IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We have this code in our Makefile that tries to remove
/etc/libvirt/nwfilter if directory is left empty after all our
example nwfilters were uninstalled. However, the check for that
is missing quotation marks thus rendering the test useless:
test -z allow-arp.xml allow-dhcp-server.xml .. qemu-announce-self.xml || \
rmdir "/some/path/libvirt.git/_install/etc/libvirt/nwfilter"
/bin/sh: line 0: test: too many arguments
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
The event test does not try to include libvirt internals. Using a macro
named VIR_DEBUG might hint to such usage. Additionally it's useless
since it's used only in the main() function.
Modernize the message strings while touching them.
In an unlikely event of virConnectRegisterCloseCallback failing,
the error is ignored. This is an example file and we shouldn't
get a bad example.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Like in the rest of our code we tend to prefer 'goto' and
'cleanup' over 'if else' code structure. Do the same here.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY and VIR_DOMAIN_PAUSED_POSTCOPY are
used on the source host once migration enters post-copy mode (which
means the domain gets paused on the source. After the destination host
takes over the execution of the domain, its virtual CPUs are resumed and
the domain enters VIR_DOMAIN_RUNNING_POSTCOPY state and
VIR_DOMAIN_EVENT_RESUMED_POSTCOPY event is emitted.
In case migration fails during post-copy mode and none of the hosts have
complete state of the domain, both domains will remain paused with
VIR_DOMAIN_PAUSED_POSTCOPY_FAILED reason and an upper layer may decide
what to do.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Commit d82170d introduced a workaround for domtop: in that example
program, we define a symbol called ERROR for our own use, but since
a symbol with the same name is already defined in one of mingw's
header files, we get a warning when using that compiler.
domsuspend defines the same problematic symbol, so the workaround
has been copied over.
So after da176bf6b7 and friend we have switched to $(wildcard
some/path/*.xml) instead of enumerating the files explicitly.
This is nice, however it makes distcheck build from VPATH fail.
The reason is that it's is not obvious to what does the wildcard
refer to: srcdir or builddir?
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Using one Makefile per example subdirectory essentially serializes 'make'
calls. Convert to one example/Makefile that builds and distributes
all the subdir files. This reduces example/ rebuild time from about 5.8
seconds to 1.5 seconds on my machine.
One slight difference is that we no longer ship Makefile.am with the
examples in the rpm. This was virtually useless anyways since the Makefile
was very specific to libvirt infrastructure, so wasn't generically
reusable anyways.
Tested with 'make distcheck' and 'make rpm'
Creating ACL rules is not exactly easy and existing examples are pretty
simple. This patch adds a somewhat complex example which defines several
roles. Admins can do everything, operators can do basic operations
on any domain and several groups of users who act as operators but only
on a limited set of domains.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
So, in the example the cpu stats are collected within a function
called do_top. At the beginning of the function we ask the daemon for
how much vCPUs can we get stats, and how many stats for a vCPU can we
get. This is because it's how our API works - users are required to
preallocate a chunk of memory for the results. Now, at the end, we try
to free the allocated array, but we are not doing it correctly.
There's this virTypedParamsFree() function which gets a pointer to the
array and the length of the array. However, if there was an error in
getting vCPU stats we pass a negative number instead of the originally
computed value. This flaw results in SIGSEGV:
libvirt: QEMU Driver error : Requested operation is not valid: domain is not running
ERROR do_top:333 : Unable to get cpu stats
==29201== Invalid read of size 4
==29201== at 0x4F1DF8B: virTypedParamsClear (virtypedparam.c:1145)
==29201== by 0x4F1DFEB: virTypedParamsFree (virtypedparam.c:1165)
==29201== by 0x4023C3: do_top (domtop.c:349)
==29201== by 0x40260B: main (domtop.c:386)
==29201== Address 0x131cd7c0 is 16 bytes after a block of size 768 alloc'd
==29201== at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29201== by 0x401FF1: do_top (domtop.c:295)
==29201== by 0x40260B: main (domtop.c:386)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Wikipedia's list of common misspellings [1] has a machine-readable
version. This patch fixes those misspellings mentioned in the list
which don't have multiple right variants (as e.g. "accension", which can
be both "accession" and "ascension"), such misspellings are left
untouched. The list of changes was manually re-checked for false
positives.
[1] https://en.wikipedia.org/wiki/Wikipedia:Lists_of_common_misspellings/For_machines
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Apparmor must not prevent access to required helper programs. The following
helpers should be allowed to run in unconfined execution mode:
- libvirt_parthelper
- libvirt_iohelper
The network and nwfilter tests contained in the libvirt-TCK testkit can fail
unless access to raw network packets is granted. Without this access, the
following apparmor error can be seen while running the tests:
apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/libvirtd"
pid=94731 comm="libvirtd" family="packet" sock_type="raw" protocol=768
In order for apparmor to work properly in Xen environments, the following
access rights need to be allowed:
- Allow CAP_SYS_PACCT, which is required when resetting some multi-port
Broadcom cards by writting to the PCI config space
- Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without
this setting, an error 'Resource temporarily unavailable' can be seen
while attempting to mmap memory. At the same time, the following
apparmor message is seen:
apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd"
pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14
capname="ipc_lock"
- Allow access to distribution specific directories:
/usr/{lib,lib64}/xen/bin
As discussed before, this simple script should help with debugging
deadlocks, although there are still some caveats. RWLocks are not
handled by this and if your deadlock if very racy, it may not lock
up when running with this script due to the slowdown.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
When building on mingw the format string for long long/unsigned long
long have to be I64d/I64u instead of lld/llu.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
and thus running a qemu guest fails.
Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
On some places in the libvirt code we have:
f(a,z)
instead of
f(a, z)
This trivial patch fixes couple of such occurrences.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
The "maxMemory" element was never supported by libvirt. Remove it from
the test XMLs. (Found while actually trying to add support for a
identically named element).
The variable 'k' in the print_cpu_usage function is not used anywhere
and can fire a warning on some compilers.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Currently, the function follows the usual pattern used in our code:
int ret = -1;
...
ret = 0;
cleanup:
return ret;
However, the function always call exit() on error, so the cleanup
label is never jumped onto. Therefore, it doesn't make any sense to
have the parse_argv function return an integer value, if it
effectively can return only value of zero.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>