2015-08-10 13:39:33 +03:00
daemon/admin.c
2016-04-09 21:02:49 +03:00
daemon/admin_dispatch.h
2015-11-23 14:41:32 +03:00
daemon/admin_server.c
2016-04-09 21:02:49 +03:00
daemon/libvirtd-config.c
2016-04-10 19:58:53 +03:00
daemon/libvirtd.c
2011-05-05 20:31:58 +04:00
daemon/qemu_dispatch.h
2009-09-16 20:26:27 +04:00
daemon/remote.c
2011-06-28 23:38:27 +04:00
daemon/remote_dispatch.h
2009-08-24 23:53:48 +04:00
daemon/stream.c
2011-05-04 18:18:06 +04:00
gnulib/lib/gai_strerror.c
2012-04-04 14:56:04 +04:00
gnulib/lib/regcomp.c
2012-01-23 19:12:57 +04:00
src/access/viraccessdriverpolkit.c
2012-01-20 22:02:55 +04:00
src/access/viraccessmanager.c
2014-02-18 14:08:10 +04:00
src/bhyve/bhyve_command.c
2014-04-12 23:37:53 +04:00
src/bhyve/bhyve_device.c
2014-02-18 14:08:10 +04:00
src/bhyve/bhyve_driver.c
2014-11-14 19:03:30 +03:00
src/bhyve/bhyve_monitor.c
2014-02-18 14:08:10 +04:00
src/bhyve/bhyve_process.c
2013-07-18 13:21:48 +04:00
src/conf/capabilities.c
2009-12-18 16:50:04 +03:00
src/conf/cpu_conf.c
2012-08-16 19:41:06 +04:00
src/conf/device_conf.c
2014-05-13 20:10:40 +04:00
src/conf/domain_addr.c
2014-06-25 15:24:53 +04:00
src/conf/domain_capabilities.c
2009-09-16 20:26:27 +04:00
src/conf/domain_conf.c
2010-01-13 21:11:33 +03:00
src/conf/domain_event.c
2009-09-16 20:26:27 +04:00
src/conf/interface_conf.c
Split src/util/network.{c,h} into 5 pieces
The src/util/network.c file is a dumping ground for many different
APIs. Split it up into 5 pieces, along functional lines
- src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
- src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
- src/util/virsocketaddr.c: virSocketAddr and APIs
- src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
for virNetDevBandwidth
- src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
for virNetDevVPortProfile
* src/util/network.c, src/util/network.h: Split into 5 pieces
* src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
* daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
src/conf/domain_conf.h, src/conf/network_conf.c,
src/conf/network_conf.h, src/conf/nwfilter_conf.h,
src/esx/esx_util.h, src/network/bridge_driver.c,
src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
src/util/virnetdev.h, src/util/virnetdevtap.c,
tools/virsh.c: Update include files
2011-11-02 19:40:08 +04:00
src/conf/netdev_bandwidth_conf.c
2012-08-12 11:51:30 +04:00
src/conf/netdev_vlan_conf.c
Split src/util/network.{c,h} into 5 pieces
The src/util/network.c file is a dumping ground for many different
APIs. Split it up into 5 pieces, along functional lines
- src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
- src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
- src/util/virsocketaddr.c: virSocketAddr and APIs
- src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
for virNetDevBandwidth
- src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
for virNetDevVPortProfile
* src/util/network.c, src/util/network.h: Split into 5 pieces
* src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
* daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
src/conf/domain_conf.h, src/conf/network_conf.c,
src/conf/network_conf.h, src/conf/nwfilter_conf.h,
src/esx/esx_util.h, src/network/bridge_driver.c,
src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
src/util/virnetdev.h, src/util/virnetdevtap.c,
tools/virsh.c: Update include files
2011-11-02 19:40:08 +04:00
src/conf/netdev_vport_profile_conf.c
2016-04-09 21:02:49 +03:00
src/conf/network_conf.c
2016-04-10 19:58:53 +03:00
src/conf/networkcommon_conf.c
2009-09-16 20:26:27 +04:00
src/conf/node_device_conf.c
2015-02-11 12:08:35 +03:00
src/conf/numa_conf.c
2010-03-25 20:46:07 +03:00
src/conf/nwfilter_conf.c
src/conf/nwfilter_params.c
2013-11-26 18:10:15 +04:00
src/conf/object_event.c
2009-09-16 20:26:27 +04:00
src/conf/secret_conf.c
2012-08-14 04:09:12 +04:00
src/conf/snapshot_conf.c
2009-09-16 20:26:27 +04:00
src/conf/storage_conf.c
2013-01-02 19:38:51 +04:00
src/conf/virchrdev.c
2015-07-17 12:11:23 +03:00
src/conf/virdomainobjlist.c
2016-04-19 23:05:38 +03:00
src/conf/virsecretobj.c
Adds CPU selection infrastructure
Each driver supporting CPU selection must fill in host CPU capabilities.
When filling them, drivers for hypervisors running on the same node as
libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
such as VMware, need to implement their own way of getting such data.
Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
When implementing virConnectCompareCPU(), a hypervisor driver can just
call cpuCompareXML() function with host CPU capabilities.
For each guest for which a driver supports selecting CPU models, it must
set the appropriate feature in guest's capabilities:
virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
Actions needed when a domain is being created depend on whether the
hypervisor understands raw CPU data (currently CPUID for i686, x86_64
architectures) or symbolic names has to be used.
Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
- convert guest CPU configuration from domain's XML into a set of raw
data structures each representing one of the feature policies:
cpuEncode(conn, architecture, guest_cpu_config,
&forced_data, &required_data, &optional_data,
&disabled_data, &forbidden_data)
- create a mask or whatever the hypervisor expects to see and pass it
to the hypervisor
Typical use by hypervisors with symbolic model names (such as QEMU):
- get raw CPU data for a computed guest CPU:
cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
- decode raw data into virCPUDefPtr with a possible restriction on
allowed model names:
cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
- pass guest->model and guest->features to the hypervisor
* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
* configure.in: check for CPUID instruction
* src/Makefile.am: glue the new files in
* src/libvirt_private.syms: add new private symbols
* po/POTFILES.in: add new cpu files containing translatable strings
2009-12-18 18:02:11 +03:00
src/cpu/cpu.c
2010-02-11 18:27:14 +03:00
src/cpu/cpu_generic.c
Adds CPU selection infrastructure
Each driver supporting CPU selection must fill in host CPU capabilities.
When filling them, drivers for hypervisors running on the same node as
libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
such as VMware, need to implement their own way of getting such data.
Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
When implementing virConnectCompareCPU(), a hypervisor driver can just
call cpuCompareXML() function with host CPU capabilities.
For each guest for which a driver supports selecting CPU models, it must
set the appropriate feature in guest's capabilities:
virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
Actions needed when a domain is being created depend on whether the
hypervisor understands raw CPU data (currently CPUID for i686, x86_64
architectures) or symbolic names has to be used.
Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
- convert guest CPU configuration from domain's XML into a set of raw
data structures each representing one of the feature policies:
cpuEncode(conn, architecture, guest_cpu_config,
&forced_data, &required_data, &optional_data,
&disabled_data, &forbidden_data)
- create a mask or whatever the hypervisor expects to see and pass it
to the hypervisor
Typical use by hypervisors with symbolic model names (such as QEMU):
- get raw CPU data for a computed guest CPU:
cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
- decode raw data into virCPUDefPtr with a possible restriction on
allowed model names:
cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
- pass guest->model and guest->features to the hypervisor
* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
* configure.in: check for CPUID instruction
* src/Makefile.am: glue the new files in
* src/libvirt_private.syms: add new private symbols
* po/POTFILES.in: add new cpu files containing translatable strings
2009-12-18 18:02:11 +03:00
src/cpu/cpu_map.c
2015-07-20 15:17:52 +03:00
src/cpu/cpu_ppc64.c
Adds CPU selection infrastructure
Each driver supporting CPU selection must fill in host CPU capabilities.
When filling them, drivers for hypervisors running on the same node as
libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
such as VMware, need to implement their own way of getting such data.
Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
When implementing virConnectCompareCPU(), a hypervisor driver can just
call cpuCompareXML() function with host CPU capabilities.
For each guest for which a driver supports selecting CPU models, it must
set the appropriate feature in guest's capabilities:
virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
Actions needed when a domain is being created depend on whether the
hypervisor understands raw CPU data (currently CPUID for i686, x86_64
architectures) or symbolic names has to be used.
Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
- convert guest CPU configuration from domain's XML into a set of raw
data structures each representing one of the feature policies:
cpuEncode(conn, architecture, guest_cpu_config,
&forced_data, &required_data, &optional_data,
&disabled_data, &forbidden_data)
- create a mask or whatever the hypervisor expects to see and pass it
to the hypervisor
Typical use by hypervisors with symbolic model names (such as QEMU):
- get raw CPU data for a computed guest CPU:
cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
- decode raw data into virCPUDefPtr with a possible restriction on
allowed model names:
cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
- pass guest->model and guest->features to the hypervisor
* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
* configure.in: check for CPUID instruction
* src/Makefile.am: glue the new files in
* src/libvirt_private.syms: add new private symbols
* po/POTFILES.in: add new cpu files containing translatable strings
2009-12-18 18:02:11 +03:00
src/cpu/cpu_x86.c
2010-05-20 10:59:01 +04:00
src/driver.c
2010-04-02 23:34:31 +04:00
src/esx/esx_driver.c
2012-08-06 00:11:50 +04:00
src/esx/esx_network_driver.c
2012-11-10 11:18:08 +04:00
src/esx/esx_storage_backend_iscsi.c
2012-11-10 11:18:07 +04:00
src/esx/esx_storage_backend_vmfs.c
2010-05-18 20:11:59 +04:00
src/esx/esx_storage_driver.c
2014-03-30 22:37:00 +04:00
src/esx/esx_stream.c
2010-04-02 23:34:31 +04:00
src/esx/esx_util.c
src/esx/esx_vi.c
src/esx/esx_vi_methods.c
src/esx/esx_vi_types.c
2010-09-22 22:32:21 +04:00
src/fdstream.c
2011-07-13 18:47:01 +04:00
src/hyperv/hyperv_driver.c
2011-07-13 19:16:47 +04:00
src/hyperv/hyperv_util.c
2011-07-13 19:05:19 +04:00
src/hyperv/hyperv_wmi.c
2012-09-18 05:27:06 +04:00
src/interface/interface_backend_netcf.c
2012-10-06 23:20:25 +04:00
src/interface/interface_backend_udev.c
2010-04-16 21:21:10 +04:00
src/internal.h
2015-04-15 17:16:24 +03:00
src/libvirt-admin.c
2014-10-22 19:29:09 +04:00
src/libvirt-domain-snapshot.c
2016-04-10 19:58:53 +03:00
src/libvirt-domain.c
2014-10-22 19:29:09 +04:00
src/libvirt-host.c
2013-03-12 21:24:01 +04:00
src/libvirt-lxc.c
2014-10-22 19:29:09 +04:00
src/libvirt-network.c
2014-10-22 19:29:09 +04:00
src/libvirt-nwfilter.c
2016-04-09 21:02:49 +03:00
src/libvirt-qemu.c
2014-10-22 19:29:09 +04:00
src/libvirt-secret.c
2014-10-22 19:29:09 +04:00
src/libvirt-storage.c
2014-10-22 19:29:09 +04:00
src/libvirt-stream.c
2016-04-10 19:58:53 +03:00
src/libvirt.c
2016-04-09 21:02:49 +03:00
src/libxl/libxl_conf.c
src/libxl/libxl_domain.c
src/libxl/libxl_driver.c
src/libxl/libxl_migration.c
2012-08-02 23:06:50 +04:00
src/locking/lock_daemon.c
src/locking/lock_daemon_config.c
2012-08-03 13:27:07 +04:00
src/locking/lock_daemon_dispatch.c
2011-07-06 20:30:08 +04:00
src/locking/lock_driver_lockd.c
2011-01-18 21:37:45 +03:00
src/locking/lock_driver_sanlock.c
2010-09-13 17:02:58 +04:00
src/locking/lock_manager.c
2012-09-18 15:41:26 +04:00
src/locking/sanlock_helper.c
2015-02-09 19:35:05 +03:00
src/logging/log_daemon.c
src/logging/log_daemon_config.c
2015-11-03 14:01:21 +03:00
src/logging/log_daemon_dispatch.c
src/logging/log_handler.c
2015-11-03 14:09:25 +03:00
src/logging/log_manager.c
2012-07-13 15:21:27 +04:00
src/lxc/lxc_cgroup.c
2010-05-25 18:33:51 +04:00
src/lxc/lxc_conf.c
2016-04-09 21:02:49 +03:00
src/lxc/lxc_container.c
2009-09-16 20:26:27 +04:00
src/lxc/lxc_controller.c
2015-08-20 16:46:17 +03:00
src/lxc/lxc_domain.c
2009-09-16 20:26:27 +04:00
src/lxc/lxc_driver.c
2016-04-09 21:02:49 +03:00
src/lxc/lxc_fuse.c
src/lxc/lxc_hostdev.c
src/lxc/lxc_native.c
2012-07-13 15:39:29 +04:00
src/lxc/lxc_process.c
2009-09-16 20:26:27 +04:00
src/network/bridge_driver.c
2013-07-24 16:22:54 +04:00
src/network/bridge_driver_linux.c
Add helper program to create custom leases
Introduce helper program to catch events from dnsmasq and maintain a custom
lease file per network. It supports dhcpv4 and dhcpv6. The file is saved as
"<interface-name>.status".
Each lease contains the following info:
<expiry-time (epoch time)> <mac> <iaid> <ip-address> <hostname> <clientid>
Example of custom leases file content:
[
{
"iaid": "1221229",
"ip-address": "2001:db8:ca2:2:1::95",
"mac-address": "52:54:00:12:a2:6d",
"hostname": "Fedora20",
"client-id": "00:04:1a:c1:d9:6b:5a:0a:e2:bc:f8:4b:1e:37:2e:38:22:55",
"expiry-time": 1393244216
},
{
"ip-address": "192.168.150.208",
"mac-address": "52:54:00:11:56:b3",
"hostname": "Wani-PC",
"client-id": "01:52:54:00:11:56:b3",
"expiry-time": 1393244248
}
]
src/Makefile.am:
* Add options to compile the helper program
src/network/bridge_driver.c:
* Introduce networkDnsmasqLeaseFileNameCustom()
* Invoke helper program along with dnsmasq
* Delete the .status file when corresponding n/w is destroyed.
src/network/leaseshelper.c
* Helper program to create the custom lease file
2014-06-02 14:19:26 +04:00
src/network/leaseshelper.c
2009-09-16 20:26:27 +04:00
src/node_device/node_device_driver.c
2010-05-20 10:59:01 +04:00
src/node_device/node_device_hal.c
2009-11-13 00:48:24 +03:00
src/node_device/node_device_udev.c
2009-01-20 20:13:33 +03:00
src/nodeinfo.c
2012-06-02 03:32:06 +04:00
src/nwfilter/nwfilter_dhcpsnoop.c
2010-03-25 20:46:09 +03:00
src/nwfilter/nwfilter_driver.c
src/nwfilter/nwfilter_ebiptables_driver.c
src/nwfilter/nwfilter_gentech_driver.c
2010-04-08 15:01:00 +04:00
src/nwfilter/nwfilter_learnipaddr.c
2009-09-16 20:26:27 +04:00
src/openvz/openvz_conf.c
src/openvz/openvz_driver.c
2012-05-15 19:27:08 +04:00
src/openvz/openvz_util.c
2009-07-27 01:53:34 +04:00
src/phyp/phyp_driver.c
2011-10-05 21:31:54 +04:00
src/qemu/qemu_agent.c
2016-02-16 18:24:35 +03:00
src/qemu/qemu_alias.c
2010-12-16 18:07:07 +03:00
src/qemu/qemu_capabilities.c
2010-12-16 19:10:54 +03:00
src/qemu/qemu_cgroup.c
2010-12-16 18:07:07 +03:00
src/qemu/qemu_command.c
2009-09-16 20:26:27 +04:00
src/qemu/qemu_conf.c
2016-04-09 21:02:49 +03:00
src/qemu/qemu_domain.c
2016-04-10 19:58:53 +03:00
src/qemu/qemu_domain_address.c
2009-09-16 20:26:27 +04:00
src/qemu/qemu_driver.c
2010-12-16 19:10:54 +03:00
src/qemu/qemu_hostdev.c
2010-12-16 19:10:54 +03:00
src/qemu/qemu_hotplug.c
2016-02-15 18:52:50 +03:00
src/qemu/qemu_interface.c
2011-01-31 13:47:03 +03:00
src/qemu/qemu_migration.c
2009-10-09 22:07:55 +04:00
src/qemu/qemu_monitor.c
2009-11-03 21:59:18 +03:00
src/qemu/qemu_monitor_json.c
2009-09-22 21:48:40 +04:00
src/qemu/qemu_monitor_text.c
2016-02-10 15:33:47 +03:00
src/qemu/qemu_parse_command.c
2011-02-14 19:09:39 +03:00
src/qemu/qemu_process.c
2011-05-04 18:18:06 +04:00
src/remote/remote_client_bodies.h
2009-09-16 20:26:27 +04:00
src/remote/remote_driver.c
2011-09-22 15:40:00 +04:00
src/rpc/virkeepalive.c
2010-12-01 19:35:50 +03:00
src/rpc/virnetclient.c
src/rpc/virnetclientprogram.c
src/rpc/virnetclientstream.c
2015-03-16 17:02:41 +03:00
src/rpc/virnetdaemon.c
2010-12-06 20:03:22 +03:00
src/rpc/virnetmessage.c
2010-12-10 15:21:18 +03:00
src/rpc/virnetsaslcontext.c
2010-12-01 19:36:40 +03:00
src/rpc/virnetserver.c
src/rpc/virnetserverclient.c
2011-03-02 20:11:42 +03:00
src/rpc/virnetservermdns.c
2010-12-01 19:36:40 +03:00
src/rpc/virnetserverprogram.c
2012-08-09 15:54:54 +04:00
src/rpc/virnetserverservice.c
2016-04-09 21:02:49 +03:00
src/rpc/virnetsocket.c
2011-11-14 18:30:23 +04:00
src/rpc/virnetsshsession.c
2010-11-23 23:17:41 +03:00
src/rpc/virnettlscontext.c
2009-09-16 20:26:27 +04:00
src/secret/secret_driver.c
2016-04-04 20:31:29 +03:00
src/secret/secret_util.c
2009-10-08 18:34:22 +04:00
src/security/security_apparmor.c
Refactor the security drivers to simplify usage
The current security driver usage requires horrible code like
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityHostdevLabel &&
driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
vm, hostdev) < 0)
This pair of checks for NULL clutters up the code, making the driver
calls 2 lines longer than they really need to be. The goal of the
patchset is to change the calling convention to simply
if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
vm, hostdev) < 0)
The first check for 'driver->securityDriver' being NULL is removed
by introducing a 'no op' security driver that will always be present
if no real driver is enabled. This guarentees driver->securityDriver
!= NULL.
The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
being non-NULL is hidden in a new abstraction called virSecurityManager.
This separates the driver callbacks, from main internal API. The addition
of a virSecurityManager object, that is separate from the virSecurityDriver
struct also allows for security drivers to carry state / configuration
information directly. Thus the DAC/Stack drivers from src/qemu which
used to pull config from 'struct qemud_driver' can now be moved into
the 'src/security' directory and store their config directly.
* src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
use new virSecurityManager APIs
* src/qemu/qemu_security_dac.c, src/qemu/qemu_security_dac.h
src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
Move into src/security directory
* src/security/security_stack.c, src/security/security_stack.h,
src/security/security_dac.c, src/security/security_dac.h: Generic
versions of previous QEMU specific drivers
* src/security/security_apparmor.c, src/security/security_apparmor.h,
src/security/security_driver.c, src/security/security_driver.h,
src/security/security_selinux.c, src/security/security_selinux.h:
Update to take virSecurityManagerPtr object as the first param
in all callbacks
* src/security/security_nop.c, src/security/security_nop.h: Stub
implementation of all security driver APIs.
* src/security/security_manager.h, src/security/security_manager.c:
New internal API for invoking security drivers
* src/libvirt.c: Add missing debug for security APIs
2010-11-17 23:26:30 +03:00
src/security/security_dac.c
2010-05-20 10:59:01 +04:00
src/security/security_driver.c
Add two new security label types
Curently security labels can be of type 'dynamic' or 'static'.
If no security label is given, then 'dynamic' is assumed. The
current code takes advantage of this default, and avoids even
saving <seclabel> elements with type='dynamic' to disk. This
means if you temporarily change security driver, the guests
can all still start.
With the introduction of sVirt to LXC though, there needs to be
a new default of 'none' to allow unconfined LXC containers.
This patch introduces two new security label types
- default: the host configuration decides whether to run the
guest with type 'none' or 'dynamic' at guest start
- none: the guest will run unconfined by security policy
The 'none' label type will obviously be undesirable for some
deployments, so a new qemu.conf option allows a host admin to
mandate confined guests. It is also possible to turn off default
confinement
security_default_confined = 1|0 (default == 1)
security_require_confined = 1|0 (default == 0)
* src/conf/domain_conf.c, src/conf/domain_conf.h: Add new
seclabel types
* src/security/security_manager.c, src/security/security_manager.h:
Set default sec label types
* src/security/security_selinux.c: Handle 'none' seclabel type
* src/qemu/qemu.conf, src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
src/qemu/libvirtd_qemu.aug: New security config options
* src/qemu/qemu_driver.c: Tell security driver about default
config
2012-01-25 18:12:52 +04:00
src/security/security_manager.c
2009-09-16 20:26:27 +04:00
src/security/security_selinux.c
2009-10-08 18:34:22 +04:00
src/security/virt-aa-helper.c
2010-11-16 22:01:37 +03:00
src/storage/parthelper.c
2009-09-16 20:26:27 +04:00
src/storage/storage_backend.c
src/storage/storage_backend_disk.c
src/storage/storage_backend_fs.c
2013-11-20 03:26:05 +04:00
src/storage/storage_backend_gluster.c
2009-09-16 20:26:27 +04:00
src/storage/storage_backend_iscsi.c
src/storage/storage_backend_logical.c
src/storage/storage_backend_mpath.c
2012-05-14 13:06:42 +04:00
src/storage/storage_backend_rbd.c
2009-09-16 20:26:27 +04:00
src/storage/storage_backend_scsi.c
2012-07-18 23:06:58 +04:00
src/storage/storage_backend_sheepdog.c
2014-07-21 18:38:42 +04:00
src/storage/storage_backend_zfs.c
2009-09-16 20:26:27 +04:00
src/storage/storage_driver.c
src/test/test_driver.c
src/uml/uml_conf.c
src/uml/uml_driver.c
2011-02-22 15:05:20 +03:00
src/util/iohelper.c
2013-06-07 12:37:25 +04:00
src/util/viralloc.c
2011-07-11 23:42:15 +04:00
src/util/viraudit.c
2012-03-19 20:21:12 +04:00
src/util/virauth.c
2012-03-20 19:40:05 +04:00
src/util/virauthconfig.c
2013-08-19 18:08:24 +04:00
src/util/virbitmap.c
2014-06-27 11:23:13 +04:00
src/util/virbuffer.c
2012-12-03 19:03:47 +04:00
src/util/vircgroup.c
2013-07-15 18:53:13 +04:00
src/util/virclosecallbacks.c
2012-12-12 20:27:01 +04:00
src/util/vircommand.c
2012-12-12 20:35:35 +04:00
src/util/virconf.c
2014-03-05 16:34:10 +04:00
src/util/vircrypto.c
2012-04-19 18:34:35 +04:00
src/util/virdbus.c
2012-12-12 20:43:54 +04:00
src/util/virdnsmasq.c
2015-03-11 12:24:09 +03:00
src/util/virerror.c
src/util/virerror.h
2012-12-12 20:54:55 +04:00
src/util/vireventpoll.c
2011-07-12 01:26:33 +04:00
src/util/virfile.c
2013-03-04 20:30:40 +04:00
src/util/virfirewall.c
2012-01-25 20:13:59 +04:00
src/util/virhash.c
2012-12-12 21:00:34 +04:00
src/util/virhook.c
2014-03-01 10:28:59 +04:00
src/util/virhostdev.c
2012-01-20 21:49:32 +04:00
src/util/viridentity.c
2012-11-28 16:17:31 +04:00
src/util/virinitctl.c
2012-12-12 21:42:44 +04:00
src/util/viriptables.c
2014-03-19 19:03:11 +04:00
src/util/viriscsi.c
2012-12-12 21:53:50 +04:00
src/util/virjson.c
2012-03-16 20:29:49 +04:00
src/util/virkeyfile.c
2016-02-14 09:50:12 +03:00
src/util/virlease.c
Introduce an internal API for handling file based lockspaces
The previously introduced virFile{Lock,Unlock} APIs provide a
way to acquire/release fcntl() locks on individual files. For
unknown reason though, the POSIX spec says that fcntl() locks
are released when *any* file handle referring to the same path
is closed. In the following sequence
threadA: fd1 = open("foo")
threadB: fd2 = open("foo")
threadA: virFileLock(fd1)
threadB: virFileLock(fd2)
threadB: close(fd2)
you'd expect threadA to come out holding a lock on 'foo', and
indeed it does hold a lock for a very short time. Unfortunately
when threadB does close(fd2) this releases the lock associated
with fd1. For the current libvirt use case for virFileLock -
pidfiles - this doesn't matter since the lock is acquired
at startup while single threaded an never released until
exit.
To provide a more generally useful API though, it is necessary
to introduce a slightly higher level abstraction, which is to
be referred to as a "lockspace". This is to be provided by
a virLockSpacePtr object in src/util/virlockspace.{c,h}. The
core idea is that the lockspace keeps track of what files are
already open+locked. This means that when a 2nd thread comes
along and tries to acquire a lock, it doesn't end up opening
and closing a new FD. The lockspace just checks the current
list of held locks and immediately returns VIR_ERR_RESOURCE_BUSY.
NB, the API as it stands is designed on the basis that the
files being locked are not being otherwise opened and used
by the application code. One approach to using this API is to
acquire locks based on a hash of the filepath.
eg to lock /var/lib/libvirt/images/foo.img the application
might do
virLockSpacePtr lockspace = virLockSpaceNew("/var/lib/libvirt/imagelocks");
lockname = md5sum("/var/lib/libvirt/images/foo.img");
virLockSpaceAcquireLock(lockspace, lockname);
NB, in this example, the caller should ensure that the path
is canonicalized before calculating the checksum.
It is also possible to do locks directly on resources by
using a NULL lockspace directory and then using the file
path as the lock name eg
virLockSpacePtr lockspace = virLockSpaceNew(NULL);
virLockSpaceAcquireLock(lockspace, "/var/lib/libvirt/images/foo.img");
This is only safe to do though if no other part of the process
will be opening the files. This will be the case when this
code is used inside the soon-to-be-reposted virlockd daemon
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-02 20:02:40 +04:00
src/util/virlockspace.c
2016-03-16 00:15:02 +03:00
src/util/virlog.c
2016-04-10 19:58:53 +03:00
src/util/virnetdev.c
2012-11-16 15:37:51 +04:00
src/util/virnetdevbandwidth.c
Split bridge.h into three separate files
Following the renaming of the bridge management APIs, we can now
split the source file into 3 corresponding pieces
* src/util/virnetdev.c: APIs for any type of network interface
* src/util/virnetdevbridge.c: APIs for bridge interfaces
* src/util/virnetdevtap.c: APIs for TAP interfaces
* src/util/virnetdev.c, src/util/virnetdev.h,
src/util/virnetdevbridge.c, src/util/virnetdevbridge.h,
src/util/virnetdevtap.c, src/util/virnetdevtap.h: Copied
from bridge.{c,h}
* src/util/bridge.c, src/util/bridge.h: Split into 3 pieces
* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
src/openvz/openvz_driver.c, src/qemu/qemu_command.c,
src/qemu/qemu_conf.h, src/uml/uml_conf.c, src/uml/uml_conf.h,
src/uml/uml_driver.c: Update #include directives
2011-11-02 17:41:58 +04:00
src/util/virnetdevbridge.c
2011-11-02 21:11:02 +04:00
src/util/virnetdevmacvlan.c
2015-02-23 23:54:54 +03:00
src/util/virnetdevmidonet.c
2012-02-11 01:09:00 +04:00
src/util/virnetdevopenvswitch.c
Split bridge.h into three separate files
Following the renaming of the bridge management APIs, we can now
split the source file into 3 corresponding pieces
* src/util/virnetdev.c: APIs for any type of network interface
* src/util/virnetdevbridge.c: APIs for bridge interfaces
* src/util/virnetdevtap.c: APIs for TAP interfaces
* src/util/virnetdev.c, src/util/virnetdev.h,
src/util/virnetdevbridge.c, src/util/virnetdevbridge.h,
src/util/virnetdevtap.c, src/util/virnetdevtap.h: Copied
from bridge.{c,h}
* src/util/bridge.c, src/util/bridge.h: Split into 3 pieces
* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
src/openvz/openvz_driver.c, src/qemu/qemu_command.c,
src/qemu/qemu_conf.h, src/uml/uml_conf.c, src/uml/uml_conf.h,
src/uml/uml_driver.c: Update #include directives
2011-11-02 17:41:58 +04:00
src/util/virnetdevtap.c
2013-10-02 14:16:14 +04:00
src/util/virnetdevveth.c
2011-11-02 21:11:02 +04:00
src/util/virnetdevvportprofile.c
2012-02-03 18:13:19 +04:00
src/util/virnetlink.c
Implement the core API to suspend/resume the host
Add the core functions that implement the functionality of the API.
Suspend is done by using an asynchronous mechanism so that we can return
the status to the caller before the host gets suspended. This asynchronous
operation is achieved by suspending the host in a separate thread of
execution. However, returning the status to the caller is only best-effort,
but not guaranteed.
To resume the host, an RTC alarm is set up (based on how long we want to
suspend) before suspending the host. When this alarm fires, the host
gets woken up.
Suspend-to-RAM operation on a host running Linux can take upto more than 20
seconds, depending on the load of the system. (Freezing of tasks, an operation
preceding any suspend operation, is given up after a 20 second timeout).
And Suspend-to-Disk can take even more time, considering the time required
for compaction, creating the memory image and writing it to disk etc.
So, we do not allow the user to specify a suspend duration of less than 60
seconds, to be on the safer side, since we don't want to prematurely declare
failure when we only had to wait for some more time.
2011-11-29 13:07:38 +04:00
src/util/virnodesuspend.c
2013-03-18 13:04:01 +04:00
src/util/virnuma.c
2013-01-09 21:37:27 +04:00
src/util/virobject.c
2012-12-13 18:52:25 +04:00
src/util/virpci.c
2016-03-28 16:30:28 +03:00
src/util/virperf.c
2011-07-06 20:12:26 +04:00
src/util/virpidfile.c
2013-08-22 17:27:19 +04:00
src/util/virpolkit.c
2013-01-09 19:11:50 +04:00
src/util/virportallocator.c
2012-09-24 21:10:37 +04:00
src/util/virprocess.c
2012-02-10 08:51:47 +04:00
src/util/virrandom.c
2015-11-06 17:25:48 +03:00
src/util/virrotatingfile.c
2013-05-03 22:07:22 +04:00
src/util/virscsi.c
2016-04-09 21:02:49 +03:00
src/util/virsexpr.c
Split src/util/network.{c,h} into 5 pieces
The src/util/network.c file is a dumping ground for many different
APIs. Split it up into 5 pieces, along functional lines
- src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
- src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
- src/util/virsocketaddr.c: virSocketAddr and APIs
- src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
for virNetDevBandwidth
- src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
for virNetDevVPortProfile
* src/util/network.c, src/util/network.h: Split into 5 pieces
* src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
* daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
src/conf/domain_conf.h, src/conf/network_conf.c,
src/conf/network_conf.h, src/conf/nwfilter_conf.h,
src/esx/esx_util.h, src/network/bridge_driver.c,
src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
src/util/virnetdev.h, src/util/virnetdevtap.c,
tools/virsh.c: Update include files
2011-11-02 19:40:08 +04:00
src/util/virsocketaddr.c
2014-07-05 19:34:39 +04:00
src/util/virstats.c
2014-03-28 07:26:44 +04:00
src/util/virstorageencryption.c
2012-12-13 19:25:48 +04:00
src/util/virstoragefile.c
2014-01-23 13:28:29 +04:00
src/util/virstring.c
2012-12-13 19:31:53 +04:00
src/util/virsysinfo.c
2013-07-08 14:27:34 +04:00
src/util/virthreadjob.c
2016-02-26 19:48:03 +03:00
src/util/virthreadpool.c
2011-11-29 16:11:01 +04:00
src/util/virtime.c
2013-04-13 00:55:45 +04:00
src/util/virtpm.c
2012-01-03 02:03:19 +04:00
src/util/virtypedparam.c
2012-07-18 14:44:24 +04:00
src/util/viruri.c
2012-12-12 21:04:51 +04:00
src/util/virusb.c
2012-12-13 21:44:57 +04:00
src/util/virutil.c
2012-12-13 22:13:21 +04:00
src/util/virxml.c
2016-04-10 19:58:53 +03:00
src/vbox/vbox_MSCOMGlue.c
src/vbox/vbox_XPCOMCGlue.c
2014-08-11 14:06:04 +04:00
src/vbox/vbox_common.c
2016-04-09 21:02:49 +03:00
src/vbox/vbox_driver.c
2014-10-02 07:30:35 +04:00
src/vbox/vbox_network.c
2014-05-19 16:47:31 +04:00
src/vbox/vbox_snapshot_conf.c
2016-04-09 21:02:49 +03:00
src/vbox/vbox_storage.c
2009-04-21 23:13:23 +04:00
src/vbox/vbox_tmpl.c
2010-12-17 13:28:20 +03:00
src/vmware/vmware_conf.c
src/vmware/vmware_driver.c
2010-12-22 00:39:55 +03:00
src/vmx/vmx.c
2016-04-09 21:02:49 +03:00
src/vz/vz_driver.c
src/vz/vz_sdk.c
src/vz/vz_utils.c
src/vz/vz_utils.h
src/xen/block_stats.c
src/xen/xen_driver.c
src/xen/xen_hypervisor.c
src/xen/xen_inotify.c
2016-04-10 19:58:53 +03:00
src/xen/xend_internal.c
2016-04-09 21:02:49 +03:00
src/xen/xm_internal.c
src/xen/xs_internal.c
2016-04-10 19:58:53 +03:00
src/xenapi/xenapi_driver.c
src/xenapi/xenapi_utils.c
src/xenconfig/xen_common.c
src/xenconfig/xen_sxpr.c
src/xenconfig/xen_xl.c
src/xenconfig/xen_xm.c
2014-09-10 17:52:48 +04:00
tests/virpolkittest.c
2012-10-21 06:29:51 +04:00
tools/libvirt-guests.sh.in
2013-08-26 13:53:43 +04:00
tools/virsh-console.c
2016-04-09 21:02:49 +03:00
tools/virsh-domain-monitor.c
2016-04-10 19:58:53 +03:00
tools/virsh-domain.c
2012-05-17 19:08:53 +04:00
tools/virsh-edit.c
2012-07-23 10:37:50 +04:00
tools/virsh-host.c
2012-07-24 12:56:49 +04:00
tools/virsh-interface.c
2012-07-23 10:02:14 +04:00
tools/virsh-network.c
2012-07-23 11:08:39 +04:00
tools/virsh-nodedev.c
2012-07-23 10:15:55 +04:00
tools/virsh-nwfilter.c
2012-07-24 12:49:27 +04:00
tools/virsh-pool.c
2012-07-23 10:18:51 +04:00
tools/virsh-secret.c
2012-07-23 10:23:00 +04:00
tools/virsh-snapshot.c
2012-07-24 12:44:49 +04:00
tools/virsh-volume.c
2016-04-10 19:58:53 +03:00
tools/virsh.c
2015-10-12 18:07:21 +03:00
tools/virt-admin.c
2012-01-10 21:31:21 +04:00
tools/virt-host-validate-common.c
tools/virt-host-validate-lxc.c
tools/virt-host-validate-qemu.c
2016-04-10 19:58:53 +03:00
tools/virt-host-validate.c
2013-08-08 19:36:31 +04:00
tools/virt-login-shell.c
2015-06-15 19:53:58 +03:00
tools/vsh.c
tools/vsh.h