Commit Graph

605 Commits

Author SHA1 Message Date
Eric Blake
f43bb1dc20 build: cast [ug]id_t when printing
This is a recurring problem for cygwin :)
For example, see commit 23a4df88.

qemu/qemu_driver.c: In function 'qemuStateInitialize':
qemu/qemu_driver.c:691:13: error: format '%d' expects type 'int', but argument 8 has type 'uid_t' [-Wformat]

* src/qemu/qemu_driver.c (qemuStateInitialize): Add casts.
* daemon/remote.c (remoteDispatchAuthList): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-30 10:36:16 -06:00
Osier Yang
e25ca77303 daemon: Remove the whitespace before ";" 2013-05-21 23:41:45 +08:00
Eric Blake
d7f53c7b97 maint: use LGPL correctly
Several files called out COPYING or COPYING.LIB instead of using
the normal boilerplate.  It's especially important that we don't
call out COPYING from an LGPL file, since COPYING is traditionally
used for the GPL.  A few files were lacking copyright altogether.

* src/rpc/gendispatch.pl: Add missing copyright.
* Makefile.nonreentrant: Likewise.
* src/check-symfile.pl: Likewise.
* src/check-symsorting.pl: Likewise.
* src/driver.h: Likewise.
* src/internal.h: Likewise.
* tools/libvirt-guests.sh.in: Likewise.
* tools/virt-pki-validate.in: Mention copyright in comment, not just code.
* tools/virt-sanlock-cleanup.in: Likewise.
* src/rpc/genprotocol.pl: Spell out license terms.
* src/xen/xend_internal.h: Likewise.
* src/xen/xend_internal.c: Likewise.
* Makefile.am: Likewise.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* docs/schemas/Makefile.am: Likewise.
* examples/apparmor/Makefile.am: Likewise.
* examples/domain-events/events-c/Makefile.am: Likewise.
* examples/dominfo/Makefile.am: Likewise.
* examples/domsuspend/Makefile.am: Likewise.
* examples/hellolibvirt/Makefile.am: Likewise.
* examples/openauth/Makefile.am: Likewise.
* examples/python/Makefile.am: Likewise.
* examples/systemtap/Makefile.am: Likewise.
* examples/xml/nwfilter/Makefile.am: Likewise.
* gnulib/lib/Makefile.am: Likewise.
* gnulib/tests/Makefile.am: Likewise.
* include/Makefile.am: Likewise.
* include/libvirt/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* python/tests/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.
* configure.ac: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-20 14:03:48 -06:00
Jiri Denemark
4734f1f53b Fix build with VirtualBox
Commit ba5f3c7c moved vbox driver into libvirtd but forgot to adapt
daemon's Makefile.am.
2013-05-16 23:01:43 +02:00
Daniel P. Berrange
ba5f3c7c8e Move VirtualBox driver into libvirtd
Change the build process & driver initialization so that the
VirtualBox driver is built into libvirtd, instead of libvirt.so
This change avoids the VirtualBox GPLv2-only license causing
compatibility problems with libvirt.so which is under the
GPLv2-or-later license.

NB this change prevents use of the VirtualBox driver on the
Windows platform, until such time as libvirtd can be made
to work there.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-16 16:28:53 +01:00
Ján Tomko
ca697e90d5 daemon: fix leak after listing all volumes
CVE-2013-1962

remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool.
The pool also held a reference to the connection, preventing it from
getting freed and closing the netcf interface driver, which held two
sockets open.
2013-05-16 15:59:37 +02:00
Daniel P. Berrange
71b54636f0 Don't duplicate compiler warning flags when linking
Automake already passes all CFLAGS to the linker too, so it
is not necessary to set WARN_LDFLAGS in addition to the
WARN_CFLAGS variable.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-14 15:02:37 +01:00
Jim Fehlig
442eb2ba29 build: fix build with old polkit0
Commit 979e9c56 missed one case of providing the timestamp
parameter to virNetServerClientGetUNIXIdentity() when WITH_POLKIT0
is defined.
2013-05-09 09:53:42 -06:00
Daniel P. Berrange
ead630319d Separate virGetHostname() API contract from driver APIs
Currently the virGetHostname() API has a bogus virConnectPtr
parameter. This is because virtualization drivers directly
reference this API in their virDriverPtr tables, tieing its
API design to the public virConnectGetHostname API design.

This also causes problems for access control checks since
these must only be done for invocations from the public
API, not internal invocation.

Remove the bogus virConnectPtr parameter, and make each
hypervisor driver provide a dedicated function for the
driver API impl. This will allow access control checks
to be easily inserted later.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:47 +01:00
Daniel P. Berrange
979e9c56a7 Include process start time when doing polkit checks
Since PIDs can be reused, polkit prefers to be given
a (PID,start time) pair. If given a PID on its own,
it will attempt to lookup the start time in /proc/pid/stat,
though this is subject to races.

It is safer if the client app resolves the PID start
time itself, because as long as the app has the client
socket open, the client PID won't be reused.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:45 +01:00
Michal Privoznik
a54434f4ba Adapt to VIR_STRDUP and VIR_STRNDUP in daemon/* 2013-05-05 12:17:12 +02:00
Daniel P. Berrange
329b7602a1 More paranoid initialization of 'nparams' variable in dispatch code
Since the 'nparams' variable passed to virTypedParametersFree is
supposed to represent the size of the 'params' array, it is bad
practice to initialize it to a non-zero value, until the array
has been allocated.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-03 10:29:07 +01:00
Michal Privoznik
7c9a2d88cd virutil: Move string related functions to virstring.c
The source code base needs to be adapted as well. Some files
include virutil.h just for the string related functions (here,
the include is substituted to match the new file), some include
virutil.h without any need (here, the include is removed), and
some require both.
2013-05-02 16:56:55 +02:00
Daniel P. Berrange
abe038cfc0 Extend previous check to validate driver struct field names
Ensure that the driver struct field names match the public
API names. For an API virXXXX we must have a driver struct
field xXXXX. ie strip the leading 'vir' and lowercase any
leading uppercase letters.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:59:53 +01:00
Daniel P. Berrange
bb03636827 Make naming of remote procedures match API names exactly
A number of the remote procedure names did not match the
corresponding API names. For example, many lacked the
word 'CONNECT', others re-arranged the names. Update the
procedures so their names exactly match the API names.
Then remove the special case handling of these APIs in
the generator

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:33:10 +01:00
Daniel P. Berrange
6da982be65 Cleanup command line options in gendispatch.pl
There are many declared options in gendispatch.pl that were
no longer used. Those which were used were obscure '-b', '-k'
and '-d'. Switch to use --mode={debug|client|server}.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:32:59 +01:00
Eric Blake
1bf25ba249 docs: fix usage of 'onto'
http://www.uhv.edu/ac/newsletters/writing/grammartip2009.07.01.htm
(and several other sites) give hints that 'onto' is best used if
you can also add 'up' just before it and still make sense. In many
cases in the code base, we really want the two-word form, or even
a simplification to just 'on' or 'to'.

* docs/hacking.html.in: Use correct 'on to'.
* python/libvirt-override.c: Likewise.
* src/lxc/lxc_controller.c: Likewise.
* src/util/virpci.c: Likewise.
* daemon/THREADS.txt: Use simpler 'on'.
* docs/formatdomain.html.in: Better usage.
* docs/internals/rpc.html.in: Likewise.
* src/conf/domain_event.c: Likewise.
* src/rpc/virnetclient.c: Likewise.
* tests/qemumonitortestutils.c: Likewise.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-04-19 14:31:16 -06:00
Osier Yang
1d69c6334b syntax-check: Don't include public headers in internal source
Directories python/tools/examples should include them in <> form,
though this patch allows "" form in these directories by excluding
them, a later patch will do the cleanup.
2013-04-18 11:24:46 +08:00
Osier Yang
bc95be5dea cleanup: Remove the duplicate header
Detected by a simple Shell script:

for i in $(git ls-files -- '*.[ch]'); do
    awk 'BEGIN {
        fail=0
    }
    /# *include.*\.h/{
        match($0, /["<][^">]*[">]/)
        arr[substr($0, RSTART+1, RLENGTH-2)]++
    }
    END {
        for (key in arr) {
            if (arr[key] > 1) {
                fail=1
                printf("%d %s\n", arr[key], key)
            }
        }
        if (fail == 1)
            exit 1
    }' $i

    if test $? != 0; then
        echo "Duplicate header(s) in $i"
    fi
done;

A later patch will add the syntax-check to avoid duplicate
headers.
2013-04-17 15:49:35 +08:00
Daniel P. Berrange
e7b0382945 Tweak EOF handling of streams
Typically when you get EOF on a stream, poll will return
POLLIN|POLLHUP at the same time. Thus when we deal with
stream reads, if we see EOF during the read, we can then
clear the VIR_STREAM_EVENT_HANGUP & VIR_STREAM_EVENT_ERROR
event bits.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-12 11:27:57 +01:00
Daniel P. Berrange
fc8c1787d8 Enable full RELRO mode
By passing the flags -z relro -z now to the linker, we can force
it to resolve all library symbols at startup, instead of on-demand.
This allows it to then make the global offset table (GOT) read-only,
which makes some security attacks harder.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 16:19:35 +01:00
Daniel P. Berrange
1150999ca4 Build all binaries with PIE
PIE (position independent executable) adds security to executables
by composing them entirely of position-independent code (PIC. The
.so libraries already build with -fPIC. This adds -fPIE which is
the equivalent to -fPIC, but for executables. This for allows Exec
Shield to use address space layout randomization to prevent attackers
from knowing where existing executable code is during a security
attack using exploits that rely on knowing the offset of the
executable code in the binary, such as return-to-libc attacks.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 16:19:35 +01:00
Daniel P. Berrange
be27de6e8d Remove hack using existance of an 'identity' string to disable auth
Currently the server determines whether authentication of clients
is complete, by checking whether an identity is set. This patch
removes that lame hack and replaces it with an explicit method
for changing the client auth code

* daemon/remote.c: Update for new APis
* src/libvirt_private.syms, src/rpc/virnetserverclient.c,
  src/rpc/virnetserverclient.h: Remove virNetServerClientGetIdentity
  and virNetServerClientSetIdentity, adding a new method
  virNetServerClientSetAuth.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-12 18:07:17 +00:00
Fritz Elfert
443ec5c8c3 libvirt does not logout of iscsi targets, causing system hang on shutdown
There's a quite old bug entry here:

https://bugzilla.redhat.com/show_bug.cgi?id=700010

I just stumbled over that very issue on F18. Doing a little bit
debugging of the shutdown sequence, it turns out that - at least on my
F18 installation - libvirtd is shutdown *after* iscsid, which makes it
impossible for libvirt to perform the logout of the iscsi session properly.

This patch simply adds another startup dependancy on iscsid.service
which in turn delays iscsid shutdown until after libvirtd has stopped.
Having that applied, the system shuts down properly again.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-03-04 06:28:57 -07:00
Jiri Denemark
34fd94278a remote: Implement virDomainGetJobStats 2013-02-22 17:35:58 +01:00
Jiri Denemark
b8a32e0e94 build: Regenerate man pages on version bump
Whenever libvirt version changes in configure.ac, we need to regenerate
man pages so that they contain correct version info.
2013-01-29 13:23:19 +01:00
Jiri Denemark
de78bf604c Introduce virTypedParamsClear public API
The function is just a renamed public version of former
virTypedParameterArrayClear.
2013-01-18 15:04:00 +01:00
Hu Tao
47e1767725 call virstateCleanup to do the cleanup before libvirtd exits 2013-01-16 17:18:59 -07:00
Daniel P. Berrange
509eb51e7c Implement the RPC protocol for the libvirt-lxc.la library
Add the infrastructure for the libvirt-lxc.la library to
the remote protocol client and daemon

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-15 18:16:53 +00:00
Daniel P. Berrange
3d1596b048 Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.

The actual APIs are

  int virDomainLxcOpenNamespace(virDomainPtr domain,
                                int **fdlist,
                                unsigned int flags);

  int virDomainLxcEnterNamespace(virDomainPtr domain,
                                 unsigned int nfdlist,
                                 int *fdlist,
                                 unsigned int *noldfdlist,
                                 int **oldfdlist,
                                 unsigned int flags);

which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.

NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:58:34 +00:00
Daniel P. Berrange
cf7ac00ebd Rename HAVE_POLKIT to WITH_POLKIT 2013-01-14 13:29:55 +00:00
Daniel P. Berrange
bccd4a8cbc Rename HAVE_GNUTLS to WITH_GNUTLS 2013-01-14 13:26:47 +00:00
Daniel P. Berrange
321a7d53f3 Convert HAVE_SASL to WITH_SASL
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Eric Blake
7cc522beb6 maint: distribute libvirtd.service.in
I did a build --without-libvirtd, then ran 'make dist'.  The
resulting tarball was broken, with a complaint that make did not
know how to create libvirtd.service.in.  I traced it to a use
of EXTRA_DIST inside a conditional.

* daemon/Makefile.am (EXTRA_DIST): Hoist libvirtd.service.in
outside of WITH_LIBVIRTD conditional.
2013-01-09 14:36:25 -07:00
Daniel P. Berrange
f587c27768 Make TLS support conditional
Add checks for existence of GNUTLS and automatically disable
it if not found.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 20:57:31 +00:00
Eric Blake
a1fd56cb30 build: install libvirt sysctl file correctly
https://bugzilla.redhat.com/show_bug.cgi?id=887017 reports that
even though libvirt attempts to set fs.aio-max-nr via sysctl,
the file was installed with the wrong name and gets ignored by
sysctl.  Furthermore, 'man systcl.d' recommends that packages
install into hard-coded /usr/lib/sysctl.d (even when libdir is
/usr/lib64), so that sysadmins can use /etc/sysctl.d for overrides.

* daemon/Makefile.am (install-sysctl, uninstall-sysctl): Use
correct location.
* libvirt.spec.in (network_files): Reflect this.
2013-01-07 08:56:37 -07:00
Eric Blake
5ec4b22b77 build: .service files don't need to be executable
See also commit 66ff2dd, where we avoided installing these files
as executables.

* daemon/Makefile.am (libvirtd.service): Drop chmod.
* tools/Makefile.am (libvirt-guests.service): Likewise.
* src/Makefile.am (virtlockd.service, virtlockd.socket):
Likewise.
2013-01-07 08:56:36 -07:00
Eric Blake
462a69621e build: use common .in replacement mechanism
We had several different styles of .in conversion in our Makefiles:
ALLCAPS, @ALLCAPS@, @lower@, ::lower::
Canonicalize on one form, to make it easier to copy and paste
between .in files.

Also, we were using some non-portable sed constructs: \@ is an
undefined escape sequence (it happens to be @ itself in GNU sed,
but POSIX allows it to mean something else), as well as risky
behavior (failure to consistently quote things means a space
in $(sysconfdir) could throw things off; also, Autoconf recommends
using | rather than , or ! in the s||| operator, because | has to
be quoted in shell and is therefore less likely to appear in file
names than , or !).

Fix all of these uses to follow the same syntax.

* daemon/libvirtd.8.in: Switch to @var@.
* tools/virt-xml-validate.in: Likewise.
* tools/virt-pki-validate.in: Likewise.
* src/locking/virtlockd.init.in: Likewise.
* daemon/Makefile.am: Prefer | over ! in sed.
(libvirtd.8): Prefer consistent substitution.
(libvirtd.init, libvirtd.service): Avoid non-portable sed.
* tools/Makefile.am (libvirt-guests.sh, libvirt-guests.init)
(libvirt-guests.service): Likewise.
(virt-xml-validate, virt-pki-validate, virt-sanlock-cleanup):
Prefer consistent capitalization.
* src/Makefile.am (virtlockd.init, virtlockd.service)
(virtlockd.socket): Prefer consistent substitution.
2013-01-07 08:56:36 -07:00
Daniel P. Berrange
f24404a324 Rename virterror.c virterror_internal.h to virerror.{c,h} 2012-12-21 11:19:50 +00:00
Daniel P. Berrange
e861b31275 Rename uuid.{c,h} to viruuid.{c,h} 2012-12-21 11:19:49 +00:00
Daniel P. Berrange
44f6ae27fe Rename util.{c,h} to virutil.{c,h} 2012-12-21 11:19:49 +00:00
Daniel P. Berrange
404174cad3 Rename threads.{c,h} to virthread.{c,h} 2012-12-21 11:19:49 +00:00
Daniel P. Berrange
ab9b7ec2f6 Rename memory.{c,h} to viralloc.{c,h} 2012-12-21 11:17:14 +00:00
Daniel P. Berrange
936d95d347 Rename logging.{c,h} to virlog.{c,h} 2012-12-21 11:17:14 +00:00
Daniel P. Berrange
30f3a005ff Rename hooks.{c,h} to virhook.{c,h} 2012-12-21 11:17:13 +00:00
Daniel P. Berrange
0f8454101d Rename conf.{c,h} to virconf.{c,h} 2012-12-21 11:17:13 +00:00
Daniel P. Berrange
04d9510f50 Rename command.{c,h} to vircommand.{c,h} 2012-12-21 11:17:13 +00:00
Cole Robinson
96a108c993 daemon: Preface polkit error output with 'polkit:'
There's been a few bugs about an expected error from polkit:

https://bugzilla.redhat.com/show_bug.cgi?id=873799
https://bugzilla.redhat.com/show_bug.cgi?id=872166

The error is:

Authorization requires authentication but no agent is available.

The error means that polkit needs a password, but there is no polkit
agent registered in your session. Polkit agents are the bit of UI that
pop up and actually ask for your password.

Preface the error with the string 'polkit:' so folks can hopefully
make more sense of it.
2012-12-17 13:37:53 -05:00
Guido Günther
6856b93710 Inhibit daemon shutdown during driver initialization
As of 1a50ba2cb0 qemu capabilities probing
takes longer since we timeout waiting for the monitor socket. When
probing qemu for different architectures this can add up so the daemon
auto shutdown timeout is reached and the client doesn't have a chance
to connect. To avoid that inhibit daemon shutdown during driver
initialization (which includes capabilities probing).

This fixes

	http://honk.sigxcpu.org:8001/job/libvirt-tck-debian-wheezy-qemu-session/227/
2012-12-06 20:27:09 +01:00
Eric Blake
c748037f2a systemd: require dbus service
https://bugzilla.redhat.com/show_bug.cgi?id=830201

The initscript and upstart services depend on dbus starting
before libvirtd.  When we first wrote the systemd script, we
tried to do the same, but we depended on dbus.target (which
does not exist) in comparison to network.target (which does
exist), so we removed that in commit 4c7973e.  But we still
need dbus up and running first, especially now that we want
to support shutdown inhibition via dbus (whereas we originally
needed dbus only for firewall control).

http://www.freedesktop.org/software/systemd/man/systemd.target.html
explains how a target (such as network.target) is just a collection
of common services bundled together, and why we want network.target
but dbus.service.

* daemon/libvirtd.service.in (Unit): Depend on dbus starting
first.
2012-12-05 16:13:07 +08:00