Compare commits
27 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Laine Stump
|
40080a09a5 | ||
|
Laine Stump
|
05aa1933ee | ||
|
Peter Robinson
|
6051cec412 | ||
|
Laine Stump
|
84c34151e4 | ||
|
Laine Stump
|
2915aa73af | ||
|
Daniel Veillard
|
dedb223721 | ||
|
Daniel P. Berrange
|
2243a44969 | ||
|
Daniel Veillard
|
95a9c60969 | ||
|
Dennis Gilmore
|
d29644418d | ||
|
Daniel Veillard
|
ed9e426b26 | ||
|
Daniel Veillard
|
659febf9ff | ||
|
Daniel Veillard
|
fca1fccfad | ||
|
Jesse Keating
|
f713d63bab | ||
|
Dan Horák
|
5a45e466cf | ||
|
Daniel Veillard
|
742b24eb23 | ||
|
Daniel P. Berrange
|
03369d2383 | ||
|
Daniel P. Berrange
|
2605d662e0 | ||
|
Daniel P. Berrange
|
e8394ab5b5 | ||
|
Fedora Release Engineering
|
8ad156a5c2 | ||
|
dmalcolm
|
f2d6fb6239 | ||
|
Daniel P. Berrange
|
e3a592c38d | ||
|
Daniel Veillard
|
7e99819dda | ||
|
Daniel Veillard
|
a160d7f98d | ||
|
Daniel Veillard
|
36cab842e8 | ||
|
Richard W.M. Jones
|
7b7b86e327 | ||
|
Cole Robinson
|
f4bfe638b6 | ||
|
Daniel Veillard
|
0e9d242f05 |
@@ -3,3 +3,6 @@
|
||||
i686
|
||||
x86_64
|
||||
libvirt-*.tar.gz
|
||||
/libvirt-0.8.4.tar.gz
|
||||
/libvirt-0.8.5.tar.gz
|
||||
/libvirt-0.8.7.tar.gz
|
||||
|
||||
@@ -1,356 +0,0 @@
|
||||
From 953440bd12608a20007ee5da5ab69fbbe910bd28 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Mon, 14 Jun 2010 15:53:59 +0100
|
||||
Subject: [PATCH 01/11] Extract the backing store format as well as name, if available
|
||||
|
||||
When QEMU opens a backing store for a QCow2 file, it will
|
||||
normally auto-probe for the format of the backing store,
|
||||
rather than assuming it has the same format as the referencing
|
||||
file. There is a QCow2 extension that allows an explicit format
|
||||
for the backing store to be embedded in the referencing file.
|
||||
This closes the auto-probing security hole in QEMU.
|
||||
|
||||
This backing store format can be useful for libvirt users
|
||||
of virStorageFileGetMetadata, so extract this data and report
|
||||
it.
|
||||
|
||||
QEMU does not require disk image backing store files to be in
|
||||
the same format the file linkee. It will auto-probe the disk
|
||||
format for the backing store when opening it. If the backing
|
||||
store was intended to be a raw file this could be a security
|
||||
hole, because a guest may have written data into its disk that
|
||||
then makes the backing store look like a qcow2 file. If it can
|
||||
trick QEMU into thinking the raw file is a qcow2 file, it can
|
||||
access arbitrary files on the host by adding further backing
|
||||
store links.
|
||||
|
||||
To address this, callers of virStorageFileGetMeta need to be
|
||||
told of the backing store format. If no format is declared,
|
||||
they can make a decision whether to allow format probing or
|
||||
not.
|
||||
---
|
||||
src/util/storage_file.c | 206 +++++++++++++++++++++++++++++++++++++++++------
|
||||
src/util/storage_file.h | 2 +
|
||||
2 files changed, 183 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/src/util/storage_file.c b/src/util/storage_file.c
|
||||
index 0adea40..80f743e 100644
|
||||
--- a/src/util/storage_file.c
|
||||
+++ b/src/util/storage_file.c
|
||||
@@ -78,12 +78,33 @@ struct FileTypeInfo {
|
||||
int qcowCryptOffset; /* Byte offset from start of file
|
||||
* where to find encryption mode,
|
||||
* -1 if encryption is not used */
|
||||
- int (*getBackingStore)(char **res, const unsigned char *buf, size_t buf_size);
|
||||
+ int (*getBackingStore)(char **res, int *format,
|
||||
+ const unsigned char *buf, size_t buf_size);
|
||||
};
|
||||
|
||||
-static int cowGetBackingStore(char **, const unsigned char *, size_t);
|
||||
-static int qcowXGetBackingStore(char **, const unsigned char *, size_t);
|
||||
-static int vmdk4GetBackingStore(char **, const unsigned char *, size_t);
|
||||
+static int cowGetBackingStore(char **, int *,
|
||||
+ const unsigned char *, size_t);
|
||||
+static int qcow1GetBackingStore(char **, int *,
|
||||
+ const unsigned char *, size_t);
|
||||
+static int qcow2GetBackingStore(char **, int *,
|
||||
+ const unsigned char *, size_t);
|
||||
+static int vmdk4GetBackingStore(char **, int *,
|
||||
+ const unsigned char *, size_t);
|
||||
+
|
||||
+#define QCOWX_HDR_VERSION (4)
|
||||
+#define QCOWX_HDR_BACKING_FILE_OFFSET (QCOWX_HDR_VERSION+4)
|
||||
+#define QCOWX_HDR_BACKING_FILE_SIZE (QCOWX_HDR_BACKING_FILE_OFFSET+8)
|
||||
+#define QCOWX_HDR_IMAGE_SIZE (QCOWX_HDR_BACKING_FILE_SIZE+4+4)
|
||||
+
|
||||
+#define QCOW1_HDR_CRYPT (QCOWX_HDR_IMAGE_SIZE+8+1+1)
|
||||
+#define QCOW2_HDR_CRYPT (QCOWX_HDR_IMAGE_SIZE+8)
|
||||
+
|
||||
+#define QCOW1_HDR_TOTAL_SIZE (QCOW1_HDR_CRYPT+4+8)
|
||||
+#define QCOW2_HDR_TOTAL_SIZE (QCOW2_HDR_CRYPT+4+4+8+8+4+4+8)
|
||||
+
|
||||
+#define QCOW2_HDR_EXTENSION_END 0
|
||||
+#define QCOW2_HDR_EXTENSION_BACKING_FORMAT 0xE2792ACA
|
||||
+
|
||||
|
||||
|
||||
static struct FileTypeInfo const fileTypeInfo[] = {
|
||||
@@ -119,11 +140,11 @@ static struct FileTypeInfo const fileTypeInfo[] = {
|
||||
/* QCow */
|
||||
{ VIR_STORAGE_FILE_QCOW, "QFI", NULL,
|
||||
LV_BIG_ENDIAN, 4, 1,
|
||||
- 4+4+8+4+4, 8, 1, 4+4+8+4+4+8+1+1+2, qcowXGetBackingStore },
|
||||
+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore },
|
||||
/* QCow 2 */
|
||||
{ VIR_STORAGE_FILE_QCOW2, "QFI", NULL,
|
||||
LV_BIG_ENDIAN, 4, 2,
|
||||
- 4+4+8+4+4, 8, 1, 4+4+8+4+4+8, qcowXGetBackingStore },
|
||||
+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore },
|
||||
/* VMDK 3 */
|
||||
/* XXX Untested
|
||||
{ VIR_STORAGE_FILE_VMDK, "COWD", NULL,
|
||||
@@ -142,11 +163,14 @@ static struct FileTypeInfo const fileTypeInfo[] = {
|
||||
|
||||
static int
|
||||
cowGetBackingStore(char **res,
|
||||
+ int *format,
|
||||
const unsigned char *buf,
|
||||
size_t buf_size)
|
||||
{
|
||||
#define COW_FILENAME_MAXLEN 1024
|
||||
*res = NULL;
|
||||
+ *format = VIR_STORAGE_FILE_AUTO;
|
||||
+
|
||||
if (buf_size < 4+4+ COW_FILENAME_MAXLEN)
|
||||
return BACKING_STORE_INVALID;
|
||||
if (buf[4+4] == '\0') /* cow_header_v2.backing_file[0] */
|
||||
@@ -160,31 +184,98 @@ cowGetBackingStore(char **res,
|
||||
return BACKING_STORE_OK;
|
||||
}
|
||||
|
||||
+
|
||||
+static int
|
||||
+qcow2GetBackingStoreFormat(int *format,
|
||||
+ const unsigned char *buf,
|
||||
+ size_t buf_size,
|
||||
+ size_t extension_start,
|
||||
+ size_t extension_end)
|
||||
+{
|
||||
+ size_t offset = extension_start;
|
||||
+
|
||||
+ /*
|
||||
+ * The extensions take format of
|
||||
+ *
|
||||
+ * int32: magic
|
||||
+ * int32: length
|
||||
+ * byte[length]: payload
|
||||
+ *
|
||||
+ * Unknown extensions can be ignored by skipping
|
||||
+ * over "length" bytes in the data stream.
|
||||
+ */
|
||||
+ while (offset < (buf_size-8) &&
|
||||
+ offset < (extension_end-8)) {
|
||||
+ unsigned int magic =
|
||||
+ (buf[offset] << 24) +
|
||||
+ (buf[offset+1] << 16) +
|
||||
+ (buf[offset+2] << 8) +
|
||||
+ (buf[offset+3]);
|
||||
+ unsigned int len =
|
||||
+ (buf[offset+4] << 24) +
|
||||
+ (buf[offset+5] << 16) +
|
||||
+ (buf[offset+6] << 8) +
|
||||
+ (buf[offset+7]);
|
||||
+
|
||||
+ offset += 8;
|
||||
+
|
||||
+ if ((offset + len) < offset)
|
||||
+ break;
|
||||
+
|
||||
+ if ((offset + len) > buf_size)
|
||||
+ break;
|
||||
+
|
||||
+ switch (magic) {
|
||||
+ case QCOW2_HDR_EXTENSION_END:
|
||||
+ goto done;
|
||||
+
|
||||
+ case QCOW2_HDR_EXTENSION_BACKING_FORMAT:
|
||||
+ if (buf[offset+len] != '\0')
|
||||
+ break;
|
||||
+ *format = virStorageFileFormatTypeFromString(
|
||||
+ ((const char *)buf)+offset);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ offset += len;
|
||||
+ }
|
||||
+
|
||||
+done:
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
static int
|
||||
qcowXGetBackingStore(char **res,
|
||||
+ int *format,
|
||||
const unsigned char *buf,
|
||||
- size_t buf_size)
|
||||
+ size_t buf_size,
|
||||
+ bool isQCow2)
|
||||
{
|
||||
unsigned long long offset;
|
||||
unsigned long size;
|
||||
|
||||
*res = NULL;
|
||||
- if (buf_size < 4+4+8+4)
|
||||
+ if (format)
|
||||
+ *format = VIR_STORAGE_FILE_AUTO;
|
||||
+
|
||||
+ if (buf_size < QCOWX_HDR_BACKING_FILE_OFFSET+8+4)
|
||||
return BACKING_STORE_INVALID;
|
||||
- offset = (((unsigned long long)buf[4+4] << 56)
|
||||
- | ((unsigned long long)buf[4+4+1] << 48)
|
||||
- | ((unsigned long long)buf[4+4+2] << 40)
|
||||
- | ((unsigned long long)buf[4+4+3] << 32)
|
||||
- | ((unsigned long long)buf[4+4+4] << 24)
|
||||
- | ((unsigned long long)buf[4+4+5] << 16)
|
||||
- | ((unsigned long long)buf[4+4+6] << 8)
|
||||
- | buf[4+4+7]); /* QCowHeader.backing_file_offset */
|
||||
+ offset = (((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET] << 56)
|
||||
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+1] << 48)
|
||||
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+2] << 40)
|
||||
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+3] << 32)
|
||||
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+4] << 24)
|
||||
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+5] << 16)
|
||||
+ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+6] << 8)
|
||||
+ | buf[QCOWX_HDR_BACKING_FILE_OFFSET+7]); /* QCowHeader.backing_file_offset */
|
||||
if (offset > buf_size)
|
||||
return BACKING_STORE_INVALID;
|
||||
- size = ((buf[4+4+8] << 24)
|
||||
- | (buf[4+4+8+1] << 16)
|
||||
- | (buf[4+4+8+2] << 8)
|
||||
- | buf[4+4+8+3]); /* QCowHeader.backing_file_size */
|
||||
+ size = ((buf[QCOWX_HDR_BACKING_FILE_SIZE] << 24)
|
||||
+ | (buf[QCOWX_HDR_BACKING_FILE_SIZE+1] << 16)
|
||||
+ | (buf[QCOWX_HDR_BACKING_FILE_SIZE+2] << 8)
|
||||
+ | buf[QCOWX_HDR_BACKING_FILE_SIZE+3]); /* QCowHeader.backing_file_size */
|
||||
if (size == 0)
|
||||
return BACKING_STORE_OK;
|
||||
if (offset + size > buf_size || offset + size < offset)
|
||||
@@ -197,12 +288,63 @@ qcowXGetBackingStore(char **res,
|
||||
}
|
||||
memcpy(*res, buf + offset, size);
|
||||
(*res)[size] = '\0';
|
||||
+
|
||||
+ /*
|
||||
+ * Traditionally QCow2 files had a layout of
|
||||
+ *
|
||||
+ * [header]
|
||||
+ * [backingStoreName]
|
||||
+ *
|
||||
+ * Although the backingStoreName typically followed
|
||||
+ * the header immediately, this was not required by
|
||||
+ * the format. By specifying a higher byte offset for
|
||||
+ * the backing file offset in the header, it was
|
||||
+ * possible to leave space between the header and
|
||||
+ * start of backingStore.
|
||||
+ *
|
||||
+ * This hack is now used to store extensions to the
|
||||
+ * qcow2 format:
|
||||
+ *
|
||||
+ * [header]
|
||||
+ * [extensions]
|
||||
+ * [backingStoreName]
|
||||
+ *
|
||||
+ * Thus the file region to search for extensions is
|
||||
+ * between the end of the header (QCOW2_HDR_TOTAL_SIZE)
|
||||
+ * and the start of the backingStoreName (offset)
|
||||
+ */
|
||||
+ if (isQCow2)
|
||||
+ qcow2GetBackingStoreFormat(format, buf, buf_size, QCOW2_HDR_TOTAL_SIZE, offset);
|
||||
+
|
||||
return BACKING_STORE_OK;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
+qcow1GetBackingStore(char **res,
|
||||
+ int *format,
|
||||
+ const unsigned char *buf,
|
||||
+ size_t buf_size)
|
||||
+{
|
||||
+ /* QCow1 doesn't have the extensions capability
|
||||
+ * used to store backing format */
|
||||
+ *format = VIR_STORAGE_FILE_AUTO;
|
||||
+ return qcowXGetBackingStore(res, NULL, buf, buf_size, false);
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+qcow2GetBackingStore(char **res,
|
||||
+ int *format,
|
||||
+ const unsigned char *buf,
|
||||
+ size_t buf_size)
|
||||
+{
|
||||
+ return qcowXGetBackingStore(res, format, buf, buf_size, true);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static int
|
||||
vmdk4GetBackingStore(char **res,
|
||||
+ int *format,
|
||||
const unsigned char *buf,
|
||||
size_t buf_size)
|
||||
{
|
||||
@@ -212,6 +354,14 @@ vmdk4GetBackingStore(char **res,
|
||||
size_t len;
|
||||
|
||||
*res = NULL;
|
||||
+ /*
|
||||
+ * Technically this should have been VMDK, since
|
||||
+ * VMDK spec / VMWare impl only support VMDK backed
|
||||
+ * by VMDK. QEMU isn't following this though and
|
||||
+ * does probing on VMDK backing files, hence we set
|
||||
+ * AUTO
|
||||
+ */
|
||||
+ *format = VIR_STORAGE_FILE_AUTO;
|
||||
|
||||
if (buf_size <= 0x200)
|
||||
return BACKING_STORE_INVALID;
|
||||
@@ -358,9 +508,12 @@ virStorageFileGetMetadataFromFD(const char *path,
|
||||
/* Validation passed, we know the file format now */
|
||||
meta->format = fileTypeInfo[i].type;
|
||||
if (fileTypeInfo[i].getBackingStore != NULL) {
|
||||
- char *base;
|
||||
+ char *backing;
|
||||
+ int backingFormat;
|
||||
|
||||
- switch (fileTypeInfo[i].getBackingStore(&base, head, len)) {
|
||||
+ switch (fileTypeInfo[i].getBackingStore(&backing,
|
||||
+ &backingFormat,
|
||||
+ head, len)) {
|
||||
case BACKING_STORE_OK:
|
||||
break;
|
||||
|
||||
@@ -370,13 +523,16 @@ virStorageFileGetMetadataFromFD(const char *path,
|
||||
case BACKING_STORE_ERROR:
|
||||
return -1;
|
||||
}
|
||||
- if (base != NULL) {
|
||||
- meta->backingStore = absolutePathFromBaseFile(path, base);
|
||||
- VIR_FREE(base);
|
||||
+ if (backing != NULL) {
|
||||
+ meta->backingStore = absolutePathFromBaseFile(path, backing);
|
||||
+ VIR_FREE(backing);
|
||||
if (meta->backingStore == NULL) {
|
||||
virReportOOMError();
|
||||
return -1;
|
||||
}
|
||||
+ meta->backingStoreFormat = backingFormat;
|
||||
+ } else {
|
||||
+ meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
diff --git a/src/util/storage_file.h b/src/util/storage_file.h
|
||||
index 58533ee..6328ba7 100644
|
||||
--- a/src/util/storage_file.h
|
||||
+++ b/src/util/storage_file.h
|
||||
@@ -28,6 +28,7 @@
|
||||
# include <stdbool.h>
|
||||
|
||||
enum virStorageFileFormat {
|
||||
+ VIR_STORAGE_FILE_AUTO = -1,
|
||||
VIR_STORAGE_FILE_RAW = 0,
|
||||
VIR_STORAGE_FILE_DIR,
|
||||
VIR_STORAGE_FILE_BOCHS,
|
||||
@@ -47,6 +48,7 @@ VIR_ENUM_DECL(virStorageFileFormat);
|
||||
typedef struct _virStorageFileMetadata {
|
||||
int format;
|
||||
char *backingStore;
|
||||
+ int backingStoreFormat;
|
||||
unsigned long long capacity;
|
||||
bool encrypted;
|
||||
} virStorageFileMetadata;
|
||||
--
|
||||
1.7.1.1
|
||||
|
||||
@@ -1,159 +0,0 @@
|
||||
From cab428b1d4d432965cee6f5afb67265557706715 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Mon, 14 Jun 2010 16:39:32 +0100
|
||||
Subject: [PATCH 02/11] Remove 'type' field from FileTypeInfo struct
|
||||
|
||||
Instead of including a field in FileTypeInfo struct for the
|
||||
disk format, rely on the array index matching the format.
|
||||
Use verify() to assert the correct number of elements in the
|
||||
array.
|
||||
|
||||
* src/util/storage_file.c: remove type field from FileTypeInfo
|
||||
---
|
||||
src/util/storage_file.c | 108 +++++++++++++++++++++++-----------------------
|
||||
1 files changed, 54 insertions(+), 54 deletions(-)
|
||||
|
||||
diff --git a/src/util/storage_file.c b/src/util/storage_file.c
|
||||
index 80f743e..df0e3a1 100644
|
||||
--- a/src/util/storage_file.c
|
||||
+++ b/src/util/storage_file.c
|
||||
@@ -58,7 +58,6 @@ enum {
|
||||
|
||||
/* Either 'magic' or 'extension' *must* be provided */
|
||||
struct FileTypeInfo {
|
||||
- int type; /* One of the constants above */
|
||||
const char *magic; /* Optional string of file magic
|
||||
* to check at head of file */
|
||||
const char *extension; /* Optional file extension to check */
|
||||
@@ -108,58 +107,59 @@ static int vmdk4GetBackingStore(char **, int *,
|
||||
|
||||
|
||||
static struct FileTypeInfo const fileTypeInfo[] = {
|
||||
- /* Bochs */
|
||||
- /* XXX Untested
|
||||
- { VIR_STORAGE_FILE_BOCHS, "Bochs Virtual HD Image", NULL,
|
||||
- LV_LITTLE_ENDIAN, 64, 0x20000,
|
||||
- 32+16+16+4+4+4+4+4, 8, 1, -1, NULL },*/
|
||||
- /* CLoop */
|
||||
- /* XXX Untested
|
||||
- { VIR_STORAGE_VOL_CLOOP, "#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1\n", NULL,
|
||||
- LV_LITTLE_ENDIAN, -1, 0,
|
||||
- -1, 0, 0, -1, NULL }, */
|
||||
- /* Cow */
|
||||
- { VIR_STORAGE_FILE_COW, "OOOM", NULL,
|
||||
- LV_BIG_ENDIAN, 4, 2,
|
||||
- 4+4+1024+4, 8, 1, -1, cowGetBackingStore },
|
||||
- /* DMG */
|
||||
- /* XXX QEMU says there's no magic for dmg, but we should check... */
|
||||
- { VIR_STORAGE_FILE_DMG, NULL, ".dmg",
|
||||
- 0, -1, 0,
|
||||
- -1, 0, 0, -1, NULL },
|
||||
- /* XXX there's probably some magic for iso we can validate too... */
|
||||
- { VIR_STORAGE_FILE_ISO, NULL, ".iso",
|
||||
- 0, -1, 0,
|
||||
- -1, 0, 0, -1, NULL },
|
||||
- /* Parallels */
|
||||
- /* XXX Untested
|
||||
- { VIR_STORAGE_FILE_PARALLELS, "WithoutFreeSpace", NULL,
|
||||
- LV_LITTLE_ENDIAN, 16, 2,
|
||||
- 16+4+4+4+4, 4, 512, -1, NULL },
|
||||
- */
|
||||
- /* QCow */
|
||||
- { VIR_STORAGE_FILE_QCOW, "QFI", NULL,
|
||||
- LV_BIG_ENDIAN, 4, 1,
|
||||
- QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore },
|
||||
- /* QCow 2 */
|
||||
- { VIR_STORAGE_FILE_QCOW2, "QFI", NULL,
|
||||
- LV_BIG_ENDIAN, 4, 2,
|
||||
- QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore },
|
||||
- /* VMDK 3 */
|
||||
- /* XXX Untested
|
||||
- { VIR_STORAGE_FILE_VMDK, "COWD", NULL,
|
||||
- LV_LITTLE_ENDIAN, 4, 1,
|
||||
- 4+4+4, 4, 512, -1, NULL },
|
||||
- */
|
||||
- /* VMDK 4 */
|
||||
- { VIR_STORAGE_FILE_VMDK, "KDMV", NULL,
|
||||
- LV_LITTLE_ENDIAN, 4, 1,
|
||||
- 4+4+4, 8, 512, -1, vmdk4GetBackingStore },
|
||||
- /* Connectix / VirtualPC */
|
||||
- { VIR_STORAGE_FILE_VPC, "conectix", NULL,
|
||||
- LV_BIG_ENDIAN, 12, 0x10000,
|
||||
- 8 + 4 + 4 + 8 + 4 + 4 + 2 + 2 + 4, 8, 1, -1, NULL},
|
||||
+ [VIR_STORAGE_FILE_RAW] = { NULL, NULL, LV_LITTLE_ENDIAN, -1, 0, 0, 0, 0, 0, NULL },
|
||||
+ [VIR_STORAGE_FILE_DIR] = { NULL, NULL, LV_LITTLE_ENDIAN, -1, 0, 0, 0, 0, 0, NULL },
|
||||
+ [VIR_STORAGE_FILE_BOCHS] = {
|
||||
+ /*"Bochs Virtual HD Image", */ /* Untested */ NULL,
|
||||
+ NULL,
|
||||
+ LV_LITTLE_ENDIAN, 64, 0x20000,
|
||||
+ 32+16+16+4+4+4+4+4, 8, 1, -1, NULL
|
||||
+ },
|
||||
+ [VIR_STORAGE_FILE_CLOOP] = {
|
||||
+ /*"#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1\n", */ /* Untested */ NULL,
|
||||
+ NULL,
|
||||
+ LV_LITTLE_ENDIAN, -1, 0,
|
||||
+ -1, 0, 0, -1, NULL
|
||||
+ },
|
||||
+ [VIR_STORAGE_FILE_COW] = {
|
||||
+ "OOOM", NULL,
|
||||
+ LV_BIG_ENDIAN, 4, 2,
|
||||
+ 4+4+1024+4, 8, 1, -1, cowGetBackingStore
|
||||
+ },
|
||||
+ [VIR_STORAGE_FILE_DMG] = {
|
||||
+ NULL, /* XXX QEMU says there's no magic for dmg, but we should check... */
|
||||
+ ".dmg",
|
||||
+ 0, -1, 0,
|
||||
+ -1, 0, 0, -1, NULL
|
||||
+ },
|
||||
+ [VIR_STORAGE_FILE_ISO] = {
|
||||
+ NULL, /* XXX there's probably some magic for iso we can validate too... */
|
||||
+ ".iso",
|
||||
+ 0, -1, 0,
|
||||
+ -1, 0, 0, -1, NULL
|
||||
+ },
|
||||
+ [VIR_STORAGE_FILE_QCOW] = {
|
||||
+ "QFI", NULL,
|
||||
+ LV_BIG_ENDIAN, 4, 1,
|
||||
+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW1_HDR_CRYPT, qcow1GetBackingStore,
|
||||
+ },
|
||||
+ [VIR_STORAGE_FILE_QCOW2] = {
|
||||
+ "QFI", NULL,
|
||||
+ LV_BIG_ENDIAN, 4, 2,
|
||||
+ QCOWX_HDR_IMAGE_SIZE, 8, 1, QCOW2_HDR_CRYPT, qcow2GetBackingStore,
|
||||
+ },
|
||||
+ [VIR_STORAGE_FILE_VMDK] = {
|
||||
+ "KDMV", NULL,
|
||||
+ LV_LITTLE_ENDIAN, 4, 1,
|
||||
+ 4+4+4, 8, 512, -1, vmdk4GetBackingStore
|
||||
+ },
|
||||
+ [VIR_STORAGE_FILE_VPC] = {
|
||||
+ "conectix", NULL,
|
||||
+ LV_BIG_ENDIAN, 12, 0x10000,
|
||||
+ 8 + 4 + 4 + 8 + 4 + 4 + 2 + 2 + 4, 8, 1, -1, NULL
|
||||
+ },
|
||||
};
|
||||
+verify(ARRAY_CARDINALITY(fileTypeInfo) == VIR_STORAGE_FILE_LAST);
|
||||
|
||||
static int
|
||||
cowGetBackingStore(char **res,
|
||||
@@ -506,7 +506,7 @@ virStorageFileGetMetadataFromFD(const char *path,
|
||||
}
|
||||
|
||||
/* Validation passed, we know the file format now */
|
||||
- meta->format = fileTypeInfo[i].type;
|
||||
+ meta->format = i;
|
||||
if (fileTypeInfo[i].getBackingStore != NULL) {
|
||||
char *backing;
|
||||
int backingFormat;
|
||||
@@ -546,7 +546,7 @@ virStorageFileGetMetadataFromFD(const char *path,
|
||||
if (!virFileHasSuffix(path, fileTypeInfo[i].extension))
|
||||
continue;
|
||||
|
||||
- meta->format = fileTypeInfo[i].type;
|
||||
+ meta->format = i;
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
1.7.1.1
|
||||
|
||||
@@ -1,585 +0,0 @@
|
||||
From 57482ca0be29e9e92e242c9acb577e0b770c01d1 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Tue, 15 Jun 2010 14:58:10 +0100
|
||||
Subject: [PATCH 03/11] Refactor virStorageFileGetMetadataFromFD to separate functionality
|
||||
|
||||
The virStorageFileGetMetadataFromFD did two jobs in one. First
|
||||
it probed for storage type, then it extracted metadata for the
|
||||
type. It is desirable to be able to separate these jobs, allowing
|
||||
probing without querying metadata, and querying metadata without
|
||||
probing.
|
||||
|
||||
To prepare for this, split out probing code into a new pair of
|
||||
methods
|
||||
|
||||
virStorageFileProbeFormatFromFD
|
||||
virStorageFileProbeFormat
|
||||
|
||||
* src/util/storage_file.c, src/util/storage_file.h,
|
||||
src/libvirt_private.syms: Introduce virStorageFileProbeFormat
|
||||
and virStorageFileProbeFormatFromFD
|
||||
---
|
||||
src/libvirt_private.syms | 2 +
|
||||
src/util/storage_file.c | 460 +++++++++++++++++++++++++++++++++-------------
|
||||
src/util/storage_file.h | 4 +
|
||||
3 files changed, 335 insertions(+), 131 deletions(-)
|
||||
|
||||
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
|
||||
index 778ceb1..4607f49 100644
|
||||
--- a/src/libvirt_private.syms
|
||||
+++ b/src/libvirt_private.syms
|
||||
@@ -628,6 +628,8 @@ virStorageGenerateQcowPassphrase;
|
||||
# storage_file.h
|
||||
virStorageFileFormatTypeToString;
|
||||
virStorageFileFormatTypeFromString;
|
||||
+virStorageFileProbeFormat;
|
||||
+virStorageFileProbeFormatFromFD;
|
||||
virStorageFileGetMetadata;
|
||||
virStorageFileGetMetadataFromFD;
|
||||
virStorageFileIsSharedFS;
|
||||
diff --git a/src/util/storage_file.c b/src/util/storage_file.c
|
||||
index df0e3a1..221268b 100644
|
||||
--- a/src/util/storage_file.c
|
||||
+++ b/src/util/storage_file.c
|
||||
@@ -104,6 +104,9 @@ static int vmdk4GetBackingStore(char **, int *,
|
||||
#define QCOW2_HDR_EXTENSION_END 0
|
||||
#define QCOW2_HDR_EXTENSION_BACKING_FORMAT 0xE2792ACA
|
||||
|
||||
+/* VMDK needs at least this to find backing store,
|
||||
+ * other formats are less */
|
||||
+#define STORAGE_MAX_HEAD (20*512)
|
||||
|
||||
|
||||
static struct FileTypeInfo const fileTypeInfo[] = {
|
||||
@@ -349,9 +352,14 @@ vmdk4GetBackingStore(char **res,
|
||||
size_t buf_size)
|
||||
{
|
||||
static const char prefix[] = "parentFileNameHint=\"";
|
||||
-
|
||||
- char desc[20*512 + 1], *start, *end;
|
||||
+ char *desc, *start, *end;
|
||||
size_t len;
|
||||
+ int ret = BACKING_STORE_ERROR;
|
||||
+
|
||||
+ if (VIR_ALLOC_N(desc, STORAGE_MAX_HEAD + 1) < 0) {
|
||||
+ virReportOOMError();
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
|
||||
*res = NULL;
|
||||
/*
|
||||
@@ -363,29 +371,42 @@ vmdk4GetBackingStore(char **res,
|
||||
*/
|
||||
*format = VIR_STORAGE_FILE_AUTO;
|
||||
|
||||
- if (buf_size <= 0x200)
|
||||
- return BACKING_STORE_INVALID;
|
||||
+ if (buf_size <= 0x200) {
|
||||
+ ret = BACKING_STORE_INVALID;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
len = buf_size - 0x200;
|
||||
- if (len > sizeof(desc) - 1)
|
||||
- len = sizeof(desc) - 1;
|
||||
+ if (len > STORAGE_MAX_HEAD)
|
||||
+ len = STORAGE_MAX_HEAD;
|
||||
memcpy(desc, buf + 0x200, len);
|
||||
desc[len] = '\0';
|
||||
start = strstr(desc, prefix);
|
||||
- if (start == NULL)
|
||||
- return BACKING_STORE_OK;
|
||||
+ if (start == NULL) {
|
||||
+ ret = BACKING_STORE_OK;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
start += strlen(prefix);
|
||||
end = strchr(start, '"');
|
||||
- if (end == NULL)
|
||||
- return BACKING_STORE_INVALID;
|
||||
- if (end == start)
|
||||
- return BACKING_STORE_OK;
|
||||
+ if (end == NULL) {
|
||||
+ ret = BACKING_STORE_INVALID;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ if (end == start) {
|
||||
+ ret = BACKING_STORE_OK;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
*end = '\0';
|
||||
*res = strdup(start);
|
||||
if (*res == NULL) {
|
||||
virReportOOMError();
|
||||
- return BACKING_STORE_ERROR;
|
||||
+ goto cleanup;
|
||||
}
|
||||
- return BACKING_STORE_OK;
|
||||
+
|
||||
+ ret = BACKING_STORE_OK;
|
||||
+
|
||||
+cleanup:
|
||||
+ VIR_FREE(desc);
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -411,148 +432,325 @@ absolutePathFromBaseFile(const char *base_file, const char *path)
|
||||
return res;
|
||||
}
|
||||
|
||||
-/**
|
||||
- * Probe the header of a file to determine what type of disk image
|
||||
- * it is, and info about its capacity if available.
|
||||
- */
|
||||
-int
|
||||
-virStorageFileGetMetadataFromFD(const char *path,
|
||||
- int fd,
|
||||
- virStorageFileMetadata *meta)
|
||||
+
|
||||
+static bool
|
||||
+virStorageFileMatchesMagic(int format,
|
||||
+ unsigned char *buf,
|
||||
+ size_t buflen)
|
||||
{
|
||||
- unsigned char head[20*512]; /* vmdk4GetBackingStore needs this much. */
|
||||
- int len, i;
|
||||
+ int mlen;
|
||||
|
||||
- memset(meta, 0, sizeof (*meta));
|
||||
+ if (fileTypeInfo[format].magic == NULL)
|
||||
+ return false;
|
||||
|
||||
- /* If all else fails, call it a raw file */
|
||||
- meta->format = VIR_STORAGE_FILE_RAW;
|
||||
+ /* Validate magic data */
|
||||
+ mlen = strlen(fileTypeInfo[format].magic);
|
||||
+ if (mlen > buflen)
|
||||
+ return false;
|
||||
|
||||
- if ((len = read(fd, head, sizeof(head))) < 0) {
|
||||
- virReportSystemError(errno, _("cannot read header '%s'"), path);
|
||||
- return -1;
|
||||
+ if (memcmp(buf, fileTypeInfo[format].magic, mlen) != 0)
|
||||
+ return false;
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static bool
|
||||
+virStorageFileMatchesExtension(int format,
|
||||
+ const char *path)
|
||||
+{
|
||||
+ if (fileTypeInfo[format].extension == NULL)
|
||||
+ return false;
|
||||
+
|
||||
+ if (virFileHasSuffix(path, fileTypeInfo[format].extension))
|
||||
+ return true;
|
||||
+
|
||||
+ return false;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static bool
|
||||
+virStorageFileMatchesVersion(int format,
|
||||
+ unsigned char *buf,
|
||||
+ size_t buflen)
|
||||
+{
|
||||
+ int version;
|
||||
+
|
||||
+ /* Validate version number info */
|
||||
+ if (fileTypeInfo[format].versionOffset == -1)
|
||||
+ return false;
|
||||
+
|
||||
+ if ((fileTypeInfo[format].versionOffset + 4) > buflen)
|
||||
+ return false;
|
||||
+
|
||||
+ if (fileTypeInfo[format].endian == LV_LITTLE_ENDIAN) {
|
||||
+ version =
|
||||
+ (buf[fileTypeInfo[format].versionOffset+3] << 24) |
|
||||
+ (buf[fileTypeInfo[format].versionOffset+2] << 16) |
|
||||
+ (buf[fileTypeInfo[format].versionOffset+1] << 8) |
|
||||
+ (buf[fileTypeInfo[format].versionOffset]);
|
||||
+ } else {
|
||||
+ version =
|
||||
+ (buf[fileTypeInfo[format].versionOffset] << 24) |
|
||||
+ (buf[fileTypeInfo[format].versionOffset+1] << 16) |
|
||||
+ (buf[fileTypeInfo[format].versionOffset+2] << 8) |
|
||||
+ (buf[fileTypeInfo[format].versionOffset+3]);
|
||||
}
|
||||
+ if (version != fileTypeInfo[format].versionNumber)
|
||||
+ return false;
|
||||
|
||||
- /* First check file magic */
|
||||
- for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) {
|
||||
- int mlen;
|
||||
-
|
||||
- if (fileTypeInfo[i].magic == NULL)
|
||||
- continue;
|
||||
-
|
||||
- /* Validate magic data */
|
||||
- mlen = strlen(fileTypeInfo[i].magic);
|
||||
- if (mlen > len)
|
||||
- continue;
|
||||
- if (memcmp(head, fileTypeInfo[i].magic, mlen) != 0)
|
||||
- continue;
|
||||
-
|
||||
- /* Validate version number info */
|
||||
- if (fileTypeInfo[i].versionNumber != -1) {
|
||||
- int version;
|
||||
-
|
||||
- if (fileTypeInfo[i].endian == LV_LITTLE_ENDIAN) {
|
||||
- version = (head[fileTypeInfo[i].versionOffset+3] << 24) |
|
||||
- (head[fileTypeInfo[i].versionOffset+2] << 16) |
|
||||
- (head[fileTypeInfo[i].versionOffset+1] << 8) |
|
||||
- head[fileTypeInfo[i].versionOffset];
|
||||
- } else {
|
||||
- version = (head[fileTypeInfo[i].versionOffset] << 24) |
|
||||
- (head[fileTypeInfo[i].versionOffset+1] << 16) |
|
||||
- (head[fileTypeInfo[i].versionOffset+2] << 8) |
|
||||
- head[fileTypeInfo[i].versionOffset+3];
|
||||
- }
|
||||
- if (version != fileTypeInfo[i].versionNumber)
|
||||
- continue;
|
||||
- }
|
||||
+ return true;
|
||||
+}
|
||||
|
||||
- /* Optionally extract capacity from file */
|
||||
- if (fileTypeInfo[i].sizeOffset != -1) {
|
||||
- if (fileTypeInfo[i].endian == LV_LITTLE_ENDIAN) {
|
||||
- meta->capacity =
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+7] << 56) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+6] << 48) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+5] << 40) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+4] << 32) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+3] << 24) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+2] << 16) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+1] << 8) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset]);
|
||||
- } else {
|
||||
- meta->capacity =
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset] << 56) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+1] << 48) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+2] << 40) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+3] << 32) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+4] << 24) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+5] << 16) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+6] << 8) |
|
||||
- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+7]);
|
||||
- }
|
||||
- /* Avoid unlikely, but theoretically possible overflow */
|
||||
- if (meta->capacity > (ULLONG_MAX / fileTypeInfo[i].sizeMultiplier))
|
||||
- continue;
|
||||
- meta->capacity *= fileTypeInfo[i].sizeMultiplier;
|
||||
- }
|
||||
|
||||
- if (fileTypeInfo[i].qcowCryptOffset != -1) {
|
||||
- int crypt_format;
|
||||
+static int
|
||||
+virStorageFileGetMetadataFromBuf(int format,
|
||||
+ const char *path,
|
||||
+ unsigned char *buf,
|
||||
+ size_t buflen,
|
||||
+ virStorageFileMetadata *meta)
|
||||
+{
|
||||
+ /* XXX we should consider moving virStorageBackendUpdateVolInfo
|
||||
+ * code into this method, for non-magic files
|
||||
+ */
|
||||
+ if (!fileTypeInfo[format].magic) {
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
- crypt_format = (head[fileTypeInfo[i].qcowCryptOffset] << 24) |
|
||||
- (head[fileTypeInfo[i].qcowCryptOffset+1] << 16) |
|
||||
- (head[fileTypeInfo[i].qcowCryptOffset+2] << 8) |
|
||||
- head[fileTypeInfo[i].qcowCryptOffset+3];
|
||||
- meta->encrypted = crypt_format != 0;
|
||||
+ /* Optionally extract capacity from file */
|
||||
+ if (fileTypeInfo[format].sizeOffset != -1) {
|
||||
+ if ((fileTypeInfo[format].sizeOffset + 8) > buflen)
|
||||
+ return 1;
|
||||
+
|
||||
+ if (fileTypeInfo[format].endian == LV_LITTLE_ENDIAN) {
|
||||
+ meta->capacity =
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+7] << 56) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+6] << 48) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+5] << 40) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+4] << 32) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+3] << 24) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+2] << 16) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+1] << 8) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset]);
|
||||
+ } else {
|
||||
+ meta->capacity =
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset] << 56) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+1] << 48) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+2] << 40) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+3] << 32) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+4] << 24) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+5] << 16) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+6] << 8) |
|
||||
+ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+7]);
|
||||
}
|
||||
+ /* Avoid unlikely, but theoretically possible overflow */
|
||||
+ if (meta->capacity > (ULLONG_MAX / fileTypeInfo[format].sizeMultiplier))
|
||||
+ return 1;
|
||||
+ meta->capacity *= fileTypeInfo[format].sizeMultiplier;
|
||||
+ }
|
||||
|
||||
- /* Validation passed, we know the file format now */
|
||||
- meta->format = i;
|
||||
- if (fileTypeInfo[i].getBackingStore != NULL) {
|
||||
- char *backing;
|
||||
- int backingFormat;
|
||||
+ if (fileTypeInfo[format].qcowCryptOffset != -1) {
|
||||
+ int crypt_format;
|
||||
|
||||
- switch (fileTypeInfo[i].getBackingStore(&backing,
|
||||
- &backingFormat,
|
||||
- head, len)) {
|
||||
- case BACKING_STORE_OK:
|
||||
- break;
|
||||
+ crypt_format =
|
||||
+ (buf[fileTypeInfo[format].qcowCryptOffset] << 24) |
|
||||
+ (buf[fileTypeInfo[format].qcowCryptOffset+1] << 16) |
|
||||
+ (buf[fileTypeInfo[format].qcowCryptOffset+2] << 8) |
|
||||
+ (buf[fileTypeInfo[format].qcowCryptOffset+3]);
|
||||
+ meta->encrypted = crypt_format != 0;
|
||||
+ }
|
||||
|
||||
- case BACKING_STORE_INVALID:
|
||||
- continue;
|
||||
+ if (fileTypeInfo[format].getBackingStore != NULL) {
|
||||
+ char *backing;
|
||||
+ int backingFormat;
|
||||
+ int ret = fileTypeInfo[format].getBackingStore(&backing,
|
||||
+ &backingFormat,
|
||||
+ buf, buflen);
|
||||
+ if (ret == BACKING_STORE_INVALID)
|
||||
+ return 1;
|
||||
+
|
||||
+ if (ret == BACKING_STORE_ERROR)
|
||||
+ return -1;
|
||||
|
||||
- case BACKING_STORE_ERROR:
|
||||
+ if (backing != NULL) {
|
||||
+ meta->backingStore = absolutePathFromBaseFile(path, backing);
|
||||
+ VIR_FREE(backing);
|
||||
+ if (meta->backingStore == NULL) {
|
||||
+ virReportOOMError();
|
||||
return -1;
|
||||
}
|
||||
- if (backing != NULL) {
|
||||
- meta->backingStore = absolutePathFromBaseFile(path, backing);
|
||||
- VIR_FREE(backing);
|
||||
- if (meta->backingStore == NULL) {
|
||||
- virReportOOMError();
|
||||
- return -1;
|
||||
- }
|
||||
- meta->backingStoreFormat = backingFormat;
|
||||
- } else {
|
||||
- meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO;
|
||||
- }
|
||||
+ meta->backingStoreFormat = backingFormat;
|
||||
+ } else {
|
||||
+ meta->backingStore = NULL;
|
||||
+ meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static int
|
||||
+virStorageFileProbeFormatFromBuf(const char *path,
|
||||
+ unsigned char *buf,
|
||||
+ size_t buflen)
|
||||
+{
|
||||
+ int format = VIR_STORAGE_FILE_RAW;
|
||||
+ int i;
|
||||
+
|
||||
+ /* First check file magic */
|
||||
+ for (i = 0 ; i < VIR_STORAGE_FILE_LAST ; i++) {
|
||||
+ if (virStorageFileMatchesMagic(i, buf, buflen) &&
|
||||
+ virStorageFileMatchesVersion(i, buf, buflen)) {
|
||||
+ format = i;
|
||||
+ goto cleanup;
|
||||
}
|
||||
- return 0;
|
||||
}
|
||||
|
||||
/* No magic, so check file extension */
|
||||
- for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) {
|
||||
- if (fileTypeInfo[i].extension == NULL)
|
||||
- continue;
|
||||
+ for (i = 0 ; i < VIR_STORAGE_FILE_LAST ; i++) {
|
||||
+ if (virStorageFileMatchesExtension(i, path)) {
|
||||
+ format = i;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
- if (!virFileHasSuffix(path, fileTypeInfo[i].extension))
|
||||
- continue;
|
||||
+cleanup:
|
||||
+ return format;
|
||||
+}
|
||||
|
||||
- meta->format = i;
|
||||
- return 0;
|
||||
+
|
||||
+/**
|
||||
+ * virStorageFileProbeFormatFromFD:
|
||||
+ *
|
||||
+ * Probe for the format of 'fd' (which is an open file descriptor
|
||||
+ * pointing to 'path'), returning the detected disk format.
|
||||
+ *
|
||||
+ * Callers are advised never to trust the returned 'format'
|
||||
+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
|
||||
+ * malicious guest can turn a file into any other non-raw
|
||||
+ * format at will.
|
||||
+ *
|
||||
+ * Best option: Don't use this function
|
||||
+ */
|
||||
+int
|
||||
+virStorageFileProbeFormatFromFD(const char *path, int fd)
|
||||
+{
|
||||
+ unsigned char *head;
|
||||
+ ssize_t len = STORAGE_MAX_HEAD;
|
||||
+ int ret = -1;
|
||||
+
|
||||
+ if (VIR_ALLOC_N(head, len) < 0) {
|
||||
+ virReportOOMError();
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
- return 0;
|
||||
+ if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
|
||||
+ virReportSystemError(errno, _("cannot set to start of '%s'"), path);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if ((len = read(fd, head, len)) < 0) {
|
||||
+ virReportSystemError(errno, _("cannot read header '%s'"), path);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ ret = virStorageFileProbeFormatFromBuf(path, head, len);
|
||||
+
|
||||
+cleanup:
|
||||
+ VIR_FREE(head);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/**
|
||||
+ * virStorageFileProbeFormat:
|
||||
+ *
|
||||
+ * Probe for the format of 'path', returning the detected
|
||||
+ * disk format.
|
||||
+ *
|
||||
+ * Callers are advised never to trust the returned 'format'
|
||||
+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
|
||||
+ * malicious guest can turn a raw file into any other non-raw
|
||||
+ * format at will.
|
||||
+ *
|
||||
+ * Best option: Don't use this function
|
||||
+ */
|
||||
+int
|
||||
+virStorageFileProbeFormat(const char *path)
|
||||
+{
|
||||
+ int fd, ret;
|
||||
+
|
||||
+ if ((fd = open(path, O_RDONLY)) < 0) {
|
||||
+ virReportSystemError(errno, _("cannot open file '%s'"), path);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ ret = virStorageFileProbeFormatFromFD(path, fd);
|
||||
+
|
||||
+ close(fd);
|
||||
+
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * virStorageFileGetMetadataFromFD:
|
||||
+ *
|
||||
+ * Probe for the format of 'fd' (which is an open file descriptor
|
||||
+ * for the file 'path'), filling 'meta' with the detected
|
||||
+ * format and other associated metadata.
|
||||
+ *
|
||||
+ * Callers are advised never to trust the returned 'meta->format'
|
||||
+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
|
||||
+ * malicious guest can turn a raw file into any other non-raw
|
||||
+ * format at will.
|
||||
+ */
|
||||
+int
|
||||
+virStorageFileGetMetadataFromFD(const char *path,
|
||||
+ int fd,
|
||||
+ virStorageFileMetadata *meta)
|
||||
+{
|
||||
+ unsigned char *head;
|
||||
+ ssize_t len = STORAGE_MAX_HEAD;
|
||||
+ int ret = -1;
|
||||
+
|
||||
+ if (VIR_ALLOC_N(head, len) < 0) {
|
||||
+ virReportOOMError();
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ memset(meta, 0, sizeof (*meta));
|
||||
+
|
||||
+ if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
|
||||
+ virReportSystemError(errno, _("cannot set to start of '%s'"), path);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if ((len = read(fd, head, len)) < 0) {
|
||||
+ virReportSystemError(errno, _("cannot read header '%s'"), path);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ meta->format = virStorageFileProbeFormatFromBuf(path, head, len);
|
||||
+
|
||||
+ ret = virStorageFileGetMetadataFromBuf(meta->format, path, head, len, meta);
|
||||
+
|
||||
+cleanup:
|
||||
+ VIR_FREE(head);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
+ * virStorageFileGetMetadata:
|
||||
+ *
|
||||
+ * Probe for the format of 'path', filling 'meta' with the detected
|
||||
+ * format and other associated metadata.
|
||||
+ *
|
||||
+ * Callers are advised never to trust the returned 'meta->format'
|
||||
+ * unless it is listed as VIR_STORAGE_FILE_RAW, since a
|
||||
+ * malicious guest can turn a raw file into any other non-raw
|
||||
+ * format at will.
|
||||
+ */
|
||||
int
|
||||
virStorageFileGetMetadata(const char *path,
|
||||
virStorageFileMetadata *meta)
|
||||
diff --git a/src/util/storage_file.h b/src/util/storage_file.h
|
||||
index 6328ba7..3420d44 100644
|
||||
--- a/src/util/storage_file.h
|
||||
+++ b/src/util/storage_file.h
|
||||
@@ -57,6 +57,10 @@ typedef struct _virStorageFileMetadata {
|
||||
# define DEV_BSIZE 512
|
||||
# endif
|
||||
|
||||
+int virStorageFileProbeFormat(const char *path);
|
||||
+int virStorageFileProbeFormatFromFD(const char *path,
|
||||
+ int fd);
|
||||
+
|
||||
int virStorageFileGetMetadata(const char *path,
|
||||
virStorageFileMetadata *meta);
|
||||
int virStorageFileGetMetadataFromFD(const char *path,
|
||||
--
|
||||
1.7.1.1
|
||||
|
||||
@@ -1,285 +0,0 @@
|
||||
From 726a63a437efd96510ce316bf30d16f213d4db27 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Tue, 15 Jun 2010 16:15:51 +0100
|
||||
Subject: [PATCH 04/11] Require format to be passed into virStorageFileGetMetadata
|
||||
|
||||
Require the disk image to be passed into virStorageFileGetMetadata.
|
||||
If this is set to VIR_STORAGE_FILE_AUTO, then the format will be
|
||||
resolved using probing. This makes it easier to control when
|
||||
probing will be used
|
||||
|
||||
* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
|
||||
src/security/security_selinux.c, src/security/virt-aa-helper.c:
|
||||
Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata.
|
||||
* src/storage/storage_backend_fs.c: Probe for disk format before
|
||||
calling virStorageFileGetMetadata.
|
||||
* src/util/storage_file.h, src/util/storage_file.c: Remove format
|
||||
from virStorageFileMeta struct & require it to be passed into
|
||||
method.
|
||||
---
|
||||
src/qemu/qemu_driver.c | 27 +++++++++++++++++---
|
||||
src/qemu/qemu_security_dac.c | 4 ++-
|
||||
src/security/security_selinux.c | 4 ++-
|
||||
src/security/virt-aa-helper.c | 4 ++-
|
||||
src/storage/storage_backend_fs.c | 11 ++++++--
|
||||
src/util/storage_file.c | 50 +++++++++++++++++++++++++------------
|
||||
src/util/storage_file.h | 3 +-
|
||||
7 files changed, 76 insertions(+), 27 deletions(-)
|
||||
|
||||
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
||||
index 487bfa3..97f2990 100644
|
||||
--- a/src/qemu/qemu_driver.c
|
||||
+++ b/src/qemu/qemu_driver.c
|
||||
@@ -3069,7 +3069,9 @@ static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
|
||||
}
|
||||
}
|
||||
|
||||
- rc = virStorageFileGetMetadata(path, &meta);
|
||||
+ rc = virStorageFileGetMetadata(path,
|
||||
+ VIR_STORAGE_FILE_AUTO,
|
||||
+ &meta);
|
||||
if (rc < 0)
|
||||
VIR_WARN("Unable to lookup parent image for %s", path);
|
||||
|
||||
@@ -3119,7 +3121,9 @@ static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
|
||||
}
|
||||
}
|
||||
|
||||
- rc = virStorageFileGetMetadata(path, &meta);
|
||||
+ rc = virStorageFileGetMetadata(path,
|
||||
+ VIR_STORAGE_FILE_AUTO,
|
||||
+ &meta);
|
||||
if (rc < 0)
|
||||
VIR_WARN("Unable to lookup parent image for %s", path);
|
||||
|
||||
@@ -9614,6 +9618,7 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
|
||||
virDomainDiskDefPtr disk = NULL;
|
||||
struct stat sb;
|
||||
int i;
|
||||
+ int format;
|
||||
|
||||
virCheckFlags(0, -1);
|
||||
|
||||
@@ -9658,7 +9663,21 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
|
||||
}
|
||||
|
||||
/* Probe for magic formats */
|
||||
- if (virStorageFileGetMetadataFromFD(path, fd, &meta) < 0)
|
||||
+ if (disk->driverType) {
|
||||
+ if ((format = virStorageFileFormatTypeFromString(disk->driverType)) < 0) {
|
||||
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
+ _("unknown disk format %s for %s"),
|
||||
+ disk->driverType, disk->src);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if ((format = virStorageFileProbeFormat(disk->src)) < 0)
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (virStorageFileGetMetadataFromFD(path, fd,
|
||||
+ format,
|
||||
+ &meta) < 0)
|
||||
goto cleanup;
|
||||
|
||||
/* Get info for normal formats */
|
||||
@@ -9706,7 +9725,7 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
|
||||
highest allocated extent from QEMU */
|
||||
if (virDomainObjIsActive(vm) &&
|
||||
disk->type == VIR_DOMAIN_DISK_TYPE_BLOCK &&
|
||||
- meta.format != VIR_STORAGE_FILE_RAW &&
|
||||
+ format != VIR_STORAGE_FILE_RAW &&
|
||||
S_ISBLK(sb.st_mode)) {
|
||||
qemuDomainObjPrivatePtr priv = vm->privateData;
|
||||
if (qemuDomainObjBeginJob(vm) < 0)
|
||||
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
|
||||
index 95015b0..acfe48e 100644
|
||||
--- a/src/qemu/qemu_security_dac.c
|
||||
+++ b/src/qemu/qemu_security_dac.c
|
||||
@@ -115,7 +115,9 @@ qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
||||
virStorageFileMetadata meta;
|
||||
int ret;
|
||||
|
||||
- ret = virStorageFileGetMetadata(path, &meta);
|
||||
+ ret = virStorageFileGetMetadata(path,
|
||||
+ VIR_STORAGE_FILE_AUTO,
|
||||
+ &meta);
|
||||
|
||||
if (path != disk->src)
|
||||
VIR_FREE(path);
|
||||
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
|
||||
index e5eef19..5c0f002 100644
|
||||
--- a/src/security/security_selinux.c
|
||||
+++ b/src/security/security_selinux.c
|
||||
@@ -457,7 +457,9 @@ SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
|
||||
virStorageFileMetadata meta;
|
||||
int ret;
|
||||
|
||||
- ret = virStorageFileGetMetadata(path, &meta);
|
||||
+ ret = virStorageFileGetMetadata(path,
|
||||
+ VIR_STORAGE_FILE_AUTO,
|
||||
+ &meta);
|
||||
|
||||
if (path != disk->src)
|
||||
VIR_FREE(path);
|
||||
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
|
||||
index c66f107..2c045e6 100644
|
||||
--- a/src/security/virt-aa-helper.c
|
||||
+++ b/src/security/virt-aa-helper.c
|
||||
@@ -830,7 +830,9 @@ get_files(vahControl * ctl)
|
||||
do {
|
||||
virStorageFileMetadata meta;
|
||||
|
||||
- ret = virStorageFileGetMetadata(path, &meta);
|
||||
+ ret = virStorageFileGetMetadata(path,
|
||||
+ VIR_STORAGE_FILE_AUTO,
|
||||
+ &meta);
|
||||
|
||||
if (path != ctl->def->disks[i]->src)
|
||||
VIR_FREE(path);
|
||||
diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
|
||||
index f0cd770..d3ac0fe 100644
|
||||
--- a/src/storage/storage_backend_fs.c
|
||||
+++ b/src/storage/storage_backend_fs.c
|
||||
@@ -75,14 +75,19 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
|
||||
|
||||
memset(&meta, 0, sizeof(meta));
|
||||
|
||||
- if (virStorageFileGetMetadataFromFD(target->path, fd, &meta) < 0) {
|
||||
+ if ((target->format = virStorageFileProbeFormatFromFD(target->path, fd)) < 0) {
|
||||
close(fd);
|
||||
return -1;
|
||||
}
|
||||
|
||||
- close(fd);
|
||||
+ if (virStorageFileGetMetadataFromFD(target->path, fd,
|
||||
+ target->format,
|
||||
+ &meta) < 0) {
|
||||
+ close(fd);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
- target->format = meta.format;
|
||||
+ close(fd);
|
||||
|
||||
if (backingStore) {
|
||||
*backingStore = meta.backingStore;
|
||||
diff --git a/src/util/storage_file.c b/src/util/storage_file.c
|
||||
index 221268b..9712d92 100644
|
||||
--- a/src/util/storage_file.c
|
||||
+++ b/src/util/storage_file.c
|
||||
@@ -696,18 +696,23 @@ virStorageFileProbeFormat(const char *path)
|
||||
/**
|
||||
* virStorageFileGetMetadataFromFD:
|
||||
*
|
||||
- * Probe for the format of 'fd' (which is an open file descriptor
|
||||
- * for the file 'path'), filling 'meta' with the detected
|
||||
- * format and other associated metadata.
|
||||
+ * Extract metadata about the storage volume with the specified
|
||||
+ * image format. If image format is VIR_STORAGE_FILE_AUTO, it
|
||||
+ * will probe to automatically identify the format.
|
||||
*
|
||||
- * Callers are advised never to trust the returned 'meta->format'
|
||||
- * unless it is listed as VIR_STORAGE_FILE_RAW, since a
|
||||
- * malicious guest can turn a raw file into any other non-raw
|
||||
- * format at will.
|
||||
+ * Callers are advised never to use VIR_STORAGE_FILE_AUTO as a
|
||||
+ * format, since a malicious guest can turn a raw file into any
|
||||
+ * other non-raw format at will.
|
||||
+ *
|
||||
+ * If the returned meta.backingStoreFormat is VIR_STORAGE_FILE_AUTO
|
||||
+ * it indicates the image didn't specify an explicit format for its
|
||||
+ * backing store. Callers are advised against probing for the
|
||||
+ * backing store format in this case.
|
||||
*/
|
||||
int
|
||||
virStorageFileGetMetadataFromFD(const char *path,
|
||||
int fd,
|
||||
+ int format,
|
||||
virStorageFileMetadata *meta)
|
||||
{
|
||||
unsigned char *head;
|
||||
@@ -731,9 +736,16 @@ virStorageFileGetMetadataFromFD(const char *path,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- meta->format = virStorageFileProbeFormatFromBuf(path, head, len);
|
||||
+ if (format == VIR_STORAGE_FILE_AUTO)
|
||||
+ format = virStorageFileProbeFormatFromBuf(path, head, len);
|
||||
+
|
||||
+ if (format < 0 ||
|
||||
+ format >= VIR_STORAGE_FILE_LAST) {
|
||||
+ virReportSystemError(EINVAL, _("unknown storage file format %d"), format);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
- ret = virStorageFileGetMetadataFromBuf(meta->format, path, head, len, meta);
|
||||
+ ret = virStorageFileGetMetadataFromBuf(format, path, head, len, meta);
|
||||
|
||||
cleanup:
|
||||
VIR_FREE(head);
|
||||
@@ -743,16 +755,22 @@ cleanup:
|
||||
/**
|
||||
* virStorageFileGetMetadata:
|
||||
*
|
||||
- * Probe for the format of 'path', filling 'meta' with the detected
|
||||
- * format and other associated metadata.
|
||||
+ * Extract metadata about the storage volume with the specified
|
||||
+ * image format. If image format is VIR_STORAGE_FILE_AUTO, it
|
||||
+ * will probe to automatically identify the format.
|
||||
*
|
||||
- * Callers are advised never to trust the returned 'meta->format'
|
||||
- * unless it is listed as VIR_STORAGE_FILE_RAW, since a
|
||||
- * malicious guest can turn a raw file into any other non-raw
|
||||
- * format at will.
|
||||
+ * Callers are advised never to use VIR_STORAGE_FILE_AUTO as a
|
||||
+ * format, since a malicious guest can turn a raw file into any
|
||||
+ * other non-raw format at will.
|
||||
+ *
|
||||
+ * If the returned meta.backingStoreFormat is VIR_STORAGE_FILE_AUTO
|
||||
+ * it indicates the image didn't specify an explicit format for its
|
||||
+ * backing store. Callers are advised against probing for the
|
||||
+ * backing store format in this case.
|
||||
*/
|
||||
int
|
||||
virStorageFileGetMetadata(const char *path,
|
||||
+ int format,
|
||||
virStorageFileMetadata *meta)
|
||||
{
|
||||
int fd, ret;
|
||||
@@ -762,7 +780,7 @@ virStorageFileGetMetadata(const char *path,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- ret = virStorageFileGetMetadataFromFD(path, fd, meta);
|
||||
+ ret = virStorageFileGetMetadataFromFD(path, fd, format, meta);
|
||||
|
||||
close(fd);
|
||||
|
||||
diff --git a/src/util/storage_file.h b/src/util/storage_file.h
|
||||
index 3420d44..6853182 100644
|
||||
--- a/src/util/storage_file.h
|
||||
+++ b/src/util/storage_file.h
|
||||
@@ -46,7 +46,6 @@ enum virStorageFileFormat {
|
||||
VIR_ENUM_DECL(virStorageFileFormat);
|
||||
|
||||
typedef struct _virStorageFileMetadata {
|
||||
- int format;
|
||||
char *backingStore;
|
||||
int backingStoreFormat;
|
||||
unsigned long long capacity;
|
||||
@@ -62,9 +61,11 @@ int virStorageFileProbeFormatFromFD(const char *path,
|
||||
int fd);
|
||||
|
||||
int virStorageFileGetMetadata(const char *path,
|
||||
+ int format,
|
||||
virStorageFileMetadata *meta);
|
||||
int virStorageFileGetMetadataFromFD(const char *path,
|
||||
int fd,
|
||||
+ int format,
|
||||
virStorageFileMetadata *meta);
|
||||
|
||||
int virStorageFileIsSharedFS(const char *path);
|
||||
--
|
||||
1.7.1.1
|
||||
|
||||
@@ -1,170 +0,0 @@
|
||||
From ac5067f1e2e98181ee0e9230f756697f50d853eb Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Mon, 14 Jun 2010 18:09:15 +0100
|
||||
Subject: [PATCH 05/11] Add an API for iterating over disk paths
|
||||
|
||||
There is duplicated code which iterates over disk backing stores
|
||||
performing some action. Provide a convenient helper for doing
|
||||
this to eliminate duplication & risk of mistakes with disk format
|
||||
probing
|
||||
|
||||
* src/conf/domain_conf.c, src/conf/domain_conf.h,
|
||||
src/libvirt_private.syms: Add virDomainDiskDefForeachPath()
|
||||
---
|
||||
src/conf/domain_conf.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++
|
||||
src/conf/domain_conf.h | 11 +++++
|
||||
src/libvirt_private.syms | 1 +
|
||||
3 files changed, 111 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||
index 378c06e..b20ca97 100644
|
||||
--- a/src/conf/domain_conf.c
|
||||
+++ b/src/conf/domain_conf.c
|
||||
@@ -45,6 +45,7 @@
|
||||
#include "macvtap.h"
|
||||
#include "nwfilter_conf.h"
|
||||
#include "ignore-value.h"
|
||||
+#include "storage_file.h"
|
||||
|
||||
#define VIR_FROM_THIS VIR_FROM_DOMAIN
|
||||
|
||||
@@ -7273,4 +7274,102 @@ done:
|
||||
}
|
||||
|
||||
|
||||
+int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
|
||||
+ bool allowProbing,
|
||||
+ bool ignoreOpenFailure,
|
||||
+ virDomainDiskDefPathIterator iter,
|
||||
+ void *opaque)
|
||||
+{
|
||||
+ virHashTablePtr paths;
|
||||
+ int format;
|
||||
+ int ret = -1;
|
||||
+ size_t depth = 0;
|
||||
+ char *nextpath = NULL;
|
||||
+
|
||||
+ if (!disk->src)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (disk->driverType) {
|
||||
+ const char *formatStr = disk->driverType;
|
||||
+ if (STREQ(formatStr, "aio"))
|
||||
+ formatStr = "raw"; /* Xen compat */
|
||||
+
|
||||
+ if ((format = virStorageFileFormatTypeFromString(formatStr)) < 0) {
|
||||
+ virDomainReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
+ _("unknown disk format '%s' for %s"),
|
||||
+ disk->driverType, disk->src);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (allowProbing) {
|
||||
+ format = VIR_STORAGE_FILE_AUTO;
|
||||
+ } else {
|
||||
+ virDomainReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
+ _("no disk format for %s and probing is disabled"),
|
||||
+ disk->src);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ paths = virHashCreate(5);
|
||||
+
|
||||
+ do {
|
||||
+ virStorageFileMetadata meta;
|
||||
+ const char *path = nextpath ? nextpath : disk->src;
|
||||
+ int fd;
|
||||
+
|
||||
+ if (iter(disk, path, depth, opaque) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (virHashLookup(paths, path)) {
|
||||
+ virDomainReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
+ _("backing store for %s is self-referential"),
|
||||
+ disk->src);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if ((fd = open(path, O_RDONLY)) < 0) {
|
||||
+ if (ignoreOpenFailure) {
|
||||
+ char ebuf[1024];
|
||||
+ VIR_WARN("Ignoring open failure on %s: %s", path,
|
||||
+ virStrerror(errno, ebuf, sizeof(ebuf)));
|
||||
+ break;
|
||||
+ } else {
|
||||
+ virReportSystemError(errno,
|
||||
+ _("unable to open disk path %s"),
|
||||
+ path);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (virStorageFileGetMetadataFromFD(path, fd, format, &meta) < 0) {
|
||||
+ close(fd);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ close(fd);
|
||||
+
|
||||
+ if (virHashAddEntry(paths, path, (void*)0x1) < 0) {
|
||||
+ virReportOOMError();
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ depth++;
|
||||
+ nextpath = meta.backingStore;
|
||||
+
|
||||
+ format = meta.backingStoreFormat;
|
||||
+
|
||||
+ if (format == VIR_STORAGE_FILE_AUTO &&
|
||||
+ !allowProbing)
|
||||
+ format = VIR_STORAGE_FILE_RAW; /* Stops further recursion */
|
||||
+ } while (nextpath);
|
||||
+
|
||||
+ ret = 0;
|
||||
+
|
||||
+cleanup:
|
||||
+ virHashFree(paths, NULL);
|
||||
+ VIR_FREE(nextpath);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
#endif /* ! PROXY */
|
||||
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
|
||||
index 01da17e..d46869e 100644
|
||||
--- a/src/conf/domain_conf.h
|
||||
+++ b/src/conf/domain_conf.h
|
||||
@@ -1079,6 +1079,17 @@ int virDomainChrDefForeach(virDomainDefPtr def,
|
||||
void *opaque);
|
||||
|
||||
|
||||
+typedef int (*virDomainDiskDefPathIterator)(virDomainDiskDefPtr disk,
|
||||
+ const char *path,
|
||||
+ size_t depth,
|
||||
+ void *opaque);
|
||||
+
|
||||
+int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
|
||||
+ bool allowProbing,
|
||||
+ bool ignoreOpenFailure,
|
||||
+ virDomainDiskDefPathIterator iter,
|
||||
+ void *opaque);
|
||||
+
|
||||
VIR_ENUM_DECL(virDomainVirt)
|
||||
VIR_ENUM_DECL(virDomainBoot)
|
||||
VIR_ENUM_DECL(virDomainFeature)
|
||||
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
|
||||
index 4607f49..b5f3695 100644
|
||||
--- a/src/libvirt_private.syms
|
||||
+++ b/src/libvirt_private.syms
|
||||
@@ -225,6 +225,7 @@ virDomainSnapshotDefFormat;
|
||||
virDomainSnapshotAssignDef;
|
||||
virDomainObjAssignDef;
|
||||
virDomainChrDefForeach;
|
||||
+virDomainDiskDefForeachPath;
|
||||
|
||||
|
||||
# domain_event.h
|
||||
--
|
||||
1.7.1.1
|
||||
|
||||
@@ -1,506 +0,0 @@
|
||||
From 54c1bb731d2b19a46a594cf9682c022f1e1114d2 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Tue, 15 Jun 2010 16:40:47 +0100
|
||||
Subject: [PATCH 06/11] Convert all disk backing store loops to shared helper API
|
||||
|
||||
Update the QEMU cgroups code, QEMU DAC security driver, SELinux
|
||||
and AppArmour security drivers over to use the shared helper API
|
||||
virDomainDiskDefForeachPath().
|
||||
|
||||
* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
|
||||
src/security/security_selinux.c, src/security/virt-aa-helper.c:
|
||||
Convert over to use virDomainDiskDefForeachPath()
|
||||
---
|
||||
src/qemu/qemu_driver.c | 161 ++++++++++++++++----------------------
|
||||
src/qemu/qemu_security_dac.c | 47 ++++--------
|
||||
src/security/security_selinux.c | 67 +++++++----------
|
||||
src/security/virt-aa-helper.c | 71 ++++++++----------
|
||||
4 files changed, 142 insertions(+), 204 deletions(-)
|
||||
|
||||
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
||||
index 97f2990..99aeffa 100644
|
||||
--- a/src/qemu/qemu_driver.c
|
||||
+++ b/src/qemu/qemu_driver.c
|
||||
@@ -3040,107 +3040,82 @@ static const char *const defaultDeviceACL[] = {
|
||||
#define DEVICE_PTY_MAJOR 136
|
||||
#define DEVICE_SND_MAJOR 116
|
||||
|
||||
-static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
|
||||
- virDomainObjPtr vm,
|
||||
- virDomainDiskDefPtr disk)
|
||||
-{
|
||||
- char *path = disk->src;
|
||||
- int ret = -1;
|
||||
|
||||
- while (path != NULL) {
|
||||
- virStorageFileMetadata meta;
|
||||
- int rc;
|
||||
+static int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
|
||||
+ const char *path,
|
||||
+ size_t depth ATTRIBUTE_UNUSED,
|
||||
+ void *opaque)
|
||||
+{
|
||||
+ virCgroupPtr cgroup = opaque;
|
||||
+ int rc;
|
||||
|
||||
- VIR_DEBUG("Process path '%s' for disk", path);
|
||||
- rc = virCgroupAllowDevicePath(cgroup, path);
|
||||
- if (rc != 0) {
|
||||
- /* Get this for non-block devices */
|
||||
- if (rc == -EINVAL) {
|
||||
- VIR_DEBUG("Ignoring EINVAL for %s", path);
|
||||
- } else if (rc == -EACCES) { /* Get this for root squash NFS */
|
||||
- VIR_DEBUG("Ignoring EACCES for %s", path);
|
||||
- } else {
|
||||
- virReportSystemError(-rc,
|
||||
- _("Unable to allow device %s for %s"),
|
||||
- path, vm->def->name);
|
||||
- if (path != disk->src)
|
||||
- VIR_FREE(path);
|
||||
- goto cleanup;
|
||||
- }
|
||||
+ VIR_DEBUG("Process path %s for disk", path);
|
||||
+ /* XXX RO vs RW */
|
||||
+ rc = virCgroupAllowDevicePath(cgroup, path);
|
||||
+ if (rc != 0) {
|
||||
+ /* Get this for non-block devices */
|
||||
+ if (rc == -EINVAL) {
|
||||
+ VIR_DEBUG("Ignoring EINVAL for %s", path);
|
||||
+ } else if (rc == -EACCES) { /* Get this for root squash NFS */
|
||||
+ VIR_DEBUG("Ignoring EACCES for %s", path);
|
||||
+ } else {
|
||||
+ virReportSystemError(-rc,
|
||||
+ _("Unable to allow access for disk path %s"),
|
||||
+ path);
|
||||
+ return -1;
|
||||
}
|
||||
-
|
||||
- rc = virStorageFileGetMetadata(path,
|
||||
- VIR_STORAGE_FILE_AUTO,
|
||||
- &meta);
|
||||
- if (rc < 0)
|
||||
- VIR_WARN("Unable to lookup parent image for %s", path);
|
||||
-
|
||||
- if (path != disk->src)
|
||||
- VIR_FREE(path);
|
||||
- path = NULL;
|
||||
-
|
||||
- if (rc < 0)
|
||||
- break; /* Treating as non fatal */
|
||||
-
|
||||
- path = meta.backingStore;
|
||||
}
|
||||
+ return 0;
|
||||
+}
|
||||
|
||||
- ret = 0;
|
||||
|
||||
-cleanup:
|
||||
- return ret;
|
||||
+static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
|
||||
+ virDomainDiskDefPtr disk)
|
||||
+{
|
||||
+ return virDomainDiskDefForeachPath(disk,
|
||||
+ true,
|
||||
+ true,
|
||||
+ qemuSetupDiskPathAllow,
|
||||
+ cgroup);
|
||||
}
|
||||
|
||||
|
||||
-static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
|
||||
- virDomainObjPtr vm,
|
||||
- virDomainDiskDefPtr disk)
|
||||
+static int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
|
||||
+ const char *path,
|
||||
+ size_t depth ATTRIBUTE_UNUSED,
|
||||
+ void *opaque)
|
||||
{
|
||||
- char *path = disk->src;
|
||||
- int ret = -1;
|
||||
-
|
||||
- while (path != NULL) {
|
||||
- virStorageFileMetadata meta;
|
||||
- int rc;
|
||||
+ virCgroupPtr cgroup = opaque;
|
||||
+ int rc;
|
||||
|
||||
- VIR_DEBUG("Process path '%s' for disk", path);
|
||||
- rc = virCgroupDenyDevicePath(cgroup, path);
|
||||
- if (rc != 0) {
|
||||
- /* Get this for non-block devices */
|
||||
- if (rc == -EINVAL) {
|
||||
- VIR_DEBUG("Ignoring EINVAL for %s", path);
|
||||
- } else if (rc == -EACCES) { /* Get this for root squash NFS */
|
||||
- VIR_DEBUG("Ignoring EACCES for %s", path);
|
||||
- } else {
|
||||
- virReportSystemError(-rc,
|
||||
- _("Unable to deny device %s for %s"),
|
||||
- path, vm->def->name);
|
||||
- if (path != disk->src)
|
||||
- VIR_FREE(path);
|
||||
- goto cleanup;
|
||||
- }
|
||||
+ VIR_DEBUG("Process path %s for disk", path);
|
||||
+ /* XXX RO vs RW */
|
||||
+ rc = virCgroupDenyDevicePath(cgroup, path);
|
||||
+ if (rc != 0) {
|
||||
+ /* Get this for non-block devices */
|
||||
+ if (rc == -EINVAL) {
|
||||
+ VIR_DEBUG("Ignoring EINVAL for %s", path);
|
||||
+ } else if (rc == -EACCES) { /* Get this for root squash NFS */
|
||||
+ VIR_DEBUG("Ignoring EACCES for %s", path);
|
||||
+ } else {
|
||||
+ virReportSystemError(-rc,
|
||||
+ _("Unable to allow access for disk path %s"),
|
||||
+ path);
|
||||
+ return -1;
|
||||
}
|
||||
-
|
||||
- rc = virStorageFileGetMetadata(path,
|
||||
- VIR_STORAGE_FILE_AUTO,
|
||||
- &meta);
|
||||
- if (rc < 0)
|
||||
- VIR_WARN("Unable to lookup parent image for %s", path);
|
||||
-
|
||||
- if (path != disk->src)
|
||||
- VIR_FREE(path);
|
||||
- path = NULL;
|
||||
-
|
||||
- if (rc < 0)
|
||||
- break; /* Treating as non fatal */
|
||||
-
|
||||
- path = meta.backingStore;
|
||||
}
|
||||
+ return 0;
|
||||
+}
|
||||
|
||||
- ret = 0;
|
||||
|
||||
-cleanup:
|
||||
- return ret;
|
||||
+static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
|
||||
+ virDomainDiskDefPtr disk)
|
||||
+{
|
||||
+ return virDomainDiskDefForeachPath(disk,
|
||||
+ true,
|
||||
+ true,
|
||||
+ qemuTeardownDiskPathDeny,
|
||||
+ cgroup);
|
||||
}
|
||||
|
||||
|
||||
@@ -3204,7 +3179,7 @@ static int qemuSetupCgroup(struct qemud_driver *driver,
|
||||
}
|
||||
|
||||
for (i = 0; i < vm->def->ndisks ; i++) {
|
||||
- if (qemuSetupDiskCgroup(cgroup, vm, vm->def->disks[i]) < 0)
|
||||
+ if (qemuSetupDiskCgroup(cgroup, vm->def->disks[i]) < 0)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -8035,7 +8010,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
|
||||
vm->def->name);
|
||||
goto endjob;
|
||||
}
|
||||
- if (qemuSetupDiskCgroup(cgroup, vm, dev->data.disk) < 0)
|
||||
+ if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
goto endjob;
|
||||
}
|
||||
|
||||
@@ -8080,7 +8055,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
|
||||
/* Fallthrough */
|
||||
}
|
||||
if (ret != 0 && cgroup) {
|
||||
- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
|
||||
+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
||||
NULLSTR(dev->data.disk->src));
|
||||
}
|
||||
@@ -8280,7 +8255,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
|
||||
vm->def->name);
|
||||
goto endjob;
|
||||
}
|
||||
- if (qemuSetupDiskCgroup(cgroup, vm, dev->data.disk) < 0)
|
||||
+ if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
goto endjob;
|
||||
}
|
||||
|
||||
@@ -8303,7 +8278,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
|
||||
}
|
||||
|
||||
if (ret != 0 && cgroup) {
|
||||
- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
|
||||
+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
||||
NULLSTR(dev->data.disk->src));
|
||||
}
|
||||
@@ -8430,7 +8405,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
|
||||
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
|
||||
|
||||
if (cgroup != NULL) {
|
||||
- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
|
||||
+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
||||
NULLSTR(dev->data.disk->src));
|
||||
}
|
||||
@@ -8493,7 +8468,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
|
||||
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
|
||||
|
||||
if (cgroup != NULL) {
|
||||
- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)
|
||||
+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
||||
NULLSTR(dev->data.disk->src));
|
||||
}
|
||||
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
|
||||
index acfe48e..770010d 100644
|
||||
--- a/src/qemu/qemu_security_dac.c
|
||||
+++ b/src/qemu/qemu_security_dac.c
|
||||
@@ -98,45 +98,28 @@ err:
|
||||
|
||||
|
||||
static int
|
||||
+qemuSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
|
||||
+ const char *path,
|
||||
+ size_t depth ATTRIBUTE_UNUSED,
|
||||
+ void *opaque ATTRIBUTE_UNUSED)
|
||||
+{
|
||||
+ return qemuSecurityDACSetOwnership(path, driver->user, driver->group);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static int
|
||||
qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
||||
virDomainDiskDefPtr disk)
|
||||
|
||||
{
|
||||
- const char *path;
|
||||
-
|
||||
if (!driver->privileged || !driver->dynamicOwnership)
|
||||
return 0;
|
||||
|
||||
- if (!disk->src)
|
||||
- return 0;
|
||||
-
|
||||
- path = disk->src;
|
||||
- do {
|
||||
- virStorageFileMetadata meta;
|
||||
- int ret;
|
||||
-
|
||||
- ret = virStorageFileGetMetadata(path,
|
||||
- VIR_STORAGE_FILE_AUTO,
|
||||
- &meta);
|
||||
-
|
||||
- if (path != disk->src)
|
||||
- VIR_FREE(path);
|
||||
- path = NULL;
|
||||
-
|
||||
- if (ret < 0)
|
||||
- return -1;
|
||||
-
|
||||
- if (meta.backingStore != NULL &&
|
||||
- qemuSecurityDACSetOwnership(meta.backingStore,
|
||||
- driver->user, driver->group) < 0) {
|
||||
- VIR_FREE(meta.backingStore);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- path = meta.backingStore;
|
||||
- } while (path != NULL);
|
||||
-
|
||||
- return qemuSecurityDACSetOwnership(disk->src, driver->user, driver->group);
|
||||
+ return virDomainDiskDefForeachPath(disk,
|
||||
+ true,
|
||||
+ false,
|
||||
+ qemuSecurityDACSetSecurityFileLabel,
|
||||
+ NULL);
|
||||
}
|
||||
|
||||
|
||||
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
|
||||
index 5c0f002..d191118 100644
|
||||
--- a/src/security/security_selinux.c
|
||||
+++ b/src/security/security_selinux.c
|
||||
@@ -439,54 +439,43 @@ SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm,
|
||||
|
||||
|
||||
static int
|
||||
+SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
|
||||
+ const char *path,
|
||||
+ size_t depth,
|
||||
+ void *opaque)
|
||||
+{
|
||||
+ const virSecurityLabelDefPtr secdef = opaque;
|
||||
+
|
||||
+ if (depth == 0) {
|
||||
+ if (disk->shared) {
|
||||
+ return SELinuxSetFilecon(path, default_image_context);
|
||||
+ } else if (disk->readonly) {
|
||||
+ return SELinuxSetFilecon(path, default_content_context);
|
||||
+ } else if (secdef->imagelabel) {
|
||||
+ return SELinuxSetFilecon(path, secdef->imagelabel);
|
||||
+ } else {
|
||||
+ return 0;
|
||||
+ }
|
||||
+ } else {
|
||||
+ return SELinuxSetFilecon(path, default_content_context);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
|
||||
virDomainDiskDefPtr disk)
|
||||
|
||||
{
|
||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||
- const char *path;
|
||||
|
||||
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
|
||||
return 0;
|
||||
|
||||
- if (!disk->src)
|
||||
- return 0;
|
||||
-
|
||||
- path = disk->src;
|
||||
- do {
|
||||
- virStorageFileMetadata meta;
|
||||
- int ret;
|
||||
-
|
||||
- ret = virStorageFileGetMetadata(path,
|
||||
- VIR_STORAGE_FILE_AUTO,
|
||||
- &meta);
|
||||
-
|
||||
- if (path != disk->src)
|
||||
- VIR_FREE(path);
|
||||
- path = NULL;
|
||||
-
|
||||
- if (ret < 0)
|
||||
- break;
|
||||
-
|
||||
- if (meta.backingStore != NULL &&
|
||||
- SELinuxSetFilecon(meta.backingStore,
|
||||
- default_content_context) < 0) {
|
||||
- VIR_FREE(meta.backingStore);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- path = meta.backingStore;
|
||||
- } while (path != NULL);
|
||||
-
|
||||
- if (disk->shared) {
|
||||
- return SELinuxSetFilecon(disk->src, default_image_context);
|
||||
- } else if (disk->readonly) {
|
||||
- return SELinuxSetFilecon(disk->src, default_content_context);
|
||||
- } else if (secdef->imagelabel) {
|
||||
- return SELinuxSetFilecon(disk->src, secdef->imagelabel);
|
||||
- }
|
||||
-
|
||||
- return 0;
|
||||
+ return virDomainDiskDefForeachPath(disk,
|
||||
+ true,
|
||||
+ false,
|
||||
+ SELinuxSetSecurityFileLabel,
|
||||
+ secdef);
|
||||
}
|
||||
|
||||
|
||||
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
|
||||
index 2c045e6..9ed0cd3 100644
|
||||
--- a/src/security/virt-aa-helper.c
|
||||
+++ b/src/security/virt-aa-helper.c
|
||||
@@ -36,7 +36,6 @@
|
||||
#include "uuid.h"
|
||||
#include "hostusb.h"
|
||||
#include "pci.h"
|
||||
-#include "storage_file.h"
|
||||
|
||||
static char *progname;
|
||||
|
||||
@@ -801,6 +800,28 @@ file_iterate_pci_cb(pciDevice *dev ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
static int
|
||||
+add_file_path(virDomainDiskDefPtr disk,
|
||||
+ const char *path,
|
||||
+ size_t depth,
|
||||
+ void *opaque)
|
||||
+{
|
||||
+ virBufferPtr buf = opaque;
|
||||
+ int ret;
|
||||
+
|
||||
+ if (depth == 0) {
|
||||
+ if (disk->readonly)
|
||||
+ ret = vah_add_file(buf, path, "r");
|
||||
+ else
|
||||
+ ret = vah_add_file(buf, path, "rw");
|
||||
+ } else {
|
||||
+ ret = vah_add_file(buf, path, "r");
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static int
|
||||
get_files(vahControl * ctl)
|
||||
{
|
||||
virBuffer buf = VIR_BUFFER_INITIALIZER;
|
||||
@@ -821,45 +842,15 @@ get_files(vahControl * ctl)
|
||||
goto clean;
|
||||
}
|
||||
|
||||
- for (i = 0; i < ctl->def->ndisks; i++)
|
||||
- if (ctl->def->disks[i] && ctl->def->disks[i]->src) {
|
||||
- int ret;
|
||||
- const char *path;
|
||||
-
|
||||
- path = ctl->def->disks[i]->src;
|
||||
- do {
|
||||
- virStorageFileMetadata meta;
|
||||
-
|
||||
- ret = virStorageFileGetMetadata(path,
|
||||
- VIR_STORAGE_FILE_AUTO,
|
||||
- &meta);
|
||||
-
|
||||
- if (path != ctl->def->disks[i]->src)
|
||||
- VIR_FREE(path);
|
||||
- path = NULL;
|
||||
-
|
||||
- if (ret < 0) {
|
||||
- vah_warning("could not open path, skipping");
|
||||
- continue;
|
||||
- }
|
||||
-
|
||||
- if (meta.backingStore != NULL &&
|
||||
- (ret = vah_add_file(&buf, meta.backingStore, "rw")) != 0) {
|
||||
- VIR_FREE(meta.backingStore);
|
||||
- goto clean;
|
||||
- }
|
||||
-
|
||||
- path = meta.backingStore;
|
||||
- } while (path != NULL);
|
||||
-
|
||||
- if (ctl->def->disks[i]->readonly)
|
||||
- ret = vah_add_file(&buf, ctl->def->disks[i]->src, "r");
|
||||
- else
|
||||
- ret = vah_add_file(&buf, ctl->def->disks[i]->src, "rw");
|
||||
-
|
||||
- if (ret != 0)
|
||||
- goto clean;
|
||||
- }
|
||||
+ for (i = 0; i < ctl->def->ndisks; i++) {
|
||||
+ int ret = virDomainDiskDefForeachPath(ctl->def->disks[i],
|
||||
+ true,
|
||||
+ false,
|
||||
+ add_file_path,
|
||||
+ &buf);
|
||||
+ if (ret != 0)
|
||||
+ goto clean;
|
||||
+ }
|
||||
|
||||
for (i = 0; i < ctl->def->nserials; i++)
|
||||
if (ctl->def->serials[i] && ctl->def->serials[i]->data.file.path)
|
||||
--
|
||||
1.7.1.1
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,468 +0,0 @@
|
||||
From dac2b936e77f6c76c11f162e4b175492e4803acb Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Tue, 15 Jun 2010 17:58:58 +0100
|
||||
Subject: [PATCH 08/11] Disable all disk probing in QEMU driver & add config option to re-enable
|
||||
|
||||
Disk format probing is now disabled by default. A new config
|
||||
option in /etc/qemu/qemu.conf will re-enable it for existing
|
||||
deployments where this causes trouble
|
||||
---
|
||||
src/qemu/libvirtd_qemu.aug | 1 +
|
||||
src/qemu/qemu.conf | 12 ++++++++++++
|
||||
src/qemu/qemu_conf.c | 4 ++++
|
||||
src/qemu/qemu_conf.h | 1 +
|
||||
src/qemu/qemu_driver.c | 36 +++++++++++++++++++++++-------------
|
||||
src/qemu/qemu_security_dac.c | 2 +-
|
||||
src/qemu/test_libvirtd_qemu.aug | 4 ++++
|
||||
src/security/security_apparmor.c | 12 ++++++++----
|
||||
src/security/security_driver.c | 16 ++++++++++++++--
|
||||
src/security/security_driver.h | 10 ++++++++--
|
||||
src/security/security_selinux.c | 9 ++++++---
|
||||
src/security/virt-aa-helper.c | 10 +++++++++-
|
||||
tests/seclabeltest.c | 2 +-
|
||||
13 files changed, 92 insertions(+), 27 deletions(-)
|
||||
|
||||
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
|
||||
index 7c9f271..47d0525 100644
|
||||
--- a/src/qemu/libvirtd_qemu.aug
|
||||
+++ b/src/qemu/libvirtd_qemu.aug
|
||||
@@ -40,6 +40,7 @@ module Libvirtd_qemu =
|
||||
| bool_entry "relaxed_acs_check"
|
||||
| bool_entry "vnc_allow_host_audio"
|
||||
| bool_entry "clear_emulator_capabilities"
|
||||
+ | bool_entry "allow_disk_format_probing"
|
||||
|
||||
(* Each enty in the config is one of the following three ... *)
|
||||
let entry = vnc_entry
|
||||
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
|
||||
index 93934f3..dc8eb83 100644
|
||||
--- a/src/qemu/qemu.conf
|
||||
+++ b/src/qemu/qemu.conf
|
||||
@@ -187,3 +187,15 @@
|
||||
# exploit the privileges and possibly do damage to the host.
|
||||
#
|
||||
# clear_emulator_capabilities = 1
|
||||
+
|
||||
+
|
||||
+
|
||||
+# If allow_disk_format_probing is enabled, libvirt will probe disk
|
||||
+# images to attempt to identify their format, when not otherwise
|
||||
+# specified in the XML. This is disabled by default.
|
||||
+#
|
||||
+# WARNING: Enabling probing is a security hole in almost all
|
||||
+# deployments. It is strongly recommended that users update their
|
||||
+# guest XML <disk> elements to include <driver type='XXXX'/>
|
||||
+# elements instead of enabling this option.
|
||||
+# allow_disk_format_probing = 1
|
||||
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
|
||||
index 988220b..3ba48bf 100644
|
||||
--- a/src/qemu/qemu_conf.c
|
||||
+++ b/src/qemu/qemu_conf.c
|
||||
@@ -365,6 +365,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
|
||||
CHECK_TYPE ("clear_emulator_capabilities", VIR_CONF_LONG);
|
||||
if (p) driver->clearEmulatorCapabilities = p->l;
|
||||
|
||||
+ p = virConfGetValue (conf, "allow_disk_format_probing");
|
||||
+ CHECK_TYPE ("allow_disk_format_probing", VIR_CONF_LONG);
|
||||
+ if (p) driver->allowDiskFormatProbing = p->l;
|
||||
+
|
||||
virConfFree (conf);
|
||||
return 0;
|
||||
}
|
||||
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
|
||||
index ab5f158..30e9f20 100644
|
||||
--- a/src/qemu/qemu_conf.h
|
||||
+++ b/src/qemu/qemu_conf.h
|
||||
@@ -141,6 +141,7 @@ struct qemud_driver {
|
||||
unsigned int relaxedACS : 1;
|
||||
unsigned int vncAllowHostAudio : 1;
|
||||
unsigned int clearEmulatorCapabilities : 1;
|
||||
+ unsigned int allowDiskFormatProbing : 1;
|
||||
|
||||
virCapsPtr caps;
|
||||
|
||||
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
||||
index 616547c..3c479c5 100644
|
||||
--- a/src/qemu/qemu_driver.c
|
||||
+++ b/src/qemu/qemu_driver.c
|
||||
@@ -1322,7 +1322,8 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
|
||||
qemuSecurityDACSetDriver(qemud_drv);
|
||||
|
||||
ret = virSecurityDriverStartup(&security_drv,
|
||||
- qemud_drv->securityDriverName);
|
||||
+ qemud_drv->securityDriverName,
|
||||
+ qemud_drv->allowDiskFormatProbing);
|
||||
if (ret == -1) {
|
||||
VIR_ERROR0(_("Failed to start security driver"));
|
||||
return -1;
|
||||
@@ -3070,11 +3071,12 @@ static int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
|
||||
-static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
|
||||
+static int qemuSetupDiskCgroup(struct qemud_driver *driver,
|
||||
+ virCgroupPtr cgroup,
|
||||
virDomainDiskDefPtr disk)
|
||||
{
|
||||
return virDomainDiskDefForeachPath(disk,
|
||||
- true,
|
||||
+ driver->allowDiskFormatProbing,
|
||||
true,
|
||||
qemuSetupDiskPathAllow,
|
||||
cgroup);
|
||||
@@ -3109,11 +3111,12 @@ static int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
|
||||
-static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
|
||||
+static int qemuTeardownDiskCgroup(struct qemud_driver *driver,
|
||||
+ virCgroupPtr cgroup,
|
||||
virDomainDiskDefPtr disk)
|
||||
{
|
||||
return virDomainDiskDefForeachPath(disk,
|
||||
- true,
|
||||
+ driver->allowDiskFormatProbing,
|
||||
true,
|
||||
qemuTeardownDiskPathDeny,
|
||||
cgroup);
|
||||
@@ -3180,7 +3183,7 @@ static int qemuSetupCgroup(struct qemud_driver *driver,
|
||||
}
|
||||
|
||||
for (i = 0; i < vm->def->ndisks ; i++) {
|
||||
- if (qemuSetupDiskCgroup(cgroup, vm->def->disks[i]) < 0)
|
||||
+ if (qemuSetupDiskCgroup(driver, cgroup, vm->def->disks[i]) < 0)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -8033,7 +8036,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
|
||||
vm->def->name);
|
||||
goto endjob;
|
||||
}
|
||||
- if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
+ if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
||||
goto endjob;
|
||||
}
|
||||
|
||||
@@ -8078,7 +8081,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
|
||||
/* Fallthrough */
|
||||
}
|
||||
if (ret != 0 && cgroup) {
|
||||
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
||||
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
||||
NULLSTR(dev->data.disk->src));
|
||||
}
|
||||
@@ -8278,7 +8281,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
|
||||
vm->def->name);
|
||||
goto endjob;
|
||||
}
|
||||
- if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
+ if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
||||
goto endjob;
|
||||
}
|
||||
|
||||
@@ -8301,7 +8304,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
|
||||
}
|
||||
|
||||
if (ret != 0 && cgroup) {
|
||||
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
||||
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
||||
NULLSTR(dev->data.disk->src));
|
||||
}
|
||||
@@ -8429,7 +8432,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
|
||||
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
|
||||
|
||||
if (cgroup != NULL) {
|
||||
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
||||
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
||||
NULLSTR(dev->data.disk->src));
|
||||
}
|
||||
@@ -8493,7 +8496,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
|
||||
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
|
||||
|
||||
if (cgroup != NULL) {
|
||||
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
||||
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
||||
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
||||
NULLSTR(dev->data.disk->src));
|
||||
}
|
||||
@@ -9672,8 +9675,15 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
|
||||
goto cleanup;
|
||||
}
|
||||
} else {
|
||||
- if ((format = virStorageFileProbeFormat(disk->src)) < 0)
|
||||
+ if (driver->allowDiskFormatProbing) {
|
||||
+ if ((format = virStorageFileProbeFormat(disk->src)) < 0)
|
||||
+ goto cleanup;
|
||||
+ } else {
|
||||
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
+ _("no disk format for %s and probing is disabled"),
|
||||
+ disk->src);
|
||||
goto cleanup;
|
||||
+ }
|
||||
}
|
||||
|
||||
if (virStorageFileGetMetadataFromFD(path, fd,
|
||||
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
|
||||
index 0bbcf69..55dc0c6 100644
|
||||
--- a/src/qemu/qemu_security_dac.c
|
||||
+++ b/src/qemu/qemu_security_dac.c
|
||||
@@ -117,7 +117,7 @@ qemuSecurityDACSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||
return 0;
|
||||
|
||||
return virDomainDiskDefForeachPath(disk,
|
||||
- true,
|
||||
+ driver->allowDiskFormatProbing,
|
||||
false,
|
||||
qemuSecurityDACSetSecurityFileLabel,
|
||||
NULL);
|
||||
diff --git a/src/qemu/test_libvirtd_qemu.aug b/src/qemu/test_libvirtd_qemu.aug
|
||||
index 3326cc5..f0c4a0d 100644
|
||||
--- a/src/qemu/test_libvirtd_qemu.aug
|
||||
+++ b/src/qemu/test_libvirtd_qemu.aug
|
||||
@@ -101,6 +101,8 @@ relaxed_acs_check = 1
|
||||
vnc_allow_host_audio = 1
|
||||
|
||||
clear_emulator_capabilities = 0
|
||||
+
|
||||
+allow_disk_format_probing = 1
|
||||
"
|
||||
|
||||
test Libvirtd_qemu.lns get conf =
|
||||
@@ -212,3 +214,5 @@ clear_emulator_capabilities = 0
|
||||
{ "vnc_allow_host_audio" = "1" }
|
||||
{ "#empty" }
|
||||
{ "clear_emulator_capabilities" = "0" }
|
||||
+{ "#empty" }
|
||||
+{ "allow_disk_format_probing" = "1" }
|
||||
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
|
||||
index cb5c739..c5f9829 100644
|
||||
--- a/src/security/security_apparmor.c
|
||||
+++ b/src/security/security_apparmor.c
|
||||
@@ -157,6 +157,8 @@ load_profile(virSecurityDriverPtr drv,
|
||||
char *xml = NULL;
|
||||
int pipefd[2];
|
||||
pid_t child;
|
||||
+ const char *probe = virSecurityDriverGetAllowDiskFormatProbing(drv)
|
||||
+ ? "1" : "0";
|
||||
|
||||
if (pipe(pipefd) < -1) {
|
||||
virReportSystemError(errno, "%s", _("unable to create pipe"));
|
||||
@@ -172,19 +174,19 @@ load_profile(virSecurityDriverPtr drv,
|
||||
|
||||
if (create) {
|
||||
const char *const argv[] = {
|
||||
- VIRT_AA_HELPER, "-c", "-u", profile, NULL
|
||||
+ VIRT_AA_HELPER, "-p", probe, "-c", "-u", profile, NULL
|
||||
};
|
||||
ret = virExec(argv, NULL, NULL, &child,
|
||||
pipefd[0], NULL, NULL, VIR_EXEC_NONE);
|
||||
} else if (fn) {
|
||||
const char *const argv[] = {
|
||||
- VIRT_AA_HELPER, "-r", "-u", profile, "-f", fn, NULL
|
||||
+ VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, "-f", fn, NULL
|
||||
};
|
||||
ret = virExec(argv, NULL, NULL, &child,
|
||||
pipefd[0], NULL, NULL, VIR_EXEC_NONE);
|
||||
} else {
|
||||
const char *const argv[] = {
|
||||
- VIRT_AA_HELPER, "-r", "-u", profile, NULL
|
||||
+ VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, NULL
|
||||
};
|
||||
ret = virExec(argv, NULL, NULL, &child,
|
||||
pipefd[0], NULL, NULL, VIR_EXEC_NONE);
|
||||
@@ -347,9 +349,11 @@ AppArmorSecurityDriverProbe(void)
|
||||
* currently not used.
|
||||
*/
|
||||
static int
|
||||
-AppArmorSecurityDriverOpen(virSecurityDriverPtr drv)
|
||||
+AppArmorSecurityDriverOpen(virSecurityDriverPtr drv,
|
||||
+ bool allowDiskFormatProbing)
|
||||
{
|
||||
virSecurityDriverSetDOI(drv, SECURITY_APPARMOR_VOID_DOI);
|
||||
+ virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing);
|
||||
return 0;
|
||||
}
|
||||
|
||||
diff --git a/src/security/security_driver.c b/src/security/security_driver.c
|
||||
index aac9f78..9e32fa4 100644
|
||||
--- a/src/security/security_driver.c
|
||||
+++ b/src/security/security_driver.c
|
||||
@@ -56,7 +56,8 @@ virSecurityDriverVerify(virDomainDefPtr def)
|
||||
|
||||
int
|
||||
virSecurityDriverStartup(virSecurityDriverPtr *drv,
|
||||
- const char *name)
|
||||
+ const char *name,
|
||||
+ bool allowDiskFormatProbing)
|
||||
{
|
||||
unsigned int i;
|
||||
|
||||
@@ -72,7 +73,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv,
|
||||
switch (tmp->probe()) {
|
||||
case SECURITY_DRIVER_ENABLE:
|
||||
virSecurityDriverInit(tmp);
|
||||
- if (tmp->open(tmp) == -1) {
|
||||
+ if (tmp->open(tmp, allowDiskFormatProbing) == -1) {
|
||||
return -1;
|
||||
} else {
|
||||
*drv = tmp;
|
||||
@@ -125,3 +126,14 @@ virSecurityDriverGetModel(virSecurityDriverPtr drv)
|
||||
{
|
||||
return drv->name;
|
||||
}
|
||||
+
|
||||
+void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv,
|
||||
+ bool allowDiskFormatProbing)
|
||||
+{
|
||||
+ drv->_private.allowDiskFormatProbing = allowDiskFormatProbing;
|
||||
+}
|
||||
+
|
||||
+bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv)
|
||||
+{
|
||||
+ return drv->_private.allowDiskFormatProbing;
|
||||
+}
|
||||
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
|
||||
index 61c9eb0..d768f32 100644
|
||||
--- a/src/security/security_driver.h
|
||||
+++ b/src/security/security_driver.h
|
||||
@@ -33,7 +33,8 @@ typedef struct _virSecurityDriverState virSecurityDriverState;
|
||||
typedef virSecurityDriverState *virSecurityDriverStatePtr;
|
||||
|
||||
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
|
||||
-typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
|
||||
+typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv,
|
||||
+ bool allowDiskFormatProbing);
|
||||
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityDriverPtr drv,
|
||||
virDomainObjPtr vm,
|
||||
virDomainDiskDefPtr disk);
|
||||
@@ -102,12 +103,14 @@ struct _virSecurityDriver {
|
||||
*/
|
||||
struct {
|
||||
char doi[VIR_SECURITY_DOI_BUFLEN];
|
||||
+ bool allowDiskFormatProbing;
|
||||
} _private;
|
||||
};
|
||||
|
||||
/* Global methods */
|
||||
int virSecurityDriverStartup(virSecurityDriverPtr *drv,
|
||||
- const char *name);
|
||||
+ const char *name,
|
||||
+ bool allowDiskFormatProbing);
|
||||
|
||||
int
|
||||
virSecurityDriverVerify(virDomainDefPtr def);
|
||||
@@ -120,7 +123,10 @@ virSecurityDriverVerify(virDomainDefPtr def);
|
||||
void virSecurityDriverInit(virSecurityDriverPtr drv);
|
||||
int virSecurityDriverSetDOI(virSecurityDriverPtr drv,
|
||||
const char *doi);
|
||||
+void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv,
|
||||
+ bool allowDiskFormatProbing);
|
||||
const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv);
|
||||
const char *virSecurityDriverGetModel(virSecurityDriverPtr drv);
|
||||
+bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv);
|
||||
|
||||
#endif /* __VIR_SECURITY_H__ */
|
||||
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
|
||||
index cc3812b..a9dd836 100644
|
||||
--- a/src/security/security_selinux.c
|
||||
+++ b/src/security/security_selinux.c
|
||||
@@ -266,13 +266,15 @@ SELinuxSecurityDriverProbe(void)
|
||||
}
|
||||
|
||||
static int
|
||||
-SELinuxSecurityDriverOpen(virSecurityDriverPtr drv)
|
||||
+SELinuxSecurityDriverOpen(virSecurityDriverPtr drv,
|
||||
+ bool allowDiskFormatProbing)
|
||||
{
|
||||
/*
|
||||
* Where will the DOI come from? SELinux configuration, or qemu
|
||||
* configuration? For the moment, we'll just set it to "0".
|
||||
*/
|
||||
virSecurityDriverSetDOI(drv, SECURITY_SELINUX_VOID_DOI);
|
||||
+ virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing);
|
||||
return SELinuxInitialize();
|
||||
}
|
||||
|
||||
@@ -467,18 +469,19 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
|
||||
}
|
||||
|
||||
static int
|
||||
-SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||
+SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv,
|
||||
virDomainObjPtr vm,
|
||||
virDomainDiskDefPtr disk)
|
||||
|
||||
{
|
||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||
+ bool allowDiskFormatProbing = virSecurityDriverGetAllowDiskFormatProbing(drv);
|
||||
|
||||
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
|
||||
return 0;
|
||||
|
||||
return virDomainDiskDefForeachPath(disk,
|
||||
- true,
|
||||
+ allowDiskFormatProbing,
|
||||
false,
|
||||
SELinuxSetSecurityFileLabel,
|
||||
secdef);
|
||||
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
|
||||
index 9ed0cd3..521545d 100644
|
||||
--- a/src/security/virt-aa-helper.c
|
||||
+++ b/src/security/virt-aa-helper.c
|
||||
@@ -40,6 +40,7 @@
|
||||
static char *progname;
|
||||
|
||||
typedef struct {
|
||||
+ bool allowDiskFormatProbing;
|
||||
char uuid[PROFILE_NAME_SIZE]; /* UUID of vm */
|
||||
bool dryrun; /* dry run */
|
||||
char cmd; /* 'c' create
|
||||
@@ -844,7 +845,7 @@ get_files(vahControl * ctl)
|
||||
|
||||
for (i = 0; i < ctl->def->ndisks; i++) {
|
||||
int ret = virDomainDiskDefForeachPath(ctl->def->disks[i],
|
||||
- true,
|
||||
+ ctl->allowDiskFormatProbing,
|
||||
false,
|
||||
add_file_path,
|
||||
&buf);
|
||||
@@ -943,6 +944,7 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
|
||||
{
|
||||
int arg, idx = 0;
|
||||
struct option opt[] = {
|
||||
+ {"probing", 1, 0, 'p' },
|
||||
{"add", 0, 0, 'a'},
|
||||
{"create", 0, 0, 'c'},
|
||||
{"dryrun", 0, 0, 'd'},
|
||||
@@ -991,6 +993,12 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
|
||||
PROFILE_NAME_SIZE) == NULL)
|
||||
vah_error(ctl, 1, "error copying UUID");
|
||||
break;
|
||||
+ case 'p':
|
||||
+ if (STREQ(optarg, "1"))
|
||||
+ ctl->allowDiskFormatProbing = true;
|
||||
+ else
|
||||
+ ctl->allowDiskFormatProbing = false;
|
||||
+ break;
|
||||
default:
|
||||
vah_error(ctl, 1, "unsupported option");
|
||||
break;
|
||||
diff --git a/tests/seclabeltest.c b/tests/seclabeltest.c
|
||||
index 26d1f86..ef3f026 100644
|
||||
--- a/tests/seclabeltest.c
|
||||
+++ b/tests/seclabeltest.c
|
||||
@@ -15,7 +15,7 @@ main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
|
||||
const char *doi, *model;
|
||||
virSecurityDriverPtr security_drv;
|
||||
|
||||
- ret = virSecurityDriverStartup (&security_drv, "selinux");
|
||||
+ ret = virSecurityDriverStartup (&security_drv, "selinux", false);
|
||||
if (ret == -1)
|
||||
{
|
||||
fprintf (stderr, "Failed to start security driver");
|
||||
--
|
||||
1.7.1.1
|
||||
|
||||
@@ -1,94 +0,0 @@
|
||||
From 3534cd47a57ee9cf7041472511444784f14d6939 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Mon, 14 Jun 2010 16:08:55 +0100
|
||||
Subject: [PATCH 09/11] Add ability to set a default driver name/type when parsing disks
|
||||
|
||||
Record a default driver name/type in capabilities struct. Use this
|
||||
when parsing disks if value is not set in XML config.
|
||||
|
||||
* src/conf/capabilities.h: Record default driver name/type for disks
|
||||
* src/conf/domain_conf.c: Fallback to default driver name/type
|
||||
when parsing disks
|
||||
* src/qemu/qemu_driver.c: Set default driver name/type to raw
|
||||
---
|
||||
src/conf/capabilities.h | 2 ++
|
||||
src/conf/domain_conf.c | 16 +++++++++++++++-
|
||||
src/qemu/qemu_driver.c | 8 ++++++++
|
||||
3 files changed, 25 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/src/conf/capabilities.h b/src/conf/capabilities.h
|
||||
index 9290c82..f676eb8 100644
|
||||
--- a/src/conf/capabilities.h
|
||||
+++ b/src/conf/capabilities.h
|
||||
@@ -123,6 +123,8 @@ struct _virCaps {
|
||||
virCapsGuestPtr *guests;
|
||||
unsigned char macPrefix[VIR_MAC_PREFIX_BUFLEN];
|
||||
unsigned int emulatorRequired : 1;
|
||||
+ const char *defaultDiskDriverName;
|
||||
+ const char *defaultDiskDriverType;
|
||||
void *(*privateDataAllocFunc)(void);
|
||||
void (*privateDataFreeFunc)(void *);
|
||||
int (*privateDataXMLFormat)(virBufferPtr, void *);
|
||||
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
||||
index b20ca97..f3b8cfa 100644
|
||||
--- a/src/conf/domain_conf.c
|
||||
+++ b/src/conf/domain_conf.c
|
||||
@@ -1639,6 +1639,16 @@ virDomainDiskDefParseXML(virCapsPtr caps,
|
||||
def->serial = serial;
|
||||
serial = NULL;
|
||||
|
||||
+ if (!def->driverType &&
|
||||
+ caps->defaultDiskDriverType &&
|
||||
+ !(def->driverType = strdup(caps->defaultDiskDriverType)))
|
||||
+ goto no_memory;
|
||||
+
|
||||
+ if (!def->driverName &&
|
||||
+ caps->defaultDiskDriverName &&
|
||||
+ !(def->driverName = strdup(caps->defaultDiskDriverName)))
|
||||
+ goto no_memory;
|
||||
+
|
||||
if (def->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE
|
||||
&& virDomainDiskDefAssignAddress(caps, def) < 0)
|
||||
goto error;
|
||||
@@ -1659,6 +1669,9 @@ cleanup:
|
||||
|
||||
return def;
|
||||
|
||||
+no_memory:
|
||||
+ virReportOOMError();
|
||||
+
|
||||
error:
|
||||
virDomainDiskDefFree(def);
|
||||
def = NULL;
|
||||
@@ -4275,7 +4288,8 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
|
||||
if (n && VIR_ALLOC_N(def->disks, n) < 0)
|
||||
goto no_memory;
|
||||
for (i = 0 ; i < n ; i++) {
|
||||
- virDomainDiskDefPtr disk = virDomainDiskDefParseXML(caps, nodes[i],
|
||||
+ virDomainDiskDefPtr disk = virDomainDiskDefParseXML(caps,
|
||||
+ nodes[i],
|
||||
flags);
|
||||
if (!disk)
|
||||
goto error;
|
||||
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
||||
index 3c479c5..14b790e 100644
|
||||
--- a/src/qemu/qemu_driver.c
|
||||
+++ b/src/qemu/qemu_driver.c
|
||||
@@ -1357,6 +1357,14 @@ qemuCreateCapabilities(virCapsPtr oldcaps,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ if (driver->allowDiskFormatProbing) {
|
||||
+ caps->defaultDiskDriverName = NULL;
|
||||
+ caps->defaultDiskDriverType = NULL;
|
||||
+ } else {
|
||||
+ caps->defaultDiskDriverName = "qemu";
|
||||
+ caps->defaultDiskDriverType = "raw";
|
||||
+ }
|
||||
+
|
||||
/* Domain XML parser hooks */
|
||||
caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc;
|
||||
caps->privateDataFreeFunc = qemuDomainObjPrivateFree;
|
||||
--
|
||||
1.7.1.1
|
||||
|
||||
@@ -1,291 +0,0 @@
|
||||
From 2ba8625d6d148fa489586efabdfaf2ef20903762 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Wed, 16 Jun 2010 14:14:05 +0100
|
||||
Subject: [PATCH 10/11] Rewrite qemu-img backing store format handling
|
||||
|
||||
When creating qcow2 files with a backing store, it is important
|
||||
to set an explicit format to prevent QEMU probing. The storage
|
||||
backend was only doing this if it found a 'kvm-img' binary. This
|
||||
is wrong because plenty of kvm-img binaries don't support an
|
||||
explicit format, and plenty of 'qemu-img' binaries do support
|
||||
a format. The result was that most qcow2 files were not getting
|
||||
a backing store format.
|
||||
|
||||
This patch runs 'qemu-img -h' to check for the two support
|
||||
argument formats
|
||||
|
||||
'-o backing_format=raw'
|
||||
'-F raw'
|
||||
|
||||
and use whichever option it finds
|
||||
|
||||
* src/storage/storage_backend.c: Query binary to determine
|
||||
how to set the backing store format
|
||||
---
|
||||
src/storage/storage_backend.c | 214 +++++++++++++++++++++++++++++------------
|
||||
1 files changed, 152 insertions(+), 62 deletions(-)
|
||||
|
||||
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
|
||||
index aba8937..c185693 100644
|
||||
--- a/src/storage/storage_backend.c
|
||||
+++ b/src/storage/storage_backend.c
|
||||
@@ -561,6 +561,69 @@ static int virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+enum {
|
||||
+ QEMU_IMG_BACKING_FORMAT_NONE = 0,
|
||||
+ QEMU_IMG_BACKING_FORMAT_FLAG,
|
||||
+ QEMU_IMG_BACKING_FORMAT_OPTIONS,
|
||||
+};
|
||||
+
|
||||
+static int virStorageBackendQEMUImgBackingFormat(const char *qemuimg)
|
||||
+{
|
||||
+ const char *const qemuarg[] = { qemuimg, "-h", NULL };
|
||||
+ const char *const qemuenv[] = { "LC_ALL=C", NULL };
|
||||
+ pid_t child = 0;
|
||||
+ int status;
|
||||
+ int newstdout = -1;
|
||||
+ char *help = NULL;
|
||||
+ enum { MAX_HELP_OUTPUT_SIZE = 1024*8 };
|
||||
+ int len;
|
||||
+ char *start;
|
||||
+ char *end;
|
||||
+ char *tmp;
|
||||
+ int ret = -1;
|
||||
+
|
||||
+ if (virExec(qemuarg, qemuenv, NULL,
|
||||
+ &child, -1, &newstdout, NULL, VIR_EXEC_CLEAR_CAPS) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if ((len = virFileReadLimFD(newstdout, MAX_HELP_OUTPUT_SIZE, &help)) < 0) {
|
||||
+ virReportSystemError(errno,
|
||||
+ _("Unable to read '%s -h' output"),
|
||||
+ qemuimg);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ start = strstr(help, " create ");
|
||||
+ end = strstr(start, "\n");
|
||||
+ if ((tmp = strstr(start, "-F fmt")) && tmp < end)
|
||||
+ ret = QEMU_IMG_BACKING_FORMAT_FLAG;
|
||||
+ else if ((tmp = strstr(start, "[-o options]")) && tmp < end)
|
||||
+ ret = QEMU_IMG_BACKING_FORMAT_OPTIONS;
|
||||
+ else
|
||||
+ ret = QEMU_IMG_BACKING_FORMAT_NONE;
|
||||
+
|
||||
+cleanup:
|
||||
+ VIR_FREE(help);
|
||||
+ close(newstdout);
|
||||
+rewait:
|
||||
+ if (child) {
|
||||
+ if (waitpid(child, &status, 0) != child) {
|
||||
+ if (errno == EINTR)
|
||||
+ goto rewait;
|
||||
+
|
||||
+ VIR_ERROR(_("Unexpected exit status from qemu %d pid %lu"),
|
||||
+ WEXITSTATUS(status), (unsigned long)child);
|
||||
+ }
|
||||
+ if (WEXITSTATUS(status) != 0) {
|
||||
+ VIR_WARN("Unexpected exit status '%d', qemu probably failed",
|
||||
+ WEXITSTATUS(status));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+
|
||||
static int
|
||||
virStorageBackendCreateQemuImg(virConnectPtr conn,
|
||||
virStoragePoolObjPtr pool,
|
||||
@@ -568,10 +631,9 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
|
||||
virStorageVolDefPtr inputvol,
|
||||
unsigned int flags ATTRIBUTE_UNUSED)
|
||||
{
|
||||
- int ret;
|
||||
+ int ret = -1;
|
||||
char size[100];
|
||||
char *create_tool;
|
||||
- short use_kvmimg;
|
||||
|
||||
const char *type = virStorageFileFormatTypeToString(vol->target.format);
|
||||
const char *backingType = vol->backingStore.path ?
|
||||
@@ -582,41 +644,10 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
|
||||
const char *inputPath = inputvol ? inputvol->target.path : NULL;
|
||||
/* Treat input block devices as 'raw' format */
|
||||
const char *inputType = inputPath ?
|
||||
- virStorageFileFormatTypeToString(inputvol->type == VIR_STORAGE_VOL_BLOCK ? VIR_STORAGE_FILE_RAW : inputvol->target.format) :
|
||||
- NULL;
|
||||
-
|
||||
- const char **imgargv;
|
||||
- /* The extra NULL field is for indicating encryption (-e). */
|
||||
- const char *imgargvnormal[] = {
|
||||
- NULL, "create",
|
||||
- "-f", type,
|
||||
- vol->target.path,
|
||||
- size,
|
||||
- NULL,
|
||||
- NULL
|
||||
- };
|
||||
- /* Extra NULL fields are for including "backingType" when using
|
||||
- * kvm-img (-F backingType), and for indicating encryption (-e).
|
||||
- */
|
||||
- const char *imgargvbacking[] = {
|
||||
- NULL, "create",
|
||||
- "-f", type,
|
||||
- "-b", vol->backingStore.path,
|
||||
- vol->target.path,
|
||||
- size,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL
|
||||
- };
|
||||
- const char *convargv[] = {
|
||||
- NULL, "convert",
|
||||
- "-f", inputType,
|
||||
- "-O", type,
|
||||
- inputPath,
|
||||
- vol->target.path,
|
||||
- NULL,
|
||||
- };
|
||||
+ virStorageFileFormatTypeToString(inputvol->type == VIR_STORAGE_VOL_BLOCK ?
|
||||
+ VIR_STORAGE_FILE_RAW :
|
||||
+ inputvol->target.format) :
|
||||
+ NULL;
|
||||
|
||||
if (type == NULL) {
|
||||
virStorageReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
@@ -690,44 +721,103 @@ virStorageBackendCreateQemuImg(virConnectPtr conn,
|
||||
}
|
||||
}
|
||||
|
||||
- if ((create_tool = virFindFileInPath("kvm-img")) != NULL)
|
||||
- use_kvmimg = 1;
|
||||
- else if ((create_tool = virFindFileInPath("qemu-img")) != NULL)
|
||||
- use_kvmimg = 0;
|
||||
- else {
|
||||
+ /* Size in KB */
|
||||
+ snprintf(size, sizeof(size), "%lluK", vol->capacity/1024);
|
||||
+
|
||||
+ /* KVM is usually ahead of qemu on features, so try that first */
|
||||
+ create_tool = virFindFileInPath("kvm-img");
|
||||
+ if (!create_tool)
|
||||
+ create_tool = virFindFileInPath("qemu-img");
|
||||
+
|
||||
+ if (!create_tool) {
|
||||
virStorageReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
"%s", _("unable to find kvm-img or qemu-img"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (inputvol) {
|
||||
- convargv[0] = create_tool;
|
||||
- imgargv = convargv;
|
||||
+ const char *imgargv[] = {
|
||||
+ create_tool,
|
||||
+ "convert",
|
||||
+ "-f", inputType,
|
||||
+ "-O", type,
|
||||
+ inputPath,
|
||||
+ vol->target.path,
|
||||
+ NULL,
|
||||
+ };
|
||||
+
|
||||
+ ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
|
||||
} else if (vol->backingStore.path) {
|
||||
- imgargvbacking[0] = create_tool;
|
||||
- if (use_kvmimg) {
|
||||
- imgargvbacking[6] = "-F";
|
||||
- imgargvbacking[7] = backingType;
|
||||
- imgargvbacking[8] = vol->target.path;
|
||||
- imgargvbacking[9] = size;
|
||||
+ const char *imgargv[] = {
|
||||
+ create_tool,
|
||||
+ "create",
|
||||
+ "-f", type,
|
||||
+ "-b", vol->backingStore.path,
|
||||
+ NULL,
|
||||
+ NULL,
|
||||
+ NULL,
|
||||
+ NULL,
|
||||
+ NULL,
|
||||
+ NULL
|
||||
+ };
|
||||
+ int imgformat = virStorageBackendQEMUImgBackingFormat(create_tool);
|
||||
+ char *optflag = NULL;
|
||||
+ if (imgformat < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ switch (imgformat) {
|
||||
+ case QEMU_IMG_BACKING_FORMAT_FLAG:
|
||||
+ imgargv[6] = "-F";
|
||||
+ imgargv[7] = backingType;
|
||||
+ imgargv[8] = vol->target.path;
|
||||
+ imgargv[9] = size;
|
||||
+ if (vol->target.encryption != NULL)
|
||||
+ imgargv[10] = "-e";
|
||||
+ break;
|
||||
+
|
||||
+ case QEMU_IMG_BACKING_FORMAT_OPTIONS:
|
||||
+ if (virAsprintf(&optflag, "backing_fmt=%s", backingType) < 0) {
|
||||
+ virReportOOMError();
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ imgargv[6] = "-o";
|
||||
+ imgargv[7] = optflag;
|
||||
+ imgargv[8] = vol->target.path;
|
||||
+ imgargv[9] = size;
|
||||
if (vol->target.encryption != NULL)
|
||||
- imgargvbacking[10] = "-e";
|
||||
- } else if (vol->target.encryption != NULL)
|
||||
- imgargvbacking[8] = "-e";
|
||||
- imgargv = imgargvbacking;
|
||||
+ imgargv[10] = "-e";
|
||||
+ break;
|
||||
+
|
||||
+ default:
|
||||
+ VIR_INFO("Unable to set backing store format for %s with %s",
|
||||
+ vol->target.path, create_tool);
|
||||
+ imgargv[6] = vol->target.path;
|
||||
+ imgargv[7] = size;
|
||||
+ if (vol->target.encryption != NULL)
|
||||
+ imgargv[8] = "-e";
|
||||
+ }
|
||||
+
|
||||
+ ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
|
||||
+ VIR_FREE(optflag);
|
||||
} else {
|
||||
- imgargvnormal[0] = create_tool;
|
||||
- imgargv = imgargvnormal;
|
||||
+ /* The extra NULL field is for indicating encryption (-e). */
|
||||
+ const char *imgargv[] = {
|
||||
+ create_tool,
|
||||
+ "create",
|
||||
+ "-f", type,
|
||||
+ vol->target.path,
|
||||
+ size,
|
||||
+ NULL,
|
||||
+ NULL
|
||||
+ };
|
||||
if (vol->target.encryption != NULL)
|
||||
imgargv[6] = "-e";
|
||||
- }
|
||||
|
||||
+ ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
|
||||
+ }
|
||||
|
||||
- /* Size in KB */
|
||||
- snprintf(size, sizeof(size), "%lluK", vol->capacity/1024);
|
||||
-
|
||||
- ret = virStorageBackendCreateExecCommand(pool, vol, imgargv);
|
||||
- VIR_FREE(imgargv[0]);
|
||||
+ cleanup:
|
||||
+ VIR_FREE(create_tool);
|
||||
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
1.7.1.1
|
||||
|
||||
@@ -1,165 +0,0 @@
|
||||
From d33f44c2e74de28c89b64cdc2c0a6564662e075c Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Fri, 9 Jul 2010 11:28:40 +0100
|
||||
Subject: [PATCH 11/11] Use the extract backing store format in storage volume lookup
|
||||
|
||||
The storage volume lookup code was probing for the backing store
|
||||
format, instead of using the format extracted from the file
|
||||
itself. This meant it could report in accurate information. If
|
||||
a format is included in the file, then use that in preference,
|
||||
with probing as a fallback.
|
||||
|
||||
* src/storage/storage_backend_fs.c: Use extracted backing store
|
||||
format
|
||||
---
|
||||
src/storage/storage_backend_fs.c | 80 +++++++++++++++++---------------------
|
||||
1 files changed, 36 insertions(+), 44 deletions(-)
|
||||
|
||||
diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
|
||||
index d3ac0fe..ffb0071 100644
|
||||
--- a/src/storage/storage_backend_fs.c
|
||||
+++ b/src/storage/storage_backend_fs.c
|
||||
@@ -51,6 +51,7 @@
|
||||
static int
|
||||
virStorageBackendProbeTarget(virStorageVolTargetPtr target,
|
||||
char **backingStore,
|
||||
+ int *backingStoreFormat,
|
||||
unsigned long long *allocation,
|
||||
unsigned long long *capacity,
|
||||
virStorageEncryptionPtr *encryption)
|
||||
@@ -58,6 +59,10 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
|
||||
int fd, ret;
|
||||
virStorageFileMetadata meta;
|
||||
|
||||
+ if (backingStore)
|
||||
+ *backingStore = NULL;
|
||||
+ if (backingStoreFormat)
|
||||
+ *backingStoreFormat = VIR_STORAGE_FILE_AUTO;
|
||||
if (encryption)
|
||||
*encryption = NULL;
|
||||
|
||||
@@ -89,22 +94,30 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
|
||||
|
||||
close(fd);
|
||||
|
||||
- if (backingStore) {
|
||||
- *backingStore = meta.backingStore;
|
||||
- meta.backingStore = NULL;
|
||||
+ if (meta.backingStore) {
|
||||
+ if (backingStore) {
|
||||
+ *backingStore = meta.backingStore;
|
||||
+ meta.backingStore = NULL;
|
||||
+ if (meta.backingStoreFormat == VIR_STORAGE_FILE_AUTO) {
|
||||
+ if ((*backingStoreFormat = virStorageFileProbeFormat(*backingStore)) < 0) {
|
||||
+ close(fd);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ } else {
|
||||
+ *backingStoreFormat = meta.backingStoreFormat;
|
||||
+ }
|
||||
+ } else {
|
||||
+ VIR_FREE(meta.backingStore);
|
||||
+ }
|
||||
}
|
||||
|
||||
- VIR_FREE(meta.backingStore);
|
||||
-
|
||||
if (capacity && meta.capacity)
|
||||
*capacity = meta.capacity;
|
||||
|
||||
if (encryption != NULL && meta.encrypted) {
|
||||
if (VIR_ALLOC(*encryption) < 0) {
|
||||
virReportOOMError();
|
||||
- if (backingStore)
|
||||
- VIR_FREE(*backingStore);
|
||||
- return -1;
|
||||
+ goto cleanup;
|
||||
}
|
||||
|
||||
switch (target->format) {
|
||||
@@ -124,6 +137,11 @@ virStorageBackendProbeTarget(virStorageVolTargetPtr target,
|
||||
}
|
||||
|
||||
return 0;
|
||||
+
|
||||
+cleanup:
|
||||
+ if (backingStore)
|
||||
+ VIR_FREE(*backingStore);
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
#if WITH_STORAGE_FS
|
||||
@@ -585,6 +603,7 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED,
|
||||
while ((ent = readdir(dir)) != NULL) {
|
||||
int ret;
|
||||
char *backingStore;
|
||||
+ int backingStoreFormat;
|
||||
|
||||
if (VIR_ALLOC(vol) < 0)
|
||||
goto no_memory;
|
||||
@@ -604,6 +623,7 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED,
|
||||
|
||||
if ((ret = virStorageBackendProbeTarget(&vol->target,
|
||||
&backingStore,
|
||||
+ &backingStoreFormat,
|
||||
&vol->allocation,
|
||||
&vol->capacity,
|
||||
&vol->target.encryption)) < 0) {
|
||||
@@ -619,46 +639,18 @@ virStorageBackendFileSystemRefresh(virConnectPtr conn ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (backingStore != NULL) {
|
||||
- if (vol->target.format == VIR_STORAGE_FILE_QCOW2 &&
|
||||
- STRPREFIX("fmt:", backingStore)) {
|
||||
- char *fmtstr = backingStore + 4;
|
||||
- char *path = strchr(fmtstr, ':');
|
||||
- if (!path) {
|
||||
- VIR_FREE(backingStore);
|
||||
- } else {
|
||||
- *path = '\0';
|
||||
- if ((vol->backingStore.format =
|
||||
- virStorageFileFormatTypeFromString(fmtstr)) < 0) {
|
||||
- VIR_FREE(backingStore);
|
||||
- } else {
|
||||
- memmove(backingStore, path, strlen(path) + 1);
|
||||
- vol->backingStore.path = backingStore;
|
||||
-
|
||||
- if (virStorageBackendUpdateVolTargetInfo(&vol->backingStore,
|
||||
- NULL,
|
||||
- NULL) < 0)
|
||||
- VIR_FREE(vol->backingStore);
|
||||
- }
|
||||
- }
|
||||
- } else {
|
||||
- vol->backingStore.path = backingStore;
|
||||
-
|
||||
- if ((ret = virStorageBackendProbeTarget(&vol->backingStore,
|
||||
- NULL, NULL, NULL,
|
||||
- NULL)) < 0) {
|
||||
- if (ret == -1)
|
||||
- goto cleanup;
|
||||
- else {
|
||||
- /* Silently ignore non-regular files,
|
||||
- * eg '.' '..', 'lost+found' */
|
||||
- VIR_FREE(vol->backingStore);
|
||||
- }
|
||||
- }
|
||||
+ vol->backingStore.path = backingStore;
|
||||
+ vol->backingStore.format = backingStoreFormat;
|
||||
+
|
||||
+ if (virStorageBackendUpdateVolTargetInfo(&vol->backingStore,
|
||||
+ NULL,
|
||||
+ NULL) < 0) {
|
||||
+ VIR_FREE(vol->backingStore.path);
|
||||
+ goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
-
|
||||
if (VIR_REALLOC_N(pool->volumes.objs,
|
||||
pool->volumes.count+1) < 0)
|
||||
goto no_memory;
|
||||
--
|
||||
1.7.1.1
|
||||
|
||||
@@ -1,265 +0,0 @@
|
||||
From 112a309bc7839e95c558b535143f855ce89cca8c Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Thu, 10 Jun 2010 12:50:38 -0400
|
||||
Subject: [PATCH] CVE-2010-2242 Apply a source port mapping to virtual network masquerading
|
||||
|
||||
IPtables will seek to preserve the source port unchanged when
|
||||
doing masquerading, if possible. NFS has a pseudo-security
|
||||
option where it checks for the source port <= 1023 before
|
||||
allowing a mount request. If an admin has used this to make the
|
||||
host OS trusted for mounts, the default iptables behaviour will
|
||||
potentially allow NAT'd guests access too. This needs to be
|
||||
stopped.
|
||||
|
||||
With this change, the iptables -t nat -L -n -v rules for the
|
||||
default network will be
|
||||
|
||||
Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes)
|
||||
pkts bytes target prot opt in out source destination
|
||||
14 840 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
|
||||
75 5752 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
|
||||
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
|
||||
|
||||
* src/network/bridge_driver.c: Add masquerade rules for TCP
|
||||
and UDP protocols
|
||||
* src/util/iptables.c, src/util/iptables.c: Add source port
|
||||
mappings for TCP & UDP protocols when masquerading.
|
||||
---
|
||||
src/network/bridge_driver.c | 73 ++++++++++++++++++++++++++++++++++++++++--
|
||||
src/util/iptables.c | 70 +++++++++++++++++++++++++++++------------
|
||||
src/util/iptables.h | 6 ++-
|
||||
3 files changed, 122 insertions(+), 27 deletions(-)
|
||||
|
||||
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
|
||||
index 72255c1..80ed57a 100644
|
||||
--- a/src/network/bridge_driver.c
|
||||
+++ b/src/network/bridge_driver.c
|
||||
@@ -638,18 +638,74 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
|
||||
goto masqerr2;
|
||||
}
|
||||
|
||||
- /* enable masquerading */
|
||||
+ /*
|
||||
+ * Enable masquerading.
|
||||
+ *
|
||||
+ * We need to end up with 3 rules in the table in this order
|
||||
+ *
|
||||
+ * 1. protocol=tcp with sport mapping restricton
|
||||
+ * 2. protocol=udp with sport mapping restricton
|
||||
+ * 3. generic any protocol
|
||||
+ *
|
||||
+ * The sport mappings are required, because default IPtables
|
||||
+ * MASQUERADE is maintain port number unchanged where possible.
|
||||
+ *
|
||||
+ * NFS can be configured to only "trust" port numbers < 1023.
|
||||
+ *
|
||||
+ * Guests using NAT thus need to be prevented from having port
|
||||
+ * numbers < 1023, otherwise they can bypass the NFS "security"
|
||||
+ * check on the source port number.
|
||||
+ *
|
||||
+ * Since we use '--insert' to add rules to the header of the
|
||||
+ * chain, we actually need to add them in the reverse of the
|
||||
+ * order just mentioned !
|
||||
+ */
|
||||
+
|
||||
+ /* First the generic masquerade rule for other protocols */
|
||||
if ((err = iptablesAddForwardMasquerade(driver->iptables,
|
||||
network->def->network,
|
||||
- network->def->forwardDev))) {
|
||||
+ network->def->forwardDev,
|
||||
+ NULL))) {
|
||||
virReportSystemError(err,
|
||||
_("failed to add iptables rule to enable masquerading to '%s'"),
|
||||
network->def->forwardDev ? network->def->forwardDev : NULL);
|
||||
goto masqerr3;
|
||||
}
|
||||
|
||||
+ /* UDP with a source port restriction */
|
||||
+ if ((err = iptablesAddForwardMasquerade(driver->iptables,
|
||||
+ network->def->network,
|
||||
+ network->def->forwardDev,
|
||||
+ "udp"))) {
|
||||
+ virReportSystemError(err,
|
||||
+ _("failed to add iptables rule to enable UDP masquerading to '%s'"),
|
||||
+ network->def->forwardDev ? network->def->forwardDev : NULL);
|
||||
+ goto masqerr4;
|
||||
+ }
|
||||
+
|
||||
+ /* TCP with a source port restriction */
|
||||
+ if ((err = iptablesAddForwardMasquerade(driver->iptables,
|
||||
+ network->def->network,
|
||||
+ network->def->forwardDev,
|
||||
+ "tcp"))) {
|
||||
+ virReportSystemError(err,
|
||||
+ _("failed to add iptables rule to enable TCP masquerading to '%s'"),
|
||||
+ network->def->forwardDev ? network->def->forwardDev : NULL);
|
||||
+ goto masqerr5;
|
||||
+ }
|
||||
+
|
||||
return 1;
|
||||
|
||||
+ masqerr5:
|
||||
+ iptablesRemoveForwardMasquerade(driver->iptables,
|
||||
+ network->def->network,
|
||||
+ network->def->forwardDev,
|
||||
+ "udp");
|
||||
+ masqerr4:
|
||||
+ iptablesRemoveForwardMasquerade(driver->iptables,
|
||||
+ network->def->network,
|
||||
+ network->def->forwardDev,
|
||||
+ NULL);
|
||||
masqerr3:
|
||||
iptablesRemoveForwardAllowRelatedIn(driver->iptables,
|
||||
network->def->network,
|
||||
@@ -814,8 +870,17 @@ networkRemoveIptablesRules(struct network_driver *driver,
|
||||
if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) {
|
||||
if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) {
|
||||
iptablesRemoveForwardMasquerade(driver->iptables,
|
||||
- network->def->network,
|
||||
- network->def->forwardDev);
|
||||
+ network->def->network,
|
||||
+ network->def->forwardDev,
|
||||
+ "tcp");
|
||||
+ iptablesRemoveForwardMasquerade(driver->iptables,
|
||||
+ network->def->network,
|
||||
+ network->def->forwardDev,
|
||||
+ "udp");
|
||||
+ iptablesRemoveForwardMasquerade(driver->iptables,
|
||||
+ network->def->network,
|
||||
+ network->def->forwardDev,
|
||||
+ NULL);
|
||||
iptablesRemoveForwardAllowRelatedIn(driver->iptables,
|
||||
network->def->network,
|
||||
network->def->bridge,
|
||||
diff --git a/src/util/iptables.c b/src/util/iptables.c
|
||||
index d06b857..f63e8c6 100644
|
||||
--- a/src/util/iptables.c
|
||||
+++ b/src/util/iptables.c
|
||||
@@ -692,25 +692,49 @@ iptablesRemoveForwardRejectIn(iptablesContext *ctx,
|
||||
*/
|
||||
static int
|
||||
iptablesForwardMasquerade(iptablesContext *ctx,
|
||||
- const char *network,
|
||||
- const char *physdev,
|
||||
- int action)
|
||||
+ const char *network,
|
||||
+ const char *physdev,
|
||||
+ const char *protocol,
|
||||
+ int action)
|
||||
{
|
||||
- if (physdev && physdev[0]) {
|
||||
- return iptablesAddRemoveRule(ctx->nat_postrouting,
|
||||
- action,
|
||||
- "--source", network,
|
||||
- "!", "--destination", network,
|
||||
- "--out-interface", physdev,
|
||||
- "--jump", "MASQUERADE",
|
||||
- NULL);
|
||||
+ if (protocol && protocol[0]) {
|
||||
+ if (physdev && physdev[0]) {
|
||||
+ return iptablesAddRemoveRule(ctx->nat_postrouting,
|
||||
+ action,
|
||||
+ "--source", network,
|
||||
+ "-p", protocol,
|
||||
+ "!", "--destination", network,
|
||||
+ "--out-interface", physdev,
|
||||
+ "--jump", "MASQUERADE",
|
||||
+ "--to-ports", "1024-65535",
|
||||
+ NULL);
|
||||
+ } else {
|
||||
+ return iptablesAddRemoveRule(ctx->nat_postrouting,
|
||||
+ action,
|
||||
+ "--source", network,
|
||||
+ "-p", protocol,
|
||||
+ "!", "--destination", network,
|
||||
+ "--jump", "MASQUERADE",
|
||||
+ "--to-ports", "1024-65535",
|
||||
+ NULL);
|
||||
+ }
|
||||
} else {
|
||||
- return iptablesAddRemoveRule(ctx->nat_postrouting,
|
||||
- action,
|
||||
- "--source", network,
|
||||
- "!", "--destination", network,
|
||||
- "--jump", "MASQUERADE",
|
||||
- NULL);
|
||||
+ if (physdev && physdev[0]) {
|
||||
+ return iptablesAddRemoveRule(ctx->nat_postrouting,
|
||||
+ action,
|
||||
+ "--source", network,
|
||||
+ "!", "--destination", network,
|
||||
+ "--out-interface", physdev,
|
||||
+ "--jump", "MASQUERADE",
|
||||
+ NULL);
|
||||
+ } else {
|
||||
+ return iptablesAddRemoveRule(ctx->nat_postrouting,
|
||||
+ action,
|
||||
+ "--source", network,
|
||||
+ "!", "--destination", network,
|
||||
+ "--jump", "MASQUERADE",
|
||||
+ NULL);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -719,6 +743,7 @@ iptablesForwardMasquerade(iptablesContext *ctx,
|
||||
* @ctx: pointer to the IP table context
|
||||
* @network: the source network name
|
||||
* @physdev: the physical input device or NULL
|
||||
+ * @protocol: the network protocol or NULL
|
||||
*
|
||||
* Add rules to the IP table context to allow masquerading
|
||||
* network @network on @physdev. This allow the bridge to
|
||||
@@ -729,9 +754,10 @@ iptablesForwardMasquerade(iptablesContext *ctx,
|
||||
int
|
||||
iptablesAddForwardMasquerade(iptablesContext *ctx,
|
||||
const char *network,
|
||||
- const char *physdev)
|
||||
+ const char *physdev,
|
||||
+ const char *protocol)
|
||||
{
|
||||
- return iptablesForwardMasquerade(ctx, network, physdev, ADD);
|
||||
+ return iptablesForwardMasquerade(ctx, network, physdev, protocol, ADD);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -739,6 +765,7 @@ iptablesAddForwardMasquerade(iptablesContext *ctx,
|
||||
* @ctx: pointer to the IP table context
|
||||
* @network: the source network name
|
||||
* @physdev: the physical input device or NULL
|
||||
+ * @protocol: the network protocol or NULL
|
||||
*
|
||||
* Remove rules from the IP table context to stop masquerading
|
||||
* network @network on @physdev. This stops the bridge from
|
||||
@@ -749,7 +776,8 @@ iptablesAddForwardMasquerade(iptablesContext *ctx,
|
||||
int
|
||||
iptablesRemoveForwardMasquerade(iptablesContext *ctx,
|
||||
const char *network,
|
||||
- const char *physdev)
|
||||
+ const char *physdev,
|
||||
+ const char *protocol)
|
||||
{
|
||||
- return iptablesForwardMasquerade(ctx, network, physdev, REMOVE);
|
||||
+ return iptablesForwardMasquerade(ctx, network, physdev, protocol, REMOVE);
|
||||
}
|
||||
diff --git a/src/util/iptables.h b/src/util/iptables.h
|
||||
index 7d55a6d..b47d854 100644
|
||||
--- a/src/util/iptables.h
|
||||
+++ b/src/util/iptables.h
|
||||
@@ -85,9 +85,11 @@ int iptablesRemoveForwardRejectIn (iptablesContext *ctx,
|
||||
|
||||
int iptablesAddForwardMasquerade (iptablesContext *ctx,
|
||||
const char *network,
|
||||
- const char *physdev);
|
||||
+ const char *physdev,
|
||||
+ const char *protocol);
|
||||
int iptablesRemoveForwardMasquerade (iptablesContext *ctx,
|
||||
const char *network,
|
||||
- const char *physdev);
|
||||
+ const char *physdev,
|
||||
+ const char *protocol);
|
||||
|
||||
#endif /* __QEMUD_IPTABLES_H__ */
|
||||
--
|
||||
1.6.6.1
|
||||
|
||||
@@ -1,44 +0,0 @@
|
||||
From f970d802ab805f1a37af384f148f34e108714034 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Blake <eblake@redhat.com>
|
||||
Date: Wed, 3 Nov 2010 15:20:24 -0600
|
||||
Subject: [PATCH] rpm: fix /var/lib/libvirt permissions
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=649511
|
||||
|
||||
Regression of forcing 0700 permissions (which breaks guest startup
|
||||
because the qemu user can't see /var/lib/libvirt/*.monitor) was
|
||||
introduced in commit 66823690e, as part of libvirt 0.8.2.
|
||||
|
||||
* libvirt.spec.in (%files): Drop %{_localstatedir}/lib/libvirt,
|
||||
since libvirt depends on libvirt-client.
|
||||
(%files client): Guarantee 755 permissions on
|
||||
%(_localstatedir}/lib/libvirt, since the qemu user must be able to
|
||||
do pathname resolution to a subdirectory.
|
||||
---
|
||||
libvirt.spec.in | 3 +--
|
||||
1 files changed, 1 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libvirt.spec.in b/libvirt.spec.in
|
||||
index 813e0c0..f77626e 100644
|
||||
--- a/libvirt.spec.in
|
||||
+++ b/libvirt.spec.in
|
||||
@@ -770,7 +770,6 @@ fi
|
||||
|
||||
%dir %{_localstatedir}/run/libvirt/
|
||||
|
||||
-%dir %{_localstatedir}/lib/libvirt/
|
||||
%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
|
||||
%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/
|
||||
%dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
|
||||
@@ -862,7 +861,7 @@ fi
|
||||
|
||||
%{_sysconfdir}/rc.d/init.d/libvirt-guests
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
|
||||
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt
|
||||
+%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
|
||||
|
||||
%if %{with_sasl}
|
||||
%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
|
||||
--
|
||||
1.7.3.4
|
||||
|
||||
@@ -0,0 +1,40 @@
|
||||
From e03899ff772cb753f02ecc99c81776a95c8e3d59 Mon Sep 17 00:00:00 2001
|
||||
From: Osier Yang <jyang@redhat.com>
|
||||
Date: Fri, 18 Feb 2011 13:45:13 +0800
|
||||
Subject: [PATCH 2/6] Requires gettext for client package
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=680270
|
||||
libvirt-client is missing some dependencies
|
||||
|
||||
libvirt-guests invokes functions in gettext.sh, so we need to
|
||||
require gettext package in spec file.
|
||||
|
||||
Demo with the fix:
|
||||
% rpm -q gettext
|
||||
package gettext is not installed
|
||||
|
||||
% rpm -ivh libvirt-client-0.8.8-1.fc14.x86_64.rpm
|
||||
error: Failed dependencies:
|
||||
gettext is needed by libvirt-client-0.8.8-1.fc14.x86_64
|
||||
|
||||
* libvirt.spec.in
|
||||
---
|
||||
libvirt.spec.in | 2 ++
|
||||
1 files changed, 2 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/libvirt.spec.in b/libvirt.spec.in
|
||||
index d4208e8..c08b186 100644
|
||||
--- a/libvirt.spec.in
|
||||
+++ b/libvirt.spec.in
|
||||
@@ -415,6 +415,8 @@ Requires: ncurses
|
||||
# So remote clients can access libvirt over SSH tunnel
|
||||
# (client invokes 'nc' against the UNIX socket on the server)
|
||||
Requires: nc
|
||||
+# Needed by libvirt-guests init script.
|
||||
+Requires: gettext
|
||||
%if %{with_sasl}
|
||||
Requires: cyrus-sasl
|
||||
# Not technically required, but makes 'out-of-box' config
|
||||
--
|
||||
1.7.3.4
|
||||
|
||||
+4
-4
@@ -1,4 +1,4 @@
|
||||
From 66aaaf1af42d6f1e9f9b75bd1514c0c097e244e6 Mon Sep 17 00:00:00 2001
|
||||
From 2c2ae4c48c7e57fd233f1b9475fb6ecbab04804a Mon Sep 17 00:00:00 2001
|
||||
From: Jiri Denemark <jdenemar@redhat.com>
|
||||
Date: Fri, 25 Mar 2011 16:45:45 +0100
|
||||
Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
|
||||
@@ -14,10 +14,10 @@ However, the patch missed two instances.
|
||||
1 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/daemon/remote.c b/daemon/remote.c
|
||||
index abf9cf3..8a25f05 100644
|
||||
index 554e75e..159430e 100644
|
||||
--- a/daemon/remote.c
|
||||
+++ b/daemon/remote.c
|
||||
@@ -4531,12 +4531,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
|
||||
@@ -4868,12 +4868,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
|
||||
ret->names.names_len =
|
||||
virStoragePoolListVolumes (pool,
|
||||
ret->names.names_val, args->maxnames);
|
||||
@@ -32,7 +32,7 @@ index abf9cf3..8a25f05 100644
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -4560,11 +4561,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -4897,11 +4898,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
|
||||
}
|
||||
|
||||
ret->num = virStoragePoolNumOfVolumes (pool);
|
||||
@@ -0,0 +1,30 @@
|
||||
From 29680e00f67bad9145387022ea0d3c307465d3dc Mon Sep 17 00:00:00 2001
|
||||
From: Eric Blake <eblake@redhat.com>
|
||||
Date: Mon, 21 Feb 2011 10:43:29 -0700
|
||||
Subject: [PATCH 4/6] build: add dependency on gnutls-utils
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=680270
|
||||
libvirt-client is missing some dependencies
|
||||
|
||||
* libvirt.spec.in (Requires): Add gnutls-utils, for virt-pki-validate.
|
||||
Suggested by Daniel P. Berrange.
|
||||
---
|
||||
libvirt.spec.in | 2 ++
|
||||
1 files changed, 2 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/libvirt.spec.in b/libvirt.spec.in
|
||||
index c08b186..23f4525 100644
|
||||
--- a/libvirt.spec.in
|
||||
+++ b/libvirt.spec.in
|
||||
@@ -417,6 +417,8 @@ Requires: ncurses
|
||||
Requires: nc
|
||||
# Needed by libvirt-guests init script.
|
||||
Requires: gettext
|
||||
+# Needed by virt-pki-validate script.
|
||||
+Requires: gnutls-utils
|
||||
%if %{with_sasl}
|
||||
Requires: cyrus-sasl
|
||||
# Not technically required, but makes 'out-of-box' config
|
||||
--
|
||||
1.7.3.4
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
commit efc2594b4e0cbcdd6947fafeeed41accd5b611e0
|
||||
Author: Jim Fehlig <jfehlig@novell.com>
|
||||
Date: Thu Feb 17 14:22:55 2011 -0700
|
||||
|
||||
Do not add drive 'boot=on' param when a kernel is specified
|
||||
|
||||
libvirt-tck was failing several domain tests [1] with qemu 0.14, which
|
||||
is now less tolerable of specifying 2 bootroms with the same boot index [2].
|
||||
|
||||
Drop the 'boot=on' param if kernel has been specfied.
|
||||
|
||||
[1] https://www.redhat.com/archives/libvir-list/2011-February/msg00559.html
|
||||
[2] http://lists.nongnu.org/archive/html/qemu-devel/2011-02/msg01892.html
|
||||
|
||||
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
|
||||
index 371a7ed..0db2843 100644
|
||||
--- a/src/qemu/qemu_command.c
|
||||
+++ b/src/qemu/qemu_command.c
|
||||
@@ -3173,7 +3173,7 @@ qemuBuildCommandLine(virConnectPtr conn,
|
||||
int bootCD = 0, bootFloppy = 0, bootDisk = 0;
|
||||
|
||||
/* If QEMU supports boot=on for -drive param... */
|
||||
- if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_BOOT) {
|
||||
+ if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_BOOT && !def->os.kernel) {
|
||||
for (i = 0 ; i < def->os.nBootDevs ; i++) {
|
||||
switch (def->os.bootDevs[i]) {
|
||||
case VIR_DOMAIN_BOOT_CDROM:
|
||||
@@ -0,0 +1,32 @@
|
||||
From 12509c09a55bd2ab171f9fa029fb94f297adc0a0 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel P. Berrange <berrange@redhat.com>
|
||||
Date: Thu, 24 Feb 2011 12:12:27 +0000
|
||||
Subject: [PATCH] Make commandtest more robust wrt its execution environment
|
||||
|
||||
When executed from cron, commandtest would fail to correctly
|
||||
identify daemon processes. Set session ID and process group
|
||||
IDs at startup to ensure we have a consistent environment to
|
||||
run in.
|
||||
|
||||
* tests/commandtest.c: Call setsid() and setpgid()
|
||||
---
|
||||
tests/commandtest.c | 3 +++
|
||||
1 files changed, 3 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/tests/commandtest.c b/tests/commandtest.c
|
||||
index 7157c51..dc2f8a1 100644
|
||||
--- a/tests/commandtest.c
|
||||
+++ b/tests/commandtest.c
|
||||
@@ -730,6 +730,9 @@ mymain(int argc, char **argv)
|
||||
if (chdir("/tmp") < 0)
|
||||
return(EXIT_FAILURE);
|
||||
|
||||
+ setpgid(0, 0);
|
||||
+ setsid();
|
||||
+
|
||||
/* Kill off any inherited fds that might interfere with our
|
||||
* testing. */
|
||||
fd = 3;
|
||||
--
|
||||
1.7.3.4
|
||||
|
||||
@@ -18,76 +18,76 @@ The entry points concerned are:
|
||||
|
||||
* src/libvirt.c: fix the above set of entry points to error on read-only
|
||||
connections
|
||||
|
||||
Rebased to 0.8.2, mostly changed the call of the error routines
|
||||
---
|
||||
|
||||
--- src/libvirt.c.orig 2011-03-14 17:03:45.000000000 +0800
|
||||
+++ src/libvirt.c 2011-03-14 17:10:41.000000000 +0800
|
||||
@@ -3190,6 +3190,10 @@ char *virConnectDomainXMLToNative(virCon
|
||||
diff --git a/src/libvirt.c b/src/libvirt.c
|
||||
index caa109d..713291f 100644
|
||||
--- a/src/libvirt.c
|
||||
+++ b/src/libvirt.c
|
||||
@@ -3321,6 +3321,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn,
|
||||
virDispatchError(NULL);
|
||||
return (NULL);
|
||||
return NULL;
|
||||
}
|
||||
+ if (conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ goto error;
|
||||
+ }
|
||||
|
||||
if (nativeFormat == NULL || domainXml == NULL) {
|
||||
virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
|
||||
@@ -9432,6 +9436,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
|
||||
return (-1);
|
||||
virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
|
||||
@@ -9748,6 +9752,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (dev->conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
if (dev->conn->driver->nodeDeviceDettach) {
|
||||
int ret;
|
||||
ret = dev->conn->driver->nodeDeviceDettach (dev);
|
||||
@@ -9475,6 +9484,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
|
||||
return (-1);
|
||||
@@ -9791,6 +9800,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (dev->conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
if (dev->conn->driver->nodeDeviceReAttach) {
|
||||
int ret;
|
||||
ret = dev->conn->driver->nodeDeviceReAttach (dev);
|
||||
@@ -9520,6 +9534,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
|
||||
return (-1);
|
||||
@@ -9836,6 +9850,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (dev->conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
if (dev->conn->driver->nodeDeviceReset) {
|
||||
int ret;
|
||||
ret = dev->conn->driver->nodeDeviceReset (dev);
|
||||
@@ -12775,6 +12794,10 @@ virDomainRevertToSnapshot(virDomainSnaps
|
||||
@@ -13131,6 +13150,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
|
||||
}
|
||||
|
||||
conn = snapshot->domain->conn;
|
||||
+ if (conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ goto error;
|
||||
+ }
|
||||
|
||||
if (conn->driver->domainRevertToSnapshot) {
|
||||
int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
|
||||
@@ -12821,6 +12844,10 @@ virDomainSnapshotDelete(virDomainSnapsho
|
||||
@@ -13177,6 +13200,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
|
||||
}
|
||||
|
||||
conn = snapshot->domain->conn;
|
||||
+ if (conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ goto error;
|
||||
+ }
|
||||
|
||||
@@ -0,0 +1,115 @@
|
||||
From 9388aeabcbb06ec93845b6d066148ad4cfe1dd9e Mon Sep 17 00:00:00 2001
|
||||
From: Eric Blake <eblake@redhat.com>
|
||||
Date: Fri, 24 Jun 2011 12:16:05 -0600
|
||||
Subject: [PATCH 6/6] remote: protect against integer overflow
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=717204
|
||||
CVE-2011-2511 - integer overflow in VirDomainGetVcpus
|
||||
|
||||
Integer overflow and remote code are never a nice mix.
|
||||
|
||||
This has existed since commit 56cd414.
|
||||
|
||||
* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
|
||||
* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
|
||||
on sending rpc.
|
||||
* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
|
||||
receiving rpc.
|
||||
|
||||
(cherry picked from commit 774b21c163845170c9ffa873f5720d318812eaf6)
|
||||
|
||||
Conflicts:
|
||||
|
||||
daemon/remote.c
|
||||
src/remote/remote_driver.c
|
||||
|
||||
Change to internal.h required to avoid backporting 89d994ad.
|
||||
---
|
||||
daemon/remote.c | 3 ++-
|
||||
src/internal.h | 17 +++++++++++++++++
|
||||
src/libvirt.c | 5 +++--
|
||||
src/remote/remote_driver.c | 3 ++-
|
||||
4 files changed, 24 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/daemon/remote.c b/daemon/remote.c
|
||||
index 159430e..b707326 100644
|
||||
--- a/daemon/remote.c
|
||||
+++ b/daemon/remote.c
|
||||
@@ -1722,7 +1722,8 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if (args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
|
||||
+ if (INT_MULTIPLY_OVERFLOW(args->maxinfo, args->maplen) ||
|
||||
+ args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
|
||||
virDomainFree(dom);
|
||||
remoteDispatchFormatError (rerr, "%s", _("maxinfo * maplen > REMOTE_CPUMAPS_MAX"));
|
||||
return -1;
|
||||
diff --git a/src/internal.h b/src/internal.h
|
||||
index e263684..f47b842 100644
|
||||
--- a/src/internal.h
|
||||
+++ b/src/internal.h
|
||||
@@ -232,6 +232,23 @@
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
+/* branch-specific: we don't want to update gnulib on the branch, so this
|
||||
+ * backports just one required macro from newer gnulib's intprops.h.
|
||||
+ * This version requires that both a and b are 'int', rather than
|
||||
+ * the fully type-generic version from gnulib. */
|
||||
+# define INT_MULTIPLY_OVERFLOW(a, b) \
|
||||
+ ((b) < 0 \
|
||||
+ ? ((a) < 0 \
|
||||
+ ? (a) < INT_MAX / (b) \
|
||||
+ : (b) == -1 \
|
||||
+ ? 0 \
|
||||
+ : INT_MIN / (b) < (a)) \
|
||||
+ : (b) == 0 \
|
||||
+ ? 0 \
|
||||
+ : ((a) < 0 \
|
||||
+ ? (a) < INT_MIN / (b) \
|
||||
+ : INT_MAX / (b) < (a)))
|
||||
+
|
||||
/* divide value by size, rounding up */
|
||||
# define VIR_DIV_UP(value, size) (((value) + (size) - 1) / (size))
|
||||
|
||||
diff --git a/src/libvirt.c b/src/libvirt.c
|
||||
index 8c70a1f..d8ab8f8 100644
|
||||
--- a/src/libvirt.c
|
||||
+++ b/src/libvirt.c
|
||||
@@ -40,6 +40,7 @@
|
||||
#include "util.h"
|
||||
#include "memory.h"
|
||||
#include "configmake.h"
|
||||
+#include "intprops.h"
|
||||
|
||||
#ifndef WITH_DRIVER_MODULES
|
||||
# ifdef WITH_TEST
|
||||
@@ -5363,8 +5364,8 @@ virDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
|
||||
|
||||
/* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not
|
||||
try to memcpy anything into a NULL pointer. */
|
||||
- if ((cpumaps == NULL && maplen != 0)
|
||||
- || (cpumaps && maplen <= 0)) {
|
||||
+ if (!cpumaps ? maplen != 0
|
||||
+ : (maplen <= 0 || INT_MULTIPLY_OVERFLOW(maxinfo, maplen))) {
|
||||
virLibDomainError(VIR_ERR_INVALID_ARG, __FUNCTION__);
|
||||
goto error;
|
||||
}
|
||||
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
|
||||
index 4ca0d3b..c73452e 100644
|
||||
--- a/src/remote/remote_driver.c
|
||||
+++ b/src/remote/remote_driver.c
|
||||
@@ -2850,7 +2850,8 @@ remoteDomainGetVcpus (virDomainPtr domain,
|
||||
maxinfo, REMOTE_VCPUINFO_MAX);
|
||||
goto done;
|
||||
}
|
||||
- if (maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
|
||||
+ if (INT_MULTIPLY_OVERFLOW(maxinfo, maplen) ||
|
||||
+ maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
|
||||
remoteError(VIR_ERR_RPC,
|
||||
_("vCPU map buffer length exceeds maximum: %d > %d"),
|
||||
maxinfo * maplen, REMOTE_CPUMAPS_MAX);
|
||||
--
|
||||
1.7.3.4
|
||||
|
||||
@@ -0,0 +1,99 @@
|
||||
From 775581ead9c0b6435e8a0dad2a6838909638e7b6 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Blake <eblake@redhat.com>
|
||||
Date: Wed, 23 Mar 2011 10:30:49 -0600
|
||||
Subject: [PATCH 5/6] rpm: add missing dependencies
|
||||
|
||||
manually adapted from upstream 206fc979b1656722b254e683d89b3e9fc4480c63
|
||||
|
||||
Among others, the missing radvd dependency showed up as:
|
||||
|
||||
error: Failed to start network ipv6net
|
||||
error: Cannot find radvd - Possibly the package isn't installed: No such file
|
||||
or directory
|
||||
|
||||
even when radvd was installed, because the RADVD preprocessor
|
||||
symbol was missing at configure time.
|
||||
|
||||
* libvirt.spec.in (with_network): Add Build and BuildRequires for radvd
|
||||
(BuildRequires): Add libxslt and augeas for docs and test.
|
||||
(with_libvirtd): Add module-init-tools for modprobe.
|
||||
(with_nwfilter): Add BuildRequires for ebtables.
|
||||
---
|
||||
libvirt.spec.in | 26 ++++++++++++++++++++++++--
|
||||
1 files changed, 24 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libvirt.spec.in b/libvirt.spec.in
|
||||
index 23f4525..8ffb757 100644
|
||||
--- a/libvirt.spec.in
|
||||
+++ b/libvirt.spec.in
|
||||
@@ -219,15 +219,21 @@ Requires: %{name}-client = %{version}-%{release}
|
||||
# daemon is present
|
||||
%if %{with_libvirtd}
|
||||
Requires: bridge-utils
|
||||
+# for modprobe of pci devices
|
||||
+Requires: module-init-tools
|
||||
+# for /sbin/ip
|
||||
+Requires: iproute
|
||||
%endif
|
||||
%if %{with_network}
|
||||
Requires: dnsmasq >= 2.41
|
||||
+Requires: radvd
|
||||
+%endif
|
||||
+%if %{with_network} || %{with_nwfilter}
|
||||
Requires: iptables
|
||||
+Requires: iptables-ipv6
|
||||
%endif
|
||||
%if %{with_nwfilter}
|
||||
Requires: ebtables
|
||||
-Requires: iptables
|
||||
-Requires: iptables-ipv6
|
||||
%endif
|
||||
# needed for device enumeration
|
||||
%if %{with_hal}
|
||||
@@ -295,10 +301,15 @@ BuildRequires: xmlrpc-c-devel >= 1.14.0
|
||||
%endif
|
||||
BuildRequires: libxml2-devel
|
||||
BuildRequires: xhtml1-dtds
|
||||
+BuildRequires: libxslt
|
||||
BuildRequires: readline-devel
|
||||
BuildRequires: ncurses-devel
|
||||
BuildRequires: gettext
|
||||
BuildRequires: gnutls-devel
|
||||
+%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
|
||||
+# for augparse, optionally used in testing
|
||||
+BuildRequires: augeas
|
||||
+%endif
|
||||
%if %{with_hal}
|
||||
BuildRequires: hal-devel
|
||||
%endif
|
||||
@@ -323,8 +334,15 @@ BuildRequires: libselinux-devel
|
||||
%endif
|
||||
%if %{with_network}
|
||||
BuildRequires: dnsmasq >= 2.41
|
||||
+BuildRequires: iptables
|
||||
+BuildRequires: iptables-ipv6
|
||||
+BuildRequires: radvd
|
||||
+%endif
|
||||
+%if %{with_nwfilter}
|
||||
+BuildRequires: ebtables
|
||||
%endif
|
||||
BuildRequires: bridge-utils
|
||||
+BuildRequires: module-init-tools
|
||||
%if %{with_sasl}
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
%endif
|
||||
@@ -388,7 +406,11 @@ BuildRequires: libssh2-devel
|
||||
BuildRequires: netcf-devel >= 0.1.4
|
||||
%endif
|
||||
%if %{with_esx}
|
||||
+%if 0%{?fedora} >= 9 || 0%{?rhel} >= 6
|
||||
BuildRequires: libcurl-devel
|
||||
+%else
|
||||
+BuildRequires: curl-devel
|
||||
+%endif
|
||||
%endif
|
||||
%if %{with_audit}
|
||||
BuildRequires: audit-libs-devel
|
||||
--
|
||||
1.7.3.4
|
||||
|
||||
@@ -0,0 +1,40 @@
|
||||
From c2d77ade37ee917ca258cb24ffb130fc07bb95b4 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Blake <eblake@redhat.com>
|
||||
Date: Thu, 26 May 2011 08:18:46 -0600
|
||||
Subject: [PATCH 1/6] security: plug regression introduced in disk probe logic
|
||||
|
||||
This patch resolves:
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=709775
|
||||
CVE-2011-2178 - regression introduced in disk probe logic
|
||||
|
||||
Regression introduced in commit d6623003 (v0.8.8) - using the
|
||||
wrong sizeof operand meant that security manager private data
|
||||
was overlaying the allowDiskFormatProbing member of struct
|
||||
_virSecurityManager. This reopens disk probing, which was
|
||||
supposed to be prevented by the solution to CVE-2010-2238.
|
||||
|
||||
* src/security/security_manager.c
|
||||
(virSecurityManagerGetPrivateData): Use correct offset.
|
||||
---
|
||||
src/security/security_manager.c | 4 +++-
|
||||
1 files changed, 3 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
|
||||
index 0246dd8..6f0becd 100644
|
||||
--- a/src/security/security_manager.c
|
||||
+++ b/src/security/security_manager.c
|
||||
@@ -107,7 +107,9 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
|
||||
|
||||
void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
|
||||
{
|
||||
- return ((char*)mgr) + sizeof(mgr);
|
||||
+ /* This accesses the memory just beyond mgr, which was allocated
|
||||
+ * via VIR_ALLOC_VAR earlier. */
|
||||
+ return mgr + 1;
|
||||
}
|
||||
|
||||
|
||||
--
|
||||
1.7.3.4
|
||||
|
||||
+189
-104
@@ -1,4 +1,4 @@
|
||||
From 3792981b7347625d65f4cb869e8016c1cf561f4f Mon Sep 17 00:00:00 2001
|
||||
From 90c7ad8540c9b11caa0e4b8589def6566d6a719b Mon Sep 17 00:00:00 2001
|
||||
From: Jiri Denemark <jdenemar@redhat.com>
|
||||
Date: Fri, 25 Mar 2011 16:45:44 +0100
|
||||
Subject: [PATCH 1/2] Make error reporting in libvirtd thread safe
|
||||
@@ -35,14 +35,14 @@ Conflicts:
|
||||
daemon/remote.c
|
||||
---
|
||||
daemon/dispatch.c | 8 +--
|
||||
daemon/remote.c | 214 +++++++++++++++++++++++++++-------------------------
|
||||
2 files changed, 113 insertions(+), 109 deletions(-)
|
||||
daemon/remote.c | 231 +++++++++++++++++++++++++++-------------------------
|
||||
2 files changed, 122 insertions(+), 117 deletions(-)
|
||||
|
||||
diff --git a/daemon/dispatch.c b/daemon/dispatch.c
|
||||
index 8f55eaa..167cdcb 100644
|
||||
index bf2ac73..e699e2a 100644
|
||||
--- a/daemon/dispatch.c
|
||||
+++ b/daemon/dispatch.c
|
||||
@@ -109,14 +109,10 @@ void remoteDispatchOOMError (remote_error *rerr)
|
||||
@@ -114,14 +114,10 @@ void remoteDispatchOOMError (remote_error *rerr)
|
||||
|
||||
|
||||
void remoteDispatchConnError (remote_error *rerr,
|
||||
@@ -60,10 +60,10 @@ index 8f55eaa..167cdcb 100644
|
||||
remoteDispatchCopyError(rerr, verr);
|
||||
else
|
||||
diff --git a/daemon/remote.c b/daemon/remote.c
|
||||
index cb9e83d..abf9cf3 100644
|
||||
index d53b466..554e75e 100644
|
||||
--- a/daemon/remote.c
|
||||
+++ b/daemon/remote.c
|
||||
@@ -716,8 +716,8 @@ remoteDispatchDomainGetSchedulerType (struct qemud_server *server ATTRIBUTE_UNUS
|
||||
@@ -757,8 +757,8 @@ remoteDispatchDomainGetSchedulerType (struct qemud_server *server ATTRIBUTE_UNUS
|
||||
|
||||
type = virDomainGetSchedulerType (dom, &nparams);
|
||||
if (type == NULL) {
|
||||
@@ -73,7 +73,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -760,9 +760,9 @@ remoteDispatchDomainGetSchedulerParameters (struct qemud_server *server ATTRIBUT
|
||||
@@ -801,9 +801,9 @@ remoteDispatchDomainGetSchedulerParameters (struct qemud_server *server ATTRIBUT
|
||||
|
||||
r = virDomainGetSchedulerParameters (dom, params, &nparams);
|
||||
if (r == -1) {
|
||||
@@ -84,7 +84,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -867,12 +867,13 @@ remoteDispatchDomainSetSchedulerParameters (struct qemud_server *server ATTRIBUT
|
||||
@@ -908,12 +908,13 @@ remoteDispatchDomainSetSchedulerParameters (struct qemud_server *server ATTRIBUT
|
||||
}
|
||||
|
||||
r = virDomainSetSchedulerParameters (dom, params, nparams);
|
||||
@@ -99,7 +99,7 @@ index cb9e83d..abf9cf3 100644
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -898,8 +899,8 @@ remoteDispatchDomainBlockStats (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -939,8 +940,8 @@ remoteDispatchDomainBlockStats (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
path = args->path;
|
||||
|
||||
if (virDomainBlockStats (dom, path, &stats, sizeof stats) == -1) {
|
||||
@@ -109,7 +109,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree (dom);
|
||||
@@ -934,8 +935,8 @@ remoteDispatchDomainInterfaceStats (struct qemud_server *server ATTRIBUTE_UNUSED
|
||||
@@ -975,8 +976,8 @@ remoteDispatchDomainInterfaceStats (struct qemud_server *server ATTRIBUTE_UNUSED
|
||||
path = args->path;
|
||||
|
||||
if (virDomainInterfaceStats (dom, path, &stats, sizeof stats) == -1) {
|
||||
@@ -119,7 +119,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree (dom);
|
||||
@@ -985,12 +986,13 @@ remoteDispatchDomainMemoryStats (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1026,12 +1027,13 @@ remoteDispatchDomainMemoryStats (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
nr_stats = virDomainMemoryStats (dom, stats, args->maxStats, 0);
|
||||
@@ -134,7 +134,7 @@ index cb9e83d..abf9cf3 100644
|
||||
|
||||
/* Allocate return buffer */
|
||||
if (VIR_ALLOC_N(ret->stats.stats_val, args->maxStats) < 0) {
|
||||
@@ -1051,8 +1053,8 @@ remoteDispatchDomainBlockPeek (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1092,8 +1094,8 @@ remoteDispatchDomainBlockPeek (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
if (virDomainBlockPeek (dom, path, offset, size,
|
||||
ret->buffer.buffer_val, flags) == -1) {
|
||||
/* free (ret->buffer.buffer_val); - caller frees */
|
||||
@@ -144,7 +144,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree (dom);
|
||||
@@ -1100,8 +1102,8 @@ remoteDispatchDomainMemoryPeek (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1141,8 +1143,8 @@ remoteDispatchDomainMemoryPeek (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
if (virDomainMemoryPeek (dom, offset, size,
|
||||
ret->buffer.buffer_val, flags) == -1) {
|
||||
/* free (ret->buffer.buffer_val); - caller frees */
|
||||
@@ -154,7 +154,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree (dom);
|
||||
@@ -1127,8 +1129,8 @@ remoteDispatchDomainAttachDevice (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1168,8 +1170,8 @@ remoteDispatchDomainAttachDevice (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainAttachDevice (dom, args->xml) == -1) {
|
||||
@@ -164,7 +164,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1153,8 +1155,8 @@ remoteDispatchDomainAttachDeviceFlags (struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -1194,8 +1196,8 @@ remoteDispatchDomainAttachDeviceFlags (struct qemud_server *server ATTRIBUTE_UNU
|
||||
}
|
||||
|
||||
if (virDomainAttachDeviceFlags (dom, args->xml, args->flags) == -1) {
|
||||
@@ -174,7 +174,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1179,8 +1181,8 @@ remoteDispatchDomainUpdateDeviceFlags (struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -1220,8 +1222,8 @@ remoteDispatchDomainUpdateDeviceFlags (struct qemud_server *server ATTRIBUTE_UNU
|
||||
}
|
||||
|
||||
if (virDomainUpdateDeviceFlags (dom, args->xml, args->flags) == -1) {
|
||||
@@ -184,7 +184,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1205,8 +1207,8 @@ remoteDispatchDomainCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1246,8 +1248,8 @@ remoteDispatchDomainCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainCreate (dom) == -1) {
|
||||
@@ -194,7 +194,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1231,8 +1233,8 @@ remoteDispatchDomainCreateWithFlags (struct qemud_server *server ATTRIBUTE_UNUSE
|
||||
@@ -1272,8 +1274,8 @@ remoteDispatchDomainCreateWithFlags (struct qemud_server *server ATTRIBUTE_UNUSE
|
||||
}
|
||||
|
||||
if (virDomainCreateWithFlags (dom, args->flags) == -1) {
|
||||
@@ -204,7 +204,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1305,8 +1307,8 @@ remoteDispatchDomainDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1346,8 +1348,8 @@ remoteDispatchDomainDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainDestroy (dom) == -1) {
|
||||
@@ -214,7 +214,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1331,8 +1333,8 @@ remoteDispatchDomainDetachDevice (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1372,8 +1374,8 @@ remoteDispatchDomainDetachDevice (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainDetachDevice (dom, args->xml) == -1) {
|
||||
@@ -224,7 +224,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1358,8 +1360,8 @@ remoteDispatchDomainDetachDeviceFlags (struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -1399,8 +1401,8 @@ remoteDispatchDomainDetachDeviceFlags (struct qemud_server *server ATTRIBUTE_UNU
|
||||
}
|
||||
|
||||
if (virDomainDetachDeviceFlags (dom, args->xml, args->flags) == -1) {
|
||||
@@ -234,7 +234,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1387,8 +1389,8 @@ remoteDispatchDomainDumpXml (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1428,8 +1430,8 @@ remoteDispatchDomainDumpXml (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
/* remoteDispatchClientRequest will free this. */
|
||||
ret->xml = virDomainGetXMLDesc (dom, args->flags);
|
||||
if (!ret->xml) {
|
||||
@@ -244,7 +244,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1456,8 +1458,8 @@ remoteDispatchDomainGetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1497,8 +1499,8 @@ remoteDispatchDomainGetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainGetAutostart (dom, &ret->autostart) == -1) {
|
||||
@@ -254,7 +254,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1483,8 +1485,8 @@ remoteDispatchDomainGetInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1524,8 +1526,8 @@ remoteDispatchDomainGetInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainGetInfo (dom, &info) == -1) {
|
||||
@@ -264,7 +264,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1518,8 +1520,8 @@ remoteDispatchDomainGetMaxMemory (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1559,8 +1561,8 @@ remoteDispatchDomainGetMaxMemory (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
|
||||
ret->memory = virDomainGetMaxMemory (dom);
|
||||
if (ret->memory == 0) {
|
||||
@@ -274,7 +274,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1545,8 +1547,8 @@ remoteDispatchDomainGetMaxVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1586,8 +1588,8 @@ remoteDispatchDomainGetMaxVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
|
||||
ret->num = virDomainGetMaxVcpus (dom);
|
||||
if (ret->num == -1) {
|
||||
@@ -284,7 +284,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1573,8 +1575,8 @@ remoteDispatchDomainGetSecurityLabel(struct qemud_server *server ATTRIBUTE_UNUSE
|
||||
@@ -1614,8 +1616,8 @@ remoteDispatchDomainGetSecurityLabel(struct qemud_server *server ATTRIBUTE_UNUSE
|
||||
|
||||
memset(&seclabel, 0, sizeof seclabel);
|
||||
if (virDomainGetSecurityLabel(dom, &seclabel) == -1) {
|
||||
@@ -294,7 +294,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1645,8 +1647,8 @@ remoteDispatchDomainGetOsType (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1686,8 +1688,8 @@ remoteDispatchDomainGetOsType (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
/* remoteDispatchClientRequest will free this */
|
||||
ret->type = virDomainGetOSType (dom);
|
||||
if (ret->type == NULL) {
|
||||
@@ -304,7 +304,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1696,10 +1698,10 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -1737,10 +1739,10 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
info, args->maxinfo,
|
||||
cpumaps, args->maplen);
|
||||
if (info_len == -1) {
|
||||
@@ -316,7 +316,17 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1809,11 +1811,12 @@ remoteDispatchDomainMigratePerform (struct qemud_server *server ATTRIBUTE_UNUSED
|
||||
@@ -1794,8 +1796,8 @@ remoteDispatchDomainGetVcpusFlags (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
|
||||
ret->num = virDomainGetVcpusFlags (dom, args->flags);
|
||||
if (ret->num == -1) {
|
||||
- virDomainFree(dom);
|
||||
remoteDispatchConnError(rerr, conn);
|
||||
+ virDomainFree(dom);
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -1877,11 +1879,12 @@ remoteDispatchDomainMigratePerform (struct qemud_server *server ATTRIBUTE_UNUSED
|
||||
args->cookie.cookie_len,
|
||||
args->uri,
|
||||
args->flags, dname, args->resource);
|
||||
@@ -330,7 +340,7 @@ index cb9e83d..abf9cf3 100644
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -1945,8 +1948,8 @@ remoteDispatchDomainMigratePrepareTunnel(struct qemud_server *server ATTRIBUTE_U
|
||||
@@ -2013,8 +2016,8 @@ remoteDispatchDomainMigratePrepareTunnel(struct qemud_server *server ATTRIBUTE_U
|
||||
args->flags, dname, args->resource,
|
||||
args->dom_xml);
|
||||
if (r == -1) {
|
||||
@@ -340,7 +350,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -2107,8 +2110,8 @@ remoteDispatchDomainPinVcpu (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2175,8 +2178,8 @@ remoteDispatchDomainPinVcpu (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
(unsigned char *) args->cpumap.cpumap_val,
|
||||
args->cpumap.cpumap_len);
|
||||
if (rv == -1) {
|
||||
@@ -350,7 +360,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2133,8 +2136,8 @@ remoteDispatchDomainReboot (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2201,8 +2204,8 @@ remoteDispatchDomainReboot (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainReboot (dom, args->flags) == -1) {
|
||||
@@ -360,7 +370,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2177,8 +2180,8 @@ remoteDispatchDomainResume (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2245,8 +2248,8 @@ remoteDispatchDomainResume (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainResume (dom) == -1) {
|
||||
@@ -370,7 +380,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2203,8 +2206,8 @@ remoteDispatchDomainSave (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2271,8 +2274,8 @@ remoteDispatchDomainSave (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainSave (dom, args->to) == -1) {
|
||||
@@ -380,7 +390,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2229,8 +2232,8 @@ remoteDispatchDomainCoreDump (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2297,8 +2300,8 @@ remoteDispatchDomainCoreDump (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainCoreDump (dom, args->to, args->flags) == -1) {
|
||||
@@ -390,7 +400,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2255,8 +2258,8 @@ remoteDispatchDomainSetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2323,8 +2326,8 @@ remoteDispatchDomainSetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainSetAutostart (dom, args->autostart) == -1) {
|
||||
@@ -400,7 +410,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2281,8 +2284,8 @@ remoteDispatchDomainSetMaxMemory (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2349,8 +2352,8 @@ remoteDispatchDomainSetMaxMemory (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainSetMaxMemory (dom, args->memory) == -1) {
|
||||
@@ -410,7 +420,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2307,8 +2310,8 @@ remoteDispatchDomainSetMemory (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2375,8 +2378,8 @@ remoteDispatchDomainSetMemory (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainSetMemory (dom, args->memory) == -1) {
|
||||
@@ -420,7 +430,34 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2333,8 +2336,8 @@ remoteDispatchDomainSetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2465,13 +2468,14 @@ remoteDispatchDomainSetMemoryParameters(struct qemud_server *server
|
||||
}
|
||||
|
||||
r = virDomainSetMemoryParameters(dom, params, nparams, flags);
|
||||
- virDomainFree(dom);
|
||||
VIR_FREE(params);
|
||||
if (r == -1) {
|
||||
remoteDispatchConnError(rerr, conn);
|
||||
+ virDomainFree(dom);
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ virDomainFree(dom);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -2515,9 +2519,9 @@ remoteDispatchDomainGetMemoryParameters(struct qemud_server *server
|
||||
|
||||
r = virDomainGetMemoryParameters(dom, params, &nparams, flags);
|
||||
if (r == -1) {
|
||||
+ remoteDispatchConnError(rerr, conn);
|
||||
virDomainFree(dom);
|
||||
VIR_FREE(params);
|
||||
- remoteDispatchConnError(rerr, conn);
|
||||
return -1;
|
||||
}
|
||||
/* In this case, we need to send back the number of parameters
|
||||
@@ -2611,8 +2615,8 @@ remoteDispatchDomainSetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainSetVcpus (dom, args->nvcpus) == -1) {
|
||||
@@ -430,7 +467,17 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2359,8 +2362,8 @@ remoteDispatchDomainShutdown (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2637,8 +2641,8 @@ remoteDispatchDomainSetVcpusFlags (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainSetVcpusFlags (dom, args->nvcpus, args->flags) == -1) {
|
||||
- virDomainFree(dom);
|
||||
remoteDispatchConnError(rerr, conn);
|
||||
+ virDomainFree(dom);
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2663,8 +2667,8 @@ remoteDispatchDomainShutdown (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainShutdown (dom) == -1) {
|
||||
@@ -440,7 +487,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2385,8 +2388,8 @@ remoteDispatchDomainSuspend (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2689,8 +2693,8 @@ remoteDispatchDomainSuspend (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainSuspend (dom) == -1) {
|
||||
@@ -450,7 +497,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2411,8 +2414,8 @@ remoteDispatchDomainUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2715,8 +2719,8 @@ remoteDispatchDomainUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainUndefine (dom) == -1) {
|
||||
@@ -460,7 +507,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2504,8 +2507,8 @@ remoteDispatchDomainManagedSave (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2808,8 +2812,8 @@ remoteDispatchDomainManagedSave (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainManagedSave (dom, args->flags) == -1) {
|
||||
@@ -470,7 +517,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2531,8 +2534,8 @@ remoteDispatchDomainHasManagedSaveImage (struct qemud_server *server ATTRIBUTE_U
|
||||
@@ -2835,8 +2839,8 @@ remoteDispatchDomainHasManagedSaveImage (struct qemud_server *server ATTRIBUTE_U
|
||||
|
||||
ret->ret = virDomainHasManagedSaveImage (dom, args->flags);
|
||||
if (ret->ret == -1) {
|
||||
@@ -480,7 +527,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2557,8 +2560,8 @@ remoteDispatchDomainManagedSaveRemove (struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -2861,8 +2865,8 @@ remoteDispatchDomainManagedSaveRemove (struct qemud_server *server ATTRIBUTE_UNU
|
||||
}
|
||||
|
||||
if (virDomainManagedSaveRemove (dom, args->flags) == -1) {
|
||||
@@ -490,7 +537,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virDomainFree(dom);
|
||||
@@ -2617,8 +2620,8 @@ remoteDispatchNetworkCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2921,8 +2925,8 @@ remoteDispatchNetworkCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virNetworkCreate (net) == -1) {
|
||||
@@ -500,7 +547,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virNetworkFree(net);
|
||||
@@ -2687,8 +2690,8 @@ remoteDispatchNetworkDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -2991,8 +2995,8 @@ remoteDispatchNetworkDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virNetworkDestroy (net) == -1) {
|
||||
@@ -510,7 +557,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virNetworkFree(net);
|
||||
@@ -2715,8 +2718,8 @@ remoteDispatchNetworkDumpXml (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -3019,8 +3023,8 @@ remoteDispatchNetworkDumpXml (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
/* remoteDispatchClientRequest will free this. */
|
||||
ret->xml = virNetworkGetXMLDesc (net, args->flags);
|
||||
if (!ret->xml) {
|
||||
@@ -520,7 +567,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virNetworkFree(net);
|
||||
@@ -2741,8 +2744,8 @@ remoteDispatchNetworkGetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -3045,8 +3049,8 @@ remoteDispatchNetworkGetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virNetworkGetAutostart (net, &ret->autostart) == -1) {
|
||||
@@ -530,7 +577,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virNetworkFree(net);
|
||||
@@ -2769,8 +2772,8 @@ remoteDispatchNetworkGetBridgeName (struct qemud_server *server ATTRIBUTE_UNUSED
|
||||
@@ -3073,8 +3077,8 @@ remoteDispatchNetworkGetBridgeName (struct qemud_server *server ATTRIBUTE_UNUSED
|
||||
/* remoteDispatchClientRequest will free this. */
|
||||
ret->name = virNetworkGetBridgeName (net);
|
||||
if (!ret->name) {
|
||||
@@ -540,7 +587,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virNetworkFree(net);
|
||||
@@ -2839,8 +2842,8 @@ remoteDispatchNetworkSetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -3143,8 +3147,8 @@ remoteDispatchNetworkSetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virNetworkSetAutostart (net, args->autostart) == -1) {
|
||||
@@ -550,7 +597,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virNetworkFree(net);
|
||||
@@ -2865,8 +2868,8 @@ remoteDispatchNetworkUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -3169,8 +3173,8 @@ remoteDispatchNetworkUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virNetworkUndefine (net) == -1) {
|
||||
@@ -560,7 +607,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virNetworkFree(net);
|
||||
@@ -3102,8 +3105,8 @@ remoteDispatchInterfaceGetXmlDesc (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -3406,8 +3410,8 @@ remoteDispatchInterfaceGetXmlDesc (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
/* remoteDispatchClientRequest will free this. */
|
||||
ret->xml = virInterfaceGetXMLDesc (iface, args->flags);
|
||||
if (!ret->xml) {
|
||||
@@ -570,7 +617,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virInterfaceFree(iface);
|
||||
@@ -3150,8 +3153,8 @@ remoteDispatchInterfaceUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -3454,8 +3458,8 @@ remoteDispatchInterfaceUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virInterfaceUndefine (iface) == -1) {
|
||||
@@ -580,7 +627,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virInterfaceFree(iface);
|
||||
@@ -3176,8 +3179,8 @@ remoteDispatchInterfaceCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -3480,8 +3484,8 @@ remoteDispatchInterfaceCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virInterfaceCreate (iface, args->flags) == -1) {
|
||||
@@ -590,7 +637,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virInterfaceFree(iface);
|
||||
@@ -3202,8 +3205,8 @@ remoteDispatchInterfaceDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -3506,8 +3510,8 @@ remoteDispatchInterfaceDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virInterfaceDestroy (iface, args->flags) == -1) {
|
||||
@@ -600,7 +647,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virInterfaceFree(iface);
|
||||
@@ -4084,8 +4087,8 @@ remoteDispatchStoragePoolCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -4420,8 +4424,8 @@ remoteDispatchStoragePoolCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virStoragePoolCreate (pool, args->flags) == -1) {
|
||||
@@ -610,7 +657,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStoragePoolFree(pool);
|
||||
@@ -4154,8 +4157,8 @@ remoteDispatchStoragePoolBuild (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -4490,8 +4494,8 @@ remoteDispatchStoragePoolBuild (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virStoragePoolBuild (pool, args->flags) == -1) {
|
||||
@@ -620,7 +667,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStoragePoolFree(pool);
|
||||
@@ -4181,8 +4184,8 @@ remoteDispatchStoragePoolDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -4517,8 +4521,8 @@ remoteDispatchStoragePoolDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virStoragePoolDestroy (pool) == -1) {
|
||||
@@ -630,7 +677,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStoragePoolFree(pool);
|
||||
@@ -4207,8 +4210,8 @@ remoteDispatchStoragePoolDelete (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -4543,8 +4547,8 @@ remoteDispatchStoragePoolDelete (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virStoragePoolDelete (pool, args->flags) == -1) {
|
||||
@@ -640,7 +687,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStoragePoolFree(pool);
|
||||
@@ -4233,8 +4236,8 @@ remoteDispatchStoragePoolRefresh (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -4569,8 +4573,8 @@ remoteDispatchStoragePoolRefresh (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virStoragePoolRefresh (pool, args->flags) == -1) {
|
||||
@@ -650,7 +697,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStoragePoolFree(pool);
|
||||
@@ -4260,8 +4263,8 @@ remoteDispatchStoragePoolGetInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -4596,8 +4600,8 @@ remoteDispatchStoragePoolGetInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virStoragePoolGetInfo (pool, &info) == -1) {
|
||||
@@ -660,7 +707,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -4295,8 +4298,8 @@ remoteDispatchStoragePoolDumpXml (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -4631,8 +4635,8 @@ remoteDispatchStoragePoolDumpXml (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
/* remoteDispatchClientRequest will free this. */
|
||||
ret->xml = virStoragePoolGetXMLDesc (pool, args->flags);
|
||||
if (!ret->xml) {
|
||||
@@ -670,7 +717,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStoragePoolFree(pool);
|
||||
@@ -4321,8 +4324,8 @@ remoteDispatchStoragePoolGetAutostart (struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -4657,8 +4661,8 @@ remoteDispatchStoragePoolGetAutostart (struct qemud_server *server ATTRIBUTE_UNU
|
||||
}
|
||||
|
||||
if (virStoragePoolGetAutostart (pool, &ret->autostart) == -1) {
|
||||
@@ -680,7 +727,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStoragePoolFree(pool);
|
||||
@@ -4393,11 +4396,12 @@ remoteDispatchStoragePoolLookupByVolume (struct qemud_server *server ATTRIBUTE_U
|
||||
@@ -4729,11 +4733,12 @@ remoteDispatchStoragePoolLookupByVolume (struct qemud_server *server ATTRIBUTE_U
|
||||
}
|
||||
|
||||
pool = virStoragePoolLookupByVolume (vol);
|
||||
@@ -694,7 +741,7 @@ index cb9e83d..abf9cf3 100644
|
||||
|
||||
make_nonnull_storage_pool (&ret->pool, pool);
|
||||
virStoragePoolFree(pool);
|
||||
@@ -4422,8 +4426,8 @@ remoteDispatchStoragePoolSetAutostart (struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -4758,8 +4763,8 @@ remoteDispatchStoragePoolSetAutostart (struct qemud_server *server ATTRIBUTE_UNU
|
||||
}
|
||||
|
||||
if (virStoragePoolSetAutostart (pool, args->autostart) == -1) {
|
||||
@@ -704,7 +751,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStoragePoolFree(pool);
|
||||
@@ -4448,8 +4452,8 @@ remoteDispatchStoragePoolUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -4784,8 +4789,8 @@ remoteDispatchStoragePoolUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virStoragePoolUndefine (pool) == -1) {
|
||||
@@ -714,7 +761,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStoragePoolFree(pool);
|
||||
@@ -4591,11 +4595,12 @@ remoteDispatchStorageVolCreateXml (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -4927,11 +4932,12 @@ remoteDispatchStorageVolCreateXml (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
vol = virStorageVolCreateXML (pool, args->xml, args->flags);
|
||||
@@ -728,7 +775,7 @@ index cb9e83d..abf9cf3 100644
|
||||
|
||||
make_nonnull_storage_vol (&ret->vol, vol);
|
||||
virStorageVolFree(vol);
|
||||
@@ -4622,19 +4627,21 @@ remoteDispatchStorageVolCreateXmlFrom (struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -4958,19 +4964,21 @@ remoteDispatchStorageVolCreateXmlFrom (struct qemud_server *server ATTRIBUTE_UNU
|
||||
|
||||
clonevol = get_nonnull_storage_vol (conn, args->clonevol);
|
||||
if (clonevol == NULL) {
|
||||
@@ -753,7 +800,7 @@ index cb9e83d..abf9cf3 100644
|
||||
|
||||
make_nonnull_storage_vol (&ret->vol, newvol);
|
||||
virStorageVolFree(newvol);
|
||||
@@ -4659,8 +4666,8 @@ remoteDispatchStorageVolDelete (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -4995,8 +5003,8 @@ remoteDispatchStorageVolDelete (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virStorageVolDelete (vol, args->flags) == -1) {
|
||||
@@ -763,7 +810,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStorageVolFree(vol);
|
||||
@@ -4718,8 +4725,8 @@ remoteDispatchStorageVolGetInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -5054,8 +5062,8 @@ remoteDispatchStorageVolGetInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virStorageVolGetInfo (vol, &info) == -1) {
|
||||
@@ -773,7 +820,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -4752,8 +4759,8 @@ remoteDispatchStorageVolDumpXml (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -5088,8 +5096,8 @@ remoteDispatchStorageVolDumpXml (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
/* remoteDispatchClientRequest will free this. */
|
||||
ret->xml = virStorageVolGetXMLDesc (vol, args->flags);
|
||||
if (!ret->xml) {
|
||||
@@ -783,7 +830,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStorageVolFree(vol);
|
||||
@@ -4781,8 +4788,8 @@ remoteDispatchStorageVolGetPath (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -5117,8 +5125,8 @@ remoteDispatchStorageVolGetPath (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
/* remoteDispatchClientRequest will free this. */
|
||||
ret->name = virStorageVolGetPath (vol);
|
||||
if (!ret->name) {
|
||||
@@ -793,7 +840,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virStorageVolFree(vol);
|
||||
@@ -4809,11 +4816,12 @@ remoteDispatchStorageVolLookupByName (struct qemud_server *server ATTRIBUTE_UNUS
|
||||
@@ -5145,11 +5153,12 @@ remoteDispatchStorageVolLookupByName (struct qemud_server *server ATTRIBUTE_UNUS
|
||||
}
|
||||
|
||||
vol = virStorageVolLookupByName (pool, args->name);
|
||||
@@ -807,7 +854,7 @@ index cb9e83d..abf9cf3 100644
|
||||
|
||||
make_nonnull_storage_vol (&ret->vol, vol);
|
||||
virStorageVolFree(vol);
|
||||
@@ -5050,8 +5058,8 @@ remoteDispatchNodeDeviceNumOfCaps (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -5386,8 +5395,8 @@ remoteDispatchNodeDeviceNumOfCaps (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
|
||||
ret->num = virNodeDeviceNumOfCaps(dev);
|
||||
if (ret->num < 0) {
|
||||
@@ -817,7 +864,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5096,8 +5104,8 @@ remoteDispatchNodeDeviceListCaps (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -5432,8 +5441,8 @@ remoteDispatchNodeDeviceListCaps (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
virNodeDeviceListCaps (dev, ret->names.names_val,
|
||||
args->maxnames);
|
||||
if (ret->names.names_len == -1) {
|
||||
@@ -827,7 +874,7 @@ index cb9e83d..abf9cf3 100644
|
||||
VIR_FREE(ret->names.names_val);
|
||||
return -1;
|
||||
}
|
||||
@@ -5126,8 +5134,8 @@ remoteDispatchNodeDeviceDettach (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -5462,8 +5471,8 @@ remoteDispatchNodeDeviceDettach (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virNodeDeviceDettach(dev) == -1) {
|
||||
@@ -837,7 +884,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5155,8 +5163,8 @@ remoteDispatchNodeDeviceReAttach (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -5491,8 +5500,8 @@ remoteDispatchNodeDeviceReAttach (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virNodeDeviceReAttach(dev) == -1) {
|
||||
@@ -847,7 +894,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5184,8 +5192,8 @@ remoteDispatchNodeDeviceReset (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -5520,8 +5529,8 @@ remoteDispatchNodeDeviceReset (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virNodeDeviceReset(dev) == -1) {
|
||||
@@ -857,7 +904,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5236,8 +5244,8 @@ remoteDispatchNodeDeviceDestroy(struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -5572,8 +5581,8 @@ remoteDispatchNodeDeviceDestroy(struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virNodeDeviceDestroy(dev) == -1) {
|
||||
@@ -867,7 +914,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5615,8 +5623,8 @@ static int remoteDispatchDomainIsActive(struct qemud_server *server ATTRIBUTE_UN
|
||||
@@ -5953,8 +5962,8 @@ static int remoteDispatchDomainIsActive(struct qemud_server *server ATTRIBUTE_UN
|
||||
ret->active = virDomainIsActive(domain);
|
||||
|
||||
if (ret->active < 0) {
|
||||
@@ -877,7 +924,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5643,8 +5651,8 @@ static int remoteDispatchDomainIsPersistent(struct qemud_server *server ATTRIBUT
|
||||
@@ -5981,8 +5990,8 @@ static int remoteDispatchDomainIsPersistent(struct qemud_server *server ATTRIBUT
|
||||
ret->persistent = virDomainIsPersistent(domain);
|
||||
|
||||
if (ret->persistent < 0) {
|
||||
@@ -887,7 +934,17 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5671,8 +5679,8 @@ static int remoteDispatchInterfaceIsActive(struct qemud_server *server ATTRIBUTE
|
||||
@@ -6009,8 +6018,8 @@ static int remoteDispatchDomainIsUpdated(struct qemud_server *server ATTRIBUTE_U
|
||||
ret->updated = virDomainIsUpdated(domain);
|
||||
|
||||
if (ret->updated < 0) {
|
||||
- virDomainFree(domain);
|
||||
remoteDispatchConnError(err, conn);
|
||||
+ virDomainFree(domain);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -6037,8 +6046,8 @@ static int remoteDispatchInterfaceIsActive(struct qemud_server *server ATTRIBUTE
|
||||
ret->active = virInterfaceIsActive(iface);
|
||||
|
||||
if (ret->active < 0) {
|
||||
@@ -897,7 +954,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5699,8 +5707,8 @@ static int remoteDispatchNetworkIsActive(struct qemud_server *server ATTRIBUTE_U
|
||||
@@ -6065,8 +6074,8 @@ static int remoteDispatchNetworkIsActive(struct qemud_server *server ATTRIBUTE_U
|
||||
ret->active = virNetworkIsActive(network);
|
||||
|
||||
if (ret->active < 0) {
|
||||
@@ -907,7 +964,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5727,8 +5735,8 @@ static int remoteDispatchNetworkIsPersistent(struct qemud_server *server ATTRIBU
|
||||
@@ -6093,8 +6102,8 @@ static int remoteDispatchNetworkIsPersistent(struct qemud_server *server ATTRIBU
|
||||
ret->persistent = virNetworkIsPersistent(network);
|
||||
|
||||
if (ret->persistent < 0) {
|
||||
@@ -917,7 +974,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5755,8 +5763,8 @@ static int remoteDispatchStoragePoolIsActive(struct qemud_server *server ATTRIBU
|
||||
@@ -6121,8 +6130,8 @@ static int remoteDispatchStoragePoolIsActive(struct qemud_server *server ATTRIBU
|
||||
ret->active = virStoragePoolIsActive(pool);
|
||||
|
||||
if (ret->active < 0) {
|
||||
@@ -927,7 +984,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5783,8 +5791,8 @@ static int remoteDispatchStoragePoolIsPersistent(struct qemud_server *server ATT
|
||||
@@ -6149,8 +6158,8 @@ static int remoteDispatchStoragePoolIsPersistent(struct qemud_server *server ATT
|
||||
ret->persistent = virStoragePoolIsPersistent(pool);
|
||||
|
||||
if (ret->persistent < 0) {
|
||||
@@ -937,7 +994,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5879,8 +5887,8 @@ remoteDispatchDomainGetJobInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -6245,8 +6254,8 @@ remoteDispatchDomainGetJobInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainGetJobInfo (dom, &info) == -1) {
|
||||
@@ -947,7 +1004,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5921,8 +5929,8 @@ remoteDispatchDomainAbortJob (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -6287,8 +6296,8 @@ remoteDispatchDomainAbortJob (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainAbortJob (dom) == -1) {
|
||||
@@ -957,7 +1014,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5950,8 +5958,8 @@ remoteDispatchDomainMigrateSetMaxDowntime(struct qemud_server *server ATTRIBUTE_
|
||||
@@ -6316,8 +6325,8 @@ remoteDispatchDomainMigrateSetMaxDowntime(struct qemud_server *server ATTRIBUTE_
|
||||
}
|
||||
|
||||
if (virDomainMigrateSetMaxDowntime(dom, args->downtime, args->flags) == -1) {
|
||||
@@ -967,7 +1024,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5980,8 +5988,8 @@ remoteDispatchDomainSnapshotCreateXml (struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -6346,8 +6355,8 @@ remoteDispatchDomainSnapshotCreateXml (struct qemud_server *server ATTRIBUTE_UNU
|
||||
|
||||
snapshot = virDomainSnapshotCreateXML(domain, args->xml_desc, args->flags);
|
||||
if (snapshot == NULL) {
|
||||
@@ -977,7 +1034,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -6022,12 +6030,12 @@ remoteDispatchDomainSnapshotDumpXml (struct qemud_server *server ATTRIBUTE_UNUSE
|
||||
@@ -6388,12 +6397,12 @@ remoteDispatchDomainSnapshotDumpXml (struct qemud_server *server ATTRIBUTE_UNUSE
|
||||
rc = 0;
|
||||
|
||||
cleanup:
|
||||
@@ -992,7 +1049,7 @@ index cb9e83d..abf9cf3 100644
|
||||
|
||||
return rc;
|
||||
}
|
||||
@@ -6051,8 +6059,8 @@ remoteDispatchDomainSnapshotNum (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -6417,8 +6426,8 @@ remoteDispatchDomainSnapshotNum (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
|
||||
ret->num = virDomainSnapshotNum(domain, args->flags);
|
||||
if (ret->num == -1) {
|
||||
@@ -1002,7 +1059,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -6096,9 +6104,9 @@ remoteDispatchDomainSnapshotListNames (struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -6462,9 +6471,9 @@ remoteDispatchDomainSnapshotListNames (struct qemud_server *server ATTRIBUTE_UNU
|
||||
args->nameslen,
|
||||
args->flags);
|
||||
if (ret->names.names_len == -1) {
|
||||
@@ -1013,7 +1070,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -6127,8 +6135,8 @@ remoteDispatchDomainSnapshotLookupByName (struct qemud_server *server ATTRIBUTE_
|
||||
@@ -6493,8 +6502,8 @@ remoteDispatchDomainSnapshotLookupByName (struct qemud_server *server ATTRIBUTE_
|
||||
|
||||
snapshot = virDomainSnapshotLookupByName(domain, args->name, args->flags);
|
||||
if (snapshot == NULL) {
|
||||
@@ -1023,7 +1080,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -6160,8 +6168,8 @@ remoteDispatchDomainHasCurrentSnapshot(struct qemud_server *server ATTRIBUTE_UNU
|
||||
@@ -6526,8 +6535,8 @@ remoteDispatchDomainHasCurrentSnapshot(struct qemud_server *server ATTRIBUTE_UNU
|
||||
|
||||
result = virDomainHasCurrentSnapshot(domain, args->flags);
|
||||
if (result < 0) {
|
||||
@@ -1033,7 +1090,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -6192,8 +6200,8 @@ remoteDispatchDomainSnapshotCurrent(struct qemud_server *server ATTRIBUTE_UNUSED
|
||||
@@ -6558,8 +6567,8 @@ remoteDispatchDomainSnapshotCurrent(struct qemud_server *server ATTRIBUTE_UNUSED
|
||||
|
||||
snapshot = virDomainSnapshotCurrent(domain, args->flags);
|
||||
if (snapshot == NULL) {
|
||||
@@ -1043,7 +1100,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -6232,12 +6240,12 @@ remoteDispatchDomainRevertToSnapshot (struct qemud_server *server ATTRIBUTE_UNUS
|
||||
@@ -6598,12 +6607,12 @@ remoteDispatchDomainRevertToSnapshot (struct qemud_server *server ATTRIBUTE_UNUS
|
||||
rc = 0;
|
||||
|
||||
cleanup:
|
||||
@@ -1058,7 +1115,7 @@ index cb9e83d..abf9cf3 100644
|
||||
|
||||
return rc;
|
||||
}
|
||||
@@ -6269,12 +6277,12 @@ remoteDispatchDomainSnapshotDelete (struct qemud_server *server ATTRIBUTE_UNUSED
|
||||
@@ -6635,12 +6644,12 @@ remoteDispatchDomainSnapshotDelete (struct qemud_server *server ATTRIBUTE_UNUSED
|
||||
rc = 0;
|
||||
|
||||
cleanup:
|
||||
@@ -1073,7 +1130,7 @@ index cb9e83d..abf9cf3 100644
|
||||
|
||||
return rc;
|
||||
}
|
||||
@@ -6439,8 +6447,8 @@ remoteDispatchNwfilterUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -6805,8 +6814,8 @@ remoteDispatchNwfilterUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virNWFilterUndefine (nwfilter) == -1) {
|
||||
@@ -1083,7 +1140,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virNWFilterFree(nwfilter);
|
||||
@@ -6502,8 +6510,8 @@ remoteDispatchNwfilterGetXmlDesc (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -6868,8 +6877,8 @@ remoteDispatchNwfilterGetXmlDesc (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
/* remoteDispatchClientRequest will free this. */
|
||||
ret->xml = virNWFilterGetXMLDesc (nwfilter, args->flags);
|
||||
if (!ret->xml) {
|
||||
@@ -1093,7 +1150,7 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
virNWFilterFree(nwfilter);
|
||||
@@ -6550,8 +6558,8 @@ remoteDispatchDomainGetBlockInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
@@ -6916,8 +6925,8 @@ remoteDispatchDomainGetBlockInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
if (virDomainGetBlockInfo (dom, args->path, &info, args->flags) == -1) {
|
||||
@@ -1103,6 +1160,34 @@ index cb9e83d..abf9cf3 100644
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -6949,8 +6958,8 @@ qemuDispatchMonitorCommand (struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
|
||||
if (virDomainQemuMonitorCommand(domain, args->cmd, &ret->result,
|
||||
args->flags) == -1) {
|
||||
- virDomainFree(domain);
|
||||
remoteDispatchConnError(rerr, conn);
|
||||
+ virDomainFree(domain);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -6993,15 +7002,15 @@ remoteDispatchDomainOpenConsole(struct qemud_server *server ATTRIBUTE_UNUSED,
|
||||
stream->st,
|
||||
args->flags);
|
||||
if (r == -1) {
|
||||
+ remoteDispatchConnError(rerr, conn);
|
||||
virDomainFree(dom);
|
||||
remoteFreeClientStream(client, stream);
|
||||
- remoteDispatchConnError(rerr, conn);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (remoteAddClientStream(client, stream, 1) < 0) {
|
||||
- virDomainFree(dom);
|
||||
remoteDispatchConnError(rerr, conn);
|
||||
+ virDomainFree(dom);
|
||||
virStreamAbort(stream->st);
|
||||
remoteFreeClientStream(client, stream);
|
||||
return -1;
|
||||
--
|
||||
1.7.3.4
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
From 9679cde15cabf95c7538c3b6929893ec68552d23 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Kenigsberg <danken@redhat.com>
|
||||
Date: Sun, 20 Feb 2011 22:29:25 +0200
|
||||
Subject: [PATCH 3/6] virt-pki-validate: behave when CERTTOOL is missing
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=680270
|
||||
libvirt-client is missing some dependencies
|
||||
---
|
||||
tools/virt-pki-validate.in | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
|
||||
index 207fa76..96659cf 100755
|
||||
--- a/tools/virt-pki-validate.in
|
||||
+++ b/tools/virt-pki-validate.in
|
||||
@@ -14,7 +14,7 @@ PORT=16514
|
||||
# First get certtool
|
||||
#
|
||||
CERTOOL=`which certtool 2>/dev/null`
|
||||
-if [ ! -x $CERTOOL ]
|
||||
+if [ ! -x "$CERTOOL" ]
|
||||
then
|
||||
echo "Could not locate the certtool program"
|
||||
echo "make sure the gnutls-utils (or gnutls-bin) package is installed"
|
||||
--
|
||||
1.7.3.4
|
||||
|
||||
+254
-96
@@ -31,18 +31,19 @@
|
||||
|
||||
# Then the hypervisor drivers that run on local host
|
||||
%define with_xen 0%{!?_without_xen:%{server_drivers}}
|
||||
%define with_xen_proxy 0%{!?_without_xen_proxy:%{server_drivers}}
|
||||
%define with_qemu 0%{!?_without_qemu:%{server_drivers}}
|
||||
%define with_openvz 0%{!?_without_openvz:%{server_drivers}}
|
||||
%define with_lxc 0%{!?_without_lxc:%{server_drivers}}
|
||||
%define with_vbox 0%{!?_without_vbox:%{server_drivers}}
|
||||
%define with_uml 0%{!?_without_uml:%{server_drivers}}
|
||||
%define with_xenapi 0%{!?_without_xenapi:%{server_drivers}}
|
||||
# XXX this shouldn't be here, but it mistakenly links into libvirtd
|
||||
%define with_one 0%{!?_without_one:%{server_drivers}}
|
||||
|
||||
# Then the hypervisor drivers that talk a native remote protocol
|
||||
%define with_phyp 0%{!?_without_phyp:1}
|
||||
%define with_esx 0%{!?_without_esx:1}
|
||||
%define with_vmware 0%{!?_without_vmware:1}
|
||||
|
||||
# Then the secondary host drivers
|
||||
%define with_network 0%{!?_without_network:%{server_drivers}}
|
||||
@@ -64,6 +65,10 @@
|
||||
%define with_nwfilter 0%{!?_without_nwfilter:0}
|
||||
%define with_libpcap 0%{!?_without_libpcap:0}
|
||||
%define with_macvtap 0%{!?_without_macvtap:0}
|
||||
%define with_libnl 0%{!?_without_libnl:0}
|
||||
%define with_audit 0%{!?_without_audit:0}
|
||||
%define with_dtrace 0%{!?_without_dtrace:0}
|
||||
%define with_cgconfig 0%{!?_without_cgconfig:0}
|
||||
|
||||
# Non-server/HV driver defaults which are always enabled
|
||||
%define with_python 0%{!?_without_python:1}
|
||||
@@ -77,19 +82,21 @@
|
||||
%define with_xen 0
|
||||
%endif
|
||||
|
||||
# Numactl is not available on s390[x]
|
||||
%ifarch s390 s390x
|
||||
# Numactl is not available on s390[x] and ARM
|
||||
%ifarch s390 s390x %{arm}
|
||||
%define with_numactl 0
|
||||
%endif
|
||||
|
||||
# RHEL doesn't ship OpenVZ, VBox, UML, OpenNebula, PowerHypervisor or ESX
|
||||
# RHEL doesn't ship OpenVZ, VBox, UML, OpenNebula, PowerHypervisor,
|
||||
# VMWare, or libxenserver (xenapi)
|
||||
%if 0%{?rhel}
|
||||
%define with_openvz 0
|
||||
%define with_vbox 0
|
||||
%define with_uml 0
|
||||
%define with_one 0
|
||||
%define with_phyp 0
|
||||
%define with_esx 0
|
||||
%define with_vmware 0
|
||||
%define with_xenapi 0
|
||||
%endif
|
||||
|
||||
# RHEL-5 has restricted QEMU to x86_64 only and is too old for LXC
|
||||
@@ -109,11 +116,6 @@
|
||||
%define with_xen 0
|
||||
%endif
|
||||
|
||||
# If Xen isn't turned on, we shouldn't build the xen proxy either
|
||||
%if ! %{with_xen}
|
||||
%define with_xen_proxy 0
|
||||
%endif
|
||||
|
||||
# Fedora doesn't have any QEMU on ppc64 - only ppc
|
||||
%if 0%{?fedora}
|
||||
%ifarch ppc64
|
||||
@@ -121,11 +123,9 @@
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# PolicyKit was introduced in Fedora 8 / RHEL-6 or newer, allowing
|
||||
# the setuid Xen proxy to be killed off
|
||||
# PolicyKit was introduced in Fedora 8 / RHEL-6 or newer
|
||||
%if 0%{?fedora} >= 8 || 0%{?rhel} >= 6
|
||||
%define with_polkit 0%{!?_without_polkit:1}
|
||||
%define with_xen_proxy 0
|
||||
%endif
|
||||
|
||||
# libcapng is used to manage capabilities in Fedora 12 / RHEL-6 or newer
|
||||
@@ -159,8 +159,21 @@
|
||||
|
||||
%if %{with_macvtap}
|
||||
%define with_libnl 1
|
||||
%else
|
||||
%define with_libnl 0
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} >= 11 || 0%{?rhel} >= 5
|
||||
%define with_audit 0%{!?_without_audit:1}
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} >= 13 || 0%{?rhel} >= 6
|
||||
%define with_dtrace 1
|
||||
%endif
|
||||
|
||||
# Pull in cgroups config system
|
||||
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
|
||||
%if %{with_qemu} || %{with_lxc}
|
||||
%define with_cgconfig 0%{!?_without_cgconfig:1}
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# Force QEMU to run as non-root
|
||||
@@ -182,34 +195,31 @@
|
||||
%endif
|
||||
|
||||
|
||||
Summary: Library providing a simple API virtualization
|
||||
# there's no use compiling the network driver without
|
||||
# the libvirt daemon
|
||||
%if ! %{with_libvirtd}
|
||||
%define with_network 0
|
||||
%endif
|
||||
|
||||
Summary: Library providing a simple virtualization API
|
||||
Name: libvirt
|
||||
Version: 0.8.2
|
||||
Release: 6%{?dist}%{?extra_release}
|
||||
Version: 0.8.8
|
||||
Release: 7%{?dist}%{?extra_release}
|
||||
License: LGPLv2+
|
||||
Group: Development/Libraries
|
||||
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
|
||||
# Patches 1-> 11 CVE-2010-2237, 2238, 2239
|
||||
Patch1: libvirt-0.8.2-01-extract-backing-store-format.patch
|
||||
Patch2: libvirt-0.8.2-02-remove-type-field.patch
|
||||
Patch3: libvirt-0.8.2-03-refactor-metadata-extract.patch
|
||||
Patch4: libvirt-0.8.2-04-require-storage-format.patch
|
||||
Patch5: libvirt-0.8.2-05-disk-path-iterator.patch
|
||||
Patch6: libvirt-0.8.2-06-use-disk-iterator.patch
|
||||
Patch7: libvirt-0.8.2-07-secdriver-params.patch
|
||||
Patch8: libvirt-0.8.2-08-disable-disk-probing.patch
|
||||
Patch9: libvirt-0.8.2-09-set-default-driver.patch
|
||||
Patch10: libvirt-0.8.2-10-qemu-img-format-handling.patch
|
||||
Patch11: libvirt-0.8.2-11-storage-vol-backing.patch
|
||||
# CVE-2010-2242
|
||||
Patch12: libvirt-0.8.2-apply-iptables-sport-mapping.patch
|
||||
# CVE-2011-1146
|
||||
Patch13: libvirt-0.8.2-read-only-checks.patch
|
||||
Patch14: libvirt-0.8.2-fix-var-lib-libvirt-permissions.patch
|
||||
# Patches 15, 16 CVE-2011-1486
|
||||
Patch15: libvirt-0.8.2-threadsafe-libvirtd-error-reporting.patch
|
||||
Patch16: libvirt-0.8.2-avoid-resetting-errors.patch
|
||||
|
||||
Patch1: %{name}-%{version}-kernel-boot-index.patch
|
||||
Patch2: %{name}-%{version}-read-only-checks.patch
|
||||
# Patches 5, 6 CVE-2011-1486
|
||||
Patch3: %{name}-%{version}-threadsafe-libvirtd-error-reporting.patch
|
||||
Patch4: %{name}-%{version}-avoid-resetting-errors.patch
|
||||
Patch5: %{name}-%{version}-security-plug-regression-introduced-in-disk-probe-lo.patch
|
||||
Patch6: %{name}-%{version}-Requires-gettext-for-client-package.patch
|
||||
Patch7: %{name}-%{version}-virt-pki-validate-behave-when-CERTTOOL-is-missing.patch
|
||||
Patch8: %{name}-%{version}-build-add-dependency-on-gnutls-utils.patch
|
||||
Patch9: %{name}-%{version}-rpm-add-missing-dependencies.patch
|
||||
Patch10: %{name}-%{version}-remote-protect-against-integer-overflow.patch
|
||||
Patch11: %{name}-%{version}-make-commandtest-more-robust.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
URL: http://libvirt.org/
|
||||
BuildRequires: python-devel
|
||||
@@ -221,15 +231,21 @@ Requires: %{name}-client = %{version}-%{release}
|
||||
# daemon is present
|
||||
%if %{with_libvirtd}
|
||||
Requires: bridge-utils
|
||||
# for modprobe of pci devices
|
||||
Requires: module-init-tools
|
||||
# for /sbin/ip
|
||||
Requires: iproute
|
||||
%endif
|
||||
%if %{with_network}
|
||||
Requires: dnsmasq
|
||||
Requires: dnsmasq >= 2.41
|
||||
Requires: radvd
|
||||
%endif
|
||||
%if %{with_network} || %{with_nwfilter}
|
||||
Requires: iptables
|
||||
Requires: iptables-ipv6
|
||||
%endif
|
||||
%if %{with_nwfilter}
|
||||
Requires: ebtables
|
||||
Requires: iptables
|
||||
Requires: iptables-ipv6
|
||||
%endif
|
||||
# needed for device enumeration
|
||||
%if %{with_hal}
|
||||
@@ -286,6 +302,9 @@ Requires: parted
|
||||
# For multipath support
|
||||
Requires: device-mapper
|
||||
%endif
|
||||
%if %{with_cgconfig}
|
||||
Requires: libcgroup
|
||||
%endif
|
||||
%if %{with_xen}
|
||||
BuildRequires: xen-devel
|
||||
%endif
|
||||
@@ -294,10 +313,15 @@ BuildRequires: xmlrpc-c-devel >= 1.14.0
|
||||
%endif
|
||||
BuildRequires: libxml2-devel
|
||||
BuildRequires: xhtml1-dtds
|
||||
BuildRequires: libxslt
|
||||
BuildRequires: readline-devel
|
||||
BuildRequires: ncurses-devel
|
||||
BuildRequires: gettext
|
||||
BuildRequires: gnutls-devel
|
||||
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
|
||||
# for augparse, optionally used in testing
|
||||
BuildRequires: augeas
|
||||
%endif
|
||||
%if %{with_hal}
|
||||
BuildRequires: hal-devel
|
||||
%endif
|
||||
@@ -321,9 +345,16 @@ BuildRequires: avahi-devel
|
||||
BuildRequires: libselinux-devel
|
||||
%endif
|
||||
%if %{with_network}
|
||||
BuildRequires: dnsmasq
|
||||
BuildRequires: dnsmasq >= 2.41
|
||||
BuildRequires: iptables
|
||||
BuildRequires: iptables-ipv6
|
||||
BuildRequires: radvd
|
||||
%endif
|
||||
%if %{with_nwfilter}
|
||||
BuildRequires: ebtables
|
||||
%endif
|
||||
BuildRequires: bridge-utils
|
||||
BuildRequires: module-init-tools
|
||||
%if %{with_sasl}
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
%endif
|
||||
@@ -387,8 +418,20 @@ BuildRequires: libssh2-devel
|
||||
BuildRequires: netcf-devel >= 0.1.4
|
||||
%endif
|
||||
%if %{with_esx}
|
||||
%if 0%{?fedora} >= 9 || 0%{?rhel} >= 6
|
||||
BuildRequires: libcurl-devel
|
||||
%else
|
||||
BuildRequires: curl-devel
|
||||
%endif
|
||||
%endif
|
||||
%if %{with_audit}
|
||||
BuildRequires: audit-libs-devel
|
||||
%endif
|
||||
%if %{with_dtrace}
|
||||
# we need /usr/sbin/dtrace
|
||||
BuildRequires: systemtap-sdt-devel
|
||||
%endif
|
||||
|
||||
|
||||
# Fedora build root suckage
|
||||
BuildRequires: gawk
|
||||
@@ -406,6 +449,10 @@ Requires: ncurses
|
||||
# So remote clients can access libvirt over SSH tunnel
|
||||
# (client invokes 'nc' against the UNIX socket on the server)
|
||||
Requires: nc
|
||||
# Needed by libvirt-guests init script.
|
||||
Requires: gettext
|
||||
# Needed by virt-pki-validate script.
|
||||
Requires: gnutls-utils
|
||||
%if %{with_sasl}
|
||||
Requires: cyrus-sasl
|
||||
# Not technically required, but makes 'out-of-box' config
|
||||
@@ -456,11 +503,6 @@ of recent versions of Linux (and other OSes).
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p0
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
|
||||
%build
|
||||
%if ! %{with_xen}
|
||||
@@ -483,6 +525,10 @@ of recent versions of Linux (and other OSes).
|
||||
%define _without_vbox --without-vbox
|
||||
%endif
|
||||
|
||||
%if ! %{with_xenapi}
|
||||
%define _without_xenapi --without-xenapi
|
||||
%endif
|
||||
|
||||
%if ! %{with_sasl}
|
||||
%define _without_sasl --without-sasl
|
||||
%endif
|
||||
@@ -499,6 +545,10 @@ of recent versions of Linux (and other OSes).
|
||||
%define _without_esx --without-esx
|
||||
%endif
|
||||
|
||||
%if ! %{with_vmware}
|
||||
%define _without_vmware --without-vmware
|
||||
%endif
|
||||
|
||||
%if ! %{with_polkit}
|
||||
%define _without_polkit --without-polkit
|
||||
%endif
|
||||
@@ -583,11 +633,27 @@ of recent versions of Linux (and other OSes).
|
||||
%define _without_macvtap --without-macvtap
|
||||
%endif
|
||||
|
||||
%if ! %{with_audit}
|
||||
%define _without_audit --without-audit
|
||||
%endif
|
||||
|
||||
%if ! %{with_dtrace}
|
||||
%define _without_dtrace --without-dtrace
|
||||
%endif
|
||||
|
||||
%define when %(date +"%%F-%%T")
|
||||
%define where %(hostname)
|
||||
%define who %{?packager}%{!?packager:Unknown}
|
||||
%define with_packager --with-packager="%{who}, %{when}, %{where}"
|
||||
%define with_packager_version --with-packager-version="%{release}"
|
||||
|
||||
|
||||
%configure %{?_without_xen} \
|
||||
%{?_without_qemu} \
|
||||
%{?_without_openvz} \
|
||||
%{?_without_lxc} \
|
||||
%{?_without_vbox} \
|
||||
%{?_without_xenapi} \
|
||||
%{?_without_sasl} \
|
||||
%{?_without_avahi} \
|
||||
%{?_without_polkit} \
|
||||
@@ -597,6 +663,7 @@ of recent versions of Linux (and other OSes).
|
||||
%{?_without_one} \
|
||||
%{?_without_phyp} \
|
||||
%{?_without_esx} \
|
||||
%{?_without_vmware} \
|
||||
%{?_without_network} \
|
||||
%{?_with_rhel5_api} \
|
||||
%{?_without_storage_fs} \
|
||||
@@ -613,6 +680,10 @@ of recent versions of Linux (and other OSes).
|
||||
%{?_without_yajl} \
|
||||
%{?_without_libpcap} \
|
||||
%{?_without_macvtap} \
|
||||
%{?_without_audit} \
|
||||
%{?_without_dtrace} \
|
||||
%{with_packager} \
|
||||
%{with_packager_version} \
|
||||
--with-qemu-user=%{qemu_user} \
|
||||
--with-qemu-group=%{qemu_group} \
|
||||
--with-init-script=redhat \
|
||||
@@ -624,7 +695,7 @@ gzip -9 ChangeLog
|
||||
rm -fr %{buildroot}
|
||||
|
||||
%makeinstall
|
||||
for i in domain-events/events-c dominfo domsuspend hellolibvirt python xml/nwfilter
|
||||
for i in domain-events/events-c dominfo domsuspend hellolibvirt openauth python xml/nwfilter systemtap
|
||||
do
|
||||
(cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in)
|
||||
done
|
||||
@@ -670,6 +741,8 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version}
|
||||
|
||||
%if ! %{with_libvirtd}
|
||||
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter
|
||||
mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version}/html \
|
||||
$RPM_BUILD_ROOT%{_datadir}/doc/libvirt-devel-%{version}/
|
||||
%endif
|
||||
|
||||
%if ! %{with_qemu}
|
||||
@@ -684,10 +757,6 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.lxc
|
||||
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
|
||||
%endif
|
||||
|
||||
%if %{with_libvirtd}
|
||||
chmod 0644 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirtd
|
||||
%endif
|
||||
|
||||
%clean
|
||||
rm -fr %{buildroot}
|
||||
|
||||
@@ -700,12 +769,6 @@ do
|
||||
printf "#!/bin/sh\nexit 0\n" > $i
|
||||
chmod +x $i
|
||||
done
|
||||
# Temp hack till we figure out why its broken on ppc
|
||||
%ifarch ppc
|
||||
rm -f nwfilterxml2xmltest
|
||||
printf "#!/bin/sh\nexit 0\n" > nwfilterxml2xmltest
|
||||
chmod +x nwfilterxml2xmltest
|
||||
%endif
|
||||
make check
|
||||
|
||||
%pre
|
||||
@@ -738,6 +801,12 @@ then
|
||||
fi
|
||||
%endif
|
||||
|
||||
%if %{with_cgconfig}
|
||||
if [ "$1" -eq "1" ]; then
|
||||
/sbin/chkconfig cgconfig on
|
||||
fi
|
||||
%endif
|
||||
|
||||
/sbin/chkconfig --add libvirtd
|
||||
if [ "$1" -ge "1" ]; then
|
||||
/sbin/service libvirtd condrestart > /dev/null 2>&1
|
||||
@@ -764,9 +833,12 @@ fi
|
||||
/sbin/ldconfig
|
||||
/sbin/chkconfig --add libvirt-guests
|
||||
if [ $1 -ge 1 ]; then
|
||||
# this doesn't do anything but allowing for libvirt-guests to be
|
||||
# stopped on the first shutdown
|
||||
/sbin/service libvirt-guests start > /dev/null 2>&1 || true
|
||||
level=$(/sbin/runlevel | /bin/cut -d ' ' -f 2)
|
||||
if /sbin/chkconfig --list libvirt-guests | /bin/grep -q $level:on ; then
|
||||
# this doesn't do anything but allowing for libvirt-guests to be
|
||||
# stopped on the first shutdown
|
||||
/sbin/service libvirt-guests start > /dev/null 2>&1 || true
|
||||
fi
|
||||
fi
|
||||
|
||||
%postun client -p /sbin/ldconfig
|
||||
@@ -790,6 +862,9 @@ fi
|
||||
%{_sysconfdir}/rc.d/init.d/libvirtd
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
|
||||
%config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
|
||||
%if %{with_dtrace}
|
||||
%{_datadir}/systemtap/tapsets/libvirtd.stp
|
||||
%endif
|
||||
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
|
||||
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
|
||||
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/
|
||||
@@ -821,8 +896,8 @@ fi
|
||||
|
||||
%if %{with_qemu}
|
||||
%dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/
|
||||
%dir %attr(0700, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
|
||||
%dir %attr(0700, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
|
||||
%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
|
||||
%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
|
||||
%endif
|
||||
%if %{with_lxc}
|
||||
%dir %{_localstatedir}/run/libvirt/lxc/
|
||||
@@ -861,10 +936,6 @@ fi
|
||||
|
||||
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/
|
||||
|
||||
%if %{with_xen_proxy}
|
||||
%attr(4755, root, root) %{_libexecdir}/libvirt_proxy
|
||||
%endif
|
||||
|
||||
%if %{with_lxc}
|
||||
%attr(0755, root, root) %{_libexecdir}/libvirt_lxc
|
||||
%endif
|
||||
@@ -872,6 +943,8 @@ fi
|
||||
%attr(0755, root, root) %{_libexecdir}/libvirt_parthelper
|
||||
%attr(0755, root, root) %{_sbindir}/libvirtd
|
||||
|
||||
%{_mandir}/man8/libvirtd.8*
|
||||
|
||||
%doc docs/*.xml
|
||||
%endif
|
||||
|
||||
@@ -906,7 +979,7 @@ fi
|
||||
|
||||
%{_sysconfdir}/rc.d/init.d/libvirt-guests
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
|
||||
%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt
|
||||
%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
|
||||
|
||||
%if %{with_sasl}
|
||||
%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
|
||||
@@ -931,7 +1004,9 @@ fi
|
||||
%doc examples/domain-events/events-c
|
||||
%doc examples/dominfo
|
||||
%doc examples/domsuspend
|
||||
%doc examples/openauth
|
||||
%doc examples/xml
|
||||
%doc examples/systemtap
|
||||
|
||||
%if %{with_python}
|
||||
%files python
|
||||
@@ -947,43 +1022,126 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Apr 5 2011 Laine Stump <laine@redhat.com> 0.8.2-6
|
||||
- Add changes to fedora-specific libvirt.spec forgotten in 0.8.2-4
|
||||
* Wed Jul 5 2011 Laine Stump <laine@redhat.com> - 0.8.8-7
|
||||
- Make commandtest more robust.
|
||||
|
||||
* Tue Apr 5 2011 Laine Stump <laine@redhat.com> 0.8.2-5
|
||||
* Wed Jul 5 2011 Peter Robinson <pbrobinson@gmail.com> - 0.8.8-6
|
||||
- Add ARM to NUMA excludes
|
||||
|
||||
* Tue Jul 5 2011 Laine Stump <laine@redhat.com> 0.8.8-5
|
||||
- Fix for CVE-2011-2178, regression introduced in disk probe logic,
|
||||
Bug 709775
|
||||
- Fix for CVE-2011-2511, integer overflow in VirDomainGetVcpus,
|
||||
Bug 717204
|
||||
- Add several build and runtime dependencies to specfile
|
||||
Bug 680270
|
||||
|
||||
* Tue Apr 5 2011 Laine Stump <laine@redhat.com> 0.8.8-4
|
||||
- Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe,
|
||||
bug 693457
|
||||
|
||||
* Mon Apr 4 2011 Laine Stump <laine@redhat.com> 0.8.2-4
|
||||
- fix permissions on /var/lib/libvirt
|
||||
* Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> - 0.8.8-3
|
||||
- fix a lack of API check on read-only connections 683655
|
||||
- CVE-2011-1146
|
||||
|
||||
* Wed Mar 16 2011 Daniel Veillard <veillard@redhat.com> - 0.8.2-3
|
||||
- fix one crash in the the error handling for previous patch
|
||||
* Mon Feb 21 2011 Daniel P. Berrange <berrange@redhat.com> - 0.8.8-2
|
||||
- Fix kernel boot with latest QEMU
|
||||
|
||||
* Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> - 0.8.2-2
|
||||
- Fix for CVE-2011-1146, missing checks on read-only connections bug 683655
|
||||
* Thu Feb 17 2011 Daniel Veillard <veillard@redhat.com> - 0.8.8-1
|
||||
- expose new API for sysinfo extraction
|
||||
- cgroup blkio weight support
|
||||
- smartcard device support
|
||||
- qemu: Support per-device boot ordering
|
||||
- Various improvements and bug fixes
|
||||
|
||||
* Thu Jun 17 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-5.fc13
|
||||
- Add qemu.conf options for audio workaround
|
||||
- Fix parsing certain USB sysfs files (bz 598272)
|
||||
- Sanitize pool target paths (bz 494005)
|
||||
- Add qemu.conf for clear emulator capabilities
|
||||
- Prevent libvirtd inside a VM from breaking network access (bz 235961)
|
||||
- Mention --all in 'virsh list' docs (bz 575512)
|
||||
- Initscript fixes (bz 565238)
|
||||
- List wireless interfaces via nodedev-list (bz 596928)
|
||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.7-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Tue May 18 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-4.fc13
|
||||
- Fix nodedev XML conversion errors (bz 591262)
|
||||
- Fix PCI xml decimal parsing (bz 582752)
|
||||
- Fix CDROM media connect/eject (bz 582005)
|
||||
- Always report qemu startup output on error (bz 581381)
|
||||
- Fix crash from 'virsh dominfo' if secdriver disabled (bz 581166)
|
||||
* Thu Jan 6 2011 Daniel Veillard <veillard@redhat.com> - 0.8.7-1
|
||||
- Preliminary support for VirtualBox 4.0
|
||||
- IPv6 support
|
||||
- Add VMware Workstation and Player driver driver
|
||||
- Add network disk support
|
||||
- Various improvements and bug fixes
|
||||
- from 0.8.6:
|
||||
- Add support for iSCSI target auto-discovery
|
||||
- QED: Basic support for QED images
|
||||
- remote console support
|
||||
- support for SPICE graphics
|
||||
- sysinfo and VMBIOS support
|
||||
- virsh qemu-monitor-command
|
||||
- various improvements and bug fixes
|
||||
|
||||
* Tue Apr 20 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-3.fc13
|
||||
- Fix slow storage volume allocation (bz 582356)
|
||||
* Fri Oct 29 2010 Daniel Veillard <veillard@redhat.com> - 0.8.5-1
|
||||
- Enable JSON and netdev features in QEMU >= 0.13
|
||||
- framework for auditing integration
|
||||
- framework DTrace/SystemTap integration
|
||||
- Setting the number of vcpu at boot
|
||||
- Enable support for nested SVM
|
||||
- Virtio plan9fs filesystem QEMU
|
||||
- Memory parameter controls
|
||||
- various improvements and bug fixes
|
||||
|
||||
* Mon Mar 22 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-2.fc13
|
||||
* Wed Sep 29 2010 jkeating - 0.8.4-3
|
||||
- Rebuilt for gcc bug 634757
|
||||
|
||||
* Thu Sep 16 2010 Dan Horák <dan[at]danny.cz> - 0.8.4-2
|
||||
- disable the nwfilterxml2xmltest also on s390(x)
|
||||
|
||||
* Mon Sep 13 2010 Daniel Veillard <veillard@redhat.com> - 0.8.4-1
|
||||
- Upstream release 0.8.4
|
||||
|
||||
* Mon Aug 23 2010 Daniel P. Berrange <berrange@redhat.com> - 0.8.3-2
|
||||
- Fix potential overflow in boot menu code
|
||||
|
||||
* Mon Aug 23 2010 Daniel P. Berrange <berrange@redhat.com> - 0.8.3-1
|
||||
- Upstream release 0.8.3
|
||||
|
||||
* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 0.8.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
||||
|
||||
* Mon Jul 12 2010 Daniel P. Berrange <berrange@redhat.com> - 0.8.2-2
|
||||
- CVE-2010-2237 ignoring defined main disk format when looking up disk backing stores
|
||||
- CVE-2010-2238 ignoring defined disk backing store format when recursing into disk
|
||||
image backing stores
|
||||
- CVE-2010-2239 not setting user defined backing store format when creating new image
|
||||
- CVE-2010-2242 libvirt: improperly mapped source privileged ports may allow for
|
||||
obtaining privileged resources on the host
|
||||
|
||||
* Mon Jul 5 2010 Daniel Veillard <veillard@redhat.com> - 0.8.2-1
|
||||
- Upstream release 0.8.2
|
||||
- phyp: adding support for IVM
|
||||
- libvirt: introduce domainCreateWithFlags API
|
||||
- add 802.1Qbh and 802.1Qbg switches handling
|
||||
- Support for VirtualBox version 3.2
|
||||
- Init script for handling guests on shutdown/boot
|
||||
- qemu: live migration with non-shared storage for kvm
|
||||
|
||||
* Fri Apr 30 2010 Daniel Veillard <veillard@redhat.com> - 0.8.1-1
|
||||
- Upstream release 0.8.1
|
||||
- Starts dnsmasq from libvirtd with --dhcp-hostsfile
|
||||
- Add virDomainGetBlockInfo API to query disk sizing
|
||||
- a lot of bug fixes and cleanups
|
||||
|
||||
* Mon Apr 12 2010 Daniel Veillard <veillard@redhat.com> - 0.8.0-1
|
||||
- Upstream release 0.8.0
|
||||
- Snapshotting support (QEmu/VBox/ESX)
|
||||
- Network filtering API
|
||||
- XenAPI driver
|
||||
- new APIs for domain events
|
||||
- Libvirt managed save API
|
||||
- timer subselection for domain clock
|
||||
- synchronous hooks
|
||||
- API to update guest CPU to host CPU
|
||||
- virDomainUpdateDeviceFlags new API
|
||||
- migrate max downtime API
|
||||
- volume wiping API
|
||||
- and many bug fixes
|
||||
|
||||
* Tue Mar 30 2010 Richard W.M. Jones <rjones@redhat.com> - 0.7.7-3.fc14
|
||||
- No change, just rebuild against new libparted with bumped soname.
|
||||
|
||||
* Mon Mar 22 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-2.fc14
|
||||
- Fix USB devices by product with security enabled (bz 574136)
|
||||
- Set kernel/initrd in security driver, fixes some URL installs (bz 566425)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user