Commit Graph

1065 Commits

Author SHA1 Message Date
Pino Toscano
6917467c2b libssh_transport: add new libssh-based transport
Implement a new libssh transport, which uses libssh to communicate with
remote hosts, and add all the build system stuff (search of libssh,
private symbols, etc) to built it.

This new transport supports all the common ssh authentication methods,
making use of libvirt's auth callbacks for interaction with the user.
2016-11-15 15:50:51 +01:00
Dawid Zamirski
4fd7194248 vbox: hookup the 5.1 C API to the unified driver 2016-11-08 09:56:33 +00:00
Nikolay Shirokovskiy
018b4ae14b vz: add ACL checks to API calls
vzDomainMigrateConfirm3Params is whitelisted. Otherwise we need to
move removing domain from domain list from perform to confirm
step. This would further imply adding a flag and check that migration
is in progress to prohibit mistakenly (maliciously) removing domains
on confirm step. vz version of p2p also need to be fixed to include confirm step.
One would also need to add means to cleanup pending migration
on client disconnect as now is has state across several API
calls.

  On the other hand current version of confirm step is totaly
harmless thus it is easier to whitelist it at the moment.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2016-08-23 19:48:01 +03:00
Kai Kang
7e1ca80d87 nsslinktest: also build virAtomic.h
When build for architecture that don't use gcc atomic ops but pthread,
it fails to build for armel:

| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virClassNew':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:153: undefined reference to `virAtomicLock'
| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectNew':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:205: undefined reference to `virAtomicLock'
| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectUnref':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:277: undefined reference to `virAtomicLock'
| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectRef':
| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:298: undefined reference to `virAtomicLock'
| collect2: error: ld returned 1 exit status

It is similar with:

http://libvirt.org/git/?p=libvirt.git;a=commit;h=12dc729

Signed-off-by: Kai Kang <kai.kang@windriver.com>
2016-08-08 08:06:56 +02:00
Eric Blake
f33f03d015 build: centralize use of extra Cygwin LDFLAGS
The build was failing with:

  CCLD     lockd.la
libtool:   error: can't build i686-pc-cygwin shared library unless -no-undefined is specified

Rather than add yet another $(CYGWIN_EXTRA_LDFLAGS) to all the
impacted *_la_LDFLAGS, it was easier to just pull the extra
flags into ALL libraries via AM_LDFLAGS.

Then, fix lockd_la_LDFLAGS to include AM_LDFLAGS, like all other
libraries.

Signed-off-by: Eric Blake <eblake@redhat.com>
2016-08-06 07:50:19 -06:00
Eric Blake
aa760cd522 build: use XDR_CFLAGS for Cygwin build
Without XDR_CFLAGS, compilation on Cygwin fails with:

  CC       libvirt_driver_la-libvirt-stream.lo
In file included from libvirt-stream.c:26:0:
rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

Signed-off-by: Eric Blake <eblake@redhat.com>
2016-08-06 07:27:03 -06:00
Jovanka Gulicoska
9806ae04dd conf: add node_device_event handling
Add node device event handling infrastructure to node_device_event.[ch]
2016-08-02 09:52:00 -04:00
Fabian Freyer
01163b1b1f bhyve: implement virConnectDomainXMLFromNative
First, remove escaped newlines and split up the string into an argv-list for
the bhyve and loader commands, respectively. This is done by iterating over the
string splitting it by newlines, and then re-iterating over each line,
splitting it by spaces.

Since this code reuses part of the code of qemu_parse_command.c
(in bhyveCommandLine2argv), add the appropriate copyright notices.

Signed-off-by: Fabian Freyer <fabian.freyer@physik.tu-berlin.de>
2016-07-10 15:40:10 -04:00
Jiri Denemark
3e5197ac13 cpu: Drop generic driver
Pretending (partial) support for something we don't understand is risky.
Reporting a failure is much better.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-07-01 12:20:54 +02:00
Laine Stump
cf0568b0af util: new files virnetdevip.[ch] for IP-related netdev functions
This patch splits virnetdev.[ch] into multiple files, with the new
virnetdevip.[ch] containing all the functions related to setting and
retrieving IP-related info for a device (both addresses and routes).
2016-06-26 19:33:09 -04:00
Jiri Denemark
e2ddc811ab cpu: Consolidate ARM drivers
Both ARM and AArch64 drivers are exactly the same (modulo function
names). Let's use just one driver for all ARM architectures.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-06-25 00:02:30 +02:00
Martin Pietsch
d0bef64334 Add support for VirtualBox 5 2016-06-24 09:26:06 +02:00
John Ferlan
1eca5f6581 secret: Move virStorageSecretType and rename
Move the enum into a new src/util/virsecret.h, rename it to be
virSecretLookupType. Add a src/util/virsecret.h in order to perform
a couple of simple operations on the secret XML and virSecretLookupTypeDef
for clearing and copying.

This includes quite a bit of collateral damage, but the goal is to remove
the "virStorage*" and replace with the virSecretLookupType so that it's
easier to to add new lookups that aren't necessarily storage pool related.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-23 12:30:27 -04:00
John Ferlan
35f6abef6b storage: Use virSecretGetSecretString
Rather than inline code secret lookup for rbd/iscsi, use the common function.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-21 14:31:19 -04:00
Jovanka Gulicoska
dc7b849a0c conf: add storage_event handling
Add storage event handling infrastructure to storage_event.[ch], following
the network_event.[ch] pattern.
2016-06-16 12:22:11 -04:00
Jim Fehlig
53d98ccea7 xenconfig: support bios=ovmf xl.cfg
Add support to xenconfig for conversion of xl.cfg(5) bios config
to/from libvirt domXml <loader> config. SeaBIOS is the default
for HVM guests using upstream QEMU. ROMBIOS is the default when
using the old qemu-dm. This patch allows specifying OVMF as an
alternate firmware.

Example xl.cfg:
  bios = "ovmf"

Example domXML:
  <os>
    ...
    <loader readonly='yes' type='pflash'>/usr/lib/xen/boot/ovmf.bin</loader>
  </os>

Note that currently Xen does not support a separate nvram for
non-volatile variables.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-06-13 14:13:17 -06:00
Jim Fehlig
cb110a67e3 libxl: introduce libxl_capabilities.{ch}
Move capabilities code out of libxl_conf.{ch} and into new
libxl_capabilities.{ch} files.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-06-13 14:13:16 -06:00
Jim Fehlig
fda5a98e9e driver config: Introduce virFirmware object
The virQEMUDriverConfig object contains lists of
loader:nvram pairs to advertise firmwares supported by
by the driver, and qemu_conf.c contains code to populate
the lists, all of which is useful for other drivers too.

To avoid code duplication, introduce a virFirmware object
to encapsulate firmware details and switch the qemu driver
to use it.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-06-13 14:13:16 -06:00
Daniel P. Berrange
57e62ee00a libvirt-lxc: add virDomainLxcEnterCGroup API
Add the virDomainLxcEnterCGroup API to the libvirt-lxc.so
file. This method moves the calling process into the cgroups
associated with the container.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-10 11:02:53 +01:00
Daniel P. Berrange
86dd9fac0f nodeinfo: move host memory APIs out into virhostmem file
Move all APIs with a virHostMEM name prefix out into new
util/virhostmem.h & util/virhostmem.c files

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-09 18:43:18 +01:00
Daniel P. Berrange
eaf18f4c2b nodeinfo: move host CPU APIs out into virhostcpu.c file
Move all APIs with a virHostCPU name prefix out into new
util/virhostcpu.h & util/virhostcpu.c files

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-09 18:31:11 +01:00
Daniel P. Berrange
d8a8af3492 tls: remove support for gnutls 1.x.x, require 2.2.0
We need to use the gnutls_priority_set_direct method which
was not introduced until 2.1.7, so bump version to 2.2.0
which is the first stable release with it included. This
release dates from Dec 2007 so it is reasonable to ditch
support for the 1.x.x series for gnutls releases entirely.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
c0bc172383 systemd: directly notify systemd instead of using sd_notify
The sd_notify method is used to tell systemd when libvirtd
has finished starting up. All it does is send a datagram
containing the string parameter to systemd on a UNIX socket
named in the NOTIFY_SOCKET environment variable. Rather than
pulling in the systemd libraries for this, just code the
notification directly in libvirt as this is a stable ABI
from systemd's POV which explicitly allows independant
implementations:

See "Reimplementable Independently" column in the
"$NOTIFY_SOCKET Daemon Notifications" row:

https://www.freedesktop.org/wiki/Software/systemd/InterfacePortabilityAndStabilityChart/

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1314881

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-07 09:37:57 +01:00
John Ferlan
1b5f1884a2 qemu: Move and rename qemuBuildObjectCommandlineFromJSON
Move the module from qemu_command.c to a new module virqemu.c and
rename the API to virQEMUBuildObjectCommandline.

This API will then be shareable with qemu-img and the need to build
a security object for luks support.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-06 13:44:51 -04:00
Pavel Hrdina
9db7308502 makefile: fix build on systems where gnutls is not in /usr/include
We need to append GNUTLS_CFLAGS while building utils because virtcrypto
is using it.  This fixes build on freebsd where gnutuls is in
/usr/local/include.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-24 13:30:01 +02:00
John Ferlan
4652b158aa secret: Create virsecretobj.c and virsecretconf.h
Move virSecretObj from secret_driver.c to virsecretobj.h

To support being able to create a hashed secrets list, move the
virSecretObj to virsecretobj.h so that the code can at least find
the definition.

This should be a temporary situation while the virsecretobj.c code
is patched in order to support a hashed secret object while still
having the linked list support in secret_driver.c. Eventually, the
goal is to move the virSecretObj into virsecretobj.c, although it
is notable that the existing model from which virSecretObj was
derived has virDomainObj in src/conf/domain_conf.h and virNetworkObj
in src/conf/network_conf.h, so virSecretObj wouldn't be unique if
it were to remain in virsecretobj.h  Still adding accessors to fetch
and store hashed object data will be the end goal.

Add definitions and infrastucture in virsecretobj.c to create and
handle a hashed virSecretObj and virSecretObjList including the class,
object, lock setup, and disposal API's. Nothing will call these yet.

This infrastructure will replace the forward linked list logic
within the secret_driver, eventually.
2016-04-25 15:45:29 -04:00
Andrea Bolognani
49ba028aed build: Replace variables in man pages
We can't use eg. @sysconfdir@ directly in the .pod file, because
pod2man(1) will interpret that as a variable name and format it
accordingly.

Instead, we use eg. SYSCONFDIR and use a subsequent sed(1) call
to turn it into the expected @sysconfdir@.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
7351f7fe68 build: Group files
Define $(PODFILES) and $(MANINFILES) so that adding a new man
page only requires changes in a few, well defined spots.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
5b479f3b5b build: Standardize on .pod -> .x.in -> .x
After this commit, all man pages are generated using the same two
steps:

  1. Process a source $command.pod file with pod2man(1) to obtain
     a valid man page in $command.$section.in

  2. Process $command.$section.in with sed(1) to obtain the final
     man page in $command.$section
2016-04-25 15:40:44 +02:00
Andrea Bolognani
90709d8d22 build: Build man pages in $(builddir)
No file should be created inside $(srcdir) during build.
2016-04-25 15:40:43 +02:00
Andrea Bolognani
71c22b186c build: Fix default network generation on FreeBSD
FreeBSD's sed(1) doesn't support using "\n" to insert a newline,
so the installed default.xml file ends up containing a literal
"n" between tags; to work around this problem, add a tr(1)
invocation as suggested by the sed FAQ[1].

[1] http://sed.sourceforge.net/sedfaq4.html (4.1 c)
2016-04-21 16:45:20 +02:00
Andrea Bolognani
d0062fb9b5 dist: ln(1) is not guaranteed to have a '-f' option
According to the autoconf manual, using '$(LN_S) -f' is not
portable; remove the target explicitly beforehand to work around
this limitation.

Adjust some slightly awkward indentation while at it.
2016-04-21 15:36:14 +02:00
Andrea Bolognani
ed5c929777 build: Use $(LN_S) safely
The autoconf documentation recommends to always use this
construct when creating symbolic links with $(LN_S) to avoid
unexpected behavior.
2016-04-21 10:02:36 +02:00
Andrea Bolognani
ce8379eedc build: Overwrite existing symbolic links
The current rule fails if the target already exists:

  cd /home/jenkins/build/libvirt/lib && \
    ln -s libnss_libvirt.so.1 nss_libvirt.so.1
  ln: nss_libvirt.so.1: File exists
  Makefile:3357: recipe for target 'install-exec-hook' failed

However, all other rules concerned with installation are
idempotent and will happily overwrite an existing target,
so this one should as well.
2016-04-21 10:02:36 +02:00
Andrea Bolognani
2561d4e395 build: Always use $(LN_S) and $(MKDIR_P)
autotools provide those for our convenience, so let's use them
everywhere instead of mixing in native command invocation.
2016-04-21 10:02:36 +02:00
Cole Robinson
e7db227810 util: Add virGettextInitialize, convert the code
Take setlocale/gettext error handling pattern from tools/virsh-*
and use it for all standalone binaries via a new shared
virGettextInitialize routine. The virsh* pattern differed slightly
from other callers. All users now consistently:

* Ignore setlocale errors. virsh has done this forever, presumably for
  good reason. This has been partially responsible for some bug reports:

  https://bugzilla.redhat.com/show_bug.cgi?id=1312688
  https://bugzilla.redhat.com/show_bug.cgi?id=1026514
  https://bugzilla.redhat.com/show_bug.cgi?id=1016158

* Report the failed function name
* Report strerror
2016-04-14 13:22:40 -04:00
Maxim Nestratov
4dc5d8f2c1 fix build by correcting functions order and src/Makefile.am
commit 30c61901 added new functions to libvirt_private.syms
not alpabetically sorted and erroneously added vz sources to
STATEFUL_DRIVER_SOURCE_FILES, which triggered check-aclrules
running while vz driver isn't ready for it yet.

Pushing under build-breaker rule.

Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2016-04-14 03:09:19 +03:00
Maxim Nestratov
30c61901c8 vz: build driver as module and don't register it on client's side
Make it possible to build vz driver as a module and don't link it with
libvirt.so statically.
Remove registering it on client's side as far as we start relying on daemon

Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2016-04-13 18:48:43 +03:00
John Ferlan
2844de6f40 secret: Introduce virSecretGetSecretString
Commit id 'fb2bd208' essentially copied the qemuGetSecretString
creating an libxlGetSecretString.  Rather than have multiple copies
of the same code, create src/secret/secret_util.{c,h} files and
place the common function in there.

Modify the the build in order to build the module as a library
which is then pulled in by both the qemu and libxl drivers for
usage from both qemu_command.c and libxl_conf.c
2016-04-06 20:31:21 -04:00
Guido Günther
12b239a9fa Link libvirt_xenconfig instead of libvirt against libxl
to avoid the test failure

 7) Test driver "xen"  ... 2016-03-31 12:53:26.950+0000: 22430: debug : virDriverLoadModule:54 : Module load xen
 2016-03-31 12:53:26.950+0000: 22430: error : virDriverLoadModule:73 : failed to load module /build/libvirt-1.3.3~rc1/debian/build/src/.libs/libvirt_driver_xen.so /build/libvirt-1.3.3~rc1/debian/build/src/.libs/libvirt_driver_xen.so: undefined symbol: xlu_cfg_destroy
FAILED
2016-04-06 20:26:59 +02:00
Qiaowei Ren
28b446292b perf: implement a set of util functions for perf event
This patch implement a set of interfaces for perf event. Based on
these interfaces, we can implement internal driver API for perf,
and get the results of perf conuter you care about.

Signed-off-by: Qiaowei Ren <qiaowei.ren@intel.com>
Message-id: 1459171833-26416-4-git-send-email-qiaowei.ren@intel.com
2016-03-29 13:13:05 +01:00
Michal Privoznik
7dbcb26f7f nss: Implement _nss_libvirt_gethostbyname3_r
The implementation is pretty straightforward. Moreover, because
of the nature of things, gethostbyname_r and gethostbyname2_r can
be implemented at the same time too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-18 17:29:53 +01:00
Michal Privoznik
fd9514f8d2 Export virLease* functions for leases file handling
These functions are going to be reused very shortly. So instead
of duplicating the code, lets move them into utils module.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-18 17:29:53 +01:00
Jiri Denemark
1a0f076dd6 Use correct LDFLAGS for leaseshelper
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-03-03 13:23:46 +01:00
John Ferlan
de71e0e500 qemu: Move qemuAssign*Alias* API's into their own module
Create a new module qemu_alias.c to handle the qemuAssign*Alias* APIs
and the qemuDomainDeviceAliasIndex
2016-02-16 11:07:48 -05:00
John Ferlan
177db48734 qemu: Move qemuDomain*Address* functions
Create new modules qemu_domain_address.c and qemu_domain_address.h to
contain all the new functions and header data. Additionally move any
supporting static functions.

Make qemuDomainSupportsPCI non static.

Also, move and rename the following:

qemuSetSCSIControllerModel to qemuDomainSetSCSIControllerModel
qemuCollectPCIAddress to qemuDomainCollectPCIAddress
qemuValidateDevicePCISlotsPIIX3 to qemuDomainValidateDevicePCISlotsPIIX3
qemuAssignDevicePCISlots to qemuDomainAssignDevicePCISlots

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-02-16 11:07:47 -05:00
Andrea Bolognani
e76bef7f7b gic: Introduce virGICVersion enumeration
We currently blindly accept any numeric value as a GIC version, even
though only GIC v2 and GIC v3 actually exist; on the other hand, we
reject "host", which is a perfectly legitimate value for QEMU guests.

This new enumeration contains all GIC versions libvirt is aware of.
2016-02-16 14:58:58 +01:00
John Ferlan
d860b2f537 qemu: Split the command parsing routines into own module
Extract out the qemuParseCommandLine{String|Pid} into their own
separate module - taking with it all the various static functions.

Causes a ripple effect with a few other modules to include the
new qemu_parse_command.h.

Narrowed down the list of #include's in the split out module to
those that are necessary for build.
2016-02-10 15:21:37 -05:00
Pavel Hrdina
36785c7e77 device: cleanup input device code
The current code was a little bit odd.  At first we've removed all
possible implicit input devices from domain definition to add them later
back if there was any graphics device defined while parsing XML
description.  That's not all, while formating domain definition to XML
description we at first ignore any input devices with bus different to
USB and VIRTIO and few lines later we add implicit input devices to XML.

This seems to me as a lot of code for nothing.  This patch may look
to be more complicated than original approach, but this is a preferred
way to modify/add driver specific stuff only in those drivers and not
deal with them in common parsing/formating functions.

The update is to add those implicit input devices into config XML to
follow the real HW configuration visible by guest OS.

There was also inconsistence between our behavior and QEMU's in the way,
that in QEMU there is no way how to disable those implicit input devices
for x86 architecture and they are available always, even without graphics
device.  This applies also to XEN hypervisor.  VZ driver already does its
part by putting correct implicit devices into live XML.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-01-26 17:53:33 +01:00
Martin Kletzander
4b47f9b82c Fix make check with gcc version 5
When building with gcc-5 (particularly gcc-5.3.0 now) and having pdwtags
installed (package dwarves) make check fails with the following error:

  $ make lock_protocol-struct
  GEN      lock_protocol-struct
  --- lock_protocol-structs	2016-01-13 15:04:59.318809607 +0100
  +++ lock_protocol-struct-t3	2016-01-13 15:05:17.703501234 +0100
  @@ -26,10 +26,6 @@
           virLockSpaceProtocolNonNullString name;
           u_int                      flags;
   };
  -enum virLockSpaceProtocolAcquireResourceFlags {
  -        VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_SHARED = 1,
  -        VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE = 2,
  -};
   struct virLockSpaceProtocolAcquireResourceArgs {
           virLockSpaceProtocolNonNullString path;
           virLockSpaceProtocolNonNullString name;
  Makefile:10415: recipe for target 'lock_protocol-struct' failed
  make: *** [lock_protocol-struct] Error 1

That happens because without any specific options gcc doesn't keep enum
information in the resulting binary object.  I managed to isolate the
parameters of gcc that caused this issue to disappear, however I
remember that they influenced the resulting binaries quite a bit and
were definitely not something we would want to add as mandatory to the
build process.

So to deal with this cleanly, let's take that enum and separate it out
to its own header file.  Since it is only used in the lockd driver and
the protocol, lock_driver_lockd.h feels like a suitable name.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-01-18 15:19:21 +01:00
Jasper Lievisse Adriaanse
2b6f6ad64b Unify int types handling in protocol files
Some of the protocol files already include handing of the missing int
types such as xdr_uint64_t, some don't. To fix it everywhere, move out
of the appropriate defines to the utils/virxdrdefs.h file and include
it where needed.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
2016-01-11 19:56:06 +03:00
Cédric Bosdonnat
bec787ee9d Allow building lxc without virt-login-shell
Add a configure option to disable virt-login-shell build even if lxc is
enabled.
2015-12-17 15:49:06 +01:00
Martin Kletzander
2340f3ebfb admin: Distribute libvirt-admin.conf
Commit 48cd3dfa66 introduced configuration
file for libvirt-admin but forgot to distribute it.  Also the change
made to libvirt.conf in commit dbecb87f94
should've been removed thanks to introduction of separate config file.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-12-01 11:44:48 +01:00
Martin Kletzander
524492dcea admin: Include admin_remote.c in the dist package
Otherwise all builds from the package will fail.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-12-01 08:59:33 +01:00
Martin Kletzander
97c9ddefa1 build: Create needed folders without dependency tracking
The parameter --disable-dependency-tracking is supposed to speed up
one-time build due to the fact that it disables some dependency
extractors that, apparently, take longer time to execute.  That is a
problem for code that is generated into builddir (especially some
specific subdirectory) because the directory it should be installed to
does not exists in VPATH and without the dependency tracking is not
created.  Generating such file hence fails with -ENOENT.  In order to
keep generating files into builddir instead of srcdir, we must create
the directory ourselves.  This should finally fix the problem that is
being fixed multiple times since its introduction in commit a9fe620372
and let us continue with cleaning those parts of Makefiles that depend
on generating files into the srcdir rather than builddir as it should
be.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-11-30 15:48:17 +01:00
Michal Privoznik
90f3c0d717 conf: Split virDomainObjList into a separate file
Our domain_conf.* files are big enough. Not only they contain XML
parsing code, but they served as a storage of all functions whose
name is virDomain prefixed. This is just wrong as it gathers not
related functions (and modules) into one big file which is then
harder to maintain. Split virDomainObjList module into a separate
file called virdomainobjlist.[ch].

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-11-30 13:55:10 +01:00
Daniel P. Berrange
6bb575d128 logging: remove reference to non-existent augeas files
The libvirt_logd.aug and test_libvirt_logd.aug.in files
have never existed so shouldn't be in EXTRA_DIST. It was
a copy+paste mistake when closing virtlogd from virtlockd

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-27 14:24:25 +00:00
Daniel P. Berrange
37ed422404 logging: add client for virtlogd daemon
Add the virLogManager API which allows for communication with
the virtlogd daemon to RPC program. This provides the client
side API to open log files for guest domains.

The virtlogd daemon is setup to auto-spawn on first use when
running unprivileged. For privileged usage, systemd socket
activation is used instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-26 14:30:13 +00:00
Daniel P. Berrange
19e5db4ae2 logging: introduce log handling protocol
Define a new RPC protocol for the virtlogd daemon that provides
for handling of logs. The initial RPC method defined allows a
client to obtain a file handle to use for writing to a log
file for a guest domain. The file handle passed back will not
actually refer to the log file, but rather an anonymous pipe.
The virtlogd daemon will forward I/O between them, ensuring
file rotation happens when required.

Initially the log setup is hardcoded to cap log files at
128 KB, and keep 3 backups when rolling over, which gives
a max usage of 512 KB per guest.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-26 14:28:55 +00:00
Daniel P. Berrange
323a329b26 Import stripped down virtlockd code as basis of virtlogd
Copy the virtlockd codebase across to form the initial virlogd
code. Simple search & replace of s/lock/log/ and gut the remote
protocol & dispatcher. This gives us a daemon that starts up
and listens for connections, but does nothing with them.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-26 14:28:55 +00:00
Daniel P. Berrange
910e65d973 util: add APIs for reading/writing from/to rotating files
Add virRotatingFileReader and virRotatingFileWriter objects
which allow reading & writing from/to files with automation
rotation to N backup files when a size limit is reached. This
is useful for guest logging when a guaranteed finite size
limit is required. Use of external tools like logrotate is
inadequate since it leaves the possibility for guest to DOS
the host in between invokations of logrotate.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-26 14:28:55 +00:00
Eric Blake
4117e80332 build: include xdr cflags for libvirt-admin
Without this, building on cygwin fails with:

  CC       libvirt_admin_la-libvirt-admin.lo
libvirt-admin.c:25:21: fatal error: rpc/rpc.h: No such file or directory
 #include <rpc/rpc.h>
                     ^

Reported-by: Yaakov Selkowitz <yselkowi@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2015-10-13 14:39:08 -06:00
Andrea Bolognani
6c928996e6 src: Remove $(builddir) usage
Commit 4e8032272f used $(builddir) in the header search
path to fix a build issue; however, $(builddir) is not defined
by old autoconf versions such as the one available in CentOS 5,
resulting in the following error:

  cc1: error: /util: No such file or directory
  make[3]: *** [libvirt_driver_la-fdstream.lo] Error 1

Since $(builddir) is defined to always be '.', just use that
value directly instead.
2015-10-09 13:04:56 +02:00
Andrea Bolognani
4e8032272f src: Include $(builddir)/util in the header search path
Since a9fe620372, we are generating virkeymaps.h at build
time; however, we are not including $(builddir)/util in the
header search path, so when doing a VPATH build the compiler
is unable to locate the file.

make[2]: Entering directory
`/home/jenkins/libvirt/systems/libvirt-fedora-20/build/src'
  GEN      util/virkeymaps.h
  ...
  CC       util/libvirt_util_la-virkeycode.lo
  CC       util/libvirt_util_la-virkeyfile.lo
  CC       util/libvirt_util_la-virlockspace.lo
  CC       util/libvirt_util_la-virlog.lo
../../src/util/virkeycode.c:27:24: fatal error: virkeymaps.h: No such file or directory
 #include "virkeymaps.h"
                        ^
compilation terminated.
2015-10-09 09:40:37 +02:00
Maxim Nestratov
bd6ae7b8ab vz: remove storage driver as never used
In fact, it was never used as far as vz has no features supporting it.
That is why there will be no harm to anyone if we just remove this code to
prevent further misunderstanding and efforts to support dead code.

Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2015-10-06 18:22:47 +03:00
Maxim Nestratov
439f29e78c vz: remove network driver as never used
At the time this code was added we had intentions to support libvirt interface
to manage vz networks. In fact, it was never implemented completely to work
correctly that makes me think that there will be no harm to anyone if we just
rip it off. Moreover, in vz7 we started to use libvirt bridge network driver to
manage networks.

Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2015-10-06 18:22:47 +03:00
Martin Kletzander
a9fe620372 Do not distribute generated virkeymaps.h
We are distributing virkeymaps.h and all the tools needed to rebuild
that file.  On top of that, we are generating that file into the
$(srcdir) and that sometimes fails when trying to do make dist in VPATH
on rawhide fedora.  And we don't clean the file when maintainer-clean
make target is requested.  So let's not distribute the file and rather
let everyone rebuild it when needed and clean it when appropriate.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-10-06 15:10:36 +02:00
Luyao Huang
789bdd7dea Makefile: fix build fail when make rpm
Build fail and error like this:

  CC       qemu/libvirt_driver_qemu_impl_la-qemu_command.lo
qemu/qemu_capabilities.c:46:27: fatal error: qemu_capspriv.h: No such file or directory
 #include "qemu_capspriv.h"

Add qemu_capspriv.h to source.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2015-09-23 08:06:56 +02:00
Martin Kletzander
f05f005c8b qemu: Allow others to browse /var/lib/libvirt/qemu
Commit f1f68ca334 tried fixing running multiple domains under various
users, but if the user can't browse the directory, it's hard for the
qemu running under that user to create the monitor socket.

The permissions need to be fixed in two places in the spec file due to
support for both installations with and without driver modules.

Creating a directory with '$(MKDIR_P) -m' shouldn't fail even on systems
where autoconf needs to fallback to 'install-sh -d'.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-14 10:06:00 +02:00
Michal Privoznik
a0d2ceb32f src: Check for symbols ordering in ADMIN_SYM_FILES
Like we are checking for the correct order in SYM_FILES, we
should do the same for ADMIN_SYM_FILES.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-31 12:45:16 +02:00
Michal Privoznik
28fa50d226 src: Cleanup libvirt_admin.syms
It's a generated file, so after 'distclean' it should be gone.
But it isn't yet.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-31 11:37:45 +02:00
Michal Privoznik
74f11dd25b src: Check libvirt_admin.syms for exported symbols
We have this check rule in src/Makefile: check-symfile that
should check if all symbols we wanted to export are exported.
Moreover, if we are not exporting something more. Do the same
with libvirt_admin.syms.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-31 11:35:46 +02:00
ik.nitk
c27553b6e2 lxc: Inherit namespace feature
This patch adds feature for lxc containers to inherit namespaces.
This is very similar to what lxc-tools or docker provides.  Look
for "man lxc-start" and you will find that you can pass command
args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
networking option in which you can give --net=container:NAME_or_ID
as an option for sharing +namespace.

>From this patch you can add extra libvirt option to share
namespace in following way.

 <lxc:namespace>
   <lxc:sharenet type='netns' value='red'/>
   <lxc:shareipc type='pid' value='12345'/>
   <lxc:shareuts type='name' value='container1'/>
 </lxc:namespace>

The netns option is specific to sharenet. It can be used to
inherit from existing network namespace.

Co-authored: Daniel P. Berrange <berrange@redhat.com>
2015-08-26 11:28:30 +01:00
Guido Günther
a2c5d16a70 libvirt-admin: Generate symbols file
Since we're linking this into libvirtd we need some symbols to be public
but not part of the public API so mark them as
LIBVIRT_ADMIN_PRIVATE_<VERSION> as we do with libvirt.

Making all other symbols local makes sure we don't accidentally leak
unwanted ones.
2015-08-20 10:19:27 +02:00
Andrea Bolognani
ef770f0160 cpu: Rename {powerpc,ppc} => ppc64 (filesystem)
The driver only supports VIR_ARCH_PPC64 and VIR_ARCH_PPC64LE.

Just shuffling files around and updating the build system
accordingly. No functional changes.
2015-08-05 13:30:16 +02:00
Martin Kletzander
0aa81bbdc3 Escape left brace as new perl suggests
After upgrade to perl-5.22.0, it started complaining about one of our
scripts.  The thing is that even though it works, it wants all curly
brackets escaped properly.  The change is not functional, it merely gets
rid of the following error:

  Unescaped left brace in regex is deprecated, passed through in regex;
  marked by <-- HERE in m/^enum { <-- HERE / at -e line 3.

There is one more error like this that I'm getting, but it is because of
GNU automake bug #21001:

  https://debbugs.gnu.org/cgi/bugreport.cgi?bug=21001

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-07-20 10:35:18 +02:00
Maxim Nestratov
9156991668 parallels: substitute parallels with vz spec file and Makefile
Since we have changed the name of the driver to vz, let's
reference it as vz everywhere.

Signed-off-by: Maxim Nestratov <mnestratov@parallels.com>
2015-06-17 15:07:55 +03:00
Maxim Nestratov
e6d180f07f parallels: rename all parallels files and driver directory to vz
This patch moves all src/parallels/parallels* files to vz/vz*
and fixes build accordingly.
No functional changes.

Signed-off-by: Maxim Nestratov <mnestratov@parallels.com>
2015-06-17 15:07:55 +03:00
Martin Kletzander
55e0c840af Add libvirt-admin library
Initial scratch of the admin library.  It has its own virAdmConnectPtr
that inherits from virAbstractConnectPtr and thus trivially supports
error reporting.

There's pkg-config file added and spec-file adjusted as well.

Since the library should be "minimalistic" and not depend on any other
library, the list of files is especially crafted for it.  Most of them
could've been put to it's own sub-libraries that would be LIBADD'd to
libvirt_util, libvirt_net_rpc and libvirt_setuid_rpc_client to minimize
the number of object files being built, but that's a refactoring that
isn't the orginal aim of this commit.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:20 +02:00
Martin Kletzander
fb5a0d3388 Build client headers for admin protocol
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:20 +02:00
Martin Kletzander
8c8bed02af Add admin protocol
For now there are only CONNECT_OPEN and CONNECT_CLOSE procedures.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:20 +02:00
Martin Kletzander
fa14207368 Move daemon-related parts of virNetServer to virNetDaemon
This allows to have more servers in one daemon which helps isolating
some resources.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:19 +02:00
Martin Kletzander
5e55534b9a build: Remove unnecessarily repeated rules for syms -> def
Suggested-by: Michal Prívozník <mprivozn@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-15 17:12:59 +02:00
Pavel Fedin
dd42ff0795 Add missing XDR_FLAGS
Fixes build problems on x86_64-cygwin host for aarch64 target:
  CC       lxc/libvirt_driver_lxc_impl_la-lxc_monitor_protocol.lo
In file included from lxc/lxc_monitor_protocol.c:7:0:
lxc/lxc_monitor_protocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

  CC       rpc/libvirt_setuid_rpc_client_la-virnetmessage.lo
In file included from rpc/virnetmessage.h:24:0,
                 from rpc/virnetmessage.c:26:
rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

  CC       lxc/libvirt_lxc-lxc_monitor_protocol.o
In file included from lxc/lxc_monitor_protocol.c:7:0:
lxc/lxc_monitor_protocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
2015-05-23 16:59:47 -04:00
Laine Stump
d2a57815aa node device: prepare node_device_linux_sysfs.c to add more functions
This file contains only a single function, detect_scsi_host_caps(),
which is declared in node_device_driver.h and called from both the hal
and udev backends. Other things common to the hal and udev drivers
can be placed in that file though. As a prelude to adding further
functions, this patch renames the existing function to something
closer in line with other internal libvirt function names
(nodeDeviceSysfsGetSCSIHostCaps()), and puts the declarations into a
separate .h file.
2015-05-18 10:30:27 -04:00
Jim Fehlig
198cc1d339 libxl: provide integration with lock manager
Provide integration with libvirt's lock manager in the libxl driver.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-04-29 10:51:36 -06:00
Michael Chapman
206dbf3f0a qemuBlockJobEventProcess: move to new source file
We will want to use synchronous block jobs from qemu_migration as well,
so split this function out into a new source file.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2015-04-29 13:11:42 +02:00
Michal Privoznik
f58a3a51fc Cleanup srcdir usage
In a lot places we use path like this:

  $(srcdir)/../src/....

when in fact it can be:

  $(top_srcdir)/src/

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-27 16:03:31 +02:00
Cole Robinson
19425d110b qemu: Build nvram directory at driver startup
Similar to what was done for the channel socket in the previous commit.
2015-04-24 10:30:42 -04:00
Cole Robinson
e31ab02fd0 qemu: Build channel autosocket directory at driver startup
Rather than depend on the RPM to put it in place, since this doesn't
cover the qemu:///session case. Currently auto allocated socket path is
completely busted with qemu:///session

https://bugzilla.redhat.com/show_bug.cgi?id=1105274

And because we chown the directory at driver startup now, this also fixes
autosocket startup failures when using user/group=root

https://bugzilla.redhat.com/show_bug.cgi?id=1044561
https://bugzilla.redhat.com/show_bug.cgi?id=1146886
2015-04-24 10:30:42 -04:00
Jim Fehlig
d0baac09e6 libxl: Introduce configuration file for libxl driver
Introduce libxl.conf configuration file, adding the 'autoballoon'
setting as the first knob for controlling the libxl driver.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-04-21 14:23:40 -06:00
Michal Privoznik
96a21e975f Cleanup "/sys/class/net" usage
Throughout the code, we have several places need to construct a path
somewhere in /sys/class/net/... They are not consistent and nearly
each code piece invents its own way how to do it. So unify this by:

1) use virNetDevSysfsFile() wherever possible

2) At least use common macro SYSFS_NET_DIR declared in virnetdev.h at
   the rest of places which can't go with 1)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-04-15 16:43:28 +02:00
Amy Fong
237ffd1b1d build: fix race when creating the cpu_map.xml symlink
In some circumstances where the build tree differs from the source,
libvirt's compile will try to create the symlink for cpu_map.xml before
creating the directory $(abs_builddir)/cpu:

'src/cpu/cpu_map.xml': No such file or directory'

Do not create the symlink, it is no longer needed after
commit e562e82f
    Load CPU map from builddir when run uninstalled

Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2015-03-25 18:48:00 +01:00
Pavel Hrdina
3edbfc882a Makefile: fix typo
Commit 95695388 introduced new util/virthreadjob.c/h files but the
makefile has type that breaks rpm build.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-03-25 11:30:38 +01:00
Jiri Denemark
956953884e Add support for tracking thread jobs
Each thread can use a thread local variable to keep the name of a job
which is currently running in the job.

The virThreadJobSetWorker API is supposed to be called once by any
thread which is used as a worker, i.e., it is waiting in a pool, woken
up to do a job, and returned back to the pool.

The virThreadJobSet/virThreadJobClear APIs are to be called at the
beginning/end of each job.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-03-25 10:00:53 +01:00
Natanael Copa
6392a61036 Fix underlinking of libvirt_driver_interface.so
Always add udev linker flags when WITH_UDEV is enabled to avoid
underlinking.

See commit 43dbcb15 (interface: always build all available backends)

Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
2015-03-23 10:51:42 +01:00
Antoni Segura Puimedon
e1f6485694 util: functions to support binding/unbinding midonet virtualports
Adds the port type definitions and methods that will be used to bind
interfaces to the Midonet virtual ports.

virtnetdevmidonet.c adds the way to bind and unbind the ports by
calling into the Midonet Host Agent control command line (installed
with the midolman package).

Signed-off-by: Antoni Segura Puimedon <toni+libvirt@midokura.com>
2015-03-17 12:56:37 -04:00
Peter Krempa
fcee64e73c conf: Move numatune_conf to numa_conf
For a while now there are two places that gather information about NUMA
related guest configuration. While the XML can't be changed we can at
least store the data in one place in the definition.

Rename the numatune_conf.[ch] files to numa_conf as later patches will
move the rest of the definitions from the cpu definition to this one.
2015-02-20 17:43:03 +01:00
Jiri Denemark
bc6e206322 Search for schemas and cpu_map.xml in source tree
Not all files we want to find using virFileFindResource{,Full} are
generated when libvirt is built, some of them (such as RNG schemas) are
distributed with sources. The current API was not able to find source
files if libvirt was built in VPATH.

Both RNG schemas and cpu_map.xml are distributed in source tarball.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-02-19 15:25:04 +01:00
Daniel P. Berrange
55ea7be7d9 Removing probing of secondary drivers
For stateless, client side drivers, it is never correct to
probe for secondary drivers. It is only ever appropriate to
use the secondary driver that is associated with the
hypervisor in question. As a result the ESX & HyperV drivers
have both been forced to do hacks where they register no-op
drivers for the ones they don't implement.

For stateful, server side drivers, we always just want to
use the same built-in shared driver. The exception is
virtualbox which is really a stateless driver and so wants
to use its own server side secondary drivers. To deal with
this virtualbox has to be built as 3 separate loadable
modules to allow registration to work in the right order.

This can all be simplified by introducing a new struct
recording the precise set of secondary drivers each
hypervisor driver wants

struct _virConnectDriver {
    virHypervisorDriverPtr hypervisorDriver;
    virInterfaceDriverPtr interfaceDriver;
    virNetworkDriverPtr networkDriver;
    virNodeDeviceDriverPtr nodeDeviceDriver;
    virNWFilterDriverPtr nwfilterDriver;
    virSecretDriverPtr secretDriver;
    virStorageDriverPtr storageDriver;
};

Instead of registering the hypervisor driver, we now
just register a virConnectDriver instead. This allows
us to remove all probing of secondary drivers. Once we
have chosen the primary driver, we immediately know the
correct secondary drivers to use.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-01-27 12:02:04 +00:00
Daniel P. Berrange
220c01aa0a don't disable state driver when libvirtd is not built
A bunch of code is wrapped in #if WITH_LIBVIRTD in order to
enable the virStateDriver to be disabled when libvirtd is not
built. Disabling this code doesn't have any real functional
benefit beyond removing 1 pointer from the virConnectPtr struct,
while having a cost of many more conditionals.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-01-27 12:02:04 +00:00
Cédric Bosdonnat
ca481a6f8f Move code related to network routes to networkcommon_conf.[ch]
Moving code for parsing and formatting network routes to
networkcommon_conf helps reusing those routes for domains. The route
definition has been hidden to help reducing the number of unnecessary
checks in the format function.
2015-01-16 10:14:03 +01:00
Jim Fehlig
4689cdf779 Introduce support for parsing/formatting Xen xl config format
Introduce a parser/formatter for the xl config format.  Since the
deprecation of xm/xend, the VM config file format has diverged as
new features are added to libxl.  This patch adds support for parsing
and formating the xl config format.  It supports the existing xm config
format, plus adds support for spice graphics and xl disk config syntax.

Disk config is specified a bit differently in xl as compared to xm.  In
xl, disk config consists of comma-separated positional parameters and
keyword/value pairs separated by commas. Positional parameters are
specified as follows

   target, format, vdev, access

Supported keys for key=value options are

  devtype, backendtype

The positional paramters can also be specified in key/value form.  For
example the following xl disk config are equivalent

    /dev/vg/guest-volume,,hda
    /dev/vg/guest-volume,raw,hda,rw
    format=raw, vdev=hda, access=rw, target=/dev/vg/guest-volume

See $xen_sources/docs/misc/xl-disk-configuration.txt for more details.

xl disk config is parsed with the help of xlu_disk_parse() from
libxlutil, libxl's utility library.  Although the library exists
in all Xen versions supported by the libxl virt driver, only
recently has the corresponding header file been included.  A check
for the header is done in configure.ac.  If not found, xlu_disk_parse()
is declared externally.

Signed-off-by: Kiarie Kahurani <davidkiarie4@gmail.com>
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-01-14 08:28:50 -07:00
Jim Fehlig
f7a30375bd Revert "src/xenconfig: Xen-xl parser"
This reverts commit 2c78051a14.

Conflicts:
	src/Makefile.am

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-01-12 10:15:13 -07:00
Jim Fehlig
88e34a9479 Revert "src/Makefile.am: fix build breaker for xenconfig"
This reverts commit 703ef9667a.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-01-12 10:14:59 -07:00
Jim Fehlig
0f2cd69b5a Revert "build: fix xenconfig VPATH builds"
This reverts commit 1b21d30069.

Conflicts:
	src/Makefile.am

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-01-12 10:14:54 -07:00
Jim Fehlig
3ac24305a8 Revert "Revert "src/Makefile.am: fix build breaker for xenconfig""
This reverts commit e662968fd9.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-01-12 10:14:48 -07:00
Jim Fehlig
1cb2667c12 Revert "src/Makefile: move the new xen_xl_disk parser code at the correct place"
This reverts commit edacdb3d12.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-01-12 10:14:42 -07:00
Jim Fehlig
dc8f62a9f9 Revert "src/Makefile: Fix parallel build after xen_xl_disk parser introduction"
This reverts commit 533349ff43.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-01-12 10:14:37 -07:00
Eric Blake
76777f4863 maint: in src/Makefile.am, $(top_srcdir)/src is verbose
I noticed this while working on a previous commit.  Why should
we be calling out '../src/' when it is sufficient to refer to just
'./'?  Blind copy-and-paste runs rampant in this file :)

* src/Makefile.am (INCLUDES, *_CFLAGS): Shorten to $(srcdir).

Signed-off-by: Eric Blake <eblake@redhat.com>
2015-01-08 14:46:37 -07:00
Pavel Hrdina
533349ff43 src/Makefile: Fix parallel build after xen_xl_disk parser introduction
Well, the parallel build doesn't work as there are not dependencies
set correctly. When running 'make -j' I see this error:

make[2]: Entering directory '/home/zippy/work/libvirt/libvirt.git/src'
  GEN      util/virkeymaps.h
  GEN      locking/lock_protocol.h
make[2]: *** No rule to make target 'xenconfig/xen_xl_disk.h', needed by 'all'.  Stop.
make[2]: *** Waiting for unfinished jobs....
  GEN      lxc/lxc_controller_dispatch.h

The fix is to correctly set dependencies by letting make know that .c
and .h are to be generated from .l. Moreover, the section is moved
closer to the other section which uses it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-01-08 14:36:49 +01:00
Pavel Hrdina
edacdb3d12 src/Makefile: move the new xen_xl_disk parser code at the correct place
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-01-08 14:36:31 +01:00
Pavel Hrdina
e662968fd9 Revert "src/Makefile.am: fix build breaker for xenconfig"
This reverts commit 703ef9667a.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-01-08 14:34:59 +01:00
Eric Blake
1b21d30069 build: fix xenconfig VPATH builds
Ever since commit 2c78051 split out a helper library for the sake of
changing CFLAGS, a VPATH build with xenconfig enabled has failed:

  CC       xenconfig/libvirt_xenxldiskparser_la-xen_xl_disk.lo
  ../../src/xenconfig/xen_xl_disk.l:37:21: fatal error: xen_xl.h: No such file or directory
   # include "xen_xl.h"
             ^
  compilation terminated.
  Makefile:9462: recipe for target 'xenconfig/libvirt_xenxldiskparser_la-xen_xl_disk.lo' failed

The solution is to tell the build to look for xen_xl.h relative
to $(srcdir), since we keep that file under version control.

[Not fixed here - the raw use of -Wno-unused-parameter in CFLAGS
is NOT portable; ideally, we should be doing a configure test
and only supplying that argument when we know the compiler supports
-Wunused-parameter; but that's a patch for another day]

[Not fixed here - there are still issues with parallel builds hitting
a race between generating the files and trying to compile/distribute
them]

* src/Makefile.am (libvirt_xenxldiskparser_la_CFLAGS): Add another
include directory.

Signed-off-by: Eric Blake <eblake@redhat.com>
2015-01-07 16:57:40 -07:00
Pavel Hrdina
703ef9667a src/Makefile.am: fix build breaker for xenconfig
Commit 2c78051a introduced build breaker with type in Makefile.am by
specifying wrong header file.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-01-05 08:23:28 +01:00
Kiarie Kahurani
2c78051a14 src/xenconfig: Xen-xl parser
Introduce a Xen xl parser

This parser allows for users to convert the new xl disk format and
spice graphics config to libvirt xml format and vice versa. Regarding
the spice graphics config, the code is pretty much straight forward.
For the disk {formating, parsing}, this parser takes care of the new
xl format which include positional parameters and key/value parameters.
In xl format disk config a <diskspec> consists of parameters separated by
commas. If the parameters do not contain an '=' they are automatically
assigned to certain options following the order below

   target, format, vdev, access

The above are the only mandatory parameters in the <diskspec> but there
are many more disk config options. These options can be specified as
key=value pairs. This takes care of the rest of the options such as

  devtype, backend, backendtype, script, direct-io-safe,

The positional paramters can also be specified in key/value form
for example

    /dev/vg/guest-volume,,hda
    /dev/vg/guest-volume,raw,hda,rw
    format=raw, vdev=hda, access=rw, target=/dev/vg/guest-volume

are interpleted to one config.

In xm format, the above diskspec would be written as

phy:/dev/vg/guest-volume,hda,w

The disk parser is based on the same parser used successfully by
the Xen project for several years now.  Ian Jackson authored the
scanner, which is used by this commit with mimimal changes.  Only
the PREFIX option is changed, to produce function and file names
more consistent with libvirt's convention.

Signed-off-by: Kiarie Kahurani <davidkiarie4@gmail.com>
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-01-03 22:41:07 -07:00
Matthew Rosato
82977058f5 network: Bring netdevs online later
Currently, MAC registration occurs during device creation, which is
early enough that, during live migration, you end up with duplicate
MAC addresses on still-running source and target devices, even though
the target device isn't actually being used yet.
This patch proposes to defer MAC registration until right before
the guest can actually use the device -- In other words, right
before starting guest CPUs.

Signed-off-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: Laine Stump <laine@laine.org>
2014-12-10 15:09:01 -05:00
Conrad Meyer
ab6bd57b07 drvbhyve: Automatically tear down guest domains on shutdown
Reboot requires more sophistication and is left as a future work item --
but at least part of the plumbing is in place.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-12-04 11:03:13 +01:00
Michal Privoznik
233ecdea71 src/Makefile.am: Add forgotten backslash
As I've pushed 5892944f I haven't noticed one small nitpick.
There was this backslash missing on the line 1231 in the
enumeration of libraries to be added to vbox storage driver. This
resulted in nondeterministic build which sometimes succeeded and
sometimes failed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-10-29 04:32:43 +01:00
Taowei Luo
5892944fc8 vbox: New storage driver
This patch provides the new stroage driver for vbox. The work
is similar with patch 87dea4fc and the next b4022de33.
2014-10-29 01:21:41 +01:00
Taowei Luo
459886d41b vbox: Rewrite vbox-independent functions
This patch rewrites the following functions
    *vboxStorageOpen
    *vboxStorageClose
    *vboxConnectNumOfStoragePools
    *vboxConnectListStoragePools
    *vboxStoragePoolLookupByName

These functions do not call any vbox API, so I directly move it
from vbox_tmpl.c to vbox_storage.c

A small improvement is made on vboxConnectListStoragePools.
The if condition nnames == 1 is modified to nnames > 0. So if the
caller put more than one slot to get active storage pools, the new
function will return exactly one, while the old one would only
return 0.
2014-10-29 01:21:39 +01:00
Daniel P. Berrange
e8656ce13c Add new driver-*.h files to DRIVER_SOURCES
The recently added driver-*.h files were not listed in the
Makefile.am causing them to be missed when creating dists.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-10-24 17:39:48 +01:00
Daniel P. Berrange
0399b188ac Move virConnect/virNode related APIs out of libvirt.c
Introduce a src/libvirt-host.c file to hold all the
methods related to the virConnect type.
2014-10-24 16:59:58 +01:00
Daniel P. Berrange
67c08fccdc Move virDomain related APIs out of libvirt.c
Introduce a src/libvirt-domain.c file to hold all the
methods related to the virDomain type.
2014-10-24 16:59:56 +01:00
Daniel P. Berrange
36b5d006c1 Move virStorage{Pool,Vol} related APIs out of libvirt.c
Introduce a src/libvirt-storage.c file to hold all the
methods related to the virStorage{Pool,Vol} types.
2014-10-24 16:49:10 +01:00
Daniel P. Berrange
0c94d78bb5 Move virStream related APIs out of libvirt.c
Introduce a src/libvirt-stream.c file to hold all the
methods related to the virStream type.
2014-10-24 16:42:49 +01:00
Daniel P. Berrange
d83ccd6e61 Move virSecret related APIs out of libvirt.c
Introduce a src/libvirt-secret.c file to hold all the
methods related to the virSecret type.
2014-10-24 16:39:05 +01:00
Daniel P. Berrange
e33ed8cdfe Move virNodeDevice related APIs out of libvirt.c
Introduce a src/libvirt-nodedev.c file to hold all the
methods related to the virNodeDevice type.
2014-10-24 16:26:55 +01:00
Daniel P. Berrange
35ed98755f Move virNWFilter related APIs out of libvirt.c
Introduce a src/libvirt-nwfilter.c file to hold all the
methods related to the virNWFilter type.
2014-10-24 16:15:46 +01:00
Daniel P. Berrange
6e01ef230b Move virInterface related APIs out of libvirt.c
Introduce a src/libvirt-interface.c file to hold all the
methods related to the virInterface type.
2014-10-24 16:08:28 +01:00
Daniel P. Berrange
4e00b6bc6a Move virNetwork related APIs out of libvirt.c
Introduce a src/libvirt-network.c file to hold all the
methods related to the virNetwork type.
2014-10-24 16:00:21 +01:00
Daniel P. Berrange
62cf32d0c9 Move virDomainSnapshot related APIs out of libvirt.c
Introduce a src/libvirt-domain-snapshot.c file to hold all the
methods related to the virDomainSnapshot type.
2014-10-24 15:59:22 +01:00
Matthias Bolte
125007d373 esx: Add libcurl based stream driver
This allows to implement libvirt functions that use streams, such as
virDoaminScreenshot, without the need to store the downloaded data in
a temporary file first. The stream driver directly interacts with
libcurl to send and receive data.

The driver uses the libcurl multi interface that allows to do a transfer
in multiple curl_multi_perform() calls. The easy interface would do the
whole transfer in a single curl_easy_perform() call. This doesn't work
with the libvirt stream API that is driven by multiple calls to the
virStreamSend() and virStreamRecv() functions.

The curl_multi_wait() function is used to do blocking operations. But it
was added in libcurl 7.28.0. For older versions it is emulated using the
socket callback of the multi interface.

The current driver only supports blocking operations. There is already
some code in place for non-blocking mode but it is not complete.
2014-10-07 22:05:49 +02:00
Michal Privoznik
b4022de33a Makefile: Fix build without driver modules
After 87dea4fcf one can observe a build failure:

./autogen.sh --system --without-driver-modules && make

  CCLD     libvirtd
../src/.libs/libvirt_driver_vbox.a(libvirt_driver_vbox_impl_la-vbox_driver.o):
In function `vboxNetworkRegister':
/home/jtomko/work/libvirt/libvirt.git/src/vbox/vbox_driver.c:168: undefined
reference to `vboxGetNetworkDriver'
collect2: error: ld returned 1 exit status
make[3]: *** [libvirtd] Error 1

The problem is that when building without driver modules the VBOX
network driver is not linked into the the VBOX driver.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-10-03 13:59:12 +02:00
Taowei
87dea4fcff vbox: New network driver
This patch seperate the domain driver and the network driver.

libvirt_driver_vbox_impl.la has been linked in the network driver.
So that the version specified codes in vbox_V*.c would only be
compiled once.

The vboxGetNetworkDriver provides a simple interface to get vbox
network driver.
2014-10-03 10:43:04 +02:00
Taowei
cd7a5d8994 vbox: Rewrite vboxNetworkOpen 2014-10-03 10:43:03 +02:00
Taowei
fac5d061ed vbox: Interfaces for register per parties
The patch dbb4cbf532 by Michal has splited the vbox driver into
three parties. This modification brings a more suitable interface
to the previous patch.

The new function vboxGetDriver is introduced to get the
corresponding vbox domain driver directly thought the vbox version.

Functions like vboxGetNetworkDriver and vboxGetStorageDriver
will be introduced after rewriting it's drivers.

This patch, by the way, fixed the align problem for vbox in
Makefile.am
2014-10-03 10:43:03 +02:00
Dmitry Guryanov
e7bb373fdf parallels: login to parallels SDK
Add files parallels_sdk.c and parallels_sdk.h for code
which works with SDK, so libvirt's code will not mix with
dealing with parallels SDK.

To use Parallels SDK you must first call PrlApi_InitEx function,
and then you will be able to connect to a server with
PrlSrv_LoginLocalEx function. When you've done you must call
PrlApi_Deinit. So let's call PrlApi_InitEx on first .connectOpen,
count number of connections and deinitialize, when this counter
becomes zero.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-09-25 15:42:32 +02:00
Dmitry Guryanov
64018e0c83 parallels: build with parallels SDK
Executing prlctl command is not an optimal way to interact with
Parallels Cloud Server (PCS), it's better to use parallels SDK,
which is a remote API to paralles dispatcher service.

We prepared opensource version of this SDK and published it on
github, it's distributed under LGPL license. Here is a git repo:
https://github.com/Parallels/parallels-sdk.

To build with parallels SDK user should get compiler and linker
options from pkg-config 'parallels-sdk' file. So fix checks in
configure script and build with parallels SDK, if that pkg-config
file exists and add gcc options to makefile.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-09-25 15:42:32 +02:00
Daniel P. Berrange
c754257347 Convert remote daemon & acl code to use polkit API
Convert the remote daemon auth check and the access control
code to use the common polkit API for checking auth.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Daniel P. Berrange
1b854c76c7 Add common API for doing polkit authentication
There are now two places in libvirt which use polkit. Currently
they use pkexec, which is set to be replaced by direct DBus API
calls. Add a common API which they will both be able to use for
this purpose.

No tests are added at this time, since the impl will be gutted
in favour of a DBus API call shortly.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Michal Privoznik
742b08e30f qemu: Automatically create NVRAM store
When using split UEFI image, it may come handy if libvirt manages per
domain _VARS file automatically. While the _CODE file is RO and can be
shared among multiple domains, you certainly don't want to do that on
the _VARS file. This latter one needs to be per domain. So at the
domain startup process, if it's determined that domain needs _VARS
file it's copied from this master _VARS file. The location of the
master file is configurable in qemu.conf.

Temporary, on per domain basis the location of master NVRAM file can
be overridden by this @template attribute I'm inventing to the
<nvram/> element. All it does is holding path to the master NVRAM file
from which local copy is created. If that's the case, the map in
qemu.conf is not consulted.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2014-09-10 09:38:07 +02:00
Michal Privoznik
dbb4cbf532 vbox: Register per partes
Since times when vbox moved to the daemon (due to some licensing
issue) the subdrivers that vbox implements were registered, but not
opened since our generic subdrivers took priority. I've tried to fix
this in 65b7d553f3 but it was not correct. Apparently moving
vbox driver registration upfront changes the default connection URI
which makes some users sad. So, this commit breaks vbox into pieces
and register vbox's network and storage drivers first, and vbox driver
then at the end. This way, the vbox driver is registered in the order
it always was, but its subdrivers are registered prior the generic
ones.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-08-27 08:05:25 +02:00
Jim Fehlig
337a136282 src/xenconfig: move common parsing/formatting to xen_common
XM and XL config are very similar.  Disks are specified differently
in XL, but the old XM disk config is still supported by XL.  XL also
supports new config like spice that was never supported by XM.

This patch moves all the common parsing and formatting functions to
the new file xen_common.c and adapts the XM parser/formatter accordingly.
This restructuring paves way for introducing an XL parser/formatter in
the future.

While moving the code, fixup whitespace, comments, and style issues.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-08-18 20:47:38 -06:00
Jim Fehlig
870c90c70f xen: rename xenxs to xenconfig
src/xenxs contains parsing/formating functions for the various xen
config formats, and is better named src/xenconfig.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-08-18 20:36:24 -06:00
Taowei
7f0f415b87 vbox: Begin to rewrite, vboxConnectOpen
Introduce vbox_uniformed_api to deal with version conflicts. Use
vbox_install_api to register the currect vboxUniformedAPI with
vbox version.

vboxConnectOpen has been rewritten.
2014-08-15 09:25:09 +02:00
Roman Bogorodskiy
0257d06ba4 storage: ZFS support
Implement ZFS storage backend driver. Currently supported
only on FreeBSD because of ZFS limitations on Linux.

Features supported:

 - pool-start, pool-stop
 - pool-info
 - vol-list
 - vol-create / vol-delete

Pool definition looks like that:

 <pool type='zfs'>
  <name>myzfspool</name>
  <source>
    <name>actualpoolname</name>
  </source>
 </pool>

The 'actualpoolname' value is a name of the pool on the system,
such as shown by 'zpool list' command. Target makes no sense
here because volumes path is always /dev/zvol/$poolname/$volname.

User has to create a pool on his own, this driver doesn't
support pool creation currently.

A volume could be used with Qemu by adding an entry like this:

    <disk type='volume' device='disk'>
      <driver name='qemu' type='raw'/>
      <source pool='myzfspool' volume='vol5'/>
      <target dev='hdc' bus='ide'/>
    </disk>
2014-08-12 19:40:20 +04:00
Martin Kletzander
293d5f21b6 numatune: create new module for numatune
There are many places with numatune-related code that should be put
into special numatune_conf and this patch creates a basis for that.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-07-16 20:15:45 +02:00
Roman Bogorodskiy
5559a8b838 util: virstatslinux: make more generic
Rename linuxDomainInterfaceStats to virNetInterfaceStats in order
to allow adding platform specific implementations without
making consumer worrying about specific implementation to be used.

Also, rename util/virstatslinux.c to util/virstats.c so placing
other platform specific implementations into this file don't
look unexpected from the file name.
2014-07-15 22:00:59 +04:00
Michal Privoznik
614581f32b Introduce domain_capabilities
This new module holds and formats capabilities for emulator. If you
are about to create a new domain, you may want to know what is the
host or hypervisor capable of. To make sure we don't regress on the
XML, the formatting is not something left for each driver to
implement, rather there's general format function.

The domain capabilities is a lockable object (even though the locking
is not necessary yet) which uses reference counter.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-07-03 12:22:37 +02:00
Martin Kletzander
fb62d31151 build: link libvirt_conf with libxml
Since there is code using functions from the libxml library,
libvirt_conf should have that in LIBADD so it can be linked against
even without libvirt_util (which usually deals with the error itself,
since libvirt_util has libxml in LIBADD).  The same applies to
storage_backend.c.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-07-01 17:24:27 +02:00
Jim Fehlig
dc16534213 build: fix 'make syntax-check' after commit c6cf5df3
The commit caused prohibit_long_lines to fail in src/Makefile.am.
2014-06-30 18:48:19 -06:00
Jim Fehlig
c6cf5df32a vbox: fix linker error
Noticed the following error when building the vbox driver
in the openSUSE build service

CCLD     vboxsnapshotxmltest
/usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld:
../src/.libs/libvirt_driver_vbox_impl.a
(libvirt_driver_vbox_impl_la-vbox_snapshot_conf.o):
undefined reference to symbol 'xmlXPathRegisterNs@@LIBXML2_2.4.30'
/usr/lib64/libxml2.so: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status

Fixed by adding LIBXML_LIBS to libvirt_driver_vbox_impl_la_LIBADD
2014-06-30 16:34:46 -06:00
Roman Bogorodskiy
aad479dc4e bhyve: implement PCI address allocation
Automatically allocate PCI addresses for devices instead
of hardcoding them in the driver code. The current
allocation schema is to dedicate an entire slot for each devices.

Also, allow having arbitrary number of devices.
2014-06-13 19:25:27 +04:00
Michal Privoznik
0311ef3d65 node_device: Expose link state & speed
While exposing the info under <interface/> in previous patch works, it
may work only in cases where interface is configured on the host.
However, orchestrating application may want to know the link state and
speed even in that case. That's why we ought to expose this in nodedev
XML too:

virsh # nodedev-dumpxml net_eth0_f0_de_f1_2b_1b_f3
<device>
  <name>net_eth0_f0_de_f1_2b_1b_f3</name>
  <path>/sys/devices/pci0000:00/0000:00:19.0/net/eth0</path>
  <parent>pci_0000_00_19_0</parent>
  <capability type='net'>
    <interface>eth0</interface>
    <address>f0🇩🇪f1:2b:1b:f3</address>
    <link speed='1000' state='up'/>
    <capability type='80203'/>
  </capability>
</device>

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-11 10:59:39 +02:00
Michal Privoznik
b2019ee470 interface_backend_udev: Implement link speed & state
In the previous commit the helper function was prepared, so now
we can wire it up and benefit from it. The Makefile change is
required because we're including virnedev,h which includes
virnetlink.h which tries to include netlink/msg.h. However this
file is not under /usr/include directly but is dependent on libnl
used.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-11 09:57:45 +02:00
Yohan BELLEGUIC
4dc5d8f100 Add vbox_snapshot_conf struct
This structure contains the data to be saved in the VirtualBox XML file
and can be manipulated with severals exposed functions.
The structure is created by vboxSnapshotLoadVboxFile taking the
machine XML file.
It also can rewrite the XML by using vboxSnapshotSaveVboxFile.
2014-06-10 15:07:36 +01:00
Jim Fehlig
9b8d6e1eef libxl: add migration support
This patch adds initial migration support to the libxl driver,
using the VIR_DRV_FEATURE_MIGRATION_PARAMS family of migration
functions.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-06-04 21:01:07 -06:00
Peter Krempa
713cc3b0a7 storage: Move virStorageFileGetMetadata to the storage driver
My future work will modify the metadata crawler function to use the
storage driver file APIs to access the files instead of accessing them
directly so that we will be able to request the metadata for remote
files too. To avoid linking the storage driver to every helper file
using the utils code, the backing chain traversal function needs to be
moved to the storage driver source.

Additionally the virt-aa-helper and virstoragetest programs need to be
linked with the storage driver as a result of this change.
2014-06-03 09:27:23 +02:00
Nehal J Wani
baafe668fa Add helper program to create custom leases
Introduce helper program to catch events from dnsmasq and maintain a custom
lease file per network. It supports dhcpv4 and dhcpv6. The file is saved as
"<interface-name>.status".

Each lease contains the following info:
<expiry-time (epoch time)> <mac> <iaid> <ip-address> <hostname> <clientid>

Example of custom leases file content:
[
    {
        "iaid": "1221229",
        "ip-address": "2001:db8:ca2:2:1::95",
        "mac-address": "52:54:00:12:a2:6d",
        "hostname": "Fedora20",
        "client-id": "00:04:1a:c1:d9:6b:5a:0a:e2:bc:f8:4b:1e:37:2e:38:22:55",
        "expiry-time": 1393244216
    },
    {
        "ip-address": "192.168.150.208",
        "mac-address": "52:54:00:11:56:b3",
        "hostname": "Wani-PC",
        "client-id": "01:52:54:00:11:56:b3",
        "expiry-time": 1393244248
    }
]

src/Makefile.am:
   * Add options to compile the helper program

src/network/bridge_driver.c:
   * Introduce networkDnsmasqLeaseFileNameCustom()
   * Invoke helper program along with dnsmasq
   * Delete the .status file when corresponding n/w is destroyed.

src/network/leaseshelper.c
   * Helper program to create the custom lease file
2014-06-02 11:45:10 +01:00
Roman Bogorodskiy
353cf3707a qemu: extract common PCI handling functions
Move sharable PCI handling functions to domain_addr.[ch], and
change theirs prefix from 'qemu' to 'vir':

 - virDomainPCIAddressAsString;
 - virDomainPCIAddressBusSetModel;
 - virDomainPCIAddressEnsureAddr;
 - virDomainPCIAddressFlagsCompatible;
 - virDomainPCIAddressGetNextSlot;
 - virDomainPCIAddressReleaseSlot;
 - virDomainPCIAddressReserveAddr;
 - virDomainPCIAddressReserveNextSlot;
 - virDomainPCIAddressReserveSlot;
 - virDomainPCIAddressSetFree;
 - virDomainPCIAddressSetGrow;
 - virDomainPCIAddressSlotInUse;
 - virDomainPCIAddressValidate;

The only change here is function names, the implementation itself
stays untouched.

Extract common allocation code from DomainPCIAddressSetCreate
into virDomainPCIAddressSetAlloc.
2014-05-13 20:17:54 +04:00
Roman Bogorodskiy
c453f2d076 qemu: extract PCI handling structs
Introduce new files (domain_addr.[ch]) to provide
an API for domain device handling that could be
shared across the drivers.

A list of data types were extracted and moved there:

 qemuDomainPCIAddressBus -> virDomainPCIAddressBus
 qemuDomainPCIAddressBusPtr -> virDomainPCIAddressBusPtr
 _qemuDomainPCIAddressSet -> virDomainPCIAddressSet
 qemuDomainPCIAddressSetPtr -> virDomainPCIAddressSetPtr
 qemuDomainPCIConnectFlags -> virDomainPCIConnectFlags

Also, move the related definitions and macros.
2014-05-13 20:10:20 +04:00
Dwight Engen
014f317b71 build: -avoid-version on libvirt_driver_nwfilter
This fixes the following make rpm warning:

warning: Installed (but unpackaged) file(s) found:
   /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so.0
   /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so.0.0.0

introduced in comit 8d559864

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-26 22:38:22 -06:00
Daniel P. Berrange
8d55986427 Convert nwfilter ebiptablesAllTeardown to virFirewall
Convert the nwfilter ebiptablesAllTeardown method to use the
virFirewall object APIs instead of creating shell scripts
using virBuffer APIs. This provides a performance improvement
through allowing direct use of firewalld dbus APIs and will
facilitate automated testing.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 15:44:09 +01:00
Daniel P. Berrange
3a0ca7de51 Introduce an object for managing firewall rulesets
The network and nwfilter drivers both have a need to update
firewall rules. The currently share no code for interacting
with iptables / firewalld. The nwfilter driver is fairly
tied to the concept of creating shell scripts to execute
which makes it very hard to port to talk to firewalld via
DBus APIs.

This patch introduces a virFirewallPtr object which is able
to represent a complete sequence of rule changes, with the
ability to have multiple transactional checkpoints with
rollbacks. By formally separating the definition of the rules
to be applied from the mechanism used to apply them, it is
also possible to write a firewall engine that uses firewalld
DBus APIs natively instead of via the slow firewalld-cmd.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 15:44:09 +01:00
Daniel P. Berrange
bc46c7fb92 Move virNWFilterTechDriver struct out of nwfilter_conf.h
The virNWFilterTechDriver struct is nothing to do with the nwfilter
XML configuration. It stores data specific to the driver implementation
so should be in a header in the driver directory instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 15:44:09 +01:00
Daniel P. Berrange
63a92e7220 Add helpers for resolving path to resources in build tree
Add virFileFindResource which will try to locate files
in the local build tree if the calling binary (eg libvirtd or
test suite) is being run from the build tree. The corresponding
virFileActivateDirOverride should be called at startup passing
in argv[0]. This will be examined for evidence of libtool magic
binary prefix / sub-directory in order to activate the override.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 11:42:28 +01:00
Wojciech Macek
b15a2bbd64 bhyve: create capabilities submodule
- Move all capabilities functions to separate file
- Add initCPU
2014-04-07 15:34:53 +02:00
Eric Blake
885ac290ea util: don't support loopback and nbd when setuid
The only remaining reason that virt-login-shell was trying to
link against virstoragefile was because of a call to
virStorageFileFormatTypeToString when spawning a qemu-nbd
process - but setuid processes shouldn't be spawning qemu-nbd.

* src/util/virfile.c (virFileLoopDeviceAssociate)
(virFileNBDDeviceAssociate): Cripple in setuid builds.
* src/Makefile.am (libvirt_setuid_rpc_client_la_SOURCES):
Drop virstoragefile from the list.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-01 10:38:14 -06:00
Eric Blake
8fc328592c conf: move storage encryption type to util/
Encryption keys can be associated with each source file in a
backing chain; as such, this file belongs more in util/ where
it can be used by virstoragefile.h.

* src/conf/storage_encryption_conf.h: Rename...
* src/util/virstorageencryption.h: ...to this.
* src/conf/storage_encryption_conf.c: Rename...
* src/util/virstorageencryption.c: ...to this.
* src/Makefile.am (ENCRYPTION_CONF_SOURCES, CONF_SOURCES)
(UTIL_SOURCES): Update to new file names.
* src/libvirt_private.syms: Likewise.
* src/conf/domain_conf.h: Update client.
* src/conf/storage_conf.h: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-01 10:38:13 -06:00
Eric Blake
3e92938656 conf: split security label structs to util/
In order to reuse the newly-created host-side disk struct in
the virstoragefile backing chain code, I first have to move
it to util/.  This starts the process, by first moving the
security label structures.

* src/conf/domain_conf.h (virDomainDefGenSecurityLabelDef)
(virDomainDiskDefGenSecurityLabelDef, virSecurityLabelDefFree)
(virSecurityDeviceLabelDefFree, virSecurityLabelDef)
(virSecurityDeviceLabelDef): Move...
* src/util/virseclabel.h: ...to new file.
(virSecurityLabelDefNew, virSecurityDeviceLabelDefNew): Rename the
GenSecurity functions.
* src/qemu/qemu_process.c (qemuProcessAttach): Adjust callers.
* src/security/security_manager.c (virSecurityManagerGenLabel):
Likewise.
* src/security/security_selinux.c
(virSecuritySELinuxSetSecurityFileLabel): Likewise.
* src/util/virseclabel.c: New file.
* src/conf/domain_conf.c: Move security code, and fix fallout.
* src/Makefile.am (UTIL_SOURCES): Build new file.
* src/libvirt_private.syms (domain_conf.h): Move symbols...
(virseclabel.h): ...to new section.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-01 10:38:12 -06:00
Ján Tomko
5e1d5dded2 Move functions using iscsiadm to viriscsi.c
Remove the 'StorageBackend' from names of the functions and fix
indentation.
2014-03-20 18:04:50 +01:00
Jiri Denemark
dcb69a183a build: Make sure src/util/virprobe.h is distributed
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-03-19 14:54:45 +01:00
Jiri Denemark
9aef4d96e0 build: Fix build with old automake
Ancient automake (such as from RHEL5) does not provide abs_srcdir and
abs_builddir variables which are used by a recent commit of mine
(e562e82).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-03-19 13:47:14 +01:00
Roman Bogorodskiy
d148a3e751 Fix build with qemu driver disabled
Do not include test_libvirt_lockd.aug when configured without qemu
driver.

https://bugzilla.redhat.com/show_bug.cgi?id=1071777
2014-03-14 14:49:46 +01:00
Jiri Denemark
e562e82f76 Load CPU map from builddir when run uninstalled
When libvirtd is run from a build directory without being installed, it
should not depend on files from a libvirt package installed in the
system. Not only because there may not be any libvirt installed at all.
We already do a good job for plugins but cpu_map.xml was still loaded
from the system.

The Makefile.am change is necessary to make this all work from VPATH
builds since libvirtd has no idea where to find libvirt sources. It only
knows the path from which it was started, i.e, a builddir.

https://bugzilla.redhat.com/show_bug.cgi?id=1074327
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-03-12 16:31:57 +01:00
Ján Tomko
7b91dc3ecd Introduce vircommandpriv.h for functions used by tests
So far it's just virCommandSetDryRun.
2014-03-12 15:53:16 +01:00
Daniel P. Berrange
cfb92c9b0c Remove broken error reporting in QEMU mac filtering
The qemu_bridge_filter.c file had some helpers for calling
the ebtablesXXX functions todo bridge filtering. The only
thing these helpers did was to overwrite the original error
message from the ebtables code. For added fun, the callers
of these helpers overwrote the errors yet again. For even
more fun, one of the helpers called another helper and
overwrite its errors too.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 11:04:55 +00:00
Daniel P. Berrange
3a7fe8d508 Add helper APIs for generating cryptographic hashes
GNULIB provides APIs for calculating md5 and sha256 hashes,
but these APIs only return you raw byte arrays. Most users
in libvirt want the hash in printable string format. Add
some helper APIs in util/vircrypto.{c,h} for doing this.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-10 16:39:18 +00:00
Chunyan Liu
6b4c0a635e add virhostdev files to maintain global state of host devices
Signed-off-by: Chunyan Liu <cyliu@suse.com>
2014-03-04 12:28:45 +00:00
Michal Privoznik
68954fb25c virNetServerRun: Notify systemd that we're accepting clients
Systemd does not forget about the cases, where client service needs to
wait for daemon service to initialize and start accepting new clients.
Setting a dependency in client is not enough as systemd doesn't know
when the daemon has initialized itself and started accepting new
clients. However, it offers a mechanism to solve this. The daemon needs
to call a special systemd function by which the daemon tells "I'm ready
to accept new clients". This is exactly what we need with
libvirtd-guests (client) and libvirtd (daemon). So now, with this
change, libvirt-guests.service is invoked not any sooner than
libvirtd.service calls the systemd notify function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-24 10:54:48 +01:00
Roman Bogorodskiy
0eb4a5f4f1 bhyve: add a basic driver
At this point it has a limited functionality and is highly
experimental. Supported domain operations are:

  * define
  * start
  * destroy
  * dumpxml
  * dominfo

It's only possible to have only one disk device and only one
network, which should be of type bridge.
2014-02-19 14:21:50 +00:00
Cédric Bosdonnat
7195c807b2 LXC driver: started implementing connectDomainXMLFromNative
This function aims at converting LXC configuration into a libvirt
domain XML description to help users migrate from LXC to libvirt.

Here is an example of how the lxc configuration works:
virsh -c lxc:/// domxml-from-native lxc-tools /var/lib/lxc/migrate_test/config

It is possible that some parts couldn't be properly mapped into a
domain XML fragment, so users should carefully review the result
before creating the domain.

fstab files in lxc.mount lines will need to be merged into the
configuration file as lxc.mount.entry.

As we can't know the amount of memory of the host, we have to set a
default value for max_balloon that users will probably want to adjust.
2014-02-12 17:52:46 +00:00
John Ferlan
4a2179ea92 utils: Introduce functions for kernel module manipulation
virKModConfig()        - Return a buffer containing kernel module configuration
virKModLoad()          - Load a specific module into the kernel configuration
virKModUnload()        - Unload a specific module from the kernel configuration
virKModIsBlacklisted() - Determine whether a module is blacklisted within
                         the kernel configuration
2014-02-04 08:52:27 -05:00
Daniel P. Berrange
0240d94c36 Remove windows thread implementation in favour of pthreads
There are a number of pthreads impls available on Win32
these days, in particular the mingw64 project has a good
impl. Delete the native windows thread implementation and
rely on using pthreads everywhere.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-01-30 18:00:20 +00:00
Daniel P. Berrange
94e0906839 Skip check-augeas-lockd when QEMU is disabled
The check-augeas-lockd test depends on the file
locking/qemu-lockd.conf, so must be skipped when QEMU
is disabled.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-01-30 18:00:20 +00:00
Ján Tomko
b3b44c572c Move test-local declarations to nodeinfopriv.h
linuxNodeInfoCPUPopulate is only used in the nodeinfo.c file
and in the test suite.
2014-01-27 11:04:02 +01:00
Jean-Baptiste Rouault
bb85da2cb1 vbox: add support for v4.2.20+ and v4.3.4+
Bugs have been found in the VirtualBox API C bindings. These bugs have
been fixed in versions 4.2.20 and 4.3.4. However, the changes in the
C bindings are incompatible with the vbox_CAPI_v4_2.h and vbox_CAPI_v4_3.h
files which are bundled in libvirt source code.
This is why the following patch adds vbox_CAPI_v4_2_20.h and
vbox_CAPI_v4_3_4.h.

The actual underlying problem here is that until now,
libvirt assumed that VirtualBox API can only change between minor
versions (4.2 -> 4.3), but we have a case here where it changed
(or got fixed) between patch versions (4.2.18 -> 4.2.20).

This patch makes the VBOX_API_VERSION represent the full API
version number (i.e 4002 => 4002000) so there are specific version
numbers for Vbox 4.2.20 (4002020) and 4.3.4 (4003004)
2014-01-22 23:12:52 +01:00
Laine Stump
00e9d6071b build: add $(prefix) to SYSTEMD_UNIT_DIR
I noticed this problem when adding systemd support to netcf, because I
setup the configure.ac to automatically prefer using systemd over
initscripts when possible - although I had copied the
install-data-local target from the example of libvirt's
"libvirt-guests" service more or less verbatim, "make distcheck" would
fail because it was trying to install the service file directly into
/lib/systemd/system rather than into
/home/user/some/unimportant/name/lib/systemd/system.

This is caused by the install/uninstall rules for the systemd unit
files relying on $(DESTDIR) pointing the installed files to the right
place, but in reality $(DESTDIR) is empty during this part of make
distcheck - it instead sets $(prefix) with the toplevel directory used
for its test build/install/uninstall cycle.

(This problem hasn't been seen when running "make distcheck" in
libvirt because libvirt will never build/install systemd support
unless explicitly told to do so on the configure commandline, and
"make distcheck" doesn't put the "--with-initscript=..." option on the
configure commandline.)

I verified that the same problem does exist in libvirt by modifying
libvirt's configure.ac to set:

  init_systemd=yes
  with_init_script=systemd+redhat

This forces a build/install of the systemd unit files during
distcheck, which yields an error like this:

/usr/bin/install -c -m 644 virtlockd.service \
  /lib/systemd/system/
libtool: install: warning: relinking `libvirt-qemu.la'
/usr/bin/install: cannot remove '/lib/systemd/system/virtlockd.service': Permission denied
make[4]: *** [install-systemd] Error 1

After adding $(prefix) to all the definitions of SYSTEMD_UNIT_DIR,
make distcheck now completes successfully with the modified
configure.ac, and the above lines change to something like this:

/usr/bin/install -c -m 644 virtlockd.service \
  /home/laine/devel/libvirt/libvirt-1.2.1/_inst/lib/systemd/system/
2014-01-21 13:19:46 +02:00
Cédric Bosdonnat
9ff38c5428 Added Network events API and virNetworkEventLifecycle.
Define the public API for (de-)registering network events
and the callbacks for receiving lifecycle events. The lifecycle
event includes a 'detail' parameter to match the domain lifecycle
event data, but this is currently unused.

The network events related code goes into its own set of internal
files src/conf/network_event.[ch]
2013-12-11 13:10:41 +00:00
Cédric Bosdonnat
620103feaf Extracted common parts of domain_event.[ch] to object_event.[ch] 2013-12-10 13:12:35 +00:00
Eric Blake
318ea3cb77 storage: initial support for linking with libgfapi
We support gluster volumes in domain XML, so we also ought to
support them as a storage pool.  Besides, a future patch will
want to take advantage of libgfapi to handle the case of a
gluster device holding qcow2 rather than raw storage, and for
that to work, we need a storage backend that can read gluster
storage volume contents.  This sets up the framework.

Note that the new pool is named 'gluster' to match a
<disk type='network'><source protocol='gluster'> image source
already supported in a <domain>; it does NOT match the
<pool type='netfs'><source><target type='glusterfs'>,
since that uses a FUSE mount to a local file name rather than
a network name.

This and subsequent patches have been tested against glusterfs
3.4.1 (available on Fedora 19); there are likely bugs in older
versions that may prevent decent use of gfapi, so this patch
enforces the minimum version tested.  A future patch may lower
the minimum.  On the other hand, I hit at least two bugs in
3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
raising the minimum: glfs_readdir is nicer to use than
glfs_readdir_r [1], and glfs_fini should only return failure on
an actual failure [2].

[1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
[2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html

* configure.ac (WITH_STORAGE_GLUSTER): New conditional.
* m4/virt-gluster.m4: new file.
* libvirt.spec.in (BuildRequires): Support gluster in spec file.
* src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
type.
* src/conf/storage_conf.c (poolTypeInfo): Treat similar to
sheepdog and rbd.
(virStoragePoolDefFormat): Don't output target for gluster.
* src/storage/storage_backend_gluster.h: New file.
* src/storage/storage_backend_gluster.c: Likewise.
* po/POTFILES.in: Add new file.
* src/storage/storage_backend.c (backends): Register new type.
* src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
* src/storage/storage_backend.h (_virStorageBackend): Documet
assumption.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 11:02:52 -07:00
Ryota Ozaki
c677ee8529 vbox: add support for 4.3 APIs
Makefile.am, vbox_V4_3.c and vbox_driver.c do regular
modifitions to support a new version of APIs.

vbox_tmpl.c basically fixes incompatibilities since 4.2.

The affected incompatibilities of 4.3 are:
* IMachine::Delete() has been renamed to IMachine::deleteConfig()
* IMedium::CreateBaseStorage() now accepts multiple variant values
* IDisplay::GetScreenResolution() now returns the display position
  in the guest
* IMachine now has multiple IUSBControllers and IUSBDeviceFilters
  handles USB device filters instead of (obsolete) IUSBController

This patch is tested on Mac OS X 10.8.5 and Fedora 19.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
2013-11-25 13:25:37 +02:00
Guido Günther
12dc729a71 virt-login-shell: also build virAtomic.h
Needed for architectures that don't use gcc atomic ops but pthread. This
fixes the armel build that otherwise breaks like:

 CCLD     virt-login-shell
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virClassNew':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:150: undefined reference to `virAtomicLock'
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectNew':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:202: undefined reference to `virAtomicLock'
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectUnref':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:274: undefined reference to `virAtomicLock'
 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectRef':
 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:295: undefined reference to `virAtomicLock'
 collect2: error: ld returned 1 exit status

See https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=armel&ver=1.1.4-1&stamp=1383588268
2013-11-05 19:44:27 +01:00
Jim Fehlig
5a0ea4b7b9 build: fix linking virt-login-shell
After commit 3e2f27e1, I've noticed build failures of virt-login-shell
when libapparmor-devel is installed on the build host

CCLD     virt-login-shell
../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o):
In function `virExec':
/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined
reference to `aa_change_profile'
collect2: error: ld returned 1 exit status

I was about to commit an easy fix under the build-breaker rule
(build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS
to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it
makes sense (build-fix-2.patch).

Should I just stick with the simple fix, or is something along the lines
of patch 2 preferred?

Regards,
Jim

>From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Mon, 21 Oct 2013 15:30:02 -0600
Subject: [PATCH] build: fix virt-login-shell build with apparmor

With libapparmor-devel installed, virt-login-shell fails to link

CCLD     virt-login-shell
../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec':
/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile'
collect2: error: ld returned 1 exit status

Fix by linking libvirt_setuid_rpc_client with previously determined
SECDRIVER_LIBS in src/Makefile.am.  While at it, introduce SECDRIVER_CFLAGS
and use both throughout src/Makefile.am where it makes sense.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2013-10-22 15:50:47 +01:00
Daniel P. Berrange
3e2f27e13b Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
Pranavkumar Sawargaonkar
5cb6816715 AArch64: CPU Support for AArch64 (ARMv8 64bit).
Adding CPU encoder/decoder for AArch64.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>

(crobinso: fix for recent libvirt Ptr refactoring)
2013-10-15 16:59:26 -04:00
Daniel P. Berrange
ae9a0485ae Make LXC controller use a private dbus connection & close it
The LXC controller uses dbus to talk to systemd to create
cgroups. This means that each LXC controller instance has
a dbus connection. The DBus daemon is limited to 256
connections by default and we want to be able to run many
1000 of containers.

While the dbus limit could be raised in the config files,
it is simpler to make libvirt LXC controller close its
dbus connection once everything is configured.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-14 10:31:01 +01:00
Eric Blake
bdc55cc7d2 build: fix build --without-remote
I tried to test ./configure --without-lxc --without-remote.
First, the build failed with some odd errors, such as an
inability to build xen, or link failures for virNetTLSInit.
But when you think about it, once there is no remote code,
all of libvirtd is useless, any stateful driver that depends
on libvirtd is also not worth compiling, and any libraries
used only by RPC code are not needed.  So I patched
configure.ac to make for some saner defaults when an
explicit disable is attempted.  Similarly, since we have
migrated virnetdevbridge into generic code, the workaround
for Linux kernel stupidity must not depend on stateful
drivers being in use.

Then there's 'make check' that needs segregation.

Wow - quite a bit of cleanup to make --without-remote useful :)

* configure.ac: Let --without-remote toggle defaults on stateful
drivers and other libraries.  Pick up Linux kernel workarounds
even when qemu and lxc are not being compiled.
* tests/Makefile.am (test_programs): Factor out programs that
require remote.
* src/libvirt_private.syms (rpc/virnet*.h): Move...
* src/libvirt_remote.syms: ...into new file.
* src/Makefile.am (SYM_FILES): Ship new syms file.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-04 17:01:47 -06:00
Eric Blake
51f98bbab8 build: tweak vpath builds of net_rpc
Another case missed by commits 716c7bb and 6973e02.

* src/Makefile.am (VIR_NET_RPC_GENERATED): Drop $(srcdir).
(libvirt_net_rpc_la_SOURCES): List generated files more compactly.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-27 17:01:05 -06:00
Michal Privoznik
ecbb3d51b5 Makefile.am: Always include rule to make org.libvirt.api.policy
When running 'make dist' on a system without policykit, we currently
fail. This is because $(srcdir)/access/org.libvirt.api.policy is in
EXTRA_DIST, however, the rule to generate the file is conditional
whether we build with polkit or not.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-09-27 18:32:43 +02:00
Viktor Mihajlovski
6973e02b3d build: Fix VPATH build error for locking daemon
Removed superfluous/wrong srcdir prefix.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-09-27 07:26:09 -06:00
Guido Günther
40942b788e Distribute check-aclperms.pl
so "make check" can work for the distributed tarballs too.
2013-09-26 14:26:53 +02:00
Doug Goldstein
7457cbe871 VMware: Make version parsing testable and add tests
This splits up the version parsing code into a callable API like QEMU
help/version string parsing so that we can test it as we need to add
additional patterns for newer versions/products.
2013-09-20 08:23:31 -05:00
Eric Blake
716c7bb1dd build: fix VPATH build of remote driver
Commit 073e1575 tried to set things up so that 1) generated files
to be shipped in the tarball always live in srcdir, and 2) we have
no files in SOURCES that depend on any other files with a literal
$(srcdir) in the name, because that situation can cause confusing
results for the make expansion of $@ depending on whether the file
is found locally or via VPATH.  But all my testing for that patch
was done incrementally, where all the protocol.[ch] files had
already been generated prior to the patch and were up-to-date in
the srcdir, and thus I missed one case where $@ causes grief in a
VPATH build from a fresh checkout:

We have a pattern rule for generating remote_protocol.[ch], and
what's more, the rule for protocol.c depends on protocol.h AND
on the protocol.x file.  The pattern for protocol.c is only
satisfied via the VPATH lookup for protocol.x, and if protocol.h
doesn't yet exist, the VPATH rule kicks in and we end up with a
dependency on a file with $(srcdir) in the name.  Based on make's
rules for $@, this resulted in make building remote_protocol.h
into srcdir (where we want it), then remote_protocol.c into
builddir (oops, not so good for the tarball), and also causes
the build to fail (the compiler can't find the .h if it lives
in a different directory than the .c):

  CC       remote/libvirt_driver_remote_la-remote_protocol.lo
remote/remote_protocol.c:7:29: fatal error: remote_protocol.h: No such file or directory
 #include "remote_protocol.h"
                             ^
compilation terminated.

As before, the fix is to hard-code the output file to go into
srcdir in spite of $@; but since this is in a pattern rule, we
are forced to use $@ in the recipe, so the patch is a bit
trickier than what was done in commit 073e1575.

* src/Makefile.am (%protocol.c, %protocol.h): Force output to srcdir.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-17 05:50:17 -06:00
Guido Günther
42c6a0cdf9 Explicitly link libvirt_net_rpc against SELINUX_LIBS
Since virnetsocket conditionally uses selinux we need to link against it
otherwise the build fails with:

CCLD     libvirtd
/usr/bin/ld: ../src/.libs/libvirt-lxc.so: undefined reference to symbol 'freecon'
/lib/i386-linux-gnu/libselinux.so.1: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[3]: *** [libvirtd] Error 1
2013-09-14 10:31:23 +02:00
Daniel P. Berrange
935e7d02cf Fix naming of permission for detecting storage pools
The VIR_ACCESS_PERM_CONNECT_DETECT_STORAGE_POOLS enum
constant had its string format be 'detect_storage_pool',
note the missing trailing 's'. This prevent the ACL
check from ever succeeding. Fix this and add a simple
test script to validate this problem of matching names.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-12 17:20:07 +01:00
Eric Blake
7f626e478d build: use automake subdir-objects
Automake 2.0 will enable subdir-objects by default; in preparation
for that change, automake 1.14 outputs LOADS of warnings:

daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
automake-1.14: warning: possible forward-incompatibility.
automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
automake-1.14: automake option hasn't been enabled.  For now, the corresponding output
automake-1.14: object file(s) will be placed in the top-level directory.  However,
automake-1.14: this behaviour will change in future Automake versions: they will
automake-1.14: unconditionally cause object files to be placed in the same subdirectory
automake-1.14: of the corresponding sources.
automake-1.14: You are advised to start using 'subdir-objects' option throughout your
automake-1.14: project, to avoid future incompatibilities.
daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
...

As automake 1.9 also supported this option, and the previous patches
fixed up the code base to work with it, it is safe to now turn it on
unconditionally.

* configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
* .gitignore: Ignore .dirstamp directories.
* src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
new subdir-object location of .lo files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-09 12:04:03 -06:00
Eric Blake
e561951d84 tests: check remaining .x files
We have been adding new .x files without keeping the list of
*-structs files up-to-date.  This adds the support for the
recent additions.

In the process of testing this, I also noticed that Fedora 19's
use of dwarves-1.10 (providing pdwtags version 1.9) was producing
a single line on stderr but still giving enough useful info on
stdout that we could check structs; the real goal of checking
stderr separately from stdout was to avoid the bug in dwarves-1.9
where stdout was empty (see bug http://bugzilla.redhat.com/772358).

* src/Makefile.am (struct_prefix, PROTOCOL_STRUCTS): Add missing
struct tests.
(PDWTAGS): Work with Fedora 19 pdwtags.
(lxc_monitor_protocol-struct, lock_protocol-struct): New rules.
* src/lxc_monitor_protocol-structs: New file.
* src/lock_protocol-structs): Likewise.
* cfg.mk (generated_files): Enlarge list.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-09 12:04:03 -06:00
Eric Blake
073e157533 build: avoid $(srcdir) in *_SOURCES
Trying to enable automake's subdir-objects option resulted in
the creation of literal directories such as src/$(srcdir)/remote/.
I traced this to the fact that we had used a literal $(srcdir)
in a location that later fed an automake *_SOURCES variable.
This has also been reported as an automake bug:
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13928
but it's better to fix our code than to wait for an automake fix.

Some things to remember that affect VPATH builds, and where an
in-tree build is blissfully unaware of the issues: if a VPATH
build fails to find a file that was used as a prereq of any
other target, then the rule for that file will expand $@ to
prefer the current build dir (bad because a VPATH build on a
fresh checkout will then stick $@ in the current directory
instead of the desired srcdir); conversely, if a VPATH build
finds the file in srcdir but decides it needs to be rebuilt,
then the rule for that file will expand $@ to include the
directory where it was found out-of-date (bad for an explicit
listing of $(srcdir)/$@ because an incremental VPATH build will
then expand srcdir twice).  As we want these files to go into
srcdir unconditionally, we have to massage or avoid $@ for any
recipe that involves one of these files.

Therefore, this patch removes all uses of $(srcdir) from any
generated file name that later feeds a *_SOURCES variable, and
then rewrites all the recipes to generate those files to
hard-code their creation into srcdir without the use of $@.

* src/Makefile.am (REMOTE_DRIVER_GENERATED): Drop $(srcdir); VPATH
builds know how to find the files, and automake subdir-objects
fails with it in place.
(LXC_MONITOR_PROTOCOL_GENERATED, (LXC_MONITOR_GENERATED)
(ACCESS_DRIVER_GENERATED, LOCK_PROTOCOL_GENERATED): Likewise.
(*_client_bodies.h): Hard-code rules to write into srcdir, as
VPATH tries to build $@ locally if missing.
(util/virkeymaps.h): Likewise.
(lxc/lxc_monitor_dispatch.h): Likewise.
(access/viraccessapi*): Likewise.
(locking/lock_daemon_dispatch_stubs.h): Likewise.
* daemon/Makeflie.am (DAEMON_GENERATED, remote_dispatch.h):
Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>

fixup DAEMON_GENERATED
2013-09-09 12:04:03 -06:00
Eric Blake
bf3d9811e2 build: avoid stranded polkit file in client-only build
daemon/Makefile.am installs a .policy file if WITH_LIBVIRTD and
WITH_POLKIT are both set.  src/Makefile.am, on the other hand,
installs a .policy file if WITH_POLKIT1 is set, but without checking
WITH_LIBVIRTD.  When running 'make rpm' with client_only manually
set, on a Fedora 19 box, that leads to a failure:

RPM build errors:
    Installed (but unpackaged) file(s) found:
   /usr/share/polkit-1/actions/org.libvirt.api.policy

Fix it by adding another conditional.

* src/Makefile.am (polkitaction_DATA): Make conditional.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-04 14:39:35 -06:00
Eric Blake
ec81852f46 build: enforce makefile conditional style
Automake has builtin support to prevent botched conditional nesting,
but only if you use:
if FOO
else !FOO
endif !FOO

An example error message when using the wrong name:

daemon/Makefile.am:378: error: else reminder (LIBVIRT_INIT_SCRIPT_SYSTEMD_TRUE) incompatible with current conditional: LIBVIRT_INIT_SCRIPT_SYSTEMD_FALSE
daemon/Makefile.am:381: error: endif reminder (LIBVIRT_INIT_SCRIPT_SYSTEMD_TRUE) incompatible with current conditional: LIBVIRT_INIT_SCRIPT_SYSTEMD_FALSE

As our makefiles tend to have quite a bit of nested conditionals,
it's better to take advantage of the benefits of the build system
double-checking that our conditionals are well-nested, but that
requires a syntax check to enforce our usage style.

Alas, unlike C preprocessor and spec files, we can't use indentation
to make it easier to see how deeply nesting goes.

* cfg.mk (sc_makefile_conditionals): New rule.
* daemon/Makefile.am: Enforce the style.
* gnulib/tests/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-04 09:40:20 -06:00
Jim Fehlig
12315cd779 libxl: Introduce libxl_domain.[ch]
Create libxl_domain.[ch] and move all functions operating on
libxlDomainObjPrivate to these files.  This will be useful for
future patches that e.g. add job support for libxlDomainObjPrivate.
2013-09-03 16:43:20 -06:00
Guido Günther
f1f0e53b08 Pass AM_LDFLAGS to driver modules too
This gives us a RO got, otherwise Debian's lintian complains:

W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_qemu.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_uml.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_vbox.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_nwfilter.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_uml.so
W: libvirt-sanlock: hardening-no-relro usr/lib/libvirt/lock-driver/sanlock.so
2013-09-02 19:09:17 +02:00
Guido Günther
fe502de3bc Fix AM_LDFLAGS typo 2013-09-02 19:09:15 +02:00
Eric Blake
902d62f0d4 build: fix virtlockd file distribution
Since virtlockd is only built when libvirtd is built, we should
not install its auxiliary files unconditionally.  This solves
two failures.  1. 'make distcheck' complains:

rm -f Makefile
ERROR: files left in build directory after distclean:
./src/virtlockd.8

2. './autobuild.sh' complains:

Checking for unpackaged file(s): /usr/lib/rpm/check-files
/home/eblake/rpmbuild/BUILDROOT/mingw-libvirt-1.1.1-1.fc19.eblake1377879911.x86_64
error: Installed (but unpackaged) file(s) found:
   /usr/i686-w64-mingw32/sys-root/mingw/etc/libvirt/virtlockd.conf

/usr/i686-w64-mingw32/sys-root/mingw/share/augeas/lenses/tests/test_virtlockd.aug
   /usr/i686-w64-mingw32/sys-root/mingw/share/augeas/lenses/virtlockd.aug
   /usr/i686-w64-mingw32/sys-root/mingw/share/man/man8/virtlockd.8
   /usr/x86_64-w64-mingw32/sys-root/mingw/etc/libvirt/virtlockd.conf

/usr/x86_64-w64-mingw32/sys-root/mingw/share/augeas/lenses/tests/test_virtlockd.aug
   /usr/x86_64-w64-mingw32/sys-root/mingw/share/augeas/lenses/virtlockd.aug
   /usr/x86_64-w64-mingw32/sys-root/mingw/share/man/man8/virtlockd.8

* src/Makefile.am (CLEANFILES): Add virtlockd.8.
(man8_MANS, conf_DATA, augeas_DATA, augeastest_DATA): Only install
virtlockd files when daemon is built.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-30 20:45:22 -06:00
Jiri Denemark
419489e618 qemu: Let tests override waiting time for device unplug
We don't want tests to wait 5 seconds for an event which we know will
never come.
2013-08-26 16:09:55 +02:00
Jiri Denemark
b2f76cd20e qemu: Export qemuProcessHandleDeviceDeleted for tests 2013-08-26 16:09:55 +02:00
Guido Günther
3e2799add2 Check for --no-copy-dt-needed linker flag
and use it when available
2013-08-22 16:17:36 +02:00
Guido Günther
d9527b6d56 Simplify RELRO_LDFLAGS
by adding it to AM_LDFLAGS instead of every linking rule and
by avoiding a forked grep.
2013-08-22 16:17:35 +02:00
Guido Günther
6ba0b7d2b4 Directly link against needed libraries
otherwise having a strict --no-copy-dt-needed-entries fails in several
places like:

    CCLD     virdbustest
    /usr/bin/ld: virdbustest-virdbustest.o: undefined reference to symbol 'dbus_message_unref'
    /lib/x86_64-linux-gnu/libdbus-1.so.3: error adding symbols: DSO missing from command line
    collect2: error: ld returned 1 exit status
2013-08-12 22:53:44 +02:00
Daniel P. Berrange
da13f2c70c Add documentation for access control system
This adds two new pages to the website, acl.html describing
the general access control framework and permissions models,
and aclpolkit.html describing the use of polkit as an
access control driver.

page.xsl is modified to support a new syntax

  <div id="include" filename="somefile.htmlinc"/>

which will cause the XSL transform to replace that <div>
with the contents of 'somefile.htmlinc'. We use this in
the acl.html.in file, to pull the table of permissions
for each libvirt object. This table is autogenerated
from the enums in src/access/viraccessperms.h by the
genaclperms.pl script.

newapi.xsl is modified so that the list of permissions
checks shown against each API will link to the description
of the permissions in acl.html

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 17:13:02 +01:00
Daniel P. Berrange
38550ae809 Add an example config file for virtlockd
The virtlockd daemon supports an /etc/libvirt/virtlockd.conf
config file, but we never installed a default config, nor
created any augeas scripts. This change addresses that omission.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 15:03:04 +01:00
Daniel P. Berrange
6ff0cffd55 Add a man page for virtlockd daemon
Create a virtlockd.pod.in file containing the man page
content for virtlockd.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 11:56:34 +01:00
Daniel P. Berrange
664ab2801d Add info about access control checks into API reference
So that app developers / admins know what access control checks
are performed for each API, this patch extends the API docs
generator to include details of the ACLs for each.

The gendispatch.pl script is extended so that it generates
a simple XML describing ACL rules, eg.

  <aclinfo>
    ...
    <api name='virConnectNumOfDomains'>
      <check object='connect' perm='search_domains'/>
      <filter object='domain' perm='getattr'/>
    </api>
    <api name='virDomainAttachDeviceFlags'>
      <check object='domain' perm='write'/>
      <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/>
      <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/>
    </api>
    ...
  </aclinfo>

The newapi.xsl template loads the XML files containing the ACL
rules and generates a short block of HTML for each API describing
the parameter checks and return value filters (if any).

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 11:59:46 +01:00
Roman Bogorodskiy
4ac708f250 bridge driver: extract platform specifics
* Move platform specific things (e.g. firewalling and route
  collision checks) into bridge_driver_platform
* Create two platform specific implementations:
    - bridge_driver_linux: Linux implementation using iptables,
      it's actually the code moved from bridge_driver.c
    - bridge_driver_nop: dumb implementation that does nothing

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-01 15:47:02 -06:00
Eric Blake
7df291a647 build: fix VPATH 'make check'
A VPATH build 'make check' was failing with:

  GEN      check-driverimpls
Can't open ../../src/../../src/lxc/lxc_monitor_protocol.h: No such file or directory at ../../src/check-driverimpls.pl line 29, <> line 27153.
Can't open ../../src/../../src/lxc/lxc_monitor_protocol.c: No such file or directory at ../../src/check-driverimpls.pl line 29, <> line 27153.
...
  GEN      check-aclrules
cannot read ../../src/../../src/remote/remote_protocol.x at ../../src/check-aclrules.pl line 128.

because $(srcdir) was being prepended to file names that already
included it.

* src/Makefile.am (check-driverimpls): Don't add srcdir twice.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-29 07:13:55 -06:00
Laine Stump
e4acc1e969 build: fix make rpm failure
util/virdbuspriv.h needed to be added to UTIL_SOURCES in the makefile.
2013-07-23 09:40:06 -04:00
Daniel P. Berrange
dff93f8cab Add API for calling systemd-machined's DBus API
To register virtual machines and containers with systemd-machined,
and thus have cgroups auto-created, we need to talk over DBus.
This is somewhat tedious code, so introduce a dedicated function
to isolate the DBus call in one place.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-22 13:09:58 +01:00
Eric Blake
d21d40bf0c maint: split long lines in Makefiles
Makefiles are another easy file to enforce line limits.

Mostly straightforward; interesting tricks worth noting:
src/Makefile.am: $(confdir) was already defined, use it in more places
tests/Makefile.am: path_add and VG required some interesting compression

* cfg.mk (sc_prohibit_long_lines): Add another test.
* Makefile.am: Fix offenders.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-19 05:25:35 -06:00
Michal Privoznik
272769becc qemu: Move close callbacks handling into util/virclosecallbacks.c 2013-07-18 14:16:53 +02:00
Daniel P. Berrange
57f2e3274d Extend the ACL test case to validate filter rule checks
The 'check-aclrules' test case validates that there are ACL
checks in each method. This extends it so that it can also
validate that methods which return info about lists of objects,
will filter their returned info throw an ACL check.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-03 15:54:54 +01:00
Eric Blake
336bf8e28b build: don't ship access syms files in tarball
On a mingw VPATH build (such as done by ./autobuild.sh), the tarball
created by 'make dist' was including generated files.  The VPATH
rules were then seeing that the tarball files were up-to-date, and
not regenerating files locally, leading to this failure:

  GEN      libvirt.syms
cat: libvirt_access.syms: No such file or directory
cat: libvirt_access_qemu.syms: No such file or directory
cat: libvirt_access_lxc.syms: No such file or directory
make: *** [libvirt.syms] Error 1

We already have a category for generated sym files, which are
intentionally not part of the tarball; stick the access sym
files in that category.  The rearrange the declarations a bit
to make it harder to repeat the problem, dropping things that
are now redundant (for example, BUILT_FILES already includes
GENERATED_SYM_FILES, so it does not also need to call out
ACCESS_DRIVER_SYM_FILES).

* src/Makefile.am (USED_SYM_FILES): Don't include generated files.
(GENERATED_SYM_FILES): Access syms files are generated.
(libvirt.syms): Include access syms files here.
(ACCESS_DRIVER_SYMFILES): Rename...
(ACCESS_DRIVER_SYM_FILES): ...for consistency.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-02 11:49:32 -06:00
Eric Blake
d79c9273b0 build: configure must not affect tarball contents
On mingw, configure sets the name of the lxc symfile to
libvirt_lxc.defs rather than libvirt_lxc.syms.  But tarballs
must be arch-independent, regardless of the configure options
used for the tree where we ran 'make dist'.  This led to the
following failure in autobuild.sh:

  CCLD     libvirt-lxc.la
  CCLD     libvirt-qemu.la
/usr/lib64/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld: cannot find libvirt_lxc.def: No such file or directory
collect2: error: ld returned 1 exit status
make[3]: *** [libvirt-lxc.la] Error 1
make[3]: *** Waiting for unfinished jobs....

We were already doing the right thing with libvirt_qemu.syms.

* src/Makefile.am (EXTRA_DIST): Don't ship a built file which
depends on configure for its final name.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-01 16:57:57 -06:00
Viktor Mihajlovski
3913a5f12a build: Fix VPATH build for access/*
VPATH build failed for the generated access driver files.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-06-28 12:45:21 +02:00
Jiri Denemark
2ebd847924 build: Fix check-aclrules in VPATH build 2013-06-25 00:38:23 +02:00
Daniel P. Berrange
684ce8300e Add validation that all APIs contain ACL checks
Add a script which parses the driver API code and validates
that every API registered in a virNNNDriverPtr table contains
an ACL check matching the API name.

NB this currently whitelists a few xen driver functions
which are temporarily lacking in access control checks.
The xen driver is considered insecure until these are
fixed.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:47:31 +01:00
Daniel P. Berrange
15af5e5f70 Add ACL checks into the secrets driver
Insert calls to the ACL checking APIs in all secrets driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:44 +01:00
Daniel P. Berrange
1eca3f5bdf Add ACL checks into the nwfilter driver
Insert calls to the ACL checking APIs in all nwfilter driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:44 +01:00
Daniel P. Berrange
20d8e1f1d7 Add ACL checks into the node device driver
Insert calls to the ACL checking APIs in all node device
driver entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:44 +01:00
Daniel P. Berrange
a7147bc68e Add ACL checks into the interface driver
Insert calls to the ACL checking APIs in all interface
driver entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:44 +01:00
Daniel P. Berrange
453da48b12 Add ACL checks into the network driver
Insert calls to the ACL checking APIs in all network driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:44 +01:00
Daniel P. Berrange
c930410beb Add ACL checks into the storage driver
Insert calls to the ACL checking APIs in all storage driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:44 +01:00
Daniel P. Berrange
f5e007c353 Add ACL checks into the libxl driver
Insert calls to the ACL checking APIs in all libxl driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:44 +01:00
Daniel P. Berrange
cffe870c24 Add ACL checks into the Xen driver
Insert calls to the ACL checking APIs in all Xen driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:43 +01:00
Daniel P. Berrange
d78277f934 Add ACL checks into the UML driver
Insert calls to the ACL checking APIs in all UML driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:43 +01:00
Daniel P. Berrange
279866d550 Add ACL checks into the LXC driver
Insert calls to the ACL checking APIs in all LXC driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:43 +01:00
Daniel P. Berrange
abf75aea24 Add ACL checks into the QEMU driver
Insert calls to the ACL checking APIs in all QEMU driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:43 +01:00
Daniel P. Berrange
686026225e Auto-generate helpers for checking access control rules
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.

- 'aclheader' - defines signatures of helper APIs for
  doing authorization checks. There is one helper API
  for each API requiring an auth check. Any @acl
  annotations result in a method being generated with
  a suffix of 'EnsureACL'. If the ACL check requires
  examination of flags, an extra 'flags' param will be
  present. Some examples

  extern int virConnectBaselineCPUEnsureACL(void);
  extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
  extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);

  Any @aclfilter annotations resuilt in a method being
  generated with a suffix of 'CheckACL'.

  extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);

  These are used for filtering individual objects from APIs
  which return a list of objects

- 'aclbody' - defines the actual implementation of the
  methods described above. This calls into the access
  manager APIs. A complex example:

    /* Returns: -1 on error (denied==error), 0 on allowed */
    int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
                                            virDomainDefPtr domain,
                                            unsigned int flags)
    {
        virAccessManagerPtr mgr;
        int rv;

        if (!(mgr = virAccessManagerGetDefault()))
            return -1;

        if ((rv = virAccessManagerCheckDomain(mgr,
                                              conn->driver->name,
                                              domain,
                                              VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
            virObjectUnref(mgr);
            if (rv == 0)
                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
            return -1;
        }
        if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
            (rv = virAccessManagerCheckDomain(mgr,
                                              conn->driver->name,
                                              domain,
                                              VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
            virObjectUnref(mgr);
            if (rv == 0)
                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
            return -1;
        }
        if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
            (rv = virAccessManagerCheckDomain(mgr,
                                              conn->driver->name,
                                              domain,
                                              VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
            virObjectUnref(mgr);
            if (rv == 0)
                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
            return -1;
        }
        virObjectUnref(mgr);
        return 0;
    }

- 'aclsyms' - generates a linker script to export the
   APIs to drivers. Some examples

  virConnectBaselineCPUEnsureACL;
  virConnectCompareCPUEnsureACL;

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:25:19 +01:00
Daniel P. Berrange
b904bba7f4 Add a policy kit access control driver
Add an access control driver that uses the pkcheck command
to check authorization requests. This is fairly inefficient,
particularly for cases where an API returns a list of objects
and needs to check permission for each object.

It would be desirable to use the polkit API but this links
to glib with abort-on-OOM behaviour, so can't be used. The
other alternative is to speak to dbus directly

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:24:36 +01:00