Re: [libvirt] virDomainCreateWithFlags error
On 08/08/2013 01:54 PM, Wangpan wrote: Hi all, I'm using 'libvirt 1.1.1-1 amd64' undef debian wheezy, I found that the return code is 139 when I run command: $ sudo virsh start df1c4670-18eb-4520-b5d8-aa8a492eb876 --paused; echo $? Thanks for reporting this issue, it's a libvirt's bug and we can reproduce your question on libvirt-1.1.1-2.el7.x86_64. 139 but the return code is OK(0) when run command: $ sudo virsh start df1c4670-18eb-4520-b5d8-aa8a492eb876; echo $? I found there is an error in libvirtd.log: 2013-08-08 05:40:23.983+: 16626: error : virNetSocketReadWire:1377 : End of file while reading data: Input/output error I found this issue by using openstack nova folsom, if I create an VM by nova, it will use dom.createWithFlags(0) to create the VM, but then the nova-compute process exited when this function is called, then I changed the createWithFlags(0) to create(), everything become OK. I also tried the function under python, and the python process exited, too. but the dom.create() method is OK, so I think this is a problem about libvirt. I want to know is this a reported bug? libvirt and kvm hypervisor version: Compiled against library: libvirt 1.1.1 Using library: libvirt 1.1.1 Using API: QEMU 1.1.1 Running hypervisor: QEMU 1.1.2 Thanks 2012-08-16 Wangpan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] cgroup: refactor macros usage
Eric Blake wrote: On 08/03/2013 12:01 PM, Roman Bogorodskiy wrote: util/vircgroup.c uses a lot of macros to detect if cgroup is supported by the system or not. These macros are pretty smart and allow to keep code compact, however the downside of that is that it's getting harder to navigate through the cgroup code. So re-organise macros in a more simple fashion, i.e. just explicitly provide functional and stub implementation for every public function. --- src/util/vircgroup.c | 984 +-- 1 file changed, 648 insertions(+), 336 deletions(-) Doing it all at once made it harder to review. It might have been nice to break this into smaller patches (maybe convert 2-3 functions at a time, instead of all of them). That's reasonable, I'll break patch into smaller ones. +#if defined(__linux__) defined(HAVE_MNTENT_H) defined(HAVE_GETMNTENT_R) \ + defined(_DIRENT_HAVE_D_TYPE) defined(major) defined(minor) +# define VIR_CGROUP_SUPPORTED Huh - if we are requiring __linux__, then some of the other things are a given (HAVE_MNTENT_H, major, minor), while some are still dependent on having new enough kernel/glibc (_DIRENT_HAVE_D_TYPE). It might be worth trimming this down now that it is obvious we only compile the #if part on Linux; conversely, see comments in the rest of the review about conditions that you didn't factor up here yet. + +#if defined(VIR_CGROUP_SUPPORTED) We prefer #ifdef VIR_CGROUP_SUPPORTED, when there is only one variable being tested. Ok. @@ -339,7 +332,6 @@ error: return -1; } - static int virCgroupCopyPlacement(virCgroupPtr group, Our style of late has been two blank lines between functions, so this change (and many others like it) is spurious. Ok. @@ -2609,63 +2484,6 @@ int virCgroupGetCpuacctPercpuUsage(virCgroupPtr group, char **usage) Prior to this point, the patch is easy to follow (move the #else portions later in the file). But below here... cpuacct.usage_percpu, usage); } -#ifdef _SC_CLK_TCK I don't see _SC_CLK_TCK in the list of conditionals required by VIR_CGROUP_SUPPORTED up top; why not? It is a separated check in the current code, so I decided to keep it separated as well. -int virCgroupGetCpuacctStat(virCgroupPtr group, unsigned long long *user, -unsigned long long *sys) -{ ...it got a bit weird, claiming that you are moving the implementation of the #if part rather than the #else part. Again, this argues why splitting the patch into more reviewable portions makes life a bit easier. Does 'git diff --patience' make the output any more legible? -#if defined HAVE_KILL defined HAVE_MNTENT_H defined HAVE_GETMNTENT_R HAVE_KILL is another condition I don't see in the overriding VIR_CGROUP_SUPPORTED definition. HAVE_KILL is also a separated check (vircgroup.c:2685), so I decided to keep the same logic. If that's always supported on Linux, I'll move it to VIR_CGROUP_SUPPORTED check. + +#else /* !(VIR_CGROUP_SUPPORTED) */ +bool virCgroupAvailable(void) +{ +virReportSystemError(ENXIO, %s, + _(Control groups not supported on this platform)); +return false; This function did NOT set an error prior to your refactoring, so it should not set an error now. When doing refactoring, you must not make any semantic changes (at least, not without documenting in the commit message that such a change was essential, but even then, separating the change from the motion is preferred). Again, an argument for splitting this into smaller, reviewable patches, by moving only 2-3 functions per patch. Ok. +} +#endif /* VIR_CGROUP_SUPPORTED */ + +#if defined(VIR_CGROUP_SUPPORTED) defined(HAVE_KILL) Why do you have to split this into a separate section? Linux has always had kill(), meaning this is effectively the same as #ifdef VIR_CGROUP_SUPPORTED. I like where this is headed, but think it's worth another attempt. Thanks for the review, I hope to provide updated version this weekend. Roman Bogorodskiy pgp_YL5dOpe2c.pgp Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [sandbox][PATCH v2] Fix delete of running container
On 08/07/2013 09:34 PM, Daniel P. Berrange wrote: On Wed, Aug 07, 2013 at 09:24:14PM +0800, Wayne Sun wrote: Delete running container is not supprted and will report an error. Related to bug: https://bugzilla.redhat.com/show_bug.cgi?id=994495 Signed-off-by: Wayne Sun g...@redhat.com --- bin/virt-sandbox-service | 15 ++- 1 files changed, 10 insertions(+), 5 deletions(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 550d46c..c07c33b 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -254,11 +254,16 @@ class Container: def delete(self): self.connect() -# Stop service if it is running -try: -self.stop() -except: -pass +# Check container is running or not +cmd = /usr/bin/virsh -c %s list | sed '1d;2d;$d' | awk -F' '\ + '{ print $2}' % self.uri +p = Popen(cmd, shell=True, stdout=PIPE, stderr=PIPE) +out, err = p.communicate() +if p.returncode and p.returncode != 0: +raise OSError(_(Failed to list running domain)) + +if self.name in out.splitlines(): +raise ValueError([_(Delete running container is not supported)]) virt-sandbox-service already has a connection to libvirt - no need to spawn virsh here. Just do something like this (untested): self.conn.fetch_domains() dom = self.conn.find_domain_by_name(self.name) info = dom.get_info() if info.state == LibvirtGObject.DomainState.RUNNING: .error... Daniel My limit thought is use virsh or libvirt python api to check domain state, apparently this is better here. This totally works as I tested, v3 on the way. Thanks! Wayne Sun 2013-08-08 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [sandbox][PATCH v3] Fix delete of running container
Delete running container is not supprted and will report an error. Related to bug: https://bugzilla.redhat.com/show_bug.cgi?id=994495 v1: Fix stop function and delete running container. v2: Delete running container is not allowed, spawn virsh to get domain status. v3: Using exist libvirt connection to get dom status. Signed-off-by: Wayne Sun g...@redhat.com --- bin/virt-sandbox-service | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 550d46c..03873c9 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -254,11 +254,11 @@ class Container: def delete(self): self.connect() -# Stop service if it is running -try: -self.stop() -except: -pass +self.conn.fetch_domains(None) +dom = self.conn.find_domain_by_name(self.name) +info = dom.get_info() +if info.state == LibvirtGObject.DomainState.RUNNING: +raise ValueError([_(Cannot delete running container)]) # Not sure we should remove content if os.path.exists(self.dest): -- 1.7.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] With different libvirt version, lxc-enter-namespace return Different Execution results.
Hi Alex, I noticed you did lots of work about lxc-enter-namespace function. There is one thing really confusing me and I really want to consult with you about it. When I execute lxc-enter-namespace to get disk space info for lxc container under different libvirt version, It return different execution results. Details are as following: Under libvirt of version 1.0.2 with unbuntu host OS: # disk space info of Host ubuntu@lxc-gq:~$ df -hl Filesystem Size Used Avail Use% Mounted on /dev/loop7 20G 16G 3.2G 84% / udev2.0G 12K 2.0G 1% /dev tmpfs 791M 300K 791M 1% /run none5.0M 4.0K 5.0M 1% /run/lock none2.0G 0 2.0G 0% /run/shm tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup /dev/nbd593M 1.6M 87M 2% /home/ubuntu/test ubuntu@lxc-gq:~$ vir version Compiled against library: libvirt 1.0.2 Using library: libvirt 1.0.2 Using API: LXC 1.0.2 Running hypervisor: LXC 3.8.0 ubuntu@lxc-gq:~$ vir list IdName State 3241 instance-004b running # disk space info of instance ubuntu@lxc-gq:~$ vir lxc-enter-namespace 3241 /bin/df -hl Filesystem Size Used Avail Use% Mounted on /dev/nbd1 1.4G 956M 329M 75% / devfs64K 8.0K 56K 13% /dev tmpfs64K 0 64K 0% /sys/fs/cgroup none396M 12M 384M 3% /run none5.0M 0 5.0M 0% /run/lock none2.0G 0 2.0G 0% /run/shm Then I logged into the lxc container : ubuntu@lxc-gq:~$ ssh -i id_rsa_lxc ubuntu@10.0.0.4 Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.8.0-25-generic x86_64) * Documentation: https://help.ubuntu.com/ System information disabled due to load higher than 2.0 Get cloud support with Ubuntu Advantage Cloud Guest: http://www.ubuntu.com/business/services/cloud Use Juju to deploy your cloud instances and workloads: https://juju.ubuntu.com/#cloud-precise 0 packages can be updated. 0 updates are security updates. Last login: Thu Aug 8 07:30:04 2013 from 10.0.0.1 To run a command as administrator (user root), use sudo command. See man sudo_root for details. ubuntu@lxc3:~$ df -hl Filesystem Size Used Avail Use% Mounted on /dev/nbd1 1.4G 956M 328M 75% / devfs64K 8.0K 56K 13% /dev tmpfs64K 0 64K 0% /sys/fs/cgroup none396M 12M 384M 3% /run none5.0M 0 5.0M 0% /run/lock none2.0G 0 2.0G 0% /run/shm From above, We can see under libvirt version 1.0.2, through lxc-enter-namespace, disk space info can be obtained and it's the same as info got from lxc inside. But when I did the same thing under libvirt of version 1.1.0 with debian host OS, the execution result changed: #disk info of host hzguanqiang@debian:~$ df -hl Filesystem Size Used Avail Use% Mounted on rootfs 4.0G 1.6G 2.2G 42% / udev 10M 0 10M 0% /dev tmpfs 4.8G 468K 4.8G 1% /run /dev/disk/by-uuid/12bb656b-4f80-4386-aa07-4bf90a3111b4 4.0G 1.6G 2.2G 42% / tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 9.9G 0 9.9G 0% /run/shm /dev/sda8 428G 112G 313G 27% /home /dev/sda6 7.9G 159M 7.8G 2% /tmp /dev/sda516G 2.7G 14G 17% /var cgroup_root 24G 0 24G 0% /sys/fs/cgroup /dev/nbd5 1.4G 851M 466M 65% /home/openstack/stack/data/nova/instances/eed45ccb-3707-4815-9ae4-c7a2f56adb64/rootfs hzguanqiang@debian:~$ vir version Compiled against library: libvirt 1.1.0 Using library: libvirt 1.1.0 Using API: LXC 1.1.0 Running hypervisor: LXC 3.2.46 hzguanqiang@debian:~$ vir list IdName State 6096 instance-0037 running 27981 instance-0038 running 30846 instance-001a running hzguanqiang@debian:~$ vir lxc-enter-namespace instance-0037 /bin/df -hl libvirt: error : argument unsupported: Security model cannot be entered hzguanqiang@debian:~$ vir lxc-enter-namespace instance-0037 --noseclabel /bin/df -hl Filesystem Size Used Avail Use% Mounted on rootfs 4.0G 1.6G 2.2G 42% / udev 10M 0 10M 0% /dev tmpfs
[libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
Valgrind defects memory error: ==16759== 1 errors in context 1 of 8: ==16759== Invalid free() / delete / delete[] / realloc() ==16759==at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd ==16759== 1 errors in context 2 of 8: ==16759== Conditional jump or move depends on uninitialised value(s) ==16759==at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Uninitialised value was created by a stack allocation ==16759==at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423) How to reproduce? # virsh start domain --paused RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855 Signed-off-by: Alex Jia a...@redhat.com --- src/remote/remote_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index f828eef..71d0034 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) make_nonnull_domain(args.dom, dom); args.flags = flags; +memset(ret, 0, sizeof(ret)); if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS, (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)args, (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)ret) == -1) { -- 1.7.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] With different libvirt version, lxc-enter-namespace return Different Execution results.
On Thu, Aug 08, 2013 at 03:56:35PM +0800, hzguanqi...@corp.netease.com wrote: But when I did the same thing under libvirt of version 1.1.0 with debian host OS, the execution result changed: #disk info of host hzguanqiang@debian:~$ df -hl Filesystem Size Used Avail Use% Mounted on rootfs 4.0G 1.6G 2.2G 42% / udev 10M 0 10M 0% /dev tmpfs 4.8G 468K 4.8G 1% /run /dev/disk/by-uuid/12bb656b-4f80-4386-aa07-4bf90a3111b4 4.0G 1.6G 2.2G 42% / tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 9.9G 0 9.9G 0% /run/shm /dev/sda8 428G 112G 313G 27% /home /dev/sda6 7.9G 159M 7.8G 2% /tmp /dev/sda516G 2.7G 14G 17% /var cgroup_root 24G 0 24G 0% /sys/fs/cgroup /dev/nbd5 1.4G 851M 466M 65% /home/openstack/stack/data/nova/instances/eed45ccb-3707-4815-9ae4-c7a2f56adb64/rootfs hzguanqiang@debian:~$ vir lxc-enter-namespace instance-0037 --noseclabel /bin/df -hl Filesystem Size Used Avail Use% Mounted on rootfs 4.0G 1.6G 2.2G 42% / udev 10M 0 10M 0% /dev tmpfs 4.8G 468K 4.8G 1% /run /dev/disk/by-uuid/12bb656b-4f80-4386-aa07-4bf90a3111b4 4.0G 1.6G 2.2G 42% / tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 9.9G 0 9.9G 0% /run/shm /dev/sda8 428G 112G 313G 27% /home /dev/sda6 7.9G 159M 7.8G 2% /tmp /dev/sda516G 2.7G 14G 17% /var cgroup_root 24G 0 24G 0% /sys/fs/cgroup /dev/nbd5 1.4G 851M 466M 65% /home/openstack/stack/data/nova/instances/eed45ccb-3707-4815-9ae4-c7a2f56adb64/rootfs What does 'ls /proc/self/ns' show on the host ? Also what is your guest XML configuration for 'intsance-37' ? Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] With different libvirt version, lxc-enter-namespace return Different Execution results.
On 2013-08-08 16:53 , Daniel P. Berrange wrote: On Thu, Aug 08, 2013 at 03:56:35PM +0800, hzguanqi...@corp.netease.com wrote: But when I did the same thing under libvirt of version 1.1.0 with debian host OS, the execution result changed: #disk info of host hzguanqiang@debian:~$ df -hl Filesystem Size Used Avail Use% Mounted on rootfs 4.0G 1.6G 2.2G 42% / udev 10M 0 10M 0% /dev tmpfs 4.8G 468K 4.8G 1% /run /dev/disk/by-uuid/12bb656b-4f80-4386-aa07-4bf90a3111b4 4.0G 1.6G 2.2G 42% / tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 9.9G 0 9.9G 0% /run/shm /dev/sda8 428G 112G 313G 27% /home /dev/sda6 7.9G 159M 7.8G 2% /tmp /dev/sda516G 2.7G 14G 17% /var cgroup_root 24G 0 24G 0% /sys/fs/cgroup /dev/nbd5 1.4G 851M 466M 65% /home/openstack/stack/data/nova/instances/eed45ccb-3707-4815-9ae4-c7a2f56adb64/rootfs hzguanqiang@debian:~$ vir lxc-enter-namespace instance-0037 --noseclabel /bin/df -hl Filesystem Size Used Avail Use% Mounted on rootfs 4.0G 1.6G 2.2G 42% / udev 10M 0 10M 0% /dev tmpfs 4.8G 468K 4.8G 1% /run /dev/disk/by-uuid/12bb656b-4f80-4386-aa07-4bf90a3111b4 4.0G 1.6G 2.2G 42% / tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 9.9G 0 9.9G 0% /run/shm /dev/sda8 428G 112G 313G 27% /home /dev/sda6 7.9G 159M 7.8G 2% /tmp /dev/sda516G 2.7G 14G 17% /var cgroup_root 24G 0 24G 0% /sys/fs/cgroup /dev/nbd5 1.4G 851M 466M 65% /home/openstack/stack/data/nova/instances/eed45ccb-3707-4815-9ae4-c7a2f56adb64/rootfs What does 'ls /proc/self/ns' show on the host ? Also what is your guest XML configuration for 'intsance-37' ? Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| Hi Daniel, The info you want to see are as following: hzguanqiang@debian:~$ ls /proc/self/ns ipc net uts hzguanqiang@debian:~$ vir dumpxml instance-0037 domain type='lxc' id='6096' nameinstance-0037/name uuid2b39180a-cec0-4423-83e9-4446a27409ea/uuid memory unit='KiB'10485760/memory currentMemory unit='KiB'10485760/currentMemory vcpu placement='static'8/vcpu cputune shares32768/shares period10/period quota40/quota /cputune resource partition/machine/partition /resource os type arch='x86_64'exe/type init/sbin/init/init cmdlineconsole=tty0 console=ttyS0/cmdline /os clock offset='utc'/ on_poweroffdestroy/on_poweroff on_rebootrestart/on_reboot on_crashdestroy/on_crash devices emulator/usr/lib/libvirt/libvirt_lxc/emulator filesystem type='mount' accessmode='passthrough' source dir='/opt/stack/data/nova/instances/2b39180a-cec0-4423-83e9-4446a27409ea/rootfs'/ target dir='/'/ /filesystem interface type='bridge' mac address='fa:16:3e:01:f1:14'/ source bridge='br100'/ target dev='veth0'/ filterref filter='nova-instance-instance-0037-fa163e01f114'/ /interface console type='pty' tty='/dev/pts/2' source path='/dev/pts/2'/ target type='lxc' port='0'/ alias name='console0'/ /console /devices seclabel type='none'/ /domain -- Best regards! GuanQiang 16:58:07-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] virDomainCreateWithFlags error
Hi Wangpan, Here is a bug https://bugzilla.redhat.com/show_bug.cgi?id=994855, if you're familiar with bugzilla then you may file a bug by yourself next time, for details, please see the following link, thanks. http://libvirt.org/bugs.html -- Regards, Alex - Original Message - From: Alex Jia a...@redhat.com To: Wangpan hzwang...@corp.netease.com Cc: libvir-list libvir-list@redhat.com Sent: Thursday, August 8, 2013 2:30:09 PM Subject: Re: [libvirt] virDomainCreateWithFlags error On 08/08/2013 01:54 PM, Wangpan wrote: Hi all, I'm using 'libvirt 1.1.1-1 amd64' undef debian wheezy, I found that the return code is 139 when I run command: $ sudo virsh start df1c4670-18eb-4520-b5d8-aa8a492eb876 --paused; echo $? Thanks for reporting this issue, it's a libvirt's bug and we can reproduce your question on libvirt-1.1.1-2.el7.x86_64. 139 but the return code is OK(0) when run command: $ sudo virsh start df1c4670-18eb-4520-b5d8-aa8a492eb876; echo $? I found there is an error in libvirtd.log: 2013-08-08 05:40:23.983+: 16626: error : virNetSocketReadWire:1377 : End of file while reading data: Input/output error I found this issue by using openstack nova folsom, if I create an VM by nova, it will use dom.createWithFlags(0) to create the VM, but then the nova-compute process exited when this function is called, then I changed the createWithFlags(0) to create(), everything become OK. I also tried the function under python, and the python process exited, too. but the dom.create() method is OK, so I think this is a problem about libvirt. I want to know is this a reported bug? libvirt and kvm hypervisor version: Compiled against library: libvirt 1.1.1 Using library: libvirt 1.1.1 Using API: QEMU 1.1.1 Running hypervisor: QEMU 1.1.2 Thanks 2012-08-16 Wangpan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] With different libvirt version, lxc-enter-namespace return Different Execution results.
On Thu, Aug 08, 2013 at 05:00:38PM +0800, hzguanqi...@corp.netease.com wrote: On 2013-08-08 16:53 , Daniel P. Berrange wrote: On Thu, Aug 08, 2013 at 03:56:35PM +0800, hzguanqi...@corp.netease.com wrote: But when I did the same thing under libvirt of version 1.1.0 with debian host OS, the execution result changed: #disk info of host hzguanqiang@debian:~$ df -hl Filesystem Size Used Avail Use% Mounted on rootfs 4.0G 1.6G 2.2G 42% / udev 10M 0 10M 0% /dev tmpfs 4.8G 468K 4.8G 1% /run /dev/disk/by-uuid/12bb656b-4f80-4386-aa07-4bf90a3111b4 4.0G 1.6G 2.2G 42% / tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 9.9G 0 9.9G 0% /run/shm /dev/sda8 428G 112G 313G 27% /home /dev/sda6 7.9G 159M 7.8G 2% /tmp /dev/sda516G 2.7G 14G 17% /var cgroup_root 24G 0 24G 0% /sys/fs/cgroup /dev/nbd5 1.4G 851M 466M 65% /home/openstack/stack/data/nova/instances/eed45ccb-3707-4815-9ae4-c7a2f56adb64/rootfs hzguanqiang@debian:~$ vir lxc-enter-namespace instance-0037 --noseclabel /bin/df -hl Filesystem Size Used Avail Use% Mounted on rootfs 4.0G 1.6G 2.2G 42% / udev 10M 0 10M 0% /dev tmpfs 4.8G 468K 4.8G 1% /run /dev/disk/by-uuid/12bb656b-4f80-4386-aa07-4bf90a3111b4 4.0G 1.6G 2.2G 42% / tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 9.9G 0 9.9G 0% /run/shm /dev/sda8 428G 112G 313G 27% /home /dev/sda6 7.9G 159M 7.8G 2% /tmp /dev/sda516G 2.7G 14G 17% /var cgroup_root 24G 0 24G 0% /sys/fs/cgroup /dev/nbd5 1.4G 851M 466M 65% /home/openstack/stack/data/nova/instances/eed45ccb-3707-4815-9ae4-c7a2f56adb64/rootfs What does 'ls /proc/self/ns' show on the host ? Also what is your guest XML configuration for 'intsance-37' ? Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| Hi Daniel, The info you want to see are as following: hzguanqiang@debian:~$ ls /proc/self/ns ipc net uts That's your problem. The kernel you are running on is too old to support attaching to the mount namespace. You need to see 'mnt' in the files there, and also 'pid' and 'user' too for completeness. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] virDomainCreateWithFlags error
Thanks Alex for your notification! From:Alex Jia a...@redhat.com Date:2013-08-08 17:02 Subject:Re: [libvirt] virDomainCreateWithFlags error To:Wangpanhzwang...@corp.netease.com Cc:libvir-listlibvir-list@redhat.com Hi Wangpan, Here is a bug https://bugzilla.redhat.com/show_bug.cgi?id=994855, if you're familiar with bugzilla then you may file a bug by yourself next time, for details, please see the following link, thanks. http://libvirt.org/bugs.html 2013-08-08 Wangpan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] With different libvirt version, lxc-enter-namespace return Different Execution results.
On 2013-08-08 17:06 , Daniel P. Berrange wrote: On Thu, Aug 08, 2013 at 05:00:38PM +0800, hzguanqi...@corp.netease.com wrote: On 2013-08-08 16:53 , Daniel P. Berrange wrote: On Thu, Aug 08, 2013 at 03:56:35PM +0800, hzguanqi...@corp.netease.com wrote: But when I did the same thing under libvirt of version 1.1.0 with debian host OS, the execution result changed: #disk info of host hzguanqiang@debian:~$ df -hl Filesystem Size Used Avail Use% Mounted on rootfs 4.0G 1.6G 2.2G 42% / udev 10M 0 10M 0% /dev tmpfs 4.8G 468K 4.8G 1% /run /dev/disk/by-uuid/12bb656b-4f80-4386-aa07-4bf90a3111b4 4.0G 1.6G 2.2G 42% / tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 9.9G 0 9.9G 0% /run/shm /dev/sda8 428G 112G 313G 27% /home /dev/sda6 7.9G 159M 7.8G 2% /tmp /dev/sda516G 2.7G 14G 17% /var cgroup_root 24G 0 24G 0% /sys/fs/cgroup /dev/nbd5 1.4G 851M 466M 65% /home/openstack/stack/data/nova/instances/eed45ccb-3707-4815-9ae4-c7a2f56adb64/rootfs hzguanqiang@debian:~$ vir lxc-enter-namespace instance-0037 --noseclabel /bin/df -hl Filesystem Size Used Avail Use% Mounted on rootfs 4.0G 1.6G 2.2G 42% / udev 10M 0 10M 0% /dev tmpfs 4.8G 468K 4.8G 1% /run /dev/disk/by-uuid/12bb656b-4f80-4386-aa07-4bf90a3111b4 4.0G 1.6G 2.2G 42% / tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 9.9G 0 9.9G 0% /run/shm /dev/sda8 428G 112G 313G 27% /home /dev/sda6 7.9G 159M 7.8G 2% /tmp /dev/sda516G 2.7G 14G 17% /var cgroup_root 24G 0 24G 0% /sys/fs/cgroup /dev/nbd5 1.4G 851M 466M 65% /home/openstack/stack/data/nova/instances/eed45ccb-3707-4815-9ae4-c7a2f56adb64/rootfs What does 'ls /proc/self/ns' show on the host ? Also what is your guest XML configuration for 'intsance-37' ? Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| Hi Daniel, The info you want to see are as following: hzguanqiang@debian:~$ ls /proc/self/ns ipc net uts That's your problem. The kernel you are running on is too old to support attaching to the mount namespace. You need to see 'mnt' in the files there, and also 'pid' and 'user' too for completeness. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| Ok, Daniel, I got it. Thanks very much. -- Best regards! GuanQiang 17:15:46-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
At Thu, 8 Aug 2013 16:48:46 +0800, Alex Jia wrote: ... # virsh start domain --paused RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855 Signed-off-by: Alex Jia a...@redhat.com --- src/remote/remote_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index f828eef..71d0034 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) make_nonnull_domain(args.dom, dom); args.flags = flags; +memset(ret, 0, sizeof(ret)); if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS, (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)args, (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)ret) == -1) { -- 1.7.1 ACK. I've just been bitten by this as well. Your patch fixes it for me. Thanks. / Claudio -- AV-Test GmbH, Henricistraße 20, 04155 Leipzig, Germany Phone: +49 341 265 310 19 Web:http://www.av-test.org Eingetragen am / Registered at: Amtsgericht Stendal (HRB 114076) Geschaeftsfuehrer (CEO): Andreas Marx, Guido Habicht, Maik Morgenstern -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [sandbox][PATCH v3] Fix delete of running container
On 08/08/2013 03:42 PM, Wayne Sun wrote: Delete running container is not supprted and will report an error. Related to bug: https://bugzilla.redhat.com/show_bug.cgi?id=994495 v1: Fix stop function and delete running container. v2: Delete running container is not allowed, spawn virsh to get domain status. v3: Using exist libvirt connection to get dom status. Signed-off-by: Wayne Sung...@redhat.com --- bin/virt-sandbox-service | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 550d46c..03873c9 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -254,11 +254,11 @@ class Container: def delete(self): self.connect() -# Stop service if it is running -try: -self.stop() -except: -pass +self.conn.fetch_domains(None) +dom = self.conn.find_domain_by_name(self.name) +info = dom.get_info() +if info.state == LibvirtGObject.DomainState.RUNNING: +raise ValueError([_(Cannot delete running container)]) # Not sure we should remove content if os.path.exists(self.dest): Works for me. # virsh -c lxc:// list IdName State 7090 testbox running # virt-sandbox-service delete testbox /usr/bin/virt-sandbox-service: Cannot delete running container # echo $? 1 # virsh -c lxc:// list IdName State 7090 testbox running # virsh -c lxc:// destroy testbox Domain testbox destroyed # virsh -c lxc:// list --all IdName State - testbox shut off # virt-sandbox-service delete testbox # echo $? 0 # virsh -c lxc:// list --all Nothing. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [sandbox][PATCH v3] Fix delete of running container
On Thu, Aug 08, 2013 at 03:42:28PM +0800, Wayne Sun wrote: Delete running container is not supprted and will report an error. Related to bug: https://bugzilla.redhat.com/show_bug.cgi?id=994495 v1: Fix stop function and delete running container. v2: Delete running container is not allowed, spawn virsh to get domain status. v3: Using exist libvirt connection to get dom status. Signed-off-by: Wayne Sun g...@redhat.com --- bin/virt-sandbox-service | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 550d46c..03873c9 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -254,11 +254,11 @@ class Container: def delete(self): self.connect() -# Stop service if it is running -try: -self.stop() -except: -pass +self.conn.fetch_domains(None) +dom = self.conn.find_domain_by_name(self.name) +info = dom.get_info() +if info.state == LibvirtGObject.DomainState.RUNNING: +raise ValueError([_(Cannot delete running container)]) # Not sure we should remove content if os.path.exists(self.dest): ACK, looks good now. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [sandbox][PATCH v3] Fix delete of running container
On 08/08/2013 06:42 PM, Daniel P. Berrange wrote: On Thu, Aug 08, 2013 at 03:42:28PM +0800, Wayne Sun wrote: Delete running container is not supprted and will report an error. Related to bug: https://bugzilla.redhat.com/show_bug.cgi?id=994495 v1: Fix stop function and delete running container. v2: Delete running container is not allowed, spawn virsh to get domain status. v3: Using exist libvirt connection to get dom status. Signed-off-by: Wayne Sung...@redhat.com --- bin/virt-sandbox-service | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 550d46c..03873c9 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -254,11 +254,11 @@ class Container: def delete(self): self.connect() -# Stop service if it is running -try: -self.stop() -except: -pass +self.conn.fetch_domains(None) +dom = self.conn.find_domain_by_name(self.name) +info = dom.get_info() +if info.state == LibvirtGObject.DomainState.RUNNING: +raise ValueError([_(Cannot delete running container)]) # Not sure we should remove content if os.path.exists(self.dest): ACK, looks good now. Daniel Daniel, I push this one now. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Add info about access control checks into API reference
On Wed, Aug 07, 2013 at 12:06:09PM -0600, Eric Blake wrote: On 08/07/2013 06:06 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com So that app developers / admins know what access control checks are performed for each API, this patch extends the API docs generator to include details of the ACLs for each. The gendispatch.pl script is extended so that it generates a simple XML describing ACL rules, eg. aclinfo ... api name='virConnectNumOfDomains' check object='connect' perm='search_domains'/ filter object='domain' perm='getattr'/ /api api name='virDomainAttachDeviceFlags' check object='domain' perm='write'/ check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/ check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/ /api ... /aclinfo The newapi.xsl template loads the XML files containing the ACL rules and generates a short block of HTML for each API describing the parameter checks and return value filters (if any). Signed-off-by: Daniel P. Berrange berra...@redhat.com --- docs/libvirt.css | 14 +++ docs/newapi.xsl| 68 ++ src/Makefile.am| 22 ++-- src/rpc/gendispatch.pl | 59 --- 4 files changed, 157 insertions(+), 6 deletions(-) I'm no css or xsl expert, and perl is not my strongest language; but I can say that this patch applies and that the output looks like a useful and correct improvement. (See the attached screenshot) Hah, I'm sadly too familiar with xsl from previous work writing a content management system where the entire web UI was generated with XSL transforms :-( +} elsif ($mode eq aclapi) { +print __EOF__; +!-- + - Automatically generated by gendispatch.pl. This says WHO generated, but not WHICH file to edit if the generated file contains errors. Can we add the source .x file as additional information (probably as a separate patch, since the other generated files likely have the same issue)? I guess we could add that. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: Allow hotplug of multiple SCSI devices
From: Eric Farman far...@linux.vnet.ibm.com Hotplugging a single SCSI device works, but adding additional ones result in an error from QEMU: [root@gpok197 ~]# virsh attach-device guest01 blah.xml Device attached successfully [root@gpok197 ~]# virsh attach-device guest01 blah2.xml error: Failed to attach device from blah2.xml error: internal error unable to execute QEMU command 'device_add': Duplicate ID 'hostdev0' for device The hostdev ID that is created is always set to zero, regardless of the contents of the XML. Changing the index in the hotplug case to a negative one so the next available index is used. Signed-off-by: Eric Farman far...@linux.vnet.ibm.com Reviewed-by: Viktor Mihajlovski mihaj...@linux.vnet.ibm.com --- src/qemu/qemu_hotplug.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 7a6946e..c9748d9 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1362,7 +1362,7 @@ qemuDomainAttachHostScsiDevice(virQEMUDriverPtr driver, return -1; } -if (qemuAssignDeviceHostdevAlias(vm-def, hostdev, 0) 0) +if (qemuAssignDeviceHostdevAlias(vm-def, hostdev, -1) 0) goto cleanup; if (!(drvstr = qemuBuildSCSIHostdevDrvStr(hostdev, priv-qemuCaps, -- 1.7.9.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Record the where the auto-generated data comes from
From: Daniel P. Berrange berra...@redhat.com The gendispatch.pl script puts comments at the top of files it creates, saying that it auto-generated them. Also include the name of the source data file which it reads when doing the auto-generation. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/rpc/gendispatch.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl index ac0c7ab..ceb1ad8 100755 --- a/src/rpc/gendispatch.pl +++ b/src/rpc/gendispatch.pl @@ -348,19 +348,19 @@ sub hyper_to_long if ($mode eq aclsym) { print __EOF__; -# Automatically generated by gendispatch.pl. +# Automatically generated from $protocol by gendispatch.pl. # Do not edit this file. Any changes you make will be lost. __EOF__ } elsif ($mode eq aclapi) { print __EOF__; !-- - - Automatically generated by gendispatch.pl. + - Automatically generated from $protocol by gendispatch.pl. - Do not edit this file. Any changes you make will be lost. -- __EOF__ } else { print __EOF__; -/* Automatically generated by gendispatch.pl. +/* Automatically generated from $protocol by gendispatch.pl. * Do not edit this file. Any changes you make will be lost. */ __EOF__ -- 1.8.1.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Add documentation for access control system
From: Daniel P. Berrange berra...@redhat.com This adds two new pages to the website, acl.html describing the general access control framework and permissions models, and aclpolkit.html describing the use of polkit as an access control driver. page.xsl is modified to support a new syntax div id=include filename=somefile.htmlinc/ which will cause the XSL transform to replace that div with the contents of 'somefile.htmlinc'. We use this in the acl.html.in file, to pull the table of permissions for each libvirt object. This table is autogenerated from the enums in src/access/viraccessperms.h by the genaclperms.pl script. newapi.xsl is modified so that the list of permissions checks shown against each API will link to the description of the permissions in acl.html Signed-off-by: Daniel P. Berrange berra...@redhat.com --- .gitignore | 1 + docs/Makefile.am | 12 +- docs/acl.html.in | 100 docs/aclpolkit.html.in | 414 + docs/auth.html.in | 6 +- docs/genaclperms.pl| 124 +++ docs/newapi.xsl| 4 +- docs/page.xsl | 11 ++ docs/sitemap.html.in | 10 ++ 9 files changed, 677 insertions(+), 5 deletions(-) create mode 100644 docs/acl.html.in create mode 100644 docs/aclpolkit.html.in create mode 100644 docs/genaclperms.pl diff --git a/.gitignore b/.gitignore index ae9de0b..4216bf1 100644 --- a/.gitignore +++ b/.gitignore @@ -58,6 +58,7 @@ /daemon/libvirtd.policy /daemon/libvirtd.service /daemon/test_libvirtd.aug +/docs/aclperms.htmlinc /docs/apibuild.py.stamp /docs/devhelp/libvirt.devhelp /docs/hvsupport.html.in diff --git a/docs/Makefile.am b/docs/Makefile.am index aabee44..9057432 100644 --- a/docs/Makefile.am +++ b/docs/Makefile.am @@ -128,7 +128,7 @@ fig = \ migration-unmanaged-direct.fig EXTRA_DIST=\ - apibuild.py \ + apibuild.py genaclperms.pl \ site.xsl newapi.xsl news.xsl page.xsl \ hacking1.xsl hacking2.xsl wrapstring.xsl \ $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \ @@ -139,6 +139,16 @@ EXTRA_DIST=\ sitemap.html.in \ todo.pl hvsupport.pl todo.cfg-example +BUILT_SOURCES += aclperms.htmlinc + +CLEANFILES = aclperms.htmlinc + +acl.html:: aclperms.htmlinc + +aclperms.htmlinc: $(top_srcdir)/src/access/viraccessperm.h \ +genaclperms.pl Makefile.am + $(PERL) genaclperms.pl $ $@ + MAINTAINERCLEANFILES = \ $(addprefix $(srcdir)/,$(dot_html)) \ $(addprefix $(srcdir)/,$(apihtml)) \ diff --git a/docs/acl.html.in b/docs/acl.html.in new file mode 100644 index 000..5fb633d --- /dev/null +++ b/docs/acl.html.in @@ -0,0 +1,100 @@ +?xml version=1.0 encoding=UTF-8? +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + body +h1Client access control/h1 +p + Libvirt's client access control framework allows administrators + to setup fine grained permission rules across client users, + managed objects and API operations. This allows client connections + to be locked down to a minimal set of privileges. +/p + +ul id=toc/ul + +h2a name=introAccess control introduction/a/h2 + +p + In a default configuration, the libvirtd daemon have three levels + of access control. All connections start off in an unauthenticated + state, where the only API operations allowed are those required + to complete authentication. After successful authentication, a + connection either has full, unrestricted access to all libvirt + API calls, or is locked down to only read only operations, + according to what socket a client connection originated on. +/p + +p + The access control framework allows authenticated connections to + have fine grained permission rules to be defined by the administrator. + Every API call in libvirt has a set of permissions that will + be validated against the object being used. For example, the + codevirDomainSetSchedulerParametersFlags/code method will + check whether the client user has the codewrite/code + permission on the codedomain/code object instance passed + in as a parameter. Further permissions will also be checked + if certain flags are set in the API call. In addition to + checks on the object passed into an API call, some methods + will filter their results. For example the codevirConnectListAllDomains/code + method will check the codesearch_domains/code on the codeconnect/code + object, but will also filter the returned codedomain/code + objects to only those on which the client user has the + codegetattr/code permission. +/p + +h2a name=driversAccess control drivers/a/h2 + +p + The access control framework is designed as a pluggable + system to enable
[libvirt] [PATCH] Ensure securityfs is mounted readonly in container
From: Dan Walsh dwa...@redhat.com If securityfs is available on the host, we should ensure to mount it read-only in the container. This will avoid systemd trying to mount it during startup causing SELinux AVCs. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/lxc/lxc_container.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index b910b10..a943b22 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -770,6 +770,8 @@ static int lxcContainerMountBasicFS(void) { /proc/sys, /proc/sys, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, { sysfs, /sys, sysfs, NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, { sysfs, /sys, sysfs, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, +{ securityfs, /sys/kernel/security, securityfs, NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, +{ securityfs, /sys/kernel/security, securityfs, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, #if WITH_SELINUX { SELINUX_MOUNT, SELINUX_MOUNT, selinuxfs, NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
On 08/08/2013 10:48 AM, Alex Jia wrote: Valgrind defects memory error: ==16759== 1 errors in context 1 of 8: ==16759== Invalid free() / delete / delete[] / realloc() ==16759==at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd ==16759== 1 errors in context 2 of 8: ==16759== Conditional jump or move depends on uninitialised value(s) ==16759==at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Uninitialised value was created by a stack allocation ==16759==at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423) How to reproduce? # virsh start domain --paused RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855 Signed-off-by: Alex Jia a...@redhat.com --- src/remote/remote_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index f828eef..71d0034 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) make_nonnull_domain(args.dom, dom); args.flags = flags; +memset(ret, 0, sizeof(ret)); if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS, (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)args, (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)ret) == -1) { ACK. I wonder whether we could de-duplicate this since all similar functions call this, but call() doesn't know the structure size :( Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Allow hotplug of multiple SCSI devices
On 08/08/2013 01:26 PM, Viktor Mihajlovski wrote: From: Eric Farman far...@linux.vnet.ibm.com Hotplugging a single SCSI device works, but adding additional ones result in an error from QEMU: [root@gpok197 ~]# virsh attach-device guest01 blah.xml Device attached successfully [root@gpok197 ~]# virsh attach-device guest01 blah2.xml error: Failed to attach device from blah2.xml error: internal error unable to execute QEMU command 'device_add': Duplicate ID 'hostdev0' for device The hostdev ID that is created is always set to zero, regardless of the contents of the XML. Changing the index in the hotplug case to a negative one so the next available index is used. Signed-off-by: Eric Farman far...@linux.vnet.ibm.com Reviewed-by: Viktor Mihajlovski mihaj...@linux.vnet.ibm.com --- src/qemu/qemu_hotplug.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 7a6946e..c9748d9 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1362,7 +1362,7 @@ qemuDomainAttachHostScsiDevice(virQEMUDriverPtr driver, return -1; } -if (qemuAssignDeviceHostdevAlias(vm-def, hostdev, 0) 0) +if (qemuAssignDeviceHostdevAlias(vm-def, hostdev, -1) 0) goto cleanup; if (!(drvstr = qemuBuildSCSIHostdevDrvStr(hostdev, priv-qemuCaps, ACK and pushed. Thanks for finding out the problem. Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] qemu: Support setting the 'removable' flag for USB disks
Hi, Add an attribute named 'removable' to the 'target' element of disks, which controls the removable flag. For instance, on a Linux guest it controls the value of /sys/block/$dev/removable. This option is only valid for USB disks (i.e. bus='usb'), and its default value is 'off', which is the same behaviour as before. For what it's worth, I have been successfully using this patchset in production since March, in its various incarnations. More specifically, I have been running libvirt 1.1.0 + the latest patches proposed on July 25th since they were submitted, have been heavily using emulated USB devices, and I have not experienced any issue. My reading of the situation is that the patches submitter has improved his patches months ago after receiving initial feedback, and since then the only activity I have seen was him porting his patches to the latest libvirt code and re-submitting. What is missing to get these patches merged, then? (Apart of porting them to the latest version again, of course :) Regards, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Record the where the auto-generated data comes from
On 08.08.2013 13:27, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com The gendispatch.pl script puts comments at the top of files it creates, saying that it auto-generated them. Also include the name of the source data file which it reads when doing the auto-generation. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/rpc/gendispatch.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl index ac0c7ab..ceb1ad8 100755 --- a/src/rpc/gendispatch.pl +++ b/src/rpc/gendispatch.pl @@ -348,19 +348,19 @@ sub hyper_to_long if ($mode eq aclsym) { print __EOF__; -# Automatically generated by gendispatch.pl. +# Automatically generated from $protocol by gendispatch.pl. # Do not edit this file. Any changes you make will be lost. __EOF__ } elsif ($mode eq aclapi) { print __EOF__; !-- - - Automatically generated by gendispatch.pl. + - Automatically generated from $protocol by gendispatch.pl. - Do not edit this file. Any changes you make will be lost. -- __EOF__ } else { print __EOF__; -/* Automatically generated by gendispatch.pl. +/* Automatically generated from $protocol by gendispatch.pl. * Do not edit this file. Any changes you make will be lost. */ __EOF__ ACK Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] With different libvirt version, lxc-enter-namespace return Different Execution results.
On 08/08/2013 03:16 AM, hzguanqi...@corp.netease.com wrote: That's your problem. The kernel you are running on is too old to support attaching to the mount namespace. You need to see 'mnt' in the files there, and also 'pid' and 'user' too for completeness. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| Ok, Daniel, I got it. Thanks very much. Note that your mailer is non-compliant - most mailers will strip the signature footer after the '-- ' line. As a result of you writing your message after the '-- ' line, your entire reply appeared as the footer of the message (which in my mail view shows up in a different font) - I nearly missed your reply; I also had a very difficult time replying to your message to tell you about your problem, as my mailer tried to strip your reply as part of the footer. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Ensure securityfs is mounted readonly in container
On 08/08/2013 05:52 AM, Daniel P. Berrange wrote: From: Dan Walsh dwa...@redhat.com If securityfs is available on the host, we should ensure to mount it read-only in the container. This will avoid systemd trying to mount it during startup causing SELinux AVCs. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/lxc/lxc_container.c | 2 ++ 1 file changed, 2 insertions(+) ACK. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Add support for detecting PPC little endian arches
From: Daniel P. Berrange berra...@redhat.com The recent patch series proposing the addition of PPC little endian arch support to Linux defines new arch names 'ppcle' and 'ppc64le': https://lists.ozlabs.org/pipermail/linuxppc-dev/2013-August/109908.html This just makes libvirt know about these arch names, so it doesn't immediately trip up if it seems these new names from uname. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/util/virarch.c | 7 +-- src/util/virarch.h | 7 +-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/util/virarch.c b/src/util/virarch.c index 81558e5..815ad29 100644 --- a/src/util/virarch.c +++ b/src/util/virarch.c @@ -55,18 +55,21 @@ static const struct virArchData { { parisc, 32, VIR_ARCH_BIG_ENDIAN }, { parisc64, 64, VIR_ARCH_BIG_ENDIAN }, { ppc, 32, VIR_ARCH_BIG_ENDIAN }, +{ ppcle,32, VIR_ARCH_LITTLE_ENDIAN }, { ppc64,64, VIR_ARCH_BIG_ENDIAN }, -{ ppcemb, 32, VIR_ARCH_BIG_ENDIAN }, +{ ppc64le, 64, VIR_ARCH_LITTLE_ENDIAN }, +{ ppcemb, 32, VIR_ARCH_BIG_ENDIAN }, { s390, 32, VIR_ARCH_BIG_ENDIAN }, { s390x,64, VIR_ARCH_BIG_ENDIAN }, { sh4, 32, VIR_ARCH_LITTLE_ENDIAN }, + { sh4eb,64, VIR_ARCH_BIG_ENDIAN }, { sparc,32, VIR_ARCH_BIG_ENDIAN }, - { sparc64, 64, VIR_ARCH_BIG_ENDIAN }, { unicore32,32, VIR_ARCH_LITTLE_ENDIAN }, { x86_64, 64, VIR_ARCH_LITTLE_ENDIAN }, + { xtensa, 32, VIR_ARCH_LITTLE_ENDIAN }, { xtensaeb, 32, VIR_ARCH_BIG_ENDIAN }, }; diff --git a/src/util/virarch.h b/src/util/virarch.h index 0d8ae25..c64012d 100644 --- a/src/util/virarch.h +++ b/src/util/virarch.h @@ -47,18 +47,21 @@ typedef enum { VIR_ARCH_PARISC, /* PA-Risc 32 BE http://en.wikipedia.org/wiki/PA-RISC */ VIR_ARCH_PARISC64, /* PA-Risc 64 BE http://en.wikipedia.org/wiki/PA-RISC */ VIR_ARCH_PPC, /* PowerPC 32 BE http://en.wikipedia.org/wiki/PowerPC */ +VIR_ARCH_PPCLE,/* PowerPC 32 LE http://en.wikipedia.org/wiki/PowerPC */ VIR_ARCH_PPC64,/* PowerPC 64 BE http://en.wikipedia.org/wiki/PowerPC */ -VIR_ARCH_PPCEMB, /* PowerPC 32 BE http://en.wikipedia.org/wiki/PowerPC */ +VIR_ARCH_PPC64LE, /* PowerPC 64 LE http://en.wikipedia.org/wiki/PowerPC */ +VIR_ARCH_PPCEMB, /* PowerPC 32 BE http://en.wikipedia.org/wiki/PowerPC */ VIR_ARCH_S390, /* S39032 BE http://en.wikipedia.org/wiki/S390 */ VIR_ARCH_S390X,/* S39064 BE http://en.wikipedia.org/wiki/S390x */ VIR_ARCH_SH4, /* SuperH4 32 LE http://en.wikipedia.org/wiki/SuperH */ + VIR_ARCH_SH4EB,/* SuperH4 32 BE http://en.wikipedia.org/wiki/SuperH */ VIR_ARCH_SPARC,/* Sparc 32 BE http://en.wikipedia.org/wiki/Sparc */ - VIR_ARCH_SPARC64, /* Sparc 64 BE http://en.wikipedia.org/wiki/Sparc */ VIR_ARCH_UNICORE32,/* UniCore 32 LE http://en.wikipedia.org/wiki/Unicore*/ VIR_ARCH_X86_64, /* x86 64 LE http://en.wikipedia.org/wiki/X86 */ + VIR_ARCH_XTENSA, /* XTensa 32 LE http://en.wikipedia.org/wiki/Xtensa#Processor_Cores */ VIR_ARCH_XTENSAEB, /* XTensa 32 BE http://en.wikipedia.org/wiki/Xtensa#Processor_Cores */ -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/2] Support settings the 'removable' flag for USB disks
[replying mainly to float this thread back to the surface of my inbox] On 07/25/2013 04:43 AM, Fred A. Kemp wrote: From: Fred A. Kemp ano...@lavabit.com The commit message of patch #2 explains the purpose of this patch set. A review would be greatly appreciated! Note that I've only added the new capability for usb-storage.removable to the qemu help tests of qemu(-kvm) version 1.2.0, since that's what I had easily available to get the output of `-device usb-storage,?` from. I hope that's not an issue, otherwise, is there a way to obtain these outputs without having to hunt down and install all supported versions? Previous submissions of this patch set to this list: http://www.redhat.com/archives/libvir-list/2013-March/msg01051.html http://www.redhat.com/archives/libvir-list/2013-May/msg02039.html Does this patch still apply as is? I apologize on behalf of a busy team that sometimes patches don't get reviewed, and it is okay to send pings every week or so as needed to spur someone on to looking at it. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] qemu: Support setting the 'removable' flag for USB disks
On 08/08/2013 06:18 AM, intrigeri wrote: Hi, For what it's worth, I have been successfully using this patchset in production since March, in its various incarnations. What is missing to get these patches merged, then? If you are providing a positive review (anyone can do that, not just people with push access), it helps to post your review properly threaded to the patch in question. Sometimes big patches get deferred because of the review time they will take, and a gentle ping like this, or even better a thorough review in the right thread, is all that is needed to get someone with push rights to apply the patch. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Add support for detecting PPC little endian arches
On 08/08/2013 07:07 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com The recent patch series proposing the addition of PPC little endian arch support to Linux defines new arch names 'ppcle' and 'ppc64le': https://lists.ozlabs.org/pipermail/linuxppc-dev/2013-August/109908.html This just makes libvirt know about these arch names, so it doesn't immediately trip up if it seems these new names from uname. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/util/virarch.c | 7 +-- src/util/virarch.h | 7 +-- 2 files changed, 10 insertions(+), 4 deletions(-) ACK. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Add support for detecting PPC little endian arches
On Thu, Aug 8, 2013 at 8:07 AM, Daniel P. Berrange berra...@redhat.com wrote: From: Daniel P. Berrange berra...@redhat.com The recent patch series proposing the addition of PPC little endian arch support to Linux defines new arch names 'ppcle' and 'ppc64le': https://lists.ozlabs.org/pipermail/linuxppc-dev/2013-August/109908.html This just makes libvirt know about these arch names, so it doesn't immediately trip up if it seems these new names from uname. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/util/virarch.c | 7 +-- src/util/virarch.h | 7 +-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/util/virarch.c b/src/util/virarch.c index 81558e5..815ad29 100644 --- a/src/util/virarch.c +++ b/src/util/virarch.c @@ -55,18 +55,21 @@ static const struct virArchData { { parisc, 32, VIR_ARCH_BIG_ENDIAN }, { parisc64, 64, VIR_ARCH_BIG_ENDIAN }, { ppc, 32, VIR_ARCH_BIG_ENDIAN }, +{ ppcle,32, VIR_ARCH_LITTLE_ENDIAN }, { ppc64,64, VIR_ARCH_BIG_ENDIAN }, -{ ppcemb, 32, VIR_ARCH_BIG_ENDIAN }, +{ ppc64le, 64, VIR_ARCH_LITTLE_ENDIAN }, +{ ppcemb, 32, VIR_ARCH_BIG_ENDIAN }, { s390, 32, VIR_ARCH_BIG_ENDIAN }, { s390x,64, VIR_ARCH_BIG_ENDIAN }, { sh4, 32, VIR_ARCH_LITTLE_ENDIAN }, + { sh4eb,64, VIR_ARCH_BIG_ENDIAN }, { sparc,32, VIR_ARCH_BIG_ENDIAN }, - { sparc64, 64, VIR_ARCH_BIG_ENDIAN }, { unicore32,32, VIR_ARCH_LITTLE_ENDIAN }, { x86_64, 64, VIR_ARCH_LITTLE_ENDIAN }, + { xtensa, 32, VIR_ARCH_LITTLE_ENDIAN }, { xtensaeb, 32, VIR_ARCH_BIG_ENDIAN }, }; diff --git a/src/util/virarch.h b/src/util/virarch.h index 0d8ae25..c64012d 100644 --- a/src/util/virarch.h +++ b/src/util/virarch.h @@ -47,18 +47,21 @@ typedef enum { VIR_ARCH_PARISC, /* PA-Risc 32 BE http://en.wikipedia.org/wiki/PA-RISC */ VIR_ARCH_PARISC64, /* PA-Risc 64 BE http://en.wikipedia.org/wiki/PA-RISC */ VIR_ARCH_PPC, /* PowerPC 32 BE http://en.wikipedia.org/wiki/PowerPC */ +VIR_ARCH_PPCLE,/* PowerPC 32 LE http://en.wikipedia.org/wiki/PowerPC */ VIR_ARCH_PPC64,/* PowerPC 64 BE http://en.wikipedia.org/wiki/PowerPC */ -VIR_ARCH_PPCEMB, /* PowerPC 32 BE http://en.wikipedia.org/wiki/PowerPC */ +VIR_ARCH_PPC64LE, /* PowerPC 64 LE http://en.wikipedia.org/wiki/PowerPC */ +VIR_ARCH_PPCEMB, /* PowerPC 32 BE http://en.wikipedia.org/wiki/PowerPC */ VIR_ARCH_S390, /* S39032 BE http://en.wikipedia.org/wiki/S390 */ VIR_ARCH_S390X,/* S39064 BE http://en.wikipedia.org/wiki/S390x */ VIR_ARCH_SH4, /* SuperH4 32 LE http://en.wikipedia.org/wiki/SuperH */ + VIR_ARCH_SH4EB,/* SuperH4 32 BE http://en.wikipedia.org/wiki/SuperH */ VIR_ARCH_SPARC,/* Sparc 32 BE http://en.wikipedia.org/wiki/Sparc */ - VIR_ARCH_SPARC64, /* Sparc 64 BE http://en.wikipedia.org/wiki/Sparc */ VIR_ARCH_UNICORE32,/* UniCore 32 LE http://en.wikipedia.org/wiki/Unicore*/ VIR_ARCH_X86_64, /* x86 64 LE http://en.wikipedia.org/wiki/X86 */ + VIR_ARCH_XTENSA, /* XTensa 32 LE http://en.wikipedia.org/wiki/Xtensa#Processor_Cores */ VIR_ARCH_XTENSAEB, /* XTensa 32 BE http://en.wikipedia.org/wiki/Xtensa#Processor_Cores */ -- 1.8.3.1 ACK. Easy mechanical change. -- Doug Goldstein -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 7/8] virsh: Add completer functions to snapshotCmds
Add .completer and .completer_flags to snapshotCmds. Provides domain completion for most of the snapshotCmds commands. --- tools/virsh-snapshot.c | 45 - 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c index db9715b..cdc358b 100644 --- a/tools/virsh-snapshot.c +++ b/tools/virsh-snapshot.c @@ -2012,25 +2012,37 @@ const vshCmdDef snapshotCmds[] = { .handler = cmdSnapshotCreate, .opts = opts_snapshot_create, .info = info_snapshot_create, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = snapshot-create-as, .handler = cmdSnapshotCreateAs, .opts = opts_snapshot_create_as, .info = info_snapshot_create_as, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = snapshot-current, .handler = cmdSnapshotCurrent, .opts = opts_snapshot_current, .info = info_snapshot_current, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = snapshot-delete, .handler = cmdSnapshotDelete, .opts = opts_snapshot_delete, .info = info_snapshot_delete, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = snapshot-dumpxml, .handler = cmdSnapshotDumpXML, @@ -2042,31 +2054,46 @@ const vshCmdDef snapshotCmds[] = { .handler = cmdSnapshotEdit, .opts = opts_snapshot_edit, .info = info_snapshot_edit, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = snapshot-info, .handler = cmdSnapshotInfo, .opts = opts_snapshot_info, .info = info_snapshot_info, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = snapshot-list, .handler = cmdSnapshotList, .opts = opts_snapshot_list, .info = info_snapshot_list, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = snapshot-parent, .handler = cmdSnapshotParent, .opts = opts_snapshot_parent, .info = info_snapshot_parent, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = snapshot-revert, .handler = cmdDomainSnapshotRevert, .opts = opts_snapshot_revert, .info = info_snapshot_revert, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = NULL} }; -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/8] virsh: Add vshDomainCompleter
Function vshDomainCompler returns domains names. Michal Privoznik recommended to add global variable __my_conn so we can get the list of domains from the virConnecTListAllDomains(). vshReconnect() is called before the first command is executed in order to provide autocompletion for the very first command. --- tools/virsh.c | 53 + tools/virsh.h | 2 ++ 2 files changed, 55 insertions(+) diff --git a/tools/virsh.c b/tools/virsh.c index f65dc79..af31b9a 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -88,6 +88,8 @@ static char *progname; static const vshCmdGrp cmdGroups[]; +virConnectPtr *__my_conn; + /* Bypass header poison */ #undef strdup @@ -2502,6 +2504,51 @@ vshCloseLogFile(vshControl *ctl) #ifdef USE_READLINE +/* - + * Completers + * - + */ + +char ** +vshDomainCompleter(unsigned int flags) +{ +virDomainPtr *domains; +size_t i; +char **names = NULL; +int ndomains; + +if (!*__my_conn) +return NULL; + +ndomains = virConnectListAllDomains(*__my_conn, domains, flags); + +if (ndomains 0) +return NULL; + +names = vshMalloc(NULL, sizeof(char *) * (ndomains + 1)); + +if (!names) +return NULL; + +for (i = 0; i ndomains; i++) { +char *name = (char *)virDomainGetName(domains[i]); +if (VIR_STRDUP(names[i], name) 0) { +virDomainFree(domains[i]); +goto cleanup; +} +virDomainFree(domains[i]); +} +names[i] = NULL; +VIR_FREE(domains); +return names; + +cleanup: +for (i = 0; names[i]; i++) +VIR_FREE(names[i]); +VIR_FREE(names); +return NULL; +} + /* - * Readline stuff * - @@ -3158,6 +3205,7 @@ main(int argc, char **argv) ctl-debug = VSH_DEBUG_DEFAULT; ctl-escapeChar = ^]; /* Same default as telnet */ +__my_conn = ctl-conn; if (!setlocale(LC_ALL, )) { perror(setlocale); @@ -3219,6 +3267,11 @@ main(int argc, char **argv) exit(EXIT_FAILURE); } +/* Need to connect immediately after start in order to provide + * autocompletion for the very first command. + */ +vshReconnect(ctl); + do { const char *prompt = ctl-readonly ? VSH_PROMPT_RO : VSH_PROMPT_RW; ctl-cmdstr = diff --git a/tools/virsh.h b/tools/virsh.h index e07b546..c4a9c13 100644 --- a/tools/virsh.h +++ b/tools/virsh.h @@ -254,6 +254,8 @@ struct _vshCmdGrp { const vshCmdDef *commands; }; +char **vshDomainCompleter(unsigned int flags); + void vshError(vshControl *ctl, const char *format, ...) ATTRIBUTE_FMT_PRINTF(2, 3); void vshOpenLogFile(vshControl *ctl); -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 4/8] virsh: Add vshRebootShutdownModeCompleter
vshRebootShutdownModeCompleter returns available modes for reboot/shutdown commands. --- tools/virsh.c | 28 tools/virsh.h | 1 + 2 files changed, 29 insertions(+) diff --git a/tools/virsh.c b/tools/virsh.c index f9c9ccb..13d66c7 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -2577,6 +2577,34 @@ cleanup: return NULL; } +char ** +vshRebootShutdownModeCompleter(unsigned int unused_flags ATTRIBUTE_UNUSED) +{ +const char *modes[] = {acpi, agent, initctl, signal}; +const unsigned int modes_size = ARRAY_CARDINALITY(modes); +char **names = NULL; +size_t i; + +names = vshMalloc(NULL, sizeof(char *) * (modes_size + 1)); + +if (!names) +return NULL; + +for (i = 0; i modes_size; i++) { +if (VIR_STRDUP(names[i], modes[i]) 0) +goto cleanup; +} + +names[i] = NULL; +return names; + +cleanup: +for (i = 0; names[i]; i++) +VIR_FREE(names[i]); +VIR_FREE(names); +return NULL; +} + /* - * Readline stuff * - diff --git a/tools/virsh.h b/tools/virsh.h index 5100c4b..803d858 100644 --- a/tools/virsh.h +++ b/tools/virsh.h @@ -256,6 +256,7 @@ struct _vshCmdGrp { char **vshDomainCompleter(unsigned int flags); char **vshSuspendTargetCompleter(unsigned int unused_flags); +char **vshRebootShutdownModeCompleter(unsigned int unused_flags); void vshError(vshControl *ctl, const char *format, ...) ATTRIBUTE_FMT_PRINTF(2, 3); -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 3/8] virsh: Add vshSuspendTargetCompleter
vshSuspendTargetCompleter returns targets available for suspend. This completer can be used for the command option completion (for dompmsuspend, etc.). --- tools/virsh.c | 28 tools/virsh.h | 1 + 2 files changed, 29 insertions(+) diff --git a/tools/virsh.c b/tools/virsh.c index af31b9a..f9c9ccb 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -2549,6 +2549,34 @@ cleanup: return NULL; } +char ** +vshSuspendTargetCompleter(unsigned int unused_flags ATTRIBUTE_UNUSED) +{ +const char *targets[] = {mem, disk, hybrid}; +const unsigned int targets_size = ARRAY_CARDINALITY(targets); +char **names = NULL; +size_t i; + +names = vshMalloc(NULL, sizeof(char *) * (targets_size + 1)); + +if (!names) +return NULL; + +for (i = 0; i targets_size; i++) { +if (VIR_STRDUP(names[i], targets[i]) 0) +goto cleanup; +} + +names[i] = NULL; +return names; + +cleanup: +for (i = 0; names[i]; i++) +VIR_FREE(names[i]); +VIR_FREE(names); +return NULL; +} + /* - * Readline stuff * - diff --git a/tools/virsh.h b/tools/virsh.h index c4a9c13..5100c4b 100644 --- a/tools/virsh.h +++ b/tools/virsh.h @@ -255,6 +255,7 @@ struct _vshCmdGrp { }; char **vshDomainCompleter(unsigned int flags); +char **vshSuspendTargetCompleter(unsigned int unused_flags); void vshError(vshControl *ctl, const char *format, ...) ATTRIBUTE_FMT_PRINTF(2, 3); -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 8/8] virsh: Add completer functions to domMonitoringCmds
Add .completer and .completer_flags to domMonitoringCmds. Provides domain completion for domMonitoringCmds commands. --- tools/virsh-domain-monitor.c | 32 +--- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c index b29b82a..0f30902 100644 --- a/tools/virsh-domain-monitor.c +++ b/tools/virsh-domain-monitor.c @@ -1876,7 +1876,9 @@ const vshCmdDef domMonitoringCmds[] = { .handler = cmdDomBlkError, .opts = opts_domblkerror, .info = info_domblkerror, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE }, {.name = domblkinfo, .handler = cmdDomblkinfo, @@ -1888,7 +1890,10 @@ const vshCmdDef domMonitoringCmds[] = { .handler = cmdDomblklist, .opts = opts_domblklist, .info = info_domblklist, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = domblkstat, .handler = cmdDomblkstat, @@ -1900,7 +1905,9 @@ const vshCmdDef domMonitoringCmds[] = { .handler = cmdDomControl, .opts = opts_domcontrol, .info = info_domcontrol, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE }, {.name = domif-getlink, .handler = cmdDomIfGetLink, @@ -1912,7 +1919,10 @@ const vshCmdDef domMonitoringCmds[] = { .handler = cmdDomiflist, .opts = opts_domiflist, .info = info_domiflist, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = domifstat, .handler = cmdDomIfstat, @@ -1924,19 +1934,27 @@ const vshCmdDef domMonitoringCmds[] = { .handler = cmdDominfo, .opts = opts_dominfo, .info = info_dominfo, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = dommemstat, .handler = cmdDomMemStat, .opts = opts_dommemstat, .info = info_dommemstat, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE }, {.name = domstate, .handler = cmdDomstate, .opts = opts_domstate, .info = info_domstate, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = list, .handler = cmdList, -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/8] virsh: Add vshCmdCompleter and vshOptCompleter
completer and completer_flags added to the _vshCmdDef and _vshCmdOptDef structures so it will be possible for completion generators to conveniently call completer functions with desired flags. --- tools/virsh-domain.c | 10 +- tools/virsh.h| 7 +++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 8cafce4..5e1196f 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -7889,10 +7889,10 @@ static const vshCmdInfo info_lxc_enter_namespace[] = { }; static const vshCmdOptDef opts_lxc_enter_namespace[] = { -{domain, VSH_OT_DATA, VSH_OFLAG_REQ, N_(domain name, id or uuid)}, -{noseclabel, VSH_OT_BOOL, 0, N_(Do not change process security label)}, -{cmd, VSH_OT_ARGV, VSH_OFLAG_REQ, N_(namespace)}, -{NULL, 0, 0, NULL} +{domain, VSH_OT_DATA, VSH_OFLAG_REQ, N_(domain name, id or uuid), NULL, 0}, +{noseclabel, VSH_OT_BOOL, 0, N_(Do not change process security label), NULL, 0}, +{cmd, VSH_OT_ARGV, VSH_OFLAG_REQ, N_(namespace), NULL, 0}, +{NULL, 0, 0, NULL, NULL, 0} }; static bool @@ -10276,7 +10276,7 @@ static const vshCmdOptDef opts_domfstrim[] = { .type = VSH_OT_DATA, .help = N_(which mount point to trim) }, -{NULL, 0, 0, NULL} +{NULL, 0, 0, NULL, NULL, 0} }; static bool cmdDomFSTrim(vshControl *ctl, const vshCmd *cmd) diff --git a/tools/virsh.h b/tools/virsh.h index a407428..e07b546 100644 --- a/tools/virsh.h +++ b/tools/virsh.h @@ -146,6 +146,9 @@ typedef struct _vshCmdOptDef vshCmdOptDef; typedef struct _vshControl vshControl; typedef struct _vshCtrlData vshCtrlData; +typedef char **(*vshCmdCompleter)(unsigned int flags); +typedef char **(*vshOptCompleter)(unsigned int flags); + /* * vshCmdInfo -- name/value pair for information about command * @@ -167,6 +170,8 @@ struct _vshCmdOptDef { unsigned int flags; /* flags */ const char *help; /* non-NULL help string; or for VSH_OT_ALIAS * the name of a later public option */ +vshOptCompleter completer; /* option completer */ +unsigned int completer_flags; /* option completer flags */ }; /* @@ -198,6 +203,8 @@ struct _vshCmdDef { const vshCmdOptDef *opts; /* definition of command options */ const vshCmdInfo *info; /* details about command */ unsigned int flags; /* bitwise OR of VSH_CMD_FLAG */ +vshCmdCompleter completer; /* command completer */ +unsigned int completer_flags; /* command completer flags */ }; /* -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 5/8] virsh: Improve readline generators and readline completion
New completion generators responsible for advances command and command options completions. vshReadlineCommandCompletionGenerator - generator for advanced command completions. This function will call some vshCmdCompleter function (e.g. vshDomainCompleter), which will return relevant data used for autocompletion (e.g. domain names). vshReadlineOptionsCompletionGenerator - almost the same as the vshReadlineCommandCompletionGenerator, but this one completes cmd options. vshReadlineCompletion() has become much more complex because we now have more generator functions and therefore more states to choose from. --- tools/virsh.c | 398 ++ 1 file changed, 376 insertions(+), 22 deletions(-) diff --git a/tools/virsh.c b/tools/virsh.c index 13d66c7..aec26b4 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -2610,6 +2610,25 @@ cleanup: * - */ +static const vshCmdDef * +vshDetermineCommandName(void) +{ +const vshCmdDef *cmd = NULL; +char *p; +char *cmdname; + +if (!(p = strchr(rl_line_buffer, ' '))) +return NULL; + +cmdname = vshCalloc(NULL, (p - rl_line_buffer) + 1, 1); +memcpy(cmdname, rl_line_buffer, p - rl_line_buffer); + +cmd = vshCmddefSearch(cmdname); +VIR_FREE(cmdname); + +return cmd; +} + /* * Generator function for command completion. STATE lets us * know whether to start from scratch; without any state @@ -2657,25 +2676,14 @@ vshReadlineCommandGenerator(const char *text, int state) static char * vshReadlineOptionsGenerator(const char *text, int state) { -static int list_index, len; static const vshCmdDef *cmd = NULL; +static int list_index, len; const char *name; if (!state) { -/* determine command name */ -char *p; -char *cmdname; - -if (!(p = strchr(rl_line_buffer, ' '))) -return NULL; - -cmdname = vshCalloc(NULL, (p - rl_line_buffer) + 1, 1); -memcpy(cmdname, rl_line_buffer, p - rl_line_buffer); - -cmd = vshCmddefSearch(cmdname); +cmd = vshDetermineCommandName(); list_index = 0; len = strlen(text); -VIR_FREE(cmdname); } if (!cmd) @@ -2707,22 +2715,368 @@ vshReadlineOptionsGenerator(const char *text, int state) return NULL; } +/* + * Generator function for command completion, but unlike + * the vshRaadlineCommandGenerator which completes command name, this function + * provides more advanced completion for commands by calling specific command + * completers (e.g. vshDomainCompleter). + */ +static char * +vshReadlineCommandCompletionGenerator(const char *text, int state) +{ +static const vshCmdDef *cmd = NULL; +static int list_index, len; +char **completed_names = NULL; +char *name; + +if (!state) { +cmd = vshDetermineCommandName(); +list_index = 0; +len = strlen(text); +} + +if (!cmd) +return NULL; + +if (!cmd-completer) +return NULL; + +completed_names = cmd-completer(cmd-completer_flags); + +if (!completed_names) +return NULL; + +while ((name = completed_names[list_index])) { +char *res; +list_index++; + +if (STRNEQLEN(name, text, len)) +/* Skip irrelevant names */ +continue; + +res = vshMalloc(NULL, strlen(name) + 1); +snprintf(res, strlen(name) + 1, %s, name); +VIR_FREE(name); +return res; +} +VIR_FREE(completed_names); + +return NULL; +} + +/* + * Generator function for command option completion. Provides advances + * completion for command options. + */ +static char * +vshReadlineOptionsCompletionGenerator(const char *text ATTRIBUTE_UNUSED, + int state ATTRIBUTE_UNUSED) +{ +static const vshCmdDef *cmd = NULL; +static const vshCmdOptDef *opt = NULL; +static int list_index, len; +unsigned long int opt_index = 0; +size_t i; +char **completed_names = NULL; +char *name; +char *ptr = NULL; + +if (!state) { +cmd = vshDetermineCommandName(); +list_index = 0; +len = strlen(text); +} + +if (!cmd) +return NULL; + +if (!cmd-opts) +return NULL; + +for (i = 0; cmd-opts[i].name; i++) { +if ((ptr = strstr(rl_line_buffer, cmd-opts[i].name))) { +if (opt_index (ptr - rl_line_buffer)) { +opt_index = ptr - rl_line_buffer; +opt = cmd-opts[i]; +} +} +} + +if (!opt) +return NULL; + +if (!opt-completer) +return NULL; + +completed_names = opt-completer(opt-completer_flags); + +if (!completed_names) +return NULL; + +while ((name = completed_names[list_index])) { +char *res; +list_index++; + +if (STRNEQLEN(name, text, len)) +/* Skip irrelevant names */ +continue; + +
[libvirt] [PATCH 0/8] virsh: More intelligent auto-completion
Hi, this patch series is a prototype for my GSoC project (Michal Privoznik is my mentor). I'm working on virsh auto-completion, trying to make it more intelligent. At this stage, prototype is capable of command and option completion. Three completer functions are currently implemented so you can test it. If it turns out that this prototype is good enough, I will implement more completer functions. Tomas Meszaros (8): virsh: Add vshCmdCompleter and vshOptCompleter virsh: Add vshDomainCompleter virsh: Add vshSuspendTargetCompleter virsh: Add vshRebootShutdownModeCompleter virsh: Improve readline generators and readline completion virsh: Add completer functions to domManaggementCmds virsh: Add completer functions to snapshotCmds virsh: Add completer functions to domMonitoringCmds tools/virsh-domain-monitor.c | 32 ++- tools/virsh-domain.c | 240 +++- tools/virsh-snapshot.c | 45 +++- tools/virsh.c| 507 +-- tools/virsh.h| 11 + 5 files changed, 742 insertions(+), 93 deletions(-) -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 6/8] virsh: Add completer functions to domManaggementCmds
Add .completer and .completer_flags to domManagementCmds. vshDomainCompleter (with appropriate flags) is enabled for commands requiring only single domain argument. --- tools/virsh-domain.c | 230 --- 1 file changed, 180 insertions(+), 50 deletions(-) diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 5e1196f..b89b219 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -2752,7 +2752,8 @@ static const vshCmdOptDef opts_dom_pm_suspend[] = { .flags = VSH_OFLAG_REQ, .help = N_(mem(Suspend-to-RAM), disk(Suspend-to-Disk), -hybrid(Hybrid-Suspend)) +hybrid(Hybrid-Suspend)), + .completer = vshSuspendTargetCompleter }, {.name = NULL} }; @@ -4707,7 +4708,8 @@ static const vshCmdOptDef opts_shutdown[] = { }, {.name = mode, .type = VSH_OT_STRING, - .help = N_(shutdown mode: acpi|agent|initctl|signal) + .help = N_(shutdown mode: acpi|agent|initctl|signal), + .completer = vshRebootShutdownModeCompleter }, {.name = NULL} }; @@ -4793,7 +4795,8 @@ static const vshCmdOptDef opts_reboot[] = { }, {.name = mode, .type = VSH_OT_STRING, - .help = N_(shutdown mode: acpi|agent|initctl|signal) + .help = N_(shutdown mode: acpi|agent|initctl|signal), + .completer = vshRebootShutdownModeCompleter }, {.name = NULL} }; @@ -10333,7 +10336,10 @@ const vshCmdDef domManagementCmds[] = { .handler = cmdAutostart, .opts = opts_autostart, .info = info_autostart, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = blkdeviotune, .handler = cmdBlkdeviotune, @@ -10345,7 +10351,10 @@ const vshCmdDef domManagementCmds[] = { .handler = cmdBlkiotune, .opts = opts_blkiotune, .info = info_blkiotune, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = blockcommit, .handler = cmdBlockCommit, @@ -10388,7 +10397,10 @@ const vshCmdDef domManagementCmds[] = { .handler = cmdConsole, .opts = opts_console, .info = info_console, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, #endif {.name = cpu-baseline, @@ -10425,13 +10437,18 @@ const vshCmdDef domManagementCmds[] = { .handler = cmdDesc, .opts = opts_desc, .info = info_desc, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = destroy, .handler = cmdDestroy, .opts = opts_destroy, .info = info_destroy, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE }, {.name = detach-device, .handler = cmdDetachDevice, @@ -10455,25 +10472,37 @@ const vshCmdDef domManagementCmds[] = { .handler = cmdDomDisplay, .opts = opts_domdisplay, .info = info_domdisplay, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = domfstrim, .handler = cmdDomFSTrim, .opts = opts_domfstrim, .info = info_domfstrim, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = domhostname, .handler = cmdDomHostname, .opts = opts_domhostname, .info = info_domhostname, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = domid, .handler = cmdDomid, .opts = opts_domid, .info = info_domid, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE | +VIR_CONNECT_LIST_DOMAINS_INACTIVE }, {.name = domif-setlink, .handler = cmdDomIfSetLink, @@ -10491,13 +10520,17 @@ const vshCmdDef domManagementCmds[] = { .handler = cmdDomjobabort, .opts = opts_domjobabort, .info = info_domjobabort, - .flags = 0 + .flags = 0, + .completer = vshDomainCompleter, + .completer_flags = VIR_CONNECT_LIST_DOMAINS_ACTIVE }, {.name =
Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
Hi Martin, I think if the call() can't do this then it's impossible to de-duplicate in all similar functions. -- Regards, Alex - Original Message - From: Martin Kletzander mklet...@redhat.com To: Alex Jia a...@redhat.com Cc: libvir-list@redhat.com Sent: Thursday, August 8, 2013 8:09:57 PM Subject: Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags On 08/08/2013 10:48 AM, Alex Jia wrote: Valgrind defects memory error: ==16759== 1 errors in context 1 of 8: ==16759== Invalid free() / delete / delete[] / realloc() ==16759==at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd ==16759== 1 errors in context 2 of 8: ==16759== Conditional jump or move depends on uninitialised value(s) ==16759==at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Uninitialised value was created by a stack allocation ==16759==at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423) How to reproduce? # virsh start domain --paused RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855 Signed-off-by: Alex Jia a...@redhat.com --- src/remote/remote_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index f828eef..71d0034 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) make_nonnull_domain(args.dom, dom); args.flags = flags; +memset(ret, 0, sizeof(ret)); if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS, (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)args, (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)ret) == -1) { ACK. I wonder whether we could de-duplicate this since all similar functions call this, but call() doesn't know the structure size :( Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] configure: fix formatting of missing pkg-config modules error
It adds an empty space after the package version. Previously the error message looked like: You must install the dbus-1 = 1.0.0pkg-config module to compile libvirt Signed-off-by: Giuseppe Scrivano gscri...@redhat.com --- m4/virt-lib.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/virt-lib.m4 b/m4/virt-lib.m4 index 778cd40..70400a1 100644 --- a/m4/virt-lib.m4 +++ b/m4/virt-lib.m4 @@ -336,7 +336,7 @@ AC_DEFUN([LIBVIRT_CHECK_PKG],[ fi if test $fail = 1; then -AC_MSG_ERROR([You must install the ]pc_name[ = ]pc_version[pkg-config module to compile libvirt]) +AC_MSG_ERROR([You must install the ]pc_name[ = ]pc_version[ pkg-config module to compile libvirt]) fi if test x$with_var = xyes ; then -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Add a man page for virtlockd daemon
From: Daniel P. Berrange berra...@redhat.com Create a virtlockd.pod.in file containing the man page content for virtlockd. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- .gitignore | 2 + libvirt.spec.in | 1 + src/Makefile.am | 24 ++- src/locking/virtlockd.pod.in | 158 +++ 4 files changed, 184 insertions(+), 1 deletion(-) create mode 100644 src/locking/virtlockd.pod.in diff --git a/.gitignore b/.gitignore index ae9de0b..26bd829 100644 --- a/.gitignore +++ b/.gitignore @@ -144,6 +144,8 @@ /src/util/virkeymaps.h /src/virt-aa-helper /src/virtlockd +/src/virtlockd.8 +/src/virtlockd.8.in /src/virtlockd.init /tests/*.log /tests/*.pid diff --git a/libvirt.spec.in b/libvirt.spec.in index 79c5a2c..a95b783 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1872,6 +1872,7 @@ fi %attr(0755, root, root) %{_sbindir}/virtlockd %{_mandir}/man8/libvirtd.8* +%{_mandir}/man8/virtlockd.8* %if %{with_driver_modules} %if %{with_network} diff --git a/src/Makefile.am b/src/Makefile.am index 277f749..d351539 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2019,9 +2019,31 @@ virtlockd.init: locking/virtlockd.init.in $(top_builddir)/config.status chmod a+x $@-t\ mv $@-t $@ +POD2MAN = pod2man -c Virtualization Support \ + -r $(PACKAGE)-$(VERSION) -s 8 +$(srcdir)/virtlockd.8.in: locking/virtlockd.pod.in $(top_srcdir)/configure.ac + $(AM_V_GEN)$(POD2MAN) --name VIRTLOCKD $ $@ \ +if grep 'POD ERROR' $@ ; then rm $@; exit 1; fi + +virtlockd.8: $(srcdir)/virtlockd.8.in + $(AM_V_GEN)sed \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ + -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ +$ $@-t \ + mv $@-t $@ + +man8_MANS = virtlockd.8 + +MAINTAINERCLEANFILES += $(srcdir)/virtlockd.8.in + +EXTRA_DIST += \ +locking/virtlockd.service.in \ +locking/virtlockd.socket.in \ +locking/virtlockd.pod.in \ +virtlockd.8.in \ +$(NULL) -EXTRA_DIST += locking/virtlockd.service.in locking/virtlockd.socket.in if WITH_LIBVIRTD if LIBVIRT_INIT_SCRIPT_SYSTEMD diff --git a/src/locking/virtlockd.pod.in b/src/locking/virtlockd.pod.in new file mode 100644 index 000..2621d2c --- /dev/null +++ b/src/locking/virtlockd.pod.in @@ -0,0 +1,158 @@ +=head1 NAME + +virtlockd - libvirt lock management daemon + +=head1 SYNOPSIS + +Bvirtlockd [ -dv ] [ -f config_file ] [ -p pid_file ] + +Bvirtlockd --version + +=head1 DESCRIPTION + +The Bvirtlockd program is a server side daemon component of the libvirt +virtualization management system that is used to manage locks held against +virtual machine resources, such as their disks. + +This daemon is not used directly by libvirt client applications, rather it +is called on their behalf by Blibvirtd. By maintaining the locks in a +standalone daemon, the main libvirtd daemon can be restarted without risk +of loosing locks. The Bvirtlockd daemon has the ability to re-exec() +itself upon receiving SIGUSR1, to allow live upgrades without downtime. + +The virtlockd daemon listens for requests on a local Unix domain socket. + +=head1 OPTIONS + +=over + +=item B-d, --daemon + +Run as a daemon write PID file. + +=item B-f, --config IFILE + +Use this configuration file, overriding the default value. + +=item B-p, --pid-file IFILE + +Use this name for the PID file, overriding the default value. + +=item B-v, --verbose + +Enable output of verbose messages. + +=item B--version + +Display version information then exit. + +=back + +=head1 SIGNALS + +On receipt of BSIGUSR1 virtlockd will re-exec() its binary, while +maintaining all current locks and clients. This allows for live +upgrades of the virtlockd service. + +=head1 FILES + +=head2 When run as Broot. + +=over + +=item FSYSCONFDIR/virtlockd.conf + +The default configuration file used by virtlockd, unless overridden on the +command line using the B-f|B--config option. + +=item FLOCALSTATEDIR/run/libvirt/virtlockd-sock + +The sockets libvirtd will use. + +=item FLOCALSTATEDIR/run/virtlockd.pid + +The PID file to use, unless overridden by the B-p|B--pid-file option. + +=back + +=head2 When run as Bnon-root. + +=over + +=item F$XDG_CONFIG_HOME/virtlockd.conf + +The default configuration file used by libvirtd, unless overridden on the +command line using the B-f|B--config option. + +=item F$XDG_RUNTIME_DIR/libvirt/virtlockd-sock + +The socket libvirtd will use. + +=item F$XDG_RUNTIME_DIR/libvirt/virtlockd.pid + +The PID file to use, unless overridden by the B-p|B--pid-file option. + +=item If $XDG_CONFIG_HOME is not set in your environment, libvirtd will use F$HOME/.config + +=item If $XDG_RUNTIME_DIR is not set in your environment, libvirtd will use F$HOME/.cache + +=back + +=head1 EXAMPLES + +To retrieve the version of virtlockd: + + # virtlockd
[libvirt] [PATCH] Add an example config file for virtlockd
From: Daniel P. Berrange berra...@redhat.com The virtlockd daemon supports an /etc/libvirt/virtlockd.conf config file, but we never installed a default config, nor created any augeas scripts. This change addresses that omission. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- .gitignore| 1 + libvirt.spec.in | 3 ++ src/Makefile.am | 20 - src/locking/test_virtlockd.aug.in | 12 src/locking/virtlockd.aug | 44 src/locking/virtlockd.conf| 60 +++ 6 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 src/locking/test_virtlockd.aug.in create mode 100644 src/locking/virtlockd.aug create mode 100644 src/locking/virtlockd.conf diff --git a/.gitignore b/.gitignore index 26bd829..e47421a 100644 --- a/.gitignore +++ b/.gitignore @@ -141,6 +141,7 @@ /src/rpc/virkeepaliveprotocol.[ch] /src/rpc/virnetprotocol.[ch] /src/test_libvirt*.aug +/src/test_virtlockd.aug /src/util/virkeymaps.h /src/virt-aa-helper /src/virtlockd diff --git a/libvirt.spec.in b/libvirt.spec.in index a95b783..fba7658 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1759,6 +1759,7 @@ fi %config(noreplace) %{_sysconfdir}/sysconfig/libvirtd %config(noreplace) %{_sysconfdir}/sysconfig/virtlockd %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf +%config(noreplace) %{_sysconfdir}/libvirt/virtlockd.conf %if 0%{?fedora} = 14 || 0%{?rhel} = 6 %config(noreplace) %{_prefix}/lib/sysctl.d/libvirtd.conf %endif @@ -1840,6 +1841,8 @@ fi %{_datadir}/augeas/lenses/libvirtd.aug %{_datadir}/augeas/lenses/tests/test_libvirtd.aug +%{_datadir}/augeas/lenses/virtlockd.aug +%{_datadir}/augeas/lenses/tests/test_virtlockd.aug %{_datadir}/augeas/lenses/libvirt_lockd.aug %{_datadir}/augeas/lenses/tests/test_libvirt_lockd.aug diff --git a/src/Makefile.am b/src/Makefile.am index d351539..6c13d80 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1608,7 +1608,7 @@ check-local: check-augeas $(NULL) check-augeas: check-augeas-qemu check-augeas-lxc check-augeas-sanlock \ - check-augeas-lockd + check-augeas-lockd check-augeas-virtlockd AUG_GENTEST = $(PERL) $(top_srcdir)/build-aux/augeas-gentest.pl EXTRA_DIST += $(top_srcdir)/build-aux/augeas-gentest.pl @@ -1656,11 +1656,20 @@ test_libvirt_lockd.aug: locking/test_libvirt_lockd.aug.in \ locking/qemu-lockd.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-lockd.conf $ $@ +test_virtlockd.aug: locking/test_virtlockd.aug.in \ + locking/virtlockd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) locking/virtlockd.conf $ $@ + check-augeas-lockd: test_libvirt_lockd.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ '$(AUGPARSE)' -I $(srcdir)/locking test_libvirt_lockd.aug; \ fi +check-augeas-virtlockd: test_virtlockd.aug + $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ + '$(AUGPARSE)' -I $(srcdir)/locking test_virtlockd.aug; \ + fi + # # Build our version script. This is composed of three parts: # @@ -2035,6 +2044,12 @@ virtlockd.8: $(srcdir)/virtlockd.8.in man8_MANS = virtlockd.8 +conf_DATA += locking/virtlockd.conf + +augeas_DATA += locking/virtlockd.aug +augeastest_DATA += test_virtlockd.aug + +CLEANFILES += test_virtlockd.aug MAINTAINERCLEANFILES += $(srcdir)/virtlockd.8.in EXTRA_DIST += \ @@ -2042,6 +2057,9 @@ EXTRA_DIST += \ locking/virtlockd.socket.in \ locking/virtlockd.pod.in \ virtlockd.8.in \ +locking/virtlockd.aug \ +locking/virtlockd.conf \ +locking/test_virtlockd.aug.in \ $(NULL) diff --git a/src/locking/test_virtlockd.aug.in b/src/locking/test_virtlockd.aug.in new file mode 100644 index 000..dcd47c3 --- /dev/null +++ b/src/locking/test_virtlockd.aug.in @@ -0,0 +1,12 @@ +module Test_virtlockd = + let conf = log_level = 3 +log_filters=\3:remote 4:event\ +log_outputs=\3:syslog:libvirtd\ +log_buffer_size = 64 + + + test Libvirtd.lns get conf = +{ log_level = 3 } +{ log_filters = 3:remote 4:event } +{ log_outputs = 3:syslog:libvirtd } +{ log_buffer_size = 64 } diff --git a/src/locking/virtlockd.aug b/src/locking/virtlockd.aug new file mode 100644 index 000..9d20e72 --- /dev/null +++ b/src/locking/virtlockd.aug @@ -0,0 +1,44 @@ +(* /etc/libvirt/libvirtd.conf *) + +module Libvirtd = + autoload xfm + + let eol = del /[ \t]*\n/ \n + let value_sep = del /[ \t]*=[ \t]*/ = + let indent = del /[ \t]*/ + + let array_sep = del /,[ \t\n]*/ , + let array_start = del /\[[ \t\n]*/ [ + let array_end = del /\]/ ] + + let str_val = del /\/ \ . store /[^\]*/ . del /\/ \ + let bool_val = store /0|1/ + let int_val = store /[0-9]+/ + let str_array_element = [ seq el . str_val ] . del /[ \t\n]*/ + let str_array_val = counter el .
Re: [libvirt] [PATCH] configure: fix formatting of missing pkg-config modules error
On Thu, Aug 08, 2013 at 04:56:59PM +0200, Giuseppe Scrivano wrote: It adds an empty space after the package version. Previously the error message looked like: You must install the dbus-1 = 1.0.0pkg-config module to compile libvirt Signed-off-by: Giuseppe Scrivano gscri...@redhat.com --- m4/virt-lib.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/virt-lib.m4 b/m4/virt-lib.m4 index 778cd40..70400a1 100644 --- a/m4/virt-lib.m4 +++ b/m4/virt-lib.m4 @@ -336,7 +336,7 @@ AC_DEFUN([LIBVIRT_CHECK_PKG],[ fi if test $fail = 1; then -AC_MSG_ERROR([You must install the ]pc_name[ = ]pc_version[pkg-config module to compile libvirt]) +AC_MSG_ERROR([You must install the ]pc_name[ = ]pc_version[ pkg-config module to compile libvirt]) fi if test x$with_var = xyes ; then ACK Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Updated patch for virt-login-shell for joing libvirt lxc containers.
On Fri, Aug 02, 2013 at 04:52:52PM +0100, Daniel P. Berrange wrote: On Fri, Aug 02, 2013 at 11:22:07AM -0400, Daniel J Walsh wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 THis patch fixes all of Eric's and Daniels comments. [PATCH] virt-login-shell joins users into lxc container. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlH7zp8ACgkQrlYvE4MpobNx3gCbBtxw7T4fzIfHSyEEKKyjojXR BUUAoOToptiTOi+RC6Bdcp+zvg/xzfRh =7zpw -END PGP SIGNATURE- From 01c7ab48e720f34c2aa891a8fa07812b1c66c316 Mon Sep 17 00:00:00 2001 From: Dan Walsh dwa...@redhat.com Date: Fri, 28 Jun 2013 13:50:58 -0400 Subject: [PATCH] virt-login-shell joins users into lxc container. Openshift wants to have their gears stuck into a container when they login to the system. virt-login-shell will join a running gear with the username of the person running it, or attempt to start the container if it is not running. (Currently containers do not exist if they are not running, so I can not test this feature. But the code is there). This tool needs to be setuid since joining a container (nsjoin) requires privs. The root user is not allowed to execute this command. When this tool is run by a normal user it will only join the users container. Only users who are listed as valid_users in /etc/libvirt/virt-login-shell.conf are allowed to join containers using this tool. By default no users are allowed. --- .gitignore | 1 + libvirt.spec.in | 3 + po/POTFILES.in | 1 + tools/Makefile.am | 30 +++- tools/virt-login-shell.c| 350 tools/virt-login-shell.conf | 26 tools/virt-login-shell.pod | 62 7 files changed, 472 insertions(+), 1 deletion(-) create mode 100644 tools/virt-login-shell.c create mode 100644 tools/virt-login-shell.conf create mode 100644 tools/virt-login-shell.pod ACK, looks good to me now. FYI, I pushed this now Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] maint: the compiler is not always named gcc
On Wed, Aug 07, 2013 at 09:46:06AM -0600, Eric Blake wrote: https://bugzilla.redhat.com/show_bug.cgi?id=994589 complained that even when using a cross-compiler not named 'gcc', the configure output confusingly referred to gcc. * m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Use a more generic statement in configure output. Signed-off-by: Eric Blake ebl...@redhat.com --- Pushing under the trivial rule. m4/virt-compile-warnings.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4 index 8731b70..6bf797f 100644 --- a/m4/virt-compile-warnings.m4 +++ b/m4/virt-compile-warnings.m4 @@ -62,7 +62,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ # gcc 4.2 treats attribute(format) as an implicit attribute(nonnull), # which triggers spurious warnings for our usage -AC_CACHE_CHECK([whether gcc -Wformat allows NULL strings], +AC_CACHE_CHECK([whether the C compiler's -Wformat allows NULL strings], [lv_cv_gcc_wformat_null_works], [ save_CFLAGS=$CFLAGS CFLAGS='-Wunknown-pragmas -Werror -Wformat' @@ -101,7 +101,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ dnl Check whether strchr(s, char variable) causes a bogus compile dnl warning, which is the case with GCC 4.6 on some glibc -AC_CACHE_CHECK([whether GCC -Wlogical-op gives bogus warnings], +AC_CACHE_CHECK([whether the C compiler's -Wlogical-op gives bogus warnings], [lv_cv_gcc_wlogical_op_broken], [ save_CFLAGS=$CFLAGS CFLAGS=-O2 -Wlogical-op -Werror ACK. -- Guido -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] maint: avoid C99 loop declaration
On Wed, Aug 07, 2013 at 04:53:30PM -0600, Eric Blake wrote: Commit 3d0e3c1 reintroduced a problem previously squelched in commit 7e5aa78. Add a syntax check this time around. Didn't notice we want to avoid this sorry. util/virutil.c: In function 'virGetGroupList': util/virutil.c:1015: error: 'for' loop initial declaration used outside C99 mode * cfg.mk (sc_prohibit_loop_var_decl): New rule. * src/util/virutil.c (virGetGroupList): Fix offender. Signed-off-by: Eric Blake ebl...@redhat.com --- Pushing under the build-breaker rule. cfg.mk | 12 +--- src/util/virutil.c | 8 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/cfg.mk b/cfg.mk index 13de268..791c393 100644 --- a/cfg.mk +++ b/cfg.mk @@ -546,15 +546,21 @@ sc_avoid_attribute_unused_in_header: $(_sc_search_regexp) sc_prohibit_int_ijk: - @prohibit='\(int|unsigned) ([^(]* )*(i|j|k)(\s|,|;)' \ + @prohibit='\(int|unsigned) ([^(]* )*(i|j|k)(\s|,|;)' \ halt='use size_t, not int/unsigned int for loop vars i, j, k' \ $(_sc_search_regexp) sc_prohibit_loop_iijjkk: - @prohibit='\(int|unsigned) ([^=]+ )*(ii|jj|kk)(\s|,|;)' \ - halt='use i, j, k for loop iterators, not ii, jj, kk' \ + @prohibit='\(int|unsigned) ([^=]+ )*(ii|jj|kk)(\s|,|;)'\ + halt='use i, j, k for loop iterators, not ii, jj, kk' \ $(_sc_search_regexp) +# RHEL 5 gcc can't grok for (int i... +sc_prohibit_loop_var_decl: + @prohibit='\for *\(\w+[ *]+\w+'\ + in_vc_files='\.[ch]$$' \ + halt='declare loop iterators outside the for statement' \ + $(_sc_search_regexp) # Many of the function names below came from this filter: # git grep -B2 '\_('|grep -E '\.c- *[[:alpha:]_][[:alnum:]_]* ?\(.*[,;]$' \ diff --git a/src/util/virutil.c b/src/util/virutil.c index 3de72ea..34f5998 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -1010,18 +1010,18 @@ virGetGroupList(uid_t uid, gid_t gid, gid_t **list) } if (gid != (gid_t)-1) { -size_t n = ret; +size_t i; -for (size_t i = 0; i ret; i++) { +for (i = 0; i ret; i++) { if ((*list)[i] == gid) goto cleanup; } -if (VIR_APPEND_ELEMENT(*list, n, gid) 0) { +if (VIR_APPEND_ELEMENT(*list, i, gid) 0) { ret = -1; VIR_FREE(*list); goto cleanup; } else { -ret = n; +ret = i; And safeing a variable, nice! ACK. -_ Guido } } -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] configure: fix formatting of missing pkg-config modules error
On 08/08/2013 09:10 AM, Daniel P. Berrange wrote: On Thu, Aug 08, 2013 at 04:56:59PM +0200, Giuseppe Scrivano wrote: It adds an empty space after the package version. Previously the error message looked like: You must install the dbus-1 = 1.0.0pkg-config module to compile libvirt Signed-off-by: Giuseppe Scrivano gscri...@redhat.com --- m4/virt-lib.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ACK Pushed. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] build: fix compilation of virt-login-shell.c
virt-login-shell.c was failing to compile with CC virt_login_shell-virt-login-shell.o virt-login-shell.c: In function 'main': virt-login-shell.c:205:5: error: implicit declaration of function 'setlocale' [-Werror=implicit-function-declaration] virt-login-shell.c:205:5: error: nested extern declaration of 'setlocale' [-Werror=nested-externs] virt-login-shell.c:205:20: error: 'LC_ALL' undeclared (first use in this function) --- I'm a little surprised that others are not seeing this problem, so a bit nervious committing without an ACK. tools/virt-login-shell.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c index ffbc713..b8f1a28 100644 --- a/tools/virt-login-shell.c +++ b/tools/virt-login-shell.c @@ -27,6 +27,7 @@ #include errno.h #include stdlib.h #include fnmatch.h +#include locale.h #include internal.h #include virerror.h -- 1.8.1.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] maint: avoid C99 loop declaration
On 08/08/2013 12:41 PM, Guido Günther wrote: On Wed, Aug 07, 2013 at 04:53:30PM -0600, Eric Blake wrote: Commit 3d0e3c1 reintroduced a problem previously squelched in commit 7e5aa78. Add a syntax check this time around. Didn't notice we want to avoid this sorry. That's okay - it's my own fault for not adding a syntax-check last time it happened. Eventually, we will reach a day where we quit catering to RHEL 5's ancient gcc as our minimum version, but at least now we can detect the problem without having to resort to waiting for someone to actually test the build on RHEL 5... Maybe it's worth someone trying to set up an autobuilder on a RHEL 5 VM? (My own RHEL 5 setup is too sporadic, on only once a month or so, mainly for my own regression testing). -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] build: fix compilation of virt-login-shell.c
On 08/08/2013 02:04 PM, Jim Fehlig wrote: virt-login-shell.c was failing to compile with CC virt_login_shell-virt-login-shell.o virt-login-shell.c: In function 'main': virt-login-shell.c:205:5: error: implicit declaration of function 'setlocale' [-Werror=implicit-function-declaration] virt-login-shell.c:205:5: error: nested extern declaration of 'setlocale' [-Werror=nested-externs] virt-login-shell.c:205:20: error: 'LC_ALL' undeclared (first use in this function) --- I'm a little surprised that others are not seeing this problem, so a bit nervious committing without an ACK. ACK - go for it. It depends on which version of glibc you use as to whether you see the error (I reproduced it with glibc 2.17 of Fedora 19, but suspect that Dan Walsh developed the patch on an older platform). -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] build: fix compilation of virt-login-shell.c
Eric Blake wrote: On 08/08/2013 02:04 PM, Jim Fehlig wrote: virt-login-shell.c was failing to compile with CC virt_login_shell-virt-login-shell.o virt-login-shell.c: In function 'main': virt-login-shell.c:205:5: error: implicit declaration of function 'setlocale' [-Werror=implicit-function-declaration] virt-login-shell.c:205:5: error: nested extern declaration of 'setlocale' [-Werror=nested-externs] virt-login-shell.c:205:20: error: 'LC_ALL' undeclared (first use in this function) --- I'm a little surprised that others are not seeing this problem, so a bit nervious committing without an ACK. ACK - go for it. It depends on which version of glibc you use as to whether you see the error (I reproduced it with glibc 2.17 of Fedora 19, but suspect that Dan Walsh developed the patch on an older platform). Ah, I see. I noticed the issue with glibc 2.17 as well. Thanks, pushed now. Regards, Jim -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/4] Fix handling of CA certificate chains
On 08/06/2013 05:35 AM, Daniel P. Berrange wrote: This series fixes the CA certificate validation so that it correctly works when a client and server cert are both signed by intermediate CAs, sharing a common ancestor CA. After the application of this series, I'm starting to see sporadic test failures; when I run 'make -j3 check' the test sometimes fails like this; but when I then do 'cd tests; ./virnettlssessiontest', it passes. I suspect you have a race where parallel tests are now trying to access the same file, and whoever loses the test fails; whereas a serial run passes every time. 11) TLS Session servercertreq.filename + clientcertreq.filename ... OK 12) TLS Session servercertreq.filename + clientcertreq.filename ... libvirt: XML-RPC error : authentication failed: Failed to verify peer's certificate OK 13) TLS Session servercertreq.filename + clientcertreq.filename ... OK 14) TLS Session servercertreq.filename + clientcertreq.filename ... libvirt: XML-RPC error : authentication failed: Failed to verify peer's certificate FAILED 15) TLS Session servercertlevel3areq.filename + clientcertlevel2breq.filename ... libvirt: XML-RPC error : Cannot read private key '/home/eblake/libvirt/tests/virnettlscontexttest-key.pem': No such file or directory FAILED -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] tests: work with older dbus
On RHEL 5, with dbus 1.1.2, compilation failed with: virsystemdmock.c: In function 'dbus_connection_send_with_reply_and_block': virsystemdmock.c:68: warning: implicit declaration of function 'dbus_message_set_serial' Fix this by instead bypassing all attempts to use a dbus serial. * tests/virsystemdmock.c (dbus_message_set_reply_serial): Add new override. (dbus_connection_send_with_reply_and_block): No longer bother with the serial. Signed-off-by: Eric Blake ebl...@redhat.com --- I'm tempted to push this under the build-breaker rule, but it is still pending a review of this patch also for RHEL 5: https://www.redhat.com/archives/libvir-list/2013-August/msg00313.html tests/virsystemdmock.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/virsystemdmock.c b/tests/virsystemdmock.c index b6c3695..ded52d2 100644 --- a/tests/virsystemdmock.c +++ b/tests/virsystemdmock.c @@ -58,6 +58,12 @@ dbus_bool_t dbus_connection_set_watch_functions(DBusConnection *connection ATTRI return 1; } +dbus_bool_t dbus_message_set_reply_serial(DBusMessage *message ATTRIBUTE_UNUSED, + dbus_uint32_t serial ATTRIBUTE_UNUSED) +{ +return 1; +} + DBusMessage *dbus_connection_send_with_reply_and_block(DBusConnection *connection ATTRIBUTE_UNUSED, DBusMessage *message, int timeout_milliseconds ATTRIBUTE_UNUSED, @@ -65,8 +71,6 @@ DBusMessage *dbus_connection_send_with_reply_and_block(DBusConnection *connectio { DBusMessage *reply = NULL; -dbus_message_set_serial(message, 7); - if (getenv(FAIL_BAD_SERVICE)) reply = dbus_message_new_error(message, org.freedesktop.systemd.badthing, -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] build: fix compilation of virt-login-shell.c
On Thu, Aug 08, 2013 at 02:28:53PM -0600, Eric Blake wrote: On 08/08/2013 02:04 PM, Jim Fehlig wrote: virt-login-shell.c was failing to compile with CC virt_login_shell-virt-login-shell.o virt-login-shell.c: In function 'main': virt-login-shell.c:205:5: error: implicit declaration of function 'setlocale' [-Werror=implicit-function-declaration] virt-login-shell.c:205:5: error: nested extern declaration of 'setlocale' [-Werror=nested-externs] virt-login-shell.c:205:20: error: 'LC_ALL' undeclared (first use in this function) --- I'm a little surprised that others are not seeing this problem, so a bit nervious committing without an ACK. ACK - go for it. It depends on which version of glibc you use as to whether you see the error (I reproduced it with glibc 2.17 of Fedora 19, but suspect that Dan Walsh developed the patch on an older platform). That's strange, I compile tested this, and did the full RPM build on my F19 host with that glibc version. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] tests: work with older dbus
On Thu, Aug 08, 2013 at 03:05:25PM -0600, Eric Blake wrote: On RHEL 5, with dbus 1.1.2, compilation failed with: virsystemdmock.c: In function 'dbus_connection_send_with_reply_and_block': virsystemdmock.c:68: warning: implicit declaration of function 'dbus_message_set_serial' Fix this by instead bypassing all attempts to use a dbus serial. * tests/virsystemdmock.c (dbus_message_set_reply_serial): Add new override. (dbus_connection_send_with_reply_and_block): No longer bother with the serial. Signed-off-by: Eric Blake ebl...@redhat.com --- I'm tempted to push this under the build-breaker rule, but it is still pending a review of this patch also for RHEL 5: https://www.redhat.com/archives/libvir-list/2013-August/msg00313.html tests/virsystemdmock.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/virsystemdmock.c b/tests/virsystemdmock.c index b6c3695..ded52d2 100644 --- a/tests/virsystemdmock.c +++ b/tests/virsystemdmock.c @@ -58,6 +58,12 @@ dbus_bool_t dbus_connection_set_watch_functions(DBusConnection *connection ATTRI return 1; } +dbus_bool_t dbus_message_set_reply_serial(DBusMessage *message ATTRIBUTE_UNUSED, + dbus_uint32_t serial ATTRIBUTE_UNUSED) +{ +return 1; +} + DBusMessage *dbus_connection_send_with_reply_and_block(DBusConnection *connection ATTRIBUTE_UNUSED, DBusMessage *message, int timeout_milliseconds ATTRIBUTE_UNUSED, @@ -65,8 +71,6 @@ DBusMessage *dbus_connection_send_with_reply_and_block(DBusConnection *connectio { DBusMessage *reply = NULL; -dbus_message_set_serial(message, 7); - if (getenv(FAIL_BAD_SERVICE)) reply = dbus_message_new_error(message, org.freedesktop.systemd.badthing, ACK, good idea for fixing this. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Fix parallel runs of TLS test suites
From: Daniel P. Berrange berra...@redhat.com Use a seperate keyfile name for the two TLS test suites so that they don't clash when running tests in parallel Signed-off-by: Daniel P. Berrange berra...@redhat.com --- tests/virnettlscontexttest.c | 10 ++ tests/virnettlshelpers.c | 6 ++ tests/virnettlshelpers.h | 6 ++ tests/virnettlssessiontest.c | 10 ++ 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index 9ade785..53792ee 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -40,6 +40,8 @@ # define VIR_FROM_THIS VIR_FROM_RPC +# define KEYFILE key-ctx.pem + struct testTLSContextData { bool isServer; const char *cacrt; @@ -66,7 +68,7 @@ static int testTLSContextInit(const void *opaque) ctxt = virNetTLSContextNewServer(data-cacrt, NULL, data-crt, - keyfile, + KEYFILE, NULL, true, true); @@ -74,7 +76,7 @@ static int testTLSContextInit(const void *opaque) ctxt = virNetTLSContextNewClient(data-cacrt, NULL, data-crt, - keyfile, + KEYFILE, true, true); } @@ -109,7 +111,7 @@ mymain(void) { int ret = 0; -testTLSInit(); +testTLSInit(KEYFILE); # define DO_CTX_TEST(_isServer, _caCrt, _crt, _expectFail) \ do {\ @@ -617,7 +619,7 @@ mymain(void) testTLSDiscardCert(clientcertlevel2breq); unlink(cacertchain.pem); -testTLSCleanup(); +testTLSCleanup(KEYFILE); return ret==0 ? EXIT_SUCCESS : EXIT_FAILURE; } diff --git a/tests/virnettlshelpers.c b/tests/virnettlshelpers.c index 39a2df6..8a10340 100644 --- a/tests/virnettlshelpers.c +++ b/tests/virnettlshelpers.c @@ -34,8 +34,6 @@ # define VIR_FROM_THIS VIR_FROM_RPC -const char *keyfile = abs_builddir /virnettlscontexttest-key.pem; - /* * These store some static data that is needed when * encoding extensions in the x509 certs @@ -99,7 +97,7 @@ static gnutls_x509_privkey_t testTLSLoadKey(void) } -void testTLSInit(void) +void testTLSInit(const char *keyfile) { gnutls_global_init(); @@ -112,7 +110,7 @@ void testTLSInit(void) } -void testTLSCleanup(void) +void testTLSCleanup(const char *keyfile) { asn1_delete_structure(pkix_asn1); unlink(keyfile); diff --git a/tests/virnettlshelpers.h b/tests/virnettlshelpers.h index 7c3f8da..3f6afb9 100644 --- a/tests/virnettlshelpers.h +++ b/tests/virnettlshelpers.h @@ -28,8 +28,6 @@ # include rpc/virnettlscontext.h -extern const char *keyfile; - /* * This contains parameter about how to generate * certificates. @@ -76,7 +74,7 @@ void testTLSWriteCertChain(const char *filename, size_t ncerts); void testTLSDiscardCert(struct testTLSCertReq *req); -void testTLSInit(void); -void testTLSCleanup(void); +void testTLSInit(const char *keyfile); +void testTLSCleanup(const char *keyfile); #endif diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c index bc176aa..9b171ed 100644 --- a/tests/virnettlssessiontest.c +++ b/tests/virnettlssessiontest.c @@ -38,6 +38,8 @@ # define VIR_FROM_THIS VIR_FROM_RPC +# define KEYFILE key-sess.pem + struct testTLSSessionData { const char *servercacrt; const char *clientcacrt; @@ -107,7 +109,7 @@ static int testTLSSessionInit(const void *opaque) serverCtxt = virNetTLSContextNewServer(data-servercacrt, NULL, data-servercrt, - keyfile, + KEYFILE, data-wildcards, false, true); @@ -115,7 +117,7 @@ static int testTLSSessionInit(const void *opaque) clientCtxt = virNetTLSContextNewClient(data-clientcacrt, NULL, data-clientcrt, - keyfile, + KEYFILE, false, true); @@ -236,7 +238,7 @@ mymain(void) { int ret = 0; -testTLSInit(); +testTLSInit(KEYFILE); # define DO_SESS_TEST(_caCrt, _serverCrt, _clientCrt,
Re: [libvirt] Updated patch for virt-login-shell for joing libvirt lxc containers.
On 08/02/2013 09:22 AM, Daniel J Walsh wrote: Subject: [PATCH] virt-login-shell joins users into lxc container. Openshift wants to have their gears stuck into a container when they login to the system. virt-login-shell will join a running gear with the username of the person running it, or attempt to start the container if it is not running. (Currently containers do not exist if they are not running, so I can not test this feature. But the code is there). This tool needs to be setuid since joining a container (nsjoin) requires privs. The root user is not allowed to execute this command. When this tool is run by a normal user it will only join the users container. Only users who are listed as valid_users in /etc/libvirt/virt-login-shell.conf are allowed to join containers using this tool. By default no users are allowed. --- .gitignore | 1 + libvirt.spec.in | 3 + po/POTFILES.in | 1 + tools/Makefile.am | 30 +++- tools/virt-login-shell.c| 350 tools/virt-login-shell.conf | 26 tools/virt-login-shell.pod | 62 7 files changed, 472 insertions(+), 1 deletion(-) create mode 100644 tools/virt-login-shell.c create mode 100644 tools/virt-login-shell.conf create mode 100644 tools/virt-login-shell.pod Already committed, but the following items are worth cleaning up in a followup patch: @@ -128,6 +133,24 @@ virt_host_validate_CFLAGS = \ $(COVERAGE_CFLAGS) \ $(NULL) +virt_login_shell_SOURCES = \ + virt-login-shell.conf \ .conf files should not be part of _SOURCES; it is already correctly listed under conf_DATA, so I think you can just delete this line. + +static ssize_t nfdlist = 0; +static int *fdlist = NULL; Static variables are automatically 0-initialized without needing something explicit. gcc can optimize this into .bss, but not all compilers do that. +static const char *conf_file = SYSCONFDIR /libvirt/virt-login-shell.conf; + +static void virLoginShellFini(virConnectPtr conn, virDomainPtr dom) Unintentional 2 spaces. +static int virLoginShellAllowedUser(virConfPtr conf, +const char *name, +gid_t *groups) +{ +/* + If string begins with a % this indicates a linux group. + Check to see if the user is in the Linux Group. +*/ +if (pp-str[0] == '%') { +ptr = pp-str[1]; +if (!ptr) This conditional is dead code (ptr is always non-NULL at this point). Did you mean to check if (!*ptr) instead? And if so, you should probably warn that % is an invalid string, rather than silently ignoring it. +} +virReportSystemError(EPERM, _(%s not listed as an allowed_users in %s), name, conf_file); Awkward grammar; I'd suggest s/as an/in/: %s not listed in allowed_users in %s + +static char **virLoginShellGetShellArgv(virConfPtr conf) +{ +size_t i; +char **shargv=NULL; +virConfValuePtr p; + +p = virConfGetValue(conf, shell); +if (!p) +return virStringSplit(/bin/sh -l, , 3); + +if (p p-type == VIR_CONF_LIST) { Dead conditional on the left of ; you only get here if p is non-NULL. + +if (VIR_ALLOC_N(shargv, len + 1) 0) +goto error; +for (i = 0, pp = p-list; pp; i++, pp = pp-next) { +if (VIR_STRDUP(shargv[i], pp-str) 0) +goto error; +} +shargv[len] = NULL; Dead assignment; VIR_ALLOC_N guaranteed that shargv[len] starts life as NULL. +static void +usage(void) +{ +fprintf(stdout, _(\n + %s is a privileged program that allows non root users \n Outputting trailing whitespace to stdout is evil. + specified in %s to join a Linux container \n + with a matching user name and launch a shell. \n Two more instances. + +struct option opt[] = { +{help, no_argument, NULL, 'h'}, +{NULL, 0, NULL, 0} I still think all programs should have a --version option. + +/* The only option we support is help + */ +while ((arg = getopt_long(argc, argv, h, opt, longindex)) != -1) { +switch (arg) { +case 'h': +usage(); +exit(EXIT_SUCCESS); +break; +} +} That may be so, but the way you used getopt_long, you will print a message and then plow onwards anyways. It is better to have a case '?' that calls usage(); exit(EXIT_FAILURE);, so that if we later add a new option, and a user calls this program without knowing whether the version they are using was built before or after the addition of the new option, then trying
Re: [libvirt] [PATCH] Fix parallel runs of TLS test suites
On 08/08/2013 04:09 PM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com Use a seperate keyfile name for the two TLS test suites so that s/seperate/separate/ they don't clash when running tests in parallel Signed-off-by: Daniel P. Berrange berra...@redhat.com --- tests/virnettlscontexttest.c | 10 ++ tests/virnettlshelpers.c | 6 ++ tests/virnettlshelpers.h | 6 ++ tests/virnettlssessiontest.c | 10 ++ 4 files changed, 16 insertions(+), 16 deletions(-) ACK. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] tests: work with older dbus
On 08/08/2013 04:03 PM, Daniel P. Berrange wrote: On Thu, Aug 08, 2013 at 03:05:25PM -0600, Eric Blake wrote: On RHEL 5, with dbus 1.1.2, compilation failed with: virsystemdmock.c: In function 'dbus_connection_send_with_reply_and_block': virsystemdmock.c:68: warning: implicit declaration of function 'dbus_message_set_serial' Fix this by instead bypassing all attempts to use a dbus serial. I'm tempted to push this under the build-breaker rule, but it is still pending a review of this patch also for RHEL 5: https://www.redhat.com/archives/libvir-list/2013-August/msg00313.html Still awaiting review on that one... ACK, good idea for fixing this. ...but this one is now pushed. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Add a man page for virtlockd daemon
On 08/08/2013 09:07 AM, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com Create a virtlockd.pod.in file containing the man page content for virtlockd. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- .gitignore | 2 + libvirt.spec.in | 1 + src/Makefile.am | 24 ++- src/locking/virtlockd.pod.in | 158 +++ 4 files changed, 184 insertions(+), 1 deletion(-) create mode 100644 src/locking/virtlockd.pod.in +=head1 SYNOPSIS + +Bvirtlockd [ -dv ] [ -f config_file ] [ -p pid_file ] + +Bvirtlockd --version Hmm, you have the opposite problem from virt-login-shell, with --version but no --help :) + +=head1 DESCRIPTION + +The Bvirtlockd program is a server side daemon component of the libvirt +virtualization management system that is used to manage locks held against +virtual machine resources, such as their disks. + +This daemon is not used directly by libvirt client applications, rather it +is called on their behalf by Blibvirtd. By maintaining the locks in a +standalone daemon, the main libvirtd daemon can be restarted without risk +of loosing locks. The Bvirtlockd daemon has the ability to re-exec() s/loosing/losing/ +=item B-d, --daemon + +Run as a daemon write PID file. s//and/ (man pages tend to use stodgy full-grammared sentences instead of abbreviations...) +=head1 BUGS + +Please report all bugs you discover. This should be done via either: Hmm - wondering if we should put this boilerplate into a common sub-file included by all the other .pod man page templates, so that we have some consistency (and so that we only have to update one boilerplate instead of copying and pasting across files if we change our mind on what the boilerplate should say). ACK with grammar/spelling fixes listed above; the longer comments are food for thought but don't hold up this patch. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] libxl: Create per-domain log file
Currently, only one log file is created by the libxl driver, with all output from libxl for all domains going to this one file. Create a per-domain log file based on domain name, making sifting through the logs a bit easier. This required deferring libxl_ctx allocation until starting the domain, which is fine since the ctx is not used when the domain is inactive. --- src/libxl/libxl_conf.h | 5 +-- src/libxl/libxl_driver.c | 88 +--- 2 files changed, 57 insertions(+), 36 deletions(-) diff --git a/src/libxl/libxl_conf.h b/src/libxl/libxl_conf.h index aa57710..78133b9 100644 --- a/src/libxl/libxl_conf.h +++ b/src/libxl/libxl_conf.h @@ -57,8 +57,6 @@ struct _libxlDriverPrivate { virDomainXMLOptionPtr xmlopt; unsigned int version; -FILE *logger_file; -xentoollog_logger *logger; /* libxl ctx for driver wide ops; getVersion, getNodeInfo, ... */ libxl_ctx *ctx; @@ -93,6 +91,9 @@ typedef libxlDomainObjPrivate *libxlDomainObjPrivatePtr; struct _libxlDomainObjPrivate { virObjectLockable parent; +/* per domain log stream for libxl messages */ +FILE *logger_file; +xentoollog_logger *logger; /* per domain libxl ctx */ libxl_ctx *ctx; /* console */ diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index 9e9bc89..8e9a3d0 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -398,6 +398,51 @@ static const libxl_osevent_hooks libxl_event_callbacks = { .timeout_deregister = libxlTimeoutDeregisterEventHook, }; +static int +libxlDomainObjPrivateInitCtx(virDomainObjPtr vm) +{ +libxlDomainObjPrivatePtr priv = vm-privateData; +char *log_file; +int ret = -1; + +if (priv-ctx) +return 0; + +if (virAsprintf(log_file, %s/%s.log, LIBXL_LOG_DIR, vm-def-name) 0) +return -1; + +if ((priv-logger_file = fopen(log_file, a)) == NULL) { +virReportSystemError(errno, + _(failed to open logfile %s), + log_file); +goto cleanup; +} + +priv-logger = +(xentoollog_logger *)xtl_createlogger_stdiostream(priv-logger_file, + XTL_DEBUG, 0); +if (!priv-logger) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(cannot create libxenlight logger for domain %s), + vm-def-name); +goto cleanup; +} + +if (libxl_ctx_alloc(priv-ctx, LIBXL_VERSION, 0, priv-logger)) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(Failed libxl context initialization)); +goto cleanup; +} + +libxl_osevent_register_hooks(priv-ctx, libxl_event_callbacks, priv); + +ret = 0; + +cleanup: +VIR_FREE(log_file); +return ret; +} + static void * libxlDomainObjPrivateAlloc(void) { @@ -409,14 +454,6 @@ libxlDomainObjPrivateAlloc(void) if (!(priv = virObjectLockableNew(libxlDomainObjPrivateClass))) return NULL; -if (libxl_ctx_alloc(priv-ctx, LIBXL_VERSION, 0, libxl_driver-logger)) { -VIR_ERROR(_(Failed libxl context initialization)); -virObjectUnref(priv); -return NULL; -} - -libxl_osevent_register_hooks(priv-ctx, libxl_event_callbacks, priv); - if (!(priv-devs = virChrdevAlloc())) return NULL; @@ -432,6 +469,11 @@ libxlDomainObjPrivateDispose(void *obj) libxl_evdisable_domain_death(priv-ctx, priv-deathW); virChrdevFree(priv-devs); + +xtl_logger_destroy(priv-logger); +if (priv-logger_file) +VIR_FORCE_FCLOSE(priv-logger_file); + libxl_ctx_free(priv-ctx); } @@ -929,6 +971,9 @@ libxlVmStart(libxlDriverPrivatePtr driver, virDomainObjPtr vm, int managed_save_fd = -1; libxlDomainObjPrivatePtr priv = vm-privateData; +if (libxlDomainObjPrivateInitCtx(vm) 0) +goto error; + /* If there is a managed saved state restore it instead of starting * from scratch. The old state is removed once the restoring succeeded. */ if (restore_fd 0) { @@ -1135,9 +1180,6 @@ libxlStateCleanup(void) virObjectUnref(libxl_driver-xmlopt); virObjectUnref(libxl_driver-domains); libxl_ctx_free(libxl_driver-ctx); -xtl_logger_destroy(libxl_driver-logger); -if (libxl_driver-logger_file) -VIR_FORCE_FCLOSE(libxl_driver-logger_file); virObjectUnref(libxl_driver-reservedVNCPorts); @@ -1187,7 +1229,6 @@ libxlStateInitialize(bool privileged, void *opaque ATTRIBUTE_UNUSED) { const libxl_version_info *ver_info; -char *log_file = NULL; virCommandPtr cmd; int status, ret = 0; unsigned int free_mem; @@ -1267,17 +1308,6 @@ libxlStateInitialize(bool privileged, goto error; } -if (virAsprintf(log_file, %s/libxl.log, libxl_driver-logDir) 0) -goto error; - -if ((libxl_driver-logger_file = fopen(log_file, a)) == NULL) { -
Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
Martin, I pushed this now. -- Regards, Alex - Original Message - From: Martin Kletzander mklet...@redhat.com To: Alex Jia a...@redhat.com Cc: libvir-list@redhat.com Sent: Thursday, August 8, 2013 8:09:57 PM Subject: Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags On 08/08/2013 10:48 AM, Alex Jia wrote: Valgrind defects memory error: ==16759== 1 errors in context 1 of 8: ==16759== Invalid free() / delete / delete[] / realloc() ==16759==at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd ==16759== 1 errors in context 2 of 8: ==16759== Conditional jump or move depends on uninitialised value(s) ==16759==at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Uninitialised value was created by a stack allocation ==16759==at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423) How to reproduce? # virsh start domain --paused RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855 Signed-off-by: Alex Jia a...@redhat.com --- src/remote/remote_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index f828eef..71d0034 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) make_nonnull_domain(args.dom, dom); args.flags = flags; +memset(ret, 0, sizeof(ret)); if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS, (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)args, (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)ret) == -1) { ACK. I wonder whether we could de-duplicate this since all similar functions call this, but call() doesn't know the structure size :( Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] LXC: Helper function for checking ownership of dir when userns enabled
From: Chen Hanxiao chenhanx...@cn.fujitsu.com If we enable userns, the ownership of dir we provided for containers should match the uid/gid in idmap. Currently, the debug log is very implicit or misleading sometimes. This patch will help clarify this for us when using debug log or virsh. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc/lxc_container.c | 45 + 1 files changed, 45 insertions(+), 0 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index b910b10..ce17466 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1815,6 +1815,48 @@ lxcNeedNetworkNamespace(virDomainDefPtr def) return false; } +/* + * Helper function for helping check + * whether we have enough privilege + * to operate the source dir when userns enabled + * @vmDef: pointer to vm definition structure + * Returns 0 on success or -1 in case of error + */ +static int +lxcContainerUsernsSrcOwnershipCheck(virDomainDefPtr vmDef) +{ +struct stat buf; +int i; +uid_t uid; +gid_t gid; + +for(i=0; i vmDef-nfss; i++) { +VIR_DEBUG(dst is %s, src is %s, +vmDef-fss[i]-dst, +vmDef-fss[i]-src); + +uid = vmDef-idmap.uidmap[0].target; +gid = vmDef-idmap.gidmap[0].target; + +if (lstat(vmDef-fss[i]-src, buf) 0) { +virReportSystemError(errno, _(Cannot access '%s'), + vmDef-fss[i]-src); +return -1; +} else if(uid != buf.st_uid || gid != buf.st_gid) { +VIR_DEBUG(In userns uid is %d, gid is %d\n, +uid, gid); +errno = EINVAL; + +virReportSystemError(errno, +[userns] Src dir \%s\ does not belong to uid/gid:%d/%d, +vmDef-fss[i]-src, uid, gid); +return -1; +} +} + +return 0; +} + /** * lxcContainerStart: * @def: pointer to virtual machine structure @@ -1866,6 +1908,9 @@ int lxcContainerStart(virDomainDefPtr def, if (userns_supported()) { VIR_DEBUG(Enable user namespace); cflags |= CLONE_NEWUSER; +if(lxcContainerUsernsSrcOwnershipCheck(def) 0) { +return -1; +} } else { virReportSystemError(VIR_ERR_CONFIG_UNSUPPORTED, %s, _(Kernel doesn't support user namespace)); -- 1.7.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list