Commit Graph

7610 Commits

Author SHA1 Message Date
Matthias Bolte
2d2d6a01d7 apparmor: Finish incomplete renaming of relabel to norelabel
Commit 693eac388f was incomplete here.
2011-07-06 14:15:05 +02:00
Daniel P. Berrange
693eac388f Fix default value of security label 'relabel' attribute
When no <seclabel> is present in the XML, the virDomainSeclabelDef
struct is left as all zeros. Unfortunately, this means it gets setup
as type=dynamic, with relabel=no, which is an illegal combination.

Change the 'bool relabel' attribute in virDomainSeclabelDef to
the inverse 'bool norelabel' so that the default initialization
is sensible

* src/conf/domain_conf.c, src/conf/domain_conf.h,
  src/security/security_apparmor.c, src/security/security_selinux.c:
  Replace 'relabel' with 'norelabel'
2011-07-06 12:45:09 +01:00
Matthias Bolte
e123e1ee6b Fix return value semantic of virFileMakePath
Some callers expected virFileMakePath to set errno, some expected
it to return an errno value. Unify this to return 0 on success and
-1 on error. Set errno to report detailed error information.

Also optimize virFileMakePath if stat fails with an errno different
from ENOENT.
2011-07-06 09:27:06 +02:00
Matthias Bolte
c7694e3e50 nodedev: Let check_fc_host_linux report errors to the caller 2011-07-06 08:51:11 +02:00
Jean-Baptiste Rouault
11bd53e322 Fix compilation error when SASL support is disabled
This patch adds #if HAVE_SASL where needed in libvirtd.h
2011-07-06 08:41:17 +02:00
Guannan Ren
416814e66a pci: initialize state values on reattach
add a new API pciDeviceReAttachInit() in pci.c to initialize state values for nodedev reattach

Initialize three state value of device driver to 1. This is just for a new call to
qemudNodeDeviceReAttach()
2011-07-05 11:42:38 -06:00
Laine Stump
0c97dc4159 xml: create an RNG file for common types and move some definitions there
domain.rng, network.rng, and interface.rng already use a few of the
same types (or in some cases *should* but don't), and an upcoming code
change will have them sharing even more. To prepare for that, this
patch takes those common data type definitions and moves them into
basictypes.rng.

This may break some rule about the need to RNG files to be autonomous
or something, but I saw that storageencryption.rng is used in this
way, so I figured it must not be completely against the law...
2011-07-05 12:33:21 -04:00
Laine Stump
b2bf813e58 docs: sort the file list in the schemas Makefile 2011-07-05 12:33:21 -04:00
Laine Stump
834ce603f9 qemu: check flags in qemuDomainGetXMLDesc
Although most functions with flags check to verify no application is
passing in flag bits that are currently undefined, for some reason
this function wasn't.
2011-07-05 12:33:21 -04:00
Laine Stump
d3f7c7b151 conf: fix domain parse flags
* Change all flags args from int to unsigned int

* Allow passing flags in virDomainObjParseFile (and propogate those
  flags all the way down the call chain). Previously the flags were
  hardcoded (to VIR_DOMAIN_XML_INTERNAL_STATUS) several layers down
  the chain. Pass that value in at the one place that is currently
  calling virDomainObjParseFile.
2011-07-05 12:33:21 -04:00
Matthias Bolte
3ab1776b7f tests: Disable networkxml2argvtest when configured without network
Reported by Ruben Kerkhof.
2011-07-05 15:26:18 +02:00
Matthias Bolte
4a03db81cd qemu: Fix virFileMakePath error handling in snapshot creation
virFileMakePath returns an errno value on error, that will never
be negative. An virFileMakePath error would have been ignored here,
instead of being reported correctly.
2011-07-05 10:49:36 +02:00
Matthias Bolte
4a6d4d4285 conf: Fix declaration of virNetworkDNS(Hosts)Def struct
The struct A {} A; construct triggers a linker error on OSX about
duplicate symbols. This also differs from the common struct style.

Switch to common style to fix this.

Reported by Justin Clift.
2011-07-05 10:40:27 +02:00
Daniel P. Berrange
6bcd732ead Add documentation for the seclabel XML element
The domain XML documentation is missing information about the
<seclabel> element used by security drivers

* formatdomain.html.in: Document <seclabel>
2011-07-04 11:19:20 +01:00
Daniel P. Berrange
6321fd9798 Allow for resource relabelling with static labels
Add a new attribute to the <seclabel> XML to allow resource
relabelling to be enabled with static label usage.

  <seclabel model='selinux' type='static' relabel='yes'>
    <label>system_u:system_r:svirt_t:s0:c392,c662</label>
  </seclabel>

* docs/schemas/domain.rng: Add relabel attribute
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
  the 'relabel' attribute
* src/qemu/qemu_process.c: Unconditionally clear out the
  'imagelabel' attribute
* src/security/security_apparmor.c: Skip based on 'relabel'
  attribute instead of label type
* src/security/security_selinux.c: Skip based on 'relabel'
  attribute instead of label type and fill in <imagelabel>
  attribute if relabel is enabled.
2011-07-04 11:18:57 +01:00
Daniel P. Berrange
4ebfc42716 Allow a base label to be specified in dynamic labelling mode
Normally the dynamic labelling mode will always use a base
label of 'svirt_t' for VMs. Introduce a <baselabel> field
in the <seclabel> XML to allow this base label to be changed

eg

   <seclabel type='dynamic' model='selinux'>
     <baselabel>system_u:object_r:virt_t:s0</baselabel>
   </seclabel>

* docs/schemas/domain.rng: Add <baselabel>
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
  of base label
* src/qemu/qemu_process.c: Don't reset 'model' attribute if
  a base label is specified
* src/security/security_apparmor.c: Refuse to support base label
* src/security/security_selinux.c: Use 'baselabel' when generating
  label, if available
2011-07-04 11:17:19 +01:00
Osier Yang
49826eda7a storage: Do not override the exact error of createRawFile
virStorageBackendCreateRaw: createRawFile already reported the
exact error.

Before the fix:

error: Failed to create vol vol-create.img
error: cannot create path '/var/lib/libvirt/images/vol-create.img': Unknown error 18446744073709551597

After the fix:

error: Failed to create vol vol-create.img
error: cannot fill file '/var/lib/libvirt/images/vol-create.img': No space left on device
2011-07-04 16:13:23 +08:00
Daniel Veillard
7976d96dd7 Release of libvirt-0.9.3
* configure.ac docs/news.html.in libvirt.spec.in: update for the
  new release
* po/*.po*: updated and regenerated localizations
2011-07-04 15:54:36 +08:00
Wen Congyang
1aa5f85bb8 initialize pointer to NULL
cmd is not initialized to NULL, but we try to freed it if we
meet some error.
2011-07-04 14:00:28 +08:00
Eric Blake
5dc404b71d storage: avoid crash on parse error
Coverity detected that we could crash on bogus input.  Meanwhile,
strtok_r is rather heavy compared to strchr.

* src/storage/storage_backend_iscsi.c (virStorageBackendIQNFound):
  Check for parse failure, and use lighter-weight functions.
2011-07-04 10:41:38 +08:00
Eric Blake
222f6233b4 vmware: avoid null deref on failed lookup
* src/vmware/vmware_driver.c (vmwareDomainReboot): Check error
  before dereferencing memory.
2011-07-04 10:32:22 +08:00
Eric Blake
74d224fac3 qemu: avoid null deref on low memory
Detected by Coverity.  qemuDomainEventQueue requires a non-NULL
pointer; most callers silently drop the event if we encountered
and OOM situation trying to create the event.

* src/qemu/qemu_migration.c (qemuMigrationFinish): Check for OOM.
2011-07-04 10:30:43 +08:00
Eric Blake
3f81f8e4c1 cgroup: silence coverity warning
Coverity noted that most clients reacted to failure to hash; but in
a best-effort kill loop, we can ignore failure.

* src/util/cgroup.c (virCgroupKillInternal): Ignore hash failure.
2011-07-04 10:28:27 +08:00
Eric Blake
dd0c42abd4 rpc: silence coverity warning
Coverity noted that 4 out of 5 calls to virNetClientStreamRaiseError
checked the return value.  This case expects a particular value, so
warn if our expectations went wrong due to some bug elsewhere.

* src/rpc/virnetclient.c (virNetClientCallDispatchStream): Warn on
  unexpected scenario.
2011-07-04 10:26:05 +08:00
Eric Blake
aaea56dc99 qemu: silence coverity warnings
Coverity warns if the majority of callers check a function for
errors, but a few don't; but in qemu_audit and qemu_domain, the
choice to not check for failures was safe.  In qemu_command, the
failure to generate a uuid can only occur on a bad pointer.

* src/qemu/qemu_audit.c (qemuAuditCgroup): Ignore failure to get
  cgroup controller.
* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitor)
  (qemuDomainObjEnterMonitorWithDriver): Ignore failure to get
  timestamp.
* src/qemu/qemu_command.c (qemuParseCommandLine): Check for error.
2011-07-04 10:23:46 +08:00
Eric Blake
6e07f72ee5 rpc: avoid memory leak on error
Detected by Coverity.  The leak is on an error path, but I'm not
sure whether that path is likely to be triggered in practice.

* src/rpc/virnetserverservice.c (virNetServerServiceAccept): Plug leak.
2011-07-04 10:22:50 +08:00
Eric Blake
2aa83b43d3 rpc: fix logic bug
Spotted by Coverity.  If we don't update tmp each time through
the loop, then if the filter being removed was not the head of
the list, we accidentally lose all filters prior to the one we
wanted to remove.

* src/rpc/virnetserverclient.c (virNetServerClientRemoveFilter):
    Don't lose unrelated filters.
2011-07-04 09:45:21 +08:00
Eric Blake
95eaf7ba7f pci: avoid memory leak on error
Detected by Coverity.  Some, but not all, error paths were clean;
but they were repetitive so I refactored them.

* src/util/pci.c (pciGetDevice): Plug leak.
2011-07-01 16:46:20 -06:00
Eric Blake
9e8b7c1523 interface: avoid memory leak on parse error
Detected by Coverity.  Unlikely to hit unless the file contents
were corrupted.

* src/util/interface.c (ifaceRestoreMacAddress): Plug leak.
2011-07-01 16:46:20 -06:00
Eric Blake
e07e9a9456 libvirtd: avoid memory leak on OOM
Detected by Coverity; only strikes on OOM so not serious.

* daemon/libvirtd.c (daemonPidFilePath): Plug leak.
2011-07-01 16:46:20 -06:00
Eric Blake
5d382c57a1 build: avoid 'make syntax-check' failure
* tests/utiltest.c (DO_TEST): Fix indentation for cppi.
2011-07-01 16:46:20 -06:00
Matthias Bolte
ab0b2c1996 tests: Add a general util test
Move non-esx specific tests from esxutilstest there and add a
test for virParseVersionString.
2011-07-01 19:58:15 +02:00
Eric Blake
8ce1afff88 util: choose whether to require micro in version strings
To avoid regressions, we let callers specify whether to require a
minor and micro version.  Callers that were parsing uname() output
benefit from defaulting to 0, whereas callers that were parsing
version strings from other sources should not change in behavior.

* src/util/util.c (virParseVersionString): Allow caller to choose
whether to fail if minor or micro is missing.
* src/util/util.h (virParseVersionString): Update signature.
* src/esx/esx_driver.c (esxGetVersion): Update callers.
* src/lxc/lxc_driver.c (lxcVersion): Likewise.
* src/openvz/openvz_conf.c (openvzExtractVersionInfo): Likewise.
* src/uml/uml_driver.c (umlGetVersion): Likewise.
* src/vbox/vbox_MSCOMGlue.c (vboxLookupVersionInRegistry):
Likewise.
* src/vbox/vbox_tmpl.c (vboxExtractVersion): Likewise.
* src/vmware/vmware_conf.c (vmwareExtractVersion): Likewise.
* src/xenapi/xenapi_driver.c (xenapiGetVersion): Likewise.
Reported by Matthias Bolte.
2011-07-01 11:22:11 -06:00
Eric Blake
6ae3052c06 build: consistently use CFLAGS
According to the automake manual, CPPFLAGS (aka INCLUDES, as spelled
in automake 1.9.6) should only include -I, -D, and -U directives; more
generic directives like -Wall belong in CFLAGS since they affect more
phases of the build process.  Therefore, we should be sticking CFLAGS
additions into a CFLAGS container, not a CPPFLAGS container.

* src/Makefile.am (libvirt_driver_vmware_la_CFLAGS): Use AM_CFLAGS.
(INCLUDES): Move CFLAGS items...
(AM_CFLAGS): ...to their proper location.
* python/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
* tests/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
(commandtest_CFLAGS, commandhelper_CFLAGS)
(virnetmessagetest_CFLAGS, virnetsockettest_CFLAGS): Use AM_CFLAGS.
2011-07-01 10:44:17 -06:00
Daniel Veillard
8c58abeae1 Explicitely invoke python for API doc generator
This fixes the problem of not finding python in /usr/bin
which broke build on FreeBSD
2011-07-01 17:46:52 +02:00
Scott Moser
d42b749abf fix virParseVersionString with linux 3.0
linux 3.0 has no micro version number, and that is causing problems
for virParseVersionString.  The patch below should allow for:
  major
  major.minor
  major.minor.micro

If major or minor are not present they just default to zero.
We found this in Ubuntu (https://bugs.launchpad.net/bugs/802977)
2011-07-01 07:09:48 -06:00
Eric Blake
0ac385bd6c build: remove dead variables
Detected by Coverity.  No real harm in leaving these, but fixing
them cuts down on the noise for future analysis.

* src/rpc/virnetserver.c (virNetServerAddService): Delete unused
entry.
* src/util/sysinfo.c (virSysinfoRead): Delete dead assignment to
base.
2011-07-01 06:48:33 -06:00
Daniel P. Berrange
20ce065124 Remove bogus jsondata.h file reference which does not exist
* tests/Makefile.am: Remove jsondata.h
2011-07-01 10:16:33 +01:00
Eric Blake
bf8fba1e75 build: simplify sanlock distribution
EXTRA_DIST files should unconditionally be part of the tarball,
rather than depending on the presence of sanlock-devel.

Meanwhile, parallel builds could fail if we don't use mkdir -p.

* src/Makefile.am (EXTRA_DIST): Always ship sanlock .aug and
template .conf files.
(%-sanlock.conf): Use MKDIR_P.
2011-06-30 17:26:15 -06:00
Eric Blake
addaa5374c build: allow 'make syntax-check' on fresh checkout
For good or for bad, I did a fresh checkout, ./autogen.sh, then
'configure', then 'make syntax-check', and was surprised that it
failed.  Running 'make' before 'make syntax-check' cleaned up the
issue, but this patch makes it work up front.

* cfg.mk (sc_po_check): Add prerequisites.
2011-06-30 16:45:56 -06:00
Eric Blake
1e1f65312f build: ignore generated file
* .gitignore: Exempt jsontest binary.
2011-06-30 12:15:56 -06:00
Daniel P. Berrange
0e4b921a57 Add conditionals to allow build without SASL
* daemon/libvirtd.c, daemon/remote.c: Add #if HAVE_SASL and
  suitable function stubs to allow build without SASL
2011-06-30 18:56:57 +01:00
Eric Blake
dbf055efa0 build: avoid double-close bug with pipe2
Based on Coverity's finding on the previous patch, I audited
gnulib's pipe2 code and found that we had the potential for
a subtle double-close bug, unless gnulib guarantees that the
contents of the fd array are unchanged on pipe2() failure.

* .gnulib: Update to latest, for pipe2 fix.
2011-06-30 11:36:52 -06:00
Eric Blake
0a8a79af53 rpc: avoid freeing uninitialized variable
Detected by Coverity.  Both are instances of bad things happening
if pipe2 fails; the virNetClientNew failure could free garbage,
and virNetSocketNewConnectCommand could close random fds.

Note: POSIX doesn't guarantee the contents of fd[0] and fd[1]
after pipe failure: http://austingroupbugs.net/view.php?id=467
We may need to introduce a virPipe2 wrapper that guarantees
that on pipe failure, the fds are explicitly set to -1, rather
than our current state of assuming the fds are unchanged from
their value prior to the failed pipe call.

* src/rpc/virnetclient.c (virNetClientNew): Initialize variable.
* src/rpc/virnetsocket.c (virNetSocketNewConnectCommand):
Likewise.
2011-06-30 11:36:52 -06:00
Eric Blake
cdb0e0dc3f virsh: avoid uninitialized variable
Detected by Coverity; neither vshCmddefHelp nor vshCmdOptParse
was initializing opts_required.

* tools/virsh.c (vshCmddefOptParse): Always initialize bitmaps.
2011-06-30 11:36:51 -06:00
Eric Blake
6f9432fcaf virsh: avoid integer overflow
Detected by Coverity.  info.nrVirtCpu is unsigned short, but if
cpumaplen is int, then the product of the two in vshMalloc risks
unintended sign extension.  cmdVcpuinfo had already solved this
by using size_t cpumaplen.

* tools/virsh.c (cmdVcpuPin): Use correct type.
2011-06-30 11:36:51 -06:00
Daniel P. Berrange
1414cc5fdd Fix stream procedure number for virDomainMigratePrepareTunnel3
The virDomainMigratePrepareTunnel3 impl in the remote driver
was using the procedure number for the virDomainMigratePrepareTunnel
method. This doesn't work out so well, because it makes the server
ignore & drop all stream packets

* src/remote/remote_driver.c: Fix procedure for PrepareTunnel3
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
cfd4370ad0 Send back an error if we get unexpected stream control message
We ignore any stream data packets which come in for streams which
are not registered, since these packets are async and do not have
a reply. If we get a stream control packet though we must send back
an actual error, otherwise a (broken) client may hang forever
making it hard to diagnose the client bug.

* src/rpc/virnetserverprogram.c: Send back error for unexpected
  stream control messages
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
c69ba67032 Fix release of virNetMessagePtr instances in streams processing
If a message packet for a invalid stream is received it is just
free'd. This is not good because it doesn't let the client RPC
request counter decrement. If a stream is shutdown with pending
packets the message also isn't released properly because of an
incorrect header type

* daemon/stream.c: Fix message header type
* src/rpc/virnetserverprogram.c: Send dummy reply instead of
  free'ing ignored stream message
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
f1c2c0e2dc Add missing include of signal.h in virnetsocket.c
virNetSocketFree uses kill(SIGTERM) so we must include
signal.h for the definitions

* src/rpc/virnetsocket.c: Include signal.h
2011-06-30 18:04:02 +01:00