Commit Graph

517 Commits

Author SHA1 Message Date
Daniel P. Berrange
a7a1244a73 Remove python binding
The python binding now lives in

  http://libvirt.org/git/?p=libvirt-python.git

that repo also provides an RPM which is upgrade compatible
with the old libvirt-python sub-RPM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-25 16:08:00 +00:00
Daniel Veillard
a4a7c7e9c4 Release of libvirt-1.1.4
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: update localizations from transifex and regenerate
2013-11-04 12:30:41 +08:00
Doug Goldstein
915c69365b MacOS: Re-add support for QEMU backend
The QEMU backend was disabled on Mac OS X without a reason in the code
and due to refactors its difficult to understand when/why it was
disabled. With QEMU being supported on Mac OS X there is no reason to
disable QEMU on this platform.
2013-10-29 23:35:06 -05:00
Daniel P. Berrange
3e2f27e13b Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Eric Blake
d6eac3f377 build: move readline check into its own macro
A future patch will allow disabling readline; doing this in an
isolated file instead of configure.ac will make the task easier.

* configure.ac: Move readline code...
* m4/virt-readline.m4: ...here.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-07 08:35:57 -06:00
Eric Blake
3fde7ad894 build: kill maintainer mode, always rebuild by default
The automake manual recommends against the use of disabling
maintainer mode by default:

https://www.gnu.org/software/automake/manual/automake.html#maintainer_002dmode

because when it is disabled, the user gets no indication if they
touch a file that would normally require a rebuild.  Automake
1.11 changed things so that AM_MAINTAINER_MODE([enable]) will set
the mode to enabled by default; but RHEL 5 still uses automake 1.9,
where AM_MAINTAINER_MODE did not recognize an argument, and
therefore disables maintainer mode by default.  Having the default
be different according to which version of automake built the
project is annoying, and I _have_ been bitten on RHEL 5 rebuilds
where the default disabled mode led to silently incorrect builds.

The automake manual admits that being able to disable maintainer
mode still makes sense for projects that still store generated
files from the autotools in version control; but we have dropped
that for several years now.  As such, it's finally time to just
ditch the whole idea of maintainer mode, and unconditionally
rebuild autotools files if a dependency changes, without offering
a configure option to disable that mode.

* configure.ac (AM_MAINTAINER_MODE): Drop.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-07 08:28:25 -06:00
Eric Blake
bdc55cc7d2 build: fix build --without-remote
I tried to test ./configure --without-lxc --without-remote.
First, the build failed with some odd errors, such as an
inability to build xen, or link failures for virNetTLSInit.
But when you think about it, once there is no remote code,
all of libvirtd is useless, any stateful driver that depends
on libvirtd is also not worth compiling, and any libraries
used only by RPC code are not needed.  So I patched
configure.ac to make for some saner defaults when an
explicit disable is attempted.  Similarly, since we have
migrated virnetdevbridge into generic code, the workaround
for Linux kernel stupidity must not depend on stateful
drivers being in use.

Then there's 'make check' that needs segregation.

Wow - quite a bit of cleanup to make --without-remote useful :)

* configure.ac: Let --without-remote toggle defaults on stateful
drivers and other libraries.  Pick up Linux kernel workarounds
even when qemu and lxc are not being compiled.
* tests/Makefile.am (test_programs): Factor out programs that
require remote.
* src/libvirt_private.syms (rpc/virnet*.h): Move...
* src/libvirt_remote.syms: ...into new file.
* src/Makefile.am (SYM_FILES): Ship new syms file.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-04 17:01:47 -06:00
Oskari Saarenmaa
532fef369f storage: fix file allocation behavior in file cloning
Fixed the safezero call for allocating the rest of the file after cloning
an existing volume; it used to always use a zero offset, causing it to
only allocate the beginning of the file.

Also modified file creation to try to use fallocate(2) to pre-allocate
disk space before copying any data to make sure it fails early on if disk
is full and makes sure we can skip zero blocks when copying file contents.

If fallocate isn't available we will zero out the rest of the file after
cloning and only use sparse cloning if client requested a lower allocation
than the input volume's capacity.

Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
2013-10-04 16:18:44 +02:00
Daniel Veillard
a72940f954 Release of libvirt-1.1.3
- configure.ac docs/news.html.in libvirt.spec.in: update for release
- po/*.po*: updated localization and regenerated
2013-10-01 15:04:14 +08:00
Daniel P. Berrange
922b7fda77 Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.

To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.

This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'

Signed-off-by: Colin Walters <walters@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-18 15:13:42 +01:00
Eric Blake
0e1f012c1d build: hoist system-specific checks before library checks
Commit f92c7e3 fixed a regression for native builds, but introduced
a regression for cross-compilation builds; in particular,
./autobuild.sh on a Fedora system with mingw cross-compiler fails
with:

checking for qemu-kvm... /usr/bin/qemu-kvm
checking for yajl_parse_complete in -lyajl... no
checking for yajl_tree_parse in -lyajl... no
configure: error: You must install the libyajl library & headers to compile libvirt

Since we default $with_qemu to 'yes' rather than 'check', and then
flip that default based on platform-specific checks, those platform
specifics need to come prior to any library checks that depend on
the value of $with_qemu.

* configure.ac: Ensure system defaults are sane before checking
for things that make decisions based on system default.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-17 10:25:42 -06:00
Eric Blake
e62e0094dc build: fix build with latest rawhide kernel headers
Bother those kernel developers.  In the latest rawhide, kernel
and glibc have now been unified so that <netinet/in.h> and
<linux/in6.h> no longer clash; but <linux/if_bridge.h> is still
not self-contained.  Because of the latest header change, the
build is failing with:

checking for linux/param.h... no
configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support

with details:

In file included from conftest.c:561:0:
/usr/include/linux/in6.h:71:18: error: field 'flr_dst' has incomplete type
  struct in6_addr flr_dst;

We need a workaround to avoid our workaround :)

* configure.ac (NETINET_LINUX_WORKAROUND): New test.
* src/util/virnetdevbridge.c (includes): Use it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-16 09:24:12 -06:00
Eric Blake
cf83adfb7d build: require libnl-3 if netcf uses it
Commits 9298bfb and f6c2951 both tried to make it possible to
select the correct libnl (1 vs. 3) according to what netcf
used, when both libraries are installed.  This works to avoid
libnl-3 when netcf used libnl-1.  But on the converse side, if
only libnl-1 development code is installed, while netcf uses
libnl-3, then configure happily uses libnl-1 anyways, leading
to a test failure:

$ VIR_TEST_DEBUG=1 ./virdrivermoduletest
TEST: virdrivermoduletest
 1) Test driver "network"                                             ... OK
 2) Test driver "storage"                                             ... OK
 3) Test driver "nodedev"                                             ... OK
 4) Test driver "secret"                                              ... OK
 5) Test driver "nwfilter"                                            ... OK
 6) Test driver "interface"
... lt-virdrivermoduletest: route/tc.c:973: rtnl_tc_register: Assertion
`0' failed.
Aborted

It's much nicer to prevent this at configure time, by requiring that
if we know what netcf used, then we want the same libnl version.  As
before, this can be bypassed by someone who knows what they are doing
by setting LIBNL_CFLAGS (perhaps useful to the rare person where the
build box has a different version of netcf than the installation box).

* configure.ac (LIBNL): If we can prove netcf used libnl-3, then
don't let configure succeed with libnl-1.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-11 14:10:33 -06:00
Eric Blake
f92c7e31fc build: fix regression in requiring yajl for new enough qemu
Jonathan Lebon reported an issue to me off-list about his build
failing to use qemu because he failed to install yajl-devel.  But
I recalled specifically tweaking configure.ac to die in that
situation (commits 350583c, ba9c38b).  After a bit more
head-scratching, we found the cause of the regression: commit
654c709 rearranged things so that the qemu version check now
occurs before AC_ARG_WITH has had a chance to set either
$with_qemu or $with_yajl.

Coincidentally, this fix aligns with a documentation patch that
was just posted to the autoconf mailing list :)
http://thread.gmane.org/gmane.comp.sysutils.autoconf.patches/8324

* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_LIB_ALT)
(LIBVIRT_CHECK_PKG): Populate defaults earlier.
* configure.ac (AC_ARG_WITH): Likewise for drivers.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-10 12:03:19 -06:00
Eric Blake
ff77742104 build: avoid obsolete AC_HELP_STRING
Autoconf states that AC_HELP_STRING is obsolete, and that new
programs should use AS_HELP_STRING.  We also had instances of
not properly quoting the macro usage, and not relying on autoconf's
word-wrapping abilities to avoid long lines.  I validated that this
commit has no impact to the generated configure file.

* configure.ac (AC_ARG_WITH, AC_ARG_ENABLE): Autoconf recommends
the use of AS_HELP_STRING.  Also, use proper quoting and wrap long
lines.
* m4/virt-apparmor.m4 (LIBVIRT_CHECK_APPARMOR): Likewise.
* m4/virt-selinux.m4 (LIBVIRT_CHECK_SELINUX): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-09 13:27:49 -06:00
Eric Blake
7f626e478d build: use automake subdir-objects
Automake 2.0 will enable subdir-objects by default; in preparation
for that change, automake 1.14 outputs LOADS of warnings:

daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
automake-1.14: warning: possible forward-incompatibility.
automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
automake-1.14: automake option hasn't been enabled.  For now, the corresponding output
automake-1.14: object file(s) will be placed in the top-level directory.  However,
automake-1.14: this behaviour will change in future Automake versions: they will
automake-1.14: unconditionally cause object files to be placed in the same subdirectory
automake-1.14: of the corresponding sources.
automake-1.14: You are advised to start using 'subdir-objects' option throughout your
automake-1.14: project, to avoid future incompatibilities.
daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
...

As automake 1.9 also supported this option, and the previous patches
fixed up the code base to work with it, it is safe to now turn it on
unconditionally.

* configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
* .gitignore: Ignore .dirstamp directories.
* src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
new subdir-object location of .lo files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-09 12:04:03 -06:00
Eric Blake
1ac24b3bac build: shut up automake warnings
I'm tired of seeing screenfuls of messages like these when using
automake 1.13 (Fedora 19):

configure.ac:2121: warning: The 'AM_PROG_MKDIR_P' macro is deprecated, and its use is discouraged.
configure.ac:2121: You should use the Autoconf-provided 'AC_PROG_MKDIR_P' macro instead,
configure.ac:2121: and use '$(MKDIR_P)' instead of '$(mkdir_p)'in your Makefile.am files.
daemon/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')

seeing as how we MUST use those constructs for the benefit of
automake 1.9 (RHEL 5).  Conversely, RHEL 5 automake complained:

aclocal:configure.ac:36: warning: macro `AM_SILENT_RULES' not found in library

Obviously, I tested this patch on both Fedora 19 and RHEL 5.

* configure.ac (AM_INIT_AUTOMAKE): Avoid obsoletion warnings.
(AM_SILENT_RULES): Avoid unknown macro warning.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-05 06:50:55 -06:00
Ian Main
9ba230d4f2 Use loop-control to allocate loop device.
This patch changes virFileLoopDeviceOpen() to use the new loop-control
device to allocate a new loop device.  If this behavior is unsupported
we fall back to the previous method of searching /dev for a free device.

With this patch you can start as many image based LXC domains as you
like (well almost).

Fixes bug https://bugzilla.redhat.com/show_bug.cgi?id=995543
2013-09-05 12:31:08 +01:00
Daniel Veillard
85240daba2 Release of libvirt-1.1.2
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: merged new localizations and regenerated
2013-09-02 09:47:37 +08:00
Guido Günther
3e2799add2 Check for --no-copy-dt-needed linker flag
and use it when available
2013-08-22 16:17:36 +02:00
Roman Bogorodskiy
f083ff82ed bridge driver: implement networkEnableIpForwarding for BSD
Implement networkEnableIpForwarding() using BSD style sysctl.
2013-08-21 16:28:19 -06:00
Roman Bogorodskiy
3f0d2ee95b BSD: implement virNetDev(Set|Clear)IPv4Address
Provide an implementation of virNetDev(Set|Clear)IPv4Address based on
BSD ifconfig tool in addition to 'ip' from Linux iproute2 package.
2013-08-21 15:49:40 -06:00
Eric Blake
70363ea9ff build: add configure option to disable gnulib tests
The gnulib testsuite is relatively stable - the only times it is
likely to have a test change from pass to fail is on a gnulib
submodule update or a major system change (such as moving from
Fedora 18 to 19, or other large change to libc).  While it is an
important test for end users on arbitrary machines (to make sure
that the portability glue works for their machine), it mostly
wastes time for development testing (as most developers aren't
making any of the major changes that would cause gnulib tests
to alter behavior).  Thus, it pays to make the tests optional
at configure time, defaulting to off for development, on for
tarballs, with autobuilders requesting it to be on.  It also
helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
(much the way automake sets up V=[01] for overriding the configure
time default of how verbose to be).

Automake has some pretty hard-coded magic with regards to the
TESTS variable; I had quite a job figuring out how to keep
'make distcheck' passing regardless of the configure option
setting in use, while still disabling the tests at runtime
when I did not configure them on and did not use the override
variable.  Thankfully, we require GNU make, which lets me
hide some information from Automake's magic handling of TESTS.

* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
* configure.ac (--enable-expensive-tests): Add new enable switch.
(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
witnesses.
* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
configure settings and the VIR_TEST_EXPENSIVE variable.
* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
to all tests.
* autobuild.sh: Enable all tests during autobuilds.
* libvirt.spec.in (%configure): Likewise.
* mingw-libvirt.spec.in (%mingw_configure): Likewise.
* docs/hacking.html.in: Document the option.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 10:02:38 -06:00
Eric Blake
6094b1ff19 build: avoid -lgcrypt with newer gnutls
https://bugzilla.redhat.com/show_bug.cgi?id=951637

Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization.  Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).

There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html

If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.

* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 09:58:48 -06:00
Eric Blake
70024dc919 build: more workarounds for if_bridge.h
This is a second attempt at fixing the problem first attempted
in commit 2df8d99; basically undoing the fact that it was
reverted in commit 43cee32f, plus fixing two more issues: the
code in configure.ac has to EXACTLY match virnetdevbridge.c
with regards to declaring in6 types before using if_bridge.h,
and the fact that RHEL 5 has even more conflicts:

In file included from util/virnetdevbridge.c:49:
/usr/include/linux/in6.h:47: error: conflicting types for 'in6addr_any'
/usr/include/netinet/in.h:206: error: previous declaration of 'in6addr_any' was here
/usr/include/linux/in6.h:49: error: conflicting types for 'in6addr_loopback'
/usr/include/netinet/in.h:207: error: previous declaration of 'in6addr_loopback' was here

The rest of this commit message borrows from the original try
of 2df8d99:

A fresh checkout on a RHEL 6 machine with these packages:
kernel-headers-2.6.32-405.el6.x86_64
glibc-2.12-1.128.el6.x86_64
failed to configure with this message:
checking for linux/if_bridge.h... no
configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support

Digging in config.log, we see that the problem is identical to
what we fixed earlier in commit d12c2811:

configure:98831: checking for linux/if_bridge.h
configure:98853: gcc -std=gnu99 -c -g -O2  conftest.c >&5
In file included from /usr/include/linux/if_bridge.h:17,
                 from conftest.c:559:
/usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr'
/usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6'
/usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq'
configure:98860: $? = 1

I had not hit it earlier because I was using incremental builds,
where config.cache had shielded me from the kernel-headers breakage.

* configure.ac (if_bridge.h): Avoid conflicting type definitions.
* src/util/virnetdevbridge.c (includes): Also sanitize for RHEL 5.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-09 09:57:24 -06:00
Daniel P. Berrange
43cee32ff5 Revert "build: fix configure detection of if_bridge.h on RHEL 6"
This reverts commit 2df8d99138.

The change breaks configure on any recent Fedora platform
2013-08-07 11:59:38 +01:00
Eric Blake
2df8d99138 build: fix configure detection of if_bridge.h on RHEL 6
A fresh checkout on a RHEL 6 machine with these packages:
kernel-headers-2.6.32-405.el6.x86_64
glibc-2.12-1.128.el6.x86_64
failed to configure with this message:
checking for linux/if_bridge.h... no
configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support

Digging in config.log, we see that the problem is identical to
what we fixed earlier in commit d12c2811:

configure:98831: checking for linux/if_bridge.h
configure:98853: gcc -std=gnu99 -c -g -O2  conftest.c >&5
In file included from /usr/include/linux/if_bridge.h:17,
                 from conftest.c:559:
/usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr'
/usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6'
/usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq'
configure:98860: $? = 1

I had not hit it earlier because I was using incremental builds,
where config.cache had shielded me from the kernel-headers breakage.

* configure.ac (if_bridge.h): Avoid conflicting type definitions.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-06 14:42:34 -06:00
Eric Blake
13c573740b maint: use modern autoconf idioms
Autoconf 2.59 says that AC_OUTPUT with arguments is obsolete,
and we are already using the replacement for some, but not all,
of our output files.

* configure.ac (AC_OUTPUT): Rewrite to use AC_CONFIG_FILES.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-01 07:31:53 -06:00
Daniel P. Berrange
5bb2a245ab Delete obsolete / unused python test files
The python/tests directory contains a number of so called
"tests" for the python API. These are all hardcoded to
look for Xen and cannot be run in any automated fashion,
and no one is ever manually running them. Given that they
don't meaningully contribute to the test coverage, delete
them.

For some reason these tests were also copied into the
filesystem as part of 'make install'. The change to the
RPM in commit 3347a42032
caused a build failure, since it removed the code which
deleted these installed tests.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-30 14:13:58 +01:00
Daniel Veillard
e9b8c9dc80 Release of libvirt-1.1.1
* configure.ac docs/news.html.in: update for the release
* po/*.po*: update localizations and regenerate
2013-07-30 17:38:35 +08:00
Roman Bogorodskiy
7e1208297d Fix link_addr detection
link_addr detection in configure always reports that
link_addr is missing because it uses link_addr(NULL, NULL) in
AC_LINK_IFELSE check with limited set of headers that doesn't
define NULL.

Fix by replacing 'NULL' with just '0'.
2013-07-24 15:31:34 +02:00
Guido Günther
c5d79fb0fc Use AC_LINK_IFELSE
instead of the deprecated AC_TRY_LINK
2013-07-18 23:14:08 +02:00
Guido Günther
77bac48b37 Check for link_addr more thoroughly
Some versions of kFreeBSD (like 9.0) declare link_addr in a header
but lack an implementation. This makes ./configure pass but breaks
compilation later with a

     undefined reference to `link_addr'

Althought that's a bug in the OS header we can detect it easily by also
trying to link.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715320
2013-07-18 17:10:04 +02:00
Eric Blake
ee777e9949 util: make virSetUIDGID async-signal-safe
https://bugzilla.redhat.com/show_bug.cgi?id=964358

POSIX states that multi-threaded apps should not use functions
that are not async-signal-safe between fork and exec, yet we
were using getpwuid_r and initgroups.  Although rare, it is
possible to hit deadlock in the child, when it tries to grab
a mutex that was already held by another thread in the parent.
I actually hit this deadlock when testing multiple domains
being started in parallel with a command hook, with the following
backtrace in the child:

 Thread 1 (Thread 0x7fd56bbf2700 (LWP 3212)):
 #0  __lll_lock_wait ()
     at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
 #1  0x00007fd5761e7388 in _L_lock_854 () from /lib64/libpthread.so.0
 #2  0x00007fd5761e7257 in __pthread_mutex_lock (mutex=0x7fd56be00360)
     at pthread_mutex_lock.c:61
 #3  0x00007fd56bbf9fc5 in _nss_files_getpwuid_r (uid=0, result=0x7fd56bbf0c70,
     buffer=0x7fd55c2a65f0 "", buflen=1024, errnop=0x7fd56bbf25b8)
     at nss_files/files-pwd.c:40
 #4  0x00007fd575aeff1d in __getpwuid_r (uid=0, resbuf=0x7fd56bbf0c70,
     buffer=0x7fd55c2a65f0 "", buflen=1024, result=0x7fd56bbf0cb0)
     at ../nss/getXXbyYY_r.c:253
 #5  0x00007fd578aebafc in virSetUIDGID (uid=0, gid=0) at util/virutil.c:1031
 #6  0x00007fd578aebf43 in virSetUIDGIDWithCaps (uid=0, gid=0, capBits=0,
     clearExistingCaps=true) at util/virutil.c:1388
 #7  0x00007fd578a9a20b in virExec (cmd=0x7fd55c231f10) at util/vircommand.c:654
 #8  0x00007fd578a9dfa2 in virCommandRunAsync (cmd=0x7fd55c231f10, pid=0x0)
     at util/vircommand.c:2247
 #9  0x00007fd578a9d74e in virCommandRun (cmd=0x7fd55c231f10, exitstatus=0x0)
     at util/vircommand.c:2100
 #10 0x00007fd56326fde5 in qemuProcessStart (conn=0x7fd53c000df0,
     driver=0x7fd55c0dc4f0, vm=0x7fd54800b100, migrateFrom=0x0, stdin_fd=-1,
     stdin_path=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
     flags=1) at qemu/qemu_process.c:3694
 ...

The solution is to split the work of getpwuid_r/initgroups into the
unsafe portions (getgrouplist, called pre-fork) and safe portions
(setgroups, called post-fork).

* src/util/virutil.h (virSetUIDGID, virSetUIDGIDWithCaps): Adjust
signature.
* src/util/virutil.c (virSetUIDGID): Add parameters.
(virSetUIDGIDWithCaps): Adjust clients.
* src/util/vircommand.c (virExec): Likewise.
* src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
(virDirCreate): Likewise.
* src/security/security_dac.c (virSecurityDACSetProcessLabel):
Likewise.
* src/lxc/lxc_container.c (lxcContainerSetID): Likewise.
* configure.ac (AC_CHECK_FUNCS_ONCE): Check for setgroups, not
initgroups.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-11 15:46:42 -06:00
Roman Bogorodskiy
8849fc387c Fix bridge routines detection on kFreeBSD
In order to properly detect bridge related definitions such as
BRDGSFD, BRDGADD and BRDGDEL on kFreeBSD we need to include
<stdint.h>.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715321

Reported by Laurent Bigonville.
2013-07-10 13:20:02 +02:00
Daniel Veillard
034d322978 Release of libvirt-1.1.0
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: updated localizations and regenerated
2013-07-01 17:22:49 +08:00
Roman Bogorodskiy
ce2400676d BSD: implement bridge add/remove port and set STP 2013-06-21 10:23:28 +02:00
Cole Robinson
f2eaef3f0e configure: Remove unused brctl check
brctl isn't used anywhere AFAICT
2013-06-12 11:50:06 -04:00
Daniel Veillard
4497ef50dc Release of libvirt 1.0.6
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: pull localization updates and regenerate the po
2013-06-03 12:09:56 +02:00
Eric Blake
7d21d6b697 build: fix build with newer gnutls
Building with gnutls 3.2.0 (such as shipped with current cygwin) fails
with:

rpc/virnettlscontext.c: In function 'virNetTLSSessionGetKeySize':
rpc/virnettlscontext.c:1358:5: error: implicit declaration of function 'gnutls_cipher_get_key_size' [-Wimplicit-function-declaration]

Yeah, it's stupid that gnutls broke API by moving their declaration
into a new header without including that header from the old one,
but it's easy enough to work around, all without breaking on gnutls
1.4.1 (hello RHEL 5) that lacked the new header.

* configure.ac (gnutls): Check for <gnutls/crypto.h>.
* src/rpc/virnettlscontext.c (includes): Include additional header.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-29 08:52:42 -06:00
Eric Blake
de483052a2 maint: follow recommended practice for using LGPL
https://www.gnu.org/licenses/gpl-howto.html states:

You should also include a copy of the license itself somewhere in the
distribution of your program. All programs, whether they are released
under the GPL or LGPL, should include the text version of the GPL. In
GNU programs the license is usually in a file called COPYING.

If you are releasing your program under the LGPL, you should also
include the text version of the LGPL, usually in a file called
COPYING.LESSER. Please note that, since the LGPL is a set of
additional permissions on top of the GPL, it's important to include
both licenses so users have all the materials they need to understand
their rights.

* configure.ac (COPYING): No more games with non-git file.
* COPYING: New file, copied from gnulib.
* COPYING.LIB: Rename...
* COPYING.LESSER: ...to this.
* .gitignore: Track licenses in git.
* cfg.mk (exclude_file_name_regexp--sc_copyright_address): Tweak
rule.
* libvirt.spec.in (daemon, client, python): Reflect rename.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-20 14:15:21 -06:00
Eric Blake
d7f53c7b97 maint: use LGPL correctly
Several files called out COPYING or COPYING.LIB instead of using
the normal boilerplate.  It's especially important that we don't
call out COPYING from an LGPL file, since COPYING is traditionally
used for the GPL.  A few files were lacking copyright altogether.

* src/rpc/gendispatch.pl: Add missing copyright.
* Makefile.nonreentrant: Likewise.
* src/check-symfile.pl: Likewise.
* src/check-symsorting.pl: Likewise.
* src/driver.h: Likewise.
* src/internal.h: Likewise.
* tools/libvirt-guests.sh.in: Likewise.
* tools/virt-pki-validate.in: Mention copyright in comment, not just code.
* tools/virt-sanlock-cleanup.in: Likewise.
* src/rpc/genprotocol.pl: Spell out license terms.
* src/xen/xend_internal.h: Likewise.
* src/xen/xend_internal.c: Likewise.
* Makefile.am: Likewise.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* docs/schemas/Makefile.am: Likewise.
* examples/apparmor/Makefile.am: Likewise.
* examples/domain-events/events-c/Makefile.am: Likewise.
* examples/dominfo/Makefile.am: Likewise.
* examples/domsuspend/Makefile.am: Likewise.
* examples/hellolibvirt/Makefile.am: Likewise.
* examples/openauth/Makefile.am: Likewise.
* examples/python/Makefile.am: Likewise.
* examples/systemtap/Makefile.am: Likewise.
* examples/xml/nwfilter/Makefile.am: Likewise.
* gnulib/lib/Makefile.am: Likewise.
* gnulib/tests/Makefile.am: Likewise.
* include/Makefile.am: Likewise.
* include/libvirt/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* python/tests/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.
* configure.ac: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-20 14:03:48 -06:00
Daniel P. Berrange
421846e4a3 Only pass -export-dynamic to linker, not compiler
Clang does not like the -export-dynamic flag. The compiler does
not need it in the first place, so we can avoid the problem by
only setting it for the linker

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-14 15:00:22 +01:00
Roman Bogorodskiy
bf87b99d72 build: avoid gcrypt deprecation warnings
When combining old gcc (4.2.1) and new gcrypt (1.5.2), such as
when using the Ports repository on FreeBSD, the build fails with:

  CC       libvirt_driver_la-libvirt.lo
cc1: warnings being treated as errors
In file included from libvirt.c:58:
/usr/local/include/gcrypt.h:1336: warning: 'gcry_ac_io_mode_t' is deprecated [-Wdeprecated-declarations]

Relevant part of gcrypt.h:
1333 typedef struct gcry_ac_io
1334 {
1335   /* This is an INTERNAL structure, do NOT use manually.  */
1336   gcry_ac_io_mode_t mode _GCRY_ATTR_INTERNAL;
1337   gcry_ac_io_type_t type _GCRY_ATTR_INTERNAL;
1338   union

The sad part is that we aren't even using the deprecated symbols - their
mere inclusion in the installed header is provoking the problems.  It
looks like newer gcc is a bit more tolerant (that is, this is a
shortcoming of FreeBSD's use of an older compiler).

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-13 16:07:26 -06:00
Roman Bogorodskiy
95934171fb portability: fix virNetDevSetMAC and virNetDevExists on BSD
- provide virNetDevSetMAC() implementation based on SIOCSIFLLADDR
  ioctl.
- adjust virNetDevExists() to check for ENXIO error because
  FreeBSD throws it when device doesn't exist

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-10 11:13:21 -06:00
Daniel Veillard
8e20a23fb6 Release of libvirt-1.0.5
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: pulled and merged a number of new localization updates
2013-05-02 15:04:50 +08:00
Roman Bogorodskiy
5295e35f58 portability: handle ifreq differences in virnetdev
FreeBSD (and maybe other BSDs) have different member
names in struct ifreq when compared to Linux, such as:

 - uses ifr_data instead of ifr_newname for setting
   interface names
 - uses ifr_index instead of ifr_ifindex for interface
   index

Also, add a check for SIOCGIFHWADDR for virNetDevValidateConfig().

Use AF_LOCAL if AF_PACKET is not available.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-04-30 09:42:22 -06:00
Laine Stump
776d49f492 util: new virCommandSetMax(MemLock|Processes|Files)
This patch adds two sets of functions:

1) lower level virProcessSet*() functions that will immediately set
the RLIMIT_MEMLOCK. RLIMIT_NPROC, or RLIMIT_NOFILE of either the
current process (using setrlimit()) or any other process (using
prlimit()). "current process" is indicated by passing a 0 for pid.

2) functions for virCommand* that will setup a virCommand object to
set those limits at a later time just after it has forked a new
process, but before it execs the new program.

configure.ac has prlimit and setrlimit added to the list of functions
to check for, and the low level functions log an "unsupported" error)
on platforms that don't support those functions.
2013-04-26 10:23:46 -04:00
Daniel P. Berrange
1da631ecf3 Add an API for re-mounting cgroups, to isolate the process location
Add a virCgroupIsolateMount method which looks at where the
current process is place in the cgroups (eg /system/demo.lxc.libvirt)
and then remounts the cgroups such that this sub-directory
becomes the root directory from the current process' POV.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:32 +01:00
Daniel P. Berrange
c78a2b13a6 Conditionalize use of symlink() function in test suite
On Win32 symlink() is not available, so virstoragetest.c
must be conditionalized to avoid compile failures.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:30 +01:00
Daniel P. Berrange
fc8c1787d8 Enable full RELRO mode
By passing the flags -z relro -z now to the linker, we can force
it to resolve all library symbols at startup, instead of on-demand.
This allows it to then make the global offset table (GOT) read-only,
which makes some security attacks harder.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 16:19:35 +01:00
Daniel P. Berrange
1150999ca4 Build all binaries with PIE
PIE (position independent executable) adds security to executables
by composing them entirely of position-independent code (PIC. The
.so libraries already build with -fPIC. This adds -fPIE which is
the equivalent to -fPIC, but for executables. This for allows Exec
Shield to use address space layout randomization to prevent attackers
from knowing where existing executable code is during a security
attack using exploits that rely on knowing the offset of the
executable code in the binary, such as return-to-libc attacks.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-03 16:19:35 +01:00
Daniel P. Berrange
ad42b34b1b Disable static libraries by default
Every source file is currently built twice by libtool, once for
the shared library and once for the static library. Static libs
are not commonly packaged by distros and slow down compilation
time by more than 50% compared to a shared-only build time.

Time for 'make -j 4':

      shared only: 2 mins  9 secs
  shared + static: 3 mins 26 secs

Time for non-parallel make

      shared only: 3 mins 32 secs
  shared + static: 5 mins 41 secs

Those few people who really want them, can pass --enable-static
to configure

Disabling them by default requires use of LT_INIT, but for
compat with RHEL5 we can't rely on that. So we conditionally
use LT_INIT, but fallback to AM_PROG_LIBTOOL if not present.
2013-04-03 11:02:27 +01:00
Daniel Veillard
89d730201f Release of libvirt-1.0.4
- configure.ac docs/news.html.in libvirt.spec.in: updates for the release
- po/*.po*: fetch translation updates from Transifex and regenerate
2013-04-01 10:57:04 +08:00
Daniel Veillard
be1c364d89 Release of libvirt 1.0.3
- configure.ac docs/news.html.in libvirt.spec.in: update for the release
- po/*.po*: merged in transifex updates for fr,hi,pl,ja,uk,it and
  regenerated
2013-03-05 12:00:53 +08:00
Daniel Veillard
4a824cdbc4 Release of libvirt-1.0.2
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: updated localizations
2013-01-30 10:42:05 +01:00
Guido Günther
2cebf84867 Make sure we only abort without libcurl if $with_esx = yes 2013-01-25 22:06:53 +01:00
Eric Blake
1bf661caf4 build: further fixes for broken if_bridge.h
Commit c308a9ae was incomplete; it resolved the configure failure,
but not a later build failure.

* src/util/virnetdevbridge.c: Include pre-req header.
* configure.ac (AC_CHECK_HEADERS): Prefer standard in.h over
non-standard ip6.h.
2013-01-14 21:08:23 -07:00
Daniel P. Berrange
688b3ecfe9 Fix typo LIBCURL_{CFLAGS,LIBS} to CURL_{CFLAGS,LIBS}
Some places missed the conversion from LIBCURL_{CFLAGS,LIBS} to
CURL_{CFLAGS,LIBS}, and a part of curl check was left in
configure.ac instead of m4/virt-curl.m4 by mistake
2013-01-14 17:22:31 +00:00
Eric Blake
c308a9ae15 build: work around broken kernel header
I got this scary warning during ./configure on rawhide:

checking linux/if_bridge.h usability... no
checking linux/if_bridge.h presence... yes
configure: WARNING: linux/if_bridge.h: present but cannot be compiled
configure: WARNING: linux/if_bridge.h:     check for missing prerequisite headers?
configure: WARNING: linux/if_bridge.h: see the Autoconf documentation
configure: WARNING: linux/if_bridge.h:     section "Present But Cannot Be Compiled"
configure: WARNING: linux/if_bridge.h: proceeding with the compiler's result
configure: WARNING:     ## ------------------------------------- ##
configure: WARNING:     ## Report this to libvir-list@redhat.com ##
configure: WARNING:     ## ------------------------------------- ##
checking for linux/if_bridge.h... no

* configure.ac (AC_CHECK_HEADERS): Provide struct in6_addr, since
linux/if_bridge.h uses it without declaring it.
2013-01-14 10:04:09 -07:00
Daniel P. Berrange
3d1596b048 Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.

The actual APIs are

  int virDomainLxcOpenNamespace(virDomainPtr domain,
                                int **fdlist,
                                unsigned int flags);

  int virDomainLxcEnterNamespace(virDomainPtr domain,
                                 unsigned int nfdlist,
                                 int *fdlist,
                                 unsigned int *noldfdlist,
                                 int **oldfdlist,
                                 unsigned int flags);

which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.

NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:58:34 +00:00
Daniel P. Berrange
907a39e735 Add a test suite for validating SELinux labelling
There are many aspects of the guest XML which result in the
SELinux driver applying file labelling. With the increasing
configuration options it is desirable to test this behaviour.
It is not possible to assume that the test suite has the
ability to set SELinux labels. Most filesystems though will
support extended attributes. Thus for the purpose of testing,
it is possible to extend the existing LD_PRELOAD hack to
override setfilecon() and getfilecon() to simply use the
'user.libvirt.selinux' attribute for the sake of testing.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:40:04 +00:00
Daniel P. Berrange
cf7ac00ebd Rename HAVE_POLKIT to WITH_POLKIT 2013-01-14 13:29:55 +00:00
Daniel P. Berrange
14e3d7d2a4 Remove unused XMLRPC_REQUIRED var 2013-01-14 13:29:55 +00:00
Daniel P. Berrange
a99bfb4b5e Convert openwsman check to use LIBVIRT_CHECK_PKG 2013-01-14 13:29:54 +00:00
Daniel P. Berrange
0eec69729d Convert ssh2 check to use LIBVIRT_CHECK_PKG
This converts the libssh2 configure check to use LIBVIRT_CHECK_PKG.
Previously it would check version 1.0 and 1.3, but this simplifies
things to just require version 1.3
2013-01-14 13:29:44 +00:00
Daniel P. Berrange
e1e94f2ed9 Rename HAVE_LIBSSH2 to WITH_SSH2 2013-01-14 13:29:35 +00:00
Daniel P. Berrange
40541c2a6b Convert curl check over to use LIBVIRT_CHECK_PKG 2013-01-14 13:29:34 +00:00
Daniel P. Berrange
d9a2a993dd Rename HAVE_LIBCURL to WITH_CURL 2013-01-14 13:29:19 +00:00
Daniel P. Berrange
e9f4c675e2 Convert fuse check over to use LIBVIRT_CHECK_PKG 2013-01-14 13:29:17 +00:00
Daniel P. Berrange
8c1e9be48f Rename HAVE_FUSE to WITH_FUSE 2013-01-14 13:26:47 +00:00
Daniel P. Berrange
bccd4a8cbc Rename HAVE_GNUTLS to WITH_GNUTLS 2013-01-14 13:26:47 +00:00
Daniel P. Berrange
19e285f1ae Convert blkid check over to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
7db9ac8260 Convert HAVE_LIBBLKID to WITH_BLKID
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
f488ddf4d8 Convert HAL check to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
24120066a4 Convert HAVE_HAL to WITH_HAL
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
04ac20df3f Convert udev/pciaccess checks to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
d3b05abfa9 Convert HAVE_UDEV to WITH_UDEV
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:47 +00:00
Daniel P. Berrange
bae47e4e30 Convert avahi check to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:46 +00:00
Daniel P. Berrange
2de152d20d Convert HAVE_AVAHI to WITH_AVAHI
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:34 +00:00
Daniel P. Berrange
832d140930 Convert DBus check to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:47 +00:00
Daniel P. Berrange
da77f04ed5 Convert HAVE_DBUS to WITH_DBUS
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:47 +00:00
Daniel P. Berrange
e763ad256d Convert netcf check to use LIBVIRT_CHECK_PKG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:40 +00:00
Daniel P. Berrange
cf6f8811fb Convert cap-ng check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:06 +00:00
Daniel P. Berrange
ef38965c30 Convert HAVE_CAPNG to WITH_CAPNG
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:06 +00:00
Daniel P. Berrange
c85e1dd71b Convert numactl checks to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:06 +00:00
Daniel P. Berrange
6f736c83e5 Convert HAVE_NUMACTL to WITH_NUMACTL
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:06 +00:00
Daniel P. Berrange
766ace80d6 Convert apparmor check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:25:05 +00:00
Daniel P. Berrange
98de5f3e5d Convert selinux check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:24:49 +00:00
Daniel P. Berrange
63f18f3786 Convert HAVE_SELINUX to WITH_SELINUX
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:24:49 +00:00
Daniel P. Berrange
054bbfcbaa Convert audit check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
e424220a0e Convert HAVE_AUDIT to WITH_AUDIT
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
c45fed8a63 Convert sasl check to use LIBVIRT_CHECK_LIB_ALT
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
321a7d53f3 Convert HAVE_SASL to WITH_SASL
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
a38dbf6673 Convert sanlock check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
4da3000c66 Convert HAVE_SANLOCK to WITH_SANLOCK
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
654c709baa Convert yajl check to use LIBVIRT_CHECK_LIB_ALT
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
49a1c16027 Convert HAVE_YAJL into WITH_YAJL
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:22 +00:00
Eric Blake
daa886b635 maint: don't distribute generated .def files
I ran 'make dist' in the directory left over from ./autobuild.sh
(which was configured for a mingw cross build); the resulting
tarball had more files than 'make dist' on a normal Linux build.
I traced it to the fact that we were distributing a generated
file, but only when configure said the end user had to generate
the file in the first place.  In the process, I noticed that
we had some difference in symbol file names; I added a comment
explaining why the difference exists (after first trying to
normalize the names and hitting VPATH build failures).

* configure.ac (LIBVIRT_QEMU_SYMBOL_FILE): Add some comments.
* src/Makefile.am (EXTRA_DIST): No need to ship a generated file;
particularly since which file is built depends on configure results.
2013-01-10 15:29:27 -07:00
Daniel P. Berrange
f587c27768 Make TLS support conditional
Add checks for existence of GNUTLS and automatically disable
it if not found.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 20:57:31 +00:00
Daniel P. Berrange
5f669ea976 Add internal APIs for dealing with namespaces
Add some APIs for acquiring namespace file descriptors and
switching namespaces

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 09:21:08 +00:00
Jim Fehlig
68e7bc4561 build: Add libxenctrl to LIBXL_LIBS
Commit dfa1e1dd removed libxenctrl from LIBXL_LIBS, but the libxl
driver uses a symbol from this library.  Explicitly link with
libxenctrl instead of relying on the build system to support
implicit DSO linking.
2013-01-07 10:15:56 -07:00
John Eckersberg
3c971c675a conf: Rename console-specific identifiers to be more generic
The functionality provided in virchrdev.c (previously virconsole.c) is
applicable to other types of character devices besides consoles, such
as channels.  This patch is just code motion, renaming things such as
"console" or "pty", instead using more general terms such as
"character device" or "device path".
2013-01-04 17:43:21 -07:00
Eric Blake
83aca30f1e build: use autobuild module to make build logs nicer
A recent build failure made me realize that we could usefully add
a bit more information to configure output, for aid in analysis of
failed builds.  Pulling in the autobuild module merely adds these
four lines to configure output:

configure: autobuild project... libvirt
configure: autobuild revision... v1.0.1-113-g7a74eea
configure: autobuild hostname... myhost
configure: autobuild timestamp... 20130102T233543Z

which can be useful even if not using the Autobuild project to parse
build logs.

* bootstrap.conf (gnulib_modules): Add autobuild.
* configure.ac: Favor git version over release version, when available.
2013-01-02 16:43:58 -07:00
Eric Blake
6e148567fd build: make broken -Wlogical-op test be gcc-only
Commit 8b8fcdea introduced a check for broken gcc -Wlogical-op,
but did not guard the check against non-gcc compilers, which might
lead to spurious failures when another compiler encounters an
unknown pragma.  Additionally, all of our compiler warning logic
should belong in a single file, and use cache variables to allow
overriding the decision at configure time if necessary.

* configure.ac (BROKEN_GCC_WLOGICALOP): Move...
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): ...here,
and update to modern autoconf idioms.
2012-12-19 12:21:09 -07:00
Viktor Mihajlovski
8b8fcdea6e build: Check for broken GCC -Wlogical-op in configure
Some older versions of GCC report a false positive on code like
  char * haystack, needle;
  strchr(haystack, needle);

Added an extra check in configure.ac which will
  #define BROKEN_GCC_WLOGICALOP 1
in this case, allowing to special handle "offending" code.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-12-17 17:36:56 +00:00
Daniel Veillard
34ca568497 Release of libvirt-1.0.1
- configure.ac docs/news.html.in: update for the release
- po/*.po: updated from transifex
2012-12-17 11:36:37 +08:00
Roman Bogorodskiy
0c94357f9d Socket identity support for FreeBSD.
This adds an implementation of virNetSocketGetUNIXIdentity()
using LOCAL_PEERCRED socket option and xucred struct, defined
in <sys/ucred.h> on systems that have it.
2012-12-14 11:49:31 -07:00
Guido Günther
238dba0f9c Require SANLK_INQ_WAIT for inq_lockspace support
since compilation breaks otherwise with older libsanlock.
2012-12-14 18:03:49 +01:00
Roman Bogorodskiy
9a2f36ec04 Qemu FreeBSD: fix compilation
* Autotools changes:
  - Don't assume Qemu is Linux-only
  - Check Linux headers only on Linux
  - Disable firewalld on FreeBSD
* Initctl:
  Initctl seem to present only on Linux, so stub it on other platforms
* Raw I/O: Linux-only as well
* Headers cleanup
2012-12-12 11:59:53 -07:00
Jim Fehlig
dfa1e1dd53 Convert libxl driver to Xen 4.2
Based on a patch originally authored by Daniel De Graaf

  http://lists.xen.org/archives/html/xen-devel/2012-05/msg00565.html

This patch converts the Xen libxl driver to support only Xen >= 4.2.
Support for Xen 4.1 libxl is dropped since that version of libxl is
designated 'technology preview' only and is incompatible with Xen 4.2
libxl.  Additionally, the default toolstack in Xen 4.1 is still xend,
for which libvirt has a stable, functional driver.
2012-12-06 16:15:54 -07:00
Gao feng
b6c37e5fb5 Add a configure option for fuse support in LXC driver
Add a configure option --with-fuse to prepare introduction
of fuse support for libvirt lxc.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2012-11-28 10:28:49 +00:00
Michal Privoznik
96a02703da sanlock: Retry after EINPROGRESS
It may take some time for sanlock to add a lockspace. And if user
restart libvirtd service meanwhile, the fresh daemon can fail adding
the same lockspace with EINPROGRESS. Recent sanlock has
sanlock_inq_lockspace() function which should block until lockspace
changes state. If we are building against older sanlock we should
retry a few times before claiming an error. This issue can be easily
reproduced:

for i in {1..1000} ; do echo $i; service libvirtd restart; sleep 2; done
20
Stopping libvirtd daemon:                                  [FAILED]
Starting libvirtd daemon:                                  [  OK  ]
21
Stopping libvirtd daemon:                                  [  OK  ]
Starting libvirtd daemon:                                  [  OK  ]
22
Stopping libvirtd daemon:                                  [  OK  ]
Starting libvirtd daemon:                                  [  OK  ]

 error : virLockManagerSanlockSetupLockspace:334 : Unable to add
 lockspace /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__: Operation now in
 progress
2012-11-16 08:00:11 +01:00
Daniel Veillard
2b435c153e Release of libvirt-1.0.0
* configure.ac docs/news.html.in libvirt.spec.in: update for the new release
* po/*.po*: update from transifex, a lot of added support e.g. Indian
  languages, and regenerate
2012-11-02 12:08:11 +08:00
Christophe Fergeau
662f8a2ab3 Fix disabling of apparmor/selinux security drivers
When using --without-$name --without-secdriver-$name with $name being
selinux or apparmor, configure will fail saying that AppArmor/SELinux
development package must be installed.
This is caused by a small bug in --with-secdriver-$name handling in
configure.ac which treats --without-secdriver-$name when $name as if the
user had requested to enable $name when $name couldn't be detected on
the system.

This commit also makes sure the detection checks for disabled
secdrivers do not needlessly get run, especially as this could
cause an error as well in --with-$name --without-secdriver-$name
situations.
2012-10-23 08:56:03 +02:00
Jiri Denemark
5ce6d95eed locking: Fix build with sanlock < 2.4
libvirt started using sanlock_killpath to implement on_lockfailure
action. Since sanlock_killpath was introduced in sanlock 2.4, libvirt
fails to build with older sanlock.
2012-10-16 21:32:05 +02:00
Martin Kletzander
9674f2c637 selinux: Use raw contexts
We are currently able to work only with non-translated SELinux
contexts, but we are using functions that work with translated
contexts throughout the code.  This patch swaps all SELinux context
translation relative calls with their raw sisters to avoid parsing
problems.

The problems can be experienced with mcstrans for example.  The
difference is that if you have translations enabled (yum install
mcstrans; service mcstrans start), fgetfilecon_raw() will get you
something like 'system_u:object_r:virt_image_t:s0', whereas
fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow'
that we cannot parse.

I was trying to confirm that the _raw variants were here since the dawn of
time, but the only thing I see now is that it was imported together in
the upstream repo [1] from svn, so before 2008.

Thanks Laurent Bigonville for finding this out.

[1] http://oss.tresys.com/git/selinux.git
2012-10-12 17:54:09 +02:00
Ján Tomko
149c87b49d Various typos and misspellings 2012-10-12 00:03:43 +02:00
Doug Goldstein
5a33366f5c interface: add udev based backend for virInterface
Add a read-only udev based backend for virInterface. Useful for distros
that do not have netcf support yet. Multiple libvirt based utilities use
a HAL based fallback when virInterface is not available which is less
than ideal. This implements:
* virConnectNumOfInterfaces()
* virConnectListInterfaces()
* virConnectNumOfDefinedInterfaces()
* virConnectListDefinedInterfaces()
* virConnectListAllInterfaces()
* virConnectInterfaceLookupByName()
* virConnectInterfaceLookupByMACString()
2012-10-09 09:39:43 -06:00
Matthias Bolte
458c499841 Call curl_global_init from virInitialize to avoid thread-safety issues
curl_global_init is not thread-safe. curl_easy_init might call
curl_global_init when it was no called before. But curl_easy_init
can be called from different threads by the ESX driver. Therefore,
call curl_global_init from virInitialize to stop curl_easy_init from
calling it.

Reported by Benjamin Wang.
2012-10-08 21:27:58 +02:00
Alexander Larsson
53d5ad94c0 Fix typo in HAVE_DBUS automake conditional
The variable that is set in the script is with_dbus, not have_dbus.
2012-10-08 10:33:48 -06:00
Eric Blake
cd1e8d1c47 build: avoid journald on rhel 5
Commit f6430390 broke builds on RHEL 5, where glibc (2.5) is too
old to support mkostemp (2.7) or htole64 (2.9).  While gnulib
has mkostemp, it still lacks htole64; and it's not worth dragging
in replacements on systems where journald is unlikely to exist
in the first place, so we just use an extra configure-time check
as our witness of whether to attempt compiling the code.

* src/util/logging.c (virLogParseOutputs): Don't attempt to
compile journald on older glibc.
* configure.ac (AC_CHECK_DECLS): Check for htole64.
2012-10-01 17:33:25 -06:00
Daniel J Walsh
aa696e1846 build: default selinuxfs mount point to /sys/fs/selinux
Currently if you build on a machine that does not support SELinux we end up
with the default mount point being /selinux, since this is moved to
/sys/fs/selinux, we should start defaulting there.

I believe this is causing a bug in libvirt-lxc when /selinux does not exists,
even though /sys/fs/selinux exists.
2012-09-28 13:50:06 -06:00
Jim Fehlig
416eca189b Fix compilation of legacy xen driver with Xen 4.2
In Xen 4.2, xs.h is deprecated in favor of xenstore.h.  xs.h now
contains

#warning xs.h is deprecated use xenstore.h instead
#include <xenstore.h>

which fails compilation when warnings are treated as errors.

Introduce a configure-time check for xenstore.h and if found,
use it instead of xs.h.
2012-09-27 10:27:33 -06:00
Christophe Fergeau
f6c2951566 build: fix detection of netcf linked with libnl1
Commit 9298bfbcb introduced code to detect if netcf is linked with
libnl1, and to prefer libnl1 over libnl3 when this is the case.
This behaviour can be disabled by setting LIBNL_CFLAGS to any value,
including the empty string.
However, configure.ac sets LIBNL_CFLAGS to "" before attempting
libnl detection, so the libnl1 detection code is always disabled.
This caused issues on my f17 system where netcf is linked with libnl1
but libvirt got built with libnl3.

This commit removes the setting of the LIBNL_* variables to "" as
this does not appear to be needed. After this change, libnl1 is
used when building libvirt on my f17 system.
2012-09-25 11:07:43 +02:00
Daniel Veillard
f8fbeb50d5 Release of libvirt-0.10.2
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: update from transifex and regenerate
2012-09-24 12:46:37 +08:00
Doug Goldstein
b95ad92e05 build: define WITH_INTERFACE for the driver
Based exclusively on work by Eric Blake in a patch posted with the same
subject. However some modifications related to comments and my plans to
add another backend.

Added WITH_INTERFACE as the only automake variable deciding whether to
build the driver and using WITH_NETCF to identify that we're wanting to
use the netcf library as the backend.

* configure.ac: Added with_interface
* src/interface/netcf_driver.c: Renamed..
* src/interface/interface_backend_netcf.c: ..to this to match storage.
* src/interface/netcf_driver.h: Renamed..
* src/interface/interface_driver.h: ..to this.
* daemon/Makefile.am: Respect WITH_INTERFACE and WITH_NETCF.
* libvirt.spec.in: Add RPM support for --with-interface
2012-09-19 08:27:01 -06:00
Richard W.M. Jones
5090c576e3 Add a ./run script for running programs from the local directory.
With this script you can run libvirt programs without needing to
install them first.  You just have to do for example:

  ./run ./tools/virsh [args ...]

If you are already in the tools/ subdirectory, then the following
command will also work:

  ../run ./virsh [...]

You can also run the C programs under valgrind like this:

  ./run valgrind [valgrind opts...] ./program

or under gdb:

  ./run gdb --args ./program

This also works with sudo (eg. if you need root access for libvirt):

  sudo ./run ./tools/virsh list --all

Derived from libguestfs and simplified.  The ./run script in
libguestfs is much more sophisticated:

https://github.com/libguestfs/libguestfs/blob/master/run.in
2012-09-18 10:59:16 +01:00
Guido Günther
615851dd19 Look in Debian's multiarch libs too
so we don't fail when libnetcf is built as multiarch lib.
2012-09-13 22:42:35 +02:00
Eric Blake
67936d1301 build: don't fail if libnl-3 is not found
Commit 9298bfb changed configure to split the libnl into two
separate pkg config checks instead of nesting the second check
on the failure path of the first.  But the default pkg config
behavior is to abort configure if a check fails.  Since we have
a second check lined up, we need an explicit failure case that
does not abort if the first check fails.

Meanwhile, commit 51b708c is reverted.  It did not fix any
behavior, and in fact, introduced a regression to the fallback
case when the user explicitly sets $LIBNL_CFLAGS.

* configure.ac: Don't abort if libnl-3 is not found.
2012-09-13 10:53:57 -06:00
Osier Yang
51b708c63e build: Fix typo which causes build failure
Pushed under build-breaker rule.
2012-09-13 12:44:19 +08:00
Eric Blake
9298bfbcb4 build: force libnl1 if netcf also used libnl1
Recent spec file changes ensure that in distro situations, netcf
and libvirt will link against the same libnl in order to avoid
dumping core.  But for every-day development, if you use F17 and
have the libnl3-devel headers available, libvirt was blindly
linking against libnl3 even though F17 netcf still links against
libnl1, making testing a self-built binary on F17 impossible.

By making configure a little bit smarter, we can avoid this
situation - we merely skip the probe of libnl-3 if we can prove
that netcf is still using libnl-1.  I intentionally wrote the
test so that we still favor libnl-3 if netcf is not installed or
if we couldn't use ldd to determine things.

Defaults being what they are, someone will invariably complain
that our smarts were wrong.  Never fear - in that case, just run
./configure LIBNL_CFLAGS=..., where the fact that you set
LIBNL_CFLAGS (even to the empty string) will go back to probing
for libnl-3, regardless of netcf's choice.

* configure.ac (LIBNL): Don't probe libnl3 if netcf doesn't use it.
2012-09-12 15:32:28 -06:00
Eric Blake
ccaf0beec8 build: improved handling of <execinfo.h>, BSD <net/if.h>
FreeBSD and OpenBSD have a <net/if.h> that is not self-contained;
and mingw lacks the header altogether.  But gnulib has just taken
care of that for us, so we might as well simplify our code.  In
the process, I got a syntax-check failure if we don't also take
the gnulib execinfo module.

* .gnulib: Update to latest, for execinfo and net_if.
* bootstrap.conf (gnulib_modules): Add execinfo and net_if modules.
* configure.ac: Let gnulib check for headers.  Simplify check for
'struct ifreq', while also including enough prereq headers.
* src/internal.h (IF_NAMESIZE): Drop, now that gnulib guarantees it.
* src/nwfilter/nwfilter_learnipaddr.h: Use correct header for
IF_NAMESIZE.
* src/util/virnetdev.c (includes): Assume <net/if.h> exists.
* src/util/virnetdevbridge.c (includes): Likewise.
* src/util/virnetdevtap.c (includes): Likewise.
* src/util/logging.c (includes): Assume <execinfo.h> exists.
(virLogStackTraceToFd): Handle gnulib's fallback implementation.
2012-09-06 10:08:47 -06:00
Eric Blake
d74e5a4dfc build: use correct libraries for clock_gettime
On OpenBSD, clock_gettime() exists in libc rather than librt, and
blindly linking with -lrt made the build fail.  Gnulib already
did the work for determining which libraries to use, so we should
reuse that work rather than doing it ourselves.

* bootstrap.conf (gnulib_modules): Pull in clock-time.
* configure.ac (RT_LIBS): Drop.
* src/Makefile.am (libvirt_util_la_LIBADD): Use gnulib variable
instead.
* src/util/virtime.c (includes): Simplify.
2012-09-04 10:57:25 -06:00
Daniel Veillard
383a41657f Release of libvirt-0.10.1
* configure.ac docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: pulled localization updates for sp,ja,mr,pa,uk,zh_CN,zh_TW
  and regenerated
2012-08-31 20:41:06 +08:00
Daniel Veillard
6540efa40d Release of libvirt-0.10.0
* configure.ac docs/news.html.in libvirt.spec.in: updates for the release
* po/*.po*: update localizations for zh_CN, uk, ja, pt_BR, as, sp, mr, zh_TW
2012-08-29 12:00:36 +08:00
Eric Blake
77de1f3573 build: work with older RHEL 5 kernel
We already skip out on building the LXC under RHEL 5, because the
kernel is too old (commits 4c18acf, 2dee896); but commit 9612e4b
moved some LXC-only code into common files, resulting in this
build failure:

util/virfile.c: In function 'virFileLoopDeviceAssociate':
util/virfile.c:580: error: 'LO_FLAGS_AUTOCLEAR' undeclared (first use in this function)

Unfortunately, the kernel folks only made it an enum, rather than
also a #define, so we have to modify configure.ac to record when
it is usable.

* configure.ac (with_lxc): Mark when LO_FLAGS_AUTOCLEAR was found.
* src/util/virfile.c (virFileLoopDeviceAssociate): Avoid
compilation when kernel is too old.
2012-08-21 12:07:00 -06:00
Thomas Woerner
bf156385a0 network: use firewalld instead of iptables, when available
* configure.ac, spec file: firewalld defaults to enabled if dbus is
  available, otherwise is disabled. If --with_firewalld is explicitly
  requested and dbus is not available, configure will fail.

* bridge_driver: add dbus filters to get the FirewallD1.Reloaded
  signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1.
  When these are encountered, reload all the iptables reuls of all
  libvirt's virtual networks (similar to what happens when libvirtd is
  restarted).

* iptables, ebtables: use firewall-cmd's direct passthrough interface
  when available, otherwise use iptables and ebtables commands. This
  decision is made once the first time libvirt calls
  iptables/ebtables, and that decision is maintained for the life of
  libvirtd.

* Note that the nwfilter part of this patch was separated out into
  another patch by Stefan in V2, so that needs to be revised and
  re-reviewed as well.

================

All the configure.ac and specfile changes are unchanged from Thomas'
V3.

V3 re-ran "firewall-cmd --state" every time a new rule was added,
which was extremely inefficient.  V4 uses VIR_ONCE_GLOBAL_INIT to set
up a one-time initialization function.

The VIR_ONCE_GLOBAL_INIT(x) macro references a static function called
vir(Ip|Eb)OnceInit(), which will then be called the first time that
the static function vir(Ip|Eb)TablesInitialize() is called (that
function is defined for you by the macro). This is
thread-safe, so there is no chance of any race.

IMPORTANT NOTE: I've left the VIR_DEBUG messages in these two init
functions (one for iptables, on for ebtables) as VIR_WARN so that I
don't have to turn on all the other debug message just to see
these. Even if this patch doesn't need any other modification, those
messages need to be changed to VIR_DEBUG before pushing.

This one-time initialization works well. However, I've encountered
problems with testing:

1) Whenever I have enabled the firewalld service, *all* attempts to
call firewall-cmd from within libvirtd end with firewall-cmd hanging
internally somewhere. This is *not* the case if firewall-cmd returns
non-0 in response to "firewall-cmd --state" (i.e. *that* command runs
and returns to libvirt successfully.)

2) If I start libvirtd while firewalld is stopped, then start
firewalld later, this triggers libvirtd to reload its iptables rules,
however it also spits out a *ton* of complaints about deletion failing
(I suppose because firewalld has nuked all of libvirt's rules). I
guess we need to suppress those messages (which is a more annoying
problem to fix than you might think, but that's another story).

3) I noticed a few times during this long line of errors that
firewalld made a complaint about "Resource Temporarily
unavailable. Having libvirtd access iptables commands directly at the
same time as firewalld is doing so is apparently problematic.

4) In general, I'm concerned about the "set it once and never change
it" method - if firewalld is disabled at libvirtd startup, causing
libvirtd to always use iptables/ebtables directly, this won't cause
*terrible* problems, but if libvirtd decides to use firewall-cmd and
firewalld is later disabled, libvirtd will not be able to recover.
2012-08-21 13:40:58 -04:00
Peter Krempa
1193fc5f44 libssh2_transport: add main libssh2 transport implementation
This patch adds helper functions that enable us to use libssh2 in
conjunction with libvirt's virNetSockets for ssh transport instead of
spawning "ssh" client process.

This implemetation supports tunneled plaintext, keyboard-interactive,
private key, ssh agent based and null authentication. Libvirt's Auth
callback is used for interaction with the user. (Keyboard interactive
authentication, adding of host keys, private key passphrases). This
enables seamless integration into the application using libvirt. No
helpers as "ssh-askpass" are needed.

Reading and writing of OpenSSH style "known_hosts" files is supported.

Communication is done using SSH exec channel, where the user may specify
arbitrary command to be executed on the remote side and reads and writes
to/from stdin/out are sent through the ssh channel. Usage of stderr is
not (yet) supported.
2012-08-21 14:47:09 +02:00
Eric Blake
ba9c38b430 build: fix build with autoconf 2.59
Commit 350583c8 broke development on a RHEL 5 box, where the
ancient Autoconf 2.59 lacks AS_VERSION_STRING.  Rather than
backport the complex awk script that newer autoconf uses for
true strverscmp comparisons from the shell, it was easier to
just open-code a shell case statement.

* configure.ac (qemu_version): Open-code a replacement for
AS_VERSION_CHECK.
2012-08-21 00:29:49 -06:00
Daniel P. Berrange
3b0cd660ef Fix timebomb in LIBVIRT_VERSION_INFO calculation
The way LIBVIRT_VERSION_INFO is calculated has a timebomb that
will cause us to accidentally break soname when we change the
major version number to a non-zero value !

Given CURRENT:REVISION:AGE, libtool will generate

   libvirt.so.($CURRENT-$AGE).$AGE.$REVISION

We set CURRENT to be MAJOR+MINOR and AGE to $MINOR, so as
soon as MAJOR changes to non-zero, we get libvirt.so.1
as the soname, eg  1.3.9 would create libvirt.so.1.3.9
Looks natural but is not ABI compatible with libvirt.so.0.x.y

The fix is to set CURRENT to always be exactly the same
as AGE. We want to have the major version reflected in
the so symlinks though. So then we set AGE to MAJOR*1000+MINOR
eg, so 1.3.9 would create libvirt.so.0.1003.9 and libvirt
2.51.3 would create libvirt.so.0.2051.3
2012-08-14 10:59:02 +01:00
Martin Kletzander
43bfa23e6f json: fix interface locale dependency
libvirt creates invalid commands if wrong locale is selected. For
example with locale that uses comma as a decimal point, JSON commands
created with decimal numbers are invalid because comma separates the
entries in JSON. Fortunately even when decimal point is affected,
thousands grouping is not, because for grouping to be enabled with
*printf, there has to be an apostrophe flag specified (and supported).

This patch adds specific internal function for converting doubles to
strings with C locale.
2012-08-14 07:30:14 +02:00
Eric Blake
1f6f723ce1 build: add stubs so mdns code can be unconditionally compiled
The recent changes to the testsuite to validate exported symbols
flushed out a case of unconditionally exporting symbols that
were only conditionally compiled under HAVE_AVAHI.

* src/Makefile.am (libvirt_net_rpc_server_la_SOURCES): Compile
virnetservermdns unconditionally.
* configure.ac (HAVE_AVAHI): Drop unused automake conditional.
* src/rpc/virnetservermdns.c: Add fallbacks when Avahi is not
present.
2012-08-02 13:35:21 -06:00
Daniel P. Berrange
7a054e99e2 Avoid clash of base64 symbols
On Debian/Ubuntu, one of the libraries libvirt (indirectly) links
with exports a symbol named 'base64_encode'. This takes precedence
over GNULIB's base64_encode function during linking. Unfortunately
they of course have different API semantics. To avoid this problem
use a few #defines in config.h to rename the GNULIB provided
function to have a 'libvirt_gl_' prefix
2012-08-02 14:22:47 +01:00
Daniel P. Berrange
0c9fd4cfe9 Rewrite virAtomic APIs using GLib's atomic ops code
There are a few issues with the current virAtomic APIs

 - They require use of a virAtomicInt struct instead of a plain
   int type
 - Several of the methods do not implement memory barriers
 - The methods do not implement compiler re-ordering barriers
 - There is no Win32 native impl

The GLib library has a nice LGPLv2+ licensed impl of atomic
ops that works with GCC, Win32, or pthreads.h that addresses
all these problems. The main downside to their code is that
the pthreads impl uses a single global mutex, instead of
a per-variable mutex. Given that it does have a Win32 impl
though, we don't expect anyone to seriously use the pthread.h
impl, so this downside is not significant.

* .gitignore: Ignore test case
* configure.ac: Check for which atomic ops impl to use
* src/Makefile.am: Add viratomic.c
* src/nwfilter/nwfilter_dhcpsnoop.c: Switch to new atomic
  ops APIs and plain int datatype
* src/util/viratomic.h: inline impls of all atomic ops
  for GCC, Win32 and pthreads
* src/util/viratomic.c: Global pthreads mutex for atomic
  ops
* tests/viratomictest.c: Test validate to validate safety
  of atomic ops.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-02 11:50:59 +01:00
Dmitry Guryanov
cafc26ff5f parallels: add driver skeleton
Parallels Cloud Server is a cloud-ready virtualization
solution that allows users to simultaneously run multiple virtual
machines and containers on the same physical server.

More information can be found here: http://www.parallels.com/products/pcs/
Also beta version of Parallels Cloud Server can be downloaded there.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2012-08-01 11:44:26 +08:00
Sebastian Wiedenroth
29bc4fe646 Add a sheepdog backend for the storage driver
This patch brings support to manage sheepdog pools and volumes to libvirt.
It uses the "collie" command-line utility that comes with sheepdog for that.

A sheepdog pool in libvirt maps to a sheepdog cluster.
It needs a host and port to connect to, which in most cases
is just going to be the default of localhost on port 7000.

A sheepdog volume in libvirt maps to a sheepdog vdi.
To create one specify the pool, a name and the capacity.
Volumes can also be resized later.

In the volume XML the vdi name has to be put into the <target><path>.
To use the volume as a disk source for virtual machines specify
the vdi name as "name" attribute of the <source>.
The host and port information from the pool are specified inside the host tag.

  <disk type='network'>
    ...
    <source protocol="sheepdog" name="vdi_name">
      <host name="localhost" port="7000"/>
    </source>
  </disk>

To work right this patch parses the output of collie,
so it relies on the raw output option. There recently was a bug which caused
size information to be reported wrong. This is fixed upstream already and
will be in the next release.

Signed-off-by: Sebastian Wiedenroth <wiedi@frubar.net>
2012-07-18 20:08:27 +01:00
Cole Robinson
2d98ee5b35 configure: rbd doesn't need -lcrypto
See https://www.redhat.com/archives/libvir-list/2012-July/msg00493.html

Basically building against librbd doesn't seem to actually require -lcrypto.

Also report the rbd linker flags in configure output
2012-07-17 09:49:53 -04:00
Daniel Veillard
3a4d9d1ed3 Release of libvirt-0.9.13
* configure.ac docs/news.html.in libvirt.spec.in: new version and
  documentation update
* po/*.po*: updated and regenerated localizations
2012-07-02 11:25:36 +08:00
Marc-André Lureau
b29f9bbe49 configure: show correct default argument in help
Pushed without ack, under the trivial rule.
2012-06-28 02:37:27 +02:00
Daniel P. Berrange
6a714d31d0 Switch automated builds to use Mingw64 toolchain instead of Mingw32
The Mingw32 toolchain is broadly obsoleted by the Mingw64 toolchain.
The latter has been adopted by Fedora 17 and newer. Maintaining a
RPM spec for Mingw32 is a needless burden, so switch to a Mingw64
RPM spec (which provides 32 & 64 bit builds).

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-06-25 10:41:10 +01:00
Eric Blake
350583c859 build: hoist qemu dependence on yajl to configure
Commit 6e769eba made it a runtime error if libvirt was compiled
without yajl support but targets a new enough qemu.  But enough
users are hitting this on self-compiled libvirt that it is worth
erroring out at compilation time, rather than an obscure failure
when trying to use the built executable.

* configure.ac: If qemu is requested and -version works, require
yajl when qemu version is new enough.
* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Add
comment.
2012-06-15 19:49:00 -06:00
Eric Blake
3c3644d30f build: ensure storage driver is used
Commit 1c275e9a accidentally dropped the storage driver from
libvirtd, because it depended on a C preprocessor macro that
was not defined.  Furthermore, if you do './configure
--without-storage-dir --with-storage-disk' or any other combination
where you explicitly build a subset of storage backends excluding
the dir backend, then the build is broken.

Based on analysis by Osier Yang.

* configure.ac (WITH_STORAGE): Define top-level conditional.
* src/Makefile.am (mod_LTLIBRARIES): Build driver even when
storage_dir is disabled.
* daemon/libvirtd.c: Pick up storage driver for any backend, not
just dir.
* daemon/Makefile.am (libvirtd_LDADD): Likewise.
2012-06-06 12:16:07 +08:00
Eric Blake
fb59cf7a58 build: fix testing of augeas files in VPATH builds
Without this fix, a VPATH build (such as used by ./autobuild.sh)
fails with messages like:

make[3]: Entering directory `/home/remote/eblake/libvirt-tmp2/build/daemon'
../../build-aux/augeas-gentest.pl libvirtd.conf ../../daemon/test_libvirtd.aug.in test_libvirtd.aug
cannot read libvirtd.conf: No such file or directory at ../../build-aux/augeas-gentest.pl line 38.

Since the test files are not part of the tarball, we can generate
them into the build dir, but rather than create a subdirectory
just for the test file, it is easier to test them directly in
libvirt.git/src.

* daemon/Makefile.am (AUG_GENTEST): Factor out definition.
(test_libvirtd.aug): Look for correct file.
* src/Makefile.am (AUG_GENTEST): Use $(PERL).
(qemu/test_libvirtd_qemu.aug, lxc/test_libvirtd_lxc.aug)
(locking/test_libvirt_sanlock.aug): Rename to avoid subdirectories.
(check-augeas-qemu, check-augeas-lxc, check-augeas-sanlock): Reflect
location of built tests.
* configure.ac (PERL): Substitute perl.
2012-05-30 09:29:32 -06:00
Eric Blake
1d22ba953b build: silence libtool during tests
Libtool is picky about linking against a module library (aka a .so);
giving lots of warnings like this in the tests directory:

  CCLD   networkxml2argvtest

*** Warning: Linking the executable networkxml2argvtest against the loadable module
*** libvirt_driver_network.so is not portable!

Fix that by splitting things into a convenience library which can
be used directly by the tests, and making the real .so just wrap
the convenience library.

Based on a suggestion by Daniel P. Berrange.

* configure.ac (--with-driver-modules): Fix help test.
* src/Makefile.am (libvirt_driver_xen.la, libvirt_driver_libxl.la)
(libvirt_driver_qemu.la, libvirt_driver_lxc.la)
(libvirt_driver_uml.la): Factor into new convenience libraries.
* tests/Makefile.am (xen_LDADDS, qemu_LDADDS, lxc_LDADDS)
(networkxml2argvtest_LDADD): Link to convenience libraries, not
shared libraries.
2012-05-28 07:19:25 -06:00
Daniel P. Berrange
7cd77b6b2f Fix Win32 build by linking to ole32
The CoTaskMemFree function requires the ole32 DLL to be
linked against. Currently this is only done for the
VirtualBox driver. Also add it to libvirt_util.la

* configure.ac: Unconditionally add ole32 DLL to Win32
* src/Makefile.am: Link old32 to libvirt_util.la
2012-05-28 12:35:39 +01:00
Jim Meyering
0d07aa512c maint: avoid new automake warning about AM_PROG_CC_STDC
* configure.ac (AM_PROG_CC_STDC): Stop using this macro.
It provokes warnings from newer automake and is superseded by
autoconf's AC_PROG_CC, which we're already using.
2012-05-26 14:25:42 +02:00
Daniel P. Berrange
ff0f6a0e79 Default to enable driver modules for libvirtd
Always enable driver modules for libvirtd, if we have dlopen
available. This allows more modular packaging by distros
and ensures we don't break this config

* configure.ac: Default to enable driver modules

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-05-24 13:18:01 +01:00
Daniel P. Berrange
6cd4b1fe16 Remove libvirt_test.la library
The libvirt_test.la library was introduced to allow test suites
to reference internal-only symbols. These days, nearly every
symbol we care about is in src/libvirt_private.syms, so there
is no need for libvirt_test.la to continue to exist

* src/Makefile.am: Delete libvirt_test.la & add new .syms files
* src/libvirt_private.syms: Export symbols needed by test suite
* tests/Makefile.am: Link to libvirt_test.la. Ensure LXC tests link
  to network_driver.la
* src/libvirt_esx.syms, src/libvirt_openvz.syms: Add exports needed
  by test suite
2012-05-24 13:18:00 +01:00
Wido den Hollander
74951eadef storage backend: Add RBD (RADOS Block Device) support
This patch adds support for a new storage backend with RBD support.

RBD is the RADOS Block Device and is part of the Ceph distributed storage
system.

It comes in two flavours: Qemu-RBD and Kernel RBD, this storage backend only
supports Qemu-RBD, thus limiting the use of this storage driver to Qemu only.

To function this backend relies on librbd and librados being present on the
local system.

The backend also supports Cephx authentication for safe authentication with
the Ceph cluster.

For storing credentials it uses the built-in secret mechanism of libvirt.

Signed-off-by: Wido den Hollander <wido@widodh.nl>
2012-05-21 12:37:38 -06:00
Daniel P. Berrange
7ba66ef285 Fix build compat with older libselinux for LXC
Most versions of libselinux do not contain the function
selinux_lxc_contexts_path() that the security driver
recently started using for LXC. We must add a conditional
check for it in configure and then disable the LXC security
driver for builds where libselinux lacks this function.

* configure.ac: Check for selinux_lxc_contexts_path
* src/security/security_selinux.c: Disable LXC security
  if selinux_lxc_contexts_path() is missing
2012-05-16 15:38:29 +01:00
Daniel P. Berrange
548563956e Allow stack traces to be included with log messages
Sometimes it is useful to see the callpath for log messages.
This change enhances the log filter syntax so that stack traces
can be show by setting '1:+NAME' instead of '1:NAME'.

This results in output like:

2012-05-09 14:18:45.136+0000: 13314: debug : virInitialize:414 : register drivers
/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virInitialize+0xd6)[0x7f89188ebe86]
/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x431921]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x3a21e21735]
/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x40a279]

2012-05-09 14:18:45.136+0000: 13314: debug : virRegisterDriver:775 : driver=0x7f8918d02760 name=Test
/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virRegisterDriver+0x6b)[0x7f89188ec717]
/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(+0x11b3ad)[0x7f891891e3ad]
/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virInitialize+0xf3)[0x7f89188ebea3]
/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x431921]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x3a21e21735]
/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x40a279]

* docs/logging.html.in: Document new syntax
* configure.ac: Check for execinfo.h
* src/util/logging.c, src/util/logging.h: Add support for
  stack traces
* tests/testutils.c: Adapt to API change

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-05-15 17:01:40 +01:00
Daniel Veillard
a25d5cfd80 Release of libvirt-0.9.12
* configure.ac docs/news.html.in libvirt.spec.in: updates for the release
* po/*.po: pushed new sources and synchronized new languages translations
2012-05-14 10:52:04 +08:00
Osier Yang
eecee94c3a build: Fix the typo in configure.ac
s/nuamd/numad/,
2012-05-10 10:28:12 +08:00
Osier Yang
b0f3244554 numad: Check numactl-devel if compiled with numad support
Since now we pre-set memory policy using libnuma to fully
drive numad, it needs to check numactl-devel if "with_numad"
is "yes".

configure with groups "--with-numad=yes --with-numactl=yes",
"--with-numad=no --with-numactl=yes", "--with-numad=yes
--with-numactl=yes" works fine after the change.
2012-05-09 13:12:32 +08:00
Serge Hallyn
60fb8a22ee build: support libnl-3
configure.ac: check for libnl-3 in addition to libnl-1

src/Makefile.am: link against libnl when needed

src/util/virnetlink.c:
support libnl3 api.  To minimize impact on code flow, wrap the
differences under the virNetlink* namespace.

Unfortunately libnl3 moves netlink/msg.h to
/usr/include/libnl3/netlink/msg.h, so the LIBNL_CFLAGS need to be added
to a bunch of places where they weren't needed with libnl1.

Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2012-05-03 14:59:57 -06:00
Cole Robinson
ddd6bef4dc configure: Use ustar format for dist tarball
Since for stable releases, some test files were over the 99 char
limit for traditional tar filenames.

Suggested by Osier here:
https://www.redhat.com/archives/libvir-list/2012-April/msg01435.html

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2012-04-27 12:36:30 -04:00
Eric Blake
bae13129c1 build: fix bootstrap on RHEL
Commit 8fe455fd36 tried to work around
a regression introduced in upstream gnulib that requires gettext 0.18
or newer on all projects using bootstrap, by making libvirt require
gettext 0.18.  But this fails on RHEL 6.2, which still ships gettext
0.17.  Revert that change, and instead, import the latest round of
gnulib updates that fix that problem properly.

If you have already built in the window where libvirt required 0.18,
be aware that incremental updates may run into problems: this is
because 'autopoint --force' will not downgrade m4/po.m4 back to an
older version, but it must be downgraded back to 0.17 levels to work
with this patch.  You may either manually remove that file then rerun
bootstrap, or it may prove easier to just clean up all non-git files
to start from a clean slate.

* bootstrap.conf: Revert minimum gettext back to 0.17.
* configure.ac: Likewise.
* .gnulib: Update to latest, for bootstrap fixes.
* bootstrap: Resync from gnulib.
2012-04-25 16:25:49 -06:00
Peter Krempa
8fe455fd36 build: Fix version of gettext macros
Commit c9cd419cab added copying of the
makefile for translation files from gnulib. The makefile from gnulib is
of version 0.18 but the build configuration cretes macros from version
0.17 which breaks the build with message:

*** error: gettext infrastructure mismatch: using a Makefile.in.in from
gettext version 0.18 but the autoconf macros are from gettext version
0.17
2012-04-24 11:35:09 +02:00
Daniel P. Berrange
2223ea984c The policy kit and HAL node device drivers both require a
DBus connection. The HAL device code further requires that
the DBus connection is integrated with the event loop and
provides such glue logic itself.

The forthcoming FirewallD integration also requires a
dbus connection with event loop integration. Thus we need
to pull the current event loop glue out of the HAL driver.

Thus we create src/util/virdbus.{c,h} files. This contains
just one method virDBusGetSystemBus() which obtains a handle
to the single shared system bus instance, with event glue
automagically setup.
2012-04-19 17:03:10 +01:00
Guido Günther
a2996926e3 Fix macvtap detection by also checking for IFLA_VF_MAX
since this isn't available on older kernels such as Debian Squeeze's
2.6.32. This make --with-macvtap=check work as expected.
2012-04-15 11:54:20 +02:00
Daniel P. Berrange
e7eca6e4be Don't install sysctl file on non-Linux hosts
* configure.ac: Set WITH_SYSCTL only on Linux hosts
* daemon/Makefile.am: Conditionalize install-sysctl using WITH_SYSCTL

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Cc: Jason Helfman <jhelfman@e-e.com>
2012-04-04 19:31:40 +01:00
Daniel Veillard
782afa98e4 Release of libvirt 0.9.11
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: updated a number of languages translation including new
  indian languages and regenerated
2012-04-03 15:06:37 +08:00
Daniel P. Berrange
851117bd7a Enable all warnings permanently & default to -Werror for GIT builds
Given that we auto-detect whether each -Wxxxx flag is supported by
GCC, and we are warning-free and use automake silent rules, there
is no compelling reason to allow compile warnings to be disabled.

Replace the --enable-compile-warnings flag with a simpler
--enable-werror flag, which defaults to 'yes' if building
from GIT, or 'no' if building from tar.gz

This helps ensure that everyone writing patches for libvirt will
take care to fix their warning problems before submitting for
review

* autobuild.sh: Force -Werror
* configure.ac: Update for LIBVIRT_COMPILE_WARNINGS macro change
* m4/virt-compile-warnings.m4: Permanently enable all warnings,
  auto-enable Werror for GIT builds
2012-03-27 17:08:06 +01:00
Daniel P. Berrange
3a2fc2770b Enable build of test suite programs by default for GIT checkouts
Add a new flag '--with-test-suite' to configure to control whether
the test suite binaries are built by default. ie built with a
plain 'make', as opposed to delayed until 'make check'

For builds from tar.gz tests will not be built by default. For
builds from GIT, tests with be on by default, to try and ensure
that patch developers don't accidentally break the test suites
without noticing.

* configure.ac: Add --with-test-suite
* tests/Makefile.am: Use noinst_PROGRAMS instead of check_PROGRAMS
  if building tests by default. Consolidate setting of TESTS and
  {noinst,check}_PROGRAMS to avoid duplication
2012-03-27 17:08:06 +01:00
Daniel P. Berrange
eb8f31c16b Detect location fo selinux mount point
The SELinux mount point moved from /selinux to /sys/fs/selinux
when systemd came along.

* configure.ac: Probe for SELinux mount point
* src/lxc/lxc_container.c: Use SELinux mount point determined
  by configure.ac
2012-03-27 15:52:25 +01:00
Osier Yang
beb76e3742 spec: Add missed dependancy for numad
numad is available since Fedora 17 and RHEL6.X. And it's not supported
on s390[x] and ARM.
2012-03-24 09:35:20 +08:00
Osier Yang
0f8e7ae33a qemu: Support numad
numad is an user-level daemon that monitors NUMA topology and
processes resource consumption to facilitate good NUMA resource
alignment of applications/virtual machines to improve performance
and minimize cost of remote memory latencies. It provides a
pre-placement advisory interface, so significant processes can
be pre-bound to nodes with sufficient available resources.

More details: http://fedoraproject.org/wiki/Features/numad

"numad -w ncpus:memory_amount" is the advisory interface numad
provides currently.

This patch add the support by introducing a new XML attribute
for <vcpu>. e.g.

  <vcpu placement="auto">4</vcpu>
  <vcpu placement="static" cpuset="1-10^6">4</vcpu>

The returned advisory nodeset from numad will be printed
in domain's dumped XML. e.g.
  <vcpu placement="auto" cpuset="1-10^6">4</vcpu>

If placement is "auto", the number of vcpus and the current
memory amount specified in domain XML will be used for numad
command line (numad uses MB for memory amount):
  numad -w $num_of_vcpus:$current_memory_amount / 1024

The advisory nodeset returned from numad will be used to set
domain process CPU affinity then. (e.g. qemuProcessInitCpuAffinity).

If the user specifies both CPU affinity policy (e.g.
(<vcpu cpuset="1-10,^7,^8">4</vcpu>) and placement == "auto"
the specified CPU affinity will be overridden.

Only QEMU/KVM drivers support it now.

See docs update in patch for more details.
2012-03-15 12:24:56 +08:00
Peter Krempa
3f4238d771 util: Add helpers for safe domain console operations
This patch adds a set of functions used in creating console streams for
domains using PTYs and ensures mutually exclusive access to the PTYs.

If mutually exclusive access is not used, two clients may open the same
console, which results in corruption on both clients as both of them
race to read data from the PTY.

Two approaches are used to ensure this:
1) Internal data structure holding open PTYs.
        This is used internally and enables the user to forcibly
        terminate another console connection eg. when somebody leaves
        the console open on another host.

2) UUCP style lock files:
        This uses UUCP lock files according to the  FHS
        ( http://www.pathname.com/fhs/pub/fhs-2.3.html#VARLOCKLOCKFILES )
        to check if other programs (like minicom) are not using the pty
        device of the console.

        This feature is disabled by default and may be enabled using
        configure parameter
        --with-console-lock-files=/path/to/lock/file/directory
        or --with-console-lock-files=auto (which tries to infer the
        location from OS used (currently only linux).

        On usual linux systems, normal users may not write to the
        /var/lock directory containing the locks. This poses problems
        while in session mode. If the current user has no access to the
        lockfile directory, check for presence of the file is still
        done, but no lock file is created. This does NOT result in an
        error.
2012-02-27 15:05:17 +01:00
Daniel P. Berrange
1d4c4d9d4f Workaround python header file insanity
The /usr/include/python/pyconfig.h file pollutes the global
namespace with a huge number of HAVE_XXX and WITH_XXX
defines. These change what we detected in our own config.h
In particular if you try to build without DTrace, python's
headers turn it back on with predictable fail.

THe hack to workaround this is to rename WITH_DTRACE to
WITH_DTRACE_PROBES to avoid the namespace clash
2012-02-24 16:43:27 +00:00
Michal Privoznik
2b38e59bd8 configure: Define program name if not found
AC_CHECK_PROG checks for program in given path. However, if it doesn't
exists, [variable] is set to [value-if-not-found]. We don't want this
to be the empty string in case of 'modprobe' and 'scrub' as we want to
fallback to runtime detection.
2012-02-22 12:28:27 +01:00
Michal Privoznik
286088567d storage: Allow runtime detection of scrub
Currently, if scrub (used for wiping algorithms) is not present
at compile time, we don't support any other wiping algorithms than
zeroing, even if it was installed later. Switch to runtime detection
instead.
2012-02-16 09:09:43 +01:00
Ansis Atteka
df81004632 network: support Open vSwitch
This patch allows libvirt to add interfaces to already
existing Open vSwitch bridges. The following syntax in
domain XML file can be used:

    <interface type='bridge'>
      <mac address='52:54:00:d0:3f:f2'/>
      <source bridge='ovsbr'/>
      <virtualport type='openvswitch'>
        <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'/>
      </virtualport>
      <address type='pci' domain='0x0000' bus='0x00'
                          slot='0x03' function='0x0'/>
    </interface>

or if libvirt should auto-generate the interfaceid use
following syntax:

    <interface type='bridge'>
      <mac address='52:54:00:d0:3f:f2'/>
      <source bridge='ovsbr'/>
      <virtualport type='openvswitch'>
      </virtualport>
      <address type='pci' domain='0x0000' bus='0x00'
                          slot='0x03' function='0x0'/>
    </interface>

It is also possible to pass an optional profileid. To do that
use following syntax:

   <interface type='bridge'>
     <source bridge='ovsbr'/>
     <mac address='00:55:1a:65:a2:8d'/>
     <virtualport type='openvswitch'>
       <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'
                   profileid='test-profile'/>
     </virtualport>
   </interface>

To create Open vSwitch bridge install Open vSwitch and
run the following command:

    ovs-vsctl add-br ovsbr
2012-02-15 16:04:54 -05:00
Daniel Veillard
bca060a363 Release of libvirt-0.9.10
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: update ja, it and uk localization, fixed the ja one
2012-02-13 22:31:31 +08:00
Michal Privoznik
adb99a05b1 storage: Support different wiping algorithms
Currently, we support only filling a volume with zeroes on wiping.
However, it is not enough as data might still be readable by
experienced and equipped attacker. Many technical papers have been
written, therefore we should support other wiping algorithms.
2012-01-26 13:59:30 +01:00
Eric Blake
4c18acffd7 build: skip lxc with too-old glibc
Since we already require the kernel to be new enough to support
LO_FLAGS_AUTOCLEAR, we might as well also require glibc to be
new enough to support epoll_create1().

* configure.ac (with_lxc): We require glibc 2.9 for LXC.
Reported and tested by Philipp Hahn.
2012-01-23 06:50:28 -07:00
Daniel P. Berrange
ba61012cfc Disable netcf if building without libvirtd
Although the netcf interface driver can in theory be used by
the stateless drivers, in practice none of them want to use
it because they have different ways of dealing with interfaces.

Furthermore, if you have mingw32-netcf installed, then the
libvirt mingw32 build will fail with

  ../../src/interface/netcf_driver.c:644:5: error: unknown field 'close_used_without_including_unistd_h' specified in initializer

 * configure.ac: disable netcf if built without libvirtd
2012-01-11 15:01:54 +00:00
Daniel Veillard
2f667b5697 Release of libvirt-0.9.9
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: updated localizations from transifex and regenerated
2012-01-07 12:18:06 +08:00
Eric Blake
307f363509 build: drop check for ANSI compiler
Using automake.git (will become 1.12 someday), I got this error:

configure.ac:90: error: automatic de-ANSI-fication support has been removed
/usr/local/share/aclocal-1.11a/protos.m4:13: AM_C_PROTOTYPES is expanded from...
configure.ac:90: the top level
autom4te: /usr/bin/m4 failed with exit status: 1

In short, pre-C89 compilers are no longer a viable portability
target.  Besides, our code base already requires C99, so worrying
about pre-C89 seems pointless.

* configure.ac (AM_C_PROTOTYPES): Drop, since newer automake no
longer provides it.
2012-01-05 14:21:11 -07:00
Eric Blake
f9d60b1946 build: disable dtrace on non-Linux builds
Using dtrace (and systemtap in general) is Linux-specific.
Running ./autobuild.sh shows that attempting a cross-build to
target mingw was mistakenly trying to build dtrace code, merely
because it was present on the compilation host.

* configure.ac (with_dtrace): Don't attempt to use dtrace when
doing a cross-build hosted on Linux but targetting elsewhere.
Reported by Daniel P. Berrange.
2011-12-16 08:46:41 -07:00
Daniel Veillard
7c6b0653f3 Release of libvirt-0.9.8
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: fetched localization update and regenerated
2011-12-08 15:13:50 +08:00
Daniel P. Berrange
949e10911a Fix build for platforms lacking struct ifreq
This ought to fix the build if you have net/if.h but do
not have struct ifreq

* configure.ac: Check for struct ifreq in net/if.h
* src/util/virnetdev.c: Conditionalize to avoid use of
  struct ifreq if it does not exist
2011-12-01 11:01:49 -07:00
Daniel P. Berrange
3ec1289896 Add internal APIs for dealing with time
The logging APIs need to be able to generate formatted timestamps
using only async signal safe functions. This rules out using
gmtime/localtime/malloc/gettimeday(!) and much more.

Introduce a new internal API which is async signal safe.

  virTimeMillisNowRaw replacement for gettimeofday. Uses clock_gettime
                      where available, otherwise falls back to the unsafe
                      gettimeofday

  virTimeFieldsNowRaw  replacements for gmtime(), convert a timestamp
  virTimeFieldsThenRaw into a broken out set of fields. No localtime()
                       replacement is provided, because converting to
                       local time is not practical with only async signal
                       safe APIs.

  virTimeStringNowRaw  replacements for strftime() which print a timestamp
  virTimeStringThenRaw into a string, using a pre-determined format, with
                       a fixed size buffer (VIR_TIME_STRING_BUFLEN)

For each of these there is also a version without the Raw postfix
which raises a full libvirt error. These versions are not async
signal safe

* src/Makefile.am, src/util/virtime.c, src/util/virtime.h: New files
* src/libvirt_private.syms: New APis
* configure.ac: Check for clock_gettime in -lrt
* tests/virtimetest.c, tests/Makefile.am: Test new APIs
2011-11-30 11:43:49 +00:00
Chang Liu
3c5405149b storage: Fallback to use lvchange first if lvremove fails
virStorageBackendLogicalDeleteVol() could not remove the lv with error
"could not remove open logical volume" sometimes. Generally it's caused
by the volume is still active, even if lvremove tries to remove it with
option "--force".

This patch is to fix it by disbale the lv first using "lvchange -aln"
and "lvremove -f" afterwards if the direct "lvremove -f" failed.
2011-11-22 15:24:25 +08:00
Daniel P. Berrange
4789fb2e4e Add support for systemd init service
This patch adds support for a systemd init service for libvirtd
and libvirt-guests. The libvirtd.service is *not* written to use
socket activation, since we want libvirtd to start on boot so it
can do guest auto-start.

The libvirt-guests.service is pretty lame, just exec'ing the
original init script for now. Ideally we would factor out the
functionality, into some shared tool.

Instead of

  ./configure --with-init-script=redhat

You can now do

  ./configure --with-init-script=systemd

Or better still:

  ./configure --with-init-script=systemd+redhat

We can also now support install of the upstart init script

* configure.ac: Add systemd, and systemd+redhat options to
  --with-init-script option
* daemon/Makefile.am: Install systemd services
* daemon/libvirtd.sysconf: Add note about unused env variable
  with systemd
* daemon/libvirtd.service.in: libvirtd systemd service unit
* libvirt.spec.in: Add scripts to installing systemd services
  and migrating from legacy init scripts
* tools/Makefile.am: Install systemd services
* tools/libvirt-guests.init.sh: Rename to tools/libvirt-guests.init.in
* tools/libvirt-guests.service.in: systemd service unit
2011-11-18 16:16:02 +00:00
Daniel P. Berrange
e49c9bf25c Split bridge.h into three separate files
Following the renaming of the bridge management APIs, we can now
split the source file into 3 corresponding pieces

 * src/util/virnetdev.c: APIs for any type of network interface
 * src/util/virnetdevbridge.c: APIs for bridge interfaces
 * src/util/virnetdevtap.c: APIs for TAP interfaces

* src/util/virnetdev.c, src/util/virnetdev.h,
  src/util/virnetdevbridge.c, src/util/virnetdevbridge.h,
  src/util/virnetdevtap.c, src/util/virnetdevtap.h: Copied
  from bridge.{c,h}
* src/util/bridge.c, src/util/bridge.h: Split into 3 pieces
* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
  src/openvz/openvz_driver.c, src/qemu/qemu_command.c,
  src/qemu/qemu_conf.h, src/uml/uml_conf.c, src/uml/uml_conf.h,
  src/uml/uml_driver.c: Update #include directives
2011-11-09 16:34:25 +00:00
Daniel P. Berrange
c1df2c14b5 Remove usage of brctl command line tool
Convert the virNetDevBridgeSetSTP and virNetDevBridgeSetSTPDelay
to use ioctls instead of spawning brctl.

Implement the virNetDevBridgeGetSTP and virNetDevBridgeGetSTPDelay
methods which were declared in the header but never existed

* src/util/bridge.c: Convert to use bridge ioctls instead of brctl
2011-11-09 16:33:53 +00:00
Daniel Veillard
ab4823a062 Release of libvirt-0.9.7
* confiure.ac docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: update localizations and rebuilt
2011-11-08 14:55:25 +08:00
Eric Blake
9d86cbcf5f build: fix linking on BSD
While building on FreeBSD (and after fixing a ptsname_r link error),
I got this failure:

./.libs/libvirt_util.a(libvirt_util_la-threads.o)(.text+0x240): In function `virThreadCreate':
util/threads-pthread.c:185: undefined reference to `pthread_create'

It turns out that gnulib used only pthread_join for LIB_PTHREAD,
but on FreeBSD, libc provides that (as a stub function); whereas
the more complex pthread_create really does require -pthread,
which gnulib tracked under [LT]LIBMULTITHREAD.

* configure.ac (LIBS): Check LIBMULTITHREAD alongside LIB_PTHREAD.
* src/Makefile.am (THREAD_LIBS): New variable.
(libvirt_util_la_LIBADD, libvirt_lxc_LDADD): Use it.
2011-11-04 16:43:37 -06:00
Eric Blake
2dee896593 build: avoid RHEL 5 build failure on LXC
Per the discussion here, LXC on RHEL 5 makes no sense.
https://www.redhat.com/archives/libvir-list/2011-September/msg01169.html

* configure.ac (with_lxc): Reject RHEL 5.x LXC as too old.
2011-10-26 10:11:50 -06:00