On 03/27/13 22:45, Eric Blake wrote:
On 03/26/2013 08:06 AM, Martin Kletzander wrote:
On 03/26/2013 12:26 PM, Peter Krempa wrote:
Format the address using the helper to avoid code duplication.
---
src/conf/domain_conf.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
I'd ACK
The option 'nolabel' has been changed by current libvirt upstream, it should
be 'noseclabel' now, so need to sync the option change with libvirt.
# ./tools/virsh -c lxc:/// lxc-enter-namespace --help | grep label
lxc-enter-namespace domain [--noseclabel] {[--cmd] string}...
--noseclabel
On Thu, Mar 21, 2013 at 04:35:10PM +0100, Michal Privoznik wrote:
The virDomainDefGetSecurityLabelDef was modifying the domain XML.
It tried to find a seclabel corresponding to given sec driver. If the
label wasn't found, the function created one which is wrong. In fact
it's security manager
On Thu, Mar 21, 2013 at 04:35:11PM +0100, Michal Privoznik wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=923946
The seclabel type='none'/ should be added iff there is no other
seclabel defined within a domain. This bug can be easily reproduced:
1) configure selinux seclabel for a domain
On 27.03.2013 22:50, Eric Blake wrote:
On 03/21/2013 09:35 AM, Michal Privoznik wrote:
Don't forget other seclabels when adding a seclabel type='none'/.
Michal Privoznik (2):
security_manager: Don't manipulate domain XML in
virDomainDefGetSecurityLabelDef
security: Don't add
On Wed, Mar 27, 2013 at 04:36:38PM -0600, Eric Blake wrote:
On 03/25/2013 08:25 AM, Paolo Bonzini wrote:
The need_prctl variable is not really needed. If it is false,
capng_apply will be called twice with the same set, causing
a little extra work but no problem. This keeps the code a bit
On Wed, Mar 27, 2013 at 04:22:26PM -0600, Eric Blake wrote:
On 03/25/2013 09:24 PM, Hu Tao wrote:
On Mon, Mar 25, 2013 at 08:39:40PM +0100, Stefan Seyfried wrote:
Hi all,
iptables-1.4.18 removed the long deprecated state match.
Use conntrack instead in forwarding rules.
Fixes openSUSE
On Thu, Mar 28, 2013 at 04:48:31PM +0800, Alex Jia wrote:
The option 'nolabel' has been changed by current libvirt upstream, it should
be 'noseclabel' now, so need to sync the option change with libvirt.
# ./tools/virsh -c lxc:/// lxc-enter-namespace --help | grep label
On 03/28/2013 05:31 PM, Daniel P. Berrange wrote:
On Thu, Mar 28, 2013 at 04:48:31PM +0800, Alex Jia wrote:
The option 'nolabel' has been changed by current libvirt upstream, it should
be 'noseclabel' now, so need to sync the option change with libvirt.
# ./tools/virsh -c lxc:///
On Thu, Mar 21, 2013 at 05:50:47PM +0100, Michal Privoznik wrote:
Currently, only three wrappers are being implemented:
virFileSetAttr for setting attributes
virFileGetAttr for querying attributes (note we need to call it twice,
first time to get length of attribute value, second to get actual
On Thu, Mar 21, 2013 at 05:50:48PM +0100, Michal Privoznik wrote:
For now, only three APIs are implemented:
virFileGetACL to retrieve permission for a specific user
virFileSetACL for setting requested permissions for a specific user,
virFileRemoveACL to remove those permissions.
---
diff to
On 28.03.2013 10:15, Daniel P. Berrange wrote:
On Thu, Mar 21, 2013 at 04:35:10PM +0100, Michal Privoznik wrote:
The virDomainDefGetSecurityLabelDef was modifying the domain XML.
It tried to find a seclabel corresponding to given sec driver. If the
label wasn't found, the function created one
On Thu, Mar 21, 2013 at 05:50:49PM +0100, Michal Privoznik wrote:
#define VIR_FROM_THIS VIR_FROM_SECURITY
#define SECURITY_DAC_NAME dac
+#define SECURITY_DAC_XATTR_OLD_ACL trusted.libvirt.dac.oldACL
+#define SECURITY_DAC_XATTR_OLD_OWNER trusted.libvirt.dac.oldOwner
+#define
On Thu, Mar 21, 2013 at 05:50:49PM +0100, Michal Privoznik wrote:
On filesystems supporting ACLs we don't need to do a chown but we
can just set ACLs to gain access for qemu. However, since we are
setting these on too low level, where we don't know if disk is
just a read only or read write, we
On Thu, Mar 28, 2013 at 10:42:39AM +0100, Michal Privoznik wrote:
On 28.03.2013 10:15, Daniel P. Berrange wrote:
On Thu, Mar 21, 2013 at 04:35:10PM +0100, Michal Privoznik wrote:
The virDomainDefGetSecurityLabelDef was modifying the domain XML.
It tried to find a seclabel corresponding to
That seems like a kernel flaw - it makes sense that you can't _add_
capabilities without CAP_SETPCAP, but being unable to _drop_
capabilities without first acquiring a capability seems backwards.
You cannot add capabilities to the bounding set at all. It is a
one-way street.
/me learned a
/* Change to the temp capabilities */
-if ((capng_ret = capng_apply(CAPNG_SELECT_BOTH)) 0) {
+if ((capng_ret = capng_apply(CAPNG_SELECT_CAPS)) 0) {
Beforehand, we limited both caps and bounding set, with an overlarge
set, now you are limiting just caps...
On 28.03.2013 10:46, Daniel P. Berrange wrote:
On Thu, Mar 21, 2013 at 05:50:49PM +0100, Michal Privoznik wrote:
#define VIR_FROM_THIS VIR_FROM_SECURITY
#define SECURITY_DAC_NAME dac
+#define SECURITY_DAC_XATTR_OLD_ACL trusted.libvirt.dac.oldACL
+#define SECURITY_DAC_XATTR_OLD_OWNER
vcpupin and emulatorpin use same code to parse the cpulist, this
abstracts the same code as a helper. Along with various code style
fixes, and error improvement (only error Physical CPU %d doesn't
exist if the specified CPU exceed the range, no cpulist: Invalid
format, see the following for an
On 28/03/13 19:36, Osier Yang wrote:
vcpupin and emulatorpin use same code to parse the cpulist, this
abstracts the same code as a helper. Along with various code style
fixes, and error improvement (only error Physical CPU %d doesn't
exist if the specified CPU exceed the range, no cpulist:
On Thu, Mar 28, 2013 at 11:38:04AM +0100, Michal Privoznik wrote:
On 28.03.2013 10:46, Daniel P. Berrange wrote:
On Thu, Mar 21, 2013 at 05:50:49PM +0100, Michal Privoznik wrote:
#define VIR_FROM_THIS VIR_FROM_SECURITY
#define SECURITY_DAC_NAME dac
+#define SECURITY_DAC_XATTR_OLD_ACL
On 03/27/2013 09:09 PM, Stefan Berger wrote:
On 03/27/2013 02:01 PM, Eric Blake wrote:
On 03/27/2013 10:30 AM, Laine Stump wrote:
My opinion is that the patch we should apply should be a simple patch
that just removes use of --ctdir. According to the netfilter developer
who responded to the
---
libvirt-designer/libvirt-designer-domain.c | 20 ++--
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/libvirt-designer/libvirt-designer-domain.c
b/libvirt-designer/libvirt-designer-domain.c
index 49e8068..c3a5ce3 100644
---
---
examples/virtxml.c | 3 +++
libvirt-designer/libvirt-designer-domain.c | 2 ++
2 files changed, 5 insertions(+)
diff --git a/examples/virtxml.c b/examples/virtxml.c
index c5a5e24..d4a5fe2 100644
--- a/examples/virtxml.c
+++ b/examples/virtxml.c
@@ -126,6 +126,7 @@
Hi Daniel,
On Thu, Mar 28, 2013 at 4:08 AM, Daniel Veillard veill...@redhat.com wrote:
I tagged it in git and pushed the tarball to the usual area:
ftp://libvirt.org/libvirt/
the rpms are being pushed ATM.
Based on my own limited testing this still looks like good to go,
but more
On 28.03.2013 12:12, Daniel P. Berrange wrote:
On Thu, Mar 28, 2013 at 11:38:04AM +0100, Michal Privoznik wrote:
On 28.03.2013 10:46, Daniel P. Berrange wrote:
On Thu, Mar 21, 2013 at 05:50:49PM +0100, Michal Privoznik wrote:
#define VIR_FROM_THIS VIR_FROM_SECURITY
#define SECURITY_DAC_NAME
On Thu, Mar 28, 2013 at 12:47:25PM +0100, Michal Privoznik wrote:
On 28.03.2013 12:12, Daniel P. Berrange wrote:
On Thu, Mar 28, 2013 at 11:38:04AM +0100, Michal Privoznik wrote:
On 28.03.2013 10:46, Daniel P. Berrange wrote:
On Thu, Mar 21, 2013 at 05:50:49PM +0100, Michal Privoznik wrote:
On 28.03.2013 12:52, Daniel P. Berrange wrote:
On Thu, Mar 28, 2013 at 12:47:25PM +0100, Michal Privoznik wrote:
On 28.03.2013 12:12, Daniel P. Berrange wrote:
On Thu, Mar 28, 2013 at 11:38:04AM +0100, Michal Privoznik wrote:
On 28.03.2013 10:46, Daniel P. Berrange wrote:
On Thu, Mar 21, 2013
Hi,
I tried to migrate qemu domains between same two Freescale PPC platforms.
1) Migrate test domain from Host1(10.193.20.109) to Host2(10.193.20.181).
root@ppc-host1:~# virsh migrate test qemu+tls://10.193.20.181/system
or
root@ppc-host2:~# virsh -c qemu+tls://10.193.20.109/system migrate test
---
Pushed under build-breaker rule.
---
src/util/virutil.c | 3 ++-
src/util/virutil.h | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/util/virutil.c b/src/util/virutil.c
index 557225c..d5f122f 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -3582,7 +3582,8
On Thu, Mar 28, 2013 at 01:06:12PM +0100, Michal Privoznik wrote:
On 28.03.2013 12:52, Daniel P. Berrange wrote:
On Thu, Mar 28, 2013 at 12:47:25PM +0100, Michal Privoznik wrote:
On 28.03.2013 12:12, Daniel P. Berrange wrote:
On Thu, Mar 28, 2013 at 11:38:04AM +0100, Michal Privoznik wrote:
On 28/03/13 19:36, Ruben Kerkhof wrote:
Hi Daniel,
On Thu, Mar 28, 2013 at 4:08 AM, Daniel Veillard veill...@redhat.com wrote:
I tagged it in git and pushed the tarball to the usual area:
ftp://libvirt.org/libvirt/
the rpms are being pushed ATM.
Based on my own limited testing this
There has been a typo in virIsCapbleVport function name.
---
Pushed under build breaker rule.
src/util/virutil.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/virutil.c b/src/util/virutil.c
index d5f122f..87a97c9 100644
--- a/src/util/virutil.c
+++
For reference of people new to this thread, here is the start of the thread:
https://www.redhat.com/archives/libvir-list/2013-March/msg01403.html
This concerns changes to libvirt to cope with the newly discovered (by
us :-) difference in interpretation of ctdir by different versions of
On 03/28/2013 10:36 AM, Laine Stump wrote:
For reference of people new to this thread, here is the start of the thread:
https://www.redhat.com/archives/libvir-list/2013-March/msg01403.html
This concerns changes to libvirt to cope with the newly discovered (by
us :-) difference in
With my previous patches, we unconditionally appended a seclabel,
even if it wasn't generated but found in array of defined seclabels.
This resulted in double free later when doing virDomainDefFree
and iterating over the array of defined seclabels.
Moreover, there was another possibility of
Both virIsCapableFCHost and virIsCapableVport return 0 when the
respective sysfs path is accessible.
---
src/node_device/node_device_linux_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/node_device/node_device_linux_sysfs.c
When logical pool has no PVs associated with itself (user-created),
virCommandFree(cmd) is called twice with the same pointer and that
causes a segfault in daemon.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
Worth v1.0.4 IMHO.
---
src/storage/storage_backend_logical.c | 3 ++-
1
On 03/28/2013 11:46 AM, Ján Tomko wrote:
Both virIsCapableFCHost and virIsCapableVport return 0 when the
respective sysfs path is accessible.
---
src/node_device/node_device_linux_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
On 28.03.2013 17:06, Martin Kletzander wrote:
When logical pool has no PVs associated with itself (user-created),
virCommandFree(cmd) is called twice with the same pointer and that
causes a segfault in daemon.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
Worth v1.0.4 IMHO.
---
---
libvirt-gconfig/libvirt-gconfig-domain.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libvirt-gconfig/libvirt-gconfig-domain.c
b/libvirt-gconfig/libvirt-gconfig-domain.c
index be572ab..7ef0be8 100644
--- a/libvirt-gconfig/libvirt-gconfig-domain.c
+++
---
libvirt-designer/libvirt-designer-domain.c | 8
1 file changed, 8 insertions(+)
diff --git a/libvirt-designer/libvirt-designer-domain.c
b/libvirt-designer/libvirt-designer-domain.c
index 9dc1d7d..b1aa838 100644
--- a/libvirt-designer/libvirt-designer-domain.c
+++
---
libvirt-gconfig/libvirt-gconfig-domain.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libvirt-gconfig/libvirt-gconfig-domain.c
b/libvirt-gconfig/libvirt-gconfig-domain.c
index be572ab..7ef0be8 100644
--- a/libvirt-gconfig/libvirt-gconfig-domain.c
+++
On 03/28/2013 09:19 AM, Michal Privoznik wrote:
With my previous patches, we unconditionally appended a seclabel,
even if it wasn't generated but found in array of defined seclabels.
This resulted in double free later when doing virDomainDefFree
and iterating over the array of defined
On Thu, Mar 28, 2013 at 10:54:01AM -0400, Stefan Berger wrote:
On 03/28/2013 10:36 AM, Laine Stump wrote:
For reference of people new to this thread, here is the start of the thread:
https://www.redhat.com/archives/libvir-list/2013-March/msg01403.html
This concerns changes to libvirt to
On 03/28/2013 01:17 PM, Pablo Neira Ayuso wrote:
On Thu, Mar 28, 2013 at 10:54:01AM -0400, Stefan Berger wrote:
On 03/28/2013 10:36 AM, Laine Stump wrote:
For reference of people new to this thread, here is the start of the thread:
On Thu, Mar 28, 2013 at 01:55:09PM -0400, Stefan Berger wrote:
On 03/28/2013 01:17 PM, Pablo Neira Ayuso wrote:
On Thu, Mar 28, 2013 at 10:54:01AM -0400, Stefan Berger wrote:
On 03/28/2013 10:36 AM, Laine Stump wrote:
For reference of people new to this thread, here is the start of the
On 03/27/2013 04:00 PM, Gene Czarcinski wrote:
If an IPv4 address is *not* specified, then the IPv4 network is
isolated and, by default, internal (internal to the specific
interface) IPv4 routing is enabled..
Define enable IPv4 routing
ipv4 forwarding is not explicitly enabled in this case,
On 03/25/2013 10:25 AM, Paolo Bonzini wrote:
The interface type='bridge' is working mostly because of a bad design
decision in Linux. Ideally, QEMU would run with an empty capability
bounding set and would not be able to do any privileged operation
(not even by running a helper program).
On 03/28/2013 03:09 PM, Pablo Neira Ayuso wrote:
On Thu, Mar 28, 2013 at 01:55:09PM -0400, Stefan Berger wrote:
On 03/28/2013 01:17 PM, Pablo Neira Ayuso wrote:
On Thu, Mar 28, 2013 at 10:54:01AM -0400, Stefan Berger wrote:
On 03/28/2013 10:36 AM, Laine Stump wrote:
For reference of people
On Thu, Mar 28, 2013 at 03:24:37PM -0400, Stefan Berger wrote:
On 03/28/2013 03:09 PM, Pablo Neira Ayuso wrote:
On Thu, Mar 28, 2013 at 01:55:09PM -0400, Stefan Berger wrote:
On 03/28/2013 01:17 PM, Pablo Neira Ayuso wrote:
On Thu, Mar 28, 2013 at 10:54:01AM -0400, Stefan Berger wrote:
On
On 28.03.2013 17:41, Christophe Fergeau wrote:
---
libvirt-designer/libvirt-designer-domain.c | 8
1 file changed, 8 insertions(+)
diff --git a/libvirt-designer/libvirt-designer-domain.c
b/libvirt-designer/libvirt-designer-domain.c
index 9dc1d7d..b1aa838 100644
---
On 03/28/2013 03:22 PM, Laine Stump wrote:
On 03/27/2013 04:00 PM, Gene Czarcinski wrote:
If an IPv4 address is *not* specified, then the IPv4 network is
isolated and, by default, internal (internal to the specific
interface) IPv4 routing is enabled..
Define enable IPv4 routing
ipv4
On 28/03/13 23:46, Ján Tomko wrote:
Both virIsCapableFCHost and virIsCapableVport return 0 when the
respective sysfs path is accessible.
---
src/node_device/node_device_linux_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/node_device/node_device_linux_sysfs.c
On 29/03/13 11:31, Osier Yang wrote:
On 28/03/13 23:46, Ján Tomko wrote:
Both virIsCapableFCHost and virIsCapableVport return 0 when the
respective sysfs path is accessible.
---
src/node_device/node_device_linux_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
On 2013年03月28日 20:06, Yin Olivia-R63875 wrote:
Hi,
I tried to migrate qemu domains between same two Freescale PPC platforms.
1) Migrate test domain from Host1(10.193.20.109) to Host2(10.193.20.181).
root@ppc-host1:~# virsh migrate test qemu+tls://10.193.20.181/system
or
root@ppc-host2:~# virsh
From: Li Zhang zhlci...@linux.vnet.ibm.com
To avoid the collision for creating USB controllers in machine-init()
and -device xx command line, it needs to set usb=off to avoid one USB
controller created in machine-init(). So that libvirt can use -device
or -usb to create USB controller
From: Li Zhang zhlci...@linux.vnet.ibm.com
Currently, -machine option is used only when dump-guest-core is set.
To use options defined in machine option for newer version of QEMU,
it needs to use -machine xxx, and to be compatible with older version
-M, this patch addes QEMU_CAPS_MACHINE_OPT
Any more comment?
Thanks. :)
On 2013年03月27日 13:07, Li Zhang wrote:
From: Li Zhang zhlci...@linux.vnet.ibm.com
For pSeries guest in QEMU, NVRAM is one kind of spapr-vio device.
Users are allowed to specify spapr-vio devices'address.
But NVRAM is not supported in libvirt. So this patch is to
Any more comment?
Thanks.
On 2013年03月27日 13:07, Li Zhang wrote:
From: Li Zhang zhlci...@linux.vnet.ibm.com
This patch is to add NVRAM docs in formatdomain.html.in
and domaincommon.rng
Signed-off-by: Li Zhang zhlci...@linux.vnet.ibm.com
---
docs/formatdomain.html.in | 35
Any more comment?
Thanks a lot. :)
On 2013年03月27日 13:07, Li Zhang wrote:
From: Li Zhang zhlci...@linux.vnet.ibm.com
This patch is to add NVRAM test cases.
Signed-off-by: Li Zhang zhlci...@linux.vnet.ibm.com
---
.../qemuxml2argv-pseries-nvram.args|1 +
61 matches
Mail list logo
