openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
11,389 Commits 7 Branches 581 Tags 800 MiB
C 96.1%
Python 1.4%
Meson 0.9%
Perl 0.6%
Shell 0.5%
Other 0.4%
Go to file
Eric Blake 1b2ebf9502 storage: fix device detach regression with cgroup ACLs 
https://bugzilla.redhat.com/show_bug.cgi?id=876828

Commit 38c4a9cc introduced a regression in hot unplugging of disks
from qemu, where cgroup device ACLs were no longer being revoked
(thankfully not a security hole: cgroup ACLs only prevent open()
of the disk; so reverting the ACL prevents future abuse but doesn't
stop abuse from an fd that was already opened before the ACL change).

The actual regression is due to a latent bug.  The hot unplug code
was computing the set of files needing cgroup ACL revocation based
on the XML passed in by the user, rather than based on the domain's
details on which disk was being deleted.  As long as the revoke
path was always recomputing the backing chain, this didn't really
matter; but now that we want to compute the chain exactly once and
remember that computation, we need to hang on to the backing chain
until after the revoke has happened.

* src/qemu/qemu_hotplug.c (qemuDomainDetachPciDiskDevice):
Transfer backing chain before deletion.
 		2012-11-27 08:02:26 -07:00
.gnulib@d245e6ddd6 maint: update to latest gnulib 2012-10-22 20:25:44 -06:00
build-aux Document bracket whitespace rules & add syntax-check rule 2012-11-02 14:00:32 +00:00
daemon Add private data pointer to virStoragePool and virStorageVol 2012-11-26 14:39:39 +01:00
docs Add Gluster protocol as supported network disk backend 2012-11-27 10:19:22 +01:00
examples Introduce new VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR event 2012-11-07 12:06:05 +01:00
gnulib build: fix fresh checkout on RHEL5 2012-04-19 17:11:43 -06:00
include snapshot: add two more filter sets to API 2012-11-19 08:43:00 -07:00
m4 build: improve FORTIFY_SOURCE usage 2012-10-23 14:00:32 -06:00
po Refactor ESX storage driver to implement facade pattern 2012-11-26 22:46:13 +01:00
python python: Use virNodeGetCPUMap where possible 2012-11-15 09:01:53 -07:00
src storage: fix device detach regression with cgroup ACLs 2012-11-27 08:02:26 -07:00
tests tests: Add tests for gluster protocol based network disks support 2012-11-27 10:19:22 +01:00
tools virsh: Report error when taking a snapshot with empty --memspec argument 2012-11-23 13:55:43 +01:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore gitignore: ignore more files 2012-11-05 15:56:42 +01:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap Autogenerate AUTHORS 2012-10-19 12:44:56 -04:00
AUTHORS.in Doug Goldstein gained commit capability 2012-11-15 09:34:01 +08:00
COPYING.LIB remove all trailing blank lines 2009-07-16 15:06:42 +02:00
ChangeLog-old virterror.c: Fix several spelling mistakes 2012-02-03 11:32:51 -07:00
HACKING Document bracket whitespace rules & add syntax-check rule 2012-11-02 14:00:32 +00:00
Makefile.am Autogenerate AUTHORS 2012-10-19 12:44:56 -04:00
Makefile.nonreentrant Ban use of all inet_* functions 2010-10-22 11:59:23 +01:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00
autobuild.sh Switch automated builds to use Mingw64 toolchain instead of Mingw32 2012-06-25 10:41:10 +01:00
autogen.sh run bootstrap if .gnulib is not present 2012-11-21 07:09:05 -07:00
bootstrap maint: regenerate bootstrap 2012-07-27 09:34:04 -06:00
bootstrap.conf build: prefer mkostemp for multi-thread safety 2012-10-31 10:06:10 -06:00
cfg.mk build: rerun bootstrap if AUTHORS is missing 2012-11-14 13:41:15 -07:00
configure.ac sanlock: Retry after EINPROGRESS 2012-11-16 08:00:11 +01:00
libvirt.pc.in build: silence warning from autoconf 2012-05-30 09:22:02 -06:00
libvirt.spec.in add ppc64 and s390x to arches where qemu-kvm exists 2012-11-16 11:04:43 -07:00
mingw-libvirt.spec.in parallels: add driver skeleton 2012-08-01 11:44:26 +08:00
run.in syntax-check: fix run.in 2012-09-18 13:59:53 +02:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>