shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-10-05 07:33:51 +03:00
Code Releases Activity

Compare commits

base: shaba:v5.2.0-rc2
Branches Tags
shaba:master shaba:v1.2.19-maint shaba:v1.3.2-maint shaba:v1.3.1-maint shaba:v1.3.0-maint shaba:v1.2.21-maint shaba:v1.2.20-maint shaba:v1.3.3-maint shaba:v1.3.4-maint shaba:v1.3.5-maint shaba:v2.0-maint shaba:v2.1-maint shaba:v2.2-maint shaba:v3.0-maint shaba:v3.2-maint shaba:v3.7-maint shaba:v4.1-maint shaba:v4.2-maint shaba:v4.3-maint shaba:v4.4-maint shaba:v4.5-maint shaba:v4.6-maint shaba:v4.7-maint shaba:v4.8-maint shaba:v4.9-maint shaba:v4.10-maint shaba:v5.0-maint shaba:v5.1-maint shaba:v5.2-maint shaba:v5.3-maint shaba:v5.1.0-maint shaba:v1.2.18-maint shaba:v1.0.0-maint shaba:v1.0.1-maint shaba:v1.2.9-maint shaba:v0.9.12-maint shaba:v0.10.2-maint shaba:v1.0.2-maint shaba:v1.0.3-maint shaba:v1.0.4-maint shaba:v1.0.5-maint shaba:v1.0.6-maint shaba:v1.1.0-maint shaba:v1.1.1-maint shaba:v1.1.2-maint shaba:v1.1.3-maint shaba:v1.1.4-maint shaba:v1.2.0-maint shaba:v1.2.1-maint shaba:v1.2.2-maint shaba:v1.2.3-maint shaba:v1.2.4-maint shaba:v1.2.5-maint shaba:v1.2.6-maint shaba:v1.2.7-maint shaba:v1.2.8-maint shaba:v1.2.10-maint shaba:v1.2.11-maint shaba:v1.2.12-maint shaba:v1.2.13-maint shaba:v1.2.14-maint shaba:v1.2.15-maint shaba:v1.2.16-maint shaba:v1.2.17-maint shaba:v0.9.6-maint shaba:v0.9.11-maint shaba:v0.8.3-maint
shaba:v11.8.0 shaba:v11.8.0-rc2 shaba:v11.8.0-rc1 shaba:v11.7.0 shaba:v11.7.0-rc2 shaba:v11.7.0-rc1 shaba:v11.6.0 shaba:v11.6.0-rc2 shaba:v11.6.0-rc1 shaba:v11.5.0 shaba:v11.5.0-rc2 shaba:v11.5.0-rc1 shaba:v11.4.0 shaba:v11.4.0-rc2 shaba:v11.4.0-rc1 shaba:v11.3.0 shaba:v11.3.0-rc2 shaba:v11.3.0-rc1 shaba:v11.2.0 shaba:v11.2.0-rc2 shaba:v11.2.0-rc1 shaba:v11.1.0 shaba:v11.1.0-rc2 shaba:v11.1.0-rc1 shaba:v11.0.0 shaba:v11.0.0-rc2 shaba:v11.0.0-rc1 shaba:v10.10.0 shaba:v10.10.0-rc2 shaba:v10.10.0-rc1 shaba:v10.9.0 shaba:v10.9.0-rc2 shaba:v10.9.0-rc1 shaba:v10.8.0 shaba:v10.8.0-rc2 shaba:v10.8.0-rc1 shaba:v10.7.0 shaba:v10.7.0-rc2 shaba:v10.7.0-rc1 shaba:v10.6.0 shaba:v10.6.0-rc1 shaba:v10.5.0 shaba:v10.5.0-rc2 shaba:v10.5.0-rc1 shaba:v10.4.0 shaba:v10.4.0-rc2 shaba:v10.4.0-rc1 shaba:v10.3.0 shaba:v10.3.0-rc1 shaba:v10.2.0 shaba:v10.2.0-rc2 shaba:v10.2.0-rc1 shaba:v10.1.0 shaba:v10.1.0-rc2 shaba:v10.1.0-rc1 shaba:v10.0.0 shaba:v10.0.0-rc2 shaba:v10.0.0-rc1 shaba:v9.10.0 shaba:v9.10.0-rc2 shaba:v9.10.0-rc1 shaba:v9.9.0 shaba:v9.9.0-rc2 shaba:v9.9.0-rc1 shaba:v9.8.0 shaba:v9.8.0-rc2 shaba:v9.8.0-rc1 shaba:v9.7.0 shaba:v9.7.0-rc2 shaba:v9.7.0-rc1 shaba:v9.6.0 shaba:v9.6.0-rc2 shaba:v9.6.0-rc1 shaba:v9.5.0 shaba:v9.5.0-rc2 shaba:v9.5.0-rc1 shaba:v9.4.0 shaba:v9.4.0-rc2 shaba:v9.4.0-rc1 shaba:v9.3.0 shaba:v9.3.0-rc2 shaba:v9.3.0-rc1 shaba:v9.2.0 shaba:v9.2.0-rc2 shaba:v9.2.0-rc1 shaba:v9.1.0 shaba:v9.1.0-rc2 shaba:v9.1.0-rc1 shaba:v9.0.0 shaba:v9.0.0-rc2 shaba:v9.0.0-rc1 shaba:v8.10.0 shaba:v8.10.0-rc2 shaba:v8.10.0-rc1 shaba:v8.9.0 shaba:v8.9.0-rc2 shaba:v8.9.0-rc1 shaba:v8.8.0 shaba:v8.8.0-rc2 shaba:v8.8.0-rc1 shaba:v8.7.0 shaba:v8.7.0-rc2 shaba:v8.7.0-rc1 shaba:v8.6.0 shaba:v8.6.0-rc2 shaba:v8.6.0-rc1 shaba:v8.5.0 shaba:v8.5.0-rc2 shaba:v8.5.0-rc1 shaba:v8.4.0 shaba:v8.4.0-rc2 shaba:v8.4.0-rc1 shaba:v8.3.0 shaba:v8.3.0-rc2 shaba:v8.3.0-rc1 shaba:v8.2.0 shaba:v8.2.0-rc2 shaba:v8.2.0-rc1 shaba:v8.1.0 shaba:v8.1.0-rc2 shaba:v8.1.0-rc1 shaba:v8.0.0 shaba:v8.0.0-rc2 shaba:v8.0.0-rc1 shaba:v7.10.0 shaba:v7.10.0-rc2 shaba:v7.10.0-rc1 shaba:v7.9.0 shaba:v7.9.0-rc2 shaba:v7.9.0-rc1 shaba:v7.8.0 shaba:v7.8.0-rc2 shaba:v7.8.0-rc1 shaba:v7.7.0 shaba:v7.7.0-rc2 shaba:v7.7.0-rc1 shaba:v7.6.0 shaba:v7.6.0-rc2 shaba:v7.6.0-rc1 shaba:v7.5.0 shaba:v7.5.0-rc2 shaba:v7.5.0-rc1 shaba:v7.4.0 shaba:v7.4.0-rc2 shaba:v7.4.0-rc1 shaba:v7.3.0 shaba:v7.3.0-rc2 shaba:v7.3.0-rc1 shaba:v7.2.0 shaba:v7.2.0-rc2 shaba:v7.2.0-rc1 shaba:v7.1.0 shaba:v7.1.0-rc2 shaba:v7.1.0-rc1 shaba:v7.0.0 shaba:v7.0.0-rc2 shaba:v7.0.0-rc1 shaba:v6.10.0 shaba:v6.10.0-rc2 shaba:v6.10.0-rc1 shaba:v6.9.0 shaba:v6.9.0-rc2 shaba:v6.9.0-rc1 shaba:v6.8.0 shaba:v6.8.0-rc2 shaba:v6.8.0-rc1 shaba:v6.7.0 shaba:v6.7.0-rc2 shaba:v6.7.0-rc1 shaba:v6.6.0 shaba:v6.6.0-rc1 shaba:v6.5.0 shaba:v6.5.0-rc2 shaba:v6.5.0-rc1 shaba:v6.4.0 shaba:v6.4.0-rc1 shaba:v6.3.0 shaba:v6.3.0-rc1 shaba:v6.2.0 shaba:v6.2.0-rc1 shaba:v6.1.0 shaba:v6.1.0-rc2 shaba:v6.1.0-rc1 shaba:v6.0.0 shaba:v6.0.0-rc2 shaba:v6.0.0-rc1 shaba:v5.10.0 shaba:v5.10.0-rc2 shaba:v5.10.0-rc1 shaba:v5.9.0 shaba:v5.9.0-rc1 shaba:v5.8.0 shaba:v5.8.0-rc2 shaba:v5.8.0-rc1 shaba:v5.7.0 shaba:v5.7.0-rc2 shaba:v5.7.0-rc1 shaba:v5.6.0 shaba:v5.6.0-rc2 shaba:v5.6.0-rc1 shaba:v5.5.0 shaba:v5.5.0-rc2 shaba:v5.5.0-rc1 shaba:v5.4.0 shaba:v5.4.0-rc2 shaba:v5.4.0-rc1 shaba:v5.3.0 shaba:v5.3.0-rc2 shaba:v5.3.0-rc1 shaba:v5.2.0 shaba:v5.2.0-rc2 shaba:v5.2.0-rc1 shaba:v5.1.0 shaba:v5.1.0-rc2 shaba:v5.1.0-rc1 shaba:v5.0.0 shaba:v5.0.0-rc2 shaba:v5.0.0-rc1 shaba:v4.10.0 shaba:v4.10.0-rc2 shaba:v4.10.0-rc1 shaba:v4.9.0 shaba:v4.9.0-rc1 shaba:v4.8.0 shaba:v4.8.0-rc2 shaba:v4.8.0-rc1 shaba:v4.7.0 shaba:v4.7.0-rc2 shaba:v4.7.0-rc1 shaba:v4.6.0 shaba:v4.6.0-rc2 shaba:v4.6.0-rc1 shaba:v4.5.0 shaba:v4.5.0-rc2 shaba:v4.5.0-rc1 shaba:v4.4.0 shaba:v4.4.0-rc2 shaba:v4.4.0-rc1 shaba:v4.3.0 shaba:v4.3.0-rc2 shaba:v4.3.0-rc1 shaba:v4.2.0 shaba:v4.2.0-rc2 shaba:v4.2.0-rc1 shaba:v4.1.0 shaba:v4.1.0-rc2 shaba:v4.1.0-rc1 shaba:v4.0.0 shaba:v4.0.0-rc2 shaba:v4.0.0-rc1 shaba:v3.10.0 shaba:v3.10.0-rc2 shaba:v3.10.0-rc1 shaba:v3.9.0 shaba:v3.9.0-rc2 shaba:v3.9.0-rc1 shaba:CVE-2017-1000256 shaba:CVE-2017-2635 shaba:CVE-2016-5008 shaba:v3.8.0 shaba:v3.8.0-rc1 shaba:v3.7.0 shaba:v3.7.0-rc2 shaba:v3.7.0-rc1 shaba:v3.6.0 shaba:v3.6.0-rc2 shaba:v3.6.0-rc1 shaba:v3.5.0 shaba:v3.5.0-rc2 shaba:v3.5.0-rc1 shaba:v3.4.0 shaba:v3.4.0-rc2 shaba:v3.4.0-rc1 shaba:v3.2.1 shaba:v2.2.1 shaba:v1.3.3.3 shaba:v3.3.0 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.0 shaba:v3.2.0-rc2 shaba:v3.2.0-rc1 shaba:v3.1.0 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.0 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.5.0 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.0 shaba:v2.4.0-rc2 shaba:v2.4.0-rc1 shaba:v2.3.0 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v2.2.0 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.0 shaba:v2.1.0-rc1 shaba:v1.2.18.4 shaba:v1.3.3.2 shaba:v2.0.0 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.3.5 shaba:v1.3.5-rc1 shaba:v1.2.18.3 shaba:v1.3.3.1 shaba:v1.3.4 shaba:v1.3.4-rc2 shaba:v1.3.4-rc1 shaba:v1.3.3 shaba:v1.3.3-rc2 shaba:v1.3.3-rc1 shaba:v1.3.2 shaba:v1.3.2-rc2 shaba:v1.3.2-rc1 shaba:v1.3.1 shaba:v1.3.1-rc2 shaba:v1.3.1-rc1 shaba:v1.2.18.2 shaba:v1.2.13.2 shaba:CVE-2015-5313 shaba:v1.3.0 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.21 shaba:v1.2.21-rc2 shaba:v1.2.21-rc1 shaba:v1.2.20 shaba:v1.2.20-rc2 shaba:v1.2.20-rc1 shaba:v1.2.18.1 shaba:CVE-2015-5247-3 shaba:CVE-2015-5247-2 shaba:CVE-2015-5247-1 shaba:v1.2.19 shaba:v1.2.19-rc2 shaba:v1.2.19-rc1 shaba:v1.2.18 shaba:v1.2.18-rc2 shaba:v1.2.18-rc1 shaba:v1.2.17 shaba:v1.2.17-rc2 shaba:v1.2.17-rc1 shaba:v1.2.16 shaba:v1.2.16-rc2 shaba:v1.2.16-rc1 shaba:v1.2.15 shaba:v1.2.15-rc2 shaba:v1.2.13.1 shaba:v1.2.9.3 shaba:v1.2.15-rc1 shaba:v1.2.14 shaba:v1.2.14-rc2 shaba:v1.2.14-rc1 shaba:v1.2.13 shaba:v1.2.13-rc2 shaba:v1.2.13-rc1 shaba:v1.2.9.2 shaba:v1.1.3.9 shaba:v1.2.12 shaba:v1.2.12-rc2 shaba:CVE-2015-0236-2 shaba:CVE-2015-0236-1 shaba:v1.2.12-rc1 shaba:CVE-2014-8136 shaba:CVE-2014-8135 shaba:CVE-2014-8131-2 shaba:CVE-2014-8131-1 shaba:v1.2.11 shaba:v1.2.11-rc2 shaba:v1.2.11-rc1 shaba:v1.1.3.8 shaba:v1.1.3.7 shaba:v1.2.9.1 shaba:CVE-2014-7823 shaba:v1.2.10 shaba:v1.2.10-rc2 shaba:v1.2.10-rc1 shaba:CVE-2014-3657 shaba:v1.2.9 shaba:v1.2.9-rc2 shaba:v1.2.9-rc1 shaba:CVE-2014-0179 shaba:CVE-2014-3633 shaba:v1.1.3.6 shaba:v1.2.8 shaba:v1.2.8-rc2 shaba:v1.2.8-rc1 shaba:v1.2.7 shaba:v1.2.7-rc2 shaba:v1.2.7-rc1 shaba:v1.2.6 shaba:v1.2.6-rc2 shaba:v1.2.6-rc1 shaba:v1.2.5 shaba:v1.2.5-rc2 shaba:v1.2.5-rc1 shaba:v1.2.4 shaba:v1.1.3.5 shaba:v1.2.4-rc2 shaba:v1.2.4-rc1 shaba:v1.2.3 shaba:v1.2.3-rc2 shaba:v1.2.3-rc1 shaba:CVE-2013-7336 shaba:v1.2.2 shaba:v1.2.2-rc2 shaba:v1.2.2-rc1 shaba:v1.1.3.4 shaba:v1.1.3.3 shaba:v1.0.5.9 shaba:v0.9.12.3 shaba:v1.2.1 shaba:CVE-2014-0028 shaba:CVE-2014-1447-2 shaba:CVE-2014-1447-1 shaba:CVE-2013-6458-4 shaba:CVE-2013-6458-3 shaba:CVE-2013-6458-2 shaba:CVE-2013-6458-1 shaba:CVE-2013-6457 shaba:v1.2.1-rc2 shaba:v1.2.1-rc1 shaba:CVE-2013-6436 shaba:v1.0.5.8 shaba:v1.1.3.2 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.3.1 shaba:v1.0.5.7 shaba:v1.1.4 shaba:v1.1.4-rc2 shaba:v1.1.4-rc1 shaba:CVE-2013-4400-3 shaba:CVE-2013-4400-2 shaba:CVE-2013-4400-1 shaba:CVE-2013-4401 shaba:CVE-2013-4399 shaba:v0.9.12.2 shaba:v1.1.3 shaba:v1.1.3-rc2 shaba:v0.9.12.1 shaba:v1.1.3-rc1 shaba:v0.10.2.8 shaba:v1.0.5.6 shaba:CVE-2013-4311 shaba:CVE-2013-4296 shaba:CVE-2013-4297 shaba:v1.1.2 shaba:CVE-2013-5651 shaba:v1.1.2-rc2 shaba:CVE-2013-4291 shaba:CVE-2013-4292 shaba:v1.1.2-rc1 shaba:CVE-2013-4239 shaba:v0.10.2.7 shaba:v1.0.5.5 shaba:v1.1.1 shaba:v1.1.1-rc2 shaba:v1.1.1-rc1 shaba:CVE-2013-4153 shaba:CVE-2013-4154 shaba:v1.0.5.4 shaba:v1.0.5.3 shaba:CVE-2011-2178 shaba:CVE-2012-3445 shaba:CVE-2011-1486 shaba:CVE-2011-1146 shaba:CVE-2012-4423 shaba:CVE-2012-3411 shaba:CVE-2013-0170 shaba:CVE-2013-1962 shaba:CVE-2013-2230 shaba:CVE-2013-2218 shaba:v1.1.0 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v0.9.11.10 shaba:v0.10.2.6 shaba:v1.0.5.2 shaba:v1.0.6 shaba:v1.0.6-rc2 shaba:v1.0.6-rc1 shaba:v0.10.2.5 shaba:v1.0.5.1 shaba:v1.0.5 shaba:v1.0.5-rc1 shaba:v0.10.2.4 shaba:v1.0.4 shaba:v1.0.4-rc2 shaba:v1.0.4-rc1 shaba:v1.0.3 shaba:v1.0.3-rc2 shaba:v1.0.3-rc1 shaba:v1.0.2 shaba:v0.10.2.3 shaba:v0.9.11.9 shaba:v0.9.6.4 shaba:v1.0.2-rc2 shaba:v1.0.2-rc1 shaba:v1.0.1 shaba:v1.0.1-rc2 shaba:v1.0.1-rc1 shaba:v0.10.2.2 shaba:v0.9.11.8 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v0.10.2.1 shaba:v0.9.11.7 shaba:v1.0.0-rc1 shaba:v0.9.11.6 shaba:v0.9.6.3 shaba:v0.10.2 shaba:v0.10.2-rc2 shaba:v0.10.2-rc1 shaba:v0.10.1 shaba:v0.10.0 shaba:v0.10.0-rc2 shaba:v0.10.0-rc1 shaba:v0.9.11.5 shaba:v0.9.6.2 shaba:v0.10.0-rc0 shaba:v0.9.13 shaba:v0.9.13-rc2 shaba:v0.9.13-rc1 shaba:v0.9.6.1 shaba:v0.9.11.4 shaba:v0.9.12 shaba:v0.9.12-rc2 shaba:v0.9.12-rc1 shaba:v0.9.11.3 shaba:v0.9.11.2 shaba:v0.9.11.1 shaba:v0.9.11 shaba:v0.9.11-rc2 shaba:v0.9.11-rc1 shaba:v0.9.10 shaba:v0.9.10-rc2 shaba:v0.9.10-rc1 shaba:v0.9.9 shaba:v0.9.9-rc2 shaba:v0.9.9-rc1 shaba:v0.9.8 shaba:v0.9.8-rc2 shaba:v0.9.8-rc1 shaba:v0.9.7 shaba:v0.9.7-rc1 shaba:v0.9.6 shaba:v0.9.5 shaba:v0.9.5-rc3 shaba:v0.9.5-rc2 shaba:v0.9.5-rc1 shaba:v0.9.4 shaba:v0.9.4-rc2 shaba:v0.9.4-rc1 shaba:v0.9.3 shaba:v0.9.3-rc2 shaba:v0.9.3-rc1 shaba:v0.9.2 shaba:v0.9.1 shaba:v0.9.0 shaba:v0.8.8 shaba:v0.8.7 shaba:v0.8.6 shaba:v0.8.5 shaba:v0.8.4 shaba:v0.8.3 shaba:v0.8.2 shaba:v0.8.1 shaba:v0.8.0 shaba:v0.7.7 shaba:v0.7.6 shaba:v0.7.5 shaba:v0.7.4 shaba:v0.7.3 shaba:v0.7.2 shaba:v0.7.1 shaba:v0.7.0 shaba:LIBVIRT_0_6_5 shaba:v0.6.5 shaba:LIBVIRT_0_6_4 shaba:v0.6.4 shaba:LIBVIRT_0_6_3 shaba:v0.6.3 shaba:LIBVIRT_0_6_2 shaba:v0.6.2 shaba:v0.6.1 shaba:LIBVIRT_0_6_1 shaba:v0.6.0 shaba:LIBVIRT_0_6_0 shaba:LIBVIRT_0_5_1 shaba:v0.5.1 shaba:LIBVIRT_0_5_0 shaba:v0.5.0 shaba:LIBVIRT_0_4_6 shaba:v0.4.6 shaba:v0.4.4 shaba:LIBVIRT_0_4_4 shaba:v0.4.2 shaba:LIBVIRT_0_4_2 shaba:v0.4.1 shaba:LIBVIRT_0_4_1 shaba:LIBVIRT_0_3_3 shaba:v0.3.3 shaba:LIBVIRT_0_3_2 shaba:v0.3.2 shaba:LIBVIRT_0_3_1 shaba:v0.3.1 shaba:LIBVIRT_0_3_0 shaba:v0.3.0 shaba:LIVIRT_0_2_3 shaba:v0.2.3 shaba:v0.2.2 shaba:LIBVIRT_0_2_2 shaba:LIBVIRT_0_2_1 shaba:v0.2.1 shaba:v0.2.0 shaba:LIBVIRT_0_2_0 shaba:LIBVIRT_0_1_11 shaba:v0.1.11 shaba:LIBVIRT_0_1_10 shaba:v0.1.10 shaba:LIBVIRT_0_1_9 shaba:v0.1.9 shaba:v0.1.8 shaba:LIBVIRT_0_1_8 shaba:v0.1.7 shaba:LIBVIRT_0_1_7 shaba:v0.1.6 shaba:LIBVIRT_0_1_6 shaba:v0.1.4 shaba:LIBVIRT_0_1_4 shaba:v0.1.3 shaba:LIBVIRT_0_1_3 shaba:LIBVIRT_0_1_1 shaba:v0.1.1 shaba:v0.1.0 shaba:LIBVIRT_0_1_0 shaba:v0.0.5 shaba:LIBVIRT_0_0_5 shaba:LIBVIRT_0_0_4 shaba:v0.0.4 shaba:LIBVIRT_0_0_3 shaba:v0.0.3 shaba:LIBVIR_0_0_2 shaba:v0.0.2 shaba:LIBVIR_0_0_1 shaba:v0.0.1 shaba:LIBXEN_FIRST_COMMIT
..
compare: shaba:v4.9-maint
Branches Tags
shaba:master shaba:v1.2.19-maint shaba:v1.3.2-maint shaba:v1.3.1-maint shaba:v1.3.0-maint shaba:v1.2.21-maint shaba:v1.2.20-maint shaba:v1.3.3-maint shaba:v1.3.4-maint shaba:v1.3.5-maint shaba:v2.0-maint shaba:v2.1-maint shaba:v2.2-maint shaba:v3.0-maint shaba:v3.2-maint shaba:v3.7-maint shaba:v4.1-maint shaba:v4.2-maint shaba:v4.3-maint shaba:v4.4-maint shaba:v4.5-maint shaba:v4.6-maint shaba:v4.7-maint shaba:v4.8-maint shaba:v4.9-maint shaba:v4.10-maint shaba:v5.0-maint shaba:v5.1-maint shaba:v5.2-maint shaba:v5.3-maint shaba:v5.1.0-maint shaba:v1.2.18-maint shaba:v1.0.0-maint shaba:v1.0.1-maint shaba:v1.2.9-maint shaba:v0.9.12-maint shaba:v0.10.2-maint shaba:v1.0.2-maint shaba:v1.0.3-maint shaba:v1.0.4-maint shaba:v1.0.5-maint shaba:v1.0.6-maint shaba:v1.1.0-maint shaba:v1.1.1-maint shaba:v1.1.2-maint shaba:v1.1.3-maint shaba:v1.1.4-maint shaba:v1.2.0-maint shaba:v1.2.1-maint shaba:v1.2.2-maint shaba:v1.2.3-maint shaba:v1.2.4-maint shaba:v1.2.5-maint shaba:v1.2.6-maint shaba:v1.2.7-maint shaba:v1.2.8-maint shaba:v1.2.10-maint shaba:v1.2.11-maint shaba:v1.2.12-maint shaba:v1.2.13-maint shaba:v1.2.14-maint shaba:v1.2.15-maint shaba:v1.2.16-maint shaba:v1.2.17-maint shaba:v0.9.6-maint shaba:v0.9.11-maint shaba:v0.8.3-maint
shaba:v11.8.0 shaba:v11.8.0-rc2 shaba:v11.8.0-rc1 shaba:v11.7.0 shaba:v11.7.0-rc2 shaba:v11.7.0-rc1 shaba:v11.6.0 shaba:v11.6.0-rc2 shaba:v11.6.0-rc1 shaba:v11.5.0 shaba:v11.5.0-rc2 shaba:v11.5.0-rc1 shaba:v11.4.0 shaba:v11.4.0-rc2 shaba:v11.4.0-rc1 shaba:v11.3.0 shaba:v11.3.0-rc2 shaba:v11.3.0-rc1 shaba:v11.2.0 shaba:v11.2.0-rc2 shaba:v11.2.0-rc1 shaba:v11.1.0 shaba:v11.1.0-rc2 shaba:v11.1.0-rc1 shaba:v11.0.0 shaba:v11.0.0-rc2 shaba:v11.0.0-rc1 shaba:v10.10.0 shaba:v10.10.0-rc2 shaba:v10.10.0-rc1 shaba:v10.9.0 shaba:v10.9.0-rc2 shaba:v10.9.0-rc1 shaba:v10.8.0 shaba:v10.8.0-rc2 shaba:v10.8.0-rc1 shaba:v10.7.0 shaba:v10.7.0-rc2 shaba:v10.7.0-rc1 shaba:v10.6.0 shaba:v10.6.0-rc1 shaba:v10.5.0 shaba:v10.5.0-rc2 shaba:v10.5.0-rc1 shaba:v10.4.0 shaba:v10.4.0-rc2 shaba:v10.4.0-rc1 shaba:v10.3.0 shaba:v10.3.0-rc1 shaba:v10.2.0 shaba:v10.2.0-rc2 shaba:v10.2.0-rc1 shaba:v10.1.0 shaba:v10.1.0-rc2 shaba:v10.1.0-rc1 shaba:v10.0.0 shaba:v10.0.0-rc2 shaba:v10.0.0-rc1 shaba:v9.10.0 shaba:v9.10.0-rc2 shaba:v9.10.0-rc1 shaba:v9.9.0 shaba:v9.9.0-rc2 shaba:v9.9.0-rc1 shaba:v9.8.0 shaba:v9.8.0-rc2 shaba:v9.8.0-rc1 shaba:v9.7.0 shaba:v9.7.0-rc2 shaba:v9.7.0-rc1 shaba:v9.6.0 shaba:v9.6.0-rc2 shaba:v9.6.0-rc1 shaba:v9.5.0 shaba:v9.5.0-rc2 shaba:v9.5.0-rc1 shaba:v9.4.0 shaba:v9.4.0-rc2 shaba:v9.4.0-rc1 shaba:v9.3.0 shaba:v9.3.0-rc2 shaba:v9.3.0-rc1 shaba:v9.2.0 shaba:v9.2.0-rc2 shaba:v9.2.0-rc1 shaba:v9.1.0 shaba:v9.1.0-rc2 shaba:v9.1.0-rc1 shaba:v9.0.0 shaba:v9.0.0-rc2 shaba:v9.0.0-rc1 shaba:v8.10.0 shaba:v8.10.0-rc2 shaba:v8.10.0-rc1 shaba:v8.9.0 shaba:v8.9.0-rc2 shaba:v8.9.0-rc1 shaba:v8.8.0 shaba:v8.8.0-rc2 shaba:v8.8.0-rc1 shaba:v8.7.0 shaba:v8.7.0-rc2 shaba:v8.7.0-rc1 shaba:v8.6.0 shaba:v8.6.0-rc2 shaba:v8.6.0-rc1 shaba:v8.5.0 shaba:v8.5.0-rc2 shaba:v8.5.0-rc1 shaba:v8.4.0 shaba:v8.4.0-rc2 shaba:v8.4.0-rc1 shaba:v8.3.0 shaba:v8.3.0-rc2 shaba:v8.3.0-rc1 shaba:v8.2.0 shaba:v8.2.0-rc2 shaba:v8.2.0-rc1 shaba:v8.1.0 shaba:v8.1.0-rc2 shaba:v8.1.0-rc1 shaba:v8.0.0 shaba:v8.0.0-rc2 shaba:v8.0.0-rc1 shaba:v7.10.0 shaba:v7.10.0-rc2 shaba:v7.10.0-rc1 shaba:v7.9.0 shaba:v7.9.0-rc2 shaba:v7.9.0-rc1 shaba:v7.8.0 shaba:v7.8.0-rc2 shaba:v7.8.0-rc1 shaba:v7.7.0 shaba:v7.7.0-rc2 shaba:v7.7.0-rc1 shaba:v7.6.0 shaba:v7.6.0-rc2 shaba:v7.6.0-rc1 shaba:v7.5.0 shaba:v7.5.0-rc2 shaba:v7.5.0-rc1 shaba:v7.4.0 shaba:v7.4.0-rc2 shaba:v7.4.0-rc1 shaba:v7.3.0 shaba:v7.3.0-rc2 shaba:v7.3.0-rc1 shaba:v7.2.0 shaba:v7.2.0-rc2 shaba:v7.2.0-rc1 shaba:v7.1.0 shaba:v7.1.0-rc2 shaba:v7.1.0-rc1 shaba:v7.0.0 shaba:v7.0.0-rc2 shaba:v7.0.0-rc1 shaba:v6.10.0 shaba:v6.10.0-rc2 shaba:v6.10.0-rc1 shaba:v6.9.0 shaba:v6.9.0-rc2 shaba:v6.9.0-rc1 shaba:v6.8.0 shaba:v6.8.0-rc2 shaba:v6.8.0-rc1 shaba:v6.7.0 shaba:v6.7.0-rc2 shaba:v6.7.0-rc1 shaba:v6.6.0 shaba:v6.6.0-rc1 shaba:v6.5.0 shaba:v6.5.0-rc2 shaba:v6.5.0-rc1 shaba:v6.4.0 shaba:v6.4.0-rc1 shaba:v6.3.0 shaba:v6.3.0-rc1 shaba:v6.2.0 shaba:v6.2.0-rc1 shaba:v6.1.0 shaba:v6.1.0-rc2 shaba:v6.1.0-rc1 shaba:v6.0.0 shaba:v6.0.0-rc2 shaba:v6.0.0-rc1 shaba:v5.10.0 shaba:v5.10.0-rc2 shaba:v5.10.0-rc1 shaba:v5.9.0 shaba:v5.9.0-rc1 shaba:v5.8.0 shaba:v5.8.0-rc2 shaba:v5.8.0-rc1 shaba:v5.7.0 shaba:v5.7.0-rc2 shaba:v5.7.0-rc1 shaba:v5.6.0 shaba:v5.6.0-rc2 shaba:v5.6.0-rc1 shaba:v5.5.0 shaba:v5.5.0-rc2 shaba:v5.5.0-rc1 shaba:v5.4.0 shaba:v5.4.0-rc2 shaba:v5.4.0-rc1 shaba:v5.3.0 shaba:v5.3.0-rc2 shaba:v5.3.0-rc1 shaba:v5.2.0 shaba:v5.2.0-rc2 shaba:v5.2.0-rc1 shaba:v5.1.0 shaba:v5.1.0-rc2 shaba:v5.1.0-rc1 shaba:v5.0.0 shaba:v5.0.0-rc2 shaba:v5.0.0-rc1 shaba:v4.10.0 shaba:v4.10.0-rc2 shaba:v4.10.0-rc1 shaba:v4.9.0 shaba:v4.9.0-rc1 shaba:v4.8.0 shaba:v4.8.0-rc2 shaba:v4.8.0-rc1 shaba:v4.7.0 shaba:v4.7.0-rc2 shaba:v4.7.0-rc1 shaba:v4.6.0 shaba:v4.6.0-rc2 shaba:v4.6.0-rc1 shaba:v4.5.0 shaba:v4.5.0-rc2 shaba:v4.5.0-rc1 shaba:v4.4.0 shaba:v4.4.0-rc2 shaba:v4.4.0-rc1 shaba:v4.3.0 shaba:v4.3.0-rc2 shaba:v4.3.0-rc1 shaba:v4.2.0 shaba:v4.2.0-rc2 shaba:v4.2.0-rc1 shaba:v4.1.0 shaba:v4.1.0-rc2 shaba:v4.1.0-rc1 shaba:v4.0.0 shaba:v4.0.0-rc2 shaba:v4.0.0-rc1 shaba:v3.10.0 shaba:v3.10.0-rc2 shaba:v3.10.0-rc1 shaba:v3.9.0 shaba:v3.9.0-rc2 shaba:v3.9.0-rc1 shaba:CVE-2017-1000256 shaba:CVE-2017-2635 shaba:CVE-2016-5008 shaba:v3.8.0 shaba:v3.8.0-rc1 shaba:v3.7.0 shaba:v3.7.0-rc2 shaba:v3.7.0-rc1 shaba:v3.6.0 shaba:v3.6.0-rc2 shaba:v3.6.0-rc1 shaba:v3.5.0 shaba:v3.5.0-rc2 shaba:v3.5.0-rc1 shaba:v3.4.0 shaba:v3.4.0-rc2 shaba:v3.4.0-rc1 shaba:v3.2.1 shaba:v2.2.1 shaba:v1.3.3.3 shaba:v3.3.0 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.0 shaba:v3.2.0-rc2 shaba:v3.2.0-rc1 shaba:v3.1.0 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.0 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.5.0 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.0 shaba:v2.4.0-rc2 shaba:v2.4.0-rc1 shaba:v2.3.0 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v2.2.0 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.0 shaba:v2.1.0-rc1 shaba:v1.2.18.4 shaba:v1.3.3.2 shaba:v2.0.0 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.3.5 shaba:v1.3.5-rc1 shaba:v1.2.18.3 shaba:v1.3.3.1 shaba:v1.3.4 shaba:v1.3.4-rc2 shaba:v1.3.4-rc1 shaba:v1.3.3 shaba:v1.3.3-rc2 shaba:v1.3.3-rc1 shaba:v1.3.2 shaba:v1.3.2-rc2 shaba:v1.3.2-rc1 shaba:v1.3.1 shaba:v1.3.1-rc2 shaba:v1.3.1-rc1 shaba:v1.2.18.2 shaba:v1.2.13.2 shaba:CVE-2015-5313 shaba:v1.3.0 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.21 shaba:v1.2.21-rc2 shaba:v1.2.21-rc1 shaba:v1.2.20 shaba:v1.2.20-rc2 shaba:v1.2.20-rc1 shaba:v1.2.18.1 shaba:CVE-2015-5247-3 shaba:CVE-2015-5247-2 shaba:CVE-2015-5247-1 shaba:v1.2.19 shaba:v1.2.19-rc2 shaba:v1.2.19-rc1 shaba:v1.2.18 shaba:v1.2.18-rc2 shaba:v1.2.18-rc1 shaba:v1.2.17 shaba:v1.2.17-rc2 shaba:v1.2.17-rc1 shaba:v1.2.16 shaba:v1.2.16-rc2 shaba:v1.2.16-rc1 shaba:v1.2.15 shaba:v1.2.15-rc2 shaba:v1.2.13.1 shaba:v1.2.9.3 shaba:v1.2.15-rc1 shaba:v1.2.14 shaba:v1.2.14-rc2 shaba:v1.2.14-rc1 shaba:v1.2.13 shaba:v1.2.13-rc2 shaba:v1.2.13-rc1 shaba:v1.2.9.2 shaba:v1.1.3.9 shaba:v1.2.12 shaba:v1.2.12-rc2 shaba:CVE-2015-0236-2 shaba:CVE-2015-0236-1 shaba:v1.2.12-rc1 shaba:CVE-2014-8136 shaba:CVE-2014-8135 shaba:CVE-2014-8131-2 shaba:CVE-2014-8131-1 shaba:v1.2.11 shaba:v1.2.11-rc2 shaba:v1.2.11-rc1 shaba:v1.1.3.8 shaba:v1.1.3.7 shaba:v1.2.9.1 shaba:CVE-2014-7823 shaba:v1.2.10 shaba:v1.2.10-rc2 shaba:v1.2.10-rc1 shaba:CVE-2014-3657 shaba:v1.2.9 shaba:v1.2.9-rc2 shaba:v1.2.9-rc1 shaba:CVE-2014-0179 shaba:CVE-2014-3633 shaba:v1.1.3.6 shaba:v1.2.8 shaba:v1.2.8-rc2 shaba:v1.2.8-rc1 shaba:v1.2.7 shaba:v1.2.7-rc2 shaba:v1.2.7-rc1 shaba:v1.2.6 shaba:v1.2.6-rc2 shaba:v1.2.6-rc1 shaba:v1.2.5 shaba:v1.2.5-rc2 shaba:v1.2.5-rc1 shaba:v1.2.4 shaba:v1.1.3.5 shaba:v1.2.4-rc2 shaba:v1.2.4-rc1 shaba:v1.2.3 shaba:v1.2.3-rc2 shaba:v1.2.3-rc1 shaba:CVE-2013-7336 shaba:v1.2.2 shaba:v1.2.2-rc2 shaba:v1.2.2-rc1 shaba:v1.1.3.4 shaba:v1.1.3.3 shaba:v1.0.5.9 shaba:v0.9.12.3 shaba:v1.2.1 shaba:CVE-2014-0028 shaba:CVE-2014-1447-2 shaba:CVE-2014-1447-1 shaba:CVE-2013-6458-4 shaba:CVE-2013-6458-3 shaba:CVE-2013-6458-2 shaba:CVE-2013-6458-1 shaba:CVE-2013-6457 shaba:v1.2.1-rc2 shaba:v1.2.1-rc1 shaba:CVE-2013-6436 shaba:v1.0.5.8 shaba:v1.1.3.2 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.3.1 shaba:v1.0.5.7 shaba:v1.1.4 shaba:v1.1.4-rc2 shaba:v1.1.4-rc1 shaba:CVE-2013-4400-3 shaba:CVE-2013-4400-2 shaba:CVE-2013-4400-1 shaba:CVE-2013-4401 shaba:CVE-2013-4399 shaba:v0.9.12.2 shaba:v1.1.3 shaba:v1.1.3-rc2 shaba:v0.9.12.1 shaba:v1.1.3-rc1 shaba:v0.10.2.8 shaba:v1.0.5.6 shaba:CVE-2013-4311 shaba:CVE-2013-4296 shaba:CVE-2013-4297 shaba:v1.1.2 shaba:CVE-2013-5651 shaba:v1.1.2-rc2 shaba:CVE-2013-4291 shaba:CVE-2013-4292 shaba:v1.1.2-rc1 shaba:CVE-2013-4239 shaba:v0.10.2.7 shaba:v1.0.5.5 shaba:v1.1.1 shaba:v1.1.1-rc2 shaba:v1.1.1-rc1 shaba:CVE-2013-4153 shaba:CVE-2013-4154 shaba:v1.0.5.4 shaba:v1.0.5.3 shaba:CVE-2011-2178 shaba:CVE-2012-3445 shaba:CVE-2011-1486 shaba:CVE-2011-1146 shaba:CVE-2012-4423 shaba:CVE-2012-3411 shaba:CVE-2013-0170 shaba:CVE-2013-1962 shaba:CVE-2013-2230 shaba:CVE-2013-2218 shaba:v1.1.0 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v0.9.11.10 shaba:v0.10.2.6 shaba:v1.0.5.2 shaba:v1.0.6 shaba:v1.0.6-rc2 shaba:v1.0.6-rc1 shaba:v0.10.2.5 shaba:v1.0.5.1 shaba:v1.0.5 shaba:v1.0.5-rc1 shaba:v0.10.2.4 shaba:v1.0.4 shaba:v1.0.4-rc2 shaba:v1.0.4-rc1 shaba:v1.0.3 shaba:v1.0.3-rc2 shaba:v1.0.3-rc1 shaba:v1.0.2 shaba:v0.10.2.3 shaba:v0.9.11.9 shaba:v0.9.6.4 shaba:v1.0.2-rc2 shaba:v1.0.2-rc1 shaba:v1.0.1 shaba:v1.0.1-rc2 shaba:v1.0.1-rc1 shaba:v0.10.2.2 shaba:v0.9.11.8 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v0.10.2.1 shaba:v0.9.11.7 shaba:v1.0.0-rc1 shaba:v0.9.11.6 shaba:v0.9.6.3 shaba:v0.10.2 shaba:v0.10.2-rc2 shaba:v0.10.2-rc1 shaba:v0.10.1 shaba:v0.10.0 shaba:v0.10.0-rc2 shaba:v0.10.0-rc1 shaba:v0.9.11.5 shaba:v0.9.6.2 shaba:v0.10.0-rc0 shaba:v0.9.13 shaba:v0.9.13-rc2 shaba:v0.9.13-rc1 shaba:v0.9.6.1 shaba:v0.9.11.4 shaba:v0.9.12 shaba:v0.9.12-rc2 shaba:v0.9.12-rc1 shaba:v0.9.11.3 shaba:v0.9.11.2 shaba:v0.9.11.1 shaba:v0.9.11 shaba:v0.9.11-rc2 shaba:v0.9.11-rc1 shaba:v0.9.10 shaba:v0.9.10-rc2 shaba:v0.9.10-rc1 shaba:v0.9.9 shaba:v0.9.9-rc2 shaba:v0.9.9-rc1 shaba:v0.9.8 shaba:v0.9.8-rc2 shaba:v0.9.8-rc1 shaba:v0.9.7 shaba:v0.9.7-rc1 shaba:v0.9.6 shaba:v0.9.5 shaba:v0.9.5-rc3 shaba:v0.9.5-rc2 shaba:v0.9.5-rc1 shaba:v0.9.4 shaba:v0.9.4-rc2 shaba:v0.9.4-rc1 shaba:v0.9.3 shaba:v0.9.3-rc2 shaba:v0.9.3-rc1 shaba:v0.9.2 shaba:v0.9.1 shaba:v0.9.0 shaba:v0.8.8 shaba:v0.8.7 shaba:v0.8.6 shaba:v0.8.5 shaba:v0.8.4 shaba:v0.8.3 shaba:v0.8.2 shaba:v0.8.1 shaba:v0.8.0 shaba:v0.7.7 shaba:v0.7.6 shaba:v0.7.5 shaba:v0.7.4 shaba:v0.7.3 shaba:v0.7.2 shaba:v0.7.1 shaba:v0.7.0 shaba:LIBVIRT_0_6_5 shaba:v0.6.5 shaba:LIBVIRT_0_6_4 shaba:v0.6.4 shaba:LIBVIRT_0_6_3 shaba:v0.6.3 shaba:LIBVIRT_0_6_2 shaba:v0.6.2 shaba:v0.6.1 shaba:LIBVIRT_0_6_1 shaba:v0.6.0 shaba:LIBVIRT_0_6_0 shaba:LIBVIRT_0_5_1 shaba:v0.5.1 shaba:LIBVIRT_0_5_0 shaba:v0.5.0 shaba:LIBVIRT_0_4_6 shaba:v0.4.6 shaba:v0.4.4 shaba:LIBVIRT_0_4_4 shaba:v0.4.2 shaba:LIBVIRT_0_4_2 shaba:v0.4.1 shaba:LIBVIRT_0_4_1 shaba:LIBVIRT_0_3_3 shaba:v0.3.3 shaba:LIBVIRT_0_3_2 shaba:v0.3.2 shaba:LIBVIRT_0_3_1 shaba:v0.3.1 shaba:LIBVIRT_0_3_0 shaba:v0.3.0 shaba:LIVIRT_0_2_3 shaba:v0.2.3 shaba:v0.2.2 shaba:LIBVIRT_0_2_2 shaba:LIBVIRT_0_2_1 shaba:v0.2.1 shaba:v0.2.0 shaba:LIBVIRT_0_2_0 shaba:LIBVIRT_0_1_11 shaba:v0.1.11 shaba:LIBVIRT_0_1_10 shaba:v0.1.10 shaba:LIBVIRT_0_1_9 shaba:v0.1.9 shaba:v0.1.8 shaba:LIBVIRT_0_1_8 shaba:v0.1.7 shaba:LIBVIRT_0_1_7 shaba:v0.1.6 shaba:LIBVIRT_0_1_6 shaba:v0.1.4 shaba:LIBVIRT_0_1_4 shaba:v0.1.3 shaba:LIBVIRT_0_1_3 shaba:LIBVIRT_0_1_1 shaba:v0.1.1 shaba:v0.1.0 shaba:LIBVIRT_0_1_0 shaba:v0.0.5 shaba:LIBVIRT_0_0_5 shaba:LIBVIRT_0_0_4 shaba:v0.0.4 shaba:LIBVIRT_0_0_3 shaba:v0.0.3 shaba:LIBVIR_0_0_2 shaba:v0.0.2 shaba:LIBVIR_0_0_1 shaba:v0.0.1 shaba:LIBXEN_FIRST_COMMIT

7 Commits
v5.2.0-rc2 ... v4.9-maint

Author SHA1 Message Date
Ján Tomko
dd88b69a20 api: disallow virConnect*HypervisorCPU on read-only connections 
These APIs can be used to execute arbitrary emulators.
Forbid them on read-only connections.

Fixes: CVE-2019-10168
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit bf6c2830b6)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
 2019-06-24 09:54:57 +02:00
Ján Tomko
6452b9fdff api: disallow virConnectGetDomainCapabilities on read-only connections 
This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8afa68bac0)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
 2019-06-24 09:54:57 +02:00
Ján Tomko
0a744e1551 api: disallow virDomainManagedSaveDefineXML on read-only connections 
The virDomainManagedSaveDefineXML can be used to alter the domain's
config used for managedsave or even execute arbitrary emulator binaries.
Forbid it on read-only connections.

Fixes: CVE-2019-10166
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit db0b78457f)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
 2019-06-24 09:54:57 +02:00
Ján Tomko
568c735d7b api: disallow virDomainSaveImageGetXMLDesc on read-only connections 
The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit aed6a032ce)
Signed-off-by: Ján Tomko <jtomko@redhat.com>

Conflicts:
  src/libvirt-domain.c
  src/remote/remote_protocol.x

Upstream commit 12a51f372 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
alias for VIR_DOMAIN_XML_SECURE is not backported.
Just skip the commit since we now disallow the whole API on read-only
connections, regardless of the flag.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
 2019-06-24 09:54:57 +02:00
Daniel P. Berrangé
a474f18dce logging: restrict sockets to mode 0600 
The virtlogd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket permissions to 0600

Fixes CVE-2019-10132

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit e37bd65f99)
 2019-05-21 13:29:20 +01:00
Daniel P. Berrangé
ea014c9fcf locking: restrict sockets to mode 0600 
The virtlockd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket permissions to 0600

Fixes CVE-2019-10132

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit f111e09468)
 2019-05-21 13:29:20 +01:00
Daniel P. Berrangé
b0f788c2d3 admin: reject clients unless their UID matches the current UID 
The admin protocol RPC messages are only intended for use by the user
running the daemon. As such they should not be allowed for any client
UID that does not match the server UID.

Fixes CVE-2019-10132

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 96f41cd765)
 2019-05-21 13:29:20 +01:00
2437 changed files with 41209 additions and 161180 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -11,6 +11,7 @@
*.gcov
*.html
*.i
*.init
*.la
*.lo
*.loT
@@ -189,6 +190,7 @@
/tools/virt-admin
/tools/virt-*-validate
/tools/virt-sanlock-cleanup
/tools/wireshark/src/plugin.c
/tools/wireshark/src/libvirt
/update.log
GPATH

2
.gnulib

Submodule .gnulib updated: 8089c00979...68df637b5f

7
.travis.yml
View File

@@ -11,11 +11,13 @@ matrix:
- docker
env:
- IMAGE="ubuntu-18"
- DISTCHECK_CONFIGURE_FLAGS="--with-init-script=systemd"
- DOCKER_CMD="$LINUX_CMD"
- services:
- docker
env:
- IMAGE="centos-7"
- DISTCHECK_CONFIGURE_FLAGS="--with-init-script=upstart"
- DOCKER_CMD="$LINUX_CMD"
- services:
- docker
@@ -43,7 +45,8 @@ script:
-w /build
-e VIR_TEST_DEBUG="$VIR_TEST_DEBUG"
-e MINGW="$MINGW"
"quay.io/libvirt/buildenv-$IMAGE:master"
-e DISTCHECK_CONFIGURE_FLAGS="$DISTCHECK_CONFIGURE_FLAGS"
"libvirt/buildenv-$IMAGE"
/bin/sh -xc "$DOCKER_CMD"
git:
@@ -55,7 +58,7 @@ env:
- LINUX_CMD="
./autogen.sh &&
make -j3 syntax-check &&
make -j3 distcheck ||
make -j3 distcheck DISTCHECK_CONFIGURE_FLAGS=\"\$DISTCHECK_CONFIGURE_FLAGS\" ||
(
echo '=== LOG FILE(S) START ===';
find -name test-suite.log | xargs cat;

20
Makefile.am
View File

@@ -16,15 +16,15 @@
## License along with this library. If not, see
## <http://www.gnu.org/licenses/>.
LCOV = lcov
GENHTML = genhtml
SUBDIRS = . gnulib/lib include/libvirt src tools docs gnulib/tests \
tests po examples
XZ_OPT ?= -v -T0
export XZ_OPT
# have gnulib 'make coverage' output to 'cov' dir
COVERAGE_OUT = "cov"
ACLOCAL_AMFLAGS = -I m4
EXTRA_DIST = \
@@ -77,6 +77,20 @@ check-local: all tests
check-access:
@($(MAKE) $(AM_MAKEFLAGS) -C tests check-access)
cov: clean-cov
$(MKDIR_P) $(top_builddir)/coverage
$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \
-d $(top_builddir)/src \
-d $(top_builddir)/tests
$(LCOV) -r $(top_builddir)/coverage/libvirt.info.tmp \
-o $(top_builddir)/coverage/libvirt.info
rm $(top_builddir)/coverage/libvirt.info.tmp
$(GENHTML) --show-details -t "libvirt" -o $(top_builddir)/coverage \
--legend $(top_builddir)/coverage/libvirt.info
clean-cov:
rm -rf $(top_builddir)/coverage
MAINTAINERCLEANFILES = .git-module-status
dist-hook: gen-ChangeLog gen-AUTHORS

37
bootstrap
View File

@@ -1,10 +1,10 @@
#! /bin/sh
# Print a version string.
scriptversion=2019-01-04.17; # UTC
scriptversion=2018-07-01.02; # UTC
# Bootstrap this package from checked-out sources.
# Copyright (C) 2003-2019 Free Software Foundation, Inc.
# Copyright (C) 2003-2018 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -142,9 +142,6 @@ die() { warn_ "$@"; exit 1; }
# Configuration.
# Name of the Makefile.am
gnulib_mk=gnulib.mk
# List of gnulib modules needed.
gnulib_modules=
@@ -162,11 +159,18 @@ bootstrap_post_import_hook() { :; }
# Override it via your own definition in bootstrap.conf.
bootstrap_epilogue() { :; }
# The command to download all .po files for a specified domain into a
# specified directory. Fill in the first %s with the destination
# directory and the second with the domain name.
# The command to download all .po files for a specified domain into
# a specified directory. Fill in the first %s is the domain name, and
# the second with the destination directory. Use rsync's -L and -r
# options because the latest/%s directory and the .po files within are
# all symlinks.
po_download_command_format=\
"wget --mirror --level=1 -nd -q -A.po -P '%s' \
"rsync --delete --exclude '*.s1' -Lrtvz \
'translationproject.org::tp/latest/%s/' '%s'"
# Fallback for downloading .po files (if rsync fails).
po_download_command_format2=\
"wget --mirror -nd -q -np -A.po -P '%s' \
https://translationproject.org/latest/%s/"
# Prefer a non-empty tarname (4th argument of AC_INIT if given), else
@@ -734,7 +738,10 @@ download_po_files() {
subdir=$1
domain=$2
echo "$me: getting translations into $subdir for $domain..."
cmd=$(printf "$po_download_command_format" "$subdir" "$domain")
cmd=$(printf "$po_download_command_format" "$domain" "$subdir")
eval "$cmd" && return
# Fallback to HTTPS.
cmd=$(printf "$po_download_command_format2" "$subdir" "$domain")
eval "$cmd"
}
@@ -963,16 +970,6 @@ fi
bootstrap_post_import_hook \
|| die "bootstrap_post_import_hook failed"
# Don't proceed if there are uninitialized submodules. In particular,
# the next step will remove dangling links, which might be links into
# uninitialized submodules.
#
# Uninitialized submodules are listed with an initial dash.
if $use_git && git submodule | grep '^-' >/dev/null; then
die "some git submodules are not initialized. " \
"Run 'git submodule init' and bootstrap again."
fi
# Remove any dangling symlink matching "*.m4" or "*.[ch]" in some
# gnulib-populated directories. Such .m4 files would cause aclocal to fail.
# The following requires GNU find 4.2.3 or newer. Considering the usual

2
bootstrap.conf
View File

@@ -10,7 +10,7 @@
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
# GNU General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see

3
build-aux/augeas-gentest.pl
View File

@@ -16,6 +16,9 @@
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
# Authors:
# Daniel P. Berrange <berrange@redhat.com>
use strict;
use warnings;

482
build-aux/check-spacing.pl
View File

@@ -16,181 +16,363 @@
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
# Authors:
# Daniel P. Berrange <berrange@redhat.com>
use strict;
use warnings;
#
# CheckFunctionBody:
# $_[0]: $data(in)
# $_[1]: $location(in), which format is file-path:line-num:line-code
# $_[2]: $fn_linenum(inout), maintains start line-num of function body
# Returns 0 in case of success or 1 on failure
#
# Check incorrect indentation and blank first line in function body.
# For efficiency, it only checks the first line of function body.
# But it's enough for most cases.
# (It could be better that we use *state* to declare @fn_linenum and
# move it into this subroutine. But *state* requires version >= v5.10.)
#
sub CheckFunctionBody {
my $ret = 0;
my ($data, $location, $fn_linenum) = @_;
# Check first line of function block
if ($$fn_linenum) {
if ($$data =~ /^\s*$/) {
print "Blank line before content in function body:\n$$location";
$ret = 1;
} elsif ($$data !~ /^[ ]{4}\S/) {
unless ($$data =~ /^[ ]\w+:$/ || $$data =~ /^}/) {
print "Incorrect indentation in function body:\n$$location";
$ret = 1;
}
}
$$fn_linenum = 0;
}
# Detect start of function block
if ($$data =~ /^{$/) {
$$fn_linenum = $.;
}
return $ret;
}
#
# KillComments:
# $_[0]: $data(inout)
# $_[1]: $incomment(inout)
#
# Remove all content of comments
# (Also, the @incomment could be declared with *state* and move it in.)
#
sub KillComments {
my ($data, $incomment) = @_;
# Kill contents of multi-line comments
# and detect end of multi-line comments
if ($$incomment) {
if ($$data =~ m,\*/,) {
$$incomment = 0;
$$data =~ s,^.*\*/,*/,;
} else {
$$data = "";
}
}
# Kill single line comments, and detect
# start of multi-line comments
if ($$data =~ m,/\*.*\*/,) {
$$data =~ s,/\*.*\*/,/* */,;
} elsif ($$data =~ m,/\*,) {
$$incomment = 1;
$$data =~ s,/\*.*,/*,;
}
return;
}
#
# CheckWhiteSpaces:
# $_[0]: $data(in)
# $_[1]: $location(in), which format is file-path:line-num:line-code
# Returns 0 in case of success or 1 on failure
#
# Check whitespaces according to code spec of libvirt.
#
sub CheckWhiteSpaces {
my $ret = 0;
my ($data, $location) = @_;
# We need to match things like
#
# int foo (int bar, bool wizz);
# foo (bar, wizz);
#
# but not match things like:
#
# typedef int (*foo)(bar wizz)
#
# we can't do this (efficiently) without
# missing things like
#
# foo (*bar, wizz);
#
# We also don't want to spoil the $data so it can be used
# later on.
# For temporary modifications
my $tmpdata = $$data;
while ($tmpdata =~ /(\w+)\s\((?!\*)/) {
my $kw = $1;
# Allow space after keywords only
if ($kw =~ /^(?:if|for|while|switch|return)$/) {
$tmpdata =~ s/(?:$kw\s\()/XXX(/;
} else {
print "Whitespace after non-keyword:\n$$location";
$ret = 1;
last;
}
}
# Require whitespace immediately after keywords
if ($$data =~ /\b(?:if|for|while|switch|return)\(/) {
print "No whitespace after keyword:\n$$location";
$ret = 1;
}
# Forbid whitespace between )( of a function typedef
if ($$data =~ /\(\*\w+\)\s+\(/) {
print "Whitespace between ')' and '(':\n$$location";
$ret = 1;
}
# Forbid whitespace following ( or prior to )
# but allow whitespace before ) on a single line
# (optionally followed by a semicolon)
if (($$data =~ /\s\)/ && not $$data =~ /^\s+\);?$/) ||
$$data =~ /\((?!$)\s/) {
print "Whitespace after '(' or before ')':\n$$location";
$ret = 1;
}
# Forbid whitespace before ";" or ",". Things like below are allowed:
#
# 1) The expression is empty for "for" loop. E.g.
# for (i = 0; ; i++)
#
# 2) An empty statement. E.g.
# while (write(statuswrite, &status, 1) == -1 &&
# errno == EINTR)
# ;
#
if ($$data =~ /\s[;,]/) {
unless ($$data =~ /\S; ; / ||
$$data =~ /^\s+;/) {
print "Whitespace before semicolon or comma:\n$$location";
$ret = 1;
}
}
# Require EOL, macro line continuation, or whitespace after ";".
# Allow "for (;;)" as an exception.
if ($$data =~ /;[^ \\\n;)]/) {
print "Invalid character after semicolon:\n$$location";
$ret = 1;
}
# Require EOL, space, or enum/struct end after comma.
if ($$data =~ /,[^ \\\n)}]/) {
print "Invalid character after comma:\n$$location";
$ret = 1;
}
# Require spaces around assignment '=', compounds and '=='
if ($$data =~ /[^ ]\b[!<>&|\-+*\/%\^=]?=/ ||
$$data =~ /=[^= \\\n]/) {
print "Spacing around '=' or '==':\n$$location";
$ret = 1;
}
return $ret;
}
#
# CheckCurlyBrackets:
# $_[0]: $data(in)
# $_[1]: $file(in)
# $_[2]: $line(in)
# $_[3]: $cb_linenum(inout)
# $_[4]: $cb_code(inout)
# $_[5]: $cb_scolon(inout)
# Returns 0 in case of success or 1 on failure
#
# Check whitespaces according to code spec of libvirt.
#
sub CheckCurlyBrackets {
my $ret = 0;
my ($data, $file, $line, $cb_linenum, $cb_code, $cb_scolon) = @_;
# One line conditional statements with one line bodies should
# not use curly brackets.
if ($$data =~ /^\s*(if|while|for)\b.*\{$/) {
$$cb_linenum = $.;
$$cb_code = $$line;
$$cb_scolon = 0;
}
# We need to check for exactly one semicolon inside the body,
# because empty statements (e.g. with comment only) are
# allowed
if ($$cb_linenum == $. - 1 && $$data =~ /^[^;]*;[^;]*$/) {
$$cb_code .= $$line;
$$cb_scolon = 1;
}
if ($$data =~ /^\s*}\s*$/ &&
$$cb_linenum == $. - 2 &&
$$cb_scolon) {
print "Curly brackets around single-line body:\n";
print "$$file:$$cb_linenum-$.:\n$$cb_code$$line";
$ret = 1;
# There _should_ be no need to reset the values; but to
# keep my inner peace...
$$cb_linenum = 0;
$$cb_scolon = 0;
$$cb_code = "";
}
return $ret;
}
#
# CheckMisalignment:
# $_[0]: $data(in)
# $_[1]: $file(in)
# $_[2]: $line(in)
# $_[3]: @paren_stack(inout), which maintains information
# of the parenthesis
# Returns 0 in case of success or 1 on failure
#
# Check misaligned stuff in parenthesis:
# 1. For misaligned arguments of function
# 2. For misaligned conditions of [if|while|switch|...]
#
sub CheckMisalignment {
my $ret = 0;
my ($data, $file, $line, $paren_stack) = @_;
# Check alignment based on @paren_stack
if (@$paren_stack) {
if ($$data =~ /(\S+.*$)/) {
my $pos = $$paren_stack[-1][0];
my $linenum = $$paren_stack[-1][1];
my $code = $$paren_stack[-1][2];
if ($pos + 1 != length($`)) {
my $pad = "";
if ($. > $linenum + 1) {
$pad = " " x $pos . " ...\n";
}
print "Misaligned line in parenthesis:\n";
print "$$file:$linenum-$.:\n$code$pad$$line\n";
$ret = 1;
}
}
}
# Maintain @paren_stack
if ($$data =~ /.*[()]/) {
my $pos = 0;
my $temp = $$data;
# Kill the content between matched parenthesis and themselves
# within the current line.
$temp =~ s,(\((?:[^()]++|(?R))*+\)),"X" x (length $&),ge;
# Pop a item for the open-paren when finding close-paren
while (($pos = index($temp, "\)", $pos)) >= 0) {
if (@$paren_stack) {
pop(@$paren_stack);
$pos++;
} else {
print "Warning: found unbalanced parenthesis:\n";
print "$$file:$.:\n$$line\n";
$ret = 1;
last;
}
}
# Push the item for open-paren on @paren_stack
# @item = [ position of the open-paren, linenum, code-line ]
while (($pos = index($temp, "\(", $pos)) >= 0) {
push @$paren_stack, [$pos, $., $$line];
$pos++;
}
}
return $ret;
}
my $ret = 0;
my $incomment = 0;
foreach my $file (@ARGV) {
# Per-file variables for multiline Curly Bracket (cb_) check
my $cb_linenum = 0;
my $cb_code = "";
my $cb_scolon = 0;
my $fn_linenum = 0;
my $incomment = 0;
my @paren_stack;
open FILE, $file;
while (defined (my $line = <FILE>)) {
my $has_define = 0;
my $data = $line;
# For temporary modifications
my $tmpdata;
my $location = "$file:$.:\n$line";
# Kill any quoted , ; = or "
$data =~ s/'[";,=]'/'X'/g;
# Kill any quoted strings
$data =~ s,"(?:[^\\\"]|\\.)*","XXX",g;
# Kill any quoted strings. Replace with equal-length "XXXX..."
$data =~ s,"(([^\\\"]|\\.)*)","\"".'X'x(length $1)."\"",ge;
$data =~ s,'(([^\\\']|\\.)*)',"\'".'X'x(length $1)."\'",ge;
next if $data =~ /^#/;
# Kill any C++ style comments
$data =~ s,//.*$,//,;
# Kill contents of multi-line comments
# and detect end of multi-line comments
if ($incomment) {
if ($data =~ m,\*/,) {
$incomment = 0;
$data =~ s,^.*\*/,*/,;
} else {
$data = "";
}
$has_define = 1 if $data =~ /(?:^#\s*define\b)/;
if (not $has_define) {
# Ignore all macros except for #define
next if $data =~ /^#/;
$ret = 1 if CheckFunctionBody(\$data, \$location, \$fn_linenum);
KillComments(\$data, \$incomment);
$ret = 1 if CheckWhiteSpaces(\$data, \$location);
$ret = 1 if CheckCurlyBrackets(\$data, \$file, \$line,
\$cb_linenum, \$cb_code, \$cb_scolon);
}
# Kill single line comments, and detect
# start of multi-line comments
if ($data =~ m,/\*.*\*/,) {
$data =~ s,/\*.*\*/,/* */,;
} elsif ($data =~ m,/\*,) {
$incomment = 1;
$data =~ s,/\*.*,/*,;
}
#####################################################################
# Temporary Filter for CheckMisalignment:
# Here we introduce a white-list of path, since there're
# too much misalignment.
# We _need_ fix these misalignment in batches.
# We _should_ remove it as soon as fixing all.
#####################################################################
next unless $file =~ /^src\/util\//;
# We need to match things like
#
# int foo (int bar, bool wizz);
# foo (bar, wizz);
#
# but not match things like:
#
# typedef int (*foo)(bar wizz)
#
# we can't do this (efficiently) without
# missing things like
#
# foo (*bar, wizz);
#
# We also don't want to spoil the $data so it can be used
# later on.
$tmpdata = $data;
while ($tmpdata =~ /(\w+)\s\((?!\*)/) {
my $kw = $1;
# Allow space after keywords only
if ($kw =~ /^(?:if|for|while|switch|return)$/) {
$tmpdata =~ s/(?:$kw\s\()/XXX(/;
} else {
print "Whitespace after non-keyword:\n";
print "$file:$.: $line";
$ret = 1;
last;
}
}
# Require whitespace immediately after keywords
if ($data =~ /\b(?:if|for|while|switch|return)\(/) {
print "No whitespace after keyword:\n";
print "$file:$.: $line";
$ret = 1;
}
# Forbid whitespace between )( of a function typedef
if ($data =~ /\(\*\w+\)\s+\(/) {
print "Whitespace between ')' and '(':\n";
print "$file:$.: $line";
$ret = 1;
}
# Forbid whitespace following ( or prior to )
# but allow whitespace before ) on a single line
# (optionally followed by a semicolon)
if (($data =~ /\s\)/ && not $data =~ /^\s+\);?$/) ||
$data =~ /\((?!$)\s/) {
print "Whitespace after '(' or before ')':\n";
print "$file:$.: $line";
$ret = 1;
}
# Forbid whitespace before ";" or ",". Things like below are allowed:
#
# 1) The expression is empty for "for" loop. E.g.
# for (i = 0; ; i++)
#
# 2) An empty statement. E.g.
# while (write(statuswrite, &status, 1) == -1 &&
# errno == EINTR)
# ;
#
if ($data =~ /\s[;,]/) {
unless ($data =~ /\S; ; / ||
$data =~ /^\s+;/) {
print "Whitespace before semicolon or comma:\n";
print "$file:$.: $line";
$ret = 1;
}
}
# Require EOL, macro line continuation, or whitespace after ";".
# Allow "for (;;)" as an exception.
if ($data =~ /;[^ \\\n;)]/) {
print "Invalid character after semicolon:\n";
print "$file:$.: $line";
$ret = 1;
}
# Require EOL, space, or enum/struct end after comma.
if ($data =~ /,[^ \\\n)}]/) {
print "Invalid character after comma:\n";
print "$file:$.: $line";
$ret = 1;
}
# Require spaces around assignment '=', compounds and '=='
if ($data =~ /[^ ]\b[!<>&|\-+*\/%\^=]?=/ ||
$data =~ /=[^= \\\n]/) {
print "Spacing around '=' or '==':\n";
print "$file:$.: $line";
$ret = 1;
}
# One line conditional statements with one line bodies should
# not use curly brackets.
if ($data =~ /^\s*(if|while|for)\b.*\{$/) {
$cb_linenum = $.;
$cb_code = $line;
$cb_scolon = 0;
}
# We need to check for exactly one semicolon inside the body,
# because empty statements (e.g. with comment only) are
# allowed
if ($cb_linenum == $. - 1 && $data =~ /^[^;]*;[^;]*$/) {
$cb_code .= $line;
$cb_scolon = 1;
}
if ($data =~ /^\s*}\s*$/ &&
$cb_linenum == $. - 2 &&
$cb_scolon) {
print "Curly brackets around single-line body:\n";
print "$file:$cb_linenum-$.:\n$cb_code$line";
$ret = 1;
# There _should_ be no need to reset the values; but to
# keep my inner peace...
$cb_linenum = 0;
$cb_scolon = 0;
$cb_code = "";
}
$ret = 1 if CheckMisalignment(\$data, \$file, \$line, \@paren_stack);
}
close FILE;
}

156
build-aux/header-ifdef.pl
View File

@@ -1,156 +0,0 @@
#!/usr/bin/perl
#
# Validate that header files follow a standard layout:
#
# /*
# ...copyright header...
# */
# <one blank line>
# #ifndef SYMBOL
# # define SYMBOL
# ....content....
# #endif /* SYMBOL */
#
# For any file ending priv.h, before the #ifndef
# We will have a further section
#
# #ifndef SYMBOL_ALLOW
# # error ....
# #endif /* SYMBOL_ALLOW */
# <one blank line>
use strict;
use warnings;
my $STATE_COPYRIGHT_COMMENT = 0;
my $STATE_COPYRIGHT_BLANK = 1;
my $STATE_PRIV_START = 2;
my $STATE_PRIV_ERROR = 3;
my $STATE_PRIV_END = 4;
my $STATE_PRIV_BLANK = 5;
my $STATE_GUARD_START = 6;
my $STATE_GUARD_DEFINE = 7;
my $STATE_GUARD_END = 8;
my $STATE_EOF = 9;
my $file = " ";
my $ret = 0;
my $ifdef = "";
my $ifdefpriv = "";
my $state = $STATE_EOF;
my $mistake = 0;
sub mistake {
my $msg = shift;
warn $msg;
$mistake = 1;
$ret = 1;
}
while (<>) {
if (not $file eq $ARGV) {
if ($state == $STATE_COPYRIGHT_COMMENT) {
&mistake("$file: missing copyright comment");
} elsif ($state == $STATE_COPYRIGHT_BLANK) {
&mistake("$file: missing blank line after copyright header");
} elsif ($state == $STATE_PRIV_START) {
&mistake("$file: missing '#ifndef $ifdefpriv'");
} elsif ($state == $STATE_PRIV_ERROR) {
&mistake("$file: missing '# error ...priv allow...'");
} elsif ($state == $STATE_PRIV_END) {
&mistake("$file: missing '#endif /* $ifdefpriv */'");
} elsif ($state == $STATE_PRIV_BLANK) {
&mistake("$file: missing blank line after priv header check");
} elsif ($state == $STATE_GUARD_START) {
&mistake("$file: missing '#ifndef $ifdef'");
} elsif ($state == $STATE_GUARD_DEFINE) {
&mistake("$file: missing '# define $ifdef'");
} elsif ($state == $STATE_GUARD_END) {
&mistake("$file: missing '#endif /* $ifdef */'");
}
$ifdef = uc $ARGV;
$ifdef =~ s,.*/,,;
$ifdef =~ s,[^A-Z0-9],_,g;
$ifdef =~ s,__+,_,g;
unless ($ifdef =~ /^LIBVIRT_/ && $ARGV !~ /libvirt_internal.h/) {
$ifdef = "LIBVIRT_" . $ifdef;
}
$ifdefpriv = $ifdef . "_ALLOW";
$file = $ARGV;
$state = $STATE_COPYRIGHT_COMMENT;
$mistake = 0;
}
if ($mistake ||
$ARGV =~ /config-post\.h$/ ||
$ARGV =~ /vbox_(CAPI|XPCOM)/) {
$state = $STATE_EOF;
next;
}
if ($state == $STATE_COPYRIGHT_COMMENT) {
if (m,\*/,) {
$state = $STATE_COPYRIGHT_BLANK;
}
} elsif ($state == $STATE_COPYRIGHT_BLANK) {
if (! /^$/) {
&mistake("$file: missing blank line after copyright header");
}
if ($ARGV =~ /priv\.h$/) {
$state = $STATE_PRIV_START;
} else {
$state = $STATE_GUARD_START;
}
} elsif ($state == $STATE_PRIV_START) {
if (/^$/) {
&mistake("$file: too many blank lines after coyright header");
} elsif (/#ifndef $ifdefpriv$/) {
$state = $STATE_PRIV_ERROR;
} else {
&mistake("$file: missing '#ifndef $ifdefpriv'");
}
} elsif ($state == $STATE_PRIV_ERROR) {
if (/# error ".*"$/) {
$state = $STATE_PRIV_END;
} else {
&mistake("$file: missing '#error ...priv allow...'");
}
} elsif ($state == $STATE_PRIV_END) {
if (m,#endif /\* $ifdefpriv \*/,) {
$state = $STATE_PRIV_BLANK;
} else {
&mistake("$file: missing '#endif /* $ifdefpriv */'");
}
} elsif ($state == $STATE_PRIV_BLANK) {
if (! /^$/) {
&mistake("$file: missing blank line after priv guard");
}
$state = $STATE_GUARD_START;
} elsif ($state == $STATE_GUARD_START) {
if (/^$/) {
&mistake("$file: too many blank lines after coyright header");
} elsif (/#ifndef $ifdef$/) {
$state = $STATE_GUARD_DEFINE;
} else {
&mistake("$file: missing '#ifndef $ifdef'");
}
} elsif ($state == $STATE_GUARD_DEFINE) {
if (/# define $ifdef$/) {
$state = $STATE_GUARD_END;
} else {
&mistake("$file: missing '# define $ifdef'");
}
} elsif ($state == $STATE_GUARD_END) {
if (m,#endif /\* $ifdef \*/$,) {
$state = $STATE_EOF;
}
} elsif ($state == $STATE_EOF) {
die "$file: unexpected content after '#endif /* $ifdef */'";
} else {
die "$file: unexpected state $state";
}
}
exit $ret;

135
cfg.mk
View File

@@ -1,5 +1,5 @@
# Customize Makefile.maint. -*- makefile -*-
# Copyright (C) 2008-2019 Red Hat, Inc.
# Copyright (C) 2008-2015 Red Hat, Inc.
# Copyright (C) 2003-2008 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
@@ -120,6 +120,7 @@ useless_free_options = \
--name=virConfFreeValue \
--name=virDomainActualNetDefFree \
--name=virDomainChrDefFree \
--name=virDomainChrSourceDefFree \
--name=virDomainControllerDefFree \
--name=virDomainDefFree \
--name=virDomainDeviceDefFree \
@@ -304,11 +305,10 @@ sc_flags_usage:
$(srcdir)/include/libvirt/libvirt-qemu.h \
$(srcdir)/include/libvirt/libvirt-lxc.h \
$(srcdir)/include/libvirt/libvirt-admin.h \
| $(GREP) -c '\(long\|unsigned\) flags')" != 4 && \
| grep -c '\(long\|unsigned\) flags')" != 4 && \
{ echo '$(ME): new API should use "unsigned int flags"' 1>&2; \
exit 1; } || :
@prohibit=' flags ATTRIBUTE_UNUSED' \
exclude='virSecurityDomainImageLabelFlags' \
halt='flags should be checked with virCheckFlags' \
$(_sc_search_regexp)
@prohibit='^[^@]*([^d] (int|long long)|[^dg] long) flags[;,)]' \
@@ -472,7 +472,6 @@ sc_prohibit_canonicalize_file_name:
# Insist on correct types for [pug]id.
sc_correct_id_types:
@prohibit='\<(int|long) *[pug]id\>' \
exclude='exempt from syntax-check' \
halt='use pid_t for pid, uid_t for uid, gid_t for gid' \
$(_sc_search_regexp)
@@ -639,12 +638,10 @@ sc_libvirt_unmarked_diagnostics:
exclude='_\(' \
halt='found unmarked diagnostic(s)' \
$(_sc_search_regexp)
@{ $(VC_LIST_EXCEPT) | xargs \
$(GREP) -nE '\<$(func_re) *\(.*;$$' /dev/null; \
$(VC_LIST_EXCEPT) | xargs \
$(GREP) -A1 -nE '\<$(func_re) *\(.*,$$' /dev/null; } \
| $(SED) -E 's/_\("([^\"]|\\.)+"//;s/"%s"//' \
| $(GREP) '"' && \
@{ grep -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT)); \
grep -A1 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
| $(SED) 's/_("\([^\"]\|\\.\)\+"//;s/[ ]"%s"//' \
| grep '[ ]"' && \
{ echo '$(ME): found unmarked diagnostic(s)' 1>&2; \
exit 1; } || :
@@ -656,9 +653,9 @@ sc_libvirt_unmarked_diagnostics:
# there are functions to which this one applies but that do not get marked
# diagnostics.
sc_prohibit_newline_at_end_of_diagnostic:
@$(VC_LIST_EXCEPT) | xargs $(GREP) -A2 -nE \
'\<$(func_re) *\(' /dev/null \
| $(GREP) '\\n"' \
@grep -A2 -nE \
'\<$(func_re) *\(' $$($(VC_LIST_EXCEPT)) \
| grep '\\n"' \
&& { echo '$(ME): newline at end of message(s)' 1>&2; \
exit 1; } || :
@@ -666,14 +663,12 @@ sc_prohibit_newline_at_end_of_diagnostic:
# allow VIR_ERROR to do this, and ignore functions that take a single
# string rather than a format argument.
sc_prohibit_diagnostic_without_format:
@{ $(VC_LIST_EXCEPT) | xargs \
$(GREP) -nE '\<$(func_re) *\(.*;$$' /dev/null; \
$(VC_LIST_EXCEPT) | xargs \
$(GREP) -A2 -nE '\<$(func_re) *\(.*,$$' /dev/null; } \
@{ grep -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT)); \
grep -A2 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
| $(SED) -rn -e ':l; /[,"]$$/ {N;b l;}' \
-e '/(xenapiSessionErrorHandler|vah_(error|warning))/d' \
-e '/\<$(func_re) *\([^"]*"([^%"]|"\n[^"]*")*"[,)]/p' \
| $(GREP) -vE 'VIR_ERROR' && \
| grep -vE 'VIR_ERROR' && \
{ echo '$(ME): found diagnostic without %' 1>&2; \
exit 1; } || :
@@ -691,16 +686,16 @@ sc_prohibit_useless_translation:
# When splitting a diagnostic across lines, ensure that there is a space
# or \n on one side of the split.
sc_require_whitespace_in_translation:
@$(VC_LIST_EXCEPT) | xargs $(GREP) -n -A1 '"$$' /dev/null \
@grep -n -A1 '"$$' $$($(VC_LIST_EXCEPT)) \
| $(SED) -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g' \
-e '/_(.*[^\ ]""[^\ ]/p' | $(GREP) . && \
-e '/_(.*[^\ ]""[^\ ]/p' | grep . && \
{ echo '$(ME): missing whitespace at line split' 1>&2; \
exit 1; } || :
# Enforce recommended preprocessor indentation style.
sc_preprocessor_indentation:
@if cppi --version >/dev/null 2>&1; then \
$(VC_LIST_EXCEPT) | $(GREP) -E '\.[ch](\.in)?$$' | xargs cppi -a -c \
$(VC_LIST_EXCEPT) | grep -E '\.[ch](\.in)?$$' | xargs cppi -a -c \
|| { echo '$(ME): incorrect preprocessor indentation' 1>&2; \
exit 1; }; \
else \
@@ -711,13 +706,13 @@ sc_preprocessor_indentation:
# (comment-only) C file that mirrors the same layout as the spec file.
sc_spec_indentation:
@if cppi --version >/dev/null 2>&1; then \
for f in $$($(VC_LIST_EXCEPT) | $(GREP) '\.spec\.in$$'); do \
for f in $$($(VC_LIST_EXCEPT) | grep '\.spec\.in$$'); do \
$(SED) -e 's|#|// #|; s|%ifn*\(arch\)* |#if a // |' \
-e 's/%\(else\|endif\|define\)/#\1/' \
-e 's/^\( *\)\1\1\1#/#\1/' \
-e 's|^\( *[^#/ ]\)|// \1|; s|^\( */[^/]\)|// \1|' $$f \
| cppi -a -c 2>&1 | $(SED) "s|standard input|$$f|"; \
done | { if $(GREP) . >&2; then false; else :; fi; } \
done | { if grep . >&2; then false; else :; fi; } \
|| { echo '$(ME): incorrect preprocessor indentation' 1>&2; \
exit 1; }; \
else \
@@ -792,8 +787,10 @@ sc_prohibit_cross_inclusion:
case $$dir in \
util/) safe="util";; \
access/ | conf/) safe="($$dir|conf|util)";; \
cpu/| network/| node_device/| rpc/| security/| storage/) \
cpu/| network/| node_device/| rpc/| storage/) \
safe="($$dir|util|conf|storage)";; \
security/) \
safe="($$dir|util|conf|storage|locking)";; \
xenapi/ | xenconfig/ ) safe="($$dir|util|conf|xen|cpu)";; \
*) safe="($$dir|$(mid_dirs)|util)";; \
esac; \
@@ -807,12 +804,11 @@ sc_prohibit_cross_inclusion:
# When converting an enum to a string, make sure that we track any new
# elements added to the enum by using a _LAST marker.
sc_require_enum_last_marker:
@$(VC_LIST_EXCEPT) | xargs \
$(GREP) -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' /dev/null \
@grep -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' $$($(VC_LIST_EXCEPT)) \
| $(SED) -ne '/VIR_ENUM_IMPL[^,]*,$$/N' \
-e '/VIR_ENUM_IMPL[^,]*,[^,]*[^_,][^L,][^A,][^S,][^T,],/p' \
-e '/VIR_ENUM_IMPL[^,]*,[^,]\{0,4\},/p' \
| $(GREP) . && \
| grep . && \
{ echo '$(ME): enum impl needs to use _LAST marker' 1>&2; \
exit 1; } || :
@@ -871,7 +867,8 @@ sc_prohibit_atoi:
$(_sc_search_regexp)
sc_prohibit_wrong_filename_in_comment:
@$(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | xargs awk 'BEGIN { \
@fail=0; \
awk 'BEGIN { \
fail=0; \
} FNR < 3 { \
n=match($$0, /[[:space:]][^[:space:]]*[.][ch][[:space:]:]/); \
@@ -887,8 +884,11 @@ sc_prohibit_wrong_filename_in_comment:
if (fail == 1) { \
exit 1; \
} \
}' || { echo '$(ME): The file name in comments must match the' \
'actual file name' 1>&2; exit 1; }
}' $$($(VC_LIST_EXCEPT) | grep '\.[ch]$$') || fail=1; \
if test $$fail -eq 1; then \
{ echo '$(ME): The file name in comments must match the' \
'actual file name' 1>&2; exit 1; } \
fi;
sc_prohibit_virConnectOpen_in_virsh:
@prohibit='\bvirConnectOpen[a-zA-Z]* *\(' \
@@ -919,21 +919,22 @@ sc_require_if_else_matching_braces:
$(_sc_search_regexp)
sc_curly_braces_style:
@if $(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | xargs $(GREP) -nHP \
@files=$$($(VC_LIST_EXCEPT) | grep '\.[ch]$$'); \
if $(GREP) -nHP \
'^\s*(?!([a-zA-Z_]*for_?each[a-zA-Z_]*) ?\()([_a-zA-Z0-9]+( [_a-zA-Z0-9]+)* ?\()?(\*?[_a-zA-Z0-9]+(,? \*?[_a-zA-Z0-9\[\]]+)+|void)\) ?\{' \
/dev/null; then \
$$files; then \
echo '$(ME): Non-K&R style used for curly braces around' \
'function body' 1>&2; exit 1; \
fi; \
if $(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | xargs \
$(GREP) -A1 -En ' ((if|for|while|switch) \(|(else|do)\b)[^{]*$$' \
/dev/null | $(GREP) '^[^ ]*- *{'; then \
if $(GREP) -A1 -En ' ((if|for|while|switch) \(|(else|do)\b)[^{]*$$'\
$$files | $(GREP) '^[^ ]*- *{'; then \
echo '$(ME): Use hanging braces for compound statements' 1>&2; exit 1; \
fi
sc_prohibit_windows_special_chars_in_filename:
@$(VC_LIST_EXCEPT) | $(GREP) '[:*?"<>|]' && \
{ echo '$(ME): Windows special chars in filename not allowed' 1>&2; echo exit 1; } || :
@files=$$($(VC_LIST_EXCEPT) | grep '[:*?"<>|]'); \
test -n "$$files" && { echo '$(ME): Windows special chars' \
'in filename not allowed:' 1>&2; echo $$files 1>&2; exit 1; } || :
sc_prohibit_mixed_case_abbreviations:
@prohibit='Pci|Usb|Scsi' \
@@ -949,11 +950,11 @@ sc_require_locale_h:
$(_sc_search_regexp)
sc_prohibit_empty_first_line:
@$(VC_LIST_EXCEPT) | xargs awk 'BEGIN { fail=0; } \
@awk 'BEGIN { fail=0; } \
FNR == 1 { if ($$0 == "") { print FILENAME ":1:"; fail=1; } } \
END { if (fail == 1) { \
print "$(ME): Prohibited empty first line" > "/dev/stderr"; \
} exit fail; }'
} exit fail; }' $$($(VC_LIST_EXCEPT));
sc_prohibit_paren_brace:
@prohibit='\)\{$$' \
@@ -996,9 +997,8 @@ sc_prohibit_sysconf_pagesize:
$(_sc_search_regexp)
sc_prohibit_virSecurity:
@$(VC_LIST_EXCEPT) | $(GREP) 'src/qemu/' | \
$(GREP) -v 'src/qemu/qemu_security' | \
xargs $(GREP) -Pn 'virSecurityManager(?!Ptr)' /dev/null && \
@grep -Pn 'virSecurityManager(?!Ptr)' $$($(VC_LIST_EXCEPT) | grep 'src/qemu/' | \
grep -v 'src/qemu/qemu_security') && \
{ echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || :
sc_prohibit_pthread_create:
@@ -1051,11 +1051,6 @@ sc_prohibit_http_urls:
halt='Links must use https:// protocol' \
$(_sc_search_regexp)
sc_prohibit_author:
@prohibit="(\*|#)\s*(A|a)uthors?:" \
halt="Author: statements are prohibited in source comments" \
$(_sc_search_regexp)
# Alignment is usually achieved through spaces (at least two of them)
# or tabs (at least one of them) right before the trailing backslash
sc_prohibit_backslash_alignment:
@@ -1067,23 +1062,14 @@ sc_prohibit_backslash_alignment:
# Some syntax rules pertaining to the usage of cleanup macros
# implementing GNU C's cleanup attribute
# Rule to ensure that variables declared using a cleanup macro are
# Rule to ensure that varibales declared using a cleanup macro are
# always initialized.
sc_require_attribute_cleanup_initialization:
@prohibit='VIR_AUTO((FREE|PTR|UNREF|CLEAN)\(.+\)|CLOSE|STRINGLIST) *[^=]+;' \
@prohibit='VIR_AUTO((FREE|PTR)\(.+\)|CLOSE) *[^=]+;' \
in_vc_files='\.[chx]$$' \
halt='variable declared with a cleanup macro must be initialized' \
$(_sc_search_regexp)
# "class" in headers is not good because by default Vim treats it as a keyword
# Let's prohibit it in source files as well.
sc_prohibit_class:
@prohibit=' +_?class *;' \
in_vc_files='\.[chx]$$' \
halt='use klass instead of class or _class' \
$(_sc_search_regexp)
# We don't use this feature of maint.mk.
prev_version_file = /dev/null
@@ -1132,34 +1118,29 @@ _autogen_error:
ifneq ($(_gl-Makefile),)
syntax-check: spacing-check test-wrap-argv \
prohibit-duplicate-header mock-noinline group-qemu-caps \
header-ifdef
prohibit-duplicate-header mock-noinline group-qemu-caps
endif
# Don't include duplicate header in the source (either *.c or *.h)
prohibit-duplicate-header:
$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.[chx]$$' | xargs \
$(PERL) -W $(top_srcdir)/build-aux/prohibit-duplicate-header.pl
$(AM_V_GEN)files=$$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); \
$(PERL) -W $(top_srcdir)/build-aux/prohibit-duplicate-header.pl $$files
spacing-check:
$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.c$$' | xargs \
$(PERL) $(top_srcdir)/build-aux/check-spacing.pl || \
$(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \
$(PERL) $(top_srcdir)/build-aux/check-spacing.pl $$files || \
{ echo '$(ME): incorrect formatting' 1>&2; exit 1; }
mock-noinline:
$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.[ch]$$' | xargs \
$(PERL) $(top_srcdir)/build-aux/mock-noinline.pl
header-ifdef:
$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.[h]$$' | xargs \
$(PERL) $(top_srcdir)/build-aux/header-ifdef.pl
$(AM_V_GEN)files=`$(VC_LIST) | grep '\.[ch]$$'`; \
$(PERL) $(top_srcdir)/build-aux/mock-noinline.pl $$files
test-wrap-argv:
$(AM_V_GEN)$(VC_LIST) | $(GREP) -E '\.(ldargs|args)' | xargs \
$(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check
$(AM_V_GEN)files=`$(VC_LIST) | grep -E '\.(ldargs|args)'`; \
$(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check $$files
group-qemu-caps:
$(AM_V_GEN)$(PERL) $(top_srcdir)/tests/group-qemu-caps.pl --check $(top_srcdir)/
$(PERL) $(top_srcdir)/tests/group-qemu-caps.pl --check $(top_srcdir)/
# sc_po_check can fail if generated files are not built first
sc_po_check: \
@@ -1198,7 +1179,7 @@ exclude_file_name_regexp--sc_copyright_usage = \
^COPYING(|\.LESSER)$$
exclude_file_name_regexp--sc_flags_usage = \
^(cfg\.mk|docs/|src/util/virnetdevtap\.c$$|tests/((vir(cgroup|pci|test|usb)|nss|qemuxml2argv|qemusecurity)mock|virfilewrapper)\.c$$)
^(cfg\.mk|docs/|src/util/virnetdevtap\.c$$|tests/((vir(cgroup|pci|test|usb)|nss|qemuxml2argv)mock|virfilewrapper)\.c$$)
exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
^(src/rpc/gendispatch\.pl$$|tests/)
@@ -1221,7 +1202,7 @@ exclude_file_name_regexp--sc_prohibit_strdup = \
^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup)mock.c|tests/commandhelper\.c$$)
exclude_file_name_regexp--sc_prohibit_close = \
(\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c))$$)
(\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/vir.+mock\.c|tests/commandhelper\.c)$$)
exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
(^tests/(virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
@@ -1242,7 +1223,7 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
^src/rpc/gendispatch\.pl$$
exclude_file_name_regexp--sc_prohibit_nonreentrant = \
^((po|tests|examples/admin)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
^((po|tests)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
exclude_file_name_regexp--sc_prohibit_select = \
^cfg\.mk$$
@@ -1291,7 +1272,7 @@ exclude_file_name_regexp--sc_correct_id_types = \
exclude_file_name_regexp--sc_m4_quote_check = m4/virt-lib.m4
exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \
^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.c$$)
^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.h$$)
exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
^(tools/|examples/|include/libvirt/(virterror|libvirt(-(admin|qemu|lxc))?)\.h$$)

3
config-post.h
View File

@@ -19,7 +19,7 @@
/*
* Since virt-login-shell will be setuid, we must do everything
* we can to avoid linking to other libraries. Many of them do
* unsafe things in functions marked __attribute__((constructor)).
* unsafe things in functions marked __atttribute__((constructor)).
* The only way to avoid such deps is to re-compile the
* functions with the code in question disabled, and for that we
* must override the main config.h rules. Hence this file :-(
@@ -69,6 +69,7 @@
# undef WITH_VIRTUALPORT
# undef WITH_SECDRIVER_SELINUX
# undef WITH_SECDRIVER_APPARMOR
# undef WITH_CAPNG
#endif /* LIBVIRT_NSS */
#ifndef __GNUC__

27
configure.ac
View File

@@ -16,7 +16,7 @@ dnl You should have received a copy of the GNU Lesser General Public
dnl License along with this library. If not, see
dnl <http://www.gnu.org/licenses/>.
AC_INIT([libvirt], [5.2.0], [libvir-list@redhat.com], [], [https://libvirt.org])
AC_INIT([libvirt], [4.9.0], [libvir-list@redhat.com], [], [https://libvirt.org])
AC_CONFIG_SRCDIR([src/libvirt.c])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([config.h])
@@ -225,6 +225,7 @@ if test "$with_libvirtd" = "no" ; then
with_qemu=no
with_lxc=no
with_libxl=no
with_uml=no
with_vbox=no
fi
@@ -246,7 +247,6 @@ LIBVIRT_ARG_CAPNG
LIBVIRT_ARG_CURL
LIBVIRT_ARG_DBUS
LIBVIRT_ARG_FIREWALLD
LIBVIRT_ARG_FIREWALLD_ZONE
LIBVIRT_ARG_FUSE
LIBVIRT_ARG_GLUSTER
LIBVIRT_ARG_HAL
@@ -287,7 +287,6 @@ LIBVIRT_CHECK_DBUS
LIBVIRT_CHECK_DEVMAPPER
LIBVIRT_CHECK_DLOPEN
LIBVIRT_CHECK_FIREWALLD
LIBVIRT_CHECK_FIREWALLD_ZONE
LIBVIRT_CHECK_FUSE
LIBVIRT_CHECK_GLUSTER
LIBVIRT_CHECK_GNUTLS
@@ -446,6 +445,7 @@ LIBVIRT_DRIVER_ARG_VBOX
LIBVIRT_DRIVER_ARG_LXC
LIBVIRT_DRIVER_ARG_VZ
LIBVIRT_DRIVER_ARG_BHYVE
LIBVIRT_DRIVER_ARG_UML
LIBVIRT_DRIVER_ARG_ESX
LIBVIRT_DRIVER_ARG_HYPERV
LIBVIRT_DRIVER_ARG_TEST
@@ -464,6 +464,7 @@ LIBVIRT_DRIVER_CHECK_VBOX
LIBVIRT_DRIVER_CHECK_LXC
LIBVIRT_DRIVER_CHECK_VZ
LIBVIRT_DRIVER_CHECK_BHYVE
LIBVIRT_DRIVER_CHECK_UML
LIBVIRT_DRIVER_CHECK_ESX
LIBVIRT_DRIVER_CHECK_HYPERV
LIBVIRT_DRIVER_CHECK_TEST
@@ -738,6 +739,23 @@ fi
AC_SUBST([VIR_TEST_EXPENSIVE_DEFAULT])
AM_CONDITIONAL([WITH_EXPENSIVE_TESTS], [test $VIR_TEST_EXPENSIVE_DEFAULT = 1])
LIBVIRT_ARG_ENABLE([TEST_COVERAGE], [turn on code coverage instrumentation], [no])
case "$enable_test_coverage" in
yes|no) ;;
*) AC_MSG_ERROR([bad value ${enable_test_coverga} for test-coverage option]) ;;
esac
if test "$enable_test_coverage" = yes; then
save_WARN_CFLAGS=$WARN_CFLAGS
WARN_CFLAGS=
gl_WARN_ADD([-fprofile-arcs])
gl_WARN_ADD([-ftest-coverage])
COVERAGE_FLAGS=$WARN_CFLAGS
AC_SUBST([COVERAGE_CFLAGS], [$COVERAGE_FLAGS])
AC_SUBST([COVERAGE_LDFLAGS], [$COVERAGE_FLAGS])
WARN_CFLAGS=$save_WARN_CFLAGS
fi
LIBVIRT_ARG_ENABLE([TEST_OOM], [memory allocation failure checking], [no])
case "$enable_test_oom" in
yes|no) ;;
@@ -929,6 +947,7 @@ AC_MSG_NOTICE([])
AC_MSG_NOTICE([Drivers])
AC_MSG_NOTICE([])
LIBVIRT_DRIVER_RESULT_QEMU
LIBVIRT_DRIVER_RESULT_UML
LIBVIRT_DRIVER_RESULT_OPENVZ
LIBVIRT_DRIVER_RESULT_VMWARE
LIBVIRT_DRIVER_RESULT_VBOX
@@ -985,7 +1004,6 @@ LIBVIRT_RESULT_CURL
LIBVIRT_RESULT_DBUS
LIBVIRT_RESULT_DLOPEN
LIBVIRT_RESULT_FIREWALLD
LIBVIRT_RESULT_FIREWALLD_ZONE
LIBVIRT_RESULT_FUSE
LIBVIRT_RESULT_GLUSTER
LIBVIRT_RESULT_GNUTLS
@@ -1024,6 +1042,7 @@ LIBVIRT_WIN_RESULT_WINDRES
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Test suite])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([ Coverage: $enable_test_coverage])
AC_MSG_NOTICE([ Alloc OOM: $enable_test_oom])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Miscellaneous])

113
docs/aclpolkit.html.in
View File

@@ -287,119 +287,6 @@
</tbody>
</table>
<h2><a id="connect_driver">Hypervisor Driver connect_driver</a></h2>
<p>
The <code>connect_driver</code> parameter describes the
client's <a href="remote.html">remote Connection Driver</a>
name based on the <a href="uri.html">URI</a> used for the
connection.
</p>
<p>
<span class="since">Since 4.1.0</span>, when calling an API
outside the scope of the primary connection driver, the
primary driver will attempt to open a secondary connection
to the specific API driver in order to process the API. For
example, when hypervisor domain processing needs to make an
API call within the storage driver or the network filter driver
an attempt to open a connection to the "storage" or "nwfilter"
driver will be made. Similarly, a "storage" primary connection
may need to create a connection to the "secret" driver in order
to process secrets for the API. If successful, then calls to
those API's will occur in the <code>connect_driver</code> context
of the secondary connection driver rather than in the context of
the primary driver. This affects the <code>connect_driver</code>
returned from rule generation from the <code>action.loookup</code>
function. The following table provides a list of the various
connection drivers and the <code>connect_driver</code> name
used by each regardless of primary or secondary connection.
The access denied error message from libvirt will list the
connection driver by name that denied the access.
</p>
<h3><a id="object_connect_driver">Connection Driver Name</a></h3>
<table class="acl">
<thead>
<tr>
<th>Connection Driver</th>
<th><code>connect_driver</code> name</th>
</tr>
</thead>
<tbody>
<tr>
<td>bhyve</td>
<td>bhyve</td>
</tr>
<tr>
<td>esx</td>
<td>ESX</td>
</tr>
<tr>
<td>hyperv</td>
<td>Hyper-V</td>
</tr>
<tr>
<td>interface</td>
<td>interface</td>
</tr>
<tr>
<td>libxl</td>
<td>xenlight</td>
</tr>
<tr>
<td>lxc</td>
<td>LXC</td>
</tr>
<tr>
<td>network</td>
<td>network</td>
</tr>
<tr>
<td>nodedev</td>
<td>nodedev</td>
</tr>
<tr>
<td>nwfilter</td>
<td>NWFilter</td>
</tr>
<tr>
<td>openvz</td>
<td>OPENVZ</td>
</tr>
<tr>
<td>phyp</td>
<td>PHYP</td>
</tr>
<tr>
<td>qemu</td>
<td>QEMU</td>
</tr>
<tr>
<td>secret</td>
<td>secret</td>
</tr>
<tr>
<td>storage</td>
<td>storage</td>
</tr>
<tr>
<td>vbox</td>
<td>VBOX</td>
</tr>
<tr>
<td>vmware</td>
<td>VMWARE</td>
</tr>
<tr>
<td>vz</td>
<td>vz</td>
</tr>
<tr>
<td>xenapi</td>
<td>XenAPI</td>
</tr>
</tbody>
</table>
<h2><a id="user">User identity attributes</a></h2>

14
docs/apibuild.py
View File

@@ -1003,8 +1003,6 @@ class CParser:
# skip hidden macros
if name in hidden_macros:
return token
if name[-2:] == "_H" or name[-8:] == "_H_ALLOW":
return token
strValue = None
if len(lst) == 1 and lst[0][0] == '"' and lst[0][-1] == '"':
@@ -2117,22 +2115,12 @@ class docBuilder:
self.modulename_file(id.header)))
if id.info is not None:
info = id.info
valhex = ""
if info[0] is not None and info[0] != '':
try:
val = eval(info[0])
valhex = hex(val)
except:
val = info[0]
output.write(" value='%s'" % (val))
if valhex != "":
output.write(" value_hex='%s'" % (valhex))
m = re.match("\(?1<<(\d+)\)?", info[0])
if m:
output.write(" value_bitshift='%s'" % (m.group(1)))
if info[2] is not None and info[2] != '':
output.write(" type='%s'" % info[2])
if info[1] is not None and info[1] != '':
@@ -2282,7 +2270,7 @@ class docBuilder:
output.write(" <file name='%s'>\n" % (module))
dict = self.headers[file]
if dict.info is not None:
for data in ('Summary', 'Description'):
for data in ('Summary', 'Description', 'Author'):
try:
output.write(" <%s>%s</%s>\n" % (
data.lower(),

34
docs/auth.html.in
View File

@@ -184,29 +184,15 @@ Default policy will still allow any application to connect to the RO socket.
</p>
<p>
The default policy can be overridden by creating a new policy file in the
<code>/etc/polkit-1/rules.d</code> directory. Information on the options
available can be found by reading the <code>polkit(8)</code> man page. The
two libvirt actions are named <code>org.libvirt.unix.manage</code> for full
management access, and <code>org.libvirt.unix.monitor</code> for read-only
access.
</p>
<p>
As an example, creating <code>/etc/polkit-1/rules.d/80-libvirt-manage.rules</code>
with the following gives the user <code>fred</code> full management access
when accessing from an active local session:
</p>
<pre>polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" &amp;&amp;
subject.local &amp;&amp; subject.active &amp;&amp; subject.user == "fred") {
return polkit.Result.YES;
}
});</pre>
<p>
Older versions of PolicyKit used policy files ending with .pkla in the
local override directory <code>/etc/polkit-1/localauthority/50-local.d/</code>.
Compatibility with this older format is provided by <a
href="https://pagure.io/polkit-pkla-compat">polkit-pkla-compat</a>. As an
example, this gives the user <code>fred</code> full management access:
Policy files should have a unique name ending with .pkla. Using reverse DNS
naming works well. Information on the options available can be found by
reading the pklocalauthority man page. The two libvirt daemon actions
available are named <code>org.libvirt.unix.manage</code> for full management
access, and <code>org.libvirt.unix.monitor</code> for read-only access.
</p>
<p>
As an example, this gives the user <code>fred</code> full management access:
</p>
<pre>[Allow fred libvirt management permissions]
Identity=unix-user:fred
@@ -214,6 +200,10 @@ Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes</pre>
<p>
Further examples of PolicyKit setup can be found on the
<a href="http://wiki.libvirt.org/page/SSHPolicyKitSetup">wiki page</a>.
</p>
<h2><a id="ACL_server_sasl">SASL pluggable authentication</a></h2>
<p>

1
docs/devhelp/devhelp.xsl
View File

@@ -72,6 +72,7 @@
<xsl:if test="deprecated">
<p> WARNING: this module is deprecated !</p>
</xsl:if>
<p>Author(s): <xsl:value-of select="author"/></p>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<pre class="synopsis">

1
docs/docs.html.in
View File

@@ -77,7 +77,6 @@
<a href="formatstorageencryption.html">storage encryption</a>,
<a href="formatcaps.html">capabilities</a>,
<a href="formatdomaincaps.html">domain capabilities</a>,
<a href="formatstoragecaps.html">storage pool capabilities</a>,
<a href="formatnode.html">node devices</a>,
<a href="formatsecret.html">secrets</a>,
<a href="formatsnapshot.html">snapshots</a></dd>

1
docs/drivers.html.in
View File

@@ -29,6 +29,7 @@
<li><strong><a href="drvopenvz.html">OpenVZ</a></strong></li>
<li><strong><a href="drvqemu.html">QEMU</a></strong></li>
<li><strong><a href="drvtest.html">Test</a></strong> - Used for testing</li>
<li><strong><a href="drvuml.html">UML</a></strong> - User Mode Linux</li>
<li><strong><a href="drvvbox.html">VirtualBox</a></strong></li>
<li><strong><a href="drvesx.html">VMware ESX</a></strong></li>
<li><strong><a href="drvvmware.html">VMware Workstation/Player</a></strong></li>

27
docs/drvbhyve.html.in
View File

@@ -462,32 +462,5 @@ Example:</p>
&lt;/domain&gt;
</pre>
<h3><a id="bhyvecommand">Pass-through of arbitrary bhyve commands</a></h3>
<p><span class="since">Since 5.1.0</span>, it's possible to pass additional command-line
arguments to the bhyve process when starting the domain using the
<code>&lt;bhyve:commandline&gt;</code> element under <code>domain</code>.
To supply an argument, use the element <code>&lt;bhyve:arg&gt;</code> with
the attribute <code>value</code> set to additional argument to be added.
The arg element may be repeated multiple times. To use this XML addition, it is necessary
to issue an XML namespace request (the special <code>xmlns:<i>name</i></code> attribute)
that pulls in <code>http://libvirt.org/schemas/domain/bhyve/1.0</code>;
typically, the namespace is given the name of <code>bhyve</code>.
</p>
<p>Example:</p>
<pre>
&lt;domain type="bhyve" xmlns:bhyve="http://libvirt.org/schemas/domain/bhyve/1.0"&gt;
...
&lt;bhyve:commandline&gt;
&lt;bhyve:arg value='-somebhyvearg'/&gt;
&lt;/bhyve:commandline&gt;
&lt;/domain&gt;
</pre>
<p>Note that these extensions are for testing and development purposes only.
They are <b>unsupported</b>, using them may result in inconsistent state,
and upgrading either bhyve or libvirtd maybe break behavior of a domain that
was relying on a specific commands pass-through.</p>
</body>
</html>

5
docs/drvqemu.html.in
View File

@@ -395,8 +395,9 @@ chmod o+x /path/to/directory
<pre>
/dev/null, /dev/full, /dev/zero,
/dev/random, /dev/urandom,
/dev/ptmx, /dev/kvm,
/dev/rtc, /dev/hpet
/dev/ptmx, /dev/kvm, /dev/kqemu,
/dev/rtc, /dev/hpet, /dev/net/tun,
/dev/sev
</pre>
<p>

93
docs/drvuml.html.in Normal file
View File

@@ -0,0 +1,93 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<h1>User Mode Linux driver</h1>
<p>
The UML driver for libvirt allows use and management of paravirtualized
guests built for User Mode Linux. UML requires no special support in
the host kernel, so can be used by any user of any linux system, provided
they have enough free RAM for their guest's needs, though there are
certain restrictions on network connectivity unless the administrator
has pre-created TAP devices.
</p>
<h2><a id="project">Project Links</a></h2>
<ul>
<li>
The <a href="http://user-mode-linux.sourceforge.net/">User
Mode Linux</a> paravirtualized kernel
</li>
</ul>
<h2>Connections to UML driver</h2>
<p>
The libvirt UML driver follows the QEMU driver in providing two
types of connection. There is one privileged instance per host,
which runs as root. This is called the "system" instance, and allows
full use of all host resources. Then, there is a per-user unprivileged
"session", instance. This has more restricted capabilities, and may
require the host administrator to setup certain resources ahead of
time to allow full integration with the network. Example connection
URIs are
</p>
<pre>
uml:///session (local access to per-user instance)
uml+unix:///session (local access to per-user instance)
uml:///system (local access to system instance)
uml+unix:///system (local access to system instance)
uml://example.com/system (remote access, TLS/x509)
uml+tcp://example.com/system (remote access, SASl/Kerberos)
uml+ssh://root@example.com/system (remote access, SSH tunnelled)
</pre>
<h2>Example XML configuration</h2>
<p>
User mode Linux driver only supports directly kernel boot at
this time. A future driver enhancement may allow a paravirt
bootloader in a similar style to Xen's pygrub. For now though,
the UML kernel must be stored on the host and referenced
explicitly in the "os" element. Since UML is a paravirtualized
technology, the kernel "type" is set to "uml"
</p>
<p>
There is not yet support for networking in the driver, but
disks can be specified in the usual libvirt manner. The main
variation is the target device naming scheme "ubd0", and
bus type of "uml".
</p>
<p>
Once booted the primary console is connected to a PTY, and
thus accessible with "virsh console" or equivalent tools
</p>
<pre>
&lt;domain type='uml'&gt;
&lt;name&gt;demo&lt;/name&gt;
&lt;uuid&gt;b4433fc2-a22e-ffb3-0a3d-9c173b395800&lt;/uuid&gt;
&lt;memory&gt;500000&lt;/memory&gt;
&lt;currentMemory&gt;500000&lt;/currentMemory&gt;
&lt;vcpu&gt;1&lt;/vcpu&gt;
&lt;os&gt;
&lt;type arch='x86_64'&gt;uml&lt;/type&gt;
&lt;kernel&gt;/home/berrange/linux-uml-2.6.26-x86_64&lt;/kernel&gt;
&lt;/os&gt;
&lt;devices&gt;
&lt;disk type='file' device='disk'&gt;
&lt;source file='/home/berrange/FedoraCore6-AMD64-root_fs'/&gt;
&lt;target dev='ubd0' bus='uml'/&gt;
&lt;/disk&gt;
&lt;console type='pty'/&gt;
&lt;/devices&gt;
&lt;/domain&gt;
</pre>
</body>
</html>

38
docs/firewall.html.in
View File

@@ -129,44 +129,6 @@ MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24</pre>
</li>
</ul>
<h3><a id="fw-firewalld-and-virtual-network-driver">firewalld and the virtual network driver</a>
</h3>
<p>
If <a href="https://firewalld.org">firewalld</a> is active on
the host, libvirt will attempt to place the bridge interface of
a libvirt virtual network into the firewalld zone named
"libvirt" (thus making all guest->host traffic on that network
subject to the rules of the "libvirt" zone). This is done
because, if firewalld is using its nftables backend (available
since firewalld 0.6.0) the default firewalld zone (which would
be used if libvirt didn't explicitly set the zone) prevents
forwarding traffic from guests through the bridge, as well as
preventing DHCP, DNS, and most other traffic from guests to
host. The zone named "libvirt" is installed into the firewalld
configuration by libvirt (not by firewalld), and allows
forwarded traffic through the bridge as well as DHCP, DNS, TFTP,
and SSH traffic to the host - depending on firewalld's backend
this will be implemented via either iptables or nftables
rules. libvirt's own rules outlined above will *always* be
iptables rules regardless of which backend is in use by
firewalld.
</p>
<p>
NB: It is possible to manually set the firewalld zone for a
network's interface with the "zone" attribute of the network's
"bridge" element.
</p>
<p>
NB: Prior to libvirt 5.1.0, the firewalld "libvirt" zone did not
exist, and prior to firewalld 0.7.0 a feature crucial to making
the "libvirt" zone operate properly (rich rule priority
settings) was not implemented in firewalld. In cases where one
or the other of the two packages is missing the necessary
functionality, it's still possible to have functional guest
networking by setting the firewalld backend to "iptables" (in
firewalld prior to 0.6.0, this was the only backend available).
</p>
<h3><a id="fw-network-filter-driver">The network filter driver</a>
</h3>
<p>This driver provides a fully configurable network filtering capability

1
docs/format.html.in
View File

@@ -21,7 +21,6 @@
<li><a href="formatstorageencryption.html">Storage encryption</a></li>
<li><a href="formatcaps.html">Capabilities</a></li>
<li><a href="formatdomaincaps.html">Domain capabilities</a></li>
<li><a href="formatstoragecaps.html">Storage Pool capabilities</a></li>
<li><a href="formatnode.html">Node devices</a></li>
<li><a href="formatsecret.html">Secrets</a></li>
<li><a href="formatsnapshot.html">Snapshots</a></li>

12
docs/formatcaps.html.in
View File

@@ -74,19 +74,19 @@
is able to run. Possible values are:
<dl>
<dt><code>xen</code></dt>
<dd>for XEN PV</dd>
<dd>for XEN</dd>
<dt><code>linux</code></dt>
<dd>legacy alias for <code>xen</code></dd>
<dt><code>xenpvh</code></dt>
<dd>for XEN PVH</dd>
<dt><code>hvm</code></dt>
<dd>Unmodified operating system</dd>
<dt><code>exe</code></dt>
<dd>Container based virtualization</dd>
<dt><code>uml</code></dt>
<dd>User Mode Linux</dd>
</dl>
</dd>
@@ -104,8 +104,8 @@
<dt><code>machine</code></dt><dd>Machine type, for use in
<a href="formatdomain.html#attributeOSTypeMachine">machine</a>
attribute of os/type element in domain XML. For example Xen
supports <code>xenfv</code> for HVM, <code>xenpv</code> for
PV, or <code>xenpvh</code> for PVH.</dd>
supports <code>xenfv</code> for HVM or <code>xenpv</code> for
PV.</dd>
<dt><code>domain</code></dt><dd>The <code>type</code> attribute of
this element specifies the type of hypervisor required to run the
domain. Use in <a href="formatdomain.html#attributeDomainType">type</a>

378
docs/formatdomain.html.in
View File

@@ -22,7 +22,7 @@
<a id="attributeDomainType"><code>type</code></a>
specifies the hypervisor used for running
the domain. The allowed values are driver specific, but
include "xen", "kvm", "qemu" and "lxc". The
include "xen", "kvm", "qemu", "lxc" and "kqemu". The
second attribute is <code>id</code> which is a unique
integer identifier for the running guest machine. Inactive
machines have no id value.
@@ -128,7 +128,7 @@
<pre>
...
&lt;os firmware='uefi'&gt;
&lt;os&gt;
&lt;type&gt;hvm&lt;/type&gt;
&lt;loader readonly='yes' secure='no' type='rom'&gt;/usr/lib/xen/boot/hvmloader&lt;/loader&gt;
&lt;nvram template='/usr/share/OVMF/OVMF_VARS.fd'&gt;/var/lib/libvirt/nvram/guest_VARS.fd&lt;/nvram&gt;
@@ -141,26 +141,6 @@
...</pre>
<dl>
<dt><code>firmware</code></dt>
<dd>The <code>firmware</code> attribute allows management
applications to automatically fill <code>&lt;loader/&gt;</code>
and <code>&lt;nvram/&gt;</code> elements and possibly enable
some features required by selected firmware. Accepted values are
<code>bios</code> and <code>efi</code>.<br/>
The selection process scans for files describing installed
firmware images in specified location and uses the most specific
one which fulfils domain requirements. The locations in order of
preference (from generic to most specific one) are:
<ul>
<li><code>/usr/share/qemu/firmware</code></li>
<li><code>/etc/qemu/firmware</code></li>
<li><code>$XDG_CONFIG_HOME/qemu/firmware</code></li>
</ul>
For more information refer to firmware metadata specification as
described in <code>docs/interop/firmware.json</code> in QEMU
repository. Regular users do not need to bother.
<span class="since">Since 5.2.0 (QEMU and KVM only)</span>
</dd>
<dt><code>type</code></dt>
<dd>The content of the <code>type</code> element specifies the
type of operating system to be booted in the virtual machine.
@@ -779,12 +759,6 @@
&lt;cachetune vcpus='0-3'&gt;
&lt;cache id='0' level='3' type='both' size='3' unit='MiB'/&gt;
&lt;cache id='1' level='3' type='both' size='3' unit='MiB'/&gt;
&lt;monitor level='3' vcpus='1'/&gt;
&lt;monitor level='3' vcpus='0-3'/&gt;
&lt;/cachetune&gt;
&lt;cachetune vcpus='4-5'&gt;
&lt;monitor level='3' vcpus='4'/&gt;
&lt;monitor level='3' vcpus='5'/&gt;
&lt;/cachetune&gt;
&lt;memorytune vcpus='0-3'&gt;
&lt;node id='0' bandwidth='60'/&gt;
@@ -969,8 +943,8 @@
<dl>
<dt><code>cache</code></dt>
<dd>
This optional element controls the allocation of CPU cache and has
the following attributes:
This element controls the allocation of CPU cache and has the
following attributes:
<dl>
<dt><code>level</code></dt>
<dd>
@@ -1004,26 +978,6 @@
</dd>
</dl>
</dd>
<dt><code>monitor</code><span class="since">Since 4.10.0</span></dt>
<dd>
The optional element <code>monitor</code> creates the cache
monitor(s) for current cache allocation and has the following
required attributes:
<dl>
<dt><code>level</code></dt>
<dd>
Host cache level the monitor belongs to.
</dd>
<dt><code>vcpus</code></dt>
<dd>
vCPU list the monitor applies to. A monitor's vCPU list
can only be the member(s) of the vCPU list of the associated
allocation. The default monitor has the same vCPU list as the
associated allocation. For non-default monitors, overlapping
vCPUs are not permitted.
</dd>
</dl>
</dd>
</dl>
</dd>
@@ -1146,7 +1100,7 @@
&lt;/hugepages&gt;
&lt;nosharepages/&gt;
&lt;locked/&gt;
&lt;source type="file|anonymous|memfd"/&gt;
&lt;source type="file|anonymous"/&gt;
&lt;access mode="shared|private"/&gt;
&lt;allocation mode="immediate|ondemand"/&gt;
&lt;discard/&gt;
@@ -1197,10 +1151,9 @@
suitable for the specific environment at the same time to mitigate
the risks described above. <span class="since">Since 1.0.6</span></dd>
<dt><code>source</code></dt>
<dd>Using the <code>type</code> attribute, it's possible to
provide "file" to utilize file memorybacking or keep the
default "anonymous". <span class="since">Since 4.10.0</span>,
you may choose "memfd" backing. (QEMU/KVM only)</dd>
<dd>Using the <code>type</code> attribute, it's possible to provide
"file" to utilize file memorybacking or keep the default
"anonymous".</dd>
<dt><code>access</code></dt>
<dd>Using the <code>mode</code> attribute, specify if the memory is
to be "shared" or "private". This can be overridden per numa node by
@@ -1263,9 +1216,9 @@
<a href="#elementsMemoryBacking">memory backing</a> because your
workload demands it, you'll have to take into account the specifics of
your deployment and figure out a value for <code>hard_limit</code> that
is large enough to support the memory requirements of your guest, but
small enough to protect your host against a malicious guest locking all
memory.</dd>
balances the risk of your guest being killed because the limit was set
too low and the risk of your host crashing because it cannot reclaim
the memory used by the guest due to <code>locked</code>. Good luck!</dd>
<dt><code>soft_limit</code></dt>
<dd> The optional <code>soft_limit</code> element is the memory limit to
enforce during memory contention. The units for this value are
@@ -2028,9 +1981,6 @@
&lt;frequencies state='on'/&gt;
&lt;reenlightenment state='on'/&gt;
&lt;tlbflush state='on'/&gt;
&lt;ipi state='on'/&gt;
&lt;evmcs state='on'/&gt;
&lt;msrs unknown='ignore'/&gt;
&lt;/hyperv&gt;
&lt;kvm&gt;
&lt;hidden state='on'/&gt;
@@ -2102,7 +2052,7 @@
<tr>
<td>relaxed</td>
<td>Relax constraints on timers</td>
<td>on, off</td>
<td> on, off</td>
<td><span class="since">1.0.0 (QEMU 2.0)</span></td>
</tr>
<tr>
@@ -2120,31 +2070,31 @@
<tr>
<td>vpindex</td>
<td>Virtual processor index</td>
<td>on, off</td>
<td> on, off</td>
<td><span class="since">1.3.3 (QEMU 2.5)</span></td>
</tr>
<tr>
<td>runtime</td>
<td>Processor time spent on running guest code and on behalf of guest code</td>
<td>on, off</td>
<td> on, off</td>
<td><span class="since">1.3.3 (QEMU 2.5)</span></td>
</tr>
<tr>
<td>synic</td>
<td>Enable Synthetic Interrupt Controller (SyNIC)</td>
<td>on, off</td>
<td> on, off</td>
<td><span class="since">1.3.3 (QEMU 2.6)</span></td>
</tr>
<tr>
<td>stimer</td>
<td>Enable SyNIC timers</td>
<td>on, off</td>
<td> on, off</td>
<td><span class="since">1.3.3 (QEMU 2.6)</span></td>
</tr>
<tr>
<td>reset</td>
<td>Enable hypervisor reset</td>
<td>on, off</td>
<td> on, off</td>
<td><span class="since">1.3.3 (QEMU 2.5)</span></td>
</tr>
<tr>
@@ -2156,33 +2106,21 @@
<tr>
<td>frequencies</td>
<td>Expose frequency MSRs</td>
<td>on, off</td>
<td> on, off</td>
<td><span class="since">4.7.0 (QEMU 2.12)</span></td>
</tr>
<tr>
<td>reenlightenment</td>
<td>Enable re-enlightenment notification on migration</td>
<td>on, off</td>
<td> on, off</td>
<td><span class="since">4.7.0 (QEMU 3.0)</span></td>
</tr>
<tr>
<td>tlbflush</td>
<td>Enable PV TLB flush support</td>
<td>on, off</td>
<td> on, off</td>
<td><span class="since">4.7.0 (QEMU 3.0)</span></td>
</tr>
<tr>
<td>ipi</td>
<td>Enable PV IPI support</td>
<td>on, off</td>
<td><span class="since">4.10.0 (QEMU 3.1)</span></td>
</tr>
<tr>
<td>evmcs</td>
<td>Enable Enlightened VMCS</td>
<td>on, off</td>
<td><span class="since">4.10.0 (QEMU 3.1)</span></td>
</tr>
</table>
</dd>
<dt><code>pvspinlock</code></dt>
@@ -2316,27 +2254,6 @@
defined, the hypervisor default will be used.
<span class="since">Since 4.6.0</span> (QEMU/KVM only)
</dd>
<dt><code>nested-hv</code></dt>
<dd>Configure nested HV availability for pSeries guests. This needs to
be enabled from the host (L0) in order to be effective; having HV
support in the (L1) guest is very desiderable if it's planned to
run nested (L2) guests inside it, because it will result in those
nested guests having much better performance than they would when
using KVM PR or TCG.
Possible values for the <code>state</code> attribute are
<code>on</code> and <code>off</code>. If the attribute is not
defined, the hypervisor default will be used.
<span class="since">Since 4.10.0</span> (QEMU/KVM only)
</dd>
<dt><code>msrs</code></dt>
<dd>Some guests might require ignoring unknown
Model Specific Registers (MSRs) reads and writes. It's possible
to switch this by setting <code>unknown</code> attribute
of <code>msrs</code> to <code>ignore</code>. If the attribute is
not defined, or set to <code>fault</code>, unknown reads and writes
will not be ignored.
<span class="since">Since 5.1.0</span> (bhyve only)
</dd>
</dl>
<h3><a id="elementsTime">Time keeping</a></h3>
@@ -2878,6 +2795,7 @@
&lt;/source&gt;
&lt;target dev='sdb' bus='scsi'/&gt;
&lt;/disk&gt;
&lt;/disk&gt;
&lt;disk type='network' device='lun'&gt;
&lt;driver name='qemu' type='raw'/&gt;
&lt;source protocol='iscsi' name='iqn.2013-07.com.example:iscsi-nopool/0'&gt;
@@ -2952,17 +2870,6 @@
<span class="since">Since 0.1.4</span>
</p>
</dd>
<dt><code>model</code></dt>
<dd>
Indicates the emulated device model of the disk. Typically
this is indicated solely by the <code>bus</code> property but
for <code>bus</code> "virtio" the model can be specified further
with "virtio-transitional", "virtio-non-transitional", or
"virtio". See
<a href="#elementsVirtioTransitional">Virtio transitional devices</a>
for more details.
<span class="since">Since 5.2.0</span>
</dd>
<dt><code>rawio</code></dt>
<dd>
Indicates whether the disk needs rawio capability. Valid
@@ -3911,11 +3818,6 @@
</dd>
</dl>
<span class="since">Since 5.2.0</span>, the filesystem element
has an optional attribute <code>model</code> with supported values
"virtio-transitional", "virtio-non-transitional", or "virtio".
See <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
for more details.
</dd>
<dt><code>driver</code></dt>
@@ -4023,15 +3925,7 @@
(<span class="since">since 0.9.7, requires QEMU
0.13</span>). <code>multifunction</code> defaults to 'off',
but should be set to 'on' for function 0 of a slot that will
have multiple functions used.
(<span class="since">Since 4.10.0</span>), PCI address extensions
depending on the architecture are supported. For example, PCI
addresses for S390 guests will have a <code>zpci</code> child
element, with two attributes: <code>uid</code> (a hex value
between 0x0001 and 0xffff, inclusive), and <code>fid</code> (a
hex value between 0x00000000 and 0xffffffff, inclusive) used by
PCI devices on S390 for User-defined Identifiers and Function
Identifiers.<br/>
have multiple functions used.<br/>
<span class="since">Since 1.3.5</span>, some hypervisor
drivers may accept an <code>&lt;address type='pci'/&gt;</code>
element with no other attributes as an explicit request to
@@ -4120,63 +4014,6 @@
<span class="since">Since 3.5.0</span>
</p>
<h4><a id="elementsVirtioTransitional">Virtio transitional devices</a></h4>
<p>
<span class="since">Since 5.2.0</span>, some of QEMU's virtio devices,
when used with PCI/PCIe machine types, accept the following
<code>model</code> values:
</p>
<dl>
<dt><code>virtio-transitional</code></dt>
<dd>This device can work both with virtio 0.9 and virtio 1.0 guest
drivers, so it's the best choice when compatibility with older
guest operating systems is desired. libvirt will plug the device
into a conventional PCI slot.
</dd>
<dt><code>virtio-non-transitional</code></dt>
<dd>This device can only work with virtio 1.0 guest drivers, and it's
the recommended option unless compatibility with older guest
operating systems is necessary. libvirt will plug the device into
either a PCI Express slot or a conventional PCI slot based on the
machine type, resulting in a more optimized PCI topology.
</dd>
<dt><code>virtio</code></dt>
<dd>This device will work like a <code>virtio-non-transitional</code>
device when plugged into a PCI Express slot, and like a
<code>virtio-transitional</code> device otherwise; libvirt will
pick one or the other based on the machine type. This is the best
choice when compatibility with libvirt versions older than 5.2.0
is necessary, but it's otherwise not recommended to use it.
</dd>
</dl>
<p>
While the information outlined above applies to most virtio devices,
there are a few exceptions:
</p>
<ul>
<li>
for SCSI controllers, <code>virtio-scsi</code> must be used instead
of <code>virtio</code> for backwards compatibility reasons;
</li>
<li>
some devices, such as GPUs and input devices (keyboard, tablet and
mouse), are only defined in the virtio 1.0 spec and as such don't
have a transitional variant: the only accepted model is
<code>virtio</code>, which will result in a non-transitional device.
</li>
</ul>
<p>
For more details see the
<a href="https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00923.html">qemu patch posting</a> and the
<a href="http://docs.oasis-open.org/virtio/virtio/v1.0/virtio-v1.0.html">virtio-1.0 spec</a>.
</p>
<h4><a id="elementsControllers">Controllers</a></h4>
<p>
@@ -4201,7 +4038,6 @@
&lt;driver iothread='4'/&gt;
&lt;address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/&gt;
&lt;/controller&gt;
&lt;controller type='xenbus' maxGrantFrames='64'/&gt;
...
&lt;/devices&gt;
...</pre>
@@ -4225,20 +4061,12 @@
<dd>The <code>virtio-serial</code> controller has two additional
optional attributes <code>ports</code> and <code>vectors</code>,
which control how many devices can be connected through the
controller. <span class="since">Since 5.2.0</span>, it
supports an optional attribute <code>model</code> which can
be 'virtio', 'virtio-transitional', or 'virtio-non-transitional'. See
<a href="#elementsVirtioTransitional">Virtio transitional devices</a>
for more details.
</dd>
controller.</dd>
<dt><code>scsi</code></dt>
<dd>A <code>scsi</code> controller has an optional attribute
<code>model</code>, which is one of 'auto', 'buslogic', 'ibmvscsi',
'lsilogic', 'lsisas1068', 'lsisas1078', 'virtio-scsi',
'vmpvscsi', 'virtio-transitional', 'virtio-non-transitional'. See
<a href="#elementsVirtioTransitional">Virtio transitional devices</a>
for more details.
</dd>
'lsilogic', 'lsisas1068', 'lsisas1078', 'virtio-scsi' or
'vmpvscsi'.</dd>
<dt><code>usb</code></dt>
<dd>A <code>usb</code> controller has an optional attribute
<code>model</code>, which is one of "piix3-uhci", "piix4-uhci",
@@ -4257,11 +4085,6 @@
<dd><span class="since">Since 3.10.0</span> for the vbox driver, the
<code>ide</code> controller has an optional attribute
<code>model</code>, which is one of "piix3", "piix4" or "ich6".</dd>
<dt><code>xenbus</code></dt>
<dd><span class="since">Since 5.2.0</span>, the <code>xenbus</code>
controller has an optional attribute <code>maxGrantFrames</code>,
which specifies the maximum number of grant frames the controller
makes available for connected devices.</dd>
</dl>
<p>
@@ -4787,12 +4610,7 @@
<dd><span class="since">since 2.5.0</span>For SCSI devices, user
is responsible to make sure the device is not used by host. This
<code>type</code> passes all LUNs presented by a single HBA to
the guest. <span class="since">Since 5.2.0,</span> the
<code>model</code> attribute can be specified further
with "virtio-transitional", "virtio-non-transitional", or
"virtio". See
<a href="#elementsVirtioTransitional">Virtio transitional devices</a>
for more details.
the guest.
</dd>
<dt><code>mdev</code></dt>
<dd>For mediated devices (<span class="since">Since 3.2.0</span>)
@@ -5350,6 +5168,7 @@
&lt;virtualport&gt;
&lt;parameters instanceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'/&gt;
&lt;/virtualport&gt;
&lt;/interface&gt;
&lt;/devices&gt;
...</pre>
@@ -5826,11 +5645,7 @@ qemu-kvm -net nic,model=? /dev/null
<p>
Typical values for QEMU and KVM include:
ne2k_isa i82551 i82557b i82559er ne2k_pci pcnet rtl8139 e1000 virtio.
<span class="since">Since 5.2.0</span>, <code>virtio-transitional</code>
and <code>virtio-non-transitional</code> values are supported.
See <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
for more details.
ne2k_isa i82551 i82557b i82559er ne2k_pci pcnet rtl8139 e1000 virtio
</p>
<h5><a id="elementsDriverBackendOptions">Setting NIC driver-specific options</a></h5>
@@ -5846,7 +5661,8 @@ qemu-kvm -net nic,model=? /dev/null
&lt;host csum='off' gso='off' tso4='off' tso6='off' ecn='off' ufo='off' mrg_rxbuf='off'/&gt;
&lt;guest csum='off' tso4='off' tso6='off' ecn='off' ufo='off'/&gt;
&lt;/driver&gt;
</b>&lt;/interface&gt;
</b>
&lt;/interface&gt;
&lt;/devices&gt;
...</pre>
@@ -6348,7 +6164,7 @@ qemu-kvm -net nic,model=? /dev/null
<b>&lt;route family='ipv4' address='192.168.122.0' prefix='24' gateway='192.168.122.1'/&gt;</b>
<b>&lt;route family='ipv4' address='192.168.122.8' gateway='192.168.122.1'/&gt;</b>
&lt;/hostdev&gt;
...
&lt;/devices&gt;
...
</pre>
@@ -6540,12 +6356,6 @@ qemu-kvm -net nic,model=? /dev/null
For type <code>passthrough</code>, the mandatory sub-element <code>source</code>
must have an <code>evdev</code> attribute containing the absolute path to the
event device passed through to guests. (KVM only)
<span class="since">Since 5.2.0</span>, the <code>input</code> element
accepts a <code>model</code> attribute which has the values 'virtio',
'virtio-transitional' and 'virtio-non-transitional'. See
<a href="#elementsVirtioTransitional">Virtio transitional devices</a>
for more details.
</p>
<p>
@@ -6836,17 +6646,12 @@ qemu-kvm -net nic,model=? /dev/null
the other types, for practical reasons it should be paired with
either <code>vnc</code> or <code>spice</code> graphics types.
This display type is only supported by QEMU domains
(needs QEMU <span class="since">2.10</span> or newer).
<span class="Since">5.0.0</span> this element accepts a
<code>&lt;gl/&gt;</code> sub-element with an optional attribute
<code>rendernode</code> which can be used to specify an absolute
path to a host's DRI device to be used for OpenGL rendering.
(needs QEMU <span class="since">2.10</span> or newer) and doesn't
accept any attributes.
</p>
<pre>
&lt;graphics type='spice' autoport='yes'/&gt;
&lt;graphics type='egl-headless'&gt;
&lt;gl rendernode='/dev/dri/renderD128'/&gt;
&lt;/graphics&gt;
&lt;graphics type='egl-headless'/&gt;
</pre>
</dd>
</dl>
@@ -7293,9 +7098,9 @@ qemu-kvm -net nic,model=? /dev/null
Valid values for the <code>type</code> attribute are:
<code>serial</code> (described below);
<code>virtio</code> (usable whenever VirtIO support is available);
<code>xen</code>, <code>lxc</code> and <code>openvz</code>
(available when the corresponding hypervisor is in use).
<code>sclp</code> and <code>sclplm</code> (usable for s390 and
<code>xen</code>, <code>lxc</code>, <code>uml</code> and
<code>openvz</code> (available when the corresponding hypervisor is in
use). <code>sclp</code> and <code>sclplm</code> (usable for s390 and
s390x QEMU guests) are supported for compatibility reasons but should
not be used for new guests: use the <code>sclpconsole</code> and
<code>sclplmconsole</code> target models, respectively, with the
@@ -8017,12 +7822,8 @@ qemu-kvm -net nic,model=? /dev/null
</p>
<ul>
<li>'virtio' - default with QEMU/KVM</li>
<li>'virtio-transitional' <span class="since">Since 5.2.0</span></li>
<li>'virtio-non-transitional' <span class="since">Since 5.2.0</span></li>
<li>'xen' - default with Xen</li>
</ul>
See <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
for more details.
</dd>
<dt><code>autodeflate</code></dt>
<dd>
@@ -8094,11 +7895,7 @@ qemu-kvm -net nic,model=? /dev/null
</p>
<ul>
<li>'virtio' - supported by qemu and virtio-rng kernel module</li>
<li>'virtio-transitional' <span class='since'>Since 5.2.0</span></li>
<li>'virtio-non-transitional' <span class='since'>Since 5.2.0</span></li>
</ul>
See <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
for more details.
</dd>
<dt><code>rate</code></dt>
<dd>
@@ -8462,21 +8259,6 @@ qemu-kvm -net nic,model=? /dev/null
&lt;memory model='nvdimm'&gt;
&lt;source&gt;
&lt;path&gt;/tmp/nvdimm&lt;/path&gt;
&lt;alignsize unit='KiB'&gt;2048&lt;/alignsize&gt;
&lt;/source&gt;
&lt;target&gt;
&lt;size unit='KiB'&gt;524288&lt;/size&gt;
&lt;node&gt;1&lt;/node&gt;
&lt;label&gt;
&lt;size unit='KiB'&gt;128&lt;/size&gt;
&lt;/label&gt;
&lt;readonly/&gt;
&lt;/target&gt;
&lt;/memory&gt;
&lt;memory model='nvdimm'&gt;
&lt;source&gt;
&lt;path&gt;/dev/dax0.0&lt;/path&gt;
&lt;pmem/&gt;
&lt;/source&gt;
&lt;target&gt;
&lt;size unit='KiB'&gt;524288&lt;/size&gt;
@@ -8558,36 +8340,10 @@ qemu-kvm -net nic,model=? /dev/null
</dl>
<p>
For model <code>nvdimm</code> this element is mandatory. The
mandatory child element <code>path</code> represents a path in
the host that backs the nvdimm module in the guest. The following
optional elements may be used:
For model <code>nvdimm</code> this element is mandatory and has a
single child element <code>path</code> that represents a path
in the host that backs the nvdimm module in the guest.
</p>
<dl>
<dt><code>alignsize</code></dt>
<dd>
<p>
The <code>alignsize</code> element defines the page size
alignment used to mmap the address range for the backend
<code>path</code>. If not supplied the host page size is used.
For example, to mmap a real NVDIMM device a 2M-aligned page may
be required.
<span class="since">Since 5.0.0</span>
</p>
</dd>
<dt><code>pmem</code></dt>
<dd>
<p>
If persistent memory is supported and enabled by the hypervisor
in order to guarantee the persistence of writes to the vNVDIMM
backend, then use the <code>pmem</code> element in order to
utilize the feature.
<span class="since">Since 5.0.0</span>
</p>
</dd>
</dl>
</dd>
<dt><code>target</code></dt>
@@ -8606,39 +8362,19 @@ qemu-kvm -net nic,model=? /dev/null
NUMA nodes configured.
</p>
<p>
The following optional elements may be used:
For NVDIMM type devices one can optionally use
<code>label</code> and its subelement <code>size</code>
to configure the size of namespaces label storage
within the NVDIMM module. The <code>size</code> element
has usual meaning described
<a href="#elementsMemoryAllocation">here</a>.
For QEMU domains the following restrictions apply:
</p>
<dl>
<dt><code>label</code></dt>
<dd>
<p>
For NVDIMM type devices one can optionally use
<code>label</code> and its subelement <code>size</code>
to configure the size of namespaces label storage
within the NVDIMM module. The <code>size</code> element
has usual meaning described
<a href="#elementsMemoryAllocation">here</a>.
For QEMU domains the following restrictions apply:
</p>
<ol>
<li>the minimum label size is 128KiB,</li>
<li>the remaining size (total-size - label-size) will be aligned
to 4KiB as default.</li>
</ol>
</dd>
<dt><code>readonly</code></dt>
<dd>
<p>
The <code>readonly</code> element is used to mark the vNVDIMM
as read-only. Only the real NVDIMM device backend can guarantee
the guest write persistence, so other backend types should use
the <code>readonly</code> element.
<span class="since">Since 5.0.0</span>
</p>
</dd>
</dl>
<ol>
<li>the minimum label size is 128KiB,</li>
<li>the remaining size (total-size - label-size) has to be aligned to
4KiB</li>
</ol>
</dd>
</dl>
@@ -8725,11 +8461,7 @@ qemu-kvm -net nic,model=? /dev/null
<h3><a id="vsock">Vsock</a></h3>
<p>A vsock host/guest interface. The <code>model</code> attribute
defaults to <code>virtio</code>. <span class="since">Since 5.2.0</span>
<code>model</code> can also be 'virtio-transitional' and
'virtio-non-transitional', see
<a href="#elementsVirtioTransitional">Virtio transitional devices</a>
for more details.
defaults to <code>virtio</code>.
The optional attribute <code>address</code> of the <code>cid</code>
element specifies the CID assigned to the guest. If the attribute
<code>auto</code> is set to <code>yes</code>, libvirt
@@ -8929,8 +8661,8 @@ qemu-kvm -net nic,model=? /dev/null
different entity using a different key the encrypted guests data will
be incorrectly decrypted, leading to unintelligible data.
For more information see various input parameters and its format see the
<a href="https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf">SEV API spec</a>
For more information see various input parameters and its format see the SEV API spec
<a href="https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf"> https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf </a>
<span class="since">Since 4.4.0</span>
</p>
<pre>

14
docs/formatdomaincaps.html.in
View File

@@ -37,17 +37,6 @@
management application to choose an appropriate mode for a pass-through
host device as well as which adapter to utilize.</p>
<p>Some XML elements may be entirely omitted from the domaincapabilities
XML, depending on what the libvirt driver has filled in. Applications
should only act on what is explicitly reported in the domaincapabilities
XML. For example, if &lt;disk supported='yes'/&gt; is present, you can safely
assume the driver supports &lt;disk&gt; devices. If &lt;disk supported='no'/&gt; is
present, you can safely assume the driver does NOT support &lt;disk&gt;
devices. If the &lt;disk&gt; block is omitted entirely, the driver is not
indicating one way or the other whether it supports &lt;disk&gt; devices, and
applications should not interpret the missing block to mean any thing in
particular.</p>
<h2><a id="elements">Element and attribute overview</a></h2>
<p> A new query interface was added to the virConnect API's to retrieve the
@@ -289,6 +278,7 @@
&lt;value&gt;virtio&lt;/value&gt;
&lt;value&gt;xen&lt;/value&gt;
&lt;value&gt;usb&lt;/value&gt;
&lt;value&gt;uml&lt;/value&gt;
&lt;value&gt;sata&lt;/value&gt;
&lt;value&gt;sd&lt;/value&gt;
&lt;/enum&gt;
@@ -492,7 +482,7 @@
<p>
For more details on SEV feature see:
<a href="https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf">
<a href="https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf">
SEV API spec</a> and <a href="http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf">
SEV White Paper</a>
</p>

21
docs/formatnetwork.html.in
View File

@@ -107,13 +107,13 @@
may also be connected to the LAN. When defining
a new network with a <code>&lt;forward&gt;</code> mode of
"nat", "route", or "open" (or an isolated network with
"nat" or "route" (or an isolated network with
no <code>&lt;forward&gt;</code> element), libvirt will
automatically generate a unique name for the bridge device if
none is given, and this name will be permanently stored in the
network configuration so that that the same name will be used
every time the network is started. For these types of networks
(nat, route, open, and isolated), a bridge name beginning with the
(nat, routed, and isolated), a bridge name beginning with the
prefix "virbr" is recommended (and that is what is
auto-generated), but not enforced.
Attribute <code>stp</code> specifies if Spanning Tree Protocol
@@ -152,23 +152,6 @@
<span class="since">Since 1.2.11, requires kernel 3.17 or
newer</span>
</p>
<p>
The optional <code>zone</code> attribute of
the <code>bridge</code> element is used to specify
the <a href="https://firewalld.org">firewalld</a>
zone for the bridge of a network with <code>forward</code>
mode of "nat", "route", "open", or one with
no <code>forward</code> specified. By default, the bridges
of all virtual networks with these forward modes are placed
in the firewalld zone named "libvirt", which permits
incoming DNS, DHCP, TFTP, and SSH to the host from guests on
the network. This behavior can be changed either by
modifying the libvirt zone (using firewalld management
tools), or by placing the network in a different zone (which
will also be managed using firewalld tools).
<span class="since">Since 5.1.0</span>
</p>
</dd>
<dt><code>mtu</code></dt>

5
docs/formatnode.html.in
View File

@@ -70,10 +70,6 @@
<dd>Describes a device on the host's PCI bus. Sub-elements
include:
<dl>
<dt><code>class</code></dt>
<dd>Optional element for combined class, subclass and
programming interface codes as 6-digit hexadecimal number.
<span class="since">Since 5.2.0</span></dd>
<dt><code>domain</code></dt>
<dd>Which domain the device belongs to.</dd>
<dt><code>bus</code></dt>
@@ -385,7 +381,6 @@
&lt;name&gt;igb&lt;/name&gt;
&lt;/driver&gt;
&lt;capability type='pci'&gt;
&lt;class&gt;0x020000&lt;/class&gt;
&lt;domain&gt;0&lt;/domain&gt;
&lt;bus&gt;2&lt;/bus&gt;
&lt;slot&gt;0&lt;/slot&gt;

2
docs/formatnwfilter.html.in
View File

@@ -2265,7 +2265,7 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
to the incoming and outgoing direction. All this is related to the ftp
data traffic originating from TCP port 20 of the VM. This then leads to
the following solution
<span class="since">(since 0.8.5 (QEMU, KVM))</span>:
<span class="since">(since 0.8.5 (QEMU, KVM, UML))</span>:
</p>
<pre>
&lt;filter name='test-eth0'&gt;

106
docs/formatsnapshot.html.in
View File

@@ -33,7 +33,7 @@
resume in a consistent state; but if the disks are modified
externally in the meantime, this is likely to lead to data
corruption.</dd>
<dt>full system</dt>
<dt>system checkpoint</dt>
<dd>A combination of disk snapshots for all disks as well as VM
memory state, which can be used to resume the guest from where it
left off with symptoms similar to hibernation (that is, TCP
@@ -55,12 +55,11 @@
as <code>virDomainSaveImageGetXMLDesc()</code> to work with
those files.
</p>
<p>Full system snapshots are created
by <code>virDomainSnapshotCreateXML()</code> with no flags, while
<p>System checkpoints are created
by <code>virDomainSnapshotCreateXML()</code> with no flags, and
disk snapshots are created by the same function with
the <code>VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY</code>
flag. Regardless of the flags provided, restoration of the
snapshot is handled by
the <code>VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY</code> flag; in
both cases, they are restored by
the <code>virDomainRevertToSnapshot()</code> function. For
these types of snapshots, libvirt tracks each snapshot as a
separate <code>virDomainSnapshotPtr</code> object, and maintains
@@ -79,8 +78,7 @@
redefining a snapshot (<span class="since">since 0.9.5</span>),
with the <code>VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE</code> flag
of <code>virDomainSnapshotCreateXML()</code>, all of the XML
described here is relevant on input, even the fields that are
normally described as readonly for output.
described here is relevant.
</p>
<p>
Snapshots are maintained in a hierarchy. A domain can have a
@@ -99,14 +97,16 @@
</p>
<dl>
<dt><code>name</code></dt>
<dd>The optional name for this snapshot. If the name is
omitted, libvirt will create a name based on the time of the
creation.
<dd>The name for this snapshot. If the name is specified when
initially creating the snapshot, then the snapshot will have
that particular name. If the name is omitted when initially
creating the snapshot, then libvirt will make up a name for
the snapshot, based on the time when it was created.
</dd>
<dt><code>description</code></dt>
<dd>An optional human-readable description of the snapshot. If
the description is omitted when initially creating the
snapshot, then this field will be empty.
<dd>A human-readable description of the snapshot. If the
description is omitted when initially creating the snapshot,
then this field will be empty.
</dd>
<dt><code>memory</code></dt>
<dd>On input, this is an optional request for how to handle VM
@@ -128,10 +128,13 @@
what file name is created in an external snapshot. On output,
this is fully populated to show the state of each disk in the
snapshot, including any properties that were generated by the
hypervisor defaults. For full system snapshots, this field is
ignored on input and omitted on output (a full system snapshot
implies that all disks participate in the snapshot process).
This element has a list of <code>disk</code>
hypervisor defaults. For system checkpoints, this field is
ignored on input and omitted on output (a system checkpoint
implies that all disks participate in the snapshot process,
and since the current implementation only does internal system
checkpoints, there are no extra details to add); a future
release may allow the use of <code>disks</code> with a system
checkpoint. This element has a list of <code>disk</code>
sub-elements, describing anywhere from zero to all of the
disks associated with the domain. <span class="since">Since
0.9.5</span>
@@ -198,52 +201,45 @@
</dl>
</dd>
<dt><code>creationTime</code></dt>
<dd>A readonly representation of the time this snapshot was
created. The time is specified in seconds since the Epoch,
UTC (i.e. Unix time).
<dd>The time this snapshot was created. The time is specified
in seconds since the Epoch, UTC (i.e. Unix time). Readonly.
</dd>
<dt><code>state</code></dt>
<dd>A readonly representation of the state of the domain at the
time this snapshot was taken. If a full system snapshot was
created, then this is the state of the domain at that
time. When the domain is reverted to this snapshot, the
domain's state will default to this state, unless overridden
by <code>virDomainRevertToSnapshot()</code> flags to revert to
a running or paused state. Additionally, this field can be the
value "disk-snapshot" (<span class="since">since 0.9.5</span>)
when it represents only a disk snapshot (no VM memory state),
and reverting to this snapshot will default to an inactive
guest.
<dd>The state of the domain at the time this snapshot was taken.
If the snapshot was created as a system checkpoint, then this
is the state of the domain at that time; when the domain is
reverted to this snapshot, the domain's state will default to
whatever is in this field unless additional flags are passed
to <code>virDomainRevertToSnapshot()</code>. Additionally,
this field can be the value "disk-snapshot"
(<span class="since">since 0.9.5</span>) when it represents
only a disk snapshot (no VM memory state), and reverting to this
snapshot will default to an inactive guest. Readonly.
</dd>
<dt><code>parent</code></dt>
<dd>An optional readonly representation of the parent of this
snapshot. If present, this element contains exactly one child
element, <code>name</code>. This specifies the name of the
parent snapshot of this snapshot, and is used to represent
trees of snapshots.
<dd>The parent of this snapshot. If present, this element
contains exactly one child element, name. This specifies the
name of the parent snapshot of this snapshot, and is used to
represent trees of snapshots. Readonly.
</dd>
<dt><code>domain</code></dt>
<dd>A readonly representation of the domain that this snapshot
was taken against. Older versions of libvirt stored only a
single child element, uuid; reverting to a snapshot like this
is risky if the current state of the domain differs from the
state that the domain was created in, and requires the use of
the <code>VIR_DOMAIN_SNAPSHOT_REVERT_FORCE</code> flag
<dd>The domain that this snapshot was taken against. Older
versions of libvirt stored only a single child element, uuid;
reverting to a snapshot like this is risky if the current
state of the domain differs from the state that the domain was
created in, and requires the use of the
<code>VIR_DOMAIN_SNAPSHOT_REVERT_FORCE</code> flag
in <code>virDomainRevertToSnapshot()</code>. Newer versions
of libvirt (<span class="since">since 0.9.5</span>) store the
entire inactive <a href="formatdomain.html">domain
configuration</a> at the time of the snapshot
(<span class="since">since 0.9.5</span>). The domain will have
security-sensitive information omitted
unless the flag <code>VIR_DOMAIN_SNAPSHOT_XML_SECURE</code> is
provided on a read-write connection.
of libvirt (<span class="since">since 0.9.5</span>) store the entire
inactive <a href="formatdomain.html">domain configuration</a>
at the time of the snapshot (<span class="since">since
0.9.5</span>). Readonly.
</dd>
<dt><code>cookie</code></dt>
<dd>An optional readonly representation of a save image cookie
containing additional data libvirt may need to properly
restore a domain from an active snapshot when such data cannot
be stored directly in the <code>domain</code> to maintain
compatibility with older libvirt or hypervisor.
<dd>Save image cookie containing additional data libvirt may need to
properly restore a domain from an active snapshot when such data
cannot be stored directly in the <code>domain</code> to maintain
compatibility with older libvirt or hypervisor. Readonly.
</dd>
</dl>

196
docs/formatstorage.html.in
View File

@@ -19,15 +19,14 @@
a single attribute <code>type</code>, which is one of <code>dir</code>,
<code>fs</code>, <code>netfs</code>, <code>disk</code>,
<code>iscsi</code>, <code>logical</code>, <code>scsi</code>
(all <span class="since">since 0.4.1</span>),
<code>mpath</code> (<span class="since">since 0.7.1</span>),
<code>rbd</code> (<span class="since">since 0.9.13</span>),
<code>sheepdog</code> (<span class="since">since 0.10.0</span>),
<code>gluster</code> (<span class="since">since 1.2.0</span>),
<code>zfs</code> (<span class="since">since 1.2.8</span>),
<code>vstorage</code> (<span class="since">since 3.1.0</span>),
or <code>iscsi-direct</code> (<span class="since">since 4.7.0</span>).
This corresponds to the
(all <span class="since">since 0.4.1</span>), <code>mpath</code>
(<span class="since">since 0.7.1</span>), <code>rbd</code>
(<span class="since">since 0.9.13</span>), <code>sheepdog</code>
(<span class="since">since 0.10.0</span>),
<code>gluster</code> (<span class="since">since
1.2.0</span>), <code>zfs</code> (<span class="since">since
1.2.8</span>) or <code>vstorage</code> (<span class="since">since
3.1.0</span>). This corresponds to the
storage backend drivers listed further along in this document.
</p>
<h3><a id="StoragePoolFirst">General metadata</a></h3>
@@ -122,26 +121,15 @@
&lt;/source&gt;
...</pre>
<pre>
...
&lt;source&gt;
&lt;host name='localhost'/&gt;
&lt;dir path='/var/lib/libvirt/images'/&gt;
&lt;format type='nfs'/&gt;
&lt;protocol ver='3'/&gt;
&lt;/source&gt;
...</pre>
<dl>
<dt><code>device</code></dt>
<dd>Provides the source for pools backed by physical devices
(pool types <code>fs</code>, <code>logical</code>, <code>disk</code>,
<code>iscsi</code>, <code>iscsi-direct</code>, <code>zfs</code>,
<code>vstorage</code>).
<code>iscsi</code>, <code>zfs</code>, <code>vstorage</code>).
May be repeated multiple times depending on backend driver. Contains
a required attribute <code>path</code> which is either the fully
qualified path to the block device node or for <code>iscsi</code>
or <code>iscsi-direct</code> the iSCSI Qualified Name (IQN).
the iSCSI Qualified Name (IQN).
<span class="since">Since 0.4.1</span>
<p>An optional attribute <code>part_separator</code> for each
<code>path</code> may be supplied. Valid values for the attribute
@@ -346,7 +334,6 @@
<dt><code>host</code></dt>
<dd>Provides the source for pools backed by storage from a
remote server (pool types <code>netfs</code>, <code>iscsi</code>,
<code>iscsi-direct</code>,
<code>rbd</code>, <code>sheepdog</code>, <code>gluster</code>). Will be
used in combination with a <code>directory</code>
or <code>device</code> element. Contains an attribute <code>name</code>
@@ -361,19 +348,11 @@
server. See the <a href="storage.html">storage driver page</a> for
any restrictions for specific storage backends.
<span class="since">Since 0.4.1</span></dd>
<dt><code>initiator</code></dt>
<dd>Required by the <code>iscsi-direct</code> pool in order to provide
the iSCSI Qualified Name (IQN) to communicate with the pool's
<code>device</code> target IQN. There is one sub-element
<code>iqn</code> with the <code>name</code> attribute to describe
the IQN for the initiator.
<span class="since">Since 4.7.0</span></dd>
<dt><code>auth</code></dt>
<dd>If present, the <code>auth</code> element provides the
authentication credentials needed to access the source by the
setting of the <code>type</code> attribute (pool
types <code>iscsi</code>, <code>iscsi-direct</code>, <code>rbd</code>).
The <code>type</code>
types <code>iscsi</code>, <code>rbd</code>). The <code>type</code>
must be either "chap" or "ceph". Use "ceph" for
Ceph RBD (Rados Block Device) network sources and use "iscsi" for CHAP
(Challenge-Handshake Authentication Protocol) iSCSI
@@ -407,12 +386,6 @@
LVM metadata type. All drivers are required to have a default
value for this, so it is optional. <span class="since">Since 0.4.1</span></dd>
<dt><code>protocol</code></dt>
<dd>For a <code>netfs</code> Storage Pool provide a mechanism to
define which NFS protocol version number will be used to contact
the server's NFS service. The attribute <code>ver</code> accepts
an unsigned integer as the version number to use.
<span class="since">Since 5.1.0</span></dd>
<dt><code>vendor</code></dt>
<dd>Provides optional information about the vendor of the
storage device. This contains a single
@@ -478,8 +451,8 @@
The <code>owner</code> element contains the numeric user ID.
The <code>group</code> element contains the numeric group ID.
If <code>owner</code> or <code>group</code> aren't specified when
creating a directory, the UID and GID of the libvirtd process are used.
The <code>label</code> element contains the MAC (eg SELinux)
creating a directory, the values are inherited from the parent
directory. The <code>label</code> element contains the MAC (eg SELinux)
label string.
<span class="since">Since 0.4.1</span>
For running directory or filesystem based pools, these fields
@@ -508,145 +481,6 @@
device, measured in bytes. <span class="since">Since 0.4.1</span>
</p>
<h3><a id="StoragePoolRefresh">Refresh overrides</a></h3>
<p>
The optional <code>refresh</code> element can control how the pool and
associated volumes are refreshed (pool type <code>rbd</code>). The
<code>allocation</code> attribute of the <code>volume</code> child element
controls the method used for computing the allocation of a volume. The
valid attribute values are <code>default</code> to compute the actual
usage or <code>capacity</code> to use the logical capacity for cases where
computing the allocation is too expensive. The following XML snippet
shows the syntax:
<pre>
&lt;pool type="rbd"&gt;
&lt;name&gt;myrbdpool&lt;/name&gt;
...
&lt;source/&gt;
...
&lt;refresh&gt;
&lt;volume allocation='capacity'/&gt;
&lt;/refresh&gt;
...
&lt;/pool&gt;
</pre>
<span class="since">Since 5.2.0</span>
</p>
<h3><a id="StoragePoolNamespaces">Storage Pool Namespaces</a></h3>
<p>
Usage of Storage Pool Namespaces provides a mechanism to provide
pool type specific data in a free form or arbitrary manner via
XML syntax targeted solely for the needs of the specific pool type
which is not otherwise supported in standard XML. For the "fs" and
"netfs" pool types this provides a mechanism to provide additional
mount options on the command line. For the "rbd" pool this provides
a mechanism to override default settings for RBD configuration options.
</p>
<p>
Usage of namespaces comes with no support guarantees. It is intended
for developers testing out a concept prior to requesting an explicitly
supported XML option in libvirt, and thus should never be used in
production.
</p>
<dl>
<dt><code>fs:mount_opts</code></dt>
<dd>Provides an XML namespace mechanism to optionally utilize
specifically named options for the mount command via the "-o"
option for the <code>fs</code> or <code>netfs</code> type storage
pools. In order to designate that the Storage Pool will be using
the mechanism, the <code>pool</code> element must be modified to
provide the XML namespace attribute syntax as follows:
<p>
xmlns:fs='http://libvirt.org/schemas/storagepool/fs/1.0'
</p>
<p>
The <code>fs:mount_opts</code> defines the mount options by
specifying multiple <code>fs:option</code> subelements with
the attribute <code>name</code> specifying the mount option to
be added. The value of the named option is not checked since
it's possible options don't exist on all distributions. It is
expected that proper and valid options will be supplied for the
target host.
</p>
The following XML snippet shows the syntax required in order to
utilize for a netfs pool:
<pre>
&lt;pool type="netfs" xmlns:fs='http://libvirt.org/schemas/storagepool/fs/1.0'&gt;
&lt;name&gt;nfsimages&lt;/name&gt;
...
&lt;source&gt;
...
&lt;/source&gt;
...
&lt;target&gt;
...
&lt;/target&gt;
&lt;fs:mount_opts&gt;
&lt;fs:option name='sync'/&gt;
&lt;fs:option name='lazytime'/&gt;
&lt;/fs:mount_opts&gt;
&lt;/pool&gt;
...</pre>
<span class="since">Since 5.1.0.</span></dd>
<dt><code>rbd:config_opts</code></dt>
<dd>Provides an XML namespace mechanism to optionally utilize
specifically named options for the RBD configuration options
via the rados_conf_set API for the <code>rbd</code> type
storage pools. In order to designate that the Storage Pool
will be using the mechanism, the <code>pool</code> element
must be modified to provide the XML namespace attribute
syntax as follows:
<p>
xmlns:rbd='http://libvirt.org/schemas/storagepool/rbd/1.0'
</p>
<p>
The <code>rbd:config_opts</code> defines the configuration options
by specifying multiple <code>rbd:option</code> subelements with
the attribute <code>name</code> specifying the configuration option
to be added and <code>value</code> specifying the configuration
option value. The name and value for each option is only checked
to be not empty. The name and value provided are not checked since
it's possible options don't exist on all distributions. It is
expected that proper and valid options will be supplied for the
target host.
</p>
The following XML snippet shows the syntax required in order to
utilize
<pre>
&lt;pool type="rbd" xmlns:rbd='http://libvirt.org/schemas/storagepool/rbd/1.0'&gt;
&lt;name&gt;myrbdpool&lt;/name&gt;
...
&lt;source&gt;
...
&lt;/source&gt;
...
&lt;target&gt;
...
&lt;/target&gt;
...
&lt;rbd:config_opts&gt;
&lt;rbd:option name='client_mount_timeout' value='45'/&gt;
&lt;rbd:option name='rados_mon_op_timeout' value='20'/&gt;
&lt;rbd:option name='rados_osd_op_timeout' value='10'/&gt;
&lt;/rbd:config_opts&gt;
&lt;/pool&gt;
</pre>
<span class="since">Since 5.1.0.</span></dd>
</dl>
<h2><a id="StorageVol">Storage volume XML</a></h2>
<p>
A storage volume will generally be either a file or a device
@@ -802,8 +636,8 @@
The <code>owner</code> element contains the numeric user ID.
The <code>group</code> element contains the numeric group ID.
If <code>owner</code> or <code>group</code> aren't specified when
creating a supported volume, the UID and GID of the libvirtd process
are used. The <code>label</code> element contains the MAC (eg SELinux)
creating a supported volume, the values are inherited from the parent
directory. The <code>label</code> element contains the MAC (eg SELinux)
label string.
For existing directory or filesystem based volumes, these fields
will be filled with the values used by the existing file.

101
docs/formatstoragecaps.html.in
View File

@@ -1,101 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<h1>Storage Pool Capabilities XML format</h1>
<ul id="toc"></ul>
<h2><a id="Overview">Overview</a></h2>
<p>The Storage Pool Capabilities XML will provide the information
to determine what types of Storage Pools exist, whether the pool is
supported, and if relevant the source format types, the required
source elements, and the target volume format types. </p>
<p>The Storage Pool Capabilities XML provides more information than the
<a href="/html/libvirt-libvirt-host.html#virConnectGetCapabilities">
<code>virConnectGetCapabilities</code>
</a>
which only provides an enumerated list of supported pool types.</p>
<h2><a id="elements">Element and attribute overview</a></h2>
<p>A query interface was added to the virConnect API's to retrieve the
XML listing of the set of Storage Pool Capabilities
(<span class="since">Since 5.2.0</span>):</p>
<pre>
<a href="/html/libvirt-libvirt-domain.html#virConnectGetStoragePoolCapabilities">virConnectGetStoragePoolCapabilities</a>
</pre>
<p>The root element that emulator capability XML document starts with is
named <code>storagepoolCapabilities</code>. There will be any number of
<code>pool</code> child elements with two attributes <code>type</code>
and <code>supported</code>. Each <code>pool</code> element may have
a <code>poolOptions</code> or <code>volOptions</code> subelements to
describe the available features. Sample XML output is:</p>
<pre>
&lt;storagepoolCapabilities&gt;
&lt;pool type='dir' supported='yes'&gt;
&lt;volOptions&gt;
&lt;defaultFormat type='raw'&lt;/&gt;
&lt;enum name='targetFormatType'&gt;
&lt;value&gt;none&lt;/value&gt;
&lt;value&gt;raw&lt;/value&gt;
...
&lt;/enum&gt;
&lt;/volOptions&gt;
&lt;/pool&gt;
&lt;pool type='fs' supported='yes'&gt;
&lt;poolOptions&gt;
&lt;defaultFormat type='auto'&lt;/&gt;
&lt;enum name='sourceFormatType'&gt;
&lt;value&gt;auto&lt;/value&gt;
&lt;value&gt;ext2&lt;/value&gt;
...
&lt;/enum&gt;
&lt;/poolOptions&gt;
&lt;volOptions&gt;
&lt;defaultFormat type='raw'&lt;/&gt;
&lt;enum name='targetFormatType'&gt;
&lt;value&gt;none&lt;/value&gt;
&lt;value&gt;raw&lt;/value&gt;
...
&lt;/enum&gt;
&lt;/volOptions&gt;
&lt;/pool&gt;
...
&lt;/storagepoolCapabilities&gt;
</pre>
<p>The following section decribes subelements of the
<code>poolOptions</code> and <code>volOptions</code> subelements </p>:
<dl>
<dt><code>defaultFormat</code></dt>
<dd>For the <code>poolOptions</code>, the <code>type</code> attribute
describes the default format name used for the pool source. For the
<code>volOptions</code>, the <code>type</code> attribute describes
the default volume name used for each volume.
</dd>
<dl>
<dt><code>enum</code></dt>
<dd>Each enum uses a name from the list below with any number of
<code>value</code> value subelements describing the valid values.
<dl>
<dt><code>sourceFormatType</code></dt>
<dd>Lists all the possible <code>poolOptions</code> source
pool format types.
</dd>
<dt><code>targetFormatType</code></dt>
<dd>Lists all the possible <code>volOptions</code> target volume
format types.
</dd>
</dl>
</dd>
</dl>
</dl>
</body>
</html>

2
docs/governance.html.in
View File

@@ -155,7 +155,7 @@
also implicitly stating that they have the legal right to make the
contribution, if doing so on behalf of a broader organization /
company. Most of the project's code is distributed under the GNU
Lesser General Public License, version 2.1 or later. Details of the
Lesser General Public License, version 2 or later. Details of the
exact license under which contributions will be presumed to be
covered are found in the source repositories, or website in question.
</p>

29
docs/hacking.html.in
View File

@@ -1412,34 +1412,5 @@ int foo()
in the same way, but still make sure they get reviewed if non-trivial.
</li>
</ul>
<h2><a id="coverage">Code coverage reports</a></h2>
<p>
Code coverage HTML reports can be generated with:
</p>
<pre>
make coverage
</pre>
<p>
Reports will be generated in the <code>cov/</code> directory. Point a
web browser at <code>cov/index.html</code> for the full report.
</p>
<p>
The <code>make coverage</code> target is provided by <code>gnulib</code>.
It is a convenience helper for calling the following 3 targets in order.
It may be useful to occasionally call these directly.
<ul>
<li><code>make init-coverage</code>: run <code>make clean</code> and
remove all code coverage counter files (*.gcno, etc.)</li>
<li><code>make build-coverage</code>: run <code>make</code> and
<code>make check</code> with <code>CFLAGS</code> filled in with
necessary coverage flags</li>
<li><code>make gen-coverage</code>: generate the HTML report</li>
</ul>
</p>
</body>
</html>

1
docs/index.html.in
View File

@@ -66,7 +66,6 @@
<a href="formatstorageencryption.html">storage encryption</a>,
<a href="formatcaps.html">capabilities</a>,
<a href="formatdomaincaps.html">domain capabilities</a>,
<a href="formatstoragecaps.html">storage pool capabilities</a>,
<a href="formatnode.html">node devices</a>,
<a href="formatsecret.html">secrets</a>,
<a href="formatsnapshot.html">snapshots</a></dd>

2
docs/internals/command.html.in
View File

@@ -426,7 +426,7 @@ dprintf(logfd, "%s: ", timestamp);
VIR_FREE(timestamp);
virCommandWriteArgLog(cmd, logfd);
string = virCommandToString(cmd, false);
string = virCommandToString(cmd);
if (string)
VIR_DEBUG("about to run %s", string);
VIR_FREE(string);

10
docs/libvirt.css
View File

@@ -100,15 +100,14 @@
margin-right: auto;
padding: 0px;
padding-bottom: 1em;
max-width: 95%;
width: 70em;
max-width: 60em;
}
body.index #content,
body.docs #content,
body.hvsupport #content
{
width: inherit;
max-width: inherit;
}
pre {
@@ -394,7 +393,6 @@ table.acl {
table.acl tr, table.acl td {
padding: 0.3em;
border: 1px solid #ccc;
}
table.acl thead {
@@ -538,7 +536,3 @@ dl.mail dt a:hover {
color: rgb(255, 230, 0);
text-decoration: none;
}
td.enumvalue {
white-space: nowrap;
}

22
docs/newapi.xsl
View File

@@ -288,24 +288,6 @@
</xsl:choose>
</xsl:template>
<xsl:template name="enumvalue">
<xsl:param name="value" select="@value"/>
<xsl:param name="valuehex" select="@value_hex"/>
<xsl:param name="valuebitshift" select="@value_bitshift"/>
<xsl:value-of select="@value"/>
<xsl:if test="$valuehex != '' or $valuebitshift != ''">
<xsl:text> (</xsl:text>
<xsl:if test="$valuehex != ''">
<xsl:value-of select="@value_hex"/>
</xsl:if>
<xsl:if test="$valuebitshift != ''">
<xsl:text>; 1 &lt;&lt; </xsl:text>
<xsl:value-of select="@value_bitshift"/>
</xsl:if>
<xsl:text>)</xsl:text>
</xsl:if>
</xsl:template>
<xsl:template match="typedef[@type = 'enum']">
<xsl:variable name="name" select="string(@name)"/>
<h3><a name="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
@@ -324,7 +306,7 @@
<td><xsl:text> = </xsl:text></td>
<xsl:choose>
<xsl:when test="@info != ''">
<td class="enumvalue"><xsl:call-template name="enumvalue"/></td>
<td><xsl:value-of select="@value"/></td>
<td>
<div class="comment">
<xsl:call-template name="dumptext">
@@ -334,7 +316,7 @@
</td>
</xsl:when>
<xsl:otherwise>
<td colspan="2" class="enumvalue"><xsl:call-template name="enumvalue"/></td>
<td colspan="2"><xsl:value-of select="@value"/></td>
</xsl:otherwise>
</xsl:choose>
</tr>

627
docs/news.xml
View File

@@ -33,633 +33,6 @@
-->
<libvirt>
<release version="v5.2.0" date="unreleased">
<section title="New features">
<change>
<summary>
Add Storage Pool Capabilities output
</summary>
<description>
Add support to list an enumerated list of supported Storage
Pools via the virConnectGetCapabilities API when connected
via a Storage Driver. Add support to get a more detailed
list XML output Storage Pool Capabilities vis the
virConnectGetStoragePoolCapabilites API.
</description>
</change>
<change>
<summary>
qemu: Support virtio-{non-}transitional device models
</summary>
<description>
<code>virtio-transitional</code> and
<code>virtio-non-transitional</code> <code>model</code> values
were added to the QEMU driver for the following devices:
<code>disk</code>, <code>interface</code>, <code>filesystem</code>,
<code>rng</code>, <code>vsock</code>, <code>memballoon</code>,
<code>controller</code> type <code>scsi</code>,
<code>controller</code> type <code>virtio-serial</code>,
<code>input</code> bus <code>virtio</code>
type <code>passthrough</code>,
<code>hostdev</code> type <code>scsi_host</code>. These new
models can be used to give fine grained control over what
virtio device version is presented to the guest.
</description>
</change>
<change>
<summary>
qemu: Enable firmware autoselection
</summary>
<description>
Libvirt allows users to provide loader path for some time now.
However, this puts some burden on users because they need to
know what firmware meets their requirements. Now that QEMU
ships firmware description files this burden can be moved onto
libvirt. It is as easy as setting the <code>firmware</code>
attribute in the <code>os</code> element (accepted values are
<code>bios</code> and <code>efi</code>). Moreover, libvirt
automatically enables domain features needed for firmware it
chooses.
</description>
</change>
<change>
<summary>
snapshots: Add support for topological listings
</summary>
<description>
A new flag VIR_DOMAIN_SNAPSHOT_LIST_TOPOLOGICAL is available
for the various snapshot listing APIs such as
virDomainListAllSnapshots(). For drivers that support the
flag, the listed snapshots are guaranteed to be sorted such
that parents occur before children.
</description>
</change>
<change>
<summary>
Xen: Add support for max grant frames setting
</summary>
<description>
Add support for Xen's max_grant_frames setting by adding a
new xenbus controller type with a maxGrantFrames attribute.
E.g. <code>&lt;controller type='xenbus' maxGrantFrames='64'/&gt;</code>
</description>
</change>
<change>
<summary>
qemu: Add support for parallel migration
</summary>
<description>
With QEMU 4.0.0 libvirt can enable parallel migration which causes
the memory pages to be processed in parallel by several threads and
sent to the destination host using several connections at the same
time. This may increase migration speed in case a single thread is
unable to saturate the network link.
</description>
</change>
</section>
<section title="Removed features">
<change>
<summary>
Drop support for Upstart and "Red Hat" init scripts
</summary>
<description>
Not a single one of the platforms we target still uses Upstart,
and the Upstart project itself has been abandoned for several years
now; the same is true for the "Red Hat" (really System V) init
scripts, since RHEL 7 and later releases use systemd.
</description>
</change>
</section>
<section title="Improvements">
<change>
<summary>
Report class information for PCI node device capability.
</summary>
</change>
<change>
<summary>
Split setup of IPv4 and IPv6 top level chain
</summary>
<description>
The requirement resulting from private chains improvement done
in <code>v5.1.0</code> was refined so that only tables from
corresponding IP version are required. This means that if a
network doesn't have <code>IPv6</code> enabled then those
tables are not required.
</description>
</change>
</section>
<section title="Bug fixes">
</section>
</release>
<release version="v5.1.0" date="2019-03-04">
<section title="New features">
<change>
<summary>
bhyve: Add support for additional command-line arguments
</summary>
<description>
The bhyve driver now supports passing additional command-line
arguments to the bhyve process using the new
<code>&lt;bhyve:commandline&gt;</code> element in domain
configuration.
</description>
</change>
<change>
<summary>
network: Support setting a firewalld "zone" for virtual network bridges
</summary>
<description>
All libvirt virtual networks with bridges managed by libvirt
(i.e. those with forward mode of "nat", "route", "open", or
no forward mode) will now be placed in a special firewalld
zone called "libvirt" by default. The zone of any network
bridge can be changed using the <code>zone</code> attribute
of the network's <code>bridge</code> element.
</description>
</change>
<change>
<summary>
bhyve: Support for ignoring unknown MSRs reads and writes
</summary>
<description>
A new &lt;features&gt; element &lt;msrs unknown='ignore'/&gt; was
introduced and the bhyve driver supports it to control unknown
Model Specific Registers (MSRs) reads and writes.
</description>
</change>
<change>
<summary>
qemu: Add support for encrypted VNC TLS keys
</summary>
<description>
Use the password stored in the secret driver under the uuid
specified by the <code>vnc_tls_x509_secret_uuid</code> option
in qemu.conf.
</description>
</change>
<change>
<summary>
Add storage pool namespace options
</summary>
<description>
Allow for adjustment of RBD configuration options via Storage
Pool XML Namespace adjustments.
</description>
</change>
<change>
<summary>
qemu: Add support for setting post-copy migration bandwidth
</summary>
<description>
Users can now limit the bandwidth of post-copy migration, e.g.
via <code>virsh migrate --postcopy-bandwidth</code>.
</description>
</change>
</section>
<section title="Improvements">
<change>
<summary>
Create private chains for virtual network firewall rules
</summary>
<description>
Historically firewall rules for virtual networks were added
straight into the base chains. This works but has a number of
bugs and design limitations. To address them, libvirt now puts
firewall rules into its own chains. Note that with this change the
<code>filter</code>, <code>nat</code> and <code>mangle</code> tables
are required for both <code>IPv4</code> and <code>IPv6</code>.
</description>
</change>
<change>
<summary>
Detect CEPH and GPFS as shared FS
</summary>
<description>
When starting a migration libvirt performs some sanity checks
to make sure domain will be able to run on the destination.
One of the requirements is that the disk has to either be
migrated too or be accessible from a network filesystem. CEPH
and GPFS weren't detected as a network filesystem.
</description>
</change>
<change>
<summary>
Advertise network MTU via DHCP when specified
</summary>
<description>
If network MTU is set and the network has DHCP enabled,
advertise the MTU in DHCP transaction too so that clients can
adjust their link accordingly.
</description>
</change>
<change>
<summary>
qemu: Allocate memory at the configured NUMA nodes from start
</summary>
<description>
Libvirt used to just start QEMU, let it allocate memory for
the guest, and then use CGroups to move the memory to
configured NUMA nodes. This is suboptimal as huge chunks of
memory have to be moved. Moreover, this relies on ability to
move memory later which is not always true. A change was made
to set process affinity correctly from the start so that memory
is allocated on the configured nodes from the beginning.
</description>
</change>
<change>
<summary>
Support for newer Wireshark
</summary>
<description>
Adapt libvirt to use the more recent release requiring a
source build configuration of libvirt
<code>--with-wireshark</code> to upgrade to the more recent
version.
</description>
</change>
<change>
<summary>
Batch mode virsh and virt-admin parsing improvements
</summary>
<description>
When parsing a single-argument command_string in batch mode,
virsh and virt-admin now permit newlines in addition to
semicolons for splitting commands, and backslash-newline for
splitting long lines, to be more like shell parsing.
</description>
</change>
</section>
<section title="Bug fixes">
<change>
<summary>
qemu: Use CAP_DAC_OVERRIDE during QEMU capabilities probing
</summary>
<description>
By default, libvirt runs the QEMU process as <code>qemu:qemu</code>
which could cause issues during probing as some features like AMD SEV
might be inaccessible to QEMU because of file system permissions.
Therefore, <code>CAP_DAC_OVERRIDE</code> is granted to overcome these
for the purposes of probing.
</description>
</change>
<change>
<summary>
storage: Add default mount options for fs/netfs storage pools
</summary>
<description>
Altered the command line generation for fs/netfs storage pools to
add some default options. For Linux based systems, the options
added are "nodev, nosuid, noexec". For FreeBSD based systems,
the options added are "nosuid, noexec".
</description>
</change>
<change>
<summary>
qemu: Allow use of PCI for RISC-V guests
</summary>
<description>
This works with QEMU 4.0.0+ only and is opt-in at the moment, since
it requires users to manually assign PCI addresses, but is otherwise
fully functional.
</description>
</change>
<change>
<summary>
network: Fix virtual networks on systems using firewalld+nftables
</summary>
<description>
Because of the transitional state of firewalld's new support
for nftables, not all iptables features required by libvirt
are yet available, so libvirt must continue to use iptables
for its own packet filtering rules even when the firewalld
backend is set to use nftables. However, due to the way
iptables support is implemented in kernels using nftables
(iptables rules are converted to nftables rules and
processed in a separate hook from the native nftables
rules), guest networking was broken on hosts with firewalld
configured to use nftables as the backend. This has been
fixed by putting libvirt-managed bridges in their own
firewalld zone, so that guest traffic can be forwarded
beyond the host and host services can be exposed to guests
on the virtual network without opening up those same
services to the rest of the physical network. This means
that host access from virtual machines is no longer
controlled by the firewalld default zone (usually "public"),
but rather by the new firewalld zone called "libvirt"
(unless configured otherwise using the new zone
attribute of the network bridge element).
</description>
</change>
<change>
<summary>
qemu: Fix i6300esb watchdog hotplug on Q35
</summary>
<description>
Ensure that libvirt allocates a PCI address for the device so
that QEMU did not default to an address that would not allow
for device hotplug.
</description>
</change>
<change>
<summary>
lxc: Don't reboot host on virDomainReboot
</summary>
<description>
If the container is really a simple one (init is just bash and
the whole root is passed through) then virDomainReboot and
virDomainShutdown would reboot or shutdown the host. The
solution is to use different method to reboot or shutdown the
container in that case (e.g. signal).
</description>
</change>
<change>
<summary>
rpc: Various stream fixes
</summary>
<description>
One particular race was fixed, one locking problem and error
reporting from streams was made better.
</description>
</change>
<change>
<summary>
qemu: Fix guestfwd hotplug/hotunplug
</summary>
<description>
Fixed the generation of the guestfwd hotplug/unplug command
sent to QEMU to match the syntax used when creating the
initial command line.
</description>
</change>
<change>
<summary>
qemu: Forbid CDROMs on virtio bus
</summary>
<description>
Attempting to create an empty virtio-blk drive or attempting
to eject it results into an error. Forbid configurations
where users would attempt to use CDROMs in virtio bus.
</description>
</change>
<change>
<summary>
qemu: Use 'raw' for 'volume' disks without format
</summary>
<description>
Storage pools might want to specify format of the image when
translating the volume thus libvirt can't add any default
format when parsing the XML. Add an explicit format when
starting the VM and format is not present neither by user
specifying it nor by the storage pool translation function.
</description>
</change>
<change>
<summary>
qemu: Assume 'raw' default storage format also for network storage
</summary>
<description>
Post parse callback adds the 'raw' type only for local files.
Remote files can also have backing store (even local) so we
should do this also for network backed storage.
</description>
</change>
<change>
<summary>
qemu: Fix block job progress reporting and advocate for READY event
</summary>
<description>
In some cases QEMU can get to 100% and still not reach the
synchronised phase. Initiating a pivot in that case will fail.
Therefore it is strongly advised to wait for
<code>VIR_DOMAIN_BLOCK_JOB_READY</code> event which does not
suffer from this problem.
</description>
</change>
<change>
<summary>
qemu: Don't format image properties for empty drive
</summary>
<description>
If a <code>-drive</code> has no image, then formatting
attributes such as cache, readonly, etc. would cause errors to
be reported from QEMU. This was fixed by not supplying the
attributes for devices without an image.
</description>
</change>
<change>
<summary>
External snapshot metadata redefinition is fixed
</summary>
<description>
Attempting to use VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE to
reinstate the metadata describing an external snapshot
created earlier for an offline domain no longer fails.
</description>
</change>
</section>
</release>
<release version="v5.0.0" date="2019-01-15">
<section title="New features">
<change>
<summary>
Xen: Add support for openvswitch
</summary>
<description>
The libxl driver now supports virtual interfaces that connect to
an openvswitch bridge, including interfaces with VLAN tagging and
trunking configuration.
</description>
</change>
<change>
<summary>
qemu: Report whether KVM nesting is available
</summary>
<description>
Running nested KVM guests requires specific configuration steps to
be performed on the host; libvirt will now report in the host
capabilities whether KVM nesting support is available.
</description>
</change>
</section>
<section title="Removed features">
<change>
<summary>
Drop UML driver
</summary>
<description>
The UML driver was unmaintained and not tested for
quite some time now. Worse, there is a bug that causes
it to deadlock on some very basic operations (e.g.
dumping domain XML). These facts make us believe no one
uses it.
</description>
</change>
</section>
<section title="Improvements">
<change>
<summary>
qemu: Add support for ARMv6l guests
</summary>
</change>
<change>
<summary>
Support more NVDIMM configuration options
</summary>
<description>
Introduce more configuration options. For the source element, add
the 'alignsize' and 'pmem' subelements. For the target element, add
the 'readonly' subelement.
</description>
</change>
<change>
<summary>
cpu: Add support for "stibp" x86_64 feature
</summary>
<description>
Add cpu flag stibp (Single Thread Indirect Branch Predictors) to
prevent indirect branch predictions from being controlled by the
sibling Hyperthread.
</description>
</change>
<change>
<summary>
libxl: Handle external domain destroy
</summary>
<description>
Historically, if a domain was destroyed using <code>xl</code>
rather than through libvirt APIs, libvirt would not be aware of
the fact and keep considering it as running. This is no longer the
case.
</description>
</change>
<change>
<summary>
Start selecting the first available DRI device for OpenGL operations
</summary>
<description>
If OpenGL support is needed (either with SPICE gl enabled or with
egl-headless), libvirt is now able to pick the first available DRI
device for the job. At the same time, this improvement is also a
bugfix as it prevents permission-related issues with regards to our
mount namespaces and the default DRI render node's permissions which
would normally prevent QEMU from accessing such a device.
</description>
</change>
<change>
<summary>
qemu: Add support for postcopy-requests migration statistics
</summary>
<description>
The <code>virDomainJobInfo</code> can get number page requests
received from the destination host during post-copy migration.
</description>
</change>
</section>
<section title="Bug fixes">
<change>
<summary>
lxc: Don't forbid interfaces with type=direct
</summary>
<description>
Such interfaces are supported by lxc and should be allowed.
</description>
</change>
<change>
<summary>
qemu: Fully clean up RNG devices on detach
</summary>
<description>
Some RNG device types, such as those using EGD, might need extra
clean up on the host in addition to removing the guest-side device.
</description>
</change>
</section>
</release>
<release version="v4.10.0" date="2018-12-03">
<section title="New features">
<change>
<summary>
qemu: Add Hyper-V PV IPI and Enlightened VMCS support
</summary>
<description>
The QEMU driver now has support for Hyper-V PV IPI and Enlightened VMCS
for Windows and Hyper-V guests.
</description>
</change>
<change>
<summary>
qemu: Added support for PCI devices on S390
</summary>
<description>
PCI addresses can now include the new zpci element which contains
uid (user-defined identifier) and fid (PCI function identifier)
attributes and makes the corresponding devices usable by S390
guests.
</description>
</change>
<change>
<summary>
Support changing IOThread polling parameters for a live guest
</summary>
<description>
Introduced virDomainSetIOThreadParams which allows dynamically
setting the IOThread polling parameters used by QEMU to manage
the thread polling interval and the algorithm for growth or
shrink of the polling time. The values only affect a running
guest with IOThreads. The guest's IOThread polling values can
be viewed via the domain statistics.
</description>
</change>
<change>
<summary>
Xen: Add support for PVH
</summary>
<description>
The libxl driver now supports Xen's PVH virtual machine type.
PVH machines are enabled with the new "xenpvh" OS type, e.g.
<code>&lt;os&gt;&lt;type&gt;xenpvh&lt;/type&gt;&lt;/os&gt;</code>
</description>
</change>
<change>
<summary>
qemu: Added support for CMT (Cache Monitoring Technology)
</summary>
<description>
Introduced cache monitoring using the <code>monitor</code>
element in <code>cachetune</code> for vCPU threads. Added
interfaces to get and display the cache utilization statistics
through the command 'virsh domstats' via the
virConnectGetAllDomainStats API.
</description>
</change>
<change>
<summary>
qemu: Add support for nested HV for pSeries guests
</summary>
<description>
Nested HV support makes it possible to run nested (L2) guests
with minimal performance penalty when compared to regular (L1)
guests on ppc64 hardware.
</description>
</change>
</section>
<section title="Improvements">
</section>
<section title="Bug fixes">
<change>
<summary>
Xen: Handle soft reset shutdown event
</summary>
<description>
The pvops Linux kernel uses soft reset to handle the crash
machine operation. The libxl driver now supports the soft
reset shutdown event, allowing proper crash handling of
pvops-based HVM domains.
</description>
</change>
</section>
</release>
<release version="v4.9.0" date="2018-11-04">
<section title="New features">
<change>

1
docs/page.xsl
View File

@@ -175,6 +175,7 @@
<h3>Community</h3>
<ul>
<li><a href="https://twitter.com/hashtag/libvirt">twitter</a></li>
<li><a href="https://plus.google.com/communities/109522598353007505282">google+</a></li>
<li><a href="http://stackoverflow.com/questions/tagged/libvirt">stackoverflow</a></li>
<li><a href="http://serverfault.com/questions/tagged/libvirt">serverfault</a></li>
</ul>

3
docs/reformat-news.py
View File

@@ -17,6 +17,9 @@
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
# Authors:
# Andrea Bolognani <abologna@redhat.com>
from __future__ import print_function

34
docs/schemas/basictypes.rng
View File

@@ -65,17 +65,6 @@
</data>
</choice>
</define>
<define name="uint32">
<choice>
<data type="string">
<param name="pattern">(0x)?[0-9a-fA-F]{1,8}</param>
</data>
<data type="unsignedInt">
<param name="minInclusive">0</param>
<param name="maxInclusive">4294967295</param>
</data>
</choice>
</define>
<define name="UUID">
<choice>
@@ -122,22 +111,6 @@
</attribute>
</optional>
</define>
<define name="zpciaddress">
<optional>
<element name="zpci">
<optional>
<attribute name="uid">
<ref name="uint16"/>
</attribute>
</optional>
<optional>
<attribute name="fid">
<ref name="uint32"/>
</attribute>
</optional>
</element>
</optional>
</define>
<!-- a 6 byte MAC address in ASCII-hex format, eg "12:34:56:78:9A:BC" -->
<!-- The lowest bit of the 1st byte is the "multicast" bit. a -->
@@ -279,12 +252,6 @@
</data>
</define>
<define name="zoneName">
<data type="string">
<param name="pattern">[a-zA-Z0-9_\-]+</param>
</data>
</define>
<define name="filePath">
<data type="string">
<param name="pattern">.+</param>
@@ -412,7 +379,6 @@
<choice>
<value>aarch64</value>
<value>alpha</value>
<value>armv6l</value>
<value>armv7l</value>
<value>cris</value>
<value>i686</value>

4
docs/schemas/capability.rng
View File

@@ -412,7 +412,7 @@
but is also used by phyp driver -->
<value>hvm</value> <!-- unmodified OS -->
<value>exe</value> <!-- For container based virt -->
<value>uml</value> <!-- user mode linux; NOT USED ANYMORE -->
<value>uml</value> <!-- user mode linux -->
</choice>
</element>
</define>
@@ -484,7 +484,7 @@
<value>kqemu</value>
<value>kvm</value>
<value>xen</value>
<value>uml</value> <!-- NOT USED ANYMORE -->
<value>uml</value>
<value>lxc</value>
<value>openvz</value>
<value>test</value>

20
docs/schemas/domaincaps.rng
View File

@@ -142,18 +142,12 @@
<define name='devices'>
<element name='devices'>
<optional>
<interleave>
<ref name='disk'/>
</optional>
<optional>
<ref name='graphics'/>
</optional>
<optional>
<ref name='video'/>
</optional>
<optional>
<ref name='hostdev'/>
</optional>
</interleave>
</element>
</define>
@@ -187,18 +181,12 @@
<define name='features'>
<element name='features'>
<optional>
<interleave>
<ref name='gic'/>
</optional>
<optional>
<ref name='vmcoreinfo'/>
</optional>
<optional>
<ref name='vmgenid'/>
</optional>
<optional>
<ref name='sev'/>
</optional>
</interleave>
</element>
</define>

200
docs/schemas/domaincommon.rng
View File

@@ -81,9 +81,6 @@
<optional>
<ref name='launchSecurity'/>
</optional>
<optional>
<ref name='bhyvecmdline'/>
</optional>
</interleave>
</element>
</define>
@@ -207,7 +204,7 @@
<value>kvm</value>
<value>xen</value>
<value>lxc</value>
<value>uml</value> <!-- NOT USED ANYMORE -->
<value>uml</value>
<value>openvz</value>
<value>test</value>
<value>vmware</value>
@@ -256,14 +253,6 @@
</optional>
<element name="os">
<interleave>
<optional>
<attribute name="firmware">
<choice>
<value>bios</value>
<value>efi</value>
</choice>
</attribute>
</optional>
<ref name="ostypehvm"/>
<optional>
<element name="loader">
@@ -291,9 +280,7 @@
</choice>
</attribute>
</optional>
<optional>
<ref name="absFilePath"/>
</optional>
<ref name="absFilePath"/>
</element>
</optional>
<optional>
@@ -354,14 +341,12 @@
<choice>
<value>xenpv</value>
<value>xenfv</value>
<value>xenpvh</value>
</choice>
</attribute>
</optional>
<choice>
<value>xen</value>
<value>linux</value>
<value>xenpvh</value>
</choice>
</element>
</define>
@@ -670,7 +655,6 @@
<choice>
<value>file</value>
<value>anonymous</value>
<value>memfd</value>
</choice>
</attribute>
</element>
@@ -972,7 +956,7 @@
<attribute name="vcpus">
<ref name='cpuset'/>
</attribute>
<zeroOrMore>
<oneOrMore>
<element name="cache">
<attribute name="id">
<ref name='unsignedInt'/>
@@ -996,17 +980,7 @@
</attribute>
</optional>
</element>
</zeroOrMore>
<zeroOrMore>
<element name="monitor">
<attribute name="level">
<ref name='unsignedInt'/>
</attribute>
<attribute name="vcpus">
<ref name='cpuset'/>
</attribute>
</element>
</zeroOrMore>
</oneOrMore>
</element>
</zeroOrMore>
<zeroOrMore>
@@ -1519,15 +1493,6 @@
</interleave>
</group>
</choice>
<optional>
<attribute name="model">
<choice>
<value>virtio</value>
<value>virtio-transitional</value>
<value>virtio-non-transitional</value>
</choice>
</attribute>
</optional>
<optional>
<ref name="snapshot"/>
</optional>
@@ -1929,7 +1894,7 @@
<value>virtio</value>
<value>xen</value>
<value>usb</value>
<value>uml</value> <!-- NOT USED ANYMORE -->
<value>uml</value>
<value>sata</value>
<value>sd</value>
</choice>
@@ -2166,8 +2131,6 @@
<value>ibmvscsi</value>
<value>virtio-scsi</value>
<value>lsisas1078</value>
<value>virtio-transitional</value>
<value>virtio-non-transitional</value>
</choice>
</attribute>
</optional>
@@ -2325,15 +2288,6 @@
<attribute name="type">
<value>virtio-serial</value>
</attribute>
<optional>
<attribute name="model">
<choice>
<value>virtio</value>
<value>virtio-transitional</value>
<value>virtio-non-transitional</value>
</choice>
</attribute>
</optional>
<optional>
<attribute name="ports">
<ref name="unsignedInt"/>
@@ -2345,17 +2299,6 @@
</attribute>
</optional>
</group>
<!-- xenbus has an optional attribute "maxGrantFrames" -->
<group>
<attribute name="type">
<value>xenbus</value>
</attribute>
<optional>
<attribute name="maxGrantFrames">
<ref name="unsignedInt"/>
</attribute>
</optional>
</group>
</choice>
<optional>
<element name="driver">
@@ -2534,15 +2477,6 @@
</element>
</optional>
</interleave>
<optional>
<attribute name="model">
<choice>
<value>virtio</value>
<value>virtio-transitional</value>
<value>virtio-non-transitional</value>
</choice>
</attribute>
</optional>
</element>
</define>
<define name="fsDriver">
@@ -2818,7 +2752,7 @@
<ref name="usbAddr"/>
</attribute>
<attribute name="device">
<ref name="usbAddr"/>
<ref name="usbPort"/>
</attribute>
</group>
</choice>
@@ -3471,20 +3405,9 @@
</attribute>
</optional>
</group>
<group>
<attribute name="type">
<value>egl-headless</value>
</attribute>
<optional>
<element name="gl">
<optional>
<attribute name="rendernode">
<ref name="absFilePath"/>
</attribute>
</optional>
</element>
</optional>
</group>
<attribute name="type">
<value>egl-headless</value>
</attribute>
</choice>
</element>
</define>
@@ -3778,7 +3701,7 @@
<choice>
<value>xen</value>
<value>serial</value>
<value>uml</value> <!-- NOT USED ANYMORE -->
<value>uml</value>
<value>virtio</value>
<value>lxc</value>
<value>openvz</value>
@@ -4125,8 +4048,6 @@
<attribute name="model">
<choice>
<value>virtio</value>
<value>virtio-transitional</value>
<value>virtio-non-transitional</value>
<value>xen</value>
<value>none</value>
</choice>
@@ -4336,11 +4257,7 @@
<element name="vsock">
<optional>
<attribute name="model">
<choice>
<value>virtio</value>
<value>virtio-transitional</value>
<value>virtio-non-transitional</value>
</choice>
<value>virtio</value>
</attribute>
</optional>
<interleave>
@@ -4441,15 +4358,6 @@
</element>
</group>
</choice>
<optional>
<attribute name="model">
<choice>
<value>virtio</value>
<value>virtio-transitional</value>
<value>virtio-non-transitional</value>
</choice>
</attribute>
</optional>
<optional>
<ref name="alias"/>
</optional>
@@ -4686,15 +4594,6 @@
<attribute name="type">
<value>scsi_host</value>
</attribute>
<optional>
<attribute name="model">
<choice>
<value>virtio</value>
<value>virtio-transitional</value>
<value>virtio-non-transitional</value>
</choice>
</attribute>
</optional>
<element name="source">
<choice>
<group>
@@ -4786,7 +4685,7 @@
<ref name="usbAddr"/>
</attribute>
<attribute name="device">
<ref name="usbAddr"/>
<ref name="usbPort"/>
</attribute>
</element>
</define>
@@ -5066,14 +4965,6 @@
<ref name="featurestate"/>
</element>
</optional>
<optional>
<element name="nested-hv">
<ref name="featurestate"/>
</element>
</optional>
<optional>
<ref name="msrs"/>
</optional>
</interleave>
</element>
</optional>
@@ -5322,17 +5213,6 @@
</element>
</define>
<define name="msrs">
<element name="msrs">
<attribute name="unknown">
<choice>
<value>ignore</value>
<value>fault</value>
</choice>
</attribute>
</element>
</define>
<define name="address">
<element name="address">
<choice>
@@ -5341,7 +5221,6 @@
<value>pci</value>
</attribute>
<ref name="pciaddress"/>
<ref name="zpciaddress"/>
</group>
<group>
<attribute name="type">
@@ -5475,21 +5354,9 @@
</interleave>
</group>
<group>
<interleave>
<element name="path">
<ref name="absFilePath"/>
</element>
<optional>
<element name="alignsize">
<ref name="scaledInteger"/>
</element>
</optional>
<optional>
<element name="pmem">
<empty/>
</element>
</optional>
</interleave>
<element name="path">
<ref name="absFilePath"/>
</element>
</group>
</choice>
</element>
@@ -5513,11 +5380,6 @@
</element>
</element>
</optional>
<optional>
<element name="readonly">
<empty/>
</element>
</optional>
</interleave>
</element>
</define>
@@ -5525,11 +5387,7 @@
<define name="rng">
<element name="rng">
<attribute name="model">
<choice>
<value>virtio</value>
<value>virtio-transitional</value>
<value>virtio-non-transitional</value>
</choice>
<value>virtio</value>
</attribute>
<interleave>
<ref name="rng-backend"/>
@@ -5593,8 +5451,6 @@
<attribute name="iommu">
<ref name="virOnOff"/>
</attribute>
</optional>
<optional>
<attribute name="ats">
<ref name="virOnOff"/>
</attribute>
@@ -5913,16 +5769,6 @@
<ref name="featurestate"/>
</element>
</optional>
<optional>
<element name="ipi">
<ref name="featurestate"/>
</element>
</optional>
<optional>
<element name="evmcs">
<ref name="featurestate"/>
</element>
</optional>
</interleave>
</element>
</define>
@@ -6222,20 +6068,6 @@
</element>
</define>
<!--
Optional hypervisor extensions in their own namespace:
Bhyve
-->
<define name="bhyvecmdline">
<element name="commandline" ns="http://libvirt.org/schemas/domain/bhyve/1.0">
<zeroOrMore>
<element name="arg">
<attribute name='value'/>
</element>
</zeroOrMore>
</element>
</define>
<!--
Type library
-->

6
docs/schemas/network.rng
View File

@@ -58,12 +58,6 @@
</attribute>
</optional>
<optional>
<attribute name="zone">
<ref name="zoneName"/>
</attribute>
</optional>
<optional>
<attribute name="stp">
<ref name="virOnOff"/>

7
docs/schemas/nodedev.rng
View File

@@ -133,13 +133,6 @@
<value>pci</value>
</attribute>
<optional>
<element name='class'>
<data type="string">
<param name="pattern">0x[0-9a-fA-F]{6}</param>
</data>
</element>
</optional>
<element name='domain'>
<ref name='unsignedLong'/>
</element>

11
docs/schemas/storagecommon.rng
View File

@@ -24,7 +24,9 @@
</choice>
</attribute>
<interleave>
<ref name='secret'/>
<zeroOrMore>
<ref name='secret'/>
</zeroOrMore>
<optional>
<element name='cipher'>
<ref name='keycipher'/>
@@ -236,11 +238,4 @@
</optional>
</define>
<define name='refreshVolumeAllocation'>
<choice>
<value>default</value>
<value>capacity</value>
</choice>
</define>
</grammar>

76
docs/schemas/storagepool.rng
View File

@@ -52,9 +52,6 @@
<ref name='sourcefs'/>
<ref name='target'/>
</interleave>
<optional>
<ref name='fs_mount_opts'/>
</optional>
</define>
<define name='poolnetfs'>
@@ -67,9 +64,6 @@
<ref name='sourcenetfs'/>
<ref name='target'/>
</interleave>
<optional>
<ref name='fs_mount_opts'/>
</optional>
</define>
<define name='poollogical'>
@@ -155,11 +149,7 @@
<ref name='commonMetadataNameOptional'/>
<ref name='sizing'/>
<ref name='sourcerbd'/>
<ref name='refresh'/>
</interleave>
<optional>
<ref name='rbd_config_opts'/>
</optional>
</define>
<define name='poolsheepdog'>
@@ -541,13 +531,6 @@
<ref name='sourceinfohost'/>
<ref name='sourceinfodir'/>
<ref name='sourcefmtnetfs'/>
<optional>
<element name='protocol'>
<attribute name='ver'>
<ref name='unsignedInt'/>
</attribute>
</element>
</optional>
<optional>
<ref name='sourceinfovendor'/>
</optional>
@@ -692,63 +675,4 @@
</data>
</define>
<define name='refresh'>
<optional>
<element name='refresh'>
<interleave>
<ref name='refreshVolume'/>
</interleave>
</element>
</optional>
</define>
<define name='refreshVolume'>
<optional>
<element name='volume'>
<optional>
<attribute name='allocation'>
<ref name="refreshVolumeAllocation"/>
</attribute>
</optional>
</element>
</optional>
</define>
<!--
Optional storage pool extensions in their own namespace:
"fs" or "netfs"
-->
<define name="fs_mount_opts">
<element name="mount_opts" ns="http://libvirt.org/schemas/storagepool/fs/1.0">
<zeroOrMore>
<element name="option">
<attribute name='name'>
<text/>
</attribute>
</element>
</zeroOrMore>
</element>
</define>
<!--
Optional storage pool extensions in their own namespace:
RBD
-->
<define name="rbd_config_opts">
<element name="config_opts" ns="http://libvirt.org/schemas/storagepool/rbd/1.0">
<zeroOrMore>
<element name="option">
<attribute name='name'>
<text/>
</attribute>
<attribute name='value'>
<text/>
</attribute>
</element>
</zeroOrMore>
</element>
</define>
</grammar>

88
docs/schemas/storagepoolcaps.rng
View File

@@ -1,88 +0,0 @@
<?xml version="1.0"?>
<!-- A Relax NG schema for the libvirt storage pool capabilities XML format -->
<grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
<include href='basictypes.rng'/>
<start>
<ref name='storagepoolCapabilities'/>
</start>
<define name='storagepoolCapabilities'>
<element name='storagepoolCapabilities'>
<zeroOrMore>
<ref name='poolCapsType'/>
</zeroOrMore>
</element>
</define>
<define name='poolCapsType'>
<element name='pool'>
<ref name='poolCapsTypes'/>
<ref name='poolCapsSupported'/>
<optional>
<ref name='poolCapsPoolOptions'/>
</optional>
<optional>
<ref name='poolCapsVolOptions'/>
</optional>
</element>
</define>
<define name='poolCapsTypes'>
<attribute name='type'>
<text/>
</attribute>
</define>
<define name='poolCapsSupported'>
<attribute name='supported'>
<ref name="virYesNo"/>
</attribute>
</define>
<define name='poolCapsPoolOptions'>
<element name='poolOptions'>
<optional>
<ref name='poolDefaultFormat'/>
</optional>
<optional>
<ref name='poolCapsEnum'/>
</optional>
</element>
</define>
<define name='poolCapsVolOptions'>
<element name='volOptions'>
<ref name='poolDefaultFormat'/>
<ref name='poolCapsEnum'/>
</element>
</define>
<define name='poolDefaultFormat'>
<element name='defaultFormat'>
<attribute name='type'>
<text/>
</attribute>
</element>
</define>
<define name='poolCapsEnum'>
<zeroOrMore>
<element name='enum'>
<attribute name='name'>
<text/>
</attribute>
<ref name='value'/>
</element>
</zeroOrMore>
</define>
<define name='value'>
<zeroOrMore>
<element name='value'>
<text/>
</element>
</zeroOrMore>
</define>
</grammar>

16
docs/storage.html.in
View File

@@ -437,9 +437,9 @@
<h2><a id="StorageBackendISCSIDirect">iSCSI direct pool</a></h2>
<p>
This is a variant of the iSCSI pool. Instead of using iscsiadm, it uses
This is a variant of the iSCSI pool. Instead of unsing iscsiadm, it uses
libiscsi.
It requires a host, a path which is the target IQN, and an initiator IQN.
It require a host, a path which is the target iqn and an initiator iqn.
</p>
<h3>Example pool input</h3>
@@ -457,12 +457,12 @@
<h3>Valid pool format types</h3>
<p>
The iSCSI direct volume pool does not use the pool format type element.
The iSCSI volume pool does not use the pool format type element.
</p>
<h3>Valid volume format types</h3>
<p>
The iSCSI direct volume pool does not use the volume format type element.
The iSCSI volume pool does not use the volume format type element.
</p>
<h2><a id="StorageBackendSCSI">SCSI pool</a></h2>
@@ -782,7 +782,7 @@
The ZFS volume pool does not use the pool format type element.
</p>
<h3>Valid volume format types</h3>
<h3>Valid pool format types</h3>
<p>
The ZFS volume pool does not use the volume format type element.
</p>
@@ -810,12 +810,6 @@
&lt;path&gt;/mnt/clustername&lt;/path&gt;
&lt;/target&gt;
&lt;/pool&gt;</pre>
<h3>Valid pool format types</h3>
<p>
The Vstorage volume pool does not use the pool format type element.
</p>
<h3>Valid volume format types</h3>
<p>The valid volume types are the same as for the directory pool.</p>
</body>

44
examples/Makefile.am
View File

@@ -19,6 +19,12 @@
FILTERS = $(wildcard $(srcdir)/xml/nwfilter/*.xml)
EXTRA_DIST = \
apparmor/TEMPLATE.qemu \
apparmor/TEMPLATE.lxc \
apparmor/libvirt-qemu \
apparmor/libvirt-lxc \
apparmor/usr.lib.libvirt.virt-aa-helper \
apparmor/usr.sbin.libvirtd \
lxcconvert/virt-lxc-convert \
polkit/libvirt-acl.rules \
$(wildcard $(srcdir)/systemtap/*.stp) \
@@ -27,10 +33,10 @@ EXTRA_DIST = \
$(wildcard $(srcdir)/xml/test/*.xml)
AM_CPPFLAGS = \
-I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)
LDADD = $(STATIC_BINARIES) $(WARN_CFLAGS) \
$(top_builddir)/src/libvirt.la \
INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) \
-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib
LDADD = $(STATIC_BINARIES) $(WARN_CFLAGS) $(COVERAGE_LDFLAGS) \
$(top_builddir)/src/libvirt.la $(top_builddir)/gnulib/lib/libgnu.la \
$(top_builddir)/src/libvirt-admin.la
noinst_PROGRAMS=dominfo/info1 dommigrate/dommigrate domsuspend/suspend \
@@ -64,6 +70,36 @@ admin_logging_SOURCES = admin/logging.c
INSTALL_DATA_LOCAL =
UNINSTALL_LOCAL =
if WITH_APPARMOR_PROFILES
apparmordir = $(sysconfdir)/apparmor.d/
apparmor_DATA = \
apparmor/usr.lib.libvirt.virt-aa-helper \
apparmor/usr.sbin.libvirtd \
$(NULL)
abstractionsdir = $(apparmordir)/abstractions
abstractions_DATA = \
apparmor/libvirt-qemu \
apparmor/libvirt-lxc \
$(NULL)
templatesdir = $(apparmordir)/libvirt
templates_DATA = \
apparmor/TEMPLATE.qemu \
apparmor/TEMPLATE.lxc \
$(NULL)
APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
install-apparmor-local:
$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
echo "# Site-specific additions and overrides for \
'usr.lib.libvirt.virt-aa-helper'" \
>$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper
INSTALL_DATA_LOCAL += install-apparmor-local
UNINSTALL_LOCAL += uninstall-apparmor-local
endif WITH_APPARMOR_PROFILES
if WITH_NWFILTER
NWFILTER_DIR = "$(DESTDIR)$(sysconfdir)/libvirt/nwfilter"

8
examples/admin/client_close.c
View File

@@ -1,7 +1,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <libvirt/libvirt.h>
#include <libvirt/libvirt-admin.h>
#include<stdio.h>
#include<stdlib.h>
#include<libvirt/libvirt.h>
#include<libvirt/libvirt-admin.h>
int main(void)
{

16
examples/admin/client_info.c
View File

@@ -1,9 +1,9 @@
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include <libvirt/libvirt-admin.h>
#include<stdio.h>
#include<stdlib.h>
#include<time.h>
#include<string.h>
#include<libvirt/libvirt-admin.h>
static const char *
exampleTransportToString(int transport)
@@ -30,13 +30,9 @@ exampleGetTimeStr(time_t then)
{
char *ret = NULL;
struct tm timeinfo;
struct tm *timeinfop;
/* localtime_r() is smarter, but since mingw lacks it and this
* example is single-threaded, we can get away with localtime */
if (!(timeinfop = localtime(&then)))
if (!localtime_r(&then, &timeinfo))
return NULL;
timeinfo = *timeinfop;
if (!(ret = calloc(64, sizeof(char))))
return NULL;

6
examples/admin/client_limits.c
View File

@@ -1,6 +1,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <libvirt/libvirt-admin.h>
#include<stdio.h>
#include<stdlib.h>
#include<libvirt/libvirt-admin.h>
int main(int argc, char **argv)
{

14
examples/admin/list_clients.c
View File

@@ -1,7 +1,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <libvirt/libvirt-admin.h>
#include<stdio.h>
#include<stdlib.h>
#include<time.h>
#include<libvirt/libvirt-admin.h>
static const char *
exampleTransportToString(int transport)
@@ -28,13 +28,9 @@ exampleGetTimeStr(time_t then)
{
char *ret = NULL;
struct tm timeinfo;
struct tm *timeinfop;
/* localtime_r() is smarter, but since mingw lacks it and this
* example is single-threaded, we can get away with localtime */
if (!(timeinfop = localtime(&then)))
if (!localtime_r(&then, &timeinfo))
return NULL;
timeinfo = *timeinfop;
if (!(ret = calloc(64, sizeof(char))))
return NULL;

6
examples/admin/list_servers.c
View File

@@ -1,6 +1,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <libvirt/libvirt-admin.h>
#include<stdio.h>
#include<stdlib.h>
#include<libvirt/libvirt-admin.h>
int main(void)
{

13
examples/admin/logging.c
View File

@@ -1,10 +1,11 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include<stdio.h>
#include<stdlib.h>
#include<stdbool.h>
#include <unistd.h>
#include <libvirt/libvirt-admin.h>
#include <libvirt/virterror.h>
#include "config.h"
#include<unistd.h>
#include<libvirt/libvirt-admin.h>
#include<libvirt/virterror.h>
static void printHelp(const char *argv0)
{

6
examples/admin/threadpool_params.c
View File

@@ -1,6 +1,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <libvirt/libvirt-admin.h>
#include<stdio.h>
#include<stdlib.h>
#include<libvirt/libvirt-admin.h>
int main(int argc, char **argv)
{

0
src/security/apparmor/TEMPLATE.lxc → examples/apparmor/TEMPLATE.lxc
View File

0
src/security/apparmor/TEMPLATE.qemu → examples/apparmor/TEMPLATE.qemu
View File

0
src/security/apparmor/libvirt-lxc → examples/apparmor/libvirt-lxc
View File

3
src/security/apparmor/libvirt-qemu → examples/apparmor/libvirt-qemu
View File

@@ -16,15 +16,14 @@
network inet stream,
network inet6 stream,
ptrace (readby, tracedby) peer=libvirtd,
ptrace (readby, tracedby) peer=/usr/sbin/libvirtd,
signal (receive) peer=libvirtd,
signal (receive) peer=/usr/sbin/libvirtd,
/dev/net/tun rw,
/dev/kvm rw,
/dev/ptmx rw,
/dev/kqemu rw,
@{PROC}/*/status r,
# When qemu is signaled to terminate, it will read cmdline of signaling
# process for reporting purposes. Allowing read access to a process

3
src/security/apparmor/usr.lib.libvirt.virt-aa-helper → examples/apparmor/usr.lib.libvirt.virt-aa-helper
View File

@@ -19,9 +19,6 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
/etc/libnl-3/classid r,
# for gl enabled graphics
/dev/dri/{,*} r,
# for hostdev
/sys/devices/ r,
/sys/devices/** r,

7
src/security/apparmor/usr.sbin.libvirtd → examples/apparmor/usr.sbin.libvirtd
View File

@@ -2,7 +2,7 @@
#include <tunables/global>
@{LIBVIRT}="libvirt"
profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
/usr/sbin/libvirtd flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/dbus>
@@ -51,12 +51,10 @@ profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
ptrace (read,trace) peer=unconfined,
ptrace (read,trace) peer=@{profile_name},
ptrace (read,trace) peer=dnsmasq,
ptrace (read,trace) peer=/usr/sbin/libvirtd,
ptrace (read,trace) peer=/usr/sbin/dnsmasq,
ptrace (read,trace) peer=libvirt-*,
signal (send) peer=dnsmasq,
signal (send) peer=/usr/sbin/dnsmasq,
signal (read, send) peer=libvirt-*,
signal (send) set=("kill", "term") peer=unconfined,
@@ -123,7 +121,6 @@ profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
# For communication/control from libvirtd
unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
signal (receive) set=("term") peer=/usr/sbin/libvirtd,
signal (receive) set=("term") peer=libvirtd,
/dev/net/tun rw,
/etc/qemu/** r,

1
examples/dominfo/info1.c
View File

@@ -5,6 +5,7 @@
* hypervisor and extract domain information.
* usage: info1
* test: info1
* author: Daniel Veillard
* copy: see Copyright for the status of this software.
*/

5
examples/dommigrate/dommigrate.c
View File

@@ -18,6 +18,8 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com>
*/
#include <stdio.h>
@@ -79,7 +81,8 @@ main(int argc, char *argv[])
cleanup:
if (dom != NULL)
virDomainFree(dom);
virConnectClose(conn);
if (conn != NULL)
virConnectClose(conn);
out:
return ret;

4
examples/domsuspend/suspend.c
View File

@@ -17,8 +17,12 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Author: Michal Privoznik <mprivozn@redhat.com>
*/
#include <config.h>
#include <errno.h>
#include <getopt.h>
#include <libvirt/libvirt.h>

17
examples/domtop/domtop.c
View File

@@ -16,8 +16,12 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Author: Michal Privoznik <mprivozn@redhat.com>
*/
#include <config.h>
#include <errno.h>
#include <getopt.h>
#include <libvirt/libvirt.h>
@@ -241,8 +245,7 @@ print_cpu_usage(const char *dom_name,
if (delim)
printf("\t");
/* mingw lacks %zu */
printf("CPU%u: %.2lf", (unsigned)(cpu + i), usage);
printf("CPU%zu: %.2lf", cpu + i, usage);
delim = true;
}
@@ -266,6 +269,10 @@ do_top(virConnectPtr conn,
int max_id = 0;
int nparams = 0, then_nparams = 0, now_nparams = 0;
virTypedParameterPtr then_params = NULL, now_params = NULL;
struct sigaction action_stop;
memset(&action_stop, 0, sizeof(action_stop));
action_stop.sa_handler = stop;
/* Lookup the domain */
if (!(dom = virDomainLookupByName(conn, dom_name))) {
@@ -291,10 +298,8 @@ do_top(virConnectPtr conn,
goto cleanup;
}
/* The ideal program would use sigaction to set this handler, but
* this way is portable to mingw. */
signal(SIGTERM, stop);
signal(SIGINT, stop);
sigaction(SIGTERM, &action_stop, NULL);
sigaction(SIGINT, &action_stop, NULL);
run_top = true;
while (run_top) {

1
examples/lxcconvert/virt-lxc-convert
View File

@@ -17,6 +17,7 @@
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
# Author: Cedric Bosdonnat <cbosdonnat@suse.com>
handler_cleanup()
{

28
examples/object-events/event-test.c
View File

@@ -1,9 +1,13 @@
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <inttypes.h>
#include <verify.h>
#define VIR_ENUM_SENTINELS
#include <libvirt/libvirt.h>
@@ -13,14 +17,6 @@
#define STREQ(a, b) (strcmp(a, b) == 0)
#define NULLSTR(s) ((s) ? (s) : "<null>")
#if (4 < __GNUC__ + (6 <= __GNUC_MINOR__) \
&& (201112L <= __STDC_VERSION__ || !defined __STRICT_ANSI__) \
&& !defined __cplusplus)
# define verify(cond) _Static_assert(cond, "verify (" #cond ")")
#else
# define verify(cond)
#endif
#ifndef ATTRIBUTE_UNUSED
# define ATTRIBUTE_UNUSED __attribute__((__unused__))
#endif
@@ -948,11 +944,10 @@ myDomainEventBlockThresholdCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
unsigned long long excess,
void *opaque ATTRIBUTE_UNUSED)
{
/* Casts to uint64_t to work around mingw not knowing %lld */
printf("%s EVENT: Domain %s(%d) block threshold callback dev '%s'(%s), "
"threshold: '%" PRIu64 "', excess: '%" PRIu64 "'",
"threshold: '%llu', excess: '%llu'",
__func__, virDomainGetName(dom), virDomainGetID(dom),
dev, NULLSTR(path), (uint64_t)threshold, (uint64_t)excess);
dev, NULLSTR(path), threshold, excess);
return 0;
}
@@ -1147,8 +1142,13 @@ main(int argc, char **argv)
virConnectPtr dconn = NULL;
int callback1ret = -1;
int callback16ret = -1;
struct sigaction action_stop;
size_t i;
memset(&action_stop, 0, sizeof(action_stop));
action_stop.sa_handler = stop;
if (argc > 1 && STREQ(argv[1], "--help")) {
printf("%s uri\n", argv[0]);
goto cleanup;
@@ -1179,10 +1179,8 @@ main(int argc, char **argv)
goto cleanup;
}
/* The ideal program would use sigaction to set this handler, but
* this way is portable to mingw. */
signal(SIGTERM, stop);
signal(SIGINT, stop);
sigaction(SIGTERM, &action_stop, NULL);
sigaction(SIGINT, &action_stop, NULL);
printf("Registering event callbacks\n");

1
examples/systemtap/events.stp
View File

@@ -16,6 +16,7 @@
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
# Author: Daniel P. Berrange <berrange@redhat.com>
#
# This script will monitor all operation of the libvirt event loop
# in both client and server. Example output is:

1
examples/systemtap/lock-debug.stp
View File

@@ -16,6 +16,7 @@
#
# Debug RWLock mechanisms as well.
#
# Author: Martin Kletzander <mkletzan@redhat.com>
global mx_tolock

1
examples/systemtap/qemu-monitor.stp
View File

@@ -16,6 +16,7 @@
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
# Author: Daniel P. Berrange <berrange@redhat.com>
#
# This script will monitor all messages sent/received between libvirt
# and the QEMU monitor

1
examples/systemtap/rpc-monitor.stp
View File

@@ -16,6 +16,7 @@
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
# Author: Daniel P. Berrange <berrange@redhat.com>
#
# This script will monitor all RPC messages going in/out of libvirtd and
# any connected clients. Example output:

2
gnulib/lib/Makefile.am
View File

@@ -27,4 +27,4 @@ noinst_LTLIBRARIES =
include gnulib.mk
AM_CPPFLAGS = -I$(top_srcdir)
INCLUDES = -I$(top_srcdir) $(GETTEXT_CPPFLAGS)

2
gnulib/tests/Makefile.am
View File

@@ -18,6 +18,8 @@
include gnulib.mk
INCLUDES = $(GETTEXT_CPPFLAGS)
GNULIB_TESTS0 =
GNULIB_TESTS1 = $(GNULIB_TESTS)
if WITH_EXPENSIVE_TESTS

8
include/libvirt/libvirt-admin.h
View File

@@ -19,10 +19,12 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Author: Martin Kletzander <mkletzan@redhat.com>
*/
#ifndef LIBVIRT_ADMIN_H
# define LIBVIRT_ADMIN_H
#ifndef __VIR_ADMIN_H__
# define __VIR_ADMIN_H__
# ifdef __cplusplus
extern "C" {
@@ -422,4 +424,4 @@ int virAdmConnectSetLoggingFilters(virAdmConnectPtr conn,
}
# endif
#endif /* LIBVIRT_ADMIN_H */
#endif /* __VIR_ADMIN_H__ */

1
include/libvirt/libvirt-common.h.in
View File

@@ -3,6 +3,7 @@
* Summary: common macros and enums for the libvirt and libvirt-admin library
* Description: Provides common macros and enums needed by both libvirt and
* libvirt-admin libraries
* Author: Erik Skultety <eskultet@redhat.com>
*
* Copyright (C) 2015 Red Hat, Inc.
*

17
include/libvirt/libvirt-domain-snapshot.h
View File

@@ -2,6 +2,7 @@
* libvirt-domain-snapshot.h
* Summary: APIs for management of domain snapshots
* Description: Provides APIs for the management of domain snapshots
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2014 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_DOMAIN_SNAPSHOT_H
# define LIBVIRT_DOMAIN_SNAPSHOT_H
#ifndef __VIR_LIBVIRT_DOMAIN_SNAPSHOT_H__
# define __VIR_LIBVIRT_DOMAIN_SNAPSHOT_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -59,7 +60,7 @@ typedef enum {
VIR_DOMAIN_SNAPSHOT_CREATE_HALT = (1 << 3), /* Stop running guest
after snapshot */
VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY = (1 << 4), /* disk snapshot, not
full system */
system checkpoint */
VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT = (1 << 5), /* reuse any existing
external files */
VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE = (1 << 6), /* use guest agent to
@@ -78,10 +79,6 @@ virDomainSnapshotPtr virDomainSnapshotCreateXML(virDomainPtr domain,
const char *xmlDesc,
unsigned int flags);
typedef enum {
VIR_DOMAIN_SNAPSHOT_XML_SECURE = VIR_DOMAIN_XML_SECURE, /* dump security sensitive information too */
} virDomainSnapshotXMLFlags;
/* Dump the XML of a snapshot */
char *virDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot,
unsigned int flags);
@@ -135,10 +132,6 @@ typedef enum {
VIR_DOMAIN_SNAPSHOT_LIST_EXTERNAL = (1 << 9), /* Filter by snapshots
that use files external
to disk images */
VIR_DOMAIN_SNAPSHOT_LIST_TOPOLOGICAL = (1 << 10), /* Ensure parents occur
before children in
the resulting list */
} virDomainSnapshotListFlags;
/* Return the number of snapshots for this domain */
@@ -218,4 +211,4 @@ int virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
int virDomainSnapshotRef(virDomainSnapshotPtr snapshot);
int virDomainSnapshotFree(virDomainSnapshotPtr snapshot);
#endif /* LIBVIRT_DOMAIN_SNAPSHOT_H */
#endif /* __VIR_LIBVIRT_DOMAIN_SNAPSHOT_H__ */

101
include/libvirt/libvirt-domain.h
View File

@@ -2,6 +2,7 @@
* libvirt-domain.h
* Summary: APIs for management of domains
* Description: Provides APIs for the management of domains
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2015 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_DOMAIN_H
# define LIBVIRT_DOMAIN_H
#ifndef __VIR_LIBVIRT_DOMAIN_H__
# define __VIR_LIBVIRT_DOMAIN_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -144,8 +145,6 @@ typedef enum {
VIR_DOMAIN_SHUTOFF_FAILED = 6, /* domain failed to start */
VIR_DOMAIN_SHUTOFF_FROM_SNAPSHOT = 7, /* restored from a snapshot which was
* taken while domain was shutoff */
VIR_DOMAIN_SHUTOFF_DAEMON = 8, /* daemon decides to kill domain
during reconnection processing */
# ifdef VIR_ENUM_SENTINELS
VIR_DOMAIN_SHUTOFF_LAST
# endif
@@ -831,12 +830,6 @@ typedef enum {
*/
VIR_MIGRATE_TLS = (1 << 16),
/* Send memory pages to the destination host through several network
* connections. See VIR_MIGRATE_PARAM_PARALLEL_* parameters for
* configuring the parallel migration.
*/
VIR_MIGRATE_PARALLEL = (1 << 17),
} virDomainMigrateFlags;
@@ -909,15 +902,6 @@ typedef enum {
*/
# define VIR_MIGRATE_PARAM_BANDWIDTH "bandwidth"
/**
* VIR_MIGRATE_PARAM_BANDWIDTH_POSTCOPY:
*
* virDomainMigrate* params field: the maximum bandwidth (in MiB/s) that will
* be used for post-copy phase of a migration as VIR_TYPED_PARAM_ULLONG. If set
* to 0 or omitted, post-copy migration speed will not be limited.
*/
# define VIR_MIGRATE_PARAM_BANDWIDTH_POSTCOPY "bandwidth.postcopy"
/**
* VIR_MIGRATE_PARAM_GRAPHICS_URI:
*
@@ -1031,14 +1015,6 @@ typedef enum {
*/
# define VIR_MIGRATE_PARAM_AUTO_CONVERGE_INCREMENT "auto_converge.increment"
/**
* VIR_MIGRATE_PARAM_PARALLEL_CONNECTIONS:
*
* virDomainMigrate* params field: number of connections used during parallel
* migration. As VIR_TYPED_PARAM_INT.
*/
# define VIR_MIGRATE_PARAM_PARALLEL_CONNECTIONS "parallel.connections"
/* Domain migration. */
virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn,
unsigned long flags, const char *dname,
@@ -1085,12 +1061,6 @@ int virDomainMigrateSetCompressionCache(virDomainPtr domain,
unsigned long long cacheSize,
unsigned int flags);
/* Domain migration speed flags. */
typedef enum {
/* Set or get maximum speed of post-copy migration. */
VIR_DOMAIN_MIGRATE_MAX_SPEED_POSTCOPY = (1 << 0),
} virDomainMigrateMaxSpeedFlags;
int virDomainMigrateSetMaxSpeed(virDomainPtr domain,
unsigned long bandwidth,
unsigned int flags);
@@ -1233,7 +1203,6 @@ int virDomainRestoreFlags (virConnectPtr conn,
const char *dxml,
unsigned int flags);
/* See below for virDomainSaveImageXMLFlags */
char * virDomainSaveImageGetXMLDesc (virConnectPtr conn,
const char *file,
unsigned int flags);
@@ -1586,10 +1555,6 @@ typedef enum {
VIR_DOMAIN_XML_MIGRATABLE = (1 << 3), /* dump XML suitable for migration */
} virDomainXMLFlags;
typedef enum {
VIR_DOMAIN_SAVE_IMAGE_XML_SECURE = VIR_DOMAIN_XML_SECURE, /* dump security sensitive information too */
} virDomainSaveImageXMLFlags;
char * virDomainGetXMLDesc (virDomainPtr domain,
unsigned int flags);
@@ -1946,50 +1911,6 @@ int virDomainDelIOThread(virDomainPtr domain,
unsigned int iothread_id,
unsigned int flags);
/* IOThread set parameters */
/**
* VIR_DOMAIN_IOTHREAD_POLL_MAX_NS:
*
* The maximum polling time that can be used by polling algorithm in ns.
* The polling time starts at 0 (zero) and is the time spent by the guest
* to process IOThread data before returning the CPU to the host. The
* polling time will be dynamically modified over time based on the
* poll_grow and poll_shrink parameters provided. A value set too large
* will cause more CPU time to be allocated the guest. A value set too
* small will not provide enough cycles for the guest to process data.
* The polling interval is not available for statistical purposes.
*/
# define VIR_DOMAIN_IOTHREAD_POLL_MAX_NS "poll_max_ns"
/**
* VIR_DOMAIN_IOTHREAD_POLL_GROW:
*
* This provides a value for the dynamic polling adjustment algorithm to
* use to grow its polling interval up to the poll_max_ns value. A value
* of 0 (zero) allows the hypervisor to choose its own value. The algorithm
* to use for adjustment is hypervisor specific.
*/
# define VIR_DOMAIN_IOTHREAD_POLL_GROW "poll_grow"
/**
* VIR_DOMAIN_IOTHREAD_POLL_SHRINK:
*
* This provides a value for the dynamic polling adjustment algorithm to
* use to shrink its polling interval when the polling interval exceeds
* the poll_max_ns value. A value of 0 (zero) allows the hypervisor to
* choose its own value. The algorithm to use for adjustment is hypervisor
* specific.
*/
# define VIR_DOMAIN_IOTHREAD_POLL_SHRINK "poll_shrink"
int virDomainSetIOThreadParams(virDomainPtr domain,
unsigned int iothread_id,
virTypedParameterPtr params,
int nparams,
unsigned int flags);
/**
* VIR_USE_CPU:
* @cpumap: pointer to a bit map of real CPUs (in 8-bit bytes) (IN/OUT)
@@ -2127,7 +2048,6 @@ typedef enum {
VIR_DOMAIN_STATS_INTERFACE = (1 << 4), /* return domain interfaces info */
VIR_DOMAIN_STATS_BLOCK = (1 << 5), /* return domain block info */
VIR_DOMAIN_STATS_PERF = (1 << 6), /* return domain perf event info */
VIR_DOMAIN_STATS_IOTHREAD = (1 << 7), /* return iothread poll info */
} virDomainStatsTypes;
typedef enum {
@@ -2409,8 +2329,7 @@ int virDomainSetPerfEvents(virDomainPtr dom,
* Describes various possible block jobs.
*/
typedef enum {
/* Placeholder */
VIR_DOMAIN_BLOCK_JOB_TYPE_UNKNOWN = 0,
VIR_DOMAIN_BLOCK_JOB_TYPE_UNKNOWN = 0, /* Placeholder */
/* Block Pull (virDomainBlockPull, or virDomainBlockRebase without
* flags), job ends on completion */
@@ -3457,16 +3376,6 @@ typedef enum {
*/
# define VIR_DOMAIN_JOB_MEMORY_ITERATION "memory_iteration"
/**
* VIR_DOMAIN_JOB_MEMORY_POSTCOPY_REQS:
*
* virDomainGetJobStats field: number page requests received from the
* destination host during post-copy migration, as VIR_TYPED_PARAM_ULLONG.
* This counter is incremented whenever the migrated domain tries to access
* a memory page which has not been transferred from the source host yet.
*/
# define VIR_DOMAIN_JOB_MEMORY_POSTCOPY_REQS "memory_postcopy_requests"
/**
* VIR_DOMAIN_JOB_DISK_TOTAL:
*
@@ -4884,4 +4793,4 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
int *nparams,
unsigned int flags);
#endif /* LIBVIRT_DOMAIN_H */
#endif /* __VIR_LIBVIRT_DOMAIN_H__ */

9
include/libvirt/libvirt-event.h
View File

@@ -2,6 +2,7 @@
* libvirt-event.h
* Summary: APIs for management of events
* Description: Provides APIs for the management of events
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2014 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_EVENT_H
# define LIBVIRT_EVENT_H
#ifndef __VIR_LIBVIRT_EVENT_H__
# define __VIR_LIBVIRT_EVENT_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -59,7 +60,7 @@ typedef void (*virEventHandleCallback)(int watch, int fd, int events, void *opaq
* virEventAddHandleFunc:
* @fd: file descriptor to listen on
* @event: bitset of events on which to fire the callback
* @cb: the callback to be called when an event occurs
* @cb: the callback to be called when an event occurrs
* @opaque: user data to pass to the callback
* @ff: the callback invoked to free opaque data blob
*
@@ -186,4 +187,4 @@ void virEventUpdateTimeout(int timer, int frequency);
int virEventRemoveTimeout(int timer);
#endif /* LIBVIRT_EVENT_H */
#endif /* __VIR_LIBVIRT_EVENT_H__ */

7
include/libvirt/libvirt-host.h
View File

@@ -2,6 +2,7 @@
* libvirt-host.h
* Summary: APIs for management of hosts
* Description: Provides APIs for the management of hosts
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2014 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_HOST_H
# define LIBVIRT_HOST_H
#ifndef __VIR_LIBVIRT_HOST_H__
# define __VIR_LIBVIRT_HOST_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -743,4 +744,4 @@ int virNodeAllocPages(virConnectPtr conn,
unsigned int flags);
#endif /* LIBVIRT_HOST_H */
#endif /* __VIR_LIBVIRT_HOST_H__ */

7
include/libvirt/libvirt-interface.h
View File

@@ -2,6 +2,7 @@
* libvirt-interface.h
* Summary: APIs for management of interfaces
* Description: Provides APIs for the management of interfaces
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2014 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_INTERFACE_H
# define LIBVIRT_INTERFACE_H
#ifndef __VIR_LIBVIRT_INTERFACE_H__
# define __VIR_LIBVIRT_INTERFACE_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -106,4 +107,4 @@ int virInterfaceChangeRollback(virConnectPtr conn,
int virInterfaceIsActive(virInterfacePtr iface);
#endif /* LIBVIRT_INTERFACE_H */
#endif /* __VIR_LIBVIRT_INTERFACE_H__ */

8
include/libvirt/libvirt-lxc.h
View File

@@ -19,10 +19,12 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Author: Daniel P. Berrange <berrange@redhat.com>
*/
#ifndef LIBVIRT_LXC_H
# define LIBVIRT_LXC_H
#ifndef __VIR_LXC_H__
# define __VIR_LXC_H__
# include <libvirt/libvirt.h>
@@ -51,4 +53,4 @@ int virDomainLxcEnterCGroup(virDomainPtr domain,
}
# endif
#endif /* LIBVIRT_LXC_H */
#endif /* __VIR_LXC_H__ */

7
include/libvirt/libvirt-network.h
View File

@@ -2,6 +2,7 @@
* libvirt-network.h
* Summary: APIs for management of networks
* Description: Provides APIs for the management of networks
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2014 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_NETWORK_H
# define LIBVIRT_NETWORK_H
#ifndef __VIR_LIBVIRT_NETWORK_H__
# define __VIR_LIBVIRT_NETWORK_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -333,4 +334,4 @@ int virConnectNetworkEventRegisterAny(virConnectPtr conn,
int virConnectNetworkEventDeregisterAny(virConnectPtr conn,
int callbackID);
#endif /* LIBVIRT_NETWORK_H */
#endif /* __VIR_LIBVIRT_NETWORK_H__ */

7
include/libvirt/libvirt-nodedev.h
View File

@@ -2,6 +2,7 @@
* libvirt-nodedev.h
* Summary: APIs for management of nodedevs
* Description: Provides APIs for the management of nodedevs
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2014 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_NODEDEV_H
# define LIBVIRT_NODEDEV_H
#ifndef __VIR_LIBVIRT_NODEDEV_H__
# define __VIR_LIBVIRT_NODEDEV_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -216,4 +217,4 @@ typedef void (*virConnectNodeDeviceEventLifecycleCallback)(virConnectPtr conn,
int detail,
void *opaque);
#endif /* LIBVIRT_NODEDEV_H */
#endif /* __VIR_LIBVIRT_NODEDEV_H__ */

7
include/libvirt/libvirt-nwfilter.h
View File

@@ -2,6 +2,7 @@
* libvirt-nwfilter.h
* Summary: APIs for management of nwfilters
* Description: Provides APIs for the management of nwfilters
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2014 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_NWFILTER_H
# define LIBVIRT_NWFILTER_H
#ifndef __VIR_LIBVIRT_NWFILTER_H__
# define __VIR_LIBVIRT_NWFILTER_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -130,4 +131,4 @@ int virNWFilterBindingDelete(virNWFilterBindingPtr binding);
int virNWFilterBindingRef(virNWFilterBindingPtr binding);
int virNWFilterBindingFree(virNWFilterBindingPtr binding);
#endif /* LIBVIRT_NWFILTER_H */
#endif /* __VIR_LIBVIRT_NWFILTER_H__ */

8
include/libvirt/libvirt-qemu.h
View File

@@ -19,10 +19,12 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Author: Chris Lalancette <clalance@redhat.com>
*/
#ifndef LIBVIRT_QEMU_H
# define LIBVIRT_QEMU_H
#ifndef __VIR_QEMU_H__
# define __VIR_QEMU_H__
# include <libvirt/libvirt.h>
@@ -101,4 +103,4 @@ int virConnectDomainQemuMonitorEventDeregister(virConnectPtr conn,
}
# endif
#endif /* LIBVIRT_QEMU_H */
#endif /* __VIR_QEMU_H__ */

7
include/libvirt/libvirt-secret.h
View File

@@ -2,6 +2,7 @@
* libvirt-secret.h
* Summary: APIs for management of secrets
* Description: Provides APIs for the management of secrets
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2014, 2016 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_SECRET_H
# define LIBVIRT_SECRET_H
#ifndef __VIR_LIBVIRT_SECRET_H__
# define __VIR_LIBVIRT_SECRET_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -202,4 +203,4 @@ typedef void (*virConnectSecretEventLifecycleCallback)(virConnectPtr conn,
void *opaque);
#endif /* LIBVIRT_SECRET_H */
#endif /* __VIR_LIBVIRT_SECRET_H__ */

11
include/libvirt/libvirt-storage.h
View File

@@ -2,6 +2,7 @@
* libvirt-storage.h
* Summary: APIs for management of storage pools and volumes
* Description: Provides APIs for the management of storage pools and volumes
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2016 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_STORAGE_H
# define LIBVIRT_STORAGE_H
#ifndef __VIR_LIBVIRT_STORAGE_H__
# define __VIR_LIBVIRT_STORAGE_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -193,10 +194,6 @@ typedef enum {
*/
virConnectPtr virStoragePoolGetConnect (virStoragePoolPtr pool);
/* Storage Pool capabilities */
char *virConnectGetStoragePoolCapabilities(virConnectPtr conn,
unsigned int flags);
/*
* List active storage pools
*/
@@ -499,4 +496,4 @@ typedef void (*virConnectStoragePoolEventLifecycleCallback)(virConnectPtr conn,
int detail,
void *opaque);
#endif /* LIBVIRT_STORAGE_H */
#endif /* __VIR_LIBVIRT_STORAGE_H__ */

7
include/libvirt/libvirt-stream.h
View File

@@ -2,6 +2,7 @@
* libvirt-stream.h
* Summary: APIs for management of streams
* Description: Provides APIs for the management of streams
* Author: Daniel Veillard <veillard@redhat.com>
*
* Copyright (C) 2006-2014 Red Hat, Inc.
*
@@ -20,8 +21,8 @@
* <http://www.gnu.org/licenses/>.
*/
#ifndef LIBVIRT_STREAM_H
# define LIBVIRT_STREAM_H
#ifndef __VIR_LIBVIRT_STREAM_H__
# define __VIR_LIBVIRT_STREAM_H__
# ifndef __VIR_LIBVIRT_H_INCLUDES__
# error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -266,4 +267,4 @@ int virStreamAbort(virStreamPtr st);
int virStreamFree(virStreamPtr st);
#endif /* LIBVIRT_STREAM_H */
#endif /* __VIR_LIBVIRT_STREAM_H__ */

14
include/libvirt/libvirt.h
View File

@@ -4,7 +4,7 @@
* Description: Provides the interfaces of the libvirt library to handle
* virtualized domains
*
* Copyright (C) 2005-2019 Red Hat, Inc.
* Copyright (C) 2005-2006, 2010-2014 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -19,10 +19,12 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Author: Daniel Veillard <veillard@redhat.com>
*/
#ifndef LIBVIRT_H
# define LIBVIRT_H
#ifndef __VIR_VIRLIB_H__
# define __VIR_VIRLIB_H__
# include <sys/types.h>
@@ -34,10 +36,6 @@ extern "C" {
# include <libvirt/libvirt-common.h>
# include <libvirt/libvirt-host.h>
# include <libvirt/libvirt-domain.h>
/* FIXME: Temporary hack until later patch creates new
* libvirt-domain-checkpoint.h file */
typedef struct _virDomainCheckpoint virDomainCheckpoint;
typedef virDomainCheckpoint *virDomainCheckpointPtr;
# include <libvirt/libvirt-domain-snapshot.h>
# include <libvirt/libvirt-event.h>
# include <libvirt/libvirt-interface.h>
@@ -53,4 +51,4 @@ typedef virDomainCheckpoint *virDomainCheckpointPtr;
}
# endif
#endif /* LIBVIRT_H */
#endif /* __VIR_VIRLIB_H__ */

21
include/libvirt/virterror.h
View File

@@ -4,7 +4,7 @@
* Description: Provides the interfaces of the libvirt library to handle
* errors raised while using the library.
*
* Copyright (C) 2006-2019 Red Hat, Inc.
* Copyright (C) 2006-2016 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -19,10 +19,12 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Author: Daniel Veillard <veillard@redhat.com>
*/
#ifndef LIBVIRT_VIRTERROR_H
# define LIBVIRT_VIRTERROR_H
#ifndef __VIR_VIRERR_H__
# define __VIR_VIRERR_H__
# include <libvirt/libvirt.h>
@@ -74,7 +76,7 @@ typedef enum {
VIR_FROM_NETWORK = 19, /* Error from network config */
VIR_FROM_DOMAIN = 20, /* Error from domain config */
VIR_FROM_UML = 21, /* Error at the UML driver; unused since 5.0.0 */
VIR_FROM_UML = 21, /* Error at the UML driver */
VIR_FROM_NODEDEV = 22, /* Error from node device monitor */
VIR_FROM_XEN_INOTIFY = 23, /* Error from xen inotify layer */
VIR_FROM_SECURITY = 24, /* Error from security framework */
@@ -131,8 +133,6 @@ typedef enum {
VIR_FROM_PERF = 65, /* Error from perf */
VIR_FROM_LIBSSH = 66, /* Error from libssh connection transport */
VIR_FROM_RESCTRL = 67, /* Error from resource control */
VIR_FROM_FIREWALLD = 68, /* Error from firewalld */
VIR_FROM_DOMAIN_CHECKPOINT = 69, /* Error from domain checkpoint */
# ifdef VIR_ENUM_SENTINELS
VIR_ERR_DOMAIN_LAST
@@ -323,13 +323,6 @@ typedef enum {
VIR_ERR_DEVICE_MISSING = 99, /* fail to find the desired device */
VIR_ERR_INVALID_NWFILTER_BINDING = 100, /* invalid nwfilter binding */
VIR_ERR_NO_NWFILTER_BINDING = 101, /* no nwfilter binding */
VIR_ERR_INVALID_DOMAIN_CHECKPOINT = 102, /* invalid domain checkpoint */
VIR_ERR_NO_DOMAIN_CHECKPOINT = 103, /* domain checkpoint not found */
VIR_ERR_NO_DOMAIN_BACKUP = 104, /* domain backup job id not found */
# ifdef VIR_ENUM_SENTINELS
VIR_ERR_NUMBER_LAST
# endif
} virErrorNumber;
/**
@@ -373,4 +366,4 @@ int virConnCopyLastError (virConnectPtr conn,
}
# endif
#endif /* LIBVIRT_VIRTERROR_H */
#endif /* __VIR_VIRERR_H__ */

164
libvirt.spec.in
View File

@@ -4,7 +4,7 @@
# that's still supported by the vendor. It may work on other distros
# or versions, but no effort will be made to ensure that going forward.
%define min_rhel 7
%define min_fedora 28
%define min_fedora 27
%if (0%{?fedora} && 0%{?fedora} >= %{min_fedora}) || (0%{?rhel} && 0%{?rhel} >= %{min_rhel})
%define supported_platform 1
@@ -20,6 +20,7 @@
# The hypervisor drivers that run in libvirtd
%define with_qemu 0%{!?_without_qemu:1}
%define with_lxc 0%{!?_without_lxc:1}
%define with_uml 0%{!?_without_uml:1}
%define with_libxl 0%{!?_without_libxl:1}
%define with_vbox 0%{!?_without_vbox:1}
@@ -71,7 +72,7 @@
%endif
# We need a recent enough libiscsi (>= 1.18.0)
%if 0%{?fedora} || 0%{?rhel} > 7
%if 0%{?fedora} >= 28 || 0%{?rhel} > 7
%define with_storage_iscsi_direct 0%{!?_without_storage_iscsi_direct:1}
%else
%define with_storage_iscsi_direct 0
@@ -82,7 +83,6 @@
%define with_sanlock 0%{!?_without_sanlock:0}
%define with_numad 0%{!?_without_numad:0}
%define with_firewalld 0%{!?_without_firewalld:0}
%define with_firewalld_zone 0%{!?_without_firewalld_zone:0}
%define with_libssh2 0%{!?_without_libssh2:0}
%define with_wireshark 0%{!?_without_wireshark:0}
%define with_libssh 0%{!?_without_libssh:0}
@@ -110,19 +110,14 @@
%define with_storage_zfs 0
%endif
# Ceph dropping support for 32-bit hosts
%if 0%{?fedora} >= 30
%ifarch %{arm} %{ix86}
%define with_storage_rbd 0
%endif
%endif
# RHEL doesn't ship OpenVZ, VBox, PowerHypervisor,
# RHEL doesn't ship OpenVZ, VBox, UML, PowerHypervisor,
# VMware, libxenserver (xenapi), libxenlight (Xen 4.1 and newer),
# or HyperV.
%if 0%{?rhel}
%define with_openvz 0
%define with_vbox 0
%define with_uml 0
%define with_phyp 0
%define with_vmware 0
%define with_xenapi 0
@@ -137,11 +132,6 @@
%define with_firewalld 1
%if 0%{?fedora} >= 30 || 0%{?rhel} > 7
%define with_firewalld_zone 0%{!?_without_firewalld_zone:1}
%endif
# fuse is used to provide virtualized /proc for LXC
%if %{with_lxc}
%define with_fuse 0%{!?_without_fuse:1}
@@ -166,7 +156,11 @@
# Enable wireshark plugins for all distros shipping libvirt 1.2.2 or newer
%if 0%{?fedora}
%define with_wireshark 0%{!?_without_wireshark:1}
%define wireshark_plugindir %(pkg-config --variable plugindir wireshark)/epan
%endif
%if 0%{?fedora} || 0%{?rhel} > 7
%define wireshark_plugindir %(pkg-config --variable plugindir wireshark)
%else
%define wireshark_plugindir %{_libdir}/wireshark/plugins
%endif
# Enable libssh transport for new enough distros
@@ -184,7 +178,7 @@
%endif
%if %{with_qemu} || %{with_lxc}
%if %{with_qemu} || %{with_lxc} || %{with_uml}
# numad is used to manage the CPU and memory placement dynamically,
# it's not available on many non-x86 architectures.
%ifnarch s390 s390x %{arm} riscv64
@@ -216,7 +210,7 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: @VERSION@
Release: 1%{?dist}
Release: 1%{?dist}%{?extra_release}
License: LGPLv2+
URL: https://libvirt.org/
@@ -237,9 +231,9 @@ Requires: libvirt-daemon-driver-lxc = %{version}-%{release}
%if %{with_qemu}
Requires: libvirt-daemon-driver-qemu = %{version}-%{release}
%endif
# We had UML driver, but we've removed it.
Obsoletes: libvirt-daemon-driver-uml <= 5.0.0
Obsoletes: libvirt-daemon-uml <= 5.0.0
%if %{with_uml}
Requires: libvirt-daemon-driver-uml = %{version}-%{release}
%endif
%if %{with_vbox}
Requires: libvirt-daemon-driver-vbox = %{version}-%{release}
%endif
@@ -264,7 +258,7 @@ BuildRequires: /usr/bin/pod2man
%endif
BuildRequires: gcc
BuildRequires: git
%if 0%{?fedora} || 0%{?rhel} > 7
%if 0%{?fedora} >= 27 || 0%{?rhel} > 7
BuildRequires: perl-interpreter
%else
BuildRequires: perl
@@ -326,8 +320,6 @@ BuildRequires: libiscsi-devel
BuildRequires: parted-devel
# For Multipath support
BuildRequires: device-mapper-devel
# For XFS reflink clone support
BuildRequires: xfsprogs-devel
%if %{with_storage_rbd}
BuildRequires: librados2-devel
BuildRequires: librbd1-devel
@@ -387,22 +379,18 @@ BuildRequires: numad
%endif
%if %{with_wireshark}
BuildRequires: wireshark-devel >= 2.4.0
BuildRequires: wireshark-devel >= 2.1.0
%endif
%if %{with_libssh}
BuildRequires: libssh-devel >= 0.7.0
%endif
%if 0%{?fedora} || 0%{?rhel} > 7
%if 0%{?fedora} > 27 || 0%{?rhel} > 7
BuildRequires: rpcgen
BuildRequires: libtirpc-devel
%endif
%if %{with_firewalld_zone}
BuildRequires: firewalld-filesystem
%endif
Provides: bundled(gnulib)
%description
@@ -550,9 +538,6 @@ Requires: util-linux
# From QEMU RPMs
Requires: /usr/bin/qemu-img
%endif
%if !%{with_storage_rbd}
Obsoletes: libvirt-daemon-driver-storage-rbd < %{version}-%{release}
%endif
%description daemon-driver-storage-core
The storage driver plugin for the libvirtd daemon, providing
@@ -758,6 +743,19 @@ the Linux kernel
%endif
%if %{with_uml}
%package daemon-driver-uml
Summary: Uml driver plugin for the libvirtd daemon
Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-libs = %{version}-%{release}
%description daemon-driver-uml
The UML driver plugin for the libvirtd daemon, providing
an implementation of the hypervisor driver APIs using
User Mode Linux
%endif
%if %{with_vbox}
%package daemon-driver-vbox
Summary: VirtualBox driver plugin for the libvirtd daemon
@@ -845,6 +843,26 @@ capabilities of LXC
%endif
%if %{with_uml}
%package daemon-uml
Summary: Server side daemon & driver required to run UML guests
Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-driver-uml = %{version}-%{release}
Requires: libvirt-daemon-driver-interface = %{version}-%{release}
Requires: libvirt-daemon-driver-network = %{version}-%{release}
Requires: libvirt-daemon-driver-nodedev = %{version}-%{release}
Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}
Requires: libvirt-daemon-driver-secret = %{version}-%{release}
Requires: libvirt-daemon-driver-storage = %{version}-%{release}
# There are no UML kernel RPMs in Fedora/RHEL to depend on.
%description daemon-uml
Server side daemon and driver required to manage the virtualization
capabilities of UML
%endif
%if %{with_libxl}
%package daemon-xen
Summary: Server side daemon & driver required to run XEN guests
@@ -936,7 +954,7 @@ Bash completion script stub.
%if %{with_wireshark}
%package wireshark
Summary: Wireshark dissector plugin for libvirt RPC transactions
Requires: wireshark >= 2.4.0
Requires: wireshark >= 1.12.6-4
Requires: %{name}-libs = %{version}-%{release}
%description wireshark
@@ -1050,6 +1068,12 @@ exit 1
%define arg_vmware --without-vmware
%endif
%if %{with_uml}
%define arg_uml --with-uml
%else
%define arg_uml --without-uml
%endif
%if %{with_storage_rbd}
%define arg_storage_rbd --with-storage-rbd
%else
@@ -1104,12 +1128,6 @@ exit 1
%define arg_firewalld --without-firewalld
%endif
%if %{with_firewalld_zone}
%define arg_firewalld_zone --with-firewalld-zone
%else
%define arg_firewalld_zone --without-firewalld-zone
%endif
%if %{with_wireshark}
%define arg_wireshark --with-wireshark-dissector
%else
@@ -1169,6 +1187,7 @@ rm -f po/stamp-po
--with-avahi \
--with-polkit \
--with-libvirtd \
%{?arg_uml} \
%{?arg_phyp} \
%{?arg_esx} \
%{?arg_hyperv} \
@@ -1208,7 +1227,6 @@ rm -f po/stamp-po
--with-dtrace \
--with-driver-modules \
%{?arg_firewalld} \
%{?arg_firewalld_zone} \
%{?arg_wireshark} \
--without-pm-utils \
--with-nss-plugin \
@@ -1298,6 +1316,9 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.libxl
rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_libxl.aug
rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_libxl.aug
%endif
%if ! %{with_uml}
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
%endif
# Copied into libvirt-docs subpackage eventually
mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} libvirt-docs
@@ -1328,16 +1349,6 @@ then
exit 1
fi
%post libs
%if 0%{?rhel} == 7
/sbin/ldconfig
%endif
%postun libs
%if 0%{?rhel} == 7
/sbin/ldconfig
%endif
%pre daemon
# 'libvirt' group is just to allow password-less polkit access to
# libvirtd. The uid number is irrelevant, so we use dynamic allocation
@@ -1386,16 +1397,6 @@ if [ -f %{_localstatedir}/lib/rpm-state/libvirt/restart ]; then
fi
rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
%post daemon-driver-network
%if %{with_firewalld}
%firewalld_reload
%endif
%postun daemon-driver-network
%if %{with_firewalld}
%firewalld_reload
%endif
%post daemon-config-network
if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ; then
# see if the network used by default network creates a conflict,
@@ -1457,6 +1458,16 @@ fi
rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
%triggerun -- libvirt < 0.9.4
%{_bindir}/systemd-sysv-convert --save libvirtd >/dev/null 2>&1 ||:
# If the package is allowed to autostart:
/bin/systemctl --no-reload enable libvirtd.service >/dev/null 2>&1 ||:
# Run these because the SysV package being removed won't do them
/sbin/chkconfig --del libvirtd >/dev/null 2>&1 || :
/bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
%if %{with_qemu}
%pre daemon-driver-qemu
# We want soft static allocation of well-known ids, as disk images
@@ -1479,11 +1490,24 @@ exit 0
%systemd_preun libvirt-guests.service
%post client
/sbin/ldconfig
%systemd_post libvirt-guests.service
%postun client
/sbin/ldconfig
%systemd_postun libvirt-guests.service
%triggerun client -- libvirt < 0.9.4
%{_bindir}/systemd-sysv-convert --save libvirt-guests >/dev/null 2>&1 ||:
# If the package is allowed to autostart:
/bin/systemctl --no-reload enable libvirt-guests.service >/dev/null 2>&1 ||:
# Run this because the SysV package being removed won't do them
/sbin/chkconfig --del libvirt-guests >/dev/null 2>&1 || :
%if %{with_sanlock}
%post lock-sanlock
if getent group sanlock > /dev/null ; then
@@ -1611,10 +1635,6 @@ exit 0
%attr(0755, root, root) %{_libexecdir}/libvirt_leaseshelper
%{_libdir}/%{name}/connection-driver/libvirt_driver_network.so
%if %{with_firewalld_zone}
%{_prefix}/lib/firewalld/zones/libvirt.xml
%endif
%files daemon-driver-nodedev
%{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so
@@ -1705,6 +1725,15 @@ exit 0
%{_libdir}/%{name}/connection-driver/libvirt_driver_lxc.so
%endif
%if %{with_uml}
%files daemon-driver-uml
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/
%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml
%ghost %dir %{_localstatedir}/run/libvirt/uml/
%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/
%{_libdir}/%{name}/connection-driver/libvirt_driver_uml.so
%endif
%if %{with_libxl}
%files daemon-driver-libxl
%config(noreplace) %{_sysconfdir}/libvirt/libxl.conf
@@ -1735,6 +1764,10 @@ exit 0
%files daemon-lxc
%endif
%if %{with_uml}
%files daemon-uml
%endif
%if %{with_libxl}
%files daemon-xen
%endif
@@ -1814,7 +1847,6 @@ exit 0
%{_datadir}/libvirt/schemas/secret.rng
%{_datadir}/libvirt/schemas/storagecommon.rng
%{_datadir}/libvirt/schemas/storagepool.rng
%{_datadir}/libvirt/schemas/storagepoolcaps.rng
%{_datadir}/libvirt/schemas/storagevol.rng
%{_datadir}/libvirt/cpu_map/*.xml

3
m4/virt-driver-libxl.m4
View File

@@ -75,9 +75,6 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_LIBXL], [
])
fi
dnl Check if Xen has support for PVH
AC_CHECK_DECL(LIBXL_DOMAIN_TYPE_PVH, [AC_DEFINE([HAVE_XEN_PVH], [1], [Define to 1 if Xen has PVH support.])], [], [#include <libxl.h>])
AC_SUBST([LIBXL_CFLAGS])
AC_SUBST([LIBXL_LIBS])
])

56
m4/virt-driver-qemu.m4
View File

@@ -18,7 +18,7 @@ dnl <http://www.gnu.org/licenses/>.
dnl
AC_DEFUN([LIBVIRT_DRIVER_ARG_QEMU], [
LIBVIRT_ARG_WITH_FEATURE([QEMU], [QEMU/KVM], [check])
LIBVIRT_ARG_WITH_FEATURE([QEMU], [QEMU/KVM], [yes])
LIBVIRT_ARG_WITH([QEMU_USER], [username to run QEMU system instance as],
['platform dependent'])
LIBVIRT_ARG_WITH([QEMU_GROUP], [groupname to run QEMU system instance as],
@@ -26,15 +26,6 @@ AC_DEFUN([LIBVIRT_DRIVER_ARG_QEMU], [
])
AC_DEFUN([LIBVIRT_DRIVER_CHECK_QEMU], [
dnl There is no way qemu driver will work without JSON support
AC_REQUIRE([LIBVIRT_CHECK_YAJL])
if test "$with_qemu:$with_yajl" = "yes:no"; then
AC_MSG_ERROR([YAJL or YAJL2 is required to build QEMU driver])
fi
if test "$with_qemu" = "check"; then
with_qemu=$with_yajl
fi
if test "$with_qemu" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_QEMU], 1, [whether QEMU driver is enabled])
fi
@@ -44,42 +35,8 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_QEMU], [
default_qemu_user=root
default_qemu_group=wheel
else
# Try to integrate gracefully with downstream packages by running QEMU
# processes using the same user and group they would
case $(grep ^ID= /etc/os-release 2>/dev/null) in
*arch*)
default_qemu_user=nobody
default_qemu_group=nobody
;;
*centos*|*fedora*|*gentoo*|*rhel*|*suse*)
default_qemu_user=qemu
default_qemu_group=qemu
;;
*debian*)
default_qemu_user=libvirt-qemu
default_qemu_group=libvirt-qemu
;;
*ubuntu*)
default_qemu_user=libvirt-qemu
default_qemu_group=kvm
;;
*)
default_qemu_user=root
default_qemu_group=root
;;
esac
# If the expected user and group don't exist, or we haven't hit any
# of the cases above because we're running on an unknown OS, the only
# sensible fallback is root:root
AC_MSG_CHECKING([for QEMU credentials ($default_qemu_user:$default_qemu_group)])
if getent passwd "$default_qemu_user" >/dev/null 2>&1 && \
getent group "$default_qemu_group" >/dev/null 2>&1; then
AC_MSG_RESULT([ok])
else
AC_MSG_RESULT([not found, using root:root instead])
default_qemu_user=root
default_qemu_group=root
fi
default_qemu_user=root
default_qemu_group=root
fi
if test "x$with_qemu_user" = "xplatform dependent" ; then
@@ -112,10 +69,5 @@ AC_DEFUN([LIBVIRT_DRIVER_RESULT_QEMU], [
])
AC_DEFUN([LIBVIRT_RESULT_QEMU_PRIVILEGES], [
if test "$QEMU_USER" = "root"; then
LIBVIRT_RESULT([QEMU], [$QEMU_USER:$QEMU_GROUP],
[!!! running QEMU as root is strongly discouraged !!!])
else
LIBVIRT_RESULT([QEMU], [$QEMU_USER:$QEMU_GROUP])
fi
LIBVIRT_RESULT([QEMU], [$QEMU_USER:$QEMU_GROUP])
])

54
m4/virt-driver-uml.m4 Normal file
View File

@@ -0,0 +1,54 @@
dnl The UML driver
dnl
dnl Copyright (C) 2005-2015 Red Hat, Inc.
dnl
dnl This library is free software; you can redistribute it and/or
dnl modify it under the terms of the GNU Lesser General Public
dnl License as published by the Free Software Foundation; either
dnl version 2.1 of the License, or (at your option) any later version.
dnl
dnl This library is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
dnl Lesser General Public License for more details.
dnl
dnl You should have received a copy of the GNU Lesser General Public
dnl License along with this library. If not, see
dnl <http://www.gnu.org/licenses/>.
dnl
AC_DEFUN([LIBVIRT_DRIVER_ARG_UML],[
LIBVIRT_ARG_WITH_FEATURE([UML], [UML], [check])
])
AC_DEFUN([LIBVIRT_DRIVER_CHECK_UML],[
if test "$with_libvirtd" = "no" || test "$with_linux" = "no"; then
if test "$with_uml" = "yes"; then
AC_MSG_ERROR([The UML driver cannot be enabled])
elif test "$with_uml" = "check"; then
with_uml="no"
fi
fi
if test "$with_uml" = "yes" || test "$with_uml" = "check"; then
AC_CHECK_HEADER([sys/inotify.h], [
with_uml=yes
], [
if test "$with_uml" = "check"; then
with_uml=no
AC_MSG_NOTICE([<sys/inotify.h> is required for the UML driver, disabling it])
else
AC_MSG_ERROR([The <sys/inotify.h> is required for the UML driver. Upgrade your libc6.])
fi
])
fi
if test "$with_uml" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_UML], 1, [whether UML driver is enabled])
fi
AM_CONDITIONAL([WITH_UML], [test "$with_uml" = "yes"])
])
AC_DEFUN([LIBVIRT_DRIVER_RESULT_UML],[
LIBVIRT_RESULT([UML], [$with_uml])
])

45
m4/virt-firewalld-zone.m4
View File

@@ -1,45 +0,0 @@
dnl firewalld_zone check - whether or not to install the firewall "libvirt" zone
dnl
dnl Copyright (C) 2019 Red Hat, Inc.
dnl
dnl This library is free software; you can redistribute it and/or
dnl modify it under the terms of the GNU Lesser General Public
dnl License as published by the Free Software Foundation; either
dnl version 2.1 of the License, or (at your option) any later version.
dnl
dnl This library is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
dnl Lesser General Public License for more details.
dnl
dnl You should have received a copy of the GNU Lesser General Public
dnl License along with this library. If not, see
dnl <http://www.gnu.org/licenses/>.
dnl
AC_DEFUN([LIBVIRT_ARG_FIREWALLD_ZONE], [
LIBVIRT_ARG_WITH([FIREWALLD_ZONE], [Whether to install firewalld libvirt zone], [check])
])
AC_DEFUN([LIBVIRT_CHECK_FIREWALLD_ZONE], [
AC_REQUIRE([LIBVIRT_CHECK_FIREWALLD])
AC_MSG_CHECKING([for whether to install firewalld libvirt zone])
if test "x$with_firewalld_zone" = "xcheck" ; then
with_firewalld_zone=$with_firewalld
fi
if test "x$with_firewalld_zone" = "xyes" ; then
if test "x$with_firewalld" != "xyes" ; then
AC_MSG_ERROR([You must have firewalld support enabled to enable firewalld-zone])
fi
AC_DEFINE_UNQUOTED([WITH_FIREWALLD_ZONE], [1], [whether firewalld libvirt zone is installed])
fi
AM_CONDITIONAL([WITH_FIREWALLD_ZONE], [test "x$with_firewalld_zone" != "xno"])
AC_MSG_RESULT($with_firewalld_zone)
])
AC_DEFUN([LIBVIRT_RESULT_FIREWALLD_ZONE], [
LIBVIRT_RESULT([firewalld-zone], [$with_firewalld_zone])
])

4
m4/virt-firewalld.m4
View File

@@ -32,10 +32,10 @@ AC_DEFUN([LIBVIRT_CHECK_FIREWALLD], [
if test "x$with_dbus" != "xyes" ; then
AC_MSG_ERROR([You must have dbus enabled for firewalld support])
fi
AC_DEFINE_UNQUOTED([WITH_FIREWALLD], [1], [whether firewalld support is enabled])
AC_DEFINE_UNQUOTED([HAVE_FIREWALLD], [1], [whether firewalld support is enabled])
fi
AM_CONDITIONAL([WITH_FIREWALLD], [test "x$with_firewalld" != "xno"])
AM_CONDITIONAL([HAVE_FIREWALLD], [test "x$with_firewalld" != "xno"])
])
AC_DEFUN([LIBVIRT_RESULT_FIREWALLD], [

Some files were not shown because too many files have changed in this diff Show More