Ilias Stamatis [Sat, 1 Jun 2019 12:40:12 +0000 (14:40 +0200)]
virDomainSendKey: validate codeset argument
This argument wasn't validated anywhere, neither in the generic
implementation nor in the individual drivers. As a result a call to this
function with a large enough codeset value prior to this change causes
libvirtd to crash.
This happens because all drivers call virKeycodeValueTranslate which
uses codeset as an index to the virKeymapValues array, causing an
out-of-bounds error.
Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Jiri Denemark [Thu, 30 May 2019 22:03:59 +0000 (00:03 +0200)]
qemu: Check TSC frequency before starting QEMU
When migrating a domain with invtsc CPU feature enabled, the TSC
frequency of the destination host must match the frequency used when the
domain was started on the source host or the destination host has to
support TSC scaling.
If the frequencies do not match and the destination host does not
support TSC scaling, QEMU will fail to set the right TSC frequency when
starting vCPUs on the destination and thus migration will fail. However,
this is quite late since both host might have spent significant time
transferring memory and perhaps even storage data.
By adding the check to libvirt we can let migration fail before any data
starts to be sent over. If for some reason libvirt is unable to detect
the host's TSC frequency or scaling support, we'll just let QEMU try and
the migration will either succeed or fail later.
Luckily, we mandate TSC frequency to be explicitly set in the domain XML
to even allow migration of domains with invtsc. We can just check
whether the requested frequency is compatible with the current host
before starting QEMU.
Jiri Denemark [Thu, 30 May 2019 19:47:38 +0000 (21:47 +0200)]
cpu_x86: Probe TSC frequency and scaling support
When the host CPU supports invariant TSC the host CPU definition created
by virCPUx86GetHost will contain (unless probing fails for some reason)
addition TSC related data.
Jiri Denemark [Thu, 30 May 2019 14:34:59 +0000 (16:34 +0200)]
util: Add virHostCPUGetTscInfo
On a KVM x86_64 host which supports invariant TSC this function can be
used to detect the TSC frequency and the availability of TSC scaling.
The magic MSR numbers required to check if VMX scaling is supported on
the host are documented in Volume 3 of the Intel® 64 and IA-32
Architectures Software Developer’s Manual.
Jiri Denemark [Mon, 3 Jun 2019 11:15:19 +0000 (13:15 +0200)]
qemuargv2xmltest: Use mocked virQEMUCapsProbeHostCPU
The qemuTestParseCapabilitiesArch call would eventually lead to the host
CPU being probed via virCPUGetHost. Let's divert this to a mocked
version already used by the qemuxml2argvtest.
Jiri Denemark [Mon, 3 Jun 2019 11:13:38 +0000 (13:13 +0200)]
qemu: Make virQEMUCapsProbeHostCPUForEmulator more generic
The function is renamed as virQEMUCapsProbeHostCPU and it does not get
the list of allowed CPU models from qemuCaps anymore. This is
responsibility is moved to the caller. The result is just a very thin
wrapper around virCPUGetHost mostly required mocking in tests.
The generic function is used in place of a direct call to virCPUGetHost
in virQEMUCapsInitHostCPUModel to make sure tests don't accidentally
probe host CPU.
Turns out, some aarch64 systems have SMBIOS info. That means we
can use dmidecode to fetch some information. If that fails, fall
back to the old behaviour.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Michal Privoznik [Fri, 10 May 2019 12:08:09 +0000 (14:08 +0200)]
virsysinfo: Rename virSysinfoReadX86 to virSysinfoReadDMI
There's nothing x86 specific about this function. Rename the
function so that it has DMI suffix which enables it to be reused
on different arches (as using X86 from say ARM would look
suspicious).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Andrea Bolognani [Thu, 30 May 2019 08:00:58 +0000 (10:00 +0200)]
tests: Tweak x86 sysinfo test case
We have a single mock dmidecode script right now, but we're
going to add another one soon, so we need to make sure its
name contains the test case name as a prefix, just like we
already do with all data files.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 28 May 2019 14:00:57 +0000 (16:00 +0200)]
qemu: Move capability checks for IOMMU features
All current IOMMU features are specific to Intel IOMMU, so
understandably we check for the corresponding capabilities
inside the Intel-specific switch() branch; however, we want
to make sure SMMUv3 IOMMU users get an error if they try to
enable any of those features in their guest, and performing
the capability checks unconditionally is both the easiest
way to achieve that, as well as the one least likely to
result in us inadvertently letting users enable some new
Intel-specific IOMMU feature for ARM guests later on.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Andrea Bolognani [Fri, 17 May 2019 07:15:27 +0000 (09:15 +0200)]
qemu: Introduce QEMU_CAPS_MACHINE_VIRT_IOMMU
This capability can be used to figure out whether the
QEMU binary at hand supports the machine type property
we need in order to enable SMMUv3 IOMMU support.
Unfortunately we can't avoid probing the RISC-V binaries
along with the ARM ones, since both architectures have
their own 'virt' machine type.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Current capability checks are specific to Intel IOMMU, so
we need to move them inside the switch() statement before
we can introduce more virDomainIOMMUModel values.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Andrea Bolognani [Tue, 28 May 2019 10:35:42 +0000 (12:35 +0200)]
qemu: Fix switch() statements for virDomainIOMMUModel
Ensure unexpected values are dealt with correctly, that
is by invoking virReportEnumRangeError() and immediately
returning a negative value to the caller.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Andrea Bolognani [Wed, 22 May 2019 16:16:59 +0000 (18:16 +0200)]
examples: Group all C programs together
All other examples are organized using the either the format/
or the format/category/ hierarchy already, and grouping all
C programs together removes the last remaining outliers.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Wed, 22 May 2019 16:07:01 +0000 (18:07 +0200)]
examples: Rework C examples installation
Now that all C examples are neatly sorted into only three
categories, getting rid of our custom installation machinery
and replacing it with the standard autotools mechanism
finally becomes feasible.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Wed, 22 May 2019 15:49:43 +0000 (17:49 +0200)]
examples: Organize C examples into categories
Most C examples live in their own directory, which seems a
bit unnecessary especially considering that all virt-admin
related examples share a single admin/ directory. Reorganize
non-admin C examples in two categories: domain/ for those
that act on a domain, and misc/ for everything else.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Wed, 22 May 2019 15:29:44 +0000 (17:29 +0200)]
examples: Move and install shell examples
The virt-lxc-convert shell script is at this point the
only example we don't install on the target system.
Create a sh/ subdirectory, following the example set by
the existing polkit/, systemtap/ and xml/, and move the
script there; then add rules that will install all example
shell scripts as documentation.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Wed, 22 May 2019 11:10:12 +0000 (13:10 +0200)]
examples: Install Polkit examples
Right now we install the files in RPMs only, and we include
them in the -daemon package which is probably not the best
option either. Start installing them via autotools; the RPMs
will get them automatically in the -docs package.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 21 May 2019 12:11:57 +0000 (14:11 +0200)]
examples: Install nwfilters without shell scripting
We're doing nothing more than copying files to a target
directory, so we don't need any custom shell commands and
can just use the standard autotools data installation
support instead.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 21 May 2019 14:42:28 +0000 (16:42 +0200)]
examples: Drop unnecessary $(mkinstalldirs) call
$(mkinstalldirs) works like 'mkdir -p' in that it will
create all the necessary parts of the path leading up to
the actual directory, which means creating $(examplesdir)
beforehand is not necessary.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Wed, 22 May 2019 17:14:17 +0000 (19:14 +0200)]
examples: Move $(STATIC_BINARIES) to $(AM_LDFLAGS)
$(LDADD) is for object files that should be added during
linking, not for options that should be passed to the
linker: that's what $(AM_LDFLAGS) is for.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Wed, 22 May 2019 17:12:15 +0000 (19:12 +0200)]
examples: Don't look for headers in $(top_srcdir)
The C programs in this directory are supposed to be only
using public functions, so having $(top_srcdir) in the
header search path is unnecessary at best and actively
harmful at worst.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Tue, 21 May 2019 12:19:07 +0000 (14:19 +0200)]
examples: Remove $(WARN_CFLAGS) from $(LDADD)
$(WARN_CFLAGS) contains options intended for the compiler,
whereas $(LDADD) is supposed to list additional objects
required during linking, so the former clearly doesn't
belong in the latter.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Wed, 22 May 2019 10:33:58 +0000 (12:33 +0200)]
spec: Don't install libvirt-api.xml as documentation
We already install the file, along with its driver-specific
counterparts, into ${datadir}/libvirt/api/ where language
bindings will actually look for them.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Erik Skultety [Fri, 31 May 2019 05:39:47 +0000 (07:39 +0200)]
docs: Drop the external AMD SEV links
One of the current SEV document links went dead as AMD moved the
resource to another place (document store), so there's probably very
little point in maintaining 3rd party links if the resources are being
moved.
Signed-off-by: Erik Skultety <eskultet@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
qemu: Set emulator thread scheduler only after QEMU starts
If the scheduler is set before vCPU0 cannot be moved into its cpu,cpuacct
cgroup. While it is not yet known whether this is a bug or not, it makes sense
for us to do that later as otherwise the scheduler would be inherited by vCPU
and I/O Threads even when they do not have any such setting specified.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Ilias Stamatis [Thu, 23 May 2019 11:37:01 +0000 (13:37 +0200)]
test_driver: implement virDomainMemoryPeek
Begins by writing a @start byte in the first position of @buffer and
then for every next byte it stores the value of its previous one
incremented by one.
Behaves the same for both supported flags.
Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
Andrea Bolognani [Mon, 27 May 2019 10:56:04 +0000 (12:56 +0200)]
spec: Improve handling for default network
This is exactly how we already treat nwfilters, which require
the same kind of care (aka nasty hacks) as the default network,
because in both cases the UUID is generated and written to
disk the first time libvirtd is started after installing the
corresponding subpackage.
After this patch, RPM will be aware of the fact that the
libvirt-daemon-config-network subpackage owns the default
network.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Acked-by: Michal Privoznik <mprivozn@redhat.com>
Jiri Denemark [Thu, 23 May 2019 12:55:13 +0000 (14:55 +0200)]
spec: Fix permissions of /var/run/libvirt/qemu
While libvirtd creates this directory with the default 0755 mode, the
spec file stores 0700 in the RPM database. Thus RPM verification always
complains about this directory. Let's fix the spec file to match
reality.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Jiri Denemark [Thu, 23 May 2019 12:31:37 +0000 (14:31 +0200)]
spec: Fix permissions of nwfilter XMLs
The nwfilter XML files stored in /etc/libvirt/nwfilter are copied in a
%post scriptlet from /usr/share/libvirt/nwfilter/*.xml. While the files
in /usr/share are created with mode 0644, libvirt creates the files in
/etc/libvirt/nwfilter with mode 0600. Since 0600 is also stored in the
RPM database, we need to chmod the files copied from /usr/share to make
sure RPM verification does not complain about changed permissions.
Jiri Denemark [Tue, 21 May 2019 11:09:22 +0000 (13:09 +0200)]
spec: Unconditionally set ownership of /var/lib/libvirt/sanlock
The libvirt-lock-sanlock subpackage requires sanlock to be installed
first and the sanlock package creates the sanlock group on all distros
we care about in the spec file (Fedora and RHEL >= 7). Thus instead of
setting the ownership and permissions in a post scriptlet only when the
sanlock group exists we can just install the directory with the
appropriate metadata.
Michal Privoznik [Mon, 27 May 2019 09:07:12 +0000 (11:07 +0200)]
qemu: Get default hugepage size only if needed
Fixes: 6864d8f740e2502dc7625bdf18ffde4465b14f69
Hugepages don't work in session mode but when building memory
part of command line we query for the default size anyway. This
breaks creating domains under session daemon. Query the page size
only if it's clear we need hugepages.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
network: delay global firewall setup if no networks are running
Creating firewall rules for the virtual networks causes the kernel to
load the conntrack module. This imposes a significant performance
penalty on Linux network traffic. Thus we want to only take that hit if
we actually have virtual networks running.
We need to create global firewall rules during startup in order to
"upgrade" rules for any running networks created by older libvirt.
If no running networks are present though, we can safely delay setup
until the time we actually start a network.
Reviewed-by: Jim Fehlig <jfehlig@suse.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
network: pull global chain init into separate method
Pull the logic for creating global iptables chains into a separate
method and protect its invocation with virOnce, to make it possible
to reuse it in non-startup paths.
Reviewed-by: Jim Fehlig <jfehlig@suse.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Device validation should not have to wait until command line
generation time. Moving the code to a separate function also
allows us to avoid some unnecessary repetition.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Ján Tomko [Tue, 21 May 2019 13:05:37 +0000 (15:05 +0200)]
Introduce DOMAIN_DEVICE_ITERATE_MISSING_INFO
Rename the DOMAIN_DEVICE_ITERATE_GRAPHICS flag.
It was introduced by commit dd45c2710f6fd2d4f8a47f97960532d0e0091e7d
with the intention to run the Validate callback even on the graphics
device.
However, enumerating every single device in virDomainDeviceIterateFlags
is unsustainable and what really was special about the graphics device
was the lack of DeviceInfo.
Rename the flag and iterate over more info-less devices. (and leases)
Erik Skultety [Thu, 23 May 2019 12:26:40 +0000 (14:26 +0200)]
docs: Change the 'Launch Security' section id to "launchSecurity"
Although there's currently only support for SEV, it's likely other
solutions will appear, so we should not refer to the documentation
section simply with 'sev'.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Michal Privoznik [Thu, 23 May 2019 10:10:21 +0000 (12:10 +0200)]
misc: Drop useless checks from *Dispose() functions
Due to the way that our virObjectUnref() is written it's not
possible that a NULL is passed into *Dispose() function. However,
some functions check for that regardless.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Andrea Bolognani [Fri, 17 May 2019 14:37:56 +0000 (16:37 +0200)]
tests: Add negative test for Intel IOMMU
Make sure validation is working as intended by trying to use
Intel IOMMU with the i440fx machine type, though we know it's
a q35-only feature, and expecting an error to be returned.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Andrea Bolognani [Fri, 17 May 2019 12:45:36 +0000 (14:45 +0200)]
tests: Use DO_TEST_CAPS_*() for Intel IOMMU
We can drop the intel-iommu-machine test case while doing so,
since it is supposed to showcase how we generate different
command lines for older QEMU versions and we can do that
using a single input file now.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Andrea Bolognani [Fri, 17 May 2019 13:38:40 +0000 (15:38 +0200)]
tests: Simplify Intel IOMMU testing
Remove a bunch of irrelevant devices and make sure all input
files explicitly opt out of USB controllers: the latter change
will help later, when we start using DO_TEST_CAPS_*().
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 9 May 2019 10:20:42 +0000 (12:20 +0200)]
docs: hacking: Add good practices for shortening conditional expressions
Document that checking if a integer is (non-)zero should (not must)
avoid the shortened form that C allows as it may confuse readers into
overlooking the other possible values which might be interresting to
handle.
While pointers have distinct values from the point of view of the code
we only care whether it's non-NULL and thus it's documented it's okay
to shorten those.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> ACKed-by: Eric Blake <eblake@redhat.com>
Peter Krempa [Tue, 7 May 2019 14:47:00 +0000 (16:47 +0200)]
docs: hacking: Document few practices for creating error messages
State that error messages should not be broken into multiple lines for
programmer friendliness and should not be concatenated on the fly for
translator friendliness and few other details.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> ACKed-by: Eric Blake <eblake@redhat.com>
Peter Krempa [Mon, 20 May 2019 12:48:22 +0000 (14:48 +0200)]
qemu: migration: Don't pass around flags for different API
The NBD migration code uses drive/blockdev-mirror internally. In those
APIs we pass around flags for the monitor commands which are based on
the flags for the virDomainBlockRebase API. Since there's only one flag
which changes, pass it around explicitly rather than obscuring it in a
bitfield.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 15 May 2019 15:19:11 +0000 (17:19 +0200)]
qemu: blockcopy: sanitize permission handling for 'mirror'
At the point when we want to modify the permissions for the 'mirror' we
know whether it is supposed to have a backing chain or no. Given that
mirror->backingStore is populated only when we'd need to touch it ayways
we can use qemuDomainStorageSourceChainAccessAllow even in place of
qemuDomainStorageSourceAccessAllow used for other cases to simplify the
code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 15 May 2019 15:12:35 +0000 (17:12 +0200)]
qemu: Validate backing store of 'mirror' for block copy
Since 4e797f1a we parse backingStore of mirror which will later be used
with blockdev. Add some validation for the user passed mirror at the
current point to make sure it's not used improperly.
Validate that it's not used without blockdev and also that it's not
passed when not requesting a shallow copy. Also add a chain terminator
for a deep copy since we know the resulting mirror will not have chain.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 14 May 2019 12:42:35 +0000 (14:42 +0200)]
qemu: Remove unnecessary calls to qemuDomainStorageSourceAccessRevoke
Since 3decae00e90 qemuDomainStorageSourceAccessAllow revokes the
permissions it granted if it fails halfway, thus we can remove some
calls to qemuDomainStorageSourceAccessRevoke which tried to undo this
situation.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 14 May 2019 13:01:04 +0000 (15:01 +0200)]
qemu: Remove unecessary error keeping in qemuDomainBlockCopyCommon
Since 3decae00e90 qemuDomainStorageSourceAccessRevoke keeps the libvirt
error which was set prior to the call around even after the call, thus
we don't need to do the same when reverting access in the block copy
code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 12 Feb 2019 12:19:17 +0000 (13:19 +0100)]
qemu: driver: Set mirror state after successful command
When aborting or pivoting a block job we record which operation we do
for the mirror in the virDomainDiskDef structure. As everything is
synchronized by a job it's not necessary to modify the state prior to
calling the monitor and resetting the state on failure.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 12 Feb 2019 13:02:27 +0000 (14:02 +0100)]
qemu: blockjob: Fix documentation for 'newstate' of _qemuBlockJobData
When used with the new job handler the values will also include some of
the non-public values from qemuBlockjobState. Modify the comment to
clarify this.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The virtlogd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket permissions to 0600
Fixes CVE-2019-10132
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The virtlockd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket permissions to 0600
Fixes CVE-2019-10132
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
admin: reject clients unless their UID matches the current UID
The admin protocol RPC messages are only intended for use by the user
running the daemon. As such they should not be allowed for any client
UID that does not match the server UID.
Fixes CVE-2019-10132
Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
projects / libvirt.git / log