mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-04-01 20:05:19 +00:00
359f4b11a6
While investigating https://bugzilla.redhat.com/show_bug.cgi?id=1061827 I noticed that we pass user input unscathed for block-pull, but always pass a canonical absolute name through for block-commit. [Note that we probably _ought_ to validate that the user's request for block-pull actually matches the backing chain, the way we already do for block-commit - but that's a separate issue. Further note that the ability to pass user input through unscathed allows backdoors such as specifying a backing image that is a network URI such as a gluster disk, instead of forcing things to the local file system; which is an area still under active investigation on whether libvirt needs to behave differently for network disks.] Since qemu may write the name that the user passed in as the backing file, a user may have a reason to want a relative file name passed through to qemu, and always munging things to absolute prevents that. Put another way, if you have the backing chain: [A] <- [B(back=./A)] <- [C(back=./B)] and commit B into A (virsh blockcommit $dom vda --base A --top B), the metadata of C will have to be re-written. But should it be rewritten as [C(back=./A)] or as [C(back=/path/to/A)]? Still up in the air is whether qemu's decision should be based on whether B and/or C had relative paths, or on whether the --base and/or --top arguments to the command were relative paths; but if we always pass a canonical name, we've prevented the spelling of the command arguments from being part of the hueristics that qemu uses. I also audited the code, and verified that we never call qemuMonitorBlockCommit() with a NULL base, either before or after the change to qemu_driver.c. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Preserve user's spelling, since absolute vs. relative matters to qemu. * src/qemu/qemu_monitor.h (qemuMonitorBlockCommit): Base is never null. * src/qemu/qemu_monitor.c (qemuMonitorBlockCommit): Likewise. * src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit): Likewise. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit): Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
libvirt library code README
===========================
The directory provides the bulk of the libvirt codebase. Everything
except for the libvirtd daemon and client tools. The build uses a
large number of libtool convenience libraries - one for each child
directory, and then links them together for the final libvirt.so,
although some bits get linked directly to libvirtd daemon instead.
The files directly in this directory are supporting the public API
entry points & data structures.
There are two core shared modules to be aware of:
* util/ - a collection of shared APIs that can be used by any
code. This directory is always in the include path
for all things built
* conf/ - APIs for parsing / manipulating all the official XML
files used by the public API. This directory is only
in the include path for driver implementation modules
* vmx/ - VMware VMX config handling (used by esx/ and vmware/)
Then there are the hypervisor implementations:
* bhyve - bhyve - The BSD Hypervisor
* esx/ - VMware ESX and GSX support using vSphere API over SOAP
* hyperv/ - Microsoft Hyper-V support using WinRM
* lxc/ - Linux Native Containers
* openvz/ - OpenVZ containers using cli tools
* phyp/ - IBM Power Hypervisor using CLI tools over SSH
* qemu/ - QEMU / KVM using qemu CLI/monitor
* remote/ - Generic libvirt native RPC client
* test/ - A "mock" driver for testing
* uml/ - User Mode Linux
* vbox/ - Virtual Box using native API
* vmware/ - VMware Workstation and Player using the vmrun tool
* xen/ - Xen using hypercalls, XenD SEXPR & XenStore
* xenapi/ - Xen using libxenserver
Finally some secondary drivers that are shared for several HVs.
Currently these are used by LXC, OpenVZ, QEMU, UML and Xen drivers.
The ESX, Hyper-V, Power Hypervisor, Remote, Test & VirtualBox drivers all
implement the secondary drivers directly
* cpu/ - CPU feature management
* interface/ - Host network interface management
* network/ - Virtual NAT networking
* nwfilter/ - Network traffic filtering rules
* node_device/ - Host device enumeration
* secret/ - Secret management
* security/ - Mandatory access control drivers
* storage/ - Storage management drivers
Since both the hypervisor and secondary drivers can be built as
dlopen()able modules, it is *FORBIDDEN* to have build dependencies
between these directories. Drivers are only allowed to depend on
the public API, and the internal APIs in the util/ and conf/
directories