Commit Graph

33750 Commits

Author SHA1 Message Date
Pavel Hrdina
3f741f9ace util: vircgroup: introduce virCgroup(Get|Set)ValueRaw
If we need to get a path of specific file and we need to check its
existence before we use it then we can reuse that path to get/set
values instead of calling the existing get/set value functions which
would be building the path again.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-21 14:35:51 +02:00
Peter Krempa
2f0de10e29 docs: Space out entries in news.html
The header for the news entry blends together with the text and other
entries. This patch tries to space them out somewhat for better visual
separation.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-06-21 14:23:09 +02:00
Daniel P. Berrangé
953f046d81 remote: use VIR_DRV_OPEN_REMOTE_USER in ssh transport checks
We currently refuse to connect to remote libvirtd over SSH if we see the
path ends in /session. Earlier on though we checked for /session and set
the VIR_DRV_OPEN_REMOTE_USER flag. There is one subtle distinction
though with the test driver. All test URIs are marked with this flag,
regardless of whether the URI indicates a local or remote connection.
Previously a local connection to the test driver would have used the
unprivileged libvirtd while a remote connection would have tried the
privileged libvirtd. With this we are consistent and use the
unprivileged for both local & remote, if the current user is non-root.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-21 13:00:20 +01:00
Daniel P. Berrangé
00d172545f remote: refactor how unprivileged user session connection is identified
Currently the VIR_DRV_OPEN_REMOTE_USER flag is only set when we identify
that we're connecting to a local libvirtd daemon. We would like to be
able to set that even if connecting to a remote libvirtd daemon. This
entails refactoring the conditional check.

One subtle change is that the VIR_DRV_OPEN_REMOTE_USER is now set when
the test+XXX://  URI is used, even if a servername is present. This has
no effect in this patch, but will later.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-21 12:59:49 +01:00
Daniel P. Berrangé
5a148ce846 remote: delete the avahi mDNS support
Libvirtd has long had integration with avahi for advertising libvirtd
using mDNS when TCP/TLS listening is enabled. For a long time the
virt-manager application had support for auto-detecting libvirtds
on the local network using mDNS, but this was removed last year

  commit fc8f8d5d7e3ba80a0771df19cf20e84a05ed2422
  Author: Cole Robinson <crobinso@redhat.com>
  Date:   Sat Oct 6 20:55:31 2018 -0400

    connect: Drop avahi support

    Libvirtd can advertise itself over avahi. The feature is disabled by
    default though and in practice I hear of no one actually using it
    and frankly I don't think it's all that useful

    The 'Open Connection' wizard has a disproportionate amount of code
    devoted to this feature, but I don't think it's useful or worth
    maintaining, so let's drop it

I've never heard of any other applications having support for using
mDNS to detect libvirtd instances. Though it is theoretically possible
something exists out there, it is clearly going to be a niche use case
in the virt ecosystem as a whole.

By removing avahi integration we can cut down the dependency chain for
the basic libvirtd install and reduce our code maint burden.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-21 12:59:42 +01:00
Daniel P. Berrangé
e10310d641 remote: drop code for migrating config files from pre-XDG dir layout
The unprivileged libvirtd daemon switched to use the XDG dir layout in
the 0.9.13 release, and included code for moving config files from the
old location. The chances of someone upgrading libvirt from <= 0.9.12
directly to libvirt >= 5.5.0 is close enough to zero that we can
reasonably drop the back compat code.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-21 12:59:06 +01:00
Pavel Hrdina
e0ce339c31 rpc: virnetlibsshsession: update deprecated functions
In libssh 0.9.0 functions ssh_is_server_known and ssh_write_knownhost
are marked as deprecated.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1722735

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-06-21 09:49:24 +02:00
Peter Krempa
1a63ef2a25 Revert "news: Document removal of qemu commandline parsing"
Jano probably based his branch on top of mine and didn't notice
when I moved the section up slightly and thus git applied it again.

Keep only the instance followin the new features section.

This reverts commit 9c68bb4a5c.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2019-06-21 08:47:58 +02:00
Jonathon Jongsma
828ce3f1f5 Fix 'validate' typo in comments
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
2019-06-21 08:14:46 +02:00
Ilias Stamatis
fcf1b2c70f test_driver: properly handle DHCP ranges and IPv6 networks in testDomainInterfaceAddresses
testDomainInterfaceAddresses always returns the same hard-coded
addresses. Change the behavior such as if there is a DHCP range defined,
addresses are returned from that pool.

The specific address returned depends on both the domain id and the
specific guest interface in an attempt to return unique addresses *most
of the time*.

Additionally, properly handle IPv6 networks which were previously
ignored completely.

Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 17:54:02 +02:00
Peter Krempa
d9536f5cff qemu: process: Report better error when virtlogd connection fails
When connecting to virtlogd fails e.g. due to wrong libvirtd selinux
process label we'd report an utterly useless error message:

$ virsh start upstream
error: Failed to start domain upstream
error: Cannot recv data: Connection reset by peer

Use virLastErrorPrefixMessage in the correct place to give a better
sense of what's going on:

$ virsh start upstream
error: Failed to start domain upstream
error: can't connect to virtlogd: Cannot recv data: Connection reset by peer

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 17:10:24 +02:00
Peter Krempa
5fa5cc37fe util: error: Add API for prefixing last set error with a string
In some cases we report a low level error message which does not have
enough information to see what the problem is. To allow improving on
this add an API which will prefix the error message with another error
message string which can be used to describe where the error comes from.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 17:10:24 +02:00
Peter Krempa
3203681e5e tests: domainsnapshotxml2xml: make 'disk-seclabel' test operational
Now that we added the seclabels to the schema we can test that they are
parsed and formatted correctly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2019-06-20 17:08:53 +02:00
Peter Krempa
ac88a8cfad docs: schemas: Add 'seclabel' for external disk snapshot
Allow using seclabels the same way as disk images allow it. Currently
the snapshot code copies the seclabels from the original image if no
seclabel is provided. Also there's no code change required as the
snapshot XML parser actually uses parts of the disk parser thus
seclabels are already parsed and formatted and even applied thus this is
just a formalization of our support for this.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2019-06-20 17:08:53 +02:00
Peter Krempa
c79ef73c37 docs: snapshot: Encourage people ot use disk 'target' to refer to disks
Change the example and add a recommendation to use disk target rather
than path.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2019-06-20 17:08:53 +02:00
Martin Kletzander
05ac854cc8 docs: Fix Blog Planet links
They were pointing to the blogs instead, now they point the articles.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2019-06-20 17:01:44 +02:00
Peter Krempa
68e1a05fa4 virsh: snapshot: Don't block --no-metadata with --print-xml
When testing stuff you might want to print the XML. Interlocking it with
no metadata adds exactly 0 value to the user.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 16:09:59 +02:00
Peter Krempa
d79ec3f33b qemu: driver: Fix off-by-one in qemuDomainSnapshotDiskDataCollect
Commit f34397e51c introduced a crash-inducing problem when collecting
disk snapshot data, where the array would be filled starting from the
second element.

The code then dereferenced the first one.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 16:09:58 +02:00
Peter Krempa
2348c00f10 qemu: Remove qemuMonitorTextSetCPU
It's not used any more.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 15:59:19 +02:00
Peter Krempa
d828b744ac qemu: monitor: Remove text monitor support for cpu hot(un)plug
The "cpu-add" command is supported in all supported qemu versions and
cpu unplug did not work at all until the new cpu unplug approach (using
device_add/del) was implemented.

Remove the support for falling back to the text monitor.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 15:59:19 +02:00
Ilias Stamatis
ba1948611e virNetworkGetDHCPLeases: fix docstring format
The docstring of virNetworkGetDHCPLeases is not correctly formatted and
as a result the example code snippet appears as normal text under the
"Returns:" section. This patch fixes the problem.

Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com>
2019-06-20 15:49:19 +02:00
Ilias Stamatis
37cca33403 test_driver: check that the domain is running in testDomainGetTime
Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 15:38:58 +02:00
Martin Kletzander
a4d0f65faf docs: Remove unused JavaScript libraries
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-06-20 15:33:29 +02:00
Martin Kletzander
a153056090 docs: Use our own implementation for fetching the RSS data
It will not be executed when the page is loaded locally.  It needs
planet.virt-tools.org to supply the right headers (which it does now).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-06-20 15:33:28 +02:00
Martin Kletzander
d922e82b5b docs: Some JavaScript clean-up
Don't use the global namespace, unify quotes and semicolons at the end of lines
and "use strict".

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-06-20 14:58:43 +02:00
Jiri Denemark
2674d00ed4 qemu: Drop MSR features from host-model with old QEMU
With QEMU versions which lack "unavailable-features" we use CPUID based
detection of features which were enabled or disabled once QEMU starts.
Thus using MSR features with host-model would result in all of them
being marked as disabled in the active domain definition even though
QEMU did not actually disable them.

Let's make sure we add MSR features to host-model only when
"unavailable-features" property is supported by QEMU.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 14:02:36 +02:00
Jiri Denemark
8eb4a89f5f qemu: Forbid MSR features with old QEMU
Without "unavailable-features" CPU property we cannot properly detect
whether a specific MSR feature we asked for (either explicitly or
implicitly via a CPU model) was disabled by QEMU for some reason.
Because this could break migration, snapshots, and save/restore
operaions, it's better to just forbid any use of MSR features with QEMU
which lacks "unavailable-features" CPU property.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 14:02:36 +02:00
Jiri Denemark
c8ec678fd9 cpu_map: Introduce IA32_ARCH_CAPABILITIES MSR features
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 14:02:36 +02:00
Jiri Denemark
56b254dccc cpu_x86: Read CPU features from IA32_ARCH_CAPABILITIES MSR
This is used by the host capabilities code to construct host CPU
definition.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 14:02:36 +02:00
Jiri Denemark
bcfed7f1c8 cpu_x86: Introduce virCPUx86FeatureFilter*MSR
This functions may be used as a virCPUDefFeatureFilter callbacks for
virCPUDefCheckFeatures, virCPUDefFilerFeatures, and similar functions to
select (virCPUx86FeatureFilterSelectMSR) or drop
(virCPUx86FeatureFilterDropMSR) features reported via MSR.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 14:02:36 +02:00
Jiri Denemark
b8e086a570 cpu_x86: Turn virCPUx86DataIteratorInit into a function
Until now, this was a macro usable for direct initialization when a
variable is defined. Turning the macro into a function makes it more
general.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 14:02:36 +02:00
Jiri Denemark
4e6f58b8d5 conf: Introduce virCPUDefCheckFeatures
This API can be used to check whether a CPU definition contains features
matching a given filter.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-06-20 14:02:36 +02:00
Ján Tomko
bf6c2830b6 api: disallow virConnect*HypervisorCPU on read-only connections
These APIs can be used to execute arbitrary emulators.
Forbid them on read-only connections.

Fixes: CVE-2019-10168
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-20 13:50:56 +02:00
Ján Tomko
8afa68bac0 api: disallow virConnectGetDomainCapabilities on read-only connections
This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-20 13:50:56 +02:00
Ján Tomko
db0b78457f api: disallow virDomainManagedSaveDefineXML on read-only connections
The virDomainManagedSaveDefineXML can be used to alter the domain's
config used for managedsave or even execute arbitrary emulator binaries.
Forbid it on read-only connections.

Fixes: CVE-2019-10166
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-20 13:50:56 +02:00
Ján Tomko
aed6a032ce api: disallow virDomainSaveImageGetXMLDesc on read-only connections
The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-20 13:50:56 +02:00
Ján Tomko
63427110b6 qemu: monitor: s/ret/rc/ in UpdateVideoSize functions
Use 'rc' to temporarily store the subfunction return values,
instead of ret.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Ján Tomko
8eacdff4c8 qemu: monitor: use VIR_AUTOFREE in qemuMonitor*VideoSize
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Ján Tomko
86d648f2c9 qemu: monitor: remove the json field
Now that it is no longer used, remove it.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Ján Tomko
4d5da03ce4 qemu: monitor: remove mon->json checks
Remove all the mon->json checks in qemuMonitor functions.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Ján Tomko
6799b52795 qemu: monitor: assume JSON in QEMU_CHECK_MONITOR macro
In preparation to removing the json field from qemuMonitor,
stop checking for it in QEMU_CHECK_MONITOR.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Ján Tomko
7bf679aec6 qemu: remove json argument from qemuMonitorOpen
Always assume JSON monitor was requested, since all the callers
pass true anyway.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Ján Tomko
466764346d qemu: domain: remove monJSON field
If we have a monitor, it is a JSON monitor.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Ján Tomko
011f4eb124 qemu: assume monJSON is always true
Now that we no longer support the HMP monitor, remove some dead code.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Peter Krempa
9c68bb4a5c news: Document removal of qemu commandline parsing
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-06-20 13:47:41 +02:00
Andrea Bolognani
913500936b docs: Update documentation for spapr-vio addresses
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 12:50:07 +02:00
Andrea Bolognani
54964f563d qemu: Format spapr-vio addresses as 32-bit
No reason not to be consistent with the user-visible value.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 12:50:05 +02:00
Andrea Bolognani
fb91763d41 conf: Format spapr-vio addresses as 32-bit
Using 8 hex digits all the time, regardless of whether the
actual value can fit in fewer, makes it more obvious to the
user what the limits are.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 12:50:03 +02:00
Andrea Bolognani
656d88f906 tests: Add pseries-spaprvio-invalid
This test case shows that we now reject invalid spapr-vio
addresses.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 12:50:01 +02:00
Andrea Bolognani
89afb9f594 qemu: Validate spapr-vio addresses
According to sPAPR, addresses are 32-bit rather than 64-bit.
Update qemuDomainDeviceDefValidateAddress() accordingly.

https://bugzilla.redhat.com/show_bug.cgi?id=1598657

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-20 12:49:59 +02:00