The contents of .iso used to bootstrap VMs with cloudinit are
initialised using a precreated, short-lived directory. The
permissions on this directory were too lenient. This commit
restricts access to this directory to the user and his/her group.
Signed-off-by: Mark Ryan <mark.d.ryan@intel.com>
govmm has ExecuteBlockdevAdd() function and ExecuteBlockdevDel() function
doesn't compatible with qemu 2.8,because blockdev-add and x-blockdev-del usages
are different between qemu 2.7 and qemu 2.8
Follow the qemu 2.7 and qemu 2.8 qmp-commands.txt documents to modify ExecuteBlockdevAdd()
function and ExecuteBlockdevDel() function to be compatible with qemu 2.8
Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
If we hotplug a nic with args mq=on, its qdisc will be mq by default.
This aligns with cold plug nics.
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
Before calling any other command it is necessary to call
ExecuteQMPCapabilities() otherwise QEMU will not process the subsequent QMP
commands.
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
In order to be able to hotplug network devices such as vhost user
net, we need to be able to define a previously declared chardev as
a parameter of this new network device.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit adds a couple of negative test cases for qmp.go, one
which checks that failed commands return errors and the other
checks that QMPStart exits gracefully when passed an invalid
socket path.
Signed-off-by: Mark Ryan <mark.d.ryan@intel.com>
This commit adds some negative test cases for the append functions
in qemu.go that build up the qemu command line.
Signed-off-by: Mark Ryan <mark.d.ryan@intel.com>
This will kill the process when the context is cancelled. As using a nil
context is not permitted it is necessary to substitute with a real
context if it is not initialised in the Config struct.
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
If no RTC is specified in the config then do not generate any RTC command line
options. RTC command line options are optional for QEMU so make Valid() return
false when presented with the empty version of the RTC struct containing empty
strings.
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
In addition to normal VFIO device, this patch adds VFIO mediated device
as a supplement to do hot plug on PCI(E) bridges.
Signed-off-by: Zhao Xinda <xinda.zhao@intel.com>
With qemu 2.10, a write lock was added for qcow images that
prevents the same image to be passed more than once.
This can be over-ridden using the --share-rw option which is
desired for raw images.
This solves an issue with running Kata with devicemapper
using the privileged mode as in this case all devices on the host
are passed to the container using the block device associated
with the rootfs, causing it to be passed twice to qemu.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
For machines types based on PCIe like q35, device addr and bus must be specified.
For machines types based on PCI like pc, device addr must be specified and bus
is optional since devices can be hot plugged directly on the root bus.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Implement function to hotplug a network device to QEMU by fds.
Macvtap can only be hotplug by this way.
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
Implement function to hotplug virtio serial ports, the serial ports
are visible in the guest at the directory /dev/virtio-ports.
Signed-off-by: Julio Montes <julio.montes@intel.com>
implement function to hotplug character devices using as backend
unix sockets, binding a character device with a serial port allows
the communnication between processes running in the guest with
processes running in the host.
Signed-off-by: Julio Montes <julio.montes@intel.com>
`getfd` receives a file descriptor via SCM rights and assign it a name,
this command is useful to send file descriptors from the host, and then
hot plug devices that needs file descriptors like vhost-vsock-pci devices.
Signed-off-by: Julio Montes <julio.montes@intel.com>
`vhostfd` is used to specify the vhost-vsock device fd, and it holds
the context ID previously opened.
`disable-modern` is to disable the use of "modern" devices, by using virtio 0.9
instead of virtio 1.0. Particularly, this is useful when running the VM in a
nested environment.
Signed-off-by: Julio Montes <julio.montes@intel.com>
`vhostfd` is the vhost file descriptor that holds the socket context ID
`disable-modern` prevents qemu from relying on fast MMIO
Signed-off-by: Julio Montes <julio.montes@intel.com>
Implement function to hotplug vsocks, vsocks are needed
to communicate processes are running inside the VM
with processes are running on the host.
Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit fixes an issue with the log handlers defined by qmp_test.
The issue was picked up by the latest version of go vet on go tip.
qemu/qmp_test.go:56::error: missing ... in args forwarded to printf-like function (vet)
qemu/qmp_test.go:60::error: missing ... in args forwarded to printf-like function (vet)
Signed-off-by: Mark Ryan <mark.d.ryan@intel.com>
This commit enables the gas security checker on govmm builds. The
security checker has signalled 4 issues all of which I've checked
and have determined to be non issues. These issues are disabled
by this commit.
Signed-off-by: Mark Ryan <mark.d.ryan@intel.com>
This commit enables staticcheck in the travis builds and fixes the existing
errors detected by staticcheck. There was one type of error repeated in
qemu.go in which the type of some constants was not explicitly specified.
Signed-off-by: Mark Ryan <mark.d.ryan@intel.com>
