Commit Graph

16694 Commits

Author SHA1 Message Date
Daniel P. Berrange
f5059a929e Change QEMU capabilities cache to check ctime instead of mtime
Debian's package manager will preserve mtime timestamp on binaries
from the time they are built, rather than installed. So if a
user downgrades their QEMU dpkg, the libvirt capabilities
cache will not refresh. The fix is to use ctime instead of mtime
since it cannot be faked.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 10:52:29 +00:00
Daniel P. Berrange
10ec072545 Add helper APIs to track if libvirtd or loadable modules have changed
The future QEMU capabilities cache needs to be able to invalidate
itself if the libvirtd binary or any loadable modules are changed
on disk. Record the 'ctime' value for these binaries and provide
helper APIs to query it. This approach assumes that if libvirt.so
is changed, then libvirtd will also change, which should usually
be the case with libtool's wrapper scripts that cause libvirtd to
get re-linked

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-11 10:51:49 +00:00
Michal Privoznik
f5796b61cc virSecurityDACSetSecurityImageLabel: Unmark @def as unused
The @def is clearly used just a few lines below. There's no need to use
ATTRIBUTE_UNUSED for it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-11 11:18:06 +01:00
Jiri Denemark
7176221a9e tests: Distribute securityselinuxhelperdata
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-03-11 11:07:52 +01:00
Stefan Berger
6768b21033 BZ1072677: Avoid freeing of 0 file descriptor
Avoid the freeing of an array of zero file descriptors in case
of error. Initialize the array to -1 using memset.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2014-03-10 18:47:19 -04:00
Daniel P. Berrange
ed839f9aef Convert lock driver plugins to use new crypto APIs
Convert the sanlock and lockd lock driver plugins over to use
the new virCryptoHashString APIs instead of having their own
duplicated code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-10 16:44:14 +00:00
Daniel P. Berrange
3a7fe8d508 Add helper APIs for generating cryptographic hashes
GNULIB provides APIs for calculating md5 and sha256 hashes,
but these APIs only return you raw byte arrays. Most users
in libvirt want the hash in printable string format. Add
some helper APIs in util/vircrypto.{c,h} for doing this.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-10 16:39:18 +00:00
Ján Tomko
9b9d7704b5 Change file names in comments to match the files they are in
Some of these are leftovers from renaming the files, others
are just typos.

Also introduce an ugly awk script to enforce this.
2014-03-10 14:26:04 +01:00
Daniel P. Berrange
dd6deb391c Wildcard ignore tests/*test instead of listing every one
There is a forever growing list of test cases. It is just
not worth listing each one individually when a wildcard
can do the job.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-10 13:22:17 +00:00
Michal Privoznik
17d6a91854 src/xenxs: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:11 +01:00
Michal Privoznik
ce17ddacca src/xen: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:11 +01:00
Michal Privoznik
fb9bec1055 src/util: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:11 +01:00
Michal Privoznik
7e89de172d src/test: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
d53bbfd159 src/storage: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
ba52e4c715 src/rpc: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
5ab80fc1ae src/qemu: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
3f8b040d9a src/phyp: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
d7d06cc183 src/parallels: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
d9e4d5cb7c src/openvz: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
6c1bde6a94 src/nwfilter: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
6fca03f0a0 src/lxc/: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Michal Privoznik
2133441a07 conf: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
This fixes a possible double free. In virNetworkAssignDef() if
virBitmapNew() fails, then virNetworkObjFree(network) is called.
However, with network->def pointing to actual @def. So if caller
frees @def again, ...

Moreover, this fixes one possible memory leak too. In
virInterfaceAssignDef() if appending to the list of interfaces
fails, we ought to call virInterfaceObjFree() instead of bare
VIR_FREE().

Although, in order to do that some array size variables needs
to be turned into size_t rather than int.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-10 13:45:10 +01:00
Daniel P. Berrange
925de19ed7 Add a mutex to serialize updates to firewall
The nwfilter conf update mutex previously serialized
updates to the internal data structures for firewall
rules, and updates to the firewall itself. The latter
was recently turned into a read/write lock, and filter
instantiation allowed to proceed in parallel. It was
believed that this was ok, since each filter is created
on a separate iptables/ebtables chain.

It turns out that there is a subtle lock ordering problem
on virNWFilterObjPtr instances. __virNWFilterInstantiateFilter
will hold a lock on the virNWFilterObjPtr it is instantiating.
This in turn invokes virNWFilterInstantiate which then invokes
virNWFilterDetermineMissingVarsRec which then invokes
virNWFilterObjFindByName. This iterates over every single
virNWFilterObjPtr in the list, locking them and checking their
name. So if 2 or more threads try to instantiate a filter in
parallel, they'll all hold 1 lock at the top level in the
__virNWFilterInstantiateFilter method which will cause the
other thread to deadlock in virNWFilterObjFindByName.

The fix is to add an exclusive mutex to serialize the
execution of __virNWFilterInstantiateFilter.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-10 11:56:45 +00:00
Roman Bogorodskiy
356bf55e98 Fix locking in virsh console
vshRunConsole() uses virCondWait() which is a wrapper around
pthread_cond_wait(). On FreeBSD, pthread_cond_wait needs mutex to be
locked, otherwise it immediately fails with EPERM. On Linux, the
behaviour in this case is undefined.

So lock the mutex before calling virCondWait().
2014-03-10 14:51:32 +04:00
Martin Kletzander
fb235130fe virsh: Sort options alphabetically
Man page, help output and also parsing is sorted in order to find
options smoothly.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-10 10:50:06 +01:00
Jiri Denemark
8922c3d07a tests: Fix SELinux tests in VPATH build 2014-03-10 10:20:30 +01:00
John Ferlan
ea1eadd6a3 virscsi: Introduce virSCSIDeviceUsedByInfoFree
This resolves a Coverity RESOURCE_LEAK issue introduced by commit
id 'de6fa535' where the virSCSIDeviceSetUsedBy() didn't VIR_FREE
the 'copy' or possibly VIR_STRDUP()'d values.  It also ensures that
the VIR_APPEND_ELEMENT is successful...
2014-03-07 12:24:44 -05:00
Michael Chapman
8914b875ea tests: Test virIdentityGetSystem
Test it once with SELinux enabled and once with it disabled.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-07 15:27:00 +01:00
Michael Chapman
1af9800b55 virIdentityGetSystem: don't fail if SELinux is disabled
If SELinux is compiled into libvirt but it is disabled on the host,
libvirtd logs:

  error : virIdentityGetSystem:173 : Unable to lookup SELinux process
  context: Invalid argument

on each and every client connection.

Use is_selinux_enabled() to skip retrieval of the process's SELinux
context if SELinux is disabled.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-07 15:01:33 +01:00
Michael Chapman
5eb5fb80f7 tests: SELinux tests do not need to be skipped
With the previous commit's securityselinuxhelper enhancements, the
SELinux security manager can be tested even without SELinux enabled on
the test system.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-07 14:59:22 +01:00
Michael Chapman
4d4f977ab5 tests: Flesh out securityselinuxhelper
Add fake implementations of:

- is_selinux_enabled
- security_disable
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
- selinux_lxc_contexts_path
- selabel_open
- selabel_close
- selabel_lookup_raw

The selabel_* functions back onto the real implementations if SELinux is
enabled on the test system, otherwise we just implement a fake selabel
handle which errors out on all labelling lookups.

With these changes in place, securityselinuxtest and
securityselinuxlabeltest don't need to skip all tests if SELinux isn't
available; they can exercise much of the security manager code.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-07 14:02:10 +01:00
Jiri Denemark
201082488f spec: Let translations be properly updated
Libvirt tarball contains po/stamp-po file which prevents any po/*.gmo
file to be regenerated even if a corresponding po/*.po file is newer. By
removing the stamp-po file, all *.gmo files are properly updated if
required. This allows downstreams to provide patches that update
translations.
2014-03-06 22:18:11 +01:00
Martin Kletzander
45ad1adb4a qemu: Reject unsupported tuning in session mode
When domain is started with setting that cannot be done, i.e. those
that require cgroups, there is no error reported and it succeeds
without any message whatsoever.

When setting with API, virsh, an error is reported, but only due to
the fact that no cgroups are mounted (priv->cgroup == NULL).

Given the above it seems reasonable to reject such unsupported
settings.

This patch effectively changes the error message from:

$ virsh -c qemu:///session schedinfo dummy
Scheduler      : Unknown
error: Requested operation is not valid: cgroup CPU controller is not mounted

to:

$ virsh -c qemu:///session schedinfo dummy
Scheduler      : Unknown
error: Operation not supported: CPU tuning is not available in session mode

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1023366

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-06 15:29:07 +01:00
Michael Chapman
e5cd28c023 datatypes: update comments of Dispose functions
As of commit 46ec5f85, the conn.lock mutex does not need to be held
when calling any vir*Dispose() function in datatypes.c (via virObjectUnref()).

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-03-06 09:39:49 +01:00
Eric Blake
cb9bd7963b virt-login-shell: silence coverity warning
Coverity spotted that 'nfdlist' (ssize_t) could be -1, but that we
were using 'i' (size_t) to iterate over the list at cleanup, with
crashing results because it promotes to a really big unsigned number.

* tools/virt-login-shell.c (main): Avoid treating -1 as unsigned.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-05 11:59:06 -07:00
Roman Bogorodskiy
2c4870d04f Fix missing char dev lock path case in configure
configure check for character devices lock path calls
AC_DEFINE_UNQUOTED for VIR_CHRDEV_LOCK_FILE_PATH even if
$with_chrdev_lock_files = "no".

So the locking code in conf/virchrdev.c:

 #ifdef VIR_CHRDEV_LOCK_FILE_PATH

is compiled in even if it shouldn't, because VIR_CHRDEV_LOCK_FILE_PATH
is defined as "no", so it tries to create lock files with strange
lock path like 'no/LCK..'.

Fix that by calling AC_DEFINE_UNQUOTED only if $with_chrdev_lock_files
is not 'no'.
2014-03-05 22:51:59 +04:00
Peter Krempa
3e04d65a07 qemu: monitor: Provide more information in generic block job error
The qemuMonitorJSONBlockJob handles a few errors internally. If qemu
returns a different error we would report a rather unhelpful message:

 $ virsh blockpull gluster-job vda --base /dev/null
 error: internal error: Unexpected error

As the actual message from qemu contains a bit more info, let's use it
to report something a little more useful:

 $ virsh blockpull gluster-job vda --base /dev/null
 error: internal error: Unexpected error: (GenericError) 'Base '/dev/null' not found'
2014-03-05 15:08:56 +01:00
Peter Krempa
aa50a5c727 doc: storage: Explicitly state that it's possible to have non-unique key
With most of our storage backends it's possible to have two separate
volume keys to point to a single volume. (By creating sym/hard-links to
local files or by mounting remote filesystems to two different locations
and creating pools on top of them) Document this possibility.
2014-03-05 09:51:24 +01:00
Peter Krempa
46446313e8 storage: Don't lie about path used to look up in error message
In storageVolLookupByPath the provided path is "sanitized" at first.
This removes some extra slashes and stuff. When the lookup of the volume
fails the original path is used which makes it hard to trace errors in
some cases.

Improve the error message to print the sanitized path along with the
user provided path if they are not equal.
2014-03-05 09:22:09 +01:00
Peter Krempa
7fb3902b0f storage: Avoid mangling paths of non-local filesystems when looking up
When looking up a volume by path on a non-local filesystem don't use the
"cleaned" path that might be mangled in such a way that it will differ
from a path provided by a storage backend.

Skip the cleanup step for gluster, sheepdog and RBD.
2014-03-05 09:20:05 +01:00
Peter Krempa
429bf2534c storage: Error out when attempting to vol-upload into a remote pool
Pools that are not backed by files in the filesystem cause problems with
some APIs. Error out when attempting to upload a volume in such a pool
as currently we expect a local file representation for it.
2014-03-05 09:08:32 +01:00
Peter Krempa
e45c30ee69 storage: Use cleanup label instead of out 2014-03-05 09:08:32 +01:00
Peter Krempa
a751e3452b virsh: volume: Fix lookup of volumes to provide better error messages
If a user specifies the pool explicitly, we should make sure to point
out that it's inactive instead of falling back to lookup by key/path and
failing at the end. Also if the pool isn't found there's no use in
continuing the lookup.

This changes the error in case the user-selected pool is inactive from:

 $ virsh vol-upload --pool inactivepool --vol somevolname volcontents
 error: failed to get vol 'somevolname'
 error: Storage volume not found: no storage vol with matching path
 somevolname

To a more descriptive:

 $ virsh vol-upload --pool inactivepool --vol somevolname volcontents
 error: pool 'inactivepool' is not active

And in case a user specifies an invalid pool from:

 $ virsh vol-upload --pool invalidpool --vol somevolname volcontents
 error: failed to get pool 'invalidpool'
 error: failed to get vol 'somevolname', specifying --pool might help
 error: Storage volume not found: no storage vol with matching path somevolname

To something less confusing:

 $ virsh vol-upload --pool invalidpool --vol somevolname volcontents
 error: failed to get pool 'invalidpool'
 error: Storage pool not found: no storage pool with matching name 'invalidpool'
2014-03-05 09:08:32 +01:00
Chunyan Liu
6b4c0a635e add virhostdev files to maintain global state of host devices
Signed-off-by: Chunyan Liu <cyliu@suse.com>
2014-03-04 12:28:45 +00:00
Chunyan Liu
de6fa535b0 add 'driver' info to used_by
Specify which driver and which domain in used_by area to avoid conflict among
different drivers.

Signed-off-by: Chunyan Liu <cyliu@suse.com>
2014-03-04 12:24:13 +00:00
Cédric Bosdonnat
9194ccecf1 apparmor: handle "none" type 2014-03-04 11:26:59 +00:00
Cédric Bosdonnat
ef7dc7d429 add support for apparmor in lxc-enter-namespace 2014-03-04 11:15:47 +00:00
Cédric Bosdonnat
500b2e9655 apparmor: add debug traces when changing profile.
The reason for these is that aa-status doesn't show the process using
the profile as they are in another namespace.
2014-03-04 11:07:05 +00:00
Cédric Bosdonnat
a3e4eeff52 Make sure apparmor is started before libvirtd
If apparmor security driver is enabled in either qemu or lxc
driver configuration and libvirtd starts before AppArmor, it will fail.
2014-03-04 11:07:05 +00:00
Cédric Bosdonnat
43c030f046 LXC driver: generate apparmor profiles for guests
use_apparmor() was first designed to be called from withing libvirtd,
but libvirt_lxc also uses it. in libvirt_lxc, there is no need to check
whether to use apparmor or not: just use it if possible.
2014-03-04 11:07:05 +00:00