Instead of using an O(n) efficiency linked list for storing
MCS labels, use a hash table. Instead of having the list
be global, put it in the SELinux driver private data struct
to ensure uniqueness across different instances of the driver.
This also ensures thread safety when multiple hypervisor
drivers are used in the same libvirtd process
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
When adding MCS labels, OOM was not being handled correctly.
In addition when reserving an existing label, no check was
made to see if it was already reserved
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The function names in the SELinux driver all start with
SELinux or 'mcs' as a prefix. Sanitize this so that they
all use 'virSecuritySELinux' as the prefix
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Running libvirtd unprivileged results in a warning message from
the NWFilter driver
virNWFilterSnoopLeaseFileRefresh:1882 : open("/var/run/libvirt/network/nwfilter.ltmp"): No such file or directory
Since it requires privileged network access, this driver should
not even run when unprivileged.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Update the legacy Xen drivers to use virReportError instead of
the statsError, virXenInotifyError, virXenStoreError,
virXendError, xenUnifiedError, xenXMError custom macros
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The xenHypervisorInit method was called from two different
locations, during initial driver registration and also while
opening a Xen connection. The former can't report any useful
errors to the end user/app, so remove it. To ensure thread
safety use a VIR_ONCE_GLOBAL_INIT call to invoke
xenHypervisorInit from the xenHypervisorOpen method.
As per the comment, the Xen hypervisor driver is considered to
be mandatory when running privileged. When it fails to open,
we should thus return an error, not ignore it.
ensures that initialization will always take place when it is
needed, and guarantees it only occurs once. The problem is that
the code to setup a global initializer with proper error
propagation is tedious. This introduces VIR_ONCE_GLOBAL_INIT
macro to simplify this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Update the libvirtd dispatch code to use virReportError
instead of the virNetError custom macro
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Update the nodeinfo helper code to use virReportError instead
of the nodeReportError custom macro
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Update the security drivers to use virReportError instead of
the virSecurityReportError custom macro
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Update the Power-Hypervisor driver to use virReportError
instead of the PHYP_ERROR custom macro
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Update the ESX driver to use virReportError instead of
the ESX_ERROR & ESX_VI_ERROR custom macros
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The 'lxc_driver' global variable is now used from several of
the LXC sources files. Thus it needs to be non-static to
avoid runtime linkage errors
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
The Xen driver had a number of error reports which passed a
constant string without format specifiers and was missing
"%s". Furthermore the errors were related to failing system
calls, but virReportSystemError was not used. So the only
useful piece of info (the errno) was being discarded
Move all the code that manages stop/start of LXC processes
into separate lxc_process.{c,h} file to make the lxc_driver.c
file smaller
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Move the cgroup setup code out of the lxc_controller.c file
and into lxc_cgroup.{c,h}. This reduces the size of the
lxc_controller.c file and paves the way to invoke cgroup
setup from lxc_driver.c instead of lxc_controller.c in the
future
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Move the LXC driver code related to the virDomainObjPtr
private data into separate lxc_domain.{c,h} files
to reduce the size of lxc_driver.c
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Make sure that libvirt_private.syms has all the internal symbols
from APIs in src/rpc/*.h and src/util/cgroup.h, since the LXC
controller/driver will shortly need them
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
To allow virNetServerRun/virNetServerQuit to be invoked multiple
times, we must reset the 'quit' flag in virNetServerRun
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
In the delayed close mode, we're just waiting for final data to
be written back to the client. While waiting, we should not
bother to read more data from the client.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
When sending SIGHUP to libvirtd, it will trigger the virStateDriver
reload operation. This is intended to reload the configuration files
for guests. For unknown historical reasons this is also triggering
autostart of all guests. Autostart is generally expected to be
something that happens on OS startup. Starting VMs on SIGHUP will
violate that expectation and potentially cause dangerous scenarios
if the admin has explicitly shutdown a misbehaving VM that has
been marked as autostart
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Update the linux bridge driver to use virReportError instead
of the networkReportError custom macro
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Instead of only removing the ending newline character, it is
better to remove all of standard whitespace character for the
sake of log format.
One example that we have to do this is:
After three times incorrect password input, virsh command
virsh -c qemu://remoteserver/system will report error like:
: Connection reset by peerey,gssapi-keyex,gssapi-with-mic,password).
But it should be:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
: Connection reset by peer
The reason is that we dropped the newline, but have a '\r' left.
The terminal interprets it as "move the cursor back to the start
of the current line", so the error string is messed up.
It was broken since forever as it expected a libxml2
XML_ELEMENT_NODE containing a XML_TEXT_NODE instead of
just a XML_TEXT_NODE.
This problem was not discovered for so long because
esxVI_String_Deserialize was not used until now.
Reported by Ata Bohra
Commit 80533ca forgot to think about offline cpus. When a node
cpu is offline, then its topology/ subdirectory is not present,
leading to spurious error messages leaked to the user such as:
libvir: error : cannot open /home/dummy/libvirt/tests/nodeinfodata/linux-nodeinfo-sysfs-test-6/node/node0/cpu7/topology/physical_package_id: No such file or directory
Fix that, as well as test it; the test data is gathered from a
machine with one NUMA node, hyperthreading, and with 2 of the
8 cpus offline.
* src/nodeinfo.c (virNodeParseNode): Don't parse topology of
offline cpus.
* tests/nodeinfotest.c (mymain): Run new test.
* tests/nodeinfodata/linux-nodeinfo-sysfs-test-6*: New data.
Update the network filter driver to use virReportError instead
of the virNWFilterReportError custom macro
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
