On Tue, Oct 25, 2016 at 02:13:07PM +0200, Martin Kletzander wrote:
> On Tue, Oct 25, 2016 at 01:10:23PM +1100, Sam Bobroff wrote:
> >On Tue, Oct 18, 2016 at 10:43:31PM +0200, Martin Kletzander wrote:
> >>On Mon, Oct 17, 2016 at 03:45:09PM +1100, Sam Bobroff wrote:
> >>>On Fri, Oct 14, 2016 at
[Author note: Apologies for an extra release or two in between versions,
I was sidetracked by another project. This is probably too close to the
impending freeze for 2.4, so I just updated doc to 2.5 in anticipation.
In rearranging the patches, I've inserted a cleanup patch at the head
that was
Signed-off-by: Eric Farman
---
src/security/security_apparmor.c | 18 -
src/security/security_dac.c | 42 ++--
src/security/security_selinux.c | 39 +++--
3 files changed, 94
Open /dev/vhost-scsi, and record the resulting file descriptor, so that
the guest has access to the host device outside of the libvirt daemon.
Pass this information, along with data parsed from the XML file, to build
a device string for the qemu command line. That device string will be
for either
Adjust the device string that is built for vhost-scsi devices so that it
can be invoked from hotplug.
>From the QEMU command line, the file descriptors are expect to be numeric only.
However, for hotplug, the file descriptors are expected to begin with at least
one alphabetic character else this
Signed-off-by: Eric Farman
---
docs/formatdomain.html.in | 24
1 file changed, 24 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index c70377b..6ef864f 100644
--- a/docs/formatdomain.html.in
+++
These tests were cloned from hostdev-scsi-virtio-scsi in both
xml2argv and xml2xml
Signed-off-by: Eric Farman
Reviewed-by: Boris Fiuczynski
---
.../qemuxml2argv-hostdev-scsi-vhost-scsi.args | 24 +
Do all the stuff for the vhost-scsi capability in QEMU,
so it's in place for our checks later.
Signed-off-by: Eric Farman
Reviewed-by: Boris Fiuczynski
---
src/qemu/qemu_capabilities.c| 2 ++
We already have a "scsi" hostdev type, which refers to a single LUN
that is passed through to a guest. But what of things where multiple
LUNs are passed through via a single SCSI HBA, such as with the
vhost-scsi target? Create a new hostdev type that will carry this.
Signed-off-by: Eric Farman
Signed-off-by: Eric Farman
---
src/Makefile.am | 1 +
src/libvirt_private.syms | 19 +++
src/util/virhost.c | 301 +++
src/util/virhost.h | 72
src/util/virhostdev.c| 155
Signed-off-by: Eric Farman
---
docs/schemas/domaincommon.rng | 23
src/conf/domain_audit.c | 7
src/conf/domain_conf.c| 81 +--
3 files changed, 109 insertions(+), 2 deletions(-)
diff --git
On Wed, Oct 26, 2016 at 5:04 PM, Martin Kletzander wrote:
> Or have you possibly edited the on-disk saved state of libvirt some time
> back instead of using virsh edit? =)
That could have been it, but no, we have this all automated and never
touch the on-disk xml after a
On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote:
> Now we don't need to differentiate error and eof cases in the loop function.
> So let's simplify it radically using goto instead of flags.
> ---
> src/qemu/qemu_agent.c| 185
> ++-
>
On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote:
> Let's take a closer look at qemuAgentIO. In the case of error
> we stop listening to any events besides error and eof.
> Then set last error so that all next loop invocations do very little:
>
> 1. if it is an error then just call error
On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote:
> agentError is used for 2 different cases:
>
> 1. agent monitor is failed to start
Non guest fatal failure in qemuConnectAgent when first trying to connect
to the agent
> 2. io error in agent monitor
I/O error with running agent resulting
There's no commit message...
You're altering qemuConnectAgent to return -1 on the only error and
perform the VIR_WARN plus agentError = true on other "soft" failures.
Not exactly nothing going on!
On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote:
> ---
> src/qemu/qemu_driver.c| 8
On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote:
> There were a few errors in the code when this flag was not
> cleared upon monitor cleanup. All of them could be fixed
> just resetting this flag upon agent monitor initialization.
We should fix the places where the flag wasn't cleared
On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote:
> If there is an error event after eof event then after agent
> is cleaned up on eof error flag will be set back and remains
> set after next domain start up making agent unavailable.
> Thus let's check before set this flag on error event.
>
On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote:
> Usually on domain shutdown event comes first from qemu
> and the flag is unset in processSerialChangedEvent. However
> there is a race between this function and qemuProcessHandleAgentEOF
> because the former is executed in a thread pool and
On Wed, Oct 26, 2016 at 05:11:58PM +0200, Sławek Kapłoński wrote:
Hello,
Thx a lot but strictly speaking it's my second patch to libvirt :)
I now see it's a fourth one in the three, I have no idea why git log
hadn't showed me any other, maybe I was too fast when dismissing it.
Well, anyway,
On Wed, 2016-10-26 at 16:54 +0200, Michal Privoznik wrote:
> On 26.10.2016 15:27, Andrea Bolognani wrote:
> >
> > Well, almost :) There are still some cases that are not
> > handled correctly, but at least this will unbreak 'make
> > rpm' while I work on the rest.
> >
> > Tested by running 'make
${exec_prefix} and ${prefix} point to the same directory in
most setups, but when that's not the case the former should
be used for architecture-dependent data such as shared objects,
which makes it the best fit for our Wireshark dissector.
While at it, change from $(var) to ${var}: they are
This takes care of the few remaining nits.
All use cases I could think of are covered; if any more
issues are discovered, we'll take care of them then.
Andrea Bolognani (3):
wireshark: Don't redefine ws_plugindir
wireshark: Try a bunch of possible prefixes
wireshark: Use ${exec_prefix}
If we can't obtain Wireshark's plugindir variable from
pkg-config, we fall back to building it ourselves starting
from $libdir.
The problem with that is that we have zero insights on what
$libdir actually looks like, so we can't simply strip $prefix
and call it a day. On the other hand, we have
autoconf already defines the variable for us, and prints out
a warning if we try to do it a second time. So let's not :)
---
tools/Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 319abb2..100e657 100644
--- a/tools/Makefile.am
+++
On 26.10.2016 15:27, Andrea Bolognani wrote:
> Well, almost :) There are still some cases that are not
> handled correctly, but at least this will unbreak 'make
> rpm' while I work on the rest.
>
> Tested by running 'make rpm' successfully on Fedora 23,
> Fedora 24 and Fedora rawhide.
>
>
>
On Wed, Oct 26, 2016 at 05:29:26PM +0200, Andrea Bolognani wrote:
> On Wed, 2016-10-26 at 12:35 +0100, Richard W.M. Jones wrote:
> > I'm happy to announce that libvirt compiles fine from git on
> > Fedora/RISC-V. This has little or no practical value at all, since
> > RISC-V lacks such essentials
On Wed, Oct 26, 2016 at 02:36:58PM +0200, Michal Privoznik wrote:
> This is a small helper intended to be run by udev. On its input
> (either as the only command line argument or in DEVNODE
> environment vairable) it is given a device and on the output it
> will either put nothing (meaning the
On Wed, Oct 26, 2016 at 02:36:54PM +0200, Michal Privoznik wrote:
> Now that we are able to store security labels for devices, next
> step is to flush them into a file. For more convenience I've
> chosen JSON format (as we have all the APIs needed for processing
> the format).
I wonder if we're
On Wed, 2016-10-26 at 12:35 +0100, Richard W.M. Jones wrote:
> I'm happy to announce that libvirt compiles fine from git on
> Fedora/RISC-V. This has little or no practical value at all, since
> RISC-V lacks such essentials such as virtualization, qemu etc.
> However I suppose you could use it as
Hello,
Thx a lot but strictly speaking it's my second patch to libvirt :)
--
Best regards / Pozdrawiam
Sławek Kapłoński
sla...@kaplonski.pl
On Wed, 26 Oct 2016, Martin Kletzander wrote:
> On Sat, Oct 22, 2016 at 12:30:01PM +0200, Sławek Kapłoński wrote:
> > When user tries to resume already
On Wed, Oct 26, 2016 at 04:40:12PM +0200, Ruben Kerkhof wrote:
On Thu, Oct 20, 2016 at 7:53 PM, Martin Kletzander wrote:
On Thu, Oct 20, 2016 at 11:26:09AM +0200, Ruben Kerkhof wrote:
Hi all,
virsh(1) has this to say about virsh shutdown:
"The exact behavior of a domain
On 26.10.2016 15:27, Andrea Bolognani wrote:
> Well, almost :) There are still some cases that are not
> handled correctly, but at least this will unbreak 'make
> rpm' while I work on the rest.
>
> Tested by running 'make rpm' successfully on Fedora 23,
> Fedora 24 and Fedora rawhide.
>
>
>
On Sat, Oct 22, 2016 at 12:30:01PM +0200, Sławek Kapłoński wrote:
When user tries to resume already running domain (Qemu or LXC)
there is VIR_ERR_OPERATION_INVALID error raised now with
message that domain is already running.
Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1009008
---
On Thu, Oct 20, 2016 at 7:53 PM, Martin Kletzander wrote:
> On Thu, Oct 20, 2016 at 11:26:09AM +0200, Ruben Kerkhof wrote:
>>
>> Hi all,
>>
>> virsh(1) has this to say about virsh shutdown:
>> "The exact behavior of a domain when it shuts down is set by the
>> on_shutdown
Hello,
Can someone take a look at this patch? Thx in advance :)
--
Best regards / Pozdrawiam
Sławek Kapłoński
sla...@kaplonski.pl
On Sat, 22 Oct 2016, Sławek Kapłoński wrote:
> When user tries to resume already running domain (Qemu or LXC)
> there is VIR_ERR_OPERATION_INVALID error raised now
On Wed, 2016-10-26 at 08:46 +0200, Boris Fiuczynski wrote:
> > > if WITH_WIRESHARK_DISSECTOR
> > >
> > > -ws_plugindir = $(plugindir)
> > > +ws_plugindir = $(prefix)$(plugindir)
> > > ws_plugin_LTLIBRARIES = wireshark/src/libvirt.la
> > > wireshark_src_libvirt_la_CPPFLAGS = \
> > > -I
Since we're using autoconf to substitute the right value in
Makefile.am now, we can use a less generic name without running
into circular dependencies.
---
m4/virt-wireshark.m4 | 12 ++--
tools/Makefile.am| 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git
Even when we're building $plugindir ourselves because we can't
retrieve it using pkg-config, we still want to strip the prefix,
except in that case it would be the same prefix we're using for
building libvirt.
The fact that $plugindir is missing also doesn't tell us
anything about $ws_prefix, so
Well, almost :) There are still some cases that are not
handled correctly, but at least this will unbreak 'make
rpm' while I work on the rest.
Tested by running 'make rpm' successfully on Fedora 23,
Fedora 24 and Fedora rawhide.
Andrea Bolognani (5):
wireshark: Introduce $ws_modversion
Adding $(prefix) in Makefile.am, as we were doing, means that
it would be prepended even when using --with-ws-plugindir,
which is something we don't want to happen.
Instead, we add it beforehand but take care that it doesn't
get expanded until make is called.
---
m4/virt-wireshark.m4 | 6 +-
Keep all variable declarations close together.
---
m4/virt-wireshark.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/m4/virt-wireshark.m4 b/m4/virt-wireshark.m4
index eb6c8a6..64acca9 100644
--- a/m4/virt-wireshark.m4
+++ b/m4/virt-wireshark.m4
@@ -29,13 +29,13 @@
Use a separate variable instead of setting it inline for
slightly cleaner code.
---
m4/virt-wireshark.m4 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/m4/virt-wireshark.m4 b/m4/virt-wireshark.m4
index e1e4a59..eb6c8a6 100644
--- a/m4/virt-wireshark.m4
+++
Not everybody is going to use the new virUdevMgr module. Some
users have their own set of udev rules and they don't need
libvirt to step in that area. Lets give users choice to enable or
disable this feature.
Signed-off-by: Michal Privoznik
---
src/qemu/libvirtd_qemu.aug
Now that security drivers are capable of writing into virUdevMgr
module, we also need it to flush its internal database right
after that.
Signed-off-by: Michal Privoznik
---
src/qemu/qemu_domain.c | 12 +++-
src/qemu/qemu_domain.h | 3 ++-
src/qemu/qemu_driver.c
Now that we have the virudev module somewhat working, lets
introduce some testing of it.
We also need mock for virRandomBits function. Without it, the
order in which entries occur in the hash table would be random
and thus test would fail some times (as we expect certain
ordering).
The internal representation of security labels contains some
bools (e.g. @relabel, @implicit). But the stdbool.h file is not
included anywhere in the header file, therefore if somebody just
includes "virseclabel.h" they also need to include .
That's not right as it should be virseclabel.h who
Now that we are able to store security labels for devices, next
step is to flush them into a file. For more convenience I've
chosen JSON format (as we have all the APIs needed for processing
the format).
Signed-off-by: Michal Privoznik
---
po/POTFILES.in | 1 +
This is the cherry on the top. For given device all its security
labels are fetched.
Signed-off-by: Michal Privoznik
---
src/libvirt_private.syms | 1 +
src/util/virudev.c | 43 +++
src/util/virudev.h | 4 +++
tests/virudevtest.c | 91
This change alone is not needed, but it prepares environment for
subsequent patches where we will need virSecurityManager much
deeper in the code.
Signed-off-by: Michal Privoznik
---
src/security/security_dac.c | 33 +
1 file changed, 17
Whenever a security driver wants to change label of some path, it
should let virUdevMgr module know so that it can update its
internal database too.
Signed-off-by: Michal Privoznik
---
src/libvirt_private.syms| 2 ++
src/security/security_dac.c | 36
Now that we are able to dump internal state into a JSON
file/string, we should be able to reverse the process and
reconstruct the internal state from a JSON file/string.
Signed-off-by: Michal Privoznik
---
src/libvirt_private.syms | 2 +
src/util/virudev.c | 159
In case of udev, it will never try to reset security label on say
domain monitor socket, or some other channel. Therefore, it makes
sense to filter those paths out and keep the state file on the
disk small. The only paths that udev will handle are those
prefixed with "/dev/".
Signed-off-by:
If the daemon is restarted, the virUdevMgr loses its internal
state. This is because entries to its internal DB are added
whilst setting security labels. This obviously doesn't happen
when the daemon is restarted.
It's not wise to start with a fresh internal state and possibly
leave behind
This is a small helper intended to be run by udev. On its input
(either as the only command line argument or in DEVNODE
environment vairable) it is given a device and on the output it
will either put nothing (meaning the device is not used by any of
the libvirt domains), or it will print out
In some cases callers might want to filter what devices are
stored in this module (esp. when used in combination with udev
who cares about nothing but "/dev/" prefixed paths).
Signed-off-by: Michal Privoznik
---
src/libvirt_private.syms | 1 +
src/util/virudev.c | 25
I've came across interesting bug recently. The problem was that
user tried to start a domain, but qemu was denied access to some
device. Even though we relabelled it initially. By debugging I
found the root cause: while we were starting qemu, udev came and
restored original security labels. Sigh.
This change alone is not needed, but it prepares environment for
subsequent patches where we will need virSecurityManager much
deeper in the code.
Signed-off-by: Michal Privoznik
---
src/security/security_dac.c | 34 +++---
1 file changed, 15
This is new internal class that is going to remember
pairs. Moreover, it is going to be
able to flush the pairs into a file so that a helper (which is
introduced later in the series) can look into the file and answer
question: "Is this path in use by libvirt and if so
These APIs start to implement what was laid out in the module
description. We need to be able to store given security label (on
domain startup, device attach), and then remove all security
labels associated with it (on domain shutdown, device detach).
Signed-off-by: Michal Privoznik
So far, this function is not needed with the current code. But it
is going to do so in subsequent commits. We already have
virSecurityDeviceLabelDefNew() which sets just model for new
seclabel, this new API sets both model and label.
Signed-off-by: Michal Privoznik
---
I'm happy to announce that libvirt compiles fine from git on
Fedora/RISC-V. This has little or no practical value at all, since
RISC-V lacks such essentials such as virtualization, qemu etc.
However I suppose you could use it as a remote client.
# file src/.libs/libvirt.so.0.2004.0
On 10/26/2016 07:33 AM, Bob Liu wrote:
> Tunnelled migration doesn't require any extra network connections beside the
> libvirt daemon.
> It's capable of strong encryption and is the default option in openstack-nova.
>
> This patch add the tunnelled migration(Tunnel3params) support to libxl.
>
Whilst working on another issue, I've noticed that in some
functions we have a local @driver variable among with access to
global @qemu_driver variable. This makes no sense.
Signed-off-by: Michal Privoznik
---
src/qemu/qemu_driver.c | 4 ++--
1 file changed, 2
The old ivshmem is deprecated in QEMU, so let's use the better
ivshmem-{plain,doorbell} variants instead.
Signed-off-by: Martin Kletzander
---
docs/formatdomain.html.in | 10 +++---
docs/schemas/domaincommon.rng | 2 ++
src/conf/domain_conf.c| 4 +++-
We're keeping some things at default and that's not something we want to
do intentionally. Let's save some sensible defaults upfront in order to
avoid having problems later. The details for the defaults (of the newer
implementation) can be found in qemu's commit 5400c02b90bb:
This is needed in order to migrate a domain with shmem devices as that
is not allowed to migrate.
Signed-off-by: Martin Kletzander
---
src/qemu/qemu_driver.c | 39 +++-
src/qemu/qemu_hotplug.c| 248
Signed-off-by: Martin Kletzander
---
src/qemu/qemu_capabilities.c | 5 ++
src/qemu/qemu_capabilities.h | 4 ++
.../caps_2.6.0-gicv2.aarch64.xml | 2 +
.../caps_2.6.0-gicv3.aarch64.xml | 2 +
QEMU added support for ivshmem-plain and ivshmem-doorbell. Those are
reworked varians of legacy ivshmem that are compatible from the guest
POV, but not from host's POV and have sane specification and handling.
Details about the newer device type can be found in qemu's commit
5400c02b90bb:
v4:
- Incorporated John's review
v3:
- https://www.redhat.com/archives/libvir-list/2016-September/msg01232.html
Martin Kletzander (6):
conf, qemu: Add support for shmem model
conf, qemu: Add newer shmem models
qemu: Add capabilities for ivshmem-{plain,doorbell}
qemu: Save various
Just the default one now, new ones will be added in following commits.
Signed-off-by: Martin Kletzander
---
docs/formatdomain.html.in | 8 +
docs/schemas/domaincommon.rng | 9 +
src/conf/domain_conf.c
On Mon, Oct 24, 2016 at 06:46:21PM -0400, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1300776
>
> Complete the implementation of support for TLS encryption on
> chardev TCP transports by adding the hotplug ability of a secret
> to generate the passwordid for the TLS object
On Mon, Oct 24, 2016 at 06:46:20PM -0400, John Ferlan wrote:
> Add the secret object so the 'passwordid=' can be added if the command line
> if there's a secret defined in/on the host for TCP chardev TLS objects.
>
> Preparation for the secret involves adding the secinfo to the char source
>
On Tue, 2016-10-25 at 14:08 -0400, Laine Stump wrote:
> > [...]
> > > @@ -926,7 +857,7 @@ qemuDomainCollectPCIAddress(virDomainDefPtr def
> > > ATTRIBUTE_UNUSED,
> > >entireSlot = (addr->function == 0 &&
> > > addr->multi != VIR_TRISTATE_SWITCH_ON);
> > >
> > > -
On Tue, Oct 25, 2016 at 04:06:15PM -0400, John Ferlan wrote:
> Need to remove the drive first, then the secobj and/or encobj if they exist.
> This is because the drive has a dependency on secobj (or the secret for
> the networked storage server) and/or the encobj (or the secret for the
> LUKS
On 10/24/2016 10:52 AM, Daniel P. Berrange wrote:
On Thu, Oct 20, 2016 at 03:54:13PM +0800, Michal Privoznik wrote:
The problem with evaluating $(prefix) in configure phase is that
autoconf does a lot of magic with this variable. Firstly, if the
--prefix argument is not set for the configure
Tunnelled migration doesn't require any extra network connections beside the
libvirt daemon.
It's capable of strong encryption and is the default option in openstack-nova.
This patch add the tunnelled migration(Tunnel3params) support to libxl.
The data flow in the src side is:
*
77 matches
Mail list logo