Commit Graph

28305 Commits

Author SHA1 Message Date
Andrea Bolognani
5e07b28a7a util: Print architecture name in /proc/cpuinfo parser
Instead of a generic "your architecture", print the actual
architecture name.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2018-01-08 13:48:44 +01:00
Bjoern Walk
0764fc8ad1 util: virhostcpu: factor out frequency parsing
All different architectures use the same copy-pasted code to parse
processor frequency information from /proc/cpuinfo. Let's extract that
code into a function to avoid repetition.

We now also tolerate if the parsing of /proc/cpuinfo is not successful
and just report a warning instead of bailing out and abandoning the rest
of the CPU information.

Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2018-01-08 13:48:44 +01:00
Andrea Bolognani
9ce97d0f7d tests: Add host CPU data for Moonshot (RHEL 7.4)
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-08 13:48:39 +01:00
Michal Privoznik
db98e7f67e qemuDomainAttachDeviceMknodHelper: Remove symlink before creating it
https://bugzilla.redhat.com/show_bug.cgi?id=1528502

So imagine you have /dev/blah symlink which points to /dev/sda.
You attach /dev/blah as disk to your domain. Libvirt correctly
creates the /dev/blah -> /dev/sda symlink in the qemu namespace.
However, then you detach the disk, change the symlink so that it
points to /dev/sdb and tries to attach the disk again. This time,
however, the attach fails (well, qemu attaches wrong disk)
because the code assumes that symlinks don't change. Well they
do.

This is inspired by test fix written by Eduardo Habkost.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-01-08 09:53:48 +01:00
Shivaprasad G Bhat
2b041dc8c7 qemu: Add support for pseries machine's max-cpu-compat= parameter
When the -machine pseries,max-cpu-compat=X is supported use
machine parameter instead of -cpu host,compat=X parameter as
that is deprecated now with qemu >= v2.10.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1519146

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-01-05 17:12:14 +01:00
Shivaprasad G Bhat
524207a5c2 qemu: Add capability for pseries machine's max-cpu-compat= parameter
Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-01-05 17:00:58 +01:00
Michal Privoznik
d0204e373d qemuDomainDiskChangeSupported: Forbid alias change
Since we have user aliases it may happen that users want to
change it using 'update-device'. Instead of ignoring it silently,
error out loudly. Note that we don't limit the check just for
"ua-" prefixes because users might try to change libvirt
generated aliases too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-05 14:22:45 +01:00
John Ferlan
b372983d14 qemu: Alter dump-guest-memory command generation
The qemuMonitorJSONMakeCommand can properly handle a NULL string
by using the "S:" parameter instead of "s:", so let's use that
of having in if/else condition that only adds the "s:".
2018-01-04 12:15:49 -05:00
John Ferlan
cf8de2442f qemu: Clean up style for the qemuDumpToFd definition
Alter the function definition to follow more recent style
2018-01-04 12:15:49 -05:00
John Ferlan
394eaa6b39 test: Use virStoragePoolObjIsDuplicate for storage define/create
Avoid the chance that there could be a duplicate storage pool UUID
or Name from the test driver storage pool define/create functions.
2018-01-04 10:54:08 -05:00
John Ferlan
607524af4f conf: Use bool for @check_active parameter
Use a bool as that's how the variable is used in the function.
2018-01-04 10:54:08 -05:00
John Ferlan
c00643f86f conf: Need to unlock pools on object allocation failure
The RW pool could be left locked if allocation fails.
2018-01-04 10:54:08 -05:00
Paolo Bonzini
b527589d1f qemu: capabilities: force update if the microcode version does not match
A microcode update can cause the CPUID bits to change; an example
from the past was the update that disabled TSX on several Haswell
and Broadwell machines.

Therefore, place microcode version in the virQEMUCaps struct and
XML, and rebuild the cache if the versions do not match.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-01-04 16:52:03 +01:00
Paolo Bonzini
d2440f3b53 conf: include x86 microcode version in virsh capabilities
A microcode update can cause the CPUID bits to change; an example
from the past was the update that disabled TSX on several Haswell and
Broadwell machines.

In order to track the x86 microcode version in the QEMU capabilities,
we have to fetch it and store it in the host CPU.  This also makes the
version visible in "virsh capabilities", which is a nice side effect.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-01-04 16:52:03 +01:00
Jiri Denemark
bd874d9ff1 cpu_x86: Rename virCPUx86MapInitialize
The function will be used to initialize internal data of the x86 CPU
driver (including the CPU map).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-01-04 16:52:03 +01:00
Paolo Bonzini
04502fd54f util: introduce virHostCPUGetMicrocodeVersion
This new API reads host's CPU microcode version from /proc/cpuinfo.

Unfortunately, there is no other way of reading microcode version which
would be usable from both system and session daemon.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-01-04 16:52:03 +01:00
Paolo Bonzini
40fc85e796 util: add virFileReadHeaderQuiet wrapper around virFileReadHeaderFD
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-01-04 16:52:03 +01:00
John Ferlan
8d424f1b23 conf: Fix generating addresses for SCSI hostdev
https://bugzilla.redhat.com/show_bug.cgi?id=1519130

Commit id 'dc692438' reverted the automagic addition of a SCSI
controller attempt during virDomainHostdevAssignAddress; however,
the logic to determine where to place the next_unit depended upon
the "new" controller being added.  Without the new controller the
the next time through the call for the next SCSI hostdev found
would result in the "next_unit" never changing from 0 (zero) and
as a result the addition of the device will fail due to being a
duplicate unit number of the first with the error message:

  virDomainDefCheckDuplicateDriveAddresses:$line : unsupported
      configuration: SCSI host address controller='0' bus='1'
      target='0' unit='0' in use by another SCSI host device

So instead of walking the controller list looking for SCSI
controllers, all we can do is "pretend" that they exist and
allow other code to create them later as necessary.
2018-01-04 10:30:43 -05:00
John Ferlan
c52dbafe9f conf: Use existing SCSI hostdev model to create new
In virDomainDefMaybeAddHostdevSCSIcontroller when we add a new
controller because someone neglected to add one or we're adding
one because the existing one is full, we should copy over the
model number from the existing controller since whatever we
create should at least have the same characteristics as the one
we cannot use because it's full.

NB: This affects the existing hostdev-scsi-autogen-address test
which would add a default ('lsi') SCSI controller for the various
scsi_host's that would create a controller for the hostdev.
2018-01-04 10:30:43 -05:00
John Ferlan
07beea6ca2 qemu: Use same model when adding hostdev SCSI controller
When qemuDomainFindOrCreateSCSIDiskController adds a controller,
let's use the same model as a currently found controller under the
assumption that the reason to add the controller in hotplug is
because virDomainHostdevAssignAddress determined that there were
too many devices on the existing controller, but only assigned a
new controller index and did not add a new controller and we
desire to use the same controller model as any existing controller
and not take a chance that qemuDomainSetSCSIControllerModel would
use a default that may be incompatible.
2018-01-04 10:30:43 -05:00
Pavel Hrdina
fae22fced4 rpc: remove redundant logic
Introduced by commit <0eaa59dce1>.  That comparison already returns
true or false.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-04 14:22:49 +01:00
John Ferlan
9f0ae0b18e nodedev: Move device enumumeration out of nodeStateInitialize
Let's move the udevEnumerateDevices into a thread to "speed
up" the initialization process. If the enumeration fails we
can set the Quit flag to ensure that udevEventHandleCallback
will not run.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-01-04 07:13:55 -05:00
Marc Hartmayer
68cdad8785 rpc: Replace virNetServerClientNeedAuth with virNetServerClientIsAuthenticated
Replace virNetServerClientNeedAuth with
virNetServerClientIsAuthenticated because it makes it clearer what it
means.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
4f6a654e95 rpc: Remove virNetServerClientNeedAuthLocked
'Squash' virNetServerClientNeedAuthLocked into
virNetServerClientNeedAuth and remove virNetServerClientNeedAuthLocked
as it's not longer needed.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
27e2e855cc tests: virnetdaemontest: Enable testing for 'auth_pending'
Enable testing for 'auth_pending' in the virnetdaemon test case.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
94bbbcee1f rpc: virnetserver: Fix race on srv->nclients_unauth
There is a race between virNetServerProcessClients (main thread) and
remoteDispatchAuthList/remoteDispatchAuthPolkit/remoteSASLFinish (worker
thread) that can lead to decrementing srv->nclients_unauth when it's
zero. Since virNetServerCheckLimits relies on the value
srv->nclients_unauth the underrun causes libvirtd to stop accepting
new connections forever.

Example race scenario (assuming libvirtd is using policykit and the
client is privileged):
  1. The client calls the RPC remoteDispatchAuthList =>
     remoteDispatchAuthList is executed on a worker thread (Thread
     T1). We're assuming now the execution stops for some time before
     the line 'virNetServerClientSetAuth(client, 0)'
  2. The client closes the connection irregularly. This causes the
     event loop to wake up and virNetServerProcessClient to be
     called (on the main thread T0). During the
     virNetServerProcessClients the srv lock is hold. The condition
     virNetServerClientNeedAuth(client) will be checked and as the
     authentication is not finished right now
     virNetServerTrackCompletedAuthLocked(srv) will be called =>
     --srv->nclients_unauth => 0
  3. The Thread T1 continues, marks the client as authenticated, and
     calls virNetServerTrackCompletedAuthLocked(srv) =>
     --srv->nclients_unauth => --0 => wrap around as nclient_unauth is
     unsigned
  4. virNetServerCheckLimits(srv) will disable the services forever

To fix it, add an auth_pending field to the client struct so that it
is now possible to determine if the authentication process has already
been handled for this client.

Setting the authentication method to none for the client in
virNetServerProcessClients is not a proper way to indicate that the
counter has been decremented, as this would imply that the client is
authenticated.

Additionally, adjust the existing test cases for this new field.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
f1d8251972 rpc: Introduce virNetServerSetClientAuthenticated
Combine virNetServerClientSetAuth(client,
VIR_NET_SERVER_SERVICE_AUTH_NONE) and virNetServerTrackCompletedAuth
into one new function named virNetServerSetClientAuthenticated.

After using this new function the function
virNetServerTrackCompletedAuth was superfluous and is therefore
removed. In addition, it is not very common that a
'{{function}}' (virNetServerTrackCompletedAuth) does more than just
the locking compared to
'{{function}}Locked' (virNetServerTrackCompletedAuthLocked).

virNetServerTrackPendingAuth was already superfluous and therefore
it's also removed.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
0eaa59dce1 rpc: Correct locking and simplify the function
The lock for @client must not only be held for the duration of
checking whether the client wants to close, but also for as long as
we're closing the client. The same applies to the tracking of
authentications.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
be680bed4a rpc: Refactor the condition whether a client needs authentication
Add virNetServerClientAuthMethodImpliesAuthenticated() for deciding
whether a authentication method implies that a client is automatically
authenticated or not. Use this new function in
virNetServerClientNeedAuthLocked().

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
c10103e941 rpc: First test if authentication is required
This makes the code more efficient.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
ee8bb0511d rpc: Be more precise in which cases the authentication is needed and introduce *Locked
Be more precise in which cases the authentication is needed and
introduce *Locked.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
6e7e553180 rpc: Add typedef for the anonymous enum used for authentication methods
Add typedef for the anonymous enum used for the authentication methods
and remove the default case. This allows the usage of the type in a
switch statement and taking advantage of the compilers feature to
detect uncovered cases.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
ed88b37fb4 rpc: Use the enum value instead of a numerical value
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
4ec8baf30f tests: virnetserverclienttest: Fix memory leak @client
Direct leak of 104 byte(s) in 1 object(s) allocated from:
    #0 0x7f904bfbe12b  (/lib64/liblsan.so.0+0xe12b)
    #1 0x7f904ba0ad67 in virAlloc ../../src/util/viralloc.c:144
    #2 0x7f904bbc11a4 in virNetMessageNew ../../src/rpc/virnetmessage.c:42
    #3 0x7f904bbb8e77 in virNetServerClientNewInternal ../../src/rpc/virnetserverclient.c:392
    #4 0x7f904bbb9921 in virNetServerClientNew ../../src/rpc/virnetserverclient.c:440
    #5 0x402ce5 in testIdentity ../../tests/virnetserverclienttest.c:55
    #6 0x403bed in virTestRun ../../tests/testutils.c:180
    #7 0x402c1e in mymain ../../tests/virnetserverclienttest.c:146
    #8 0x404c80 in virTestMain ../../tests/testutils.c:1119
    #9 0x4030d5 in main ../../tests/virnetserverclienttest.c:152
    #10 0x7f9047f7f889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x7f904bfbe12b  (/lib64/liblsan.so.0+0xe12b)
    #1 0x7f904ba0adc7 in virAllocN ../../src/util/viralloc.c:191
    #2 0x7f904bbb8ec7 in virNetServerClientNewInternal ../../src/rpc/virnetserverclient.c:395
    #3 0x7f904bbb9921 in virNetServerClientNew ../../src/rpc/virnetserverclient.c:440
    #4 0x402ce5 in testIdentity ../../tests/virnetserverclienttest.c:55
    #5 0x403bed in virTestRun ../../tests/testutils.c:180
    #6 0x402c1e in mymain ../../tests/virnetserverclienttest.c:146
    #7 0x404c80 in virTestMain ../../tests/testutils.c:1119
    #8 0x4030d5 in main ../../tests/virnetserverclienttest.c:152
    #9 0x7f9047f7f889 in __libc_start_main (/lib64/libc.so.6+0x20889)

SUMMARY: LeakSanitizer: 108 byte(s) leaked in 2 allocation(s).

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
125f7d9e10 rpc: Remove duplicate declaration of virNetServerAddClient
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Eduardo Habkost
9a22251bbe qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls
All calls to virDomainAuditCgroupPath() were passing 'rc == 0' as
argument, when it was supposed to pass the 'rc' value directly.

As a consequence, the audit events that were supposed to be
logged (actual cgroup changes) were never being logged, and bogus
audit events were logged when using regular files as disk image.

Fix all calls to use the return value of
virCgroup{Allow,Deny}Device*() directly as the 'rc' argument.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-04 10:50:38 +01:00
Michal Privoznik
474c7a2ffa virstringtest: Fix alignment of backslashes
We don't try to right align the backslashes anymore.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-04 09:29:49 +01:00
Eric Blake
450bf83a92 maint: update to latest gnulib
This pulls in updates for the 2018 copyright year, among other things.

Signed-off-by: Eric Blake <eblake@redhat.com>
2018-01-03 15:48:14 -06:00
Cédric Bosdonnat
259a2cc34e apparmor: fix virt-aa-helper profile
Fix rule introduced by commit 0f33025a:
  * to handle /var/run not being a symlink to /run
  * to be properly parsed: missing comma at the end.
2018-01-03 17:33:28 +01:00
Julio Faracco
d0307a9a76 storage: Fixing missing 'backingStore' tag from volume XML dumps.
After commit a693fdb 'vol-dumpxml' missed the ability to show backingStore
information. This commit adds a volume type for files that fixes this
problem.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1529663

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
2018-01-03 16:04:24 +01:00
Michal Privoznik
6534b3c4bb qemuBuildMemPathStr: Forbid memoryBacking/access for non-numa case
https://bugzilla.redhat.com/show_bug.cgi?id=1448149

If a domain has no numa nodes, that means we don't put any
memory-backend-file onto the qemu command line. That in turn
means we can't set access='shared'. Therefore, we should produce
an error instead of ignoring the setting silently.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-03 15:53:00 +01:00
Peter Krempa
f10bb3347b qemu: monitor: Decrease logging verbosity
The PROBE macro used in qemuMonitorIOProcess and the VIR_DEBUG message
in qemuMonitorJSONIOProcess create a lot of logging churn when debug
logging is enabled during monitor communication.

The messages logged from the PROBE macro are rather useless since they
are reporting the partial state of receiving the reply from qemu. The
actual full reply is still logged in qemuMonitorJSONIOProcessLine once
the full message is received.
2018-01-03 15:21:30 +01:00
Peter Krempa
f06e488d54 util: probe: Add quiet versions of the "PROBE" macro
PROBE macro adds a logging entry, when used in places seeing a lot of
traffic this can cause a significant slowdown.
2018-01-03 15:21:06 +01:00
Chen Hanxiao
c1a6e2fb43 util: virstring: Tweak a few more descriptions.
There are a few more description-related issues that commit @9026d115
forgot to address.

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2018-01-03 12:42:53 +01:00
Cédric Bosdonnat
faec195861 lxc: set a hostname based on the container name
Set a transient hostname on containers. The hostname is computed from
the container name, only keeping the valid characters [a-zA-Z0-9-] in it.
This filtering is based on RFC 1123 and allows a digit to start the
hostname.
2018-01-03 10:58:16 +01:00
Cédric Bosdonnat
b475a91b77 Add virStringFilterChars() string utility
Add a function to filter a string based on a list of valid characters.
2018-01-03 10:58:16 +01:00
Chen Hanxiao
9026d1152c util: fix the description of virStringSearch
There's no argument named @result, use @matches instead.

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2018-01-03 09:54:14 +01:00
Christian Ehrhardt
8f882cf36e apparmor: allow unix stream for p2p migrations
On live migration with --p2p like:
 $ virsh migrate --live --p2p kvmguest-bionic-normal \
       qemu+ssh://10.6.221.80/system

We hit an apparmor deny like:
  apparmor="DENIED" operation="file_inherit"
  profile="/usr/sbin/libvirtd" pid=23477 comm="ssh" family="unix"
  sock_type="stream" protocol=0 requested_mask="send receive"
  denied_mask="send" addr=none peer_addr=none peer="unconfined"

The rule is not perfect, but can't be restricted further at the moment
(new upstream kernel features needed). For now the lack of a profile on the
peer as well as comm not being a conditional on rules do not allow to filter
further.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-01-03 09:45:21 +01:00
Michal Privoznik
4ce06ba6f4 src: Export virDomainMemoryAccessType*String
These are already exported at header file level because of
VIR_ENUM_DECL being in numa_conf.h. However, they are not being
exported at object level because of missing libvirt_private.syms
record.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-03 07:02:15 +01:00
Andrea Bolognani
8bcceaa924 docs: Fix serial console configuration examples
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2018-01-02 15:51:59 +01:00