On 03.09.2014 18:44, Stefan Hajnoczi wrote:
Hi,
QEMU offers both NBD client and server functionality. The NBD protocol
runs unencrypted, which is a problem when the client and server
communicate over an untrusted network.
This is not problem for NBD only, but for the rest of data that qemu
se
libvirtd crash when defining scsi storage pool
libvirtd crashes when there is an existing SCSI pool defined
with adapter type as 'scsi_host' and defining a new SCSI pool with adapter
type as 'fc_host' and parent attribute missing or vice versa.
For eg If there is an existing SCSI pool with adap
On 09/03/2014 03:28 PM, John Ferlan wrote:
>
> [found this in my "probably should look at this one some day" pile..]
>
> On 06/21/2014 12:57 PM, Pradipta Kr. Banerjee wrote:
>> libvirtd crashes when there is an existing SCSI pool
>> with adapter type as 'scsi_host' and defining a new SCSI pool
On 09/04/2014 09:54 AM, Peter Krempa wrote:
> On 08/31/14 06:02, Eric Blake wrote:
>> qemu treats blockjob bandwidth as a 64-bit number, in the units
>> of bytes/second. But we stupidly modeled block job bandwidth
>> after migration bandwidth, which in turn was an 'unsigned long'
>> and therefore
On 09/04/2014 08:37 PM, ban...@openmailbox.org wrote:
> Hello. I am thinking about using the feature of passing through qemu
> commands via libvirt. Before I do that I want to make sure that it
> doesn't have negative security implications.
Only if the actions you do through the backdoor cause som
Hello. I am thinking about using the feature of passing through qemu
commands via libvirt. Before I do that I want to make sure that it
doesn't have negative security implications.
I understand that talking to qemu-kvm directly via commandline strips
vms from having sVirt protections applied.
Can you please tell me if there is a way to set a guest's screen
resolution via libvirt?
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Thanks Guido,
Your comment is addressed:
https://www.redhat.com/archives/libvir-list/2014-September/msg00284.html.
Best regards,
Hongbin
On Thu, Sep 4, 2014 at 1:42 AM, Guido Günther wrote:
> Hi,
> On Wed, Sep 03, 2014 at 11:07:20PM -0400, Hongbin Lu wrote:
> [..snip..]
> > +
> > +if (vir
This patch adds initial migration support to the OpenVZ driver,
using the VIR_DRV_FEATURE_MIGRATION_PARAMS family of migration
functions.
---
src/openvz/openvz_conf.h |5 +-
src/openvz/openvz_driver.c | 348
src/openvz/openvz_driver.h | 10 ++
On 09/04/2014 09:11 AM, Peter Krempa wrote:
>> modify command. Technically, there is one case where getting
>> block job info can modify domain XML - we do snooping to see if
>> a 2-phase job has transitioned into the second phase, for an
>> optimization in the case of old qemu that lacked an eve
On 09/04/2014 09:53 AM, Peter Krempa wrote:
> On 09/04/14 16:40, Peter Krempa wrote:
>> On 08/31/14 06:02, Eric Blake wrote:
>>> The existing virDomainBlockRebase code rejected the combination of
>>> _RELATIVE and _COPY flags, but only by accident. It makes sense,
>>> at least for the case of _SHA
The Friday 05 Sep 2014 à 00:07:04 (+0200), Wouter Verhelst wrote :
> On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> > The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > > Hi,
> > > QEMU offers both NBD client and server functionality. The NBD protocol
> > >
On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > Hi,
> > QEMU offers both NBD client and server functionality. The NBD protocol
> > runs unencrypted, which is a problem when the client and server
> > communica
[Cc: to nbd-general list added]
On Wed, Sep 03, 2014 at 05:44:17PM +0100, Stefan Hajnoczi wrote:
> Hi,
> QEMU offers both NBD client and server functionality. The NBD protocol
> runs unencrypted, which is a problem when the client and server
> communicate over an untrusted network.
>
> The parti
If we jump to cleanup before allocating the 'result', then the call
to virBlkioDeviceArrayClear will deref result causing a problem.
Signed-off-by: John Ferlan
---
src/qemu/qemu_driver.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/q
Coverity complains that the various checks for autoincrement and changed
variables are DEADCODE - seems to me to be a false positive - so mark it.
Signed-off-by: John Ferlan
---
tests/virstringtest.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/tests/virstringtest.c b/tests/virstring
Since 0766783abbe8bbc9ea686c2c3149f4c0ac139e19
Coverity complains that the EDIT_FREE definition results in DEADCODE.
As it turns out with the change to use the EDIT_FREE macro the call to
vir*Free() wouldn't be necessary nor would it happen...
Prior code to above commitid would :
vir*Ptr foo
If the virJSONValueNewObject() fails, then rather than going to error
and getting a Coverity false positive since it doesn't seem to understand
the relationship between nkeywords, keywords, and values and seems to
believe calling qemuFreeKeywords will cause a NULL deref - just return NULL
Signed-o
Coverity points out that by using EMPTYSTR(type) we are guarding against
the possibility that it could be NULL; however, based on how 'type' was
initialized to NULL, then either "ipv4", "ipv6", or "" - there is no way
it could be NULL. Since "-" is supposed to mean something empty in a
field - rem
Perhaps a false positive, but since Coverity doesn't understand the
relationship between the 'count' and the 'strings', rather than leave
the chance the on input 'strings' is NULL and causes a deref - just
check for it and return
Signed-off-by: John Ferlan
---
src/util/virstring.c | 3 +++
1 fil
If the qemuMigrationEatCookie() fails to set mig, we jump to cleanup:
which will call qemuMigrationCancelDriveMirror() without first checking
if mig == NULL
Signed-off-by: John Ferlan
---
src/qemu/qemu_migration.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qem
If the virNumaGetNodeCPUs() call fails with -1, then jumping to cleanup
with 'cpus == NULL' and calling virCapabilitiesClearHostNUMACellCPUTopology
will cause issues.
Signed-off-by: John Ferlan
---
src/nodeinfo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nodeinfo.c
Adjust the parentheses in/for the waitpid loops; otherwise, Coverity
points out:
(1) Event assignment: Assigning: "waitret" = "waitpid(pid, &status, 0) == -1"
(2) Event between: At condition "waitret == -1", the value of "waitret"
must be between 0 and 1.
(3) Event d
If we jump to cleanup before allocating 'result', then the call to
virBlkioDeviceArrayClear() could dereference result
Signed-off-by: John Ferlan
---
src/lxc/lxc_driver.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index f
The code compares def->forwarders when deciding to return 0 at a
couple of points, then uses "def->nfwds" as a way to index into
the def->forwarders array. That reference results in Coverity
complaining that def->forwarders being NULL was checked as part
of an arithmetic OR operation where failure
Coverity points out that if 'dom' isn't returned from virDomainQemuAttach,
then the code already jumps to cleanup, so there was no need for the
subsequent if (dom != NULL) check.
I moved the error message about failure into the goto cleanup on failure
and then removed the if (dom != NULL)
Signed-
Handle a few places where Coverity complains about the value being
unused. For two of them (Close cases) - the comments above the close
indicate there is no harm to ignore the error - so added an ignore_value.
For the other condition, added an rc check like other callers.
Signed-off-by: John Ferla
In qemuProcessInitPCIAddresses() if qemuMonitorGetAllPCIAddresses()
returns a negative (or zero) value, then no need to call the
qemuProcessDetectPCIAddresses().
Signed-off-by: John Ferlan
---
src/qemu/qemu_process.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/qe
Since 98b9acf5aa02551dd37d0209339aba2e22e4004a
This ends up being a false positive for two reasons...
expected to be already allocated and thus is passed by value; whereas,
the call into remoteDomainGetJobStats() 'params' is passed by reference.
Thus if the VIR_ALLOC is done there is no way for i
If the VIR_STRDUP(exptime,...) fails, then we will jump to cleanup,
no need to check if exptime is set which causes Coverity to issue
a complaint in the virStrToLong_ll call because there wasn't a check
for a NULL value while there was one for the reference right after
the VIR_STRDUP().
Signed-off
With all the changes in my previous foray into this code, I forgot to
remove the libxlDomainEventQueue(driver, event); call inside the
dom == NULL condition.
Signed-off-by: John Ferlan
---
src/libxl/libxl_migration.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/libxl/libxl_migration.c
Add another 'dead_code_begin' - victims of our own coding practices
Signed-off-by: John Ferlan
---
src/qemu/qemu_command.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 1ca98fb..6bba4a4 100644
--- a/src/qemu/qemu_command.c
+++ b/src/q
Coverity complains that when multiplying to 32 bit values that eventually
will be stored in a 64 bit value that it's possible the math could
overflow unless one of the values being multiplied is type cast to
the proper size.
Signed-off-by: John Ferlan
---
src/storage/storage_backend_disk.c | 2 +
Coverity notes that if virDomainGetCPUStats returns a negative value
into 'nparams' then when we end up at cleanup, the call to virTypedParams
will have issues
Signed-off-by: John Ferlan
---
tools/virsh-domain.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/virsh-domain.c b/tools/vir
In qemuDomainSetBlkioParameters(), Coverity points out that the calls
to qemuDomainParseBlkioDeviceStr() are slightly different and points
out there may be a cut-n-paste error.
In the first call (AFFECT_LIVE), the second parameter is "param->field";
however, for the second call (AFFECT_CONFIG), th
Coverity notes that if the call to virBitmapParse() returns a negative
value, then when we jump to the error label, the call to
virCapabilitiesClearHostNUMACellCPUTopology() will have issues
with the negative nb_cpus
Signed-off-by: John Ferlan
---
src/xen/xend_internal.c | 3 ++-
1 file changed,
Coverity notes that if the virConnectListAllDomains returns a negative
value then the loop at the cleanup label that ends on numDomains will
have issues.
Signed-off-by: John Ferlan
---
src/qemu/qemu_driver.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qem
Coverity notes that if qemuMonitorGetMachines() returns a negative
nmachines value, then the code at the cleanup label will have issues.
Signed-off-by: John Ferlan
---
src/qemu/qemu_capabilities.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/
Since cd4d547576a4f0371d1d4d4e0ca6db124c5ba257
Coverity notes that setting 'ret = -3' prior to the unconditional
setting of 'ret = 0' will cause the value to be UNUSED.
Since the comment indicates that it is expect to allow the code
to continue, just remove the ret = -3 setting.
Signed-off-by: J
Coverity complains that checking for !domlist after setting doms = domlist
and making a deref of doms just above
It seems the call in question was intended to me made in the case that
'doms' was passed in and not when the virDomainObjListExport() call
allocated domlist and already called virConnec
Sorry for the large dump, but before I got too involved in other things
I figured I'd go through the list of the remaining 68 Coverity issues
from the new version in order to reduce the pile. Many are benign, some
seemingly false positives, and I think most are error paths. The one
non error path t
ethernet interfaces in libvirt currently do not support bandwidth setting.
For example, following xml file for an interface will not apply these
settings to corresponding qdiscs.
-
This patch fixes the behavior. Please
On 09/04/2014 03:39 AM, Peter Krempa wrote:
> On 09/04/14 01:17, Eric Blake wrote:
>> Now that hanging brace offenders have been fixed, we can automate
>> the check, and document our style. Done as a separate commit from
>> code changes, to make it easier to just backport code changes, if
>> that
On 09/04/2014 03:24 AM, Michal Privoznik wrote:
> This commit is rather big. Firstly, the in memory config
> representation is adjusted like if security_driver was set to "none".
s/like/as/
> The rest is then just adaptation to the new code that will generate
> different seclabels.
>
> Signed-of
On 09/04/2014 03:24 AM, Michal Privoznik wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1027096#c8
>
> There are two ways in which security model can make it way into
> . One is as the @model attribute, the second one is
> via security_driver knob in qemu.conf. Then, while parsing
> several
On 09/04/2014 06:41 AM, Peter Krempa wrote:
> On 09/03/14 23:25, Eric Blake wrote:
>> I'm about to add a syntax check that enforces our documented
>> HACKING style of always using matching {} on if-else statements.
>>
>> @@ -873,9 +873,7 @@ esxVI_Type_FromString(const char *type)
>>
>> #include "
On 09/04/2014 09:55 AM, Nehal J Wani wrote:
> On Thu, Sep 4, 2014 at 8:32 PM, Eric Blake wrote:
>> Commit 28de556 fixed some doubled semicolons, but failed to
>> add a syntax check, and thereby missed another instance. This
>> finishes the job (and also found an instance in gnulib, prior
>> to the
On 09/04/2014 09:39 AM, Peter Krempa wrote:
> On 08/31/14 06:02, Eric Blake wrote:
>> Another layer of overly-multiplexed code that deserves to be
>> split into obviously separate paths for query vs. modify.
>> This continues the cleanup started in the previous patch.
>>
>> In the process, make som
On 08/20/2014 09:00 AM, Wang Rui wrote:
> Domain's clock xml is as below.
>
>
> If the guest modifies its RTC, libvirt will hanlde the time offset
> and save the active status in qemuProcessHandleRTCChange(). However,
> libvirt won't save the persistent config. So next time when vm is
> restarted(
On 08/31/14 06:02, Eric Blake wrote:
> The current output of 'blockjob [--info]' is a single line
> designed for human consumption; it's not very nice for machine
> parsing. Furthermore, I have plans to modify the line in
> response to the new flag for controlling bandwidth units.
> Solve that by
On 08/31/14 06:02, Eric Blake wrote:
> I have plans to make future enhancements to the job list mode,
> which will be easier to do if the common blockJobImpl function
> is not mixing a query command with multiple modify commands.
> Besides, it just feels weird that all callers to blockJobImpl
> had
On 08/31/14 06:02, Eric Blake wrote:
> While reviewing the new virDomainBlockCopy API, Peter Krempa
> pointed out that our existing design of using MiB/s for block
> job bandwidth is rather coarse, especially since qemu tracks
> it in bytes/s; so virDomainBlockCopy only accepts bytes/s.
> But once
On 09/04/2014 10:34 AM, Daniel P. Berrange wrote:
On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
Hi,
QEMU offers both NBD client and server functionality. The NBD protocol
runs unencrypted, which is a proble
On 08/31/14 06:02, Eric Blake wrote:
> qemu treats blockjob bandwidth as a 64-bit number, in the units
> of bytes/second. But we stupidly modeled block job bandwidth
> after migration bandwidth, which in turn was an 'unsigned long'
> and therefore subject to 32-bit vs. 64-bit interpretations, and
On Thu, Sep 4, 2014 at 8:32 PM, Eric Blake wrote:
> Commit 28de556 fixed some doubled semicolons, but failed to
> add a syntax check, and thereby missed another instance. This
> finishes the job (and also found an instance in gnulib, prior
> to the previous patch's submodule update).
>
> * cfg.mk
On 09/04/14 16:40, Peter Krempa wrote:
> On 08/31/14 06:02, Eric Blake wrote:
>> The existing virDomainBlockRebase code rejected the combination of
>> _RELATIVE and _COPY flags, but only by accident. It makes sense,
>> at least for the case of _SHALLOW and not _REUSE_EXT, but to
>> implement it, l
On Thu, Sep 04, 2014 at 05:04:06PM +0200, Benoît Canet wrote:
> The Thursday 04 Sep 2014 à 15:34:59 (+0100), Daniel P. Berrange wrote :
> > On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> > > The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > > > Hi,
> > > > Q
On 08/31/14 06:02, Eric Blake wrote:
> Another layer of overly-multiplexed code that deserves to be
> split into obviously separate paths for query vs. modify.
> This continues the cleanup started in the previous patch.
>
> In the process, make some tweaks to simplify the logic when
> parsing the
On 08/31/14 06:02, Eric Blake wrote:
> The qemu implementation for virDomainGetBlockJobInfo() has a
> minor bug: it grabs the qemu job with intent to QEMU_JOB_MODIFY,
> which means it cannot be run in parallel with any other
> domain-modifying command. Among others, virDomainBlockJobAbort()
> is s
- Original Message -
> From: "Francesco Romani"
> To: libvir-list@redhat.com
> Sent: Wednesday, September 3, 2014 8:41:13 AM
> Subject: Re: [libvirt] [PATCH 01/11] qemu: extract helper to get the current
> balloon
[...]
> > > +
> > > + cleanup:
> > > +if (vm)
> > > +virObjec
The Thursday 04 Sep 2014 à 15:34:59 (+0100), Daniel P. Berrange wrote :
> On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> > The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > > Hi,
> > > QEMU offers both NBD client and server functionality. The NBD protocol
>
Commit 28de556 fixed some doubled semicolons, but failed to
add a syntax check, and thereby missed another instance. This
finishes the job (and also found an instance in gnulib, prior
to the previous patch's submodule update).
* cfg.mk (sc_prohibit_double_semicolon): New rule.
* src/xenconfig/xen_
The usual portability fixes; and this includes a fix that will
avoid a false positive in a future syntax check.
* .gnulib: Update to latest.
Signed-off-by: Eric Blake
---
Hmm, I need to test with gcc 4.9 before pushing this patch; it
passed on Fedora 20 with gcc 4.8.3, but with new warnings bei
As long as I'm on a syntax-check binge, finish off a task I
started several weeks ago.
Eric Blake (2):
maint: update to latest gnulib
maint: syntax check for double semicolons
.gnulib| 2 +-
cfg.mk | 8
src/xenconfig/xen_common.c | 2 +-
3 fil
On 09/04/2014 05:26 AM, Peter Krempa wrote:
> On 09/03/14 23:25, Eric Blake wrote:
>> Done as a separate commit in case earlier cleanups are backported
>> independently.
>>
>> * cfg.mk (sc_require_space_before_label): New rule.
>>
>> Signed-off-by: Eric Blake
>> ---
>> cfg.mk | 7 +++
>> 1 fi
On 08/31/14 06:02, Eric Blake wrote:
> The existing virDomainBlockRebase code rejected the combination of
> _RELATIVE and _COPY flags, but only by accident. It makes sense,
> at least for the case of _SHALLOW and not _REUSE_EXT, but to
> implement it, libvirt would have to pre-create the file with
On 09/04/2014 03:58 AM, Chen, Hanxiao wrote:
>>> The kernel sets up $HOME for the init process.
>>> Therefore any init can assume that $HOME is set.
>>> libvirt currently violates that implicit rule.
>>
>> Ah ok, that makese sense then. ACK
>
> Could anyone help to push this patch
> according to
On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > Hi,
> > QEMU offers both NBD client and server functionality. The NBD protocol
> > runs unencrypted, which is a problem when the client and server
> > communica
The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> Hi,
> QEMU offers both NBD client and server functionality. The NBD protocol
> runs unencrypted, which is a problem when the client and server
> communicate over an untrusted network.
>
> The particular use case that prompted
On 09/01/14 16:57, Jiri Denemark wrote:
> On Sat, Aug 30, 2014 at 22:02:19 -0600, Eric Blake wrote:
>> While qemu definitely caps granularity to 64 MiB, it places no
>> limits on buf-size. On a machine beefy enough for lots of
>> memory, a buf-size larger than 2 GiB is feasible, so we should
>> pa
On 22.08.2014 19:48, Dmitry Guryanov wrote:
> Executing prlctl command is not an optimal way to interact with
> Parallels Cloud Server (PCS), it's better to use parallels SDK,
> which is a remote API to paralles dispatcher service.
>
> We prepared opensource version of this SDK and published it on
On 22.08.2014 19:48, Dmitry Guryanov wrote:
Add files parallels_sdk.c and parallels_sdk.h for code
which works with SDK, so libvirt's code will not mix with
dealing with parallels SDK.
To use Parallels SDK you must first call PrlApi_InitEx function,
and then you will be able to connect to a serv
It was resent in here
https://www.redhat.com/archives/libvir-list/2014-September/msg00179.html.
Best regards,
Hongbin
On Thu, Sep 4, 2014 at 7:56 AM, Michal Privoznik
wrote:
> On 03.09.2014 14:41, Hongbin Lu wrote:
>
>> Resent the email below. Thanks.
>>
>
> This is rather unusual way of sendi
On 09/03/14 23:25, Eric Blake wrote:
> I'm about to add a syntax check that enforces our documented
> HACKING style of always using matching {} on if-else statements.
>
> This patch focuses on all remaining problems, where there weren't
> enough issues to warrant splitting it further.
>
> * src/r
On 03.09.2014 21:53, Jamie Strandboge wrote:
On 09/03/2014 02:52 PM, Felix Geyer wrote:
libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
and thus running a qemu guest fails.
Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.
---
examples/apparmor/libvirt-
On 09/03/14 23:25, Eric Blake wrote:
> I'm about to add a syntax check that enforces our documented
> HACKING style of always using matching {} on if-else statements.
>
> This patch focuses on drivers that had several issues.
>
> * src/lxc/lxc_fuse.c (lxcProcGetattr, lxcProcReadMeminfo): Correct
On 09/03/14 23:25, Eric Blake wrote:
> I'm about to add a syntax check that enforces our documented
> HACKING style of always using matching {} on if-else statements.
>
> This patch focuses on code related to xen.
>
> * src/libxl/libxl_conf.c (libxlCapsInitGuests)
> (libxlMakeDomBuildInfo): Corre
On 09/03/14 23:25, Eric Blake wrote:
> I'm about to add a syntax check that enforces our documented
> HACKING style of always using matching {} on if-else statements.
>
> This commit focuses on the qemu driver.
>
> * src/qemu/qemu_command.c (qemuParseISCSIString)
> (qemuParseCommandLineDisk, qemu
On 03.09.2014 14:41, Hongbin Lu wrote:
Resent the email below. Thanks.
This is rather unusual way of sending patches. 'git send-email' is the
best way:
http://libvirt.org/hacking.html#patches
Michal
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinf
On 09/03/14 23:25, Eric Blake wrote:
> I'm about to add a syntax check that enforces our documented
> HACKING style of always using matching {} on if-else statements.
>
> This patch focuses on code shared between multiple drivers.
>
> * src/conf/domain_conf.c (virDomainFSDefParseXML)
> (virSysinf
On 09/03/14 23:25, Eric Blake wrote:
> Done as a separate commit in case earlier cleanups are backported
> independently.
>
> * cfg.mk (sc_require_space_before_label): New rule.
>
> Signed-off-by: Eric Blake
> ---
> cfg.mk | 7 +++
> 1 file changed, 7 insertions(+)
Doesn't apply cleanly if
On 09/04/2014 01:51 AM, John Ferlan wrote:
>
>
> On 08/28/2014 02:38 PM, Pavel Hrdina wrote:
>> Signed-off-by: Pavel Hrdina
>> ---
>> src/qemu/qemu_cgroup.c | 6 ++
>> src/qemu/qemu_driver.c | 27 +++
>> 2 files changed, 33 insertions(+)
>>
>> diff --git a/src/qemu/
On 09/04/2014 05:28 AM, Eric Blake wrote:
> On 08/28/2014 12:38 PM, Pavel Hrdina wrote:
>> Signed-off-by: Pavel Hrdina
>> ---
>
>> @@ -395,6 +405,10 @@ static virNetClientProgramEvent remoteEvents[] = {
>>remoteDomainBuildEventDeviceRemoved,
>>sizeof(remote_domain_event_device_rem
On 09/04/2014 01:49 AM, John Ferlan wrote:
>
>
> On 08/28/2014 02:38 PM, Pavel Hrdina wrote:
>> Signed-off-by: Pavel Hrdina
>> ---
>> daemon/remote.c | 87 +++
>> include/libvirt/libvirt.h.in | 62 ++
>> src/conf/domain_event.c
"Daniel P. Berrange" writes:
> ACK
thanks, pushed both patches.
Regards,
Giuseppe
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
> -Original Message-
> On Tue, Aug 12, 2014 at 11:21:41AM +0200, Richard Weinberger wrote:
> > On Mon, Aug 11, 2014 at 11:13 AM, Daniel P. Berrange
> > wrote:
> > > On Tue, Aug 05, 2014 at 02:40:53AM +, chenhanx...@cn.fujitsu.com
> > > wrote:
> > >> ping
> > >>
> > >> > -Origina
On Thu, Sep 04, 2014 at 11:44:18AM +0200, Giuseppe Scrivano wrote:
> Signed-off-by: Giuseppe Scrivano
> ---
> tests/virnettlscontexttest.c | 2 ++
> tests/virnettlssessiontest.c | 2 ++
> 2 files changed, 4 insertions(+)
>
> diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.
Signed-off-by: Giuseppe Scrivano
---
tests/virnettlscontexttest.c | 2 ++
tests/virnettlssessiontest.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
index 51a0369..a3e24a3 100644
--- a/tests/virnettlscontexttest.c
+++ b/tests/vi
On 09/04/14 01:17, Eric Blake wrote:
> Now that hanging brace offenders have been fixed, we can automate
> the check, and document our style. Done as a separate commit from
> code changes, to make it easier to just backport code changes, if
> that is ever needed.
>
> * cfg.mk (sc_curly_braces_sty
https://bugzilla.redhat.com/show_bug.cgi?id=1027096#c8
There are two ways in which security model can make it way into
. One is as the @model attribute, the second one is
via security_driver knob in qemu.conf. Then, while parsing
several checks and fix ups of old, stale combinations
are performed
*** BLURB HERE ***
Michal Privoznik (2):
conf: Fix even implicit labels
tests: Add test cases for previous commit
src/conf/domain_conf.c | 7 +++
.../qemuhotplug-hotplug-base+disk-scsi.xml | 2 +-
.../qemuhotplug-hotplug-base+disk-usb.xml | 2 +
This commit is rather big. Firstly, the in memory config
representation is adjusted like if security_driver was set to "none".
The rest is then just adaptation to the new code that will generate
different seclabels.
Signed-off-by: Michal Privoznik
---
.../qemuhotplug-hotplug-base+disk-scsi.xml
On 09/04/14 01:17, Eric Blake wrote:
> Our style overwhelmingly uses hanging braces (the open brace
> hangs at the end of the compound condition, rather than on
> its own line), with the primary exception of the top level function
> body. Fix the few remaining outliers, before adding a syntax
> ch
On Wed, Sep 3, 2014 at 9:45 PM, Michal Privoznik wrote:
> On 10.06.2014 13:42, Shivaprasad G Bhat wrote:
>>
>> The problem is libvirt kills the guests during libvirt restart if more
>> than
>> guest has security type as none. This is because, libvirt as part of
>> guest-
>> reconnect tries to rese
For security type='none' libvirt according to the docs should not generate
seclabel be it for selinux or any model. So, skip the reservation of labels
when type is none.
Signed-off-by: Shivaprasad G Bhat
---
src/security/security_selinux.c |4 +++-
1 file changed, 3 insertions(+), 1 deleti
On 09/04/2014 01:42 AM, John Ferlan wrote:
>
>
> On 08/28/2014 02:38 PM, Pavel Hrdina wrote:
>> Signed-off-by: Pavel Hrdina
>> ---
>> src/conf/domain_conf.h | 27 ---
>> 1 file changed, 16 insertions(+), 11 deletions(-)
>>
>
> ACK (although I'm guessing the new iothrea
"Daniel P. Berrange" writes:
> On Thu, Sep 04, 2014 at 10:33:37AM +0200, Giuseppe Scrivano wrote:
>> When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
>> specified as the prime's number of bits, a bigger value works in both
>> cases.
>>
>> Signed-off-by: Giuseppe Scrivano
>>
On Thu, Sep 04, 2014 at 10:33:37AM +0200, Giuseppe Scrivano wrote:
> When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
> specified as the prime's number of bits, a bigger value works in both
> cases.
>
> Signed-off-by: Giuseppe Scrivano
> ---
>
> with the development version
When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
specified as the prime's number of bits, a bigger value works in both
cases.
Signed-off-by: Giuseppe Scrivano
---
with the development version of GNU TLS is possible to test FIPS mode
setting the env variable GNUTLS_FORCE_FIPS
From: Yue Wenyuan
Implement the lxc driver method for virDomainGetEmulatorPinInfo
to get container's cpuset.
Signed-off-by: Wang Rui
Signed-off-by: Yue Wenyuan
---
src/lxc/lxc_driver.c | 75
1 file changed, 75 insertions(+)
diff --git a/sr
1 - 100 of 105 matches
Mail list logo
