1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-25 01:34:11 +03:00
Commit Graph

31592 Commits

Author SHA1 Message Date
Luyao Zhong
55b4fc78b6 qemu: Introduce QEMU_CAPS_OBJECT_MEMORY_FILE_PMEM capability
This capability tracks if memory-backend-file has the pmem
attribute or not.

Signed-off-by: Luyao Zhong <luyao.zhong@intel.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-02 09:00:34 -05:00
Luyao Zhong
e9b28cc9bc qemu: Introduce QEMU_CAPS_OBJECT_MEMORY_FILE_ALIGN capability
This capability tracks if memory-backend-file has the align
attribute or not.

Signed-off-by: Luyao Zhong <luyao.zhong@intel.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-02 09:00:34 -05:00
Luyao Zhong
db521e7d03 conf: Introduce 'readonly' element into xml for NVDIMM memory
The 'readonly' option allows users to mark vNVDIMM read-only:

<devices>
  ...
  <memory model='nvdimm' access='shared'>
      <source>
          <path>/dev/dax0.0</path>
      </source>
      <target>
          <size unit='MiB'>4094</size>
          <node>0</node>
          <label>
              <size unit='MiB'>2</size>
          </label>
          <readonly/>
      </target>
  </memory>
  ...
</devices>

Signed-off-by: Luyao Zhong <luyao.zhong@intel.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-02 09:00:34 -05:00
Luyao Zhong
73fc8c491e conf: Introduce 'pmem' element into xml for NVDIMM memory
The 'pmem' option allows users to specify whether the backend
storage of memory-backend-file is a real persistent memory:

<devices>
  ...
  <memory model='nvdimm' access='shared'>
      <source>
          <path>/dev/dax0.0</path>
          <pmem/>
      </source>
      <target>
          <size unit='MiB'>4094</size>
          <node>0</node>
          <label>
              <size unit='MiB'>2</size>
          </label>
      </target>
  </memory>
  ...
</devices>

Signed-off-by: Luyao Zhong <luyao.zhong@intel.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-02 09:00:29 -05:00
Luyao Zhong
80d1ed9773 conf: Introduce 'alignsize' element into xml for NVDIMM memory
NVDIMM emulation will mmap the backend file, it uses host pagesize
as the alignment of mapping address before, but some backends may
require alignments different from the pagesize. So the 'alignsize'
option is introduced to allow specification of the proper alignment:

<devices>
  ...
  <memory model='nvdimm' access='shared'>
      <source>
          <path>/dev/dax0.0</path>
          <alignsize unit='MiB'>2</alignsize>
      </source>
      <target>
          <size unit='MiB'>4094</size>
          <node>0</node>
          <label>
              <size unit='MiB'>2</size>
          </label>
      </target>
  </memory>
  ...
</devices>

Signed-off-by: Luyao Zhong <luyao.zhong@intel.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2019-01-02 09:00:24 -05:00
Erik Skultety
7dc31fe503 qemu: process: SEV: Relabel guest owner's SEV files created before start
Before launching a SEV guest we take the base64-encoded guest owner's
data specified in launchSecurity and create files with the same content
under /var/lib/libvirt/qemu/<domain>. The reason for this is that we
need to pass these files on to QEMU which then uses them to communicate
with the SEV firmware, except when it doesn't have permissions to open
those files since we don't relabel them.

https://bugzilla.redhat.com/show_bug.cgi?id=1658112

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-01-02 10:50:54 +01:00
Erik Skultety
2c4c7de159 qemu: process: SEV: Assume libDir to be the directory to create files in
Since SEV operates on a per domain basis, it's very likely that all
SEV launch-related data will be created under
/var/lib/libvirt/qemu/<domain_name>. Therefore, when calling into
qemuProcessSEVCreateFile we can assume @libDir as the directory prefix
rather than passing it explicitly.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-01-02 10:50:54 +01:00
Ján Tomko
0c6ad476a8 maint: update to latest gnulib
Includes:
  maint: Run 'make update-copyright'

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-01-01 23:09:35 +01:00
John Ferlan
9d42d51eef security: Fix comparison for virSecuritySELinuxRecallLabel
The @con type security_context_t is actually a "char *", so the
correct check should be to dereference one more level; otherwise,
we could return/use the NULL pointer later in a subsequent
virSecuritySELinuxSetFileconImpl call (using @fcon).

Suggested-by: Michal Prívozník <mprivozn@redhat.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-21 06:03:44 -05:00
John Ferlan
458b952bee security: Resolve possible memory leak
If virSecuritySELinuxRestoreFileLabel returns 0 or -1 too soon, then
the @newpath will be leaked.

Suggested-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-21 06:03:35 -05:00
Nikolay Shirokovskiy
c541177314 qemu: don't log error for missing optional storage sources on start
Because missing optional storage source is not error. The patch
address only local files. Fixing other cases is a bit ugly.
Below is example of error notice in log now:

error: virStorageFileReportBrokenChain:427 :
   Cannot access storage file '/path/to/missing/optional/disk':
  	No such file or directory

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2018-12-21 12:20:24 +03:00
Nikolay Shirokovskiy
318d807a0b qemu: don't log error for missing optional storage sources on stats
Every time we call all domain stats for inactive domain with
unavailable storage source we get error message in logs [1]. It's a bit noisy.
While it's arguable whether we need such message or not for mandatory
disks we would like not to see messages for optional disks. Let's
filter at least for cases of local files. Fixing other cases would
require passing flag down the stack to .backendInit of storage
which is ugly.

Stats for active domain are fine because we either drop disks
with unavailable sources or clean source which is handled
by virStorageSourceIsEmpty in qemuDomainGetStatsOneBlockFallback.

We have these logs for successful stats since 25aa7035d (version 1.2.15)
which in turn fixes 596a13713 (version 1.2.12 )which added substantial
stats for offline disks.

[1] error message example:
qemuOpenFileAs:3324 : Failed to open file '/path/to/optional/disk': No such file or directory

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2018-12-21 12:13:31 +03:00
Michal Privoznik
dfbd7315c0 news: Document original owner remembering
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-12-20 21:18:43 +01:00
Marc Hartmayer
91684829be qemu: Introduce caching whether /dev/kvm is accessible
Introduce caching whether /dev/kvm is usable as the QEMU user:QEMU
group. This reduces the overhead of the QEMU capabilities cache
lookup. Before this patch there were many fork() calls used for
checking whether /dev/kvm is accessible. Now we store the result
whether /dev/kvm is accessible or not and we only need to re-run the
virFileAccessibleAs check if the ctime of /dev/kvm has changed.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-12-19 15:50:57 +01:00
Michal Privoznik
e05d8e570b qemu.conf: Allow users to enable/disable label remembering
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:48 +01:00
Michal Privoznik
1845991d9b tools: Provide a script to recover fubar'ed XATTRs setup
Our code is not bug free. The refcounting I introduced will
almost certainly not work in some use cases. Provide a script
that will remove all the XATTRs set by libvirt so that it can
start cleanly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:45 +01:00
Michal Privoznik
1e63dea999 tests: Introduce qemusecuritytest
This test checks if security label remembering works correctly.
It uses qemuSecurity* APIs to do that. And some mocking (even
though it's not real mocking as we are used to from other tests
like virpcitest). So far, only DAC driver is tested.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:43 +01:00
Michal Privoznik
d9043c06e6 virSecuritySELinuxRestoreAllLabel: Restore more labels
We are setting label on kernel, initrd, dtb and slic_table files.
But we never restored it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:40 +01:00
Michal Privoznik
d81f3e02d7 virSecuritySELinuxRestoreAllLabel: Reorder device relabeling
It helps whe trying to match calls with virSecuritySELinuxSetAllLabel
if the order in which devices are set/restored is the same in
both functions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:38 +01:00
Michal Privoznik
edacf25da7 virSecuritySELinuxTransactionRun: Implement rollback
When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn user.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:35 +01:00
Michal Privoznik
b44fd42016 security_selinux: Restore label on failed setfilecon() attempt
It's important to keep XATTRs untouched (well, in the same state
they were in when entering the function). Otherwise our
refcounting would be messed up.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:31 +01:00
Michal Privoznik
4dc37a39cf security_selinux: Remember old labels
Similarly to what I did in DAC driver, this also requires the
same SELinux label to be used for shared paths. If a path is
already in use by a domain (or domains) then and the domain we
are starting now wants to access the path it has to have the same
SELinux label. This might look too restrictive as the new label
can still guarantee access to already running domains but in
reality it is very unlikely and usually an admin mistake.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:28 +01:00
Michal Privoznik
1e9c472452 security_selinux: Track if transaction is restore
It is going to be important to know if the current transaction we
are running is a restore operation or set label operation so that
we know whether to call virSecurityGetRememberedLabel() or
virSecuritySetRememberedLabel(). That is, whether we are in a
restore and therefore have to fetch the remembered label, or we
are in set operation and therefore have to store the original
label.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:26 +01:00
Michal Privoznik
d7420430ce virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks
Now that we have seclabel remembering we can safely restore
labels for shared and RO disks. In fact we need to do that to
keep seclabel refcount stored in XATTRs in sync with reality.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:21 +01:00
Michal Privoznik
1845d3ad5d security_dac: Remember old labels
This also requires the same DAC label to be used for shared
paths. If a path is already in use by a domain (or domains) then
and the domain we are starting now wants to access the path it
has to have the same DAC label. This might look too restrictive
as the new label can still guarantee access to already running
domains but in reality it is very unlikely and usually an admin
mistake.

This requirement also simplifies seclabel remembering, because we
can store only one seclabel and have a refcounter for how many
times the path is in use. If we were to allow different labels
and store them in some sort of array the algorithm to match
labels to domains would be needlessly complicated.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:17 +01:00
Michal Privoznik
fa808763b2 security_dac: Allow callers to enable/disable label remembering/recall
Because the implementation that will be used for label
remembering/recall is not atomic we have to give callers a chance
to enable or disable it. That is, enable it if and only if
metadata locking is enabled. Otherwise the feature MUST be turned
off.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:14 +01:00
Michal Privoznik
a30e6d17c9 virSecurityDACRestoreAllLabel: Restore more labels
We are setting label on kernel, initrd, dtb and slic_table files.
But we never restored it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:11 +01:00
Michal Privoznik
08e3b1c0dc virSecurityDACRestoreAllLabel: Reorder device relabeling
It helps whe trying to match calls with virSecurityDACSetAllLabel
if the order in which devices are set/restored is the same in
both functions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:09 +01:00
Michal Privoznik
06af6609e9 virSecurityDACTransactionRun: Implement rollback
When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn user.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:32:06 +01:00
Michal Privoznik
86def3c88c security_dac: Restore label on failed chown() attempt
It's important to keep XATTRs untouched (well, in the same state
they were in when entering the function). Otherwise our
refcounting would be messed up.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:31:59 +01:00
Michal Privoznik
f9a0019fea security: Include security_util
This file implements wrappers over XATTR getter/setter. It
ensures the proper XATTR namespace is used.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:31:56 +01:00
Michal Privoznik
f497b1ad59 util: Introduce xattr getter/setter/remover
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-19 15:31:42 +01:00
Luyao Huang
ae8484586c virsh: Fix vcpupin command output wrong vcpu pinning info
Commit 3072ded3 changed the waya to format the vcpu pinning info
and forget to get cpumap for each vcpu during the loop, that cause
vcpupin command will display vcpu 0 info for other vcpus.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2018-12-19 10:20:57 +01:00
John Ferlan
4d95d35637 remote: Handle xdr char ** data return fields more consistently
For consistency, handle the @data "char **" (or remote_string)
assignments and processing similarly between various APIs

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-12-18 10:12:09 -05:00
John Ferlan
eb448cb5c0 remote: Resolve resource leak
Using a combination of VIR_ALLOC and VIR_STRDUP into a local
variable and then jumping to error on the VIR_STRDUP before
assiging it into the @data would cause a memory leak. Let's
just avoid that by assiging directly into @data.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-12-18 10:12:09 -05:00
John Ferlan
44d0db011d tests: Fix possible NULL derefs in virErrorTestMsgs
Add guards to avoid calling strchr when @err_noinfo == NULL or
calling virErrorTestMsgFormatInfoOne when @err_info == NULL as
both would fail with a NULL deref.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>
2018-12-18 10:12:09 -05:00
Daniel P. Berrangé
cc9e80c593 logging: ensure pending I/O is drained before reading position
The virtualization driver has two connections to the virtlogd daemon,
one pipe fd for writing to the log file, and one socket fd for making
RPC calls. The typical sequence is to write some data to the pipe fd and
then make an RPC call to determine the current log file offset.

Unfortunately these two operations are not guaranteed to be handling in
order by virtlogd. The event loop for virtlogd may identify an incoming
event on both the pipe fd and socket fd in the same iteration of the
event loop. It is then entirely possible that it will process the socket
fd RPC call before reading the pending log data from the pipe fd.

As a result the virtualization driver will get an outdated log file
offset reported back.

This can be seen with the QEMU driver where, when a guest fails to
start, it will randomly include too much data in the error message it
has fetched from the log file.

The solution is to ensure we have drained all pending data from the pipe
fd before reporting the log file offset. The pipe fd is always in
blocking mode, so cares needs to be taken to avoid blocking. When
draining this is taken care of by using poll(). The extra complication
is that they might already be an event loop dispatch pending on the pipe
fd. If we have just drained the pipe this pending event will be invalid
so must be discarded.

See also https://bugzilla.redhat.com/show_bug.cgi?id=1356108

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-18 14:49:59 +00:00
Daniel P. Berrangé
3dc3e58b32 tests: ignore XML files starting with a .
If an editor has an XML file open, it may create a temporary . file. The
existance of this file will cause the virschematest to fail, so just
skip these editor temp files.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-18 14:49:46 +00:00
Jim Fehlig
fe8eb8839a docs: Improve description of <hard_limit>
/domain/memtune/hard_limit provides a way to cap the memory a VM process
can use, including the amount of memory the process can lock. When memory
locking of a VM is requested, <hard_limit> can be used to prevent the
potential host DoS issue mentioned in /domain/memoryBacking/locked
description.

This patch improves the <hard_limit> text by clarifying it can be used
to prevent "host crashing" when VM memory is locked.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2018-12-17 16:35:04 -07:00
Daniel P. Berrangé
57a9e49232 util: fix translation of error message strings
The arguments to the N_() macro must only ever be a literal string. It
is not possible to use macro arguments, or use macro string
concatenation in this context. The N_() macro is a no-op whose only
purpose is to act as a marker for xgettext when it extracts translatable
strings from the source code. Anything other than a literal string will
be silently ignored by xgettext.

Unfortunately this means that the clever MSG, MSG2 & MSG_EXISTS macros
used for building up error message strings have prevented any of the
error messages getting marked for translation. We must sadly, revert to
a more explicit listing of strings for now.

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-17 17:47:30 +00:00
Michal Privoznik
61b4e8aaf1 src: Document autostart for session demon
The autostart under session daemon might not behave as you'd
expect it to behave. This patch is inspired by latest
libvirt-users discussion:

https://www.redhat.com/archives/libvirt-users/2018-December/msg00047.html

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-17 18:27:32 +01:00
Michal Privoznik
29682196d8 Drop UML driver
The driver is unmaintained, untested and severely broken for
quite some time now. Since nobody even reported any issue with it
let us drop it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-17 17:52:46 +01:00
Jiri Denemark
eb1b551d21 cpu: Add support for "stibp" x86_64 feature
QEMU commit v3.1.0-4-g0e89165829
KVM patch: https://lore.kernel.org/lkml/20181205191956.31480-1-ehabkost@redhat.com/

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-17 17:27:32 +01:00
Jiri Denemark
3f4914e03c qemu: Add support for postcopy-requests migration statistics
QEMU can report how many times during post-copy migration the domain
running on the destination host tried to access a page which has not
been migrated yet.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-12-17 16:16:30 +01:00
Daniel P. Berrangé
07c9d6601d qemu: use line breaks in command line args written to log
The QEMU command line arguments are very long and currently all written
on a single line to /var/log/libvirt/qemu/$GUEST.log. This introduces
logic to add line breaks after every env variable and "-" optional
argument, and every positional argument. This will create a clearer log
file, which will in turn present better in bug reports when people cut +
paste from the log into a bug comment.

An example log file entry now looks like this:

  2018-12-14 12:57:03.677+0000: starting up libvirt version: 5.0.0, qemu version: 3.0.0qemu-3.0.0-1.fc29, kernel: 4.19.5-300.fc29.x86_64, hostname: localhost.localdomain
  LC_ALL=C \
  PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin \
  HOME=/home/berrange \
  USER=berrange \
  LOGNAME=berrange \
  QEMU_AUDIO_DRV=none \
  /usr/bin/qemu-system-ppc64 \
  -name guest=guest,debug-threads=on \
  -S \
  -object secret,id=masterKey0,format=raw,file=/home/berrange/.config/libvirt/qemu/lib/domain-33-guest/master-key.aes \
  -machine pseries-2.10,accel=tcg,usb=off,dump-guest-core=off \
  -m 1024 \
  -realtime mlock=off \
  -smp 1,sockets=1,cores=1,threads=1 \
  -uuid c8a74977-ab18-41d0-ae3b-4041c7fffbcd \
  -display none \
  -no-user-config \
  -nodefaults \
  -chardev socket,id=charmonitor,fd=23,server,nowait \
  -mon chardev=charmonitor,id=monitor,mode=control \
  -rtc base=utc \
  -no-shutdown \
  -boot strict=on \
  -device qemu-xhci,id=usb,bus=pci.0,addr=0x1 \
  -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
  -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
  -msg timestamp=on
  2018-12-14 12:57:03.730+0000: shutting down, reason=failed

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-17 15:02:11 +00:00
Daniel P. Berrangé
912c6b22fc util: require command args to be non-NULL
The virCommand APIs do not expect to be given a NULL value for an arg
name or value. Such a mistake can lead to execution of the wrong
command, as the NULL may prematurely terminate the list of args.
Detect this and report suitable error messages.

This identified a flaw in the storage test which was passing a NULL
instead of the volume path. This flaw was then validated by an incorrect
set of qemu-img args as expected data.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-17 14:43:33 +00:00
Radostin Stoyanov
f8f525ff86 lxc: Set max uid/gid mappings for user namespace
There is a limit on the number of lines in the /proc/<pid>/{g,u}id_map
files. In Linux 4.14 and earlier, this limit was (arbitrarily) set at
5 lines. Since Linux 4.15, which was released on 28 Jan 2018, the limit
is 340 lines.

This change is documented in user_namespaces(7).

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6397fac4915ab3002dc15aae751455da1a852f25

Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
2018-12-17 11:03:29 +00:00
Daniel P. Berrangé
b2485c4ad7 cfg.mk: silence the group-qemu-caps command
A missing $(AM_V_GEN) meant the raw command was printed by
mistake.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-14 14:10:48 +00:00
Daniel P. Berrangé
1fb73537d7 Fix header ifdef check for config-post.h in VPATH build
We must do a substring match, not an exact match since
there can be an arbitrary virtual path prepended.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-14 14:08:51 +00:00
Peter Krempa
0aadf5ffe2 util: error: Put error code messages into an array
Simplify adding of new errors by just adding them to the array of
messages rather than having to add conversion code.

Additionally most of the messages add the format string part as a suffix
so we can avoid some of the duplication by using a macro which adds the
suffix to the original string. This way most messages fit into the 80
column limit and only 3 exceed 100 colums.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Erik Skultety <eskultet@redhat.com>
2018-12-14 13:58:17 +01:00