hi,all
we can pass value throught xml when start vm. how to adjust the value
dynamicly as needed while vm is running via API calls?
for example , change from
filterref filter='hcount'
parameter name='HC' value='6'/
parameter name='HC' value='10'/
/filterref
to
filterref
On 07.02.2014 09:06, yue wrote:
hi,all
we can pass value throught xml when start vm. how to adjust the value
dynamicly as needed while vm is running via API calls?
for example , change from
filterref filter='hcount'
parameter name='HC' value='6'/
parameter name='HC'
On Thu, Feb 06, 2014 at 01:56:17PM -0700, Eric Blake wrote:
On 02/06/2014 11:09 AM, Christophe Fergeau wrote:
+/* Check if VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_POOL_TYPE seems to
+ * contain all virConnectListAllStoragePoolsFlags elements
+ */
On Thu, Feb 06, 2014 at 06:23:43PM +0100, Jiri Denemark wrote:
On Thu, Feb 06, 2014 at 17:33:14 +0100, Martin Kletzander wrote:
Couple of codepaths shared the same code which can be moved out to a
function and on one of such places, qemuMigrationConfirmPhase(), the
domain was resumed even
On 02/05/14 12:01, Peter Krempa wrote:
Version 2 now adds the as a timer mode instead of the hyperv feature as this
is a timer in fact.
Peter Krempa (3):
schema: Fix guest timer specification schema according to the docs
conf: Enforce supported options for certain timers
qemu: hyperv:
On Fri, 02/07 15:01, Fam Zheng wrote:
I'd like to add persistent dirty bitmap as an idea but I seem to have no
account on wiki, so I'll just reply here, please help with review and update
the page if it makes sense. (Who could create an account for me, BTW?)
Now I've got two because Paolo and
On Thu, Feb 06, 2014 at 04:30:52PM -0700, Eric Blake wrote:
On 02/04/2014 06:51 AM, Daniel P. Berrange wrote:
The maint branches will often have out of date copyright headers
so we must skip the 'sc_copyright_check' rule there.
Is that the only rule, or are there others? But yeah, that's
On Thu, Feb 06, 2014 at 05:57:38PM +0100, Andreas Färber wrote:
[...]
And it's true that we could in fact just instantiate the object for
-device foo,? - it's just that nobody wrote code for that. I didn't do
the original QOM conversion so I don't feel guilty, I don't normally use
-device
On Thu, Feb 06, 2014 at 05:57:38PM +0100, Andreas Färber wrote:
[...]
If there's no relation between a CPU model named, e.g., Haswell and
the one on an Intel Haswell chip any more, then we should give them
artificial names like qemu64; I strongly believe that Haswell
definition in code
Hi all,
I would like to add fault tolerance mechanism.
2014-02-07 11:10 GMT+01:00 Fam Zheng f...@redhat.com:
On Fri, 02/07 15:01, Fam Zheng wrote:
I'd like to add persistent dirty bitmap as an idea but I seem to have no
account on wiki, so I'll just reply here, please help with review and
On Thu, Feb 06, 2014 at 04:30:52PM -0700, Eric Blake wrote:
On 02/04/2014 06:51 AM, Daniel P. Berrange wrote:
The maint branches will often have out of date copyright headers
so we must skip the 'sc_copyright_check' rule there.
Is that the only rule, or are there others? But yeah, that's
Il 07/02/2014 11:16, Eduardo Habkost ha scritto:
You are not alone. I remember we spent lots of time trying to convince
Anthony to allow global properties and compat_props affect dynamic
properties not just static properties, and static properties were a big
deal due to reasons I didn't
Il 07/02/2014 11:41, Giorgio Zoppi ha scritto:
Hi all,
I would like to add fault tolerance mechanism.
I'm assuming you would contribute as a student rather than a mentor,
since I am not familiar with contributions from you to either libvirt or
QEMU.
In that case, do not worry. The page
Il 05/02/2014 12:02, Peter Krempa ha scritto:
Add a new timer for the HyperV reference time counter enlightenment
for Windows guests.
This feature provides a paravirtual approach to track timer events for
the quest (similar to kvmclock).
RTC can be confusing because the same acronym expands
Adding a new backend that makes the chardev available to be backed up
by a port in spice connection (different to spicevmc). This can be
used (as well as other backends) for any chardev libvirt supports.
Apart from spicevmc, spiceport-backed chardev will not be formatted
into the command-line if
From: Joel SIMOES joel.sim...@laposte.net
Libvirt lose sheepdogs volumes on pool refresh or restart.
When restarting sheepdog pool, all volumes are missing.
This patch add automatically all volume from the added pool.
Adding last Daniel P. Berrange's syntaxes correction.
Adding vol on separeted
On 02/05/2014 12:11 PM, Michal Privoznik wrote:
The lack of debug printings might be frustrating in the future.
Moreover, this function doesn't follow the usual pattern we have in the
rest of the code:
int ret = -1;
/* do some work */
ret = 0;
cleanup:
/* some cleanup work */
On 02/05/2014 12:11 PM, Michal Privoznik wrote:
Basically, the idea is copied from domain code, where tainting
exists for a while. Currently, only one taint reason exists -
VIR_NETWORK_TAINT_HOOK to mark those networks which caused invoking
of hook script.
What's missing here is that the
On 02/07/2014 01:42 AM, Michal Privoznik wrote:
filterref filter='hcount'
parameter name='HC' value='16'/
parameter name='HC' value='20'/
/filterref
i do not want to restart or interrupt the running state of vms(via api,
not command line tools).
If you can make the change using the virsh
On 02/05/2014 12:11 PM, Michal Privoznik wrote:
There might be some use cases, where user wants to prepare the host or
its environment prior to starting a network and do some cleanup after
the network has been shut down. Consider all the functionality that
libvirt doesn't currently have as an
On 02/07/14 12:03, Paolo Bonzini wrote:
Il 05/02/2014 12:02, Peter Krempa ha scritto:
Add a new timer for the HyperV reference time counter enlightenment
for Windows guests.
This feature provides a paravirtual approach to track timer events for
the quest (similar to kvmclock).
RTC can be
On Wed, Jan 22, 2014 at 01:33:20AM +0100, Laszlo Ersek wrote:
Signed-off-by: Laszlo Ersek ler...@redhat.com
---
src/conf/domain_conf.c| 21 +
docs/formatdomain.html.in | 9 +
docs/schemas/domaincommon.rng | 10 ++
3 files changed, 40
On Fri, Feb 07, 2014 at 02:58:19PM +0100, Peter Krempa wrote:
On 02/07/14 12:03, Paolo Bonzini wrote:
Il 05/02/2014 12:02, Peter Krempa ha scritto:
Add a new timer for the HyperV reference time counter enlightenment
for Windows guests.
This feature provides a paravirtual approach to
On 02/07/14 15:00, Daniel P. Berrange wrote:
On Wed, Jan 22, 2014 at 01:33:20AM +0100, Laszlo Ersek wrote:
Signed-off-by: Laszlo Ersek ler...@redhat.com
---
src/conf/domain_conf.c| 21 +
docs/formatdomain.html.in | 9 +
docs/schemas/domaincommon.rng
On Fri, Feb 07, 2014 at 03:07:38PM +0100, Laszlo Ersek wrote:
On 02/07/14 15:00, Daniel P. Berrange wrote:
On Wed, Jan 22, 2014 at 01:33:20AM +0100, Laszlo Ersek wrote:
Signed-off-by: Laszlo Ersek ler...@redhat.com
---
src/conf/domain_conf.c| 21 +
See patch 3/3 for changes.
Peter Krempa (3):
schema: Fix guest timer specification schema according to the docs
conf: Enforce supported options for certain timers
qemu: hyperv: Add support for timer enlightenments
docs/formatdomain.html.in | 7 +-
According to the documentation various timer options are only supported
by certain timer types. Add a post parse check to verify that the user
didn't specify invalid options.
Also fix the qemu command line parsing function to set correct default
values for the kvmclock timer so that it passes the
According to the documentation describing various tunables for domain
timers not all the fields are supported by all the driver types. Express
these in the RNG:
- rtc, platform: Only these support the track attribute.
- tsc: only one to support frequency and mode attributes
- hpet, pit:
Add a new timer for the HyperV reference time counter enlightenment
and the iTSC reference page for Windows guests.
This feature provides a paravirtual approach to track timer events for
the guest (similar to kvmclock) with the option to use real hardware
clock on systems with a iTSC with
The LXC disk hotplug code was allowing block or character devices
to be given as disk. A disk is always a block device.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/lxc/lxc_driver.c | 10 +++---
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git
When detaching a USB device from an LXC guest we must remove
the device from the cgroup ACL. Unfortunately we were telling
the cgroup code to use the guest /dev path, not the host /dev
path, and the guest device node had already been unlinked.
This was, however, fortunate since the code passed
This is a followup to Eric's original proposal
https://www.redhat.com/archives/libvir-list/2013-December/msg01242.html
The first 5 patches fix non-security bugs in the LXC hotplug
code. Then there's a couple of helper patches. Finally the
last 6 fix the actual security issue previously
Rewrite lxcDomainAttachDeviceHostdevMisceLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
Add a helper function which takes a file path and ensures
that all directory components leading upto the file exist.
IOW, it strips the filename part of the path and passes
the result to virFileMakePath.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/libvirt_private.syms | 1 +
After hotplugging a USB device, the LXC driver forgot
to add the device def to the virDomainDefPtr.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/lxc/lxc_driver.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index
The check for whether the cgroup devices ACL is available is
done quite late during LXC hotplug - in fact after the device
node is already created in the container in some cases. Better
todo it upfront so we fail immediately.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
Implement virProcessRunInMountNamespace, which runs callback of type
virProcessNamespaceCallback in a container namespace. This uses a
child process to run the callback, since you can't change the mount
namespace of a thread. This implies that callbacks have to be careful
about what code they run
Rewrite multiple hotunplug functions to to use the
virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
From: Eric Blake ebl...@redhat.com
Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and
lxcDomainReboot. Otherwise, a malicious guest could use symlinks
to force the host to manipulate the wrong file in the host's namespace.
Idea by Dan Berrange, based on an initial report by
The LXC code missed the 'usb' component out of the path
/dev/bus/usb/$BUSNUM/$DEVNUM, so it failed to actually
setup cgroups for the device. This was in fact lucky
because the call to virLXCSetupHostUsbDeviceCgroup
was also mistakenly passing 'priv-cgroup' instead of
just 'priv-cgroup'. So once
virDomainDefCompatibleDevice blocks use of USB if no USB
controller is present. This is not correct for containers
since devices can be assigned directly regardless of any
controllers.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/conf/domain_conf.c | 1 +
1 file changed, 1
Rewrite lxcDomainAttachDeviceHostdevSubsysUSBLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
Rewrite lxcDomainAttachDeviceHostdevStorageLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
On 02/07/2014 08:32 AM, Daniel P. Berrange wrote:
virDomainDefCompatibleDevice blocks use of USB if no USB
controller is present. This is not correct for containers
since devices can be assigned directly regardless of any
controllers.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
The LXC code missed the 'usb' component out of the path
/dev/bus/usb/$BUSNUM/$DEVNUM, so it failed to actually
setup cgroups for the device. This was in fact lucky
because the call to virLXCSetupHostUsbDeviceCgroup
was also mistakenly passing
Coverity complains about USE_AFTER_FREE due to how virPCIDeviceSetStubDriver
could return either -1, 0, or 1 from the VIR_STRDUP() and then possibly makes
a call to virPCIDeviceDetach().
The only way this could happen is if NULL were passed as the driver name
and virStrdup() returned 0. Since
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
After hotplugging a USB device, the LXC driver forgot
to add the device def to the virDomainDefPtr.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/lxc/lxc_driver.c | 5 +
1 file changed, 5 insertions(+)
ACK.
diff
On 02/07/2014 09:21 AM, John Ferlan wrote:
Coverity complains about USE_AFTER_FREE due to how virPCIDeviceSetStubDriver
could return either -1, 0, or 1 from the VIR_STRDUP() and then possibly
makes
a call to virPCIDeviceDetach().
The only way this could happen is if NULL were passed as the
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
When detaching a USB device from an LXC guest we must remove
the device from the cgroup ACL. Unfortunately we were telling
the cgroup code to use the guest /dev path, not the host /dev
path, and the guest device node had already been unlinked.
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
The LXC disk hotplug code was allowing block or character devices
to be given as disk. A disk is always a block device.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/lxc/lxc_driver.c | 10 +++---
1 file changed, 3
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
The check for whether the cgroup devices ACL is available is
done quite late during LXC hotplug - in fact after the device
node is already created in the container in some cases. Better
todo it upfront so we fail immediately.
s/todo/to do/
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
Add a helper function which takes a file path and ensures
that all directory components leading upto the file exist.
s/upto/up to/
IOW, it strips the filename part of the path and passes
the result to virFileMakePath.
Signed-off-by: Daniel
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
Implement virProcessRunInMountNamespace, which runs callback of type
virProcessNamespaceCallback in a container namespace. This uses a
child process to run the callback, since you can't change the mount
namespace of a thread. This implies that
On Fri, Feb 07, 2014 at 10:31:03AM -0700, Eric Blake wrote:
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
Implement virProcessRunInMountNamespace, which runs callback of type
virProcessNamespaceCallback in a container namespace. This uses a
child process to run the callback, since you
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
From: Eric Blake ebl...@redhat.com
Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and
lxcDomainReboot. Otherwise, a malicious guest could use symlinks
to force the host to manipulate the wrong file in the host's
The code took into account only the global permissions. The domains now
support per-vm DAC lables and per-image DAC labels. Use the most
specific label available.
---
src/qemu/qemu_domain.c | 35 +--
src/qemu/qemu_domain.h | 1 +
src/qemu/qemu_driver.c | 8
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
Rewrite lxcDomainAttachDeviceDiskLive function to use the
virProcessRunInMountNamespace helper. This avoids risk of
a malicious guest replacing /dev with a absolute symlink,
tricking the driver into changing the host OS filesystem.
On Mon, Jan 27, 2014 at 11:49:45AM -0600, Jamie Strandboge wrote:
On 01/26/2014 03:47 PM, Felix Geyer wrote:
Tested on Debian unstable.
The profile updates are partly taken from the Ubuntu trusty libvirt package.
Thanks for these updates! :) Comments inline.
---
On 02/06/2014 05:36 PM, Pavel Hrdina wrote:
On 6.2.2014 16:48, Eric Blake wrote:
On 02/06/2014 08:18 AM, Pavel Hrdina wrote:
diff --git a/tests/virpcitest.c b/tests/virpcitest.c
index 994b300..8ff3b1d 100644
--- a/tests/virpcitest.c
+++ b/tests/virpcitest.c
@@ -248,6 +248,7 @@
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
Rewrite lxcDomainAttachDeviceHostdevMisceLive function
s/Misce/Misc/
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
Rewrite multiple hotunplug functions to to use the
virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.
Signed-off-by:
On 02/07/14 02:51, Roman Bogorodskiy wrote:
At this point it has a limited functionality and is highly
experimental. Supported domain operations are:
* define * start * destroy * dumpxml * dominfo
Tested this a bit and it works for me. I can define a domain, start,
stop, and ssh into it.
On 02/07/2014 04:37 AM, Martin Kletzander wrote:
Adding a new backend that makes the chardev available to be backed up
by a port in spice connection (different to spicevmc). This can be
used (as well as other backends) for any chardev libvirt supports.
Apart from spicevmc, spiceport-backed
On Fri, Feb 07, 2014 at 08:50:19AM -0700, Eric Blake wrote:
On 02/07/2014 08:32 AM, Daniel P. Berrange wrote:
virDomainDefCompatibleDevice blocks use of USB if no USB
controller is present. This is not correct for containers
since devices can be assigned directly regardless of any
Rewrite lxcDomainAttachDeviceDiskLive function to use the
virProcessRunInMountNamespace helper. This avoids risk of
a malicious guest replacing /dev with a absolute symlink,
tricking the driver into changing the host OS filesystem.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
On 02/07/14 15:10, Daniel P. Berrange wrote:
On Fri, Feb 07, 2014 at 03:07:38PM +0100, Laszlo Ersek wrote:
On 02/07/14 15:00, Daniel P. Berrange wrote:
On Wed, Jan 22, 2014 at 01:33:20AM +0100, Laszlo Ersek wrote:
Signed-off-by: Laszlo Ersek ler...@redhat.com
---
src/conf/domain_conf.c
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
Rewrite lxcDomainAttachDeviceHostdevStorageLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.
On 02/07/2014 07:21 AM, Peter Krempa wrote:
According to the documentation various timer options are only supported
by certain timer types. Add a post parse check to verify that the user
didn't specify invalid options.
Also fix the qemu command line parsing function to set correct default
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
Rewrite lxcDomainAttachDeviceHostdevSubsysUSBLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.
On 02/07/2014 07:21 AM, Peter Krempa wrote:
Add a new timer for the HyperV reference time counter enlightenment
and the iTSC reference page for Windows guests.
This feature provides a paravirtual approach to track timer events for
the guest (similar to kvmclock) with the option to use real
On 02/07/2014 10:53 AM, Peter Krempa wrote:
The code took into account only the global permissions. The domains now
support per-vm DAC lables and per-image DAC labels. Use the most
s/lables/labels/
specific label available.
---
src/qemu/qemu_domain.c | 35
- Original Message -
From: Laine Stump la...@laine.org
To: libvir-list@redhat.com
Cc: Michal Privoznik mpriv...@redhat.com
Sent: Friday, February 7, 2014 1:17:10 PM
Subject: Re: [libvirt] [PATCH v2 3/3] network: Taint networks that are using
hook script
On 02/05/2014 12:11 PM,
On 02/07/2014 07:21 AM, Peter Krempa wrote:
According to the documentation describing various tunables for domain
timers not all the fields are supported by all the driver types. Express
these in the RNG:
- rtc, platform: Only these support the track attribute.
- tsc: only one to support
On 01/27/2014 01:47 AM, Nehal J Wani wrote:
Introduce helper program to catch events from dnsmasq and maintain a custom
lease file per network. It supports dhcpv4 and dhcpv6. The file is saved as
interface-name.status.
Each lease contains the following info:
expiry-time (epoch time) mac
This is the sister command to blockdev-add. In Fam's example he uses
the drive_del HMP command to clean up but when trying to do this via
libvirt it doesn't work. This command seems to be needed in order to
perform proper cleanup.
Signed-off-by: Ian Main im...@redhat.com
---
blockdev.c |
I had run the 2 first checks but not the valgrind check.Sorry for the
memleak, hopefully you catched it. Thanks for your help through the
whole process.
Matt
2014-02-06 Michal Privoznik mpriv...@redhat.com:
On 06.02.2014 15:51, Teto wrote:
These 2 patches should address your points. I've also
hi, all
nwfilter has many rules which depends on mac of vm, but i find the mac address
inside vm is different from mac outside of vm.
outside mac:
vnet0 Link encap:Ethernet HWaddr FE:54:00:71:15:7B ,
inside mac:
eth0 Link encap:Ethernet HWaddr 52:54:00:71:15:7B ,virtio
why?
i am afraid that
Changes from v5:
- Obtain version using uname(3)
- Cleanup driver global objects in StateCleanup instead
of ConnectClose
Changes from v4:
- Set acpi and apic flags based on domain definition
- Add more detailed description about -H and -P flags
of bhyve to justify theirs usage
Roman
At this point it has a limited functionality and is highly
experimental. Supported domain operations are:
* define
* start
* destroy
* dumpxml
* dominfo
It's only possible to have only one disk device and only one
network, which should be of type bridge.
---
configure.ac
David Shane Holden wrote:
On 02/07/14 02:51, Roman Bogorodskiy wrote:
At this point it has a limited functionality and is highly
experimental. Supported domain operations are:
* define * start * destroy * dumpxml * dominfo
Tested this a bit and it works for me. I can define a
This test creates a Fake NUMA topology with non-sequential cell ids
to check if libvirt properly handles the same
Signed-off-by: Shivaprasad G Bhat sb...@linux.vnet.ibm.com
Signed-off-by: Pradipta Kr. Banerjee bpra...@in.ibm.com
---
tests/Makefile.am | 5 ++
tests/vircapstest.c | 129
On some platforms like IBM PowerNV the NUMA node numbers can be
non-sequential. For eg. numactl --hardware o/p from such a machine looks
as given below
node distances:
node 0 1 16 17
0: 10 40 40 40
1: 40 10 40 40
16: 40 40 10 40
17: 40 40 40 10
The NUMA
v2
*Add test case as suggested by Daniel
*Minor change in comments
Pradipta Kr. Banerjee (2):
Handle non-sequential NUMA node numbers
vircapstest: Introduce virCapabilitiesGetCpusForNodemask test
src/conf/capabilities.c | 12 -
src/qemu/qemu_driver.c | 5 +-
src/qemu/qemu_process.c
83 matches
Mail list logo
