On x86_64 hosts, /usr/lib64 must be used instead of /usr/lib
Rather than attempt to whitelist architectures, just check
for existance of /usr/lib64
* autogen.sh: Fix to use /usr/lib64 if it exists
Add a hook to the error reporting APIs to allow specific
error messages to be filtered out. Wire up libvirtd to
remove VIR_ERR_NO_DOMAIN & similar error codes from the
logs. They are still logged at DEBUG level.
* daemon/libvirtd.c: Filter VIR_ERR_NO_DOMAIN and friends
* src/libvirt_private.syms, src/util/virterror.c,
src/util/virterror_internal.h: Hook for changing error
reporting level
This reverts the additions in commit
abff683f78
taking us back to state where all errors are fully logged
in both libvirtd and normal clients.
THe intent was to stop VIR_ERR_NO_DOMAIN (No such domain
with UUID XXXX) messages from client apps polluting syslog
The change affected all error codes, but more seriously,
it also impacted errors from internal libvirtd infrastructure
For example guest autostart no longer logged errors. The
libvirtd network code no longer logged some errors. This
makes debugging incredibly hard
* daemon/libvirtd.c: Remove error log priority filter
* src/util/virterror.c, src/util/virterror_internal.h: Remove
callback for overriding log priority
This patch is a partial resolution to the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=667756
(to complete the fix, an updated selinux-policy package is required,
to add the policy that allows libvirt to set the context of a fifo,
which was previously not allowed).
Explanation : When an incoming migration is over a pipe (for example,
if the image was compressed and is being fed through gzip, or was on a
root-squash nfs server, so needed to be opened by a child process
running as a different uid), qemu cannot read it unless the selinux
context label for the pipe has been set properly.
The solution is to check the fd used as the source of the migration
just before passing it to qemu; if it's a fifo (implying that it's a
pipe), we call the newly added virSecurityManagerSetFDLabel() function
to set the context properly.
A need was found to set the SELinux context label on an open fd (a
pipe, as a matter of fact). This patch adds a function to the security
driver API that will set the label on an open fd to secdef.label. For
all drivers other than the SELinux driver, it's a NOP. For the SElinux
driver, it calls fsetfilecon().
If the return is a failure, it only returns error up to the caller if
1) the desired label is different from the existing label, 2) the
destination fd is of a type that supports setting the selinux context,
and 3) selinux is in enforcing mode. Otherwise it will return
success. This follows the pattern of the existing function
SELinuxSetFilecon().
The problem was introduced by commit 4303c91, which removed the checking
of domain state, this patch is to fix it.
Otherwise, improper error will be thrown, e.g.
error: Failed to save domain rhel6 state
error: cannot resolve symlink /var/lib/libvirt/qemu/save/rhel6.save: No such
file or directory
Running 'make check' can sometimes fail in the gnulib/tests
subdirectory, when doing an incremental build, because
./bootstrap generates a Makefile.am that tries to refer to
../../.. instead of ../.., and gets lost.
This may be an upstream gnulib bug, where a more elegant
solution will present itself in the future:
http://thread.gmane.org/gmane.comp.lib.gnulib.bugs/24898
But in the meantime, I was able to reproduce both the issue,
and this solution to work around it.
* bootstrap.conf (bootstrap_epilogue): Ensure that no stray
../../.. components remain in gnulib/tests/Makefile.in.
Reported by Serge Hallyn.
In QEMU, the card itself is a PCI device, but it requires a codec
(either -device hda-output or -device hda-duplex) to actually output
sound. Specifying <sound model='ich6'/> gives us -device intel-hda
-device hda-duplex I think it's important that a simple <sound model='ich6'/>
sets up a useful codec, to have consistent behavior with all other sound cards.
This is basically Dan's proposal of
<sound model='ich6'>
<codec type='output' slot='0'/>
<codec type='duplex' slot='3'/>
</sound>
without the codec bits implemented.
The important thing is to keep a consistent API here, we don't want some
<sound> devs require tweaking codecs but not others. Steps I see to
accomplishing this:
- every <sound> device has a <codec type='default'/> (unless codecs are
manually specified)
- <codec type='none'/> is required to specify 'no codecs'
- new audio settings like mic=on|off could then be exposed in
<sound> or <codec> in a consistent manner for all sound models
v2:
Use model='ich6'
v3:
Use feature detection, from eblake
Set codec id, bus, and cad values
v4:
intel-hda isn't supported if -device isn't available
v5:
Comment spelling fixes
This bug has been present since before the time that commit
f8a519 (Dec 2008) tried to make the dispatch loop re-entrant.
Dereferencing eventLoop.handles outside the lock risks crashing, since
any other thread could have reallocated the array in the meantime.
It's a narrow race window, however, and one that would have most
likely resulted in passing bogus data to the callback rather than
actually causing a segv, which is probably why it has gone undetected
this long.
* daemon/event.c (virEventDispatchHandles): Cache data while
inside the lock, as the array might be reallocated once outside.
If vnc_auto_unix_socket is enabled, any VNC devices without a hardcoded
listen or socket value will be setup to serve over a unix socket in
/var/lib/libvirt/qemu/$vmname.vnc.
We store the generated socket path in the transient VM definition at
CLI build time.
QEMU supports serving VNC over a unix domain socket rather than traditional
TCP host/port. This is specified with:
<graphics type='vnc' socket='/foo/bar/baz'/>
This provides better security access control than VNC listening on
127.0.0.1, but will cause issues with tools that rely on the lax security
(virt-manager in fedora runs as regular user by default, and wouldn't be
able to access a socket owned by 'qemu' or 'root').
Also not currently supported by any clients, though I have patches for
virt-manager, and virt-viewer should be simple to update.
v2:
schema: Make listen vs. socket a <choice>
This will allow us to record transient runtime state in vm->def, like
default VNC parameters. Accomplish this by adding an extra 'live' parameter
to SetDefTransient, with similar semantics to the 'live' flag for
AssignDef.
https://bugzilla.redhat.com/show_bug.cgi?id=562743
Also, fixes gnulib bug in dealing with strerror_r from glibc 2.13.
* .gnulib: Update to latest, for improved bootstrap.
* bootstrap: Resync from gnulib.
* autogen.sh (bootstrap): Add --bootstrap-sync, to make it easier
to keep bootstrap up-to-date. Pass optional --no-git through.
Reported by Aleksey Avdeev.
When restoring a saved qemu instance via JSON monitor, the vm is
left in a paused state. Turns out the 'cont' cmd was failing with
"MigrationExpected" error class and "An incoming migration is
expected before this command can be executed" error description
due to migration (restore) not yet complete.
Detect if 'cont' cmd fails with "MigrationExpecte" error class and
retry 'cont' cmd.
V2: Fix potential double-free noted by Laine Stump
Report VIR_ERR_CONFIG_UNSUPPORTED instead of VIR_ERR_INTERNAL_ERROR,
as it's valid in our domain schema, just unsupported by hypervisor
here.
* src/qemu/qemu_command.c
The code which set VNC passwords correctly had fallback for
the set_password command, but was lacking it for the
expire_password command. This made it impossible to start
a guest. It also failed to check whether QEMU was still
running after the initial 'set_password' command completed
* src/qemu/qemu_hotplug.c: Fix error handling when
password expiry fails
* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
return code for missing expire_password command
Avoid overwriting the real error message with a generic
OOM failure message, when machine type probe fails
* src/qemu/qemu_driver.c: Don't overwrite error
If the XML security model is NULL, it is assumed that the current
model will be used with dynamic labelling. The verify step is
meaningless and potentially crashes if dereferencing NULL
* src/security/security_manager.c: Skip NULL model on verify
The function virUnrefConnect() may call virReleaseConnect() to release
the dest connection, and the function virReleaseConnect() will call
conn->driver->close().
So the function virUnrefConnect() should be surrounded by
qemuDomainObjEnterRemoteWithDriver() and
qemuDomainObjExitRemoteWithDriver() to prevent possible deadlock between
two communicating libvirt daemons.
See commit f0c8e1cb37 for further details.
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
In some circumstances, libvirtd would issue two STOPPED events after it
stopped a domain. This was because an EOF event can arrive after a qemu
process is killed but before qemuMonitorClose() is called.
qemuHandleMonitorEOF() should ignore EOF when the domain is not running.
I wasn't able to reproduce this bug directly, only after adding an
artificial sleep() into qemudShutdownVMDaemon().
A large number of return values used 'return (0)' instead
of simply 'return 0'. Remove all these redundant brackets
so the style is consistent throughout the file
* src/libvirt.c: Remove redundant brackets
The driver table only has 10 slots, but there are potentially
11 drivers that need activating. Improve the error message
when driver registration fails
* src/libvirt.c: Increase driver table size & improve errors
The virLibConnError() function (and related ones) do not correctly
report line number info. Turn them all into macros so line numbers
are reported correctly. Drop the connection object in all of them
since it is no longer used.
Also from the virLibConnWarning() equivalents completely. Now
that the Xen driver is running 100% inside libvirtd, those
codepaths for secondary drivers cannot be reached.
* src/libvirt.c: Replace error functions with macros
* .gnulib: Update to latest, for sigpipe and sigaction modules.
* bootstrap.conf (gnulib_modules): Add siaction, sigpipe, strerror_r.
* tools/virsh.c (vshSetupSignals) [!SIGPIPE]: Delete, now that
gnulib guarantees it.
(SA_SIGINFO): Define for mingw fallback.
* src/util/virterror.c (virStrerror): Simplify, now that gnulib
guarantees the POSIX interface.
* configure.ac (AC_CHECK_FUNCS_ONCE): Drop redundant check.
(AM_PROG_CC_STDC): Move earlier, to keep autoconf happy.
The public object is called NWFilter but the corresponding private
object is called NWFilterPool. I don't see compelling reasons for this
Pool suffix. One might argue that an NWFilter is a "pool" of rules, etc.
Remove the Pool suffix from NWFilterPool. No functional change included.
Fixes regression introduced in commit 2211518, where all qemu 0.12.x
fails to start, as does qemu 0.13.x lacking the pci-assign device.
Prior to 2211518, the code was just ignoring a non-zero exit status
from the qemu child, but the virCommand code checked this to avoid
masking any other issues, which means the real bug of provoking
non-zero exit status has been latent for a longer time.
* src/qemu/qemu_capabilities.c (qemuCapsExtractVersionInfo): Check
for -device driver,? support.
(qemuCapsExtractDeviceStr): Avoid failure if all probed devices
are unsupported.
Reported by Ken Congyang.