Commit Graph

11878 Commits

Author SHA1 Message Date
Julio Faracco
e087911786 conf: use typedefs for enums in node_device_conf, nwfilter_params
In "src/conf/" there are many enumeration (enum) declarations. Similar
to the recent cleanup to "src/util" directory, it's better to use a
typedef for variable types, function types and other usages. Other
enumeration and folders will be changed to typedef's in the future.
Most of the files changed in this commit are reltaed to Node and
Network (node_device_conf.h and nwfilter_params.*) enums.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-12 16:49:43 -06:00
Chunyan Liu
fd43d1f8bd libxl: fix support for <interface type="hostdev"> syntax
A VIR_DOMAIN_NET_TYPE_HOSTDEV interface device is really a hostdev
device, which is created by the libxl driver in libxlMakePCIList().
There is no need to create a libxl_device_nic for such hostdev
devices, so skip interfaces of type VIR_DOMAIN_NET_TYPE_HOSTDEV in
libxlMakeNicList().

Signed-off-by: Chunyan Liu <cyliu@suse.com>
2014-05-12 14:52:50 -06:00
Roman Bogorodskiy
0cb88f3b38 bhyve: implement connectGetSysinfo 2014-05-12 19:15:04 +04:00
Oleg Strikov
825a23d916 qemu: Implement a stub cpuArchDriver.compare() handler for arm and aarch64
Libvirt calls cpuArchDriver.compare() while doing guest migration.
We don't have any logic to distinguish between different arm and
aarch64 models that's why this patch allows migration to any host.

Signed-off-by: Oleg Strikov <oleg.strikov@canonical.com>
2014-05-11 18:16:34 -04:00
Dawid Zamirski
77e7a75a8b ESX: add virStorageVolGetInfo in iSCSI backend.
Since the ESX storage implements VMFS and iSCSI storage backends and
chooses relevant backend dynamically at runtime, there was a segfault
when issuing vol-info on iSCSI volume due to unimplemented
virStorageGetInfo function. This patch implements that function that was
missing in iSCSI backend and returns expected result without a segfault.
2014-05-10 17:35:03 +02:00
John Ferlan
e1e4483c90 storage: Resolve issues in failure path
https://bugzilla.redhat.com/show_bug.cgi?id=1092882

Refactoring in commit id '0c2305b3' resulted in the wrong storage
volume object being passed to the new storageVolDeleteInternal().
It should have passed 'voldef' which is the address found in the
pool->volumes.objs[i] array.  By passing 'voldef', the DeleteInternal
code will find and remove the voldef from the volumes.objs[] list.
2014-05-07 10:21:18 -04:00
Dmitry Guryanov
99f4def63b parallels: add a set of trivial functions
Add functions parallelsIsAlive, parallelsIsEncrypted,
parallelsIsSecure which are very simple to implement, but
may be required by some libvirt users. Almost all other
drivers have these functions.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-05-07 14:56:53 +01:00
Dmitry Guryanov
68a81f77d0 parallels: don't add domain to the list twice
There is a problem with function parallelsDomainDefineXML. If we
are defining a new domain, then we need to do 2 things: aclually
create a VM in PCS and add new domain to the cached list of domains
_parallelsConn.domains.

This is done in the function parallelsLoadDomains. So call to
virDomainObjListAdd will return a error, because a domain
with the same name and id will already be in the list.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-05-07 14:56:39 +01:00
Dmitry Guryanov
6d02d2774d parallels: don't enable VNC when we define a new domain
I added this code year ago, instead of implementing ability
to change VNC configuration, which was not trivial, I added
extra call to prlctl, which sets up VNC with auto port, despite
VNC configuration given by a user.

Let's remove this hack, because, first, it doesn't work on the
latest Parallels Cloud Server release (you have to either specify
--vnc-nopasswd option or password). And also has problem with
error handling. If second call to prlctl fails, VM, created by
first call to prlctl, will not be removed.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-05-07 14:56:39 +01:00
Dmitry Guryanov
740a3f2731 parallels: fix virDomainDef.features comparison
virDomainDef.features became an array, so now we can't simply
compare one features variable to another. We need to compare
each each element from the array.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-05-07 14:56:39 +01:00
John Ferlan
e3d66229a1 qemu: Adjust size for qcow2/qed if not on sector boundary
https://bugzilla.redhat.com/show_bug.cgi?id=1002813

If qemuDomainBlockResize() is passed a size not on a KiB boundary - that
is passed a size based in bytes (VIR_DOMAIN_BLOCK_RESIZE_BYTES), then
depending on the source format (qcow2 or qed), the value passed must
be on a sector (or 512 byte) boundary. Since other libvirt code quietly
adjusts the capacity values, then do so here as well - of course ensuring
that adjustment still fits.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2014-05-07 07:25:16 -04:00
Ján Tomko
f3be5f0c50 Add support for timestamping QEMU logs
QEMU commit 5e2ac51 added a boolean '-msg timestamp=[on|off]'
option, which can enable timestamps on errors:
$ qemu-system-x86_64 -msg timestamp=on zghhdorf
2014-04-09T13:25:46.779484Z qemu-system-x86_64: -msg timestamp=on: could
not open disk image zghhdorf: Could not open 'zghhdorf': No such file or
directory

Enable this timestamp if the QEMU binary supports it.

Add a 'log_timestamp' option to qemu.conf for disabling this behavior.
2014-05-07 10:27:50 +02:00
Tomoki Sekiyama
b6d4dad11b qemu: track quiesced status in qemuDomainSnapshotFSFreeze
Adds 'quiesced' status into qemuDomainObjPrivate that tracks whether
FSFreeze is requested in the domain.

It modifies error code from qemuDomainSnapshotFSFreeze and
qemuDomainSnapshotFSThaw, so that a caller can know whether the command is
actually sent to the guest agent. If the error is caused before sending a
freeze command, a counterpart thaw command shouldn't be sent either, not to
confuse fsfreeze status tracking.

Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-06 21:50:53 -06:00
Tomoki Sekiyama
ca3d07fd45 remote: Implement virDomainFSFreeze and virDomainFSThaw
New rules are added in fixup_name in gendispatch.pl to keep the name
FSFreeze and FSThaw. This adds a new ACL permission 'fs_freeze',
which is also applied to VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE flag.

Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com>
Acked-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-06 18:01:05 -06:00
Tomoki Sekiyama
208f002c9d Introduce virDomainFSFreeze() and virDomainFSThaw() public API
These will freeze and thaw filesystems within guest specified by
@mountpoints parameters. The parameters can be NULL and 0, then all
mounted filesystems are frozen or thawed. @flags parameter, which are
currently not used, is for future extensions.

Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-06 17:41:58 -06:00
Giuseppe Scrivano
2c054ca176 udev: consider the device a CDROM when ID_CDROM=1
Some CDROM devices are reported by udev to have an ID_TYPE="generic"
thus it is necessary to check if ID_CDROM is present.

As a side effect, treating ID_TYPE="generic" as a missing ID_TYPE will
enable checks for ID_DRIVE_FLASH_SD and ID_DRIVE_FLOPPY and the
udevKludgeStorageType heuristic.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-06 16:32:27 -06:00
Cole Robinson
709f2455cc virdbus: Make virDBusCall static 2014-05-06 11:22:13 -04:00
Cole Robinson
3e8699d324 virerror: Fix an error message typo 2014-05-06 11:21:57 -04:00
Daniel P. Berrange
d6b27d3e4c LSN-2014-0003: Don't expand entities when parsing XML
If the XML_PARSE_NOENT flag is passed to libxml2, then any
entities in the input document will be fully expanded. This
allows the user to read arbitrary files on the host machine
by creating an entity pointing to a local file. Removing
the XML_PARSE_NOENT flag means that any entities are left
unchanged by the parser, or expanded to "" by the XPath
APIs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-05-06 14:04:45 +01:00
Laine Stump
1e947cf7d8 qemu: specify domain in host-side PCI addresses when needed/supported
This uses the new QEMU_CAPS_HOST_PCI_MULTIDOMAIN capability when
present, for -devivce pci-assign, -device vfio-pci, and -pcidevice.

While creating tests for this new functionality, I noticed that the
xmls for two existing tests had erroneously specified an
until-now-ignored domain="0x0002", so I corrected those two tests, and
also added two failure tests to be sure that we alert users who
attempt to use a non-zero domain with a qemu that doesn't support it.
2014-05-06 14:34:56 +03:00
Laine Stump
17133e3702 qemu: add host-pci-multidomain capability
Quite a long time ago, (apparently between qemu 0.12 and 0.13) qemu
quietly began supporting the optional specification of a domain in the
host-side address of all pci passthrough commands (by simply
prepending it to the bus:slot.function format, as
"dddd:bb:ss.f"). Since machines with multiple PCI domains are very
rare, this never came up in practice, so libvirt was never updated to
support it.

This patch takes the first step to supporting specification of a non-0
domain in the host-side address of PCI devices being assigned to a
domain, by adding a capability bit to indicate support
"QEMU_CAPS_HOST_PCI_MULTIDOMAIN", and detect it. Since this support
was added in a version prior to the minimum version required for
QMP-style capabilities detection, the capability is always enabled for
any qemu that uses QMP for capabilities detection. For older qemus,
the only clue that a domain can be specified in the host pci address
is the presence of the string "[seg:]" in the help string for
-pcidevice. (Ironically, libvirt will not be modified to support
specification of domain for -pcidevice, since any qemu new enough for
us to care about also supports "-device pci-assign" or "-device
vfio-pci", which are greatly preferred).
2014-05-06 14:32:33 +03:00
Michal Privoznik
eb54426659 storageVolCreateXMLFrom: Allow multiple accesses to origvol
When creating a new volume, it is possible to copy data into it from
another already existing volume (referred to as @origvol). Obviously,
the read-only access to @origvol is required, which is thread safe
(probably not performance-wise though). However, with current code
both @newvol and @origvol are marked as building for the time of
copying data from the @origvol to @newvol. The rationale behind
is to disallow some operations on both @origvol and @newvol, e.g.
vol-wipe, vol-delete, vol-download. While it makes sense to not allow
such operations on partly copied mirror, but it doesn't make sense to
disallow vol-create or vol-download on the source (@origvol).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-05-06 10:24:44 +02:00
Ján Tomko
c3f6882383 Fix build wihout macvtap or virtualport
Commit 1b14c44 broke the build on FreeBSD by changing
the signature of a few functions without updating the
corresponding stubs that are used when WITH_MACVTAP
or WITH_VIRTUALPORT is not defined.
2014-05-06 09:14:05 +02:00
Julio Faracco
6000705ab1 conf: use typedefs for enums in "src/conf/{network,interface}_conf.h"
In "src/conf/" there are many enumeration (enum) declarations.
Similar to the recent cleanup to "src/util" directory, it's
better to use a typedef for variable types, function types and
other usages. Other enumeration and folders will be changed to
typedef's in the future. Most of the files changed in this commit
are reltaed to Network (network_conf.* and interface_conf.*) enums.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-05 16:04:53 -06:00
Julio Faracco
00ee955d08 conf: use typedefs for enums in "src/conf/cpu_conf.h"
In "src/conf/" there are many enumeration (enum) declarations.
Similar to the recent cleanup to "src/util" directory, it's
better to use a typedef for variable types, function types and
other usages. Other enumeration and folders will be changed to
typedef's in the future. Most of the files changed in this commit
are related to CPU (cpu_conf) enums.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-05 15:52:36 -06:00
Julio Faracco
1b14c449b8 util: use typedefs for enums in "src/util/" directory
In "src/util/" there are many enumeration (enum) declarations.
Sometimes, it's better using a typedef for variable types,
function types and other usages. Other enumeration will be
changed to typedef's in the future.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-05 14:30:01 -06:00
Jim Fehlig
da74412046 libxl: support PARAVIRT reboot flag
Add support for the VIR_DOMAIN_REBOOT_PARAVIRT flag in
libxlDomainReboot().
2014-05-05 10:52:21 -06:00
Jim Fehlig
c4fe29f88c libxl: support PARAVIRT and ACPI shutdown flags
Add support for VIR_DOMAIN_SHUTDOWN_PARAVIRT and
VIR_DOMAIN_SHUTDOWN_ACPI_POWER_BTN flags in
libxlDomainShutdownFlags().
2014-05-05 10:52:21 -06:00
Eric Blake
fff74b275e conf: drop extra storage probe
All callers of virStorageFileGetMetadataFromBuf were first calling
virStorageFileProbeFormatFromBuf, to learn what format to pass in.
But this function is already wired to do the exact same probe if
the incoming format is VIR_STORAGE_FILE_AUTO, so it's simpler to
just refactor the probing into the central function.

* src/util/virstoragefile.h (virStorageFileGetMetadataFromBuf):
Drop parameter.
(virStorageFileProbeFormatFromBuf): Drop declaration.
* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf):
Do probe here instead of in callers.
(virStorageFileProbeFormatFromBuf): Make static.
* src/libvirt_private.syms (virstoragefile.h): Drop function.
* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
Update caller.
* src/storage/storage_backend_gluster.c
(virStorageBackendGlusterRefreshVol): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-05 10:46:05 -06:00
Roman Bogorodskiy
0541727cf7 bhyve: report cpuTime in bhyveDomainGetInfo
Add a helper function virBhyveGetDomainTotalCpuStats() to
obtain process CPU time using kvm (kernel memory interface)
and use it to set cpuTime field of the virDomainInfo struct in
bhyveDomainGetInfo().
2014-05-05 18:03:15 +04:00
Martin Kletzander
6d105946a9 typos: fix s/it/is/ where applicable
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-05-05 11:49:36 +02:00
Li Yang
0525ab1c8c datatypes: Fix comment of secret uuid
Signed-off-by: Li Yang <liyang.fnst@cn.fujitsu.com>
2014-05-05 10:20:51 +02:00
Roman Bogorodskiy
747ed3e657 bhyve: implement connectDomainXMLToNative
The only accepted format for now is 'bhyve-argv' which
prints out a bhyve command corresponding to the given
domain definition.
2014-05-04 17:43:55 +04:00
Roman Bogorodskiy
07e371fc36 bhyve: improve bhyve_command.c testability
* bhyve_command.c (bhyveBuildNetArgStr, virBhyveProcessBuildBhyveCmd):
  add dryRun mode which doesn't create any devices when enabled
* bhyve_command.c (virBhyveProcessBuildBhyveCmd,
  virBhyveProcessBuildDestroyCmd, virBhyveProcessBuildLoadCmd): accept
  virDomainDefPtr instead of virDomainObjPtr.
2014-05-04 17:43:54 +04:00
Ján Tomko
a65871aaae Fix vlan ID detection in udev interface driver
Instead of guessing it from the interface name, look into
/proc/net/vlan/<interface>.

This works for devices not named <real_device>.<vlan ID>,
avoiding an error flood when virt-manager keeps asking about
them every second:

https://bugzilla.redhat.com/show_bug.cgi?id=966329
2014-05-04 15:08:14 +02:00
John Ferlan
f1856eb622 Restore skipping of setting capacity
Commit id 'ac9a0963' refactored out the 'withCapacity' for the
virStorageBackendUpdateVolInfo() API.  See:

http://www.redhat.com/archives/libvir-list/2014-April/msg00043.html

This resulted in a difference in how 'virsh vol-info --pool <poolName>
<volume>' or 'virsh vol-list vol-list --pool <poolName> --details' outputs
the capacity information for a directory pool with a qcow2 sparse file.

For example, using the following XML

mkdir /home/TestPool
cat testpool.xml
<pool type='dir'>
  <name>TestPool</name>
  <uuid>6bf80895-10b6-75a6-6059-89fdea2aefb7</uuid>
  <source>
  </source>
  <target>
    <path>/home/TestPool</path>
    <permissions>
      <mode>0755</mode>
      <owner>0</owner>
      <group>0</group>
    </permissions>
  </target>
</pool>

virsh pool-create testpool.xml
virsh vol-create-as --pool TestPool temp_vol_1 \
      --capacity 1048576 --allocation 1048576 --format qcow2
virsh vol-info --pool TestPool temp_vol_1

Results in listing a Capacity value.  Prior to the commit, the value would
be '1.0 MiB' (1048576 bytes). However, after the commit the output would be
(for example) '192.50 KiB', which for my system was the size of the volume
in my file system (eg 'ls -l TestPool/temp_vol_1' results in '197120' bytes
or 192.50 KiB). While perhaps technically correct, it's not necessarily
what the user expected (certainly virt-test didn't expect it).

This patch restores the code to not update the target capacity for this path
2014-05-02 07:11:05 -04:00
Ján Tomko
1055852aef fix build with older gcc
Older gcc (4.1.2-55.el5, 4.2.1 on FreeBSD) reports bogus warnings:
../../src/conf/nwfilter_conf.c:2111: warning: 'protocol' may be used
uninitialized in this function
../../src/conf/nwfilter_conf.c:2110: warning: 'dataProtocolID' may be
used uninitialized in this function

Initialize them to NULL to make the compiler happy.
2014-05-02 09:37:34 +02:00
Eric Blake
5c05e2b126 storage: reject negative indices
Commit f22b7899 stumbled across a difference between 32-bit and
64-bit platforms when parsing "-1" as an int.  Now that we've
fixed that difference, it's time to fix the testsuite.

* src/util/virstoragefile.c (virStorageFileParseChainIndex):
Require a positive index.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-01 15:11:02 -06:00
Eric Blake
7b045c8ce9 util: new stricter unsigned int parsing
strtoul() is required to parse negative numbers as their
twos-complement positive counterpart.  But sometimes we want
to reject negative numbers.  Add new functions to do this.
The 'p' suffix is a mnemonic for 'positive' (technically it
also parses 0, but 'non-negative' doesn't lend itself to a
nice one-letter suffix).

* src/util/virstring.h (virStrToLong_uip, virStrToLong_ulp)
(virStrToLong_ullp): New prototypes.
* src/util/virstring.c (virStrToLong_uip, virStrToLong_ulp)
(virStrToLong_ullp): New functions.
* src/libvirt_private.syms (virstring.h): Export them.
* tests/virstringtest.c (testStringToLong): Test them.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-01 15:11:02 -06:00
Eric Blake
f18c02ec22 util: fix uint parsing on 64-bit platforms
Commit f22b7899 called to light a long-standing latent bug: the
behavior of virStrToLong_ui was different on 32-bit platforms
than on 64-bit platforms.  Curse you, C type promotion and
narrowing rules, and strtoul specification.  POSIX says that for
a 32-bit long, strtol handles only 2^32 values [LONG_MIN to
LONG_MAX] while strtoul handles 2^33 - 1 values [-ULONG_MAX to
ULONG_MAX] with twos-complement wraparound for negatives.  Thus,
parsing -1 as unsigned long produces ULONG_MAX, rather than a
range error.  We WANT[1] this same shortcut for turning -1 into
UINT_MAX when parsing to int; and get it for free with 32-bit
long.  But with 64-bit long, ULONG_MAX is outside the range
of int and we were rejecting it as invalid; meanwhile, we were
silently treating -18446744073709551615 as 1 even though it
textually exceeds INT_MIN.  Too bad there's not a strtoui() in
libc that does guaranteed parsing to int, regardless of the size
of long.

The bug has been latent since 2007, introduced by Jim Meyering
in commit 5d25419 in the attempt to eradicate unsafe use of
strto[u]l when parsing ints and longs.  How embarrassing that we
are only discovering it now - so I'm adding a testsuite to ensure
that it covers all the corner cases we care about.

[1] Ideally, we really want the caller to be able to choose whether
to allow negative numbers to wrap around to their 2s-complement
counterpart, as in strtoul, or to force a stricter input range
of [0 to UINT_MAX] by rejecting negative signs; this will be added
in a later patch for all three int types.

This patch is tested on both 32- and 64-bit; the enhanced
virstringtest passes on both platforms, while virstoragetest now
reliably fails on both platforms instead of just 32-bit platforms.
That test will be fixed later.

* src/util/virstring.c (virStrToLong_ui): Ensure same behavior
regardless of platform long size.
* tests/virstringtest.c (testStringToLong): New function.
(mymain): Comprehensively test string to long parsing.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-01 15:11:02 -06:00
Daniel P. Berrange
dca027a9b7 Misc error reporting bugs in QEMU cli builder
A couple of places in the QEMU XML -> ARGV conversion code
raised an error but then forgot to return an error status
due to missing gotos. While fixing this also tweak style
of a couple of other error reports

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-05-01 17:24:45 +01:00
Laine Stump
0eac9d1e90 qemu: fix crash when removing <filterref> from interface with update-device
If a domain network interface that contains a <filterref> is modified
"live" using "virsh update-device --live", libvirtd would crash. This
was because the code supporting live update of an interface's
filterref was assuming that a filterref might be added or modified,
but didn't account for removing the filterref, resulting in a null
dereference of the filter name.

Introduced with commit 258fb278, which was first in libvirt v1.0.1.

This addresses https://bugzilla.redhat.com/show_bug.cgi?id=1093301
2014-05-01 15:46:10 +03:00
Peter Krempa
b47668233e storage: Clear all data allocated about backing store before reparsing
To avoid memory leak of the "backingStoreRaw" field when reparsing
backing chains a new function is being introduced by this patch that
shall be used to clear backing store information.

The memory leak was introduced in commit 8823272d41.
2014-04-30 19:59:20 +02:00
Stefan Berger
cdebc2f74c nwfilter: Tear down temp. filters when tearing all filters
Refactor the ebiptablesTearNewRules function so that the teardown of temporary
filters can also be called by the ebiptablesAllTeardown function.

This fixes a problem that leaves temporary filters behind when a VM shuts down
while its filters are modified.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

v1->v2:
  - test cases adjusted to expect more commands
2014-04-30 12:51:38 -04:00
Michal Privoznik
7a6ae35dbe Device{Attach,Detach}: Document S4 limitations
https://bugzilla.redhat.com/show_bug.cgi?id=808463

Well, libvirt doesn't distinguish between domain poweroff and
hibernation (S4). It's hard to differentiate these two on a real
machine anyway. As a result, any device that is hot(un-)plugged is
lost (appears again) when domain is started again as from our POV
it is a fresh cold boot. Instead of doing anything wise here, we
should just document this as known limitation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-04-30 18:25:11 +02:00
Daniel P. Berrange
916b147cc8 Set mknod permission in device ACL for LXC USB devices
The LXC controller itself needs to mknod the USB device
node in /dev/bus/usb, so we can't block mknod permission
from the cgroup.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-30 16:54:13 +01:00
Stefan Berger
a457fc6550 nwfilter: Validate rule after parsing
An IP or IPv6 rule with port specification but without protocol
specification cannot be instantiated by ebtables. The documentation
points to 'protocol' being required but implementation does not
enforce it to be given.

Implement a rule validation function that checks whether the rule is
valid when it is defined. This for example prevents the definition
of rules like:

<ip dstportstart='53'>

where a protocol attribute would be required for it to be valid and for
ebtables to be able to instantiate it. A valid rule then is:

<ip protocol='udp' dstportstart='53'>

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2014-04-30 11:41:18 -04:00
Sahid Orentino Ferdjaoui
f393c4603a Add support for QEMU migration to use SASL authentication
This commit provides the ability to virDomainMigrateToURI to
check for SASL credentials when attempts to migrate a domain
with the driver QEMU.

Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com>
2014-04-30 14:07:53 +01:00
Pavel Hrdina
620e16760e virfirewall: fix build on freebsd
Freebsd doesn't know ENODATA so we have to use different EINVAL
error code.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-04-30 08:51:29 +02:00
Eric Blake
c9679edca9 conf: avoid null deref during storage probe
Commit 5c43e2e introduced a NULL deref if there is a failure
in virStorageFileGetMetadataInternal.

* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf):
Fix error handling.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-29 08:13:29 -06:00