResource to locate iohelper for virFileWrapperFdNew
Instead of hardcoding LIBEXECDIR as the location of the libvirt_iohelper
binary, use virFileFindResource to optionally find it in the current
build directory.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 11:59:46 +01:00
Daniel P. Berrange
63a92e7220 Add helpers for resolving path to resources in build tree
Add virFileFindResource which will try to locate files
in the local build tree if the calling binary (eg libvirtd or
test suite) is being run from the build tree. The corresponding
virFileActivateDirOverride should be called at startup passing
in argv[0]. This will be examined for evidence of libtool magic
binary prefix / sub-directory in order to activate the override.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 11:42:28 +01:00
Nehal J Wani
3d5c29a17c Fix typos in src/*
Fix minor typos in source comments

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-21 16:49:08 -06:00
Eric Blake
91f349d8fd util: new virFileRelLinkPointsTo function
When checking if two filenames point to the same inode (whether
by hardlink or symlink), sometimes one of the names might be
relative.  This convenience function makes it easier to check.

* src/util/virfile.h (virFileRelLinkPointsTo): New prototype.
* src/util/virfile.c (virFileRelLinkPointsTo): New function.
* src/libvirt_private.syms (virfile.h): Export it.
* src/xen/xm_internal.c (xenXMDomainGetAutostart): Use it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-11 20:00:42 -06:00
Eric Blake
885ac290ea util: don't support loopback and nbd when setuid
The only remaining reason that virt-login-shell was trying to
link against virstoragefile was because of a call to
virStorageFileFormatTypeToString when spawning a qemu-nbd
process - but setuid processes shouldn't be spawning qemu-nbd.

* src/util/virfile.c (virFileLoopDeviceAssociate)
(virFileNBDDeviceAssociate): Cripple in setuid builds.
* src/Makefile.am (libvirt_setuid_rpc_client_la_SOURCES):
Drop virstoragefile from the list.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-01 10:38:14 -06:00
Eric Blake
5160ab795a util: move detection of shared filesystems
The code in virstoragefile.c is getting more complex as I
consolidate backing chain handling code.  But for the setuid
virt-login-shell, we don't need to crawl backing chains.  It's
easier to audit things for setuid security if there are fewer
files involved, so this patch moves the one function that
virFileOpen() was actually relying on to also live in virfile.c.

* src/util/virstoragefile.c (virStorageFileIsSharedFS)
(virStorageFileIsSharedFSType): Move...
* src/util/virfile.c (virFileIsSharedFS, virFileIsSharedFSType):
...to here, and rename.
(virFileOpenAs): Update caller.
* src/security/security_selinux.c
(virSecuritySELinuxSetFileconHelper)
(virSecuritySELinuxSetSecurityAllLabel)
(virSecuritySELinuxRestoreSecurityImageLabelInt): Likewise.
* src/security/security_dac.c
(virSecurityDACRestoreSecurityImageLabelInt): Likewise.
* src/qemu/qemu_driver.c (qemuOpenFileAs): Likewise.
* src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise.
* src/util/virstoragefile.h: Adjust declarations.
* src/util/virfile.h: Likewise.
* src/libvirt_private.syms (virfile.h, virstoragefile.h): Move
symbols as appropriate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-01 10:38:14 -06:00
Ján Tomko
bada4222e5 Indent top-level labels by one space in src/util/ 2014-03-25 14:58:40 +01:00
Daniel P. Berrange
2835c1e730 Add virLogSource variables to all source files
Any source file which calls the logging APIs now needs
to have a VIR_LOG_INIT("source.name") declaration at
the start of the file. This provides a static variable
of the virLogSource type.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:22 +00:00
Nehal J Wani
2250a2b5d2 Add parameter to wait for lock in file locking APIs
Our current pidfile acquire APis (virPidFileAcquire) simply return -1 upon
failure to acquire a lock. This patch adds a parameter 'bool waitForLock'
which instructs the APIs if we want to make it block and wait for the lock
or not.
2014-03-17 10:04:47 -06:00
Eric Blake
25f87817ab virFork: simplify semantics
The old semantics of virFork() violates the priciple of good
usability: it requires the caller to check the pid argument
after use, *even when virFork returned -1*, in order to properly
abort a child process that failed setup done immediately after
fork() - that is, the caller must call _exit() in the child.
While uses in virfile.c did this correctly, uses in 'virsh
lxc-enter-namespace' and 'virt-login-shell' would happily return
from the calling function in both the child and the parent,
leading to very confusing results. [Thankfully, I found the
problem by inspection, and can't actually trigger the double
return on error without an LD_PRELOAD library.]

It is much better if the semantics of virFork are impossible
to abuse.  Looking at virFork(), the parent could only ever
return -1 with a non-negative pid if it misused pthread_sigmask,
but this never happens.  Up until this patch series, the child
could return -1 with non-negative pid if it fails to set up
signals correctly, but we recently fixed that to make the child
call _exit() at that point instead of forcing the caller to do
it.  Thus, the return value and contents of the pid argument are
now redundant (a -1 return now happens only for failure to fork,
a child 0 return only happens for a successful 0 pid, and a
parent 0 return only happens for a successful non-zero pid),
so we might as well return the pid directly rather than an
integer of whether it succeeded or failed; this is also good
from the interface design perspective as users are already
familiar with fork() semantics.

One last change in this patch: before returning the pid directly,
I found cases where using virProcessWait unconditionally on a
cleanup path of a virFork's -1 pid return would be nicer if there
were a way to avoid it overwriting an earlier message.  While
such paths are a bit harder to come by with my change to a direct
pid return, I decided to keep the virProcessWait change in this
patch.

* src/util/vircommand.h (virFork): Change signature.
* src/util/vircommand.c (virFork): Guarantee that child will only
return on success, to simplify callers.  Return pid rather than
status, now that the situations are always the same.
(virExec): Adjust caller, also avoid open-coding process death.
* src/util/virprocess.c (virProcessWait): Tweak semantics when pid
is -1.
(virProcessRunInMountNamespace): Adjust caller.
* src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
(virDirCreate): Likewise.
* tools/virt-login-shell.c (main): Likewise.
* tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise.
* tests/commandtest.c (test23): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:32 -07:00
Eric Blake
c72e76c3d9 util: make it easier to grab only regular process exit
Right now, a caller waiting for a child process either requires
the child to have status 0, or must use WIFEXITED() and friends
itself.  But in many cases, we want the middle ground of treating
fatal signals as an error, and directly accessing the normal exit
value without having to use WEXITSTATUS(), in order to easily
detect an expected non-zero exit status.  This adds the middle
ground to the low-level virProcessWait; the next patch will add
it to virCommand.

* src/util/virprocess.h (virProcessWait): Alter signature.
* src/util/virprocess.c (virProcessWait): Add parameter.
(virProcessRunInMountNamespace): Adjust caller.
* src/util/vircommand.c (virCommandWait): Likewise.
* src/util/virfile.c (virFileAccessibleAs): Likewise.
* src/lxc/lxc_container.c (lxcContainerHasReboot)
(lxcContainerAvailable): Likewise.
* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
* tools/virt-login-shell.c (main): Likewise.
* tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise.
* tests/testutils.c (virtTestCaptureProgramOutput): Likewise.
* tests/commandtest.c (test23): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:31 -07:00
Daniel P. Berrange
c321bfc5c3 Add virFileMakeParentPath helper function
Add a helper function which takes a file path and ensures
that all directory components leading up to the file exist.
IOW, it strips the filename part of the path and passes
the result to virFileMakePath.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-18 12:39:06 +00:00
Daniel P. Berrange
84fd470d3d Fix bug in identifying sub-mounts
The code for extracting sub-mounts would just do a STRPREFIX
check on the mount. This was flawed because if there were
the following mounts

 /etc/aliases
 /etc/aliases.db

and '/etc/aliases' was asked for, it would return both even
though the latter isn't a sub-mount.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:49:01 +00:00
Daniel P. Berrange
d45b833d14 Pull lxcContainerGetSubtree out into shared virfile module
Move the code for lxcContainerGetSubtree into the virfile
module creating 2 new functions

  int virFileGetMountSubtree(const char *mtabpath,
                             const char *prefix,
                             char ***mountsret,
                             size_t *nmountsret);
  int virFileGetMountReverseSubtree(const char *mtabpath,
                                    const char *prefix,
                                    char ***mountsret,
                                    size_t *nmountsret);

Add a new virfiletest.c test case to validate the new code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-28 11:49:01 +00:00
Eric Blake
5327fad4f2 storage: avoid short reads while chasing backing chain
Our backing file chain code was not very robust to an ill-timed
EINTR, which could lead to a short read causing us to randomly
treat metadata differently than usual.  But the existing
virFileReadLimFD forces an error if we don't read the entire
file, even though we only care about the header of the file.
So add a new virFile function that does what we want.

* src/util/virfile.h (virFileReadHeaderFD): New prototype.
* src/util/virfile.c (virFileReadHeaderFD): New function.
* src/libvirt_private.syms (virfile.h): Export it.
* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
(virStorageFileProbeFormatFromFD): Use it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 17:14:02 -07:00
Daniel P. Berrange
ccacd4fe3b Add virFileIsMountPoint function
Add a function for efficiently checking if a path is a filesystem
mount point.

NB will not work for bind mounts, only true filesystem mounts.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-05 15:51:47 +08:00
Daniel P. Berrange
9b0af09240 Remove (nearly) all use of getuid()/getgid()
Most of the usage of getuid()/getgid() is in cases where we are
considering what privileges we have. As such the code should be
using the effective IDs, not real IDs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
1e4a02bdfe Remove all direct use of getenv
Unconditional use of getenv is not secure in setuid env.
While not all libvirt code runs in a setuid env (since
much of it only exists inside libvirtd) this is not always
clear to developers. So make all the code paranoid, even
if it only ever runs inside libvirtd.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Daniel P. Berrange
64d4eb6a50 Add log statement when NBD device is setup
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-16 12:22:40 +01:00
Oskari Saarenmaa
b63a1d0e95 virfile: safezero: fix buffer allocation max size
My previous commit 7dc1d4ab was supposed to change safezero to allocate
1 megabyte at maximum, but had the logic reversed and will allocate 1
megabyte at minimum (and a lot more at maximum.)

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-10-04 16:10:27 +02:00
Oskari Saarenmaa
7dc1d4ab89 virfile: safezero: fall back to writing block by block if mmap fails
mmap can fail on 32-bit systems if we're trying to zero out a lot of data.
Fall back to using block-by-block writing in that case.  While we could map
smaller blocks it's unlikely that this code is used a lot and its easier to
just fall back to one of the existing methods.

Also modified the block-by-block zeroing to not allocate a megabyte of
zeroes if we're writing less than that.

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-10-04 08:22:36 +02:00
Oskari Saarenmaa
edc61bf63e virfile: safezero: align mmap offset to page size
mmap's offset must be aligned to page size or mapping will fail.
mmap-based safezero is only used if posix_fallocate isn't available.

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-09-30 15:18:13 +02:00
Peter Krempa
4baa8d7637 cleanup: Kill usage of access(PATH, F_OK) in favor of virFileExists()
Semantics of the libvirt helper are more clear. This change also allows
to clean up some pieces of code.
2013-09-16 10:37:39 +02:00
Peter Krempa
d66e7ce616 util: Declare that virFileExists shall honor errno
Explicitly state that some parts of the code may require virFileExists
to set or preserve a correct errno so that future modifications don't
break.
2013-09-16 08:57:26 +02:00
Ian Main
9ba230d4f2 Use loop-control to allocate loop device.
This patch changes virFileLoopDeviceOpen() to use the new loop-control
device to allocate a new loop device.  If this behavior is unsupported
we fall back to the previous method of searching /dev for a free device.

With this patch you can start as many image based LXC domains as you
like (well almost).

Fixes bug https://bugzilla.redhat.com/show_bug.cgi?id=995543
2013-09-05 12:31:08 +01:00
Michal Privoznik
2dba0323ff virFileNBDDeviceAssociate: Avoid use of uninitialized variable
The @qemunbd variable can be used uninitialized.
2013-09-04 08:47:01 +02:00
Daniel P. Berrange
68a9637b2c Make check for /dev/loop device names stricter to avoid /dev/loop-control
Recentish (2011) kernels introduced a new device called /dev/loop-control,
which causes libvirt's detection of loop devices to get confused
since it only checks for a prefix of 'loop'. Also check that the
next character is a digit

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 17:43:10 +01:00
Eric Blake
ee777e9949 util: make virSetUIDGID async-signal-safe
https://bugzilla.redhat.com/show_bug.cgi?id=964358

POSIX states that multi-threaded apps should not use functions
that are not async-signal-safe between fork and exec, yet we
were using getpwuid_r and initgroups.  Although rare, it is
possible to hit deadlock in the child, when it tries to grab
a mutex that was already held by another thread in the parent.
I actually hit this deadlock when testing multiple domains
being started in parallel with a command hook, with the following
backtrace in the child:

 Thread 1 (Thread 0x7fd56bbf2700 (LWP 3212)):
 #0  __lll_lock_wait ()
     at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
 #1  0x00007fd5761e7388 in _L_lock_854 () from /lib64/libpthread.so.0
 #2  0x00007fd5761e7257 in __pthread_mutex_lock (mutex=0x7fd56be00360)
     at pthread_mutex_lock.c:61
 #3  0x00007fd56bbf9fc5 in _nss_files_getpwuid_r (uid=0, result=0x7fd56bbf0c70,
     buffer=0x7fd55c2a65f0 "", buflen=1024, errnop=0x7fd56bbf25b8)
     at nss_files/files-pwd.c:40
 #4  0x00007fd575aeff1d in __getpwuid_r (uid=0, resbuf=0x7fd56bbf0c70,
     buffer=0x7fd55c2a65f0 "", buflen=1024, result=0x7fd56bbf0cb0)
     at ../nss/getXXbyYY_r.c:253
 #5  0x00007fd578aebafc in virSetUIDGID (uid=0, gid=0) at util/virutil.c:1031
 #6  0x00007fd578aebf43 in virSetUIDGIDWithCaps (uid=0, gid=0, capBits=0,
     clearExistingCaps=true) at util/virutil.c:1388
 #7  0x00007fd578a9a20b in virExec (cmd=0x7fd55c231f10) at util/vircommand.c:654
 #8  0x00007fd578a9dfa2 in virCommandRunAsync (cmd=0x7fd55c231f10, pid=0x0)
     at util/vircommand.c:2247
 #9  0x00007fd578a9d74e in virCommandRun (cmd=0x7fd55c231f10, exitstatus=0x0)
     at util/vircommand.c:2100
 #10 0x00007fd56326fde5 in qemuProcessStart (conn=0x7fd53c000df0,
     driver=0x7fd55c0dc4f0, vm=0x7fd54800b100, migrateFrom=0x0, stdin_fd=-1,
     stdin_path=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
     flags=1) at qemu/qemu_process.c:3694
 ...

The solution is to split the work of getpwuid_r/initgroups into the
unsafe portions (getgrouplist, called pre-fork) and safe portions
(setgroups, called post-fork).

* src/util/virutil.h (virSetUIDGID, virSetUIDGIDWithCaps): Adjust
signature.
* src/util/virutil.c (virSetUIDGID): Add parameters.
(virSetUIDGIDWithCaps): Adjust clients.
* src/util/vircommand.c (virExec): Likewise.
* src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
(virDirCreate): Likewise.
* src/security/security_dac.c (virSecurityDACSetProcessLabel):
Likewise.
* src/lxc/lxc_container.c (lxcContainerSetID): Likewise.
* configure.ac (AC_CHECK_FUNCS_ONCE): Check for setgroups, not
initgroups.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-11 15:46:42 -06:00
Michal Privoznik
a2f8babc7d Adapt to VIR_ALLOC and virAsprintf in src/util/* 2013-07-10 11:07:33 +02:00
Daniel P. Berrange
a261996255 Introduce virFilePrintf() as a portable fprintf()
We can't use GNULIB's fprintf-posix due to licensing
incompatibilities. We do already have a portable
formatting via virAsprintf() which we got from GNULIB
though. We can use to create a virFilePrintf() function.

But really gnulib could just provide a 'fprintf'
module, that depended on just its 'asprintf' module.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-31 10:51:33 -06:00
Michal Privoznik
f48ba88b35 Adapt to VIR_STRDUP and VIR_STRNDUP in src/util/* 2013-05-24 10:10:03 +02:00
Daniel P. Berrange
ec04914c47 Add missing c-ctype.h to virfile.c
The virfile.c file uses c_isalpha on Win32 platforms, so must
include c-ctype.h

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-17 17:09:29 +01:00
Daniel P. Berrange
8aabd597b3 Add a helper API for setting up a NBD device with qemu-nbd
Add a virFileNBDDeviceAssociate method, which given a filename
will setup a NBD device, using qemu-nbd as the server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-13 13:15:19 +01:00
Daniel P. Berrange
1eeff53d7d Fix error handling of readdir() in virFileLoopDeviceOpen
To correctly handle errors from readdir() you must set 'errno'
to zero before invoking it & check its value afterwards to
distinguish error from EOF.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-13 13:15:19 +01:00
Eric Blake
d34ef01779 build: fix use of mmap
Commit bfe7721d introduced a regression, but only on platforms
like FreeBSD that lack posix_fallocate and where mmap serves as
a nice fallback for safezero.

util/virfile.c: In function 'safezero':
util/virfile.c:837: error: 'PROT_READ' undeclared (first use in this function)

* src/util/virutil.c (includes): Move use of <sys/mman.h>...
* src/util/virfile.c (includes): ...to the file that uses mmap.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-10 20:52:57 -06:00
Laine Stump
bfe7721d50 util: move virFile* functions from virutil.c to virfile.c
These all existed before virfile.c was created, and for some reason
weren't moved.

This is mostly straightfoward, although the syntax rule prohibiting
write() had to be changed to have an exception for virfile.c instead
of virutil.c.

This movement pointed out that there is a function called
virBuildPath(), and another almost identical function called
virFileBuildPath(). They really should be a single function, which
I'll take care of as soon as I figure out what the arglist should look
like.
2013-05-10 13:09:30 -04:00
Michal Privoznik
7c9a2d88cd virutil: Move string related functions to virstring.c
The source code base needs to be adapted as well. Some files
include virutil.h just for the string related functions (here,
the include is substituted to match the new file), some include
virutil.h without any need (here, the include is removed), and
some require both.
2013-05-02 16:56:55 +02:00
Daniel P. Berrange
035cdaa00b Introduce a virFileDeleteTree method
Introduce a method virFileDeleteTree for recursively deleting
an entire directory tree

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:31 +01:00
Daniel P. Berrange
564e7d38a2 Don't import loop.h unless HAVE_DECL_LO_FLAGS_AUTOCLEAR is defined
The loop.h on RHEL4 is broken and cannot be imported. We already
detect this in configure as a side-effect of looking for whether
LO_FLAGS_AUTOCLEAR is available. We protected the impl with
HAVE_DECL_LO_FLAGS_AUTOCLEAR, but not the header import

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-07 18:07:27 +00:00
Michal Privoznik
4ca6f5089f Drop useless virFileWrapperFdCatchError
We are requesting for stderr catching for all cases in
virFileWrapperFdNew(). There is no need to have a separate
function just to report an error, esp. when we can do it in
virFileWrapperFdClose().
2013-02-08 09:11:51 +01:00
Michal Privoznik
1f25194ad1 virFileWrapperFd: Switch to new virCommandDoAsyncIO
Commit 34e8f63a32 introduced support for catching errors from
libvirt iohelper. However, at those times there wasn't such fancy
API as virCommandDoAsyncIO(), so everything has to be implemented
on our own. But since we do have the API now, we can use it and
drop our implementation then.
2013-02-05 15:45:21 +01:00
John Ferlan
50adf8271d virfile: Need to initialize 'looppath'
It was possible to call VIR_FREE in cleanup prior to initialization.
2013-01-22 17:29:25 +01:00
Daniel P. Berrange
f24404a324 Rename virterror.c virterror_internal.h to virerror.{c,h} 2012-12-21 11:19:50 +00:00
Daniel P. Berrange
ab9b7ec2f6 Rename memory.{c,h} to viralloc.{c,h} 2012-12-21 11:17:14 +00:00
Daniel P. Berrange
936d95d347 Rename logging.{c,h} to virlog.{c,h} 2012-12-21 11:17:14 +00:00
Daniel P. Berrange
04d9510f50 Rename command.{c,h} to vircommand.{c,h} 2012-12-21 11:17:13 +00:00
Ján Tomko
7794e02c56 util: check for NULL parameter in virFileWrapperFdCatchError
This reverts 8927c0e qemu: fix a crash when save file can't be opened
and allows virFileWrapperFdCatchError to be called with NULL instead.
2012-11-29 00:00:39 +08:00
Michal Privoznik
34e8f63a32 qemu: Report errors from iohelper
Currently, we use iohelper when saving/restoring a domain.
However, if there's some kind of error (like I/O) it is not
propagated to libvirt. Since it is not qemu who is doing
the actual write() it will not get error. The iohelper does.
Therefore we should check for iohelper errors as it makes
libvirt more user friendly.
2012-10-29 17:04:26 +01:00
Eric Blake
4ecb723b9e maint: fix up copyright notice inconsistencies
https://www.gnu.org/licenses/gpl-howto.html recommends that
the 'If not, see <url>.' phrase be a separate sentence.

* tests/securityselinuxhelper.c: Remove doubled line.
* tests/securityselinuxtest.c: Likewise.
* globally: s/;  If/.  If/
2012-09-20 16:30:55 -06:00
Eric Blake
77de1f3573 build: work with older RHEL 5 kernel
We already skip out on building the LXC under RHEL 5, because the
kernel is too old (commits 4c18acf, 2dee896); but commit 9612e4b
moved some LXC-only code into common files, resulting in this
build failure:

util/virfile.c: In function 'virFileLoopDeviceAssociate':
util/virfile.c:580: error: 'LO_FLAGS_AUTOCLEAR' undeclared (first use in this function)

Unfortunately, the kernel folks only made it an enum, rather than
also a #define, so we have to modify configure.ac to record when
it is usable.

* configure.ac (with_lxc): Mark when LO_FLAGS_AUTOCLEAR was found.
* src/util/virfile.c (virFileLoopDeviceAssociate): Avoid
compilation when kernel is too old.
2012-08-21 12:07:00 -06:00
Daniel P. Berrange
0c9fd4cfe9 Rewrite virAtomic APIs using GLib's atomic ops code
There are a few issues with the current virAtomic APIs

 - They require use of a virAtomicInt struct instead of a plain
   int type
 - Several of the methods do not implement memory barriers
 - The methods do not implement compiler re-ordering barriers
 - There is no Win32 native impl

The GLib library has a nice LGPLv2+ licensed impl of atomic
ops that works with GCC, Win32, or pthreads.h that addresses
all these problems. The main downside to their code is that
the pthreads impl uses a single global mutex, instead of
a per-variable mutex. Given that it does have a Win32 impl
though, we don't expect anyone to seriously use the pthread.h
impl, so this downside is not significant.

* .gitignore: Ignore test case
* configure.ac: Check for which atomic ops impl to use
* src/Makefile.am: Add viratomic.c
* src/nwfilter/nwfilter_dhcpsnoop.c: Switch to new atomic
  ops APIs and plain int datatype
* src/util/viratomic.h: inline impls of all atomic ops
  for GCC, Win32 and pthreads
* src/util/viratomic.c: Global pthreads mutex for atomic
  ops
* tests/viratomictest.c: Test validate to validate safety
  of atomic ops.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-02 11:50:59 +01:00
Osier Yang
f9ce7dad60 Desert the FSF address in copyright
Per the FSF address could be changed from time to time, and GNU
recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)

  You should have received a copy of the GNU General Public License
  along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

This patch removes the explicit FSF address, and uses above instead
(of course, with inserting 'Lesser' before 'General').

Except a bunch of files for security driver, all others are changed
automatically, the copyright for securify files are not complete,
that's why to do it manually:

  src/security/security_selinux.h
  src/security/security_driver.h
  src/security/security_selinux.c
  src/security/security_apparmor.h
  src/security/security_apparmor.c
  src/security/security_driver.c
2012-07-23 10:50:50 +08:00
Daniel P. Berrange
f6d4405e3c Convert (nearly) all files in src/util/ to use virReportError()
This removes nearly all the per-file error reporting macros
from the code in src/util/. A few custom macros remain for the
case, where the file needs to report errors with a variety of
different codes or parameters

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-18 16:31:35 +01:00
Eric Blake
56f34e5573 build: fix typo that breaks non-Linux builds
Commit 9612e4b2 introduced a typo and unused variable that break
non-Linux builds.

* src/util/virfile.c (virFileLoopDeviceAssociate): Fix syntax error.
2012-07-09 15:50:59 -06:00
Daniel P. Berrange
9612e4b2e7 Move loop device setup code into virfile.{c,h}
While it is not currently used elsewhere in libvirt, the code
for finding a free loop device & associating a file with it
is not LXC specific. Move it into the viffile.{c,h} file where
potentially shared code is more commonly kept.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-05 10:46:10 +01:00
Jiri Denemark
d581313acf util: Fix deadlock in virLogReset
When libvirtd forks off a new child, the child then calls virLogReset(),
which ends up closing file descriptors used as log outputs. However, we
recently started logging closed file descriptors, which means we need to
lock logging mutex which was already locked by virLogReset(). We don't
really want to log anything when we are in the process of closing log
outputs.
2012-06-08 10:09:54 +02:00
Jiri Denemark
dfd4584317 file: Log closing filedescriptors
EBADF errors are logged as warnings as they normally indicate a double
close bug. This patch also provides VIR_MASS_CLOSE helper to be user in
the only case of mass close after fork when EBADF should rather be
ignored.
2012-06-04 16:28:15 +02:00
Jiri Denemark
9d2ac5453e qemu: Make sure qemu can access its directory in hugetlbfs
When libvirtd is started, we create "libvirt/qemu" directories under
hugetlbfs mount point. Only the "qemu" subdirectory is chowned to qemu
user and "libvirt" remains owned by root. If umask was too restrictive
when libvirtd started, qemu user may lose access to "qemu"
subdirectory. Let's explicitly grant search permissions to "libvirt"
directory for all users.
2012-04-30 08:17:40 +02:00
Jiri Denemark
afe6e58aed util: Generalize virFileDirectFd
virFileDirectFd was used for accessing files opened with O_DIRECT using
libvirt_iohelper. We will want to use the helper for accessing files
regardless on O_DIRECT and thus virFileDirectFd was generalized and
renamed to virFileWrapperFd.
2012-02-08 11:26:20 +01:00
Daniel P. Berrange
ef7efbc6ef Add virFileTouch for creating empty files
Add a virFileTouch API which ensures that a file will always
exist, even if zero length

* src/util/virfile.c, src/util/virfile.h,
  src/libvirt_private.syms: Introduce virFileTouch
2012-01-25 14:11:03 +00:00
Jiri Denemark
559644ddd2 Introduce virFileRewrite for safe file rewrite
When saving config files we just overwrite old content of the file. In
case something fails during that process (e.g. disk gets full) we lose
both old and new content. This patch makes the process more robust by
writing the new content into a separate file and only if that succeeds
the original file is atomically replaced with the new one.
2011-10-27 20:11:24 +02:00
Stefan Berger
f4765b691d maint: fix some compilation issues on non-linux platforms
This patch fixes *some* compilation issues on non-Linux platforms (cygwin).
2011-08-16 13:54:15 -04:00
Daniel P. Berrange
e48427051d Add virFileLock and virFileUnlock APIs
Add some simple wrappers around the fcntl() discretionary file
locking capability.

* src/util/util.c, src/util/util.h, src/libvirt_private.syms: Add
  virFileLock and virFileUnlock APIs
2011-08-12 20:37:00 +01:00
Eric Blake
519a1c4379 save: add virFileDirectFd wrapper type
O_DIRECT has stringent requirements.  Rather than make lots of changes
at each site that wants to use O_DIRECT, it is easier to offload
the work through a helper process that mirrors the I/O between a
pipe and the actual direct fd, so that the other end of the pipe
no longer has to worry about constraints.

Plus, if the kernel ever gains better posix_fadvise support, then we
only have to touch a single file to let all callers benefit from a
more efficient way to avoid file system caching.

* src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
(virFileDirectFdClose, virFileDirectFdFree): New prototypes.
* src/util/virdirect.c: Implement new wrapper object.
* src/libvirt_private.syms (virfile.h): Export new symbols.
* cfg.mk (useless_free_options): Add to list.
* po/POTFILES.in: Add new translations.
2011-07-21 16:24:08 -06:00
Eric Blake
8e22e08935 build: rename files.h to virfile.h
In preparation for a future patch adding new virFile APIs.

* src/util/files.h, src/util/files.c: Move...
* src/util/virfile.h, src/util/virfile.c: ...here, and rename
functions to virFile prefix.  Macro names are intentionally
left alone.
* *.c: All '#include "files.h"' uses changed.
* src/Makefile.am (UTIL_SOURCES): Reflect rename.
* cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise.
* src/libvirt_private.syms: Likewise.
* docs/hacking.html.in: Likewise.
* HACKING: Regenerate.
2011-07-21 10:34:51 -06:00