9915 Commits

Author SHA1 Message Date
Daniel P. Berrange
3aabe27247 Define internal APIs for managing identities
Introduce a local object virIdentity for managing security
attributes used to form a client application's identity.
Instances of this object are intended to be used as if they
were immutable, once created & populated with attributes

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:37:37 +00:00
Daniel P. Berrange
51997e50fa Add APIs to get at more client security data
A socket object has various pieces of security data associated
with it, such as the SELinux context, the SASL username and
the x509 distinguished name. Add new APIs to virNetServerClient
and related modules to access this data.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:11:46 +00:00
Jiri Denemark
ef3cd6473f qemu: Fix startupPolicy regression
Commit 82d5fe543720da6d83c1d6bfa1c347d7d9fda278

    qemu: check backing chains even when cgroup is omitted

added backing file checks just before the code that removes optional
disks if they are not present. However, the backing chain code fails in
case the disk file does not exist, which makes qemuProcessStart fail
regardless on configured startupPolicy.

Note that startupPolicy implementation is still wrong after this patch
since it only check the first file in a possible chain. It should rather
check the complete backing chain. But this is an existing limitation
that can be solved later. After all, startupPolicy is most useful for
CDROM images and they won't make use of backing files in most cases.
2013-03-18 14:11:58 +01:00
Paolo Bonzini
eebbb232e6 qemu: support URI syntax for NBD
QEMU 1.3 and newer support an alternative URI-based syntax to specify
the location of an NBD server.  Libvirt can keep on using the old
syntax in general, but only the URI syntax supports IPv6 addresses.

The URI syntax also supports relative paths to Unix sockets.  These
should never be used but aren't explicitly blocked either by the parser,
so support it just in case.

The URI syntax is intentionally compatible with Gluster's, and the
code can be reused.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-03-15 15:47:50 -06:00
Paolo Bonzini
be2a15dd60 qemu: support NBD with Unix sockets
This reuses the XML format that was introduced for Gluster.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-03-15 15:27:56 -06:00
Paolo Bonzini
0aa9f522c4 qemu: support named nbd exports
These are supported by nbd-server and by the NBD server that QEMU
embeds for live image access.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-03-15 15:12:41 -06:00
Paolo Bonzini
db95213e59 qemu: rewrite NBD command-line builder and parser
Move the code to an external function, and structure it to prepare
the addition of new features in the next few patches.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-03-15 14:52:43 -06:00
Eric Blake
7af86379ef util: portably check for unchanged uid
We've already scrubbed for comparisons of 'uid_t == -1' (which fail
on platforms where uid_t is a u16), but another one snuck in.

* src/util/virutil.c (virSetUIDGIDWithCaps): Correct uid comparison.
* cfg.mk (sc_prohibit_risky_id_promotion): New rule.
2013-03-15 10:55:51 -06:00
Paolo Bonzini
af9474557e qemu: do not support non-network disks without -drive
QEMU added -drive in 2007, and NBD in 2008.  Both appeared first in
release 0.10.0.  Thus the code to support network disks without -drive
is dead, and in fact it incorrectly escapes commas.  Drop it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-15 08:34:06 -06:00
Li Zhang
cc78d7ba0e Remove contiguous CPU indexes assumption
When getting CPUs' information, it assumes that CPU indexes
are not contiguous. But for ppc64 platform, CPU indexes are not
contiguous because SMT is needed to be disabled, so CPU information
is not right on ppc64 and vpuinfo, vcpupin can't work corretly.

This patch is to remove the assumption to be compatible with ppc64.

Test:
   4 vcpus are assigned to one VM and execute vcpuinfo command.

   Without patch: There is only one vcpu informaion can be listed.
   With patch: All vcpus' information can be listed correctly.

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
2013-03-15 17:56:17 +08:00
Peter Krempa
a71680fe92 audit: Audit resources used by VirtIO RNG
This patch adds auditing of resources used by Virtio RNG devices. Only
resources on the local filesystems are audited.

The audit logs look like:

For the 'random' backend:
type=VIRT_RESOURCE msg=audit(1363099126.643:31): pid=995252 uid=0 auid=4294967295 ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test" uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?" new-rng="/dev/random": exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0 res=success'

For local character device source:
type=VIRT_RESOURCE msg=audit(1363100164.240:96): pid=995252 uid=0 auid=4294967295 ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test" uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?" new-rng="/tmp/unix.sock": exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0 res=success'
2013-03-15 09:07:20 +01:00
Viktor Mihajlovski
4c1d1497e2 S390: Enable virtio-scsi and virtio-rng
Newer versions of QEMU support virtio-scsi and virtio-rng devices
on the virtio-s390 and ccw buses. Adding capability detection,
address assignment and command line generation for that.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-03-14 15:34:54 -06:00
Viktor Mihajlovski
6c92773256 qemu: Rename virtio-scsi capability
QEMU_CAPS_VIRTIO_SCSI_PCI implies that virtio-scsi is only supported
for the PCI bus, which is not the case. Remove the _PCI suffix.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-03-14 14:56:11 -06:00
Laine Stump
49fa91b3ee util: fix clear_emulator_capabilities=0
My commit 7a2e845a865dc7fa82d2393ea2a770cfc8cf00b4 (and its
prerequisites) managed to effectively ignore the
clear_emulator_capabilities setting in qemu.conf (visible in the code
as the VIR_EXEC_CLEAR_CAPS flag when qemu is being exec'ed), with the
result that the capabilities are always cleared regardless of the
qemu.conf setting. This patch fixes it by passing the flag through to
virSetUIDGIDWithCaps(), which uses it to decide whether or not to
clear existing capabilities before adding in those that were
requested.

Note that the existing capabilities are *always* cleared if the new
process is going to run as non-root, since the whole point of running
non-root is to have the capabilities removed (it's still possible to
maintain individual capabilities as needed using the capBits argument
though).
2013-03-14 14:02:32 -04:00
Eric Blake
5ac846e42e qemu: detect multi-head qxl via more than version check
Multi-head QXL support is so useful that distros have started to
backport it to qemu earlier than 1.2.  After discussion with
Alon Levy, we determined that the existence of the qxl-vga.surfaces
property is a reliable indicator of whether '-device qxl-vga' works,
or whether we have to stick to the older '-vga qxl'.  I'm leaving
in the existing check for QEMU_CAPS_DEVICE_VIDEO_PRIMARY tied to
qemu 1.2 and newer (in case qemu is built without qxl support),
but for those distros that backport qxl, this additional capability
check will allow the correct command line for both RHEL 6.3 (which
lacks the feature) and RHEL 6.4 (where qemu still claims to be
version 0.12.2.x, but has backported multi-head qxl).

* src/qemu/qemu_capabilities.c (virQEMUCapsObjectPropsQxlVga): New
property test.
(virQEMUCapsExtractDeviceStr): Probe for backport of new
capability to qemu earlier than 1.2.
* tests/qemuhelpdata/qemu-kvm-1.2.0-device: Update test.
* tests/qemuhelpdata/qemu-1.2.0-device: Likewise.
* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta-device:
Likewise.
2013-03-14 09:38:20 -06:00
Daniel P. Berrange
0946c5f5fc Fix deps for generating RPC dispatch code
The src/lxc/lxc_*_dispatch.h files only had deps on the
RPC generator script & the XDR definition file. So when
the Makefile.am args passed to the generator were change,
the disaptch code was not re-generated. This caused a
build failure

  CC       libvirt_lxc-lxc_controller.o
lxc/lxc_controller.c: In function 'virLXCControllerSetupServer':
lxc/lxc_controller.c:718:47: error: 'virLXCMonitorProcs' undeclared (first use in this function)
lxc/lxc_controller.c:718:47: note: each undeclared identifier is reported only once for each function it appears in
lxc/lxc_controller.c:719:47: error: 'virLXCMonitorNProcs' undeclared (first use in this function)
make[3]: *** [libvirt_lxc-lxc_controller.o] Error 1

For added fun, the generated files were not listed in
CLEANFILES, so only a 'git clean -f' would fix the build

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 14:55:43 +00:00
Ján Tomko
6e46477c23 Fix size probing for VDI images
Commit 027bf2ea used the wrong offset: the text field at the start
of the header has 64 bytes, not 68. [1]

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=921452

[1] https://forums.virtualbox.org/viewtopic.php?p=29267#p29267
2013-03-14 15:12:06 +01:00
Daniel P. Berrange
403594eb8c Fix generation of systemtap probes for RPC protocols
The naming used in the RPC protocols for the LXC monitor and
lock daemon confused the script used to generate systemtap
helper functions. Rename the LXC monitor protocol symbols to
reduce confusion. Adapt the gensystemtap.pl script to cope
with the LXC monitor / lock daemon naming conversions.

This has no functional impact on RPC wire protocol, since
names are only used in the C layer

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:22 +00:00
Daniel P. Berrange
ad9ea4a9fd Re-add DTrace probes on 'dispose' functions
When converting to virObject, the probes on the 'Free' functions
were removed on the basis that there is a probe on virObjectFree
that suffices. This puts a burden on people writing probe scripts
to identify which object is being dispose. This adds back probes
in the 'Dispose' functions and updates the rpc monitor systemtap
example to use them

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:21 +00:00
Daniel P. Berrange
1732c1c629 Fix parsing of SELinux ranges without a category
Normally libvirtd should run with a SELinux label

  system_u:system_r:virtd_t:s0-s0:c0.c1023

If a user manually runs libvirtd though, it is sometimes
possible to get into a situation where it is running

  system_u:system_r:init_t:s0

The SELinux security driver isn't expecting this and can't
parse the security label since it lacks the ':c0.c1023' part
causing it to complain

  internal error Cannot parse sensitivity level in s0

This updates the parser to cope with this, so if no category
is present, libvirtd will hardcode the equivalent of c0.c1023.

Now this won't work if SELinux is in Enforcing mode, but that's
not an issue, because the user can only get into this problem
if in Permissive mode. This means they can now start VMs in
Permissive mode without hitting that parsing error

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:21 +00:00
Daniel P. Berrange
4a92fe4413 Separate MCS range parsing from MCS range checking
Pull the code which parses the current process MCS range
out of virSecuritySELinuxMCSFind and into a new method
virSecuritySELinuxMCSGetProcessRange.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:21 +00:00
Daniel P. Berrange
f2d8190cfb Fix memory leak on OOM in virSecuritySELinuxMCSFind
The body of the loop in virSecuritySELinuxMCSFind would
directly 'return NULL' on OOM, instead of jumping to the
cleanup label. This caused a leak of several local vars.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:21 +00:00
Daniel P. Berrange
2f98a7f7ba Avoid closing uninitialized FDs when LXC startup fails
If an LXC domain failed to start because of a bogus SELinux
label, virLXCProcessStart would call VIR_CLOSE(0) by mistake.
This is because the code which initializes the member of the
ttyFDs array to -1 got moved too far away from the place where
the array is first allocated.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:21 +00:00
Daniel P. Berrange
b2878ed860 Prevent streams from becoming libvirtd controlling TTY
When opening a stream to a device which is a TTY, that device
may become the controlling TTY of libvirtd, if libvirtd was
daemonized. This in turn means when the other end of the stream
closes, libvirtd gets SIGHUP, causing it to reload its config.
Prevent this by forcing O_NOCTTY on all streams that are opened

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:21 +00:00
Peter Krempa
32bd699f55 virtio-rng: Add rate limiting options for virtio-RNG
Qemu's implementation of virtio RNG supports rate limiting of the
entropy used. This patch exposes the option to tune this functionality.

This patch is based on qemu commit 904d6f588063fb5ad2b61998acdf1e73fb4

The rate limiting is exported in the XML as:
<devices>
  ...
  <rng model='virtio'>
    <rate bytes='123' period='1234'/>
    <backend model='random'/>
  </rng>
  ...
2013-03-14 13:28:10 +01:00
Guannan Ren
eb086eb5b5 util: escapes special characters in VIR_LOG_REGEX
In debug mode, the bug failed to start vm
error: Failed to start domain rhel5u9
error: internal error Out of space while reading console log output:
...
2013-03-14 13:28:11 +08:00
J.B. Joret
f946462e14 S390: Add hotplug support for s390 virtio devices
We didn't yet expose the virtio device attach and detach functionality
for s390 domains as the device hotplug was very limited with the old
virtio-s390 bus. With the CCW bus there's full hotplug support for
virtio devices in QEMU, so we are adding this to libvirt too.

Since the virtio hotplug isn't limited to PCI anymore, we change the
function names from xxxPCIyyy to xxxVirtioyyy, where we handle all
three virtio bus types.

Signed-off-by: J.B. Joret <jb@linux.vnet.ibm.com>
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-03-13 18:13:09 -06:00
Viktor Mihajlovski
608512b24a S390: QEMU driver support for CCW addresses
This commit adds the QEMU driver support for CCW addresses. The
current QEMU only allows virtio devices to be attached to the
CCW bus. We named the new capability indicating that support
QEMU_CAPS_VIRTIO_CCW accordingly.

The fact that CCW devices can only be assigned to domains with a
machine type of s390-ccw-virtio requires a few extra checks for
machine type in qemu_command.c on top of querying
QEMU_CAPS_VIRTIO_{CCW|S390}.

The majority of the new functions deals with CCW address generation
and management.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-03-13 17:14:38 -06:00
Viktor Mihajlovski
e50a1bae9b S390: domain_conf support for CCW
Add necessary handling code for the new s390 CCW address type to
virDomainDeviceInfo. Further, introduce  memory management, XML
parsing, output formatting and range validation for the new
virDomainDeviceCCWAddress type.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-03-13 17:01:34 -06:00
Daniel P. Berrange
e31f32c6a3 Daemonize fuse thread in libvirt_lxc
In some startup failure modes, the fuse thread may get itself
wedged. This will cause the entire libvirt_lxc process to
hang trying to the join the thread. There is no compelling
reason to wait for the thread to exit if the whole process
is exiting, so just daemonize the fuse thread instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-13 15:54:06 +00:00
Daniel P. Berrange
83d7e4e460 Use separate symbol file for GNUTLS symbols
A number of symbols are only present when GNUTLS is enabled.
Thus we must use a separate libvirt_gnutls.syms file for them
instead of libvirt_private.syms

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-13 15:21:33 +00:00
Daniel P. Berrange
b5d014c375 Fix missing error dispatch in virDomainLxcEnterNamespace
The virDomainLxcEnterNamespace method mistakenly uses
virCheckFlags, which returns immediately instead of
virCheckFlagsGoto which jumps to the error cleanup
patch where there is a virDispatchError call
2013-03-13 15:16:51 +00:00
Daniel P. Berrange
a08810195c Fix query of LXC security label
The virDomainGetSecurityLabel method is currently (mistakenly)
showing the label of the libvirt_lxc process:

...snip...
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:virtd_t:s0-s0:c0.c1023 (permissive)

when it should be showing the init process label

...snip...
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c724,c995 (permissive)
2013-03-13 15:16:42 +00:00
Daniel P. Berrange
e4e69e899e Apply security label when entering LXC namespaces
Add a new virDomainLxcEnterSecurityLabel() function as a
counterpart to virDomainLxcEnterNamespaces(), which can
change the current calling process to have a new security
context. This call runs client side, not in libvirtd
so we can't use the security driver infrastructure.

When entering a namespace, the process spawned from virsh
will default to running with the security label of virsh.
The actual desired behaviour is to run with the security
label of the container most of the time. So this changes
virsh lxc-enter-namespace command to invoke the
virDomainLxcEnterSecurityLabel method.

The current behaviour is:

LABEL                             PID TTY          TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 29 ? 00:00:00 dhclient
staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 47 ? 00:00:00 ps

Note the ps command is running as unconfined_t,  After this patch,

The new behaviour is this:

virsh -c lxc:/// lxc-enter-namespace dan -- /bin/ps -eZ
LABEL                             PID TTY          TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 38 ? 00:00:00 ps

The '--noseclabel' flag can be used to skip security labelling.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-13 15:16:37 +00:00
Michal Privoznik
3b94239ffb qemu_driver: Try KVM_CAP_MAX_VCPUS only if defined
With our recent patch (1715c83b5f) we thrive to get the correct
number of maximal VCPUs. However, we are using a constant from
linux/kvm.h which may be not defined in every distro. Hence, we
should guard usage of the constant with ifdef preprocessor
directive. This was introduced in kernel:

    commit 8c3ba334f8588e1d5099f8602cf01897720e0eca
    Author: Sasha Levin <levinsasha928@gmail.com>
    Date:   Mon Jul 18 17:17:15 2011 +0300

    KVM: x86: Raise the hard VCPU count limit

    The patch raises the hard limit of VCPU count to 254.

    This will allow developers to easily work on scalability
    and will allow users to test high VCPU setups easily without
    patching the kernel.

    To prevent possible issues with current setups, KVM_CAP_NR_VCPUS
    now returns the recommended VCPU limit (which is still 64) - this
    should be a safe value for everybody, while a new KVM_CAP_MAX_VCPUS
    returns the hard limit which is now 254.

$ git desc 8c3ba334f
v3.1-rc7-48-g8c3ba33
2013-03-13 14:31:29 +01:00
Peter Krempa
27cf98e2d1 virCaps: conf: start splitting out irrelevat data
The virCaps structure gathered a ton of irrelevant data over time that.
The original reason is that it was propagated to the XML parser
functions.

This patch aims to create a new data structure virDomainXMLConf that
will contain immutable data that are used by the XML parser. This will
allow two things we need:

1) Get rid of the stuff from virCaps

2) Allow us to add callbacks to check and add driver specific stuff
after domain XML is parsed.

This first attempt removes pointers to private data allocation functions
to this new structure and update all callers and function that require
them.
2013-03-13 09:27:14 +01:00
Daniel P. Berrange
be27de6e8d Remove hack using existance of an 'identity' string to disable auth
Currently the server determines whether authentication of clients
is complete, by checking whether an identity is set. This patch
removes that lame hack and replaces it with an explicit method
for changing the client auth code

* daemon/remote.c: Update for new APis
* src/libvirt_private.syms, src/rpc/virnetserverclient.c,
  src/rpc/virnetserverclient.h: Remove virNetServerClientGetIdentity
  and virNetServerClientSetIdentity, adding a new method
  virNetServerClientSetAuth.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-12 18:07:17 +00:00
Daniel P. Berrange
a299714295 Add API for thread cancellation
Add a virThreadCancel function. This functional is inherently
dangerous and not something we want to use in general, but
integration with SELinux requires that we provide this stub.
We leave out any Win32 impl to discourage further use and
because obviously SELinux isn't enabled on Win32

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-12 18:07:11 +00:00
Daniel P. Berrange
32b7e92db6 Add missing break in LXC loop device setup
When setting up disks with loop devices for LXC, one of the
switch cases was missing a 'break' causing it to fallthrough
to an error condition.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-12 11:52:52 +00:00
Jiri Denemark
57bb725aca qemu: Avoid NULL dereference in qemuSharedDiskEntryFree
At least one caller may call qemuSharedDiskEntryFree with NULL as the
first argument. Let's make the function similar to other *Free functions
and do nothing in such case.
2013-03-12 09:10:41 +01:00
Peter Krempa
1715c83b5f qemu: Fix retrieval of maximum number of vCPUs on KVM hosts
The detection of the maximum number of cpus used incorrect ioctl
argument value. This flaw caused that on kvm hosts this returns always
"160" as the maximum. This is just a recommended maximum value. The real
value is higher than that.

This patch tweaks the detection function to behave as described by the
kernel docs:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/virtual/kvm/api.txt?id=refs/tags/v3.9-rc2#n199
2013-03-11 18:01:55 +01:00
Hu Tao
5c86ace1e7 nodeinfo: don't define nodeGetCellMemory if it isn't ever used
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2013-03-11 09:55:37 -06:00
Guido Günther
531b4fe8d0 Convert HAVE_SELINUX to WITH_SELINUX
these were missed by 63f18f378693cac6b6e33f4a8c15c20cb191c7c8
2013-03-11 11:42:21 +01:00
Guido Günther
6082bc27d0 lxc: Init activeUsbHostdevs
otherwise we crash with

 #0  virUSBDeviceListFind (list=0x0, dev=dev@entry=0x8193d70) at util/virusb.c:526
 #1  0xb1a4995b in virLXCPrepareHostdevUSBDevices (driver=driver@entry=0x815d9a0, name=0x815dbf8 "debian-700267", list=list@entry=0x81d8f08) at lxc/lxc_hostdev.c:88
 #2  0xb1a49fce in virLXCPrepareHostUSBDevices (def=0x8193af8, driver=0x815d9a0) at lxc/lxc_hostdev.c:261
 #3  virLXCPrepareHostDevices (driver=driver@entry=0x815d9a0, def=0x8193af8) at lxc/lxc_hostdev.c:328
 #4  0xb1a4c5b1 in virLXCProcessStart (conn=0x817d3f8, driver=driver@entry=0x815d9a0, vm=vm@entry=0x8190908, autoDestroy=autoDestroy@entry=false, reason=reason@entry=VIR_DOMAIN_RUNNING_BOOTED)
     at lxc/lxc_process.c:1068
 #5  0xb1a57e00 in lxcDomainStartWithFlags (dom=dom@entry=0x815e460, flags=flags@entry=0) at lxc/lxc_driver.c:1014
 #6  0xb1a57fc3 in lxcDomainStart (dom=0x815e460) at lxc/lxc_driver.c:1046
 #7  0xb79c8375 in virDomainCreate (domain=domain@entry=0x815e460) at libvirt.c:8450
 #8  0x08078959 in remoteDispatchDomainCreate (args=0x81920a0, rerr=0xb65c21d0, client=0xb0d00490, server=<optimized out>, msg=<optimized out>) at remote_dispatch.h:1066
 #9  remoteDispatchDomainCreateHelper (server=0x80c4928, client=0xb0d00490, msg=0xb0d005b0, rerr=0xb65c21d0, args=0x81920a0, ret=0x815d208) at remote_dispatch.h:1044
 #10 0xb7a36901 in virNetServerProgramDispatchCall (msg=0xb0d005b0, client=0xb0d00490, server=0x80c4928, prog=0x80c6438) at rpc/virnetserverprogram.c:432
 #11 virNetServerProgramDispatch (prog=0x80c6438, server=server@entry=0x80c4928, client=0xb0d00490, msg=0xb0d005b0) at rpc/virnetserverprogram.c:305
 #12 0xb7a300a7 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x80c4928) at rpc/virnetserver.c:162
 #13 virNetServerHandleJob (jobOpaque=0xb0d00510, opaque=0x80c4928) at rpc/virnetserver.c:183
 #14 0xb7924f98 in virThreadPoolWorker (opaque=opaque@entry=0x80a94b0) at util/virthreadpool.c:144
 #15 0xb7924515 in virThreadHelper (data=0x80a9440) at util/virthreadpthread.c:161
 #16 0xb7887c39 in start_thread (arg=0xb65c2b70) at pthread_create.c:304
 #17 0xb77eb78e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

when adding a domain with a usb device. This is Debian bug

    http://bugs.debian.org/700267
2013-03-11 11:41:58 +01:00
Michal Privoznik
f3fb916de9 bandwidth: Require network QoS if interface uses 'floor'
By current implementation, network inbound is required in order
to use 'floor' for guaranteeing  minimal throughput. This is so,
because we want user to tell us the maximal throughput of the
network instead of finding out ourselves (and detect bogus values
in case of virtual interfaces). However, we are nowadays
requiring this only on documentation level. So if user starts a
domain with 'floor' set on one its interfaces, we silently ignore
the setting. We should error out instead.
2013-03-11 10:51:32 +01:00
Dusty Mabe
d3092c60f7 capabilities: add NUMA memory information
'virsh capabilities' will now include a new <memory> element
per <cell> of the topology, as in:

    <topology>
      <cells num='2'>
        <cell id='0'>
          <memory unit='KiB'>12572412</memory>
          <cpus num='12'>
          ...
        </cell>

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-03-08 11:51:00 -07:00
Guido Günther
c8871d8fbd lxc: include sys/stat.h
This fixes the build on Debian Wheezy which otherwise fails with:

  CC     libvirt_driver_lxc_impl_la-lxc_process.lo
  lxc/lxc_process.c: In function 'virLXCProcessGetNsInode':
  lxc/lxc_process.c:648:5: error: implicit declaration of function 'stat' [-Werror=implicit-function-declaration]
  lxc/lxc_process.c:648:5: error: nested extern declaration of 'stat' [-Werror=nested-externs]
  cc1: all warnings being treated as errors
2013-03-08 19:11:32 +01:00
Michal Privoznik
5a791c8995 qemuDomainBlockStatsFlags: Guard disk lookup with a domain job
When there are two concurrent threads, we may dereference a NULL
pointer, even though it has been checked before:

1. Thread1: starts executing qemuDomainBlockStatsFlags() with nparams != 0.
            It finds given disk and successfully pass check for disk->info.alias
            not being NULL.
2. Thread2: starts executing qemuDomainDetachDeviceFlags() on the very same
            disk as Thread1 is working on.
3. Thread1: gets to qemuDomainObjBeginJob() where it sets a job on a
            domain.
4. Thread2: also tries to set a job. However, we are not guaranteed which
            thread wins. So assume it's Thread2 who can continue.
5. Thread2: does the actual detach and frees disk->info.alias
6. Thread2: quits the job
7. Thread1: now successfully acquires the job, and accesses a NULL pointer.
2013-03-08 13:09:32 +01:00
Guannan Ren
ce4557c3ab apparmor: use AppArmorSetFDLabel for both imageFD and tapFD
Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
be used as a common function for *ALL* fd relabelling in Linux.

In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
The last line is for the tapfd relabelling.

 # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
  "/var/log/libvirt/**/rhel6qcow2.log" w,
  "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
  "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
  "/run/libvirt/**/rhel6qcow2.pid" rwk,
  "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
  "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
  "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
  "/dev/tap45" rw,
2013-03-08 10:56:07 +08:00
Daniel P. Berrange
ab1ef3bc6c Include pid namespace inode in LXC audit messages
To allow the efficient correlation of container audit messages
with host hosts, include the pid namespace inode in audit
messages.
2013-03-07 19:43:53 +00:00