Commit Graph

15516 Commits

Author SHA1 Message Date
Martin Kletzander
d27e6bc40f qemu: introduce spiceport chardev backend
Add a new backend for any character device.  This backend uses channel
in spice connection.  This channel is similar to spicevmc, but
all-purpose in contrast to spicevmc.

Apart from spicevmc, spiceport-backed chardev will not be formatted
into the command-line if there is no spice to use (with test for that
as well).  For this I moved the def->graphics counting to the start
of the function so its results can be used in rest of the code even in
the future.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-11 13:43:55 +01:00
Martin Kletzander
296a4791eb qemu: remove pointless condition
This patch is here just to ease the code review and make related
changes look more sensible.  Apart from removing the condition this is
merely a whitespace (indentation) change.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-11 13:43:55 +01:00
Martin Kletzander
a53e504052 qemu: rework '-serial none'
Limiting ourselves to qemu without QEMU_CAPS_DEVICE capability, we
used '-serial none' only if there was no serial device defined in the
domain XML.  This means that if we want to have a possibility of the
device being defined in XML, but not used in the command-line
(e.g. when it's pointless), we'll fail to attach '-serial none' to the
command-line (when skipping the device's command-line building and the
device being the only one).

Since there is no such device, this patch doesn't actually do
anything, but enables easier future additions in this manner.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-11 13:43:55 +01:00
Martin Kletzander
5b189541ac conf: introduce spiceport chardev backend
Add a new character device backend called 'spiceport' that uses
spice's channel for communications and apart from spicevmc can be used
as a backend for any character device from libvirt's point of view.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-11 13:43:55 +01:00
Wido den Hollander
0227889ab0 rbd: Use rbd_create3 to create RBD format 2 images by default
This new RBD format supports snapshotting and cloning. By having
libvirt create images in format 2 end-users of the created images
can benefit from the new RBD format.

Older versions of libvirt can work with this new RBD format as long
as librbd supports format 2. RBD format is supported by librbd since
version 0.56 (Ceph Bobtail).

Signed-off-by: Wido den Hollander <wido@widodh.nl>
2014-02-11 12:10:22 +00:00
Joel SIMOES
9741006333 Libvirt lose sheepdogs volumes on pool refresh or restart.
When restarting sheepdog pool, all volumes are missing.
This patch add automatically all volume from the added pool.

Adding last Daniel P. Berrange's syntaxes correction.
Adding vol on separeted function 'inspired' from parallels_storage :
parallelsAddDiskVolume
2014-02-11 11:32:04 +00:00
Laine Stump
0144d72963 build: correctly check for SOICGIFVLAN GET_VLAN_VID_CMD command
In order to make a client-only build successful on RHEL4 (yes, you
read that correctly!), commit 3ed2e54 modified src/util/virnetdev.c so
that the functional version of virNetDevGetVLanID() was only compiled
if GET_VLAN_VID_CMD was defined. However, it is *never* defined, but
is only an enum value, so the proper version was no longer compiled
even on platforms that support it. This resulted in the vlan tag not
being properly set for guest traffic on VEPA mode guest macvtap
interfaces that were bound to a vlan interface (that's the only place
that libvirt currently uses virNetDevGetVLanID)

Since there is no way to compile conditionally based on the presence
of an enum value, this patch modifies configure.ac to check for said
enum value with AC_CHECK_DECLS(), which #defines
HAVE_DECL_GET_VLAN_VID_CMD to 1 if it's successful compiling a test
program that uses GET_VLAN_VID_CMD (and still #defines it, but to 0,
if it's not successful).  We can then make the compilation of
virNetDevGetVLanID() conditional on the value of
HAVE_DECL_GET_VLAN_VID_CMD.
2014-02-11 01:43:38 +02:00
Chen Hanxiao
b95fde2cf7 docs: grammar fixes in formatdomain
Some grammar fixes.

s/namespace,set/namespace, set
s/container being allowed/container are allowed
s/the <code>uid/The <code>uid

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2014-02-10 14:14:43 -07:00
Yuri Myasoedov
cc25e45158 maint: fix line numbers in check-aclrules reports
Reset line numbering on each input file in check-aclrules.pl. Otherwise
it reports wrong line numbers in its error messages.

Signed-off-by: Yuri Myasoedov <ymyasoedov@yandex.ru>
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-10 14:07:22 -07:00
Michal Privoznik
28900766d5 virNetworkLoadState: Disallow mangled 'floor' element
In the network status XML we may have the <floor/> element with the
'sum' attribute. The attribute represents sum of all 'floor'-s of
computed over each interface connected to the network (this is needed to
guarantee certain bandwidth for certain domain). The sum is therefore a
number. However, if the number was mangled (e.g. by an user's
interference to network status file), we've just ignored it without
refusing to parse such file. This was all due to 'goto error' missing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-10 19:26:16 +01:00
Peter Krempa
9bf629ab60 qemu: Use correct permissions when determining the image chain
The code took into account only the global permissions. The domains now
support per-vm DAC labels and per-image DAC labels. Use the most
specific label available.
2014-02-10 15:49:59 +01:00
Michal Privoznik
e209c07760 networkStartNetwork: Be more verbose
The lack of debug printings might be frustrating in the future.
Moreover, this function doesn't follow the usual pattern we have in the
rest of the code:

  int ret = -1;
  /* do some work */
  ret = 0;
cleanup:
  /* some cleanup work */
  return ret;

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-10 11:47:24 +01:00
Peter Krempa
600bca592b qemu: hyperv: Add support for timer enlightenments
Add a new <timer> for the HyperV reference time counter enlightenment
and the iTSC reference page for Windows guests.

This feature provides a paravirtual approach to track timer events for
the guest (similar to kvmclock) with the option to use real hardware
clock on systems with a iTSC with compensation across various hosts.
2014-02-10 11:30:10 +01:00
Peter Krempa
8ffaa42d7b conf: Enforce supported options for certain timers
According to the documentation various timer options are only supported
by certain timer types. Add a post parse check to verify that the user
didn't specify invalid options.

Also fix the qemu command line parsing function to set correct default
values for the kvmclock timer so that it passes the new check.
2014-02-10 11:17:32 +01:00
Peter Krempa
bbd392ff86 schema: Fix guest timer specification schema according to the docs
According to the documentation describing various tunables for domain
timers not all the fields are supported by all the driver types. Express
these in the RNG:

- rtc, platform: Only these support the "track" attribute.
- tsc: only one to support "frequency" and "mode" attributes
- hpet, pit: tickpolicy/catchup attribute/element
- kvmclock: no extra attributes are supported

Additionally the attributes of the <catchup> element for
tickpolicy='catchup' are optional according to the parsing code. Express
this in the XML and fix a spurious space added while formatting the
<catchup> element and add tests for it.
2014-02-10 11:09:14 +01:00
Felix Geyer
f88a3d9b0c apparmor: Improve profiles
Tested on Debian unstable.
The profile updates are partly taken from the Ubuntu trusty libvirt package.

Signed-off-by: Guido Günther <agx@sigxcpu.org>
2014-02-07 19:16:51 +01:00
John Ferlan
b60644f38f virpci: Resolve coverity issues
Coverity complains about "USE_AFTER_FREE" due to how virPCIDeviceSetStubDriver
"could" return either -1, 0, or 1 from the VIR_STRDUP() and then possibly makes
a call to virPCIDeviceDetach().

The only way this could happen is if NULL were passed as the "driver" name
and virStrdup() returned 0.  Since the calling functions check < 0 on the
initial function call, the 0 possibility causes Coverity to complain.

To fix this - enforce that the second parameter is not NULL using
ATTRIBUTE_NONNULL(2) for the function prototype, then in virPCIDeviceDetach
add an sa_assert(dev->stubDriver). This will result in Coverity not complaining
any more.
2014-02-07 10:58:24 -05:00
Christophe Fergeau
f336b1cccb Add glusterfs to VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_POOL_TYPE
If it's not present in this list, we won't be able to get only
glusterfs pools when using virConnectListAllStoragePools.
2014-02-07 10:26:46 +01:00
Christophe Fergeau
1b9c673936 build-sys: Removed unused variable from configure.ac
LIBGLUSTER_LIBS is emptied before gluster is enabled/disabled, but nothing
else sets/uses this variable, so it can be removed.
2014-02-07 10:26:45 +01:00
Martin Kletzander
440a1aa508 qemu: keep pre-migration domain state after failed migration
Couple of codepaths shared the same code which can be moved out to a
function and on one of such places, qemuMigrationConfirmPhase(), the
domain was resumed even if it wasn't running before the migration
started.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1057407

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-07 10:07:38 +01:00
Jim Fehlig
630b645695 libxl: remove unneeded locking of driver when restoring
libxlDomainRestoreFlags acquires the driver lock while reading the
domain config from the save file and adding it to
libxlDriverPrivatePtr->domains.  But virDomainObjList provides
self-locking APIs, so remove the needless driver locking.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-06 10:39:32 -07:00
Jim Fehlig
778067e195 libxl: improve subprocess handling
If available, let libxl handle reaping any children it creates by
specifying libxl_sigchld_owner_libxl_always_selective_reap.  This
feature was added to improve subprocess handling in libxl when used
in an application that does not install a SIGCHLD handler like
libvirt

http://lists.xen.org/archives/html/xen-devel/2014-01/msg01555.html

Prior to this patch, it is possible to hit asserts in libxl when
reaping subprocesses, particularly during simultaneous operations
on multiple domains.  With this patch, and the corresponding changes
to libxl, I no longer see the asserts.  Note that the libxl changes
will be included in Xen 4.4.0.  Previous Xen versions will be
susceptible to hitting the asserts even with this patch applied to
the libvirt libxl driver.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-06 10:20:31 -07:00
Jim Fehlig
03b3f8940a libxl: handle domain shutdown events in a thread
Handling the domain shutdown event within the event handler seems
a bit unfair to libxl's event machinery.  Domain "shutdown" could
take considerable time.  E.g. if the shutdown reason is reboot,
the domain must be reaped and then started again.

Spawn a shutdown handler thread to do this work, allowing libxl's
event machinery to go about its business.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-06 10:17:58 -07:00
Jim Fehlig
eaa8d9b2c7 libxl: remove list of timer registrations from libxlDomainObjPrivate
Due to some misunderstanding of requirements libxl places on timer
handling, I introduced the half-brained idea of maintaining a list
of timeouts that the driver could force to expire before freeing a
libxlDomainObjPrivate (and hence libxl_ctx).  But testing all
the latest versions of Xen supported by the libxl driver (4.2.3,
4.3.1, 4.4.0 RC3), I see that libxl will handle this just fine and
there is no need to force expiration behind libxl's back.  Indeed it
may be harmful to do so.

This patch removes the timer list, allowing libxl to handle cleanup
of its timer registrations.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-06 10:08:11 -07:00
Jim Fehlig
cda52dbfe5 libxl: fix leaking libxlDomainObjPrivate
When libxl registers an FD with the libxl driver, the refcnt of the
associated libxlDomainObjPrivate object is incremented. The refcnt
is decremented when libxl deregisters the FD.  But some FDs are only
deregistered when their libxl ctx is freed, which unfortunately is
done in the libxlDomainObjPrivate dispose function.  With references
held by the FDs, libxlDomainObjPrivate is never disposed.

I added the ref/unref in FD registration/deregistration when adding
the same in timer registration/deregistration.  For timers, this
is a simple approach to ensuring the libxlDomainObjPrivate is not
disposed prior to their expirtation, which libxl guarantees will
occur.  It is not needed for FDs, and only causes
libxlDomainObjPrivate to leak.

This patch removes the reference on libxlDomainObjPrivate for FD
registrations, but retains them for timer registrations.  Tested on
the latest releases of Xen supported by the libxl driver:  4.2.3,
4.3.1, and 4.4.0 RC3.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2014-02-06 10:06:26 -07:00
Matthieu Coudron
0778fc1ab9 qemu_driver: Introduce <filesystem/> support in device attach/detach
This commit allows to attach/detach a <filesystem> device in qemu. For
this purpose I'm introducing two new functions: virDomainFSInsert() and
virDomainFSRemove() and adding necessary code in the qemu driver.  It
compares filesystems based on their "destination" folder. So if two
filesystems share the same destination, they are considered equal and
the qemu driver would reject the insertion.

Signed-off-by: Matthieu Coudron <mattator@gmail.com>
2014-02-06 17:20:03 +01:00
Matthieu Coudron
8fc98ac8cf virDomainHostdev{Insert,Delete}: Replace VIR_REALLOC_N by VIR_{APPEND,DELETE}_ELEMENT
With this change the code gets shorter and more readable.

Signed-off-by: Matthieu Coudron <mattator@gmail.com>
2014-02-06 17:10:26 +01:00
Michal Privoznik
c5d09fbdd1 qemuxml2argvtest: Set timezone
With my recent work on the test, both time() and localtime() are used.
While mocking the former one, we get predictable result for UTC. But
since the latter function uses timezone to get local time, the result of
localtime() is not so predictive. Therefore, we must set the TZ variable
at the beginning of the test. To be able to catch some things that work
just by a blind chance, I'm choosing a virtual timezone that (hopefully)
no libvirt developer resides in.
2014-02-06 15:15:10 +01:00
Michal Privoznik
35b7088534 qemuxml2argvmock: Mock time() on non-linux platforms too
The qemuxml2argvtest is run on more platforms than linux. For instance
FreeBSD. On these platforms we are, however, not mocking time() which
results in current time being fetched from system and hence tests number
32 and 33 failing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-06 15:15:10 +01:00
Ján Tomko
ac758012d7 virsh: only report filled values in nodecpustats
Rewrite the function to use an array instead of a struct,
translating the field names to int via an enum.
2014-02-06 14:09:15 +01:00
Roman Bogorodskiy
3b00df01fb BSD: implement nodeGetCPUStats
Implementation obtains CPU usage information using
kern.cp_time and kern.cp_times sysctl(8)s and reports
CPU utilization.
2014-02-06 14:09:15 +01:00
Jiri Denemark
05bf937572 qemu: Fix crash in virDomainMemoryStats with old qemu
If virDomainMemoryStats was run on a domain with virtio balloon driver
running on an old qemu which supports QMP but does not support qom-list
QMP command, libvirtd would crash. The reason is we did not check if
qemuMonitorJSONGetObjectListPaths failed and moreover we even stored its
result in an unsigned integer type.
2014-02-06 11:29:29 +01:00
Peter Krempa
5d2691cc4c qemu: blockjob: Print correct file name in error message
When attempting a blockcommit from the top layer, the base argument
passed is NULL. This will be dereferenced when attempting a commit with
an empty image chain. Output the real volume path instead:

virsh blockcommit --verbose --path vda --domain DOMNAME --wait
error: invalid argument: top '/path/somefile' in chain for 'vda' has no backing file

instead of:

error: invalid argument: top '(null)' in chain for 'vda' has no backing file
2014-02-06 10:43:57 +01:00
Peter Krempa
cc3d335b76 maint: Change the text of the NULLSTR() macro to "<null>"
Eric Blake suggested to change this message to be different from the
glibc's NULL deref protection message in printf to be able to
differentiate errors.
2014-02-06 10:43:57 +01:00
Michal Privoznik
e505db0f6c qemuxml2argvtest: Test localtime clock basis
When trying to introduce a test for previous patch, I've
noticed that the command line is constructed using current
time. This won't work in our test suite (unless you guys
wants to set a specific time prior to each test run :) ).
Therefore we need to mock calls to time(2) to return the
same value every time it's called.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-06 08:22:22 +01:00
Michal Privoznik
51bea5df5d qemuBuildClockArgStr: Allow localtime clock basis
https://bugzilla.redhat.com/show_bug.cgi?id=1046192

Commit b8bf79a, which adds clock='variable', forgets to check
localtime basis in qemuBuildClockArgStr(). So that localtime
basis could not be used.

Reported-by: Jincheng Miao <jmiao@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-06 07:51:07 +01:00
Ján Tomko
0db9b0883c Generate a valid imagelabel even for type 'none'
Commit 2ce63c1 added imagelabel generation when relabeling is turned
off. But we weren't filling out the sensitivity for type 'none' labels,
resulting in an invalid label:

$ virsh managedsave domain
error: unable to set security context 'system_u:object_r:svirt_image_t'
on fd 28: Invalid argument
2014-02-05 19:47:30 +01:00
Eric Blake
f34ea654de maint: fix grammar in conf file
Noticed a misuse of 'to' while testing my event regression under
polkit ACLs, and decided to review the entire conf files for
other legibility bugs.

* daemon/libvirtd.conf: Use correct grammar.
* src/qemu/qemu.conf: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-05 10:40:14 -07:00
Eric Blake
11f20e43f1 event: move event filtering to daemon (regression fix)
https://bugzilla.redhat.com/show_bug.cgi?id=1058839

Commit f9f56340 for CVE-2014-0028 almost had the right idea - we
need to check the ACL rules to filter which events to send.  But
it overlooked one thing: the event dispatch queue is running in
the main loop thread, and therefore does not normally have a
current virIdentityPtr.  But filter checks can be based on current
identity, so when libvirtd.conf contains access_drivers=["polkit"],
we ended up rejecting access for EVERY event due to failure to
look up the current identity, even if it should have been allowed.

Furthermore, even for events that are triggered by API calls, it
is important to remember that the point of events is that they can
be copied across multiple connections, which may have separate
identities and permissions.  So even if events were dispatched
from a context where we have an identity, we must change to the
correct identity of the connection that will be receiving the
event, rather than basing a decision on the context that triggered
the event, when deciding whether to filter an event to a
particular connection.

If there were an easy way to get from virConnectPtr to the
appropriate virIdentityPtr, then object_event.c could adjust the
identity prior to checking whether to dispatch an event.  But
setting up that back-reference is a bit invasive.  Instead, it
is easier to delay the filtering check until lower down the
stack, at the point where we have direct access to the RPC
client object that owns an identity.  As such, this patch ends
up reverting a large portion of the framework of commit f9f56340.
We also have to teach 'make check' to special-case the fact that
the event registration filtering is done at the point of dispatch,
rather than the point of registration.  Note that even though we
don't actually use virConnectDomainEventRegisterCheckACL (because
the RegisterAny variant is sufficient), we still generate the
function for the purposes of documenting that the filtering
takes place.

Also note that I did not entirely delete the notion of a filter
from object_event.c; I still plan on using that for my upcoming
patch series for qemu monitor events in libvirt-qemu.so.  In
other words, while this patch changes ACL filtering to live in
remote.c and therefore we have no current client of the filtering
in object_event.c, the notion of filtering in object_event.c is
still useful down the road.

* src/check-aclrules.pl: Exempt event registration from having to
pass checkACL filter down call stack.
* daemon/remote.c (remoteRelayDomainEventCheckACL)
(remoteRelayNetworkEventCheckACL): New functions.
(remoteRelay*Event*): Use new functions.
* src/conf/domain_event.h (virDomainEventStateRegister)
(virDomainEventStateRegisterID): Drop unused parameter.
* src/conf/network_event.h (virNetworkEventStateRegisterID):
Likewise.
* src/conf/domain_event.c (virDomainEventFilter): Delete unused
function.
* src/conf/network_event.c (virNetworkEventFilter): Likewise.
* src/libxl/libxl_driver.c: Adjust caller.
* src/lxc/lxc_driver.c: Likewise.
* src/network/bridge_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/remote/remote_driver.c: Likewise.
* src/test/test_driver.c: Likewise.
* src/uml/uml_driver.c: Likewise.
* src/vbox/vbox_tmpl.c: Likewise.
* src/xen/xen_driver.c: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-05 08:03:31 -07:00
Eric Blake
f9ada9f3d0 rpm: create libvirt-wireshark sub-package
On Fedora 20, with wireshark-devel installed, 'make rpm' failed
due to installed but unpackaged files related to wireshark.  As
F20 is already released without wireshark, I chose to add a new
sub-package that is enabled only for F21 and later.  Furthermore,
all existing wireshark plugins belong to the wireshark package,
so I got to invent behavior of how the first third-party wireshark
module will behave.

* libvirt.spec.in (with_wireshark): Add new conditional.
* configure.ac (ws-plugindir): Improve wording.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-05 06:46:00 -07:00
Laine Stump
eafb53fec2 network: disallow <bandwidth>/<mac> for bridged/macvtap/hostdev networks
https://bugzilla.redhat.com/show_bug.cgi?id=1057321

pointed out that we weren't honoring the <bandwidth> element in
libvirt networks using <forward mode='bridge'/>. In fact, these
networks are just a method of giving a libvirt network name to an
existing Linux host bridge on the system, and libvirt doesn't have
enough information to know where to set such limits. We are working on
a method of supporting network bandwidths for some specific cases of
<forward mode='bridge'/>, but currently libvirt doesn't support it. So
the proper thing to do now is just log an error when someone tries to
put a <bandwidth> element in that type of network. (It's unclear if we
will be able to do proper bandwidth limiting for macvtap networks, and
most definitely we will not be able to support it for hostdev
networks).

While looking through the network XML documentation and comparing it
to the networkValidate function, I noticed that we also ignore the
presence of a mac address in the config in the same cases, rather than
failing so that the user will understand that their desired action has
not been taken.

This patch updates networkValidate() (which is called any time a
persistent network is defined, or a transient network created) to log
an error and fail if it finds either a <bandwidth> or <mac> element
and the network forward mode is anything except 'route'. 'nat', or
nothing. (Yes, neither of those elements is acceptable for any macvtap
mode, nor for a hostdev network).

NB: This does *not* cause failure to start any existing network that
contains one of those elements, so someone might have erroneously
defined such a network in the past, and that network will continue to
function unmodified. I considered it too disruptive to suddenly break
working configs on the next reboot after a libvirt upgrade.
2014-02-05 15:04:58 +02:00
Justin Clift
a6992f600b Fix minor typo in governance doc
While at it, also relinquish active commit rights:
[x years between commits] is probably a poster child example of inactivity :)

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-04 10:43:15 -07:00
John Ferlan
19259574d5 Honor blacklist for modprobe command
https://bugzilla.redhat.com/show_bug.cgi?id=1045124

When loading modules, libvirt does not honor the modprobe blacklist.
Use the new virKModLoad() API in order to attempt load with blacklist check.
Use the new virKModIsBlacklisted() API to check if the failure to load
was due to the blacklist

Signed-off-by: John Ferlan <jferlan@redhat.com>
2014-02-04 10:43:53 -05:00
John Ferlan
02bf6568f4 tests: Add test for new virkmod functions
Adding tests for new virKMod{Config|Load|Unload}() API's.

A test for virKModIsBlacklisted() would require some setup which cannot
be assumed.
2014-02-04 08:59:37 -05:00
John Ferlan
4a2179ea92 utils: Introduce functions for kernel module manipulation
virKModConfig()        - Return a buffer containing kernel module configuration
virKModLoad()          - Load a specific module into the kernel configuration
virKModUnload()        - Unload a specific module from the kernel configuration
virKModIsBlacklisted() - Determine whether a module is blacklisted within
                         the kernel configuration
2014-02-04 08:52:27 -05:00
Laine Stump
0d0a7bf45a qemu: be sure we're using the updated value of backend during hotplug
commit f094aaac changed qemuPrepareHostdevPCIDevices() such that it
may modify the "backend" (vfio vs. legacy kvm) setting in the
virHostdevDef. However, qemuDomainAttachHostPciDevice() (used by
hotplug) copies the backend setting into a local *before* calling
qemuPrepareHostdevPCIDevices(), and then later makes a decision based
on that pre-change value.

The result is that, if the backend had been set to "default" (i.e. not
specified in the config) and was later updated to "VFIO" by
qemuPrepareHostdevPCIDevices(), the qemu process' MacMemLock is not
increased (as is required for VFIO device assignment).

This patch delays making the local copy of backend until after its
potential modification.
2014-02-04 14:05:09 +02:00
Daniel P. Berrange
e45b07314e Write up the project governance process
The project has historically operated as a meritocratic
consensus based community. Formally document what has
always been an unwritten assumption amongst the community
participants. Also include an explicit code of conduct
to preempt any potential, but unlikely, future problems.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-04 11:27:45 +00:00
Laine Stump
66f75925eb network: change default of forwardPlainNames to 'yes'
The previous patch fixed "forwardPlainNames" so that it really is
doing only what is intended, but left the default to be
"forwardPlainNames='no'". Discussion around the initial version of
that patch led to the decision that the default should instead be
"forwardPlainNames='yes'" (i.e. the original behavior before commit
f3886825). This patch makes that change to the default.
2014-02-04 12:00:26 +02:00
Laine Stump
f69a6b987d network: only prevent forwarding of DNS requests for unqualified names
In commit f386825 we began adding the options

  --domain-needed
  --local=/$mydomain/

to all dnsmasq commandlines with the stated reason of preventing
forwarding of DNS queries for names that weren't fully qualified
domain names ("FQDN", i.e. a name that included some "."s and a domain
name). This was later changed to

  domain-needed
  local=/$mydomain/

when we moved the options from the dnsmasq commandline to a conf file.

The original patch on the list, and discussion about it, is here:

  https://www.redhat.com/archives/libvir-list/2012-August/msg01594.html

When a domain name isn't specified (mydomain == ""), the addition of
"domain-needed local=//" will prevent forwarding of domain-less
requests to the virtualization host's DNS resolver, but if a domain
*is* specified, the addition of "local=/domain/" will prevent
forwarding of any requests for *qualified* names within that domain
that aren't resolvable by libvirt's dnsmasq itself.

An example of the problems this causes - let's say a network is
defined with:

   <domain name='example.com'/>
   <dhcp>
      ..
      <host mac='52:54:00:11:22:33' ip='1.2.3.4' name='myguest'/>
   </dhcp>

This results in "local=/example.com/" being added to the dnsmasq options.

If a guest requests "myguest" or "myguest.example.com", that will be
resolved by dnsmasq. If the guest asks for "www.example.com", dnsmasq
will not know the answer, but instead of forwarding it to the host, it
will return NOT FOUND to the guest. In most cases that isn't the
behavior an admin is looking for.

A later patch (commit 4f595ba) attempted to remedy this by adding a
"forwardPlainNames" attribute to the <dns> element. The idea was that
if forwardPlainNames='yes' (default is 'no'), we would allow
unresolved names to be forwarded. However, that patch was botched, in
that it only removed the "domain-needed" option when
forwardPlainNames='yes', and left the "local=/mydomain/".

Really we should have been just including the option "--domain-needed
--local=//" (note the lack of domain name) regardless of the
configured domain of the network, so that requests for names without a
domain would be treated as "local to dnsmasq" and not forwarded, but
all others (including those in the network's configured domain) would
be forwarded. We also shouldn't include *either* of those options if
forwardPlainNames='yes'. This patch makes those corrections.

This patch doesn't remedy the fact that default behavior was changed
by the addition of this feature. That will be handled in a subsequent
patch.
2014-02-04 12:00:26 +02:00
Martin Kletzander
9073f8a720 build: Fix 'make rpm' in VPATH with wireshark
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-04 10:57:21 +01:00