Commit Graph

10701 Commits

Author SHA1 Message Date
Kyle Mestery
7b9d55e629 Fix adding ports to OVS bridges without VLAN tags
The introduction of the new VLAN code, along with the fix
from 5e465df6be, caused the
addition of OVS ports to fail with the following message:

ovs-vsctl: 00002|vsctl|ERR|: missing column name

This fix takes into account the VLAN arguments are optional,
and correctly sets up the command line to run the "ovs-vsctl"
command to add ports to the OVS bridge.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
CC: Eric Blake <eblake@redhat.com>
2012-08-31 10:57:00 +08:00
Jim Fehlig
f781e27653 Fix xen driver following changes to make it stateful
Recent work to improve support for loadable driver modules introduced
a regression in the xen driver.  The legacy xen driver is now a
stateful, libvirtd driver but was not being registered when building
without driver modules.

A slight behavior change was also noted in the xen drivers when
built as driver modules.  Previously, explicitly specifying a
connection URI was not necessary, but now

Compiled against library: libvirt 0.10.0
Using library: libvirt 0.10.0
Using API: QEMU 0.10.0
error: failed to get the hypervisor version
error: internal error Cannot find suitable emulator for x86_64

The xen drivers need to be registered before the qemu driver since
the qemu driver will return success with a null connection URI.
This ordering is safe since the xen drivers will decline when not
running the xen kernel.
2012-08-31 10:28:55 +08:00
Nishank Trivedi
3044433f29 Fix issue of PF brought down if VF is 8021.Qbh and pci passthrough
If a 8021.Qbh network device supports SRIOV and its VF is being used
in pci passthrough mode, when the guest is shutdown or destroyed, the
PF inteface is also brought down. qemuDomainHostdevNetConfigRestore()
finds out the PF for provided hostdev (which is VF) and passes it to
virNetDevPortProfileDisassociate() as linkdev. Later, linkdev gets passed
to virNetDevSetOnline() where the interface is brought down by clearing
IFF_UP flag.

Bringing down a PF, when only VF is being brought down is not expected
behavior. This patch adds a check so that virNetDevSetOnline() is called
only for PF and not if device is a VF.

Signed-off-by: Nishank Trivedi <nistrive@cisco.com>
2012-08-30 15:27:27 -04:00
Stefan Berger
9e995c9a23 nwfilter: loop generated too many rules
The loop processing the trusted DHCP server generated one too
many rules and added one final rules that accepted responses
from all DHCP servers. Below patch fixes this.
2012-08-30 13:51:27 -04:00
Peter Krempa
1497e36db9 security: Re-apply commit ce53382ba2
Recent changes in the security driver discarded changes that fixed
labeling un-confined guests.
2012-08-30 16:45:38 +02:00
Peter Krempa
077e7bf51f vcpupin: Fix returning of arrays from virDomainVcpuPinAdd
virDomainVcpuPinAdd does a realloc on vcpupin_list if the new vcpu pin
definition doesn't fit into the array. The list is an array of pointers
but the function definition didn't support returning the changed pointer
to the caller if it was realloced. This caused segfaults if realloc
would change the base pointer.
2012-08-30 16:45:38 +02:00
Peter Krempa
40dfb52517 qemu: Fix possible infinite loop and segfault on error path.
virDomainVcpuPinDefCopy when the control flow reaches out of memory
cleanup code, the flow would end in a infinite loop as the loop variable
wasn't decremented.

Also a dereference of NULL pointers was possible if allocation of the
Vcpu pinning definiton structure failed.
2012-08-30 16:45:38 +02:00
Peter Krempa
46514ff752 qemu: Clean up security driver initialisation and config file
Commit d0c0e79ac6 left behind some dead
code (hasDAC can't be efectively set to true, because
virSecurityManagerNew fails to load the "dac" driver).

This patch also enhances the condition for adding the default
auto-detected security manager if the manager array is allocated but
empty.

Also the configuration file for qemu driver still contains reference to
the DAC driver that can't be enabled manualy.
2012-08-30 16:45:38 +02:00
Jiri Denemark
7444ccce4c qemu: Revert to blocking behavior of qemuAgentCommand
Before commit 05447e3af4, qemuAgentCommand
blocked until it got a reply or appropriate event. When new parameter
was added to qemuAgentCommand in the above commit, all existing callers
of it were updated in a wrong way changing them from blocking to
5-seconds timeout.
2012-08-30 16:27:00 +02:00
Jiri Denemark
e360a96067 qemu: Remove redundant parameter from qemuAgentSend
The @timeout parameter of qemuAgentSend is both redundant and confusing.
This patch should not result in any functional changes.
2012-08-30 16:26:59 +02:00
Laine Stump
b3bd5d6c5a network: get vlan info for Open vSwitch interfaces from proper source
This bug was revealed by the crash described in

  https://bugzilla.redhat.com/show_bug.cgi?id=852383

The vlan info pointer sent to virNetDevOpenvswitchAddPort should never
be non-NULL unless there is at least one tag. The factthat such a vlan
info pointer was receveid pointed out that a caller was passing the
wrong pointer. Instead of sending &net->vlan, the result of
virDomainNetGetActualVlan(net) should be sent - that function will
look for vlan info in net->data.network.actual->vlan, and in cany case
return NULL instead of a pointer if the vlan info it finds has no
tags.

Aside from causing the crash, sending a hardcoded &net->vlan has the
effect of ignoring vlan info from a <network> or <portgroup> config.
2012-08-30 18:05:18 +08:00
Daniel Veillard
3219cc3292 Small cleanup on previous patch
As pointed by Eric Blake
2012-08-30 15:18:02 +08:00
Kyle Mestery
5e465df6be Fix a crash when using Open vSwitch virtual ports
Fixup buffer usage when handling VLANs. Also fix the logic
used to determine if the virNetDevVlanPtr is valid or not.
Fixes crashes in the latest code when using Open vSwitch
virtualports.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
2012-08-30 13:48:52 +08:00
Osier Yang
20b780aec9 qemu: Sort the numa params only when it affects the live config
As the next boot doesn't have to worry about the previous numa
params setting (there is no).
2012-08-30 12:29:56 +08:00
Daniel P. Berrange
d0c0e79ac6 Fix configuration of QEMU security drivers
If no 'security_driver' config option was set, then the code
just loaded the 'dac' security driver. This is a regression
on previous behaviour, where we would probe for a possible
security driver. ie default to SELinux if available.

This changes things so that it 'security_driver' is not set,
we once again do probing. For simplicity we also always
create the stack driver, even if there is only one driver
active.

The desired semantics are:

 - security_driver not set
     -> probe for selinux/apparmour/nop
     -> auto-add DAC driver
 - security_driver set to a string
     -> add that one driver
     -> auto-add DAC driver
 - security_driver set to a list
     -> add all drivers in list
     -> auto-add DAC driver

It is not allowed, or possible to specify 'dac' in the
security_driver config param, since that is always
enabled.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-30 11:36:28 +08:00
Peter Krempa
eb8e9b6027 qemu: Refactor initialisation of security drivers.
The security driver loading code in qemu has a flaw that causes it to
register the DAC security driver twice. This causes problems (machines
unable to start) as the two DAC drivers clash together.

This patch refactors the code to allow loading the DAC driver even if
its specified in configuration (it can't be registered as a common
security driver), and does not add the driver twice.
2012-08-29 16:18:41 +02:00
Peter Krempa
ba150e5504 Revert "security: Add DAC to security_drivers"
This reverts commit 9f9b7b85c9.

The DAC security driver needs special handling and extra parameters and
can't just be added to regular security drivers.
2012-08-29 16:18:41 +02:00
Jiri Denemark
0c7cca36e7 qemu: Fix starting domains with no cpu cgroup
If cgroups are enabled in general but cpu cgroup is disabled in
qemu.conf or not mounted at all, libvirt would refuse to start any
domain even though scheduler parameters are not set in domain XML.

This patch makes cpu cgroup mandatory only for domains that actually
want to use it.
2012-08-29 16:13:38 +02:00
Alex Jia
95c61007e7 security: remove dead code from virSecurityDACGenLabel
* src/security/security_dac.c: remove useless dead code.

Signed-off-by: Alex Jia <ajia@redhat.com>
2012-08-29 18:25:57 +08:00
Daniel Veillard
6540efa40d Release of libvirt-0.10.0
* configure.ac docs/news.html.in libvirt.spec.in: updates for the release
* po/*.po*: update localizations for zh_CN, uk, ja, pt_BR, as, sp, mr, zh_TW
2012-08-29 12:00:36 +08:00
Peter Krempa
f33dfffc41 nwfilter: Don't try to acquire DBus context when DBus is disabled
To silence error if DBus support is not compiled in.
2012-08-29 12:00:23 +08:00
Guido Günther
2a41bc95b5 Don't require gawk for a simple print expression
Fedora uses gawk as awk so there's no change and in behavior while
Debian/Ubuntu use mawk by default.

This was reported by Luca Capello in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636712
2012-08-29 12:00:03 +08:00
Alex Jia
83b85e3e8f util: Prevent libvirtd crash from virNetDevOpenvswitchAddPort()
* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort): avoid libvirtd
crash due to derefing a NULL virtVlan->tag.

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=852383

Signed-off-by: Alex Jia <ajia@redhat.com>
2012-08-29 11:04:42 +08:00
Osier Yang
6fd1708fad qemu: Set placement when setting numa parameters
To keep the internal data structure consistent.
2012-08-29 09:45:28 +08:00
Daniel Veillard
d3bbe33880 Portability fixes for non-linux or old linux platforms
The commits d575679401 and
080bf330e3 made use directly of
macro defined in recent linux netlink version. Make those
part conditional on the definition

* daemon/libvirtd.c: do not use NETLINK_ROUTE and NETLINK_KOBJECT_UEVENT
  without some check first
2012-08-29 09:21:38 +08:00
Peter Krempa
f2f0af3960 security_dac: Don't return uninitialised uid and gid for image labels
As in the previous commit, images are also chowned to uninitialised
uid and gid if the label is not present.
2012-08-29 01:31:30 +02:00
Peter Krempa
3c2f5e3ede security_dac: Don't return uninitialised value when parsing seclabels
When starting a machine the DAC security driver tries to set the UID and
GID of the newly spawned process. This worked as desired if the desired
label was set. When the label was missing a logical bug in
virSecurityDACGenLabel() caused that uninitialised values were used as
uid and gid for the new process.

With this patch, default values (from qemu driver configuration)
are used if the label is not found.
2012-08-28 18:41:41 +02:00
Peter Krempa
f2b241e6a7 security_dac: Avoid segfault when no label is requested
When no DAC "label" was requested for a domain the DAC manager tried to
strdup a NULL string causing a segfault.
2012-08-28 18:40:36 +02:00
Peter Krempa
f2bb32b1d2 util: Fix error message when getpwuid_r fails to find the user
getpwuid_r returns success but sets the return structure to NULL when it
fails to deliver data about the requested uid. In our helper code this
created following strange error messages:

" ... cannot getpwuid_r(1234): Success"

This patch creates a more helpful message:
" ... getpwuid_r failed to retrieve data for uid '1234'"
2012-08-28 18:36:57 +02:00
Osier Yang
a22909d5c2 conf: Fix the problem which cause libvirtd to crash
* src/conf/domain_conf.c: Use STREQ_NULLABLE instead of STREQ,
as def->seclables[i]->model could be NULL.
2012-08-28 23:54:17 +08:00
Michal Privoznik
500c246889 build: define 'inline' iff HAVE_LIBNL1
Previous commit 0b4b53bb80 defined 'inline' to prevent broken build on
systems with libnl1 headers. However, it broke build on systems with
libnl3 headers. Therefore we must make that fix conditional.
2012-08-28 12:09:43 +02:00
Martin Kletzander
3de747c9a2 docs: CPU allocation and pinning clarification
There was a request for clarifying this part of the
documentation. This also fixes a case used with CPU.
2012-08-28 11:44:26 +02:00
Eric Blake
0b4b53bb80 build: work with older libnl1 headers
Ubuntu 10.04 shipped with out-of-the-box libnl1 headers, which
assumed the old gcc semantics of 'extern inline' as a C89 extension:
the function will _always_ be inline if it is used, and that
it may be declared extern inline in headers without a definition,
as long as the definition occurs before any use.  But when C99
added 'extern inline' as a mandatory feature of the language, with
slightly different semantics than gcc (the function MUST have
external linkage, and the inline definition MUST be present
alongside any declaration, where the compiler can then choose
which of the two versions to use), this rendered the use of
'inline' in libnl's header obsolete.  Most distros already solved
this by removing 'inline' (the resulting 'extern' is correct,
regardless of gcc semantics), and libnl-3 does not have the
problem (where it has switched to 'static inline' instead, again
with the definition present, and again, our hack will result in
plain 'static' with no ill effects).  But for the case of building
out of the box, we hack around the broken Ubuntu header.

* src/util/virnetlink.h: Work around libnl issue.
2012-08-27 15:08:25 -06:00
Michal Privoznik
9eee40cc54 qemu: Fix define logic
With current flow in qemudDomainDefine we might lose data
when updating an existing domain. We parse given XML and
overwrite the configuration.  Then we try to save the new
config. However, this step may fail and we don't perform any
roll back.  In fact, we remove the domain from the list of
domains held up by qemu driver. This is okay as long as the
domain was brand new one.
2012-08-27 19:01:09 +02:00
Michal Privoznik
3e0cc6306a qemu_agent: Switch to virReportSystemError() on system error
Currently, if a syscall in qemu_agent.c fails we report an internal
error even though we should be reporting a system error.
2012-08-27 18:00:10 +02:00
Michal Privoznik
aa3e8bd4ca Introduce new VIR_ERR_AGENT_UNRESPONSIVE error code
Currently, when guest agent is configured but not responsive
(e.g. due to appropriate service not running in the guest)
we return VIR_ERR_INTERNAL_ERROR. Both are wrong. Therefore
we need to introduce new error code to reflect this case.
2012-08-27 18:00:10 +02:00
Ján Tomko
1fe6d219cb conf: prevent NULL pointer access in virSecurityLabelDefsParseXML
When checking for seclabels without security models, def->nseclabels is
already set to n. In the case of an error def->seclabels is freed but
nseclabels is left untouched. This leads to a segmentation fault when
def is freed in virDomainDefParseXML.
2012-08-27 15:02:24 +02:00
Michal Privoznik
661d7fb4fc qemu: Switch to unified func name
With the latest patches libvirt supports qemu agent monitor
passthrough. However, function in qemu driver is called
qemuDrvDomainAgentCommand. s/Drv// as used in all other names.
2012-08-27 11:44:03 +02:00
Guannan Ren
2b8624dd33 rpc: fix segmentation fault caused by null client-sock
The client-sock could have been set to NULL by eventloop thread
after async event fired.
2012-08-27 16:59:25 +08:00
Martin Kletzander
340196c46f qemu: fix regression with spice tls port allocation
In my quest for reusing variables I failed to edit one variable when
fixing details between two patch versions. That results in a failure
to start qemu with autoport and spice tls, because qemu is trying to
bind two sockets to the same port.
2012-08-27 10:20:53 +02:00
Martin Kletzander
16ebec2b7c qemu: fix regression with pinning
Commit 4b03d59167 changed the pinning
behavior in a way that makes some machines non-startable.

The comment mentioning that we cannot control each vcpu when there is
not VCPU<-> PID mapping available is true, however, this isn't
necessarily an error, because this can be caused by old QEMU without
support for "query-cpus" command as well as a software emulated
machines that don't create more than one process.
2012-08-27 10:20:42 +02:00
Alex Jia
34c5ab9566 virsh: fix missing return value
Although virsh command raises a correct error information, the command status
returns 0(true), this patch is used for fixing this issue.

Signed-off-by: Alex Jia <ajia@redhat.com>
2012-08-27 14:35:38 +08:00
Laine Stump
e9aaf806f1 specfile: require libnl3 for Fedora >= 18 and RHEL >= 7
Everything is ready in both netcf and libvirt to switch over to libnl3
in future releases of both Fedora and RHEL. This needs to be done more
or less simultaneously in both packages, though, because you can't mix
libnl1.1 and libnl3 in the same process (e.g. libvirtd using
libnl-3.so and libnetcf.so, while libnetcf.so uses libnl.so)

This patch does two things when fedora >= 18 || rhel >= 7):

  1) requires libnl3-devel
  2) requires netcf-devel-0.2.2 or greater

(the idea is that a similar patch is going into netcf's specfile, so
that when a build of netcf is done on F18 or later (or RHEL7 or later)
netcf will be guaranteed to be built with libnl3 rather than
libnl-1.1)
2012-08-27 10:18:25 +08:00
Laine Stump
9cb9cbee96 build: add LIBNL_CFLAGS to build of libvirt_lxc
When libvirt_lxc is built, it uses the utility library and #includes
virnetdev.h, which #includes virnetlink.h, which includes
<netlink/msg.h>.

Normally, the netlink include directory would be just off
/usr/include, so that wouldn't create a problem, but on Fedora and
RHEL systems using libnl3, the libnl includes have been moved into
/usr/include/libnl3 (to allow concurrent installation of libnl-1.1).

All other binaries that need it have added $(LIBNL_CFLAGS) to their
CFLAGS, but not libvirt_lxc, so it fails to build on Fedora and RHEL
that have only libnl3-devel installed. This was previously unnoticed
because everyone was building with libnl headers in
/usr/include/netlink (even on systems with the headers in
/usr/include/libnl3/netlink, many people (like me) usually also have
the libnl1.1 headers in /usr/include/netlink).

This patch adds the necessary CFLAGS for libvirt_lxc.

Note that we don't need to add $(LIBNL_LIBS) to the LDADD for this
binary, because it never directly calls libnl functions, but only
calls them indirectly through the util library, which it's already
linking against.
2012-08-25 14:47:04 -04:00
Eric Blake
1385c9cd74 snapshot: rename an enum
The name 'virDomainDiskSnapshot' didn't fit in with our normal
conventions of using a prefix hinting that it is related to a
virDomainSnapshotPtr.  Also, a future patch will reuse the
enum for declaring where the VM memory is stored.

* src/conf/snapshot_conf.h (virDomainDiskSnapshot): Rename...
(virDomainSnapshotLocation): ...to this.
(_virDomainSnapshotDiskDef): Update clients.
* src/conf/domain_conf.h (_virDomainDiskDef): Likewise.
* src/libvirt_private.syms (domain_conf.h): Likewise.
* src/conf/domain_conf.c (virDomainDiskDefParseXML)
(virDomainDiskDefFormat): Likewise.
* src/conf/snapshot_conf.c: (virDomainSnapshotDiskDefParseXML)
(virDomainSnapshotAlignDisks, virDomainSnapshotDefFormat):
Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
(qemuDomainSnapshotCreateSingleDiskActive)
(qemuDomainSnapshotCreateDiskActive, qemuDomainSnapshotCreateXML):
Likewise.
2012-08-24 09:51:08 -06:00
Eric Blake
6478ec1673 snapshot: split snapshot conf code into own file
This has several benefits:
1. Future snapshot-related code has a definite place to go (and I
_will_ be adding some)
2. Snapshot errors now use the VIR_FROM_DOMAIN_SNAPSHOT error
classification, which has been underutilized (previously only in
libvirt.c)

* src/conf/domain_conf.h, domain_conf.c: Split...
* src/conf/snapshot_conf.h, snapshot_conf.c: ...into new files.
* src/Makefile.am (DOMAIN_CONF_SOURCES): Build new files.
* po/POTFILES.in: Mark new file for translation.
* src/vbox/vbox_tmpl.c: Update caller.
* src/esx/esx_driver.c: Likewise.
* src/qemu/qemu_command.c: Likewise.
* src/qemu/qemu_domain.h: Likewise.
2012-08-24 09:51:08 -06:00
Eric Blake
3211deba3e snapshot: make virDomainSnapshotObjList opaque
We were failing to react to allocation failure when initializing
a snapshot object list.  Changing things to store a pointer
instead of a complete object adds one more possible point of
allocation failure, but at the same time, will make it easier to
react to failure now, as well as making it easier for a future
patch to split all virDomainSnapshotPtr handling into a separate
file, as I continue to add even more snapshot code.

Luckily, there was only one client outside of domain_conf.c that
was actually peeking inside the object, and a new wrapper function
was easy.

* src/conf/domain_conf.h (_virDomainObj): Use a pointer.
(virDomainSnapshotObjListInit): Rename.
(virDomainSnapshotObjListFree, virDomainSnapshotForEach): New
declarations.
(_virDomainSnapshotObjList): Move definitions...
* src/conf/domain_conf.c: ...here.
(virDomainSnapshotObjListInit, virDomainSnapshotObjListDeinit):
Rename...
(virDomainSnapshotObjListNew, virDomainSnapshotObjListFree): ...to
these.
(virDomainSnapshotForEach): New function.
(virDomainObjDispose, virDomainListPopulate): Adjust callers.
* src/qemu/qemu_domain.c (qemuDomainSnapshotDiscard)
(qemuDomainSnapshotDiscardAllMetadata): Likewise.
* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad)
(qemuDomainUndefineFlags, qemuDomainSnapshotCreateXML)
(qemuDomainSnapshotListNames, qemuDomainSnapshotNum)
(qemuDomainListAllSnapshots)
(qemuDomainSnapshotListChildrenNames)
(qemuDomainSnapshotNumChildren)
(qemuDomainSnapshotListAllChildren)
(qemuDomainSnapshotLookupByName, qemuDomainSnapshotGetParent)
(qemuDomainSnapshotGetXMLDesc, qemuDomainSnapshotIsCurrent)
(qemuDomainSnapshotHasMetadata, qemuDomainRevertToSnapshot)
(qemuDomainSnapshotDelete): Likewise.
* src/libvirt_private.syms (domain_conf.h): Export new function.
2012-08-24 09:51:08 -06:00
Philipp Hahn
fbe7a88373 xen-xs: fix uuid of renamed domain
When the XenStore tdb lives persistently and is not cleared between host
reboots, Xend (version 3.4 and 4.1) re-creates the domain information
located in XenStore below /vm/$UUID. (According to the xen-3.2-commit
hg265950e3df69 to fix a problem when locally migrating a domain to the
host itself.)

When doing so a version number is added to the UUID separated by one
dash, which confuses xenStoreDomainIntroduced(): It iterates over all
domains and tries to lookup all inactive domains using
xenStoreDomainGetUUID(), which fails if the running domain is renamed:
virUUIDParse() fails to parse the versioned UUID and the domain is
flagged as missing. When this happens the function delays .2s and
re-tries 20 times again, multiplied by the number of renamed VMs.
  14:48:38.878: 4285: debug : xenStoreDomainIntroduced:1354 : Some domains were missing, trying again

This adds a significant delay:
  # time virsh list >/dev/null
  real    0m6.529s
  # xenstore-list /vm
  00000000-0000-0000-0000-000000000000
  00000000-0000-0000-0000-000000000000-1
  00000000-0000-0000-0000-000000000000-2
  00000000-0000-0000-0000-000000000000-3
  00000000-0000-0000-0000-000000000000-4
  00000000-0000-0000-0000-000000000000-5
  7c06121e-90c3-93d4-0126-50481d485cca
  00000000-0000-0000-0000-000000000000-6
  00000000-0000-0000-0000-000000000000-7
  144ad19d-dfb4-2f80-8045-09196bb8784f
  00000000-0000-0000-0000-000000000000-8
  144ad19d-dfb4-2f80-8045-09196bb8784f-1
  00000000-0000-0000-0000-000000000000-9
  00000000-0000-0000-0000-000000000000-10
  00000000-0000-0000-0000-000000000000-11
  00000000-0000-0000-0000-000000000000-12
  00000000-0000-0000-0000-000000000000-13
  00000000-0000-0000-0000-000000000000-14
  144ad19d-dfb4-2f80-8045-09196bb8784f-2
  00000000-0000-0000-0000-000000000000-15
  144ad19d-dfb4-2f80-8045-09196bb8784f-3
  00000000-0000-0000-0000-000000000000-16

The patch adds truncation of the UUID as read from the XenStore path
before passing it to virUUIDParse().

The same issue is reported at
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666135>

Signed-off-by: Philipp Hahn <hahn@univention.de>
2012-08-24 09:46:19 -06:00
Michal Privoznik
0ee655f5f5 conf: Don't always require security/@model
Only parse model, if static labelling, or
a base label is set, or doing active XML.
2012-08-24 17:19:25 +02:00
Michal Privoznik
9f9b7b85c9 security: Add DAC to security_drivers
Currently, if users set 'security_driver="dac"' in qemu.conf libvirtd
fails to initialize as DAC driver is not found because it is missing
in our security drivers array.
2012-08-24 17:19:25 +02:00