mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-09-23 17:45:17 +03:00
Compare commits
9 Commits
v8.0.0-rc1
...
v1.2.14-ma
Author | SHA1 | Date | |
---|---|---|---|
|
ea59deeeea | ||
|
6410a22743 | ||
|
e7ebcd5c57 | ||
|
605b120683 | ||
|
454cb7c40d | ||
|
c814a546f2 | ||
|
ba2b5b7dbf | ||
|
75c77804b8 | ||
|
0f709dd420 |
@@ -1413,6 +1413,7 @@ virFileSanitizePath;
|
||||
virFileSkipRoot;
|
||||
virFileStripSuffix;
|
||||
virFileTouch;
|
||||
virFileUnlink;
|
||||
virFileUnlock;
|
||||
virFileUpdatePerm;
|
||||
virFileWaitForDevices;
|
||||
|
@@ -849,7 +849,7 @@ typedef struct {
|
||||
|
||||
static const virLXCBasicMountInfo lxcBasicMounts[] = {
|
||||
{ "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false },
|
||||
{ "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false },
|
||||
{ "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
|
||||
{ "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true },
|
||||
{ "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true },
|
||||
{ "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
|
||||
@@ -1029,7 +1029,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled,
|
||||
|
||||
if (bindOverReadonly &&
|
||||
mount(mnt_src, mnt->dst, NULL,
|
||||
MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
|
||||
MS_BIND|MS_REMOUNT|mnt_mflags|MS_RDONLY, NULL) < 0) {
|
||||
virReportSystemError(errno,
|
||||
_("Failed to re-mount %s on %s flags=%x"),
|
||||
mnt_src, mnt->dst,
|
||||
|
@@ -599,7 +599,7 @@ static int lxcDomainGetInfo(virDomainPtr dom,
|
||||
|
||||
if (!virDomainObjIsActive(vm)) {
|
||||
info->cpuTime = 0;
|
||||
info->memory = 0;
|
||||
info->memory = vm->def->mem.cur_balloon;
|
||||
} else {
|
||||
if (virCgroupGetCpuacctUsage(priv->cgroup, &(info->cpuTime)) < 0) {
|
||||
virReportError(VIR_ERR_OPERATION_FAILED,
|
||||
|
@@ -750,7 +750,7 @@ virLXCProcessBuildControllerCmd(virLXCDriverPtr driver,
|
||||
int *files,
|
||||
size_t nfiles,
|
||||
int handshakefd,
|
||||
int logfd,
|
||||
int * const logfd,
|
||||
const char *pidfile)
|
||||
{
|
||||
size_t i;
|
||||
@@ -820,8 +820,8 @@ virLXCProcessBuildControllerCmd(virLXCDriverPtr driver,
|
||||
virCommandPassFD(cmd, handshakefd, 0);
|
||||
virCommandDaemonize(cmd);
|
||||
virCommandSetPidFile(cmd, pidfile);
|
||||
virCommandSetOutputFD(cmd, &logfd);
|
||||
virCommandSetErrorFD(cmd, &logfd);
|
||||
virCommandSetOutputFD(cmd, logfd);
|
||||
virCommandSetErrorFD(cmd, logfd);
|
||||
/* So we can pause before exec'ing the controller to
|
||||
* write the live domain status XML with the PID */
|
||||
virCommandRequireHandshake(cmd);
|
||||
@@ -1208,7 +1208,7 @@ int virLXCProcessStart(virConnectPtr conn,
|
||||
ttyFDs, nttyFDs,
|
||||
files, nfiles,
|
||||
handshakefds[1],
|
||||
logfd,
|
||||
&logfd,
|
||||
pidfile)))
|
||||
goto cleanup;
|
||||
|
||||
|
@@ -2643,7 +2643,7 @@ static int qemuDomainGetInfo(virDomainPtr dom,
|
||||
info->memory = vm->def->mem.cur_balloon;
|
||||
}
|
||||
} else {
|
||||
info->memory = 0;
|
||||
info->memory = vm->def->mem.cur_balloon;
|
||||
}
|
||||
|
||||
info->nrVirtCpu = vm->def->vcpus;
|
||||
|
@@ -3959,6 +3959,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
|
||||
time_t now = time(NULL);
|
||||
char expire_time [64];
|
||||
const char *connected = NULL;
|
||||
const char *password;
|
||||
int ret = -1;
|
||||
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
|
||||
|
||||
@@ -3966,16 +3967,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
|
||||
ret = 0;
|
||||
goto cleanup;
|
||||
}
|
||||
password = auth->passwd ? auth->passwd : defaultPasswd;
|
||||
|
||||
if (auth->connected)
|
||||
connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);
|
||||
|
||||
if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
|
||||
goto cleanup;
|
||||
ret = qemuMonitorSetPassword(priv->mon,
|
||||
type,
|
||||
auth->passwd ? auth->passwd : defaultPasswd,
|
||||
connected);
|
||||
ret = qemuMonitorSetPassword(priv->mon, type, password, connected);
|
||||
|
||||
if (ret == -2) {
|
||||
if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
|
||||
@@ -3983,14 +3982,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
|
||||
_("Graphics password only supported for VNC"));
|
||||
ret = -1;
|
||||
} else {
|
||||
ret = qemuMonitorSetVNCPassword(priv->mon,
|
||||
auth->passwd ? auth->passwd : defaultPasswd);
|
||||
ret = qemuMonitorSetVNCPassword(priv->mon, password);
|
||||
}
|
||||
}
|
||||
if (ret != 0)
|
||||
goto end_job;
|
||||
|
||||
if (auth->expires) {
|
||||
if (password[0] == '\0') {
|
||||
snprintf(expire_time, sizeof(expire_time), "now");
|
||||
} else if (auth->expires) {
|
||||
time_t lifetime = auth->validTo - now;
|
||||
if (lifetime <= 0)
|
||||
snprintf(expire_time, sizeof(expire_time), "now");
|
||||
|
@@ -538,10 +538,6 @@ remoteClientCloseFunc(virNetClientPtr client ATTRIBUTE_UNUSED,
|
||||
cbdata->freeCallback = NULL;
|
||||
}
|
||||
virObjectUnlock(cbdata);
|
||||
|
||||
/* free the connection reference that comes along with the callback
|
||||
* registration */
|
||||
virObjectUnref(cbdata->conn);
|
||||
}
|
||||
|
||||
/* helper macro to ease extraction of arguments from the URI */
|
||||
|
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
* storage_backend_fs.c: storage backend for FS and directory handling
|
||||
*
|
||||
* Copyright (C) 2007-2014 Red Hat, Inc.
|
||||
* Copyright (C) 2007-2015 Red Hat, Inc.
|
||||
* Copyright (C) 2007-2008 Daniel P. Berrange
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
@@ -1003,6 +1003,14 @@ virStorageBackendFileSystemVolCreate(virConnectPtr conn ATTRIBUTE_UNUSED,
|
||||
|
||||
vol->type = VIR_STORAGE_VOL_FILE;
|
||||
|
||||
/* Volumes within a directory pools are not recursive; do not
|
||||
* allow escape to ../ or a subdir */
|
||||
if (strchr(vol->name, '/')) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||
_("volume name '%s' cannot contain '/'"), vol->name);
|
||||
return -1;
|
||||
}
|
||||
|
||||
VIR_FREE(vol->target.path);
|
||||
if (virAsprintf(&vol->target.path, "%s/%s",
|
||||
pool->def->target.path,
|
||||
@@ -1149,7 +1157,8 @@ virStorageBackendFileSystemVolDelete(virConnectPtr conn ATTRIBUTE_UNUSED,
|
||||
|
||||
switch ((virStorageVolType) vol->type) {
|
||||
case VIR_STORAGE_VOL_FILE:
|
||||
if (unlink(vol->target.path) < 0) {
|
||||
if (virFileUnlink(vol->target.path, vol->target.perms->uid,
|
||||
vol->target.perms->gid) < 0) {
|
||||
/* Silently ignore failures where the vol has already gone away */
|
||||
if (errno != ENOENT) {
|
||||
virReportSystemError(errno,
|
||||
|
@@ -1734,8 +1734,12 @@ storageVolCreateXML(virStoragePoolPtr obj,
|
||||
}
|
||||
|
||||
if (backend->refreshVol &&
|
||||
backend->refreshVol(obj->conn, pool, voldef) < 0)
|
||||
backend->refreshVol(obj->conn, pool, voldef) < 0) {
|
||||
storageVolDeleteInternal(volobj, backend, pool, voldef,
|
||||
0, false);
|
||||
voldef = NULL;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Update pool metadata */
|
||||
pool->def->allocation += buildvoldef->target.allocation;
|
||||
|
@@ -2280,6 +2280,112 @@ virFileOpenAs(const char *path, int openflags, mode_t mode,
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/* virFileUnlink:
|
||||
* @path: file to unlink
|
||||
* @uid: uid that was used to create the file (not required)
|
||||
* @gid: gid that was used to create the file (not required)
|
||||
*
|
||||
* If a file/volume was created in an NFS root-squash environment,
|
||||
* then we must 'unlink' the file in the same environment. Unlike
|
||||
* the virFileOpenAs[Forked] and virDirCreate[NoFork], this code
|
||||
* takes no extra flags and does not bother with EACCES failures
|
||||
* from the child.
|
||||
*/
|
||||
int
|
||||
virFileUnlink(const char *path,
|
||||
uid_t uid,
|
||||
gid_t gid)
|
||||
{
|
||||
pid_t pid;
|
||||
int waitret;
|
||||
int status, ret = 0;
|
||||
gid_t *groups;
|
||||
int ngroups;
|
||||
|
||||
/* If not running as root or if a non explicit uid/gid was being used for
|
||||
* the file/volume, then use unlink directly
|
||||
*/
|
||||
if ((geteuid() != 0) ||
|
||||
((uid == (uid_t) -1) && (gid == (gid_t) -1)))
|
||||
return unlink(path);
|
||||
|
||||
/* Otherwise, we have to deal with the NFS root-squash craziness
|
||||
* to run under the uid/gid that created the volume in order to
|
||||
* perform the unlink of the volume.
|
||||
*/
|
||||
if (uid == (uid_t) -1)
|
||||
uid = geteuid();
|
||||
if (gid == (gid_t) -1)
|
||||
gid = getegid();
|
||||
|
||||
ngroups = virGetGroupList(uid, gid, &groups);
|
||||
if (ngroups < 0)
|
||||
return -errno;
|
||||
|
||||
pid = virFork();
|
||||
|
||||
if (pid < 0) {
|
||||
ret = -errno;
|
||||
VIR_FREE(groups);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (pid) { /* parent */
|
||||
/* wait for child to complete, and retrieve its exit code */
|
||||
VIR_FREE(groups);
|
||||
|
||||
while ((waitret = waitpid(pid, &status, 0)) == -1 && errno == EINTR);
|
||||
if (waitret == -1) {
|
||||
ret = -errno;
|
||||
virReportSystemError(errno,
|
||||
_("failed to wait for child unlinking '%s'"),
|
||||
path);
|
||||
goto parenterror;
|
||||
}
|
||||
|
||||
/*
|
||||
* If waitpid succeeded, but if the child exited abnormally or
|
||||
* reported non-zero status, report failure
|
||||
*/
|
||||
if (!WIFEXITED(status) || (WEXITSTATUS(status)) != 0) {
|
||||
char *msg = virProcessTranslateStatus(status);
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
_("child failed to unlink '%s': %s"),
|
||||
path, msg);
|
||||
VIR_FREE(msg);
|
||||
if (WIFEXITED(status))
|
||||
ret = -WEXITSTATUS(status);
|
||||
else
|
||||
ret = -EACCES;
|
||||
}
|
||||
|
||||
parenterror:
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* child */
|
||||
|
||||
/* set desired uid/gid, then attempt to unlink the file */
|
||||
if (virSetUIDGID(uid, gid, groups, ngroups) < 0) {
|
||||
ret = errno;
|
||||
goto childerror;
|
||||
}
|
||||
|
||||
if (unlink(path) < 0) {
|
||||
ret = errno;
|
||||
goto childerror;
|
||||
}
|
||||
|
||||
childerror:
|
||||
if ((ret & 0xff) != ret) {
|
||||
VIR_WARN("unable to pass desired return value %d", ret);
|
||||
ret = 0xff;
|
||||
}
|
||||
_exit(ret);
|
||||
}
|
||||
|
||||
|
||||
/* return -errno on failure, or 0 on success */
|
||||
static int
|
||||
virDirCreateNoFork(const char *path,
|
||||
|
@@ -219,6 +219,7 @@ int virFileOpenAs(const char *path, int openflags, mode_t mode,
|
||||
uid_t uid, gid_t gid,
|
||||
unsigned int flags)
|
||||
ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;
|
||||
int virFileUnlink(const char *path, uid_t uid, gid_t gid);
|
||||
|
||||
enum {
|
||||
VIR_DIR_CREATE_NONE = 0,
|
||||
|
@@ -118,9 +118,6 @@ vshCommandOptDomainBy(vshControl *ctl, const vshCmd *cmd,
|
||||
const char *n = NULL;
|
||||
const char *optname = "domain";
|
||||
|
||||
if (!vshCmdHasOption(ctl, cmd, optname))
|
||||
return NULL;
|
||||
|
||||
if (vshCommandOptStringReq(ctl, cmd, optname, &n) < 0)
|
||||
return NULL;
|
||||
|
||||
|
@@ -53,8 +53,6 @@ vshCommandOptInterfaceBy(vshControl *ctl, const vshCmd *cmd,
|
||||
|
||||
if (!optname)
|
||||
optname = "interface";
|
||||
if (!vshCmdHasOption(ctl, cmd, optname))
|
||||
return NULL;
|
||||
|
||||
if (vshCommandOptStringReq(ctl, cmd, optname, &n) < 0)
|
||||
return NULL;
|
||||
|
@@ -47,9 +47,6 @@ vshCommandOptNetworkBy(vshControl *ctl, const vshCmd *cmd,
|
||||
const char *optname = "network";
|
||||
virCheckFlags(VSH_BYUUID | VSH_BYNAME, NULL);
|
||||
|
||||
if (!vshCmdHasOption(ctl, cmd, optname))
|
||||
return NULL;
|
||||
|
||||
if (vshCommandOptStringReq(ctl, cmd, optname, &n) < 0)
|
||||
return NULL;
|
||||
|
||||
|
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
* virsh-nwfilter.c: Commands to manage network filters
|
||||
*
|
||||
* Copyright (C) 2005, 2007-2014 Red Hat, Inc.
|
||||
* Copyright (C) 2005, 2007-2015 Red Hat, Inc.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
@@ -47,9 +47,6 @@ vshCommandOptNWFilterBy(vshControl *ctl, const vshCmd *cmd,
|
||||
const char *optname = "nwfilter";
|
||||
virCheckFlags(VSH_BYUUID | VSH_BYNAME, NULL);
|
||||
|
||||
if (!vshCmdHasOption(ctl, cmd, optname))
|
||||
return NULL;
|
||||
|
||||
if (vshCommandOptStringReq(ctl, cmd, optname, &n) < 0)
|
||||
return NULL;
|
||||
|
||||
|
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
* virsh-secret.c: Commands to manage secret
|
||||
*
|
||||
* Copyright (C) 2005, 2007-2014 Red Hat, Inc.
|
||||
* Copyright (C) 2005, 2007-2015 Red Hat, Inc.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
@@ -47,9 +47,6 @@ vshCommandOptSecret(vshControl *ctl, const vshCmd *cmd, const char **name)
|
||||
const char *n = NULL;
|
||||
const char *optname = "secret";
|
||||
|
||||
if (!vshCmdHasOption(ctl, cmd, optname))
|
||||
return NULL;
|
||||
|
||||
if (vshCommandOptStringReq(ctl, cmd, optname, &n) < 0)
|
||||
return NULL;
|
||||
|
||||
|
@@ -1870,29 +1870,6 @@ vshCommandOptArgv(const vshCmd *cmd, const vshCmdOpt *opt)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* Determine whether CMD->opts includes an option with name OPTNAME.
|
||||
If not, give a diagnostic and return false.
|
||||
If so, return true. */
|
||||
bool
|
||||
vshCmdHasOption(vshControl *ctl, const vshCmd *cmd, const char *optname)
|
||||
{
|
||||
/* Iterate through cmd->opts, to ensure that there is an entry
|
||||
with name OPTNAME and type VSH_OT_DATA. */
|
||||
bool found = false;
|
||||
const vshCmdOpt *opt;
|
||||
for (opt = cmd->opts; opt; opt = opt->next) {
|
||||
if (STREQ(opt->def->name, optname) && opt->def->type == VSH_OT_DATA) {
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!found)
|
||||
vshError(ctl, _("internal error: virsh %s: no %s VSH_OT_DATA option"),
|
||||
cmd->def->name, optname);
|
||||
return found;
|
||||
}
|
||||
|
||||
/* Parse an optional --timeout parameter in seconds, but store the
|
||||
* value of the timeout in milliseconds. Return -1 on error, 0 if
|
||||
* no timeout was requested, and 1 if timeout was set. */
|
||||
|
@@ -319,8 +319,6 @@ int vshCommandOptScaledInt(const vshCmd *cmd, const char *name,
|
||||
bool vshCommandOptBool(const vshCmd *cmd, const char *name);
|
||||
const vshCmdOpt *vshCommandOptArgv(const vshCmd *cmd,
|
||||
const vshCmdOpt *opt);
|
||||
bool vshCmdHasOption(vshControl *ctl, const vshCmd *cmd, const char *optname);
|
||||
|
||||
int vshCommandOptTimeoutToMs(vshControl *ctl, const vshCmd *cmd, int *timeout);
|
||||
|
||||
/* Filter flags for various vshCommandOpt*By() functions */
|
||||
|
Reference in New Issue
Block a user