![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / vmd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.42 / (download) - annotate - [select for diffs], Thu Jan 18 14:49:59 2024 UTC (4 months, 2 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.41: +4 -4 lines
Diff to previous 1.41 (colored)
Use imsg_get_fd() in vmd. vmd uses a lot of fd passing and does it sometimes via extra abstraction so this just tries to convert the code without any optimisations. ok dv@
Revision 1.41 / (download) - annotate - [select for diffs], Fri Apr 28 19:46:42 2023 UTC (13 months, 1 week ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.40: +4 -2 lines
Diff to previous 1.40 (colored)
vmd(8)/vmctl(8): allow vm owners to override boot kernel. vmd allows non-root users to "own" a vm defined in vm.conf(5). While the user can start/stop the vm, if they break their filesystem they have no means of booting recovery media like a ramdisk kernel. This change opens the provided boot kernel via vmctl and passes the file descriptor through the control channel to vmd. The next boot of the vm will use the provided file descriptor as boot kernel/bios. Subsequent boots (e.g. a reboot) will return to using behavior defined in vm.conf or the default bios image. ok mlarkin@
Revision 1.40 / (download) - annotate - [select for diffs], Wed Mar 8 04:43:15 2023 UTC (15 months ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.39: +1 -3 lines
Diff to previous 1.39 (colored)
Delete obsolete /* ARGSUSED */ lint comments. ok miod@ millert@
Revision 1.39 / (download) - annotate - [select for diffs], Tue Jan 4 15:22:53 2022 UTC (2 years, 5 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.38: +1 -2 lines
Diff to previous 1.38 (colored)
Remove unused imsg type IMSG_VMDOP_RECEIVE_VM_RESPONSE. OK benno@ dv@
Revision 1.38 / (download) - annotate - [select for diffs], Mon Nov 29 05:17:35 2021 UTC (2 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
mostly avoid sys/param.h with a local nitems() ok mlarkin
Revision 1.37 / (download) - annotate - [select for diffs], Wed Jun 16 16:55:02 2021 UTC (2 years, 11 months ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)
cleanup vmd(8) includes and header files Lots of organic growth other the years lead to unnecessary includes (proc.h everywhere) and odd dependencies between header files. This cleans things up a bit to help with upcoming cleanup around dhcp code. No functional change. "go for it" mlarkin@
Revision 1.36 / (download) - annotate - [select for diffs], Thu Jun 10 19:50:05 2021 UTC (2 years, 11 months ago) by dv
Branch: MAIN
Changes since 1.35: +3 -4 lines
Diff to previous 1.35 (colored)
vmctl(8)/vmd(8): communicate TERMINATE_VM_EVENT imsgs on vm stop. Instead of translating imsg types, update vmclt(8) to handle receiving IMSG_VMDOP_TERMINATE_VM_EVENT messages on vm termination. This finishes the work previously committed for supporting multiple waiters or the cancellation of a client waiting on a vm shutdown. vmd no longer needs to translate an IMSG_VMDOP_TERMINATE_VM_RESPONSE into an *_EVENT. ok mlarkin@
Revision 1.35 / (download) - annotate - [select for diffs], Mon Apr 26 22:58:27 2021 UTC (3 years, 1 month ago) by dv
Branch: MAIN
Changes since 1.34: +93 -5 lines
Diff to previous 1.34 (colored)
vmd(8): fix vmctl client "wait" state corruption
Adds queue-based tracking of waiting client state to fix the cause of
state corruption when a vmctl(8) user cancels a wait and restarts it.
The socket fd value for the control process client was being used to
track the waiting party, but this also prevented multiple waiting
clients.
This moves all the state tracking of who to notify of a vm's stopping
to the control process and no longer requires the parent process to
track it in the global environment state.
Future work will be needed to smooth out the difference between the
IMSG_VMDOP_TERMINATE_VM_{EVENT,RESPONSE} events instead of needing to
translate before relaying to the vmctl(8) client.
Tested by Mischa Peters (thanks!)
ok mlarkin@
Revision 1.34 / (download) - annotate - [select for diffs], Tue Apr 20 21:11:56 2021 UTC (3 years, 1 month ago) by dv
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
Move TAILQ initialization to files where they are used. These priv-sep daemons all follow a similar design and use TAILQs for tracking control process connections. In most cases, the TAILQs are initialized separate from where they are used. Since the scope of use is generally confined to a specific control process file, this commit also removes any extern definitions and exposing the TAILQ structures to other compilation units. ok bluhm@, tb@
Revision 1.33 / (download) - annotate - [select for diffs], Sun Apr 11 18:53:23 2021 UTC (3 years, 1 month ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.32: +1 -26 lines
Diff to previous 1.32 (colored)
Remove dead code for unused IMSG_CTL_NOTIFY messages. Some vestigial code left over from when priv-sep was implemented. ok mlarkin@
Revision 1.32 / (download) - annotate - [select for diffs], Wed Sep 23 19:18:18 2020 UTC (3 years, 8 months ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.31: +0 -11 lines
Diff to previous 1.31 (colored)
Revert agentx support for now, we're too close to release. requested by deraadt@
Revision 1.31 / (download) - annotate - [select for diffs], Wed Sep 23 15:52:06 2020 UTC (3 years, 8 months ago) by martijn
Branch: MAIN
Changes since 1.30: +12 -1 lines
Diff to previous 1.30 (colored)
Add support for agentx to vmd. This is based around VM-MIB from RFC7666,but does not export the full spec. People more knowledgeable of vmd are encouraged to expand on this.
Revision 1.30 / (download) - annotate - [select for diffs], Tue Dec 4 08:15:09 2018 UTC (5 years, 6 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.29: +3 -1 lines
Diff to previous 1.29 (colored)
Introduce IMSG_VMDOP_WAIT_VM_REQUEST a control message that registers a vmctl peerid that should be informed when the VM is stopped (like when the guest does a shutdown). Uses the same logic as using the VMOP_WAIT flag on IMSG_VMDOP_TERMINATE_VM_REQUEST. Ok ccardenas@, reyk@
Revision 1.29 / (download) - annotate - [select for diffs], Sun Aug 5 08:20:54 2018 UTC (5 years, 10 months ago) by mestre
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.28: +2 -12 lines
Diff to previous 1.28 (colored)
Remove cpath pledge(2) promise. We decided that not deleting the unix control sockets cause no harm and this way we close another attack surface by not allowing the daemon to create/delete any more files. OK florian@
Revision 1.28 / (download) - annotate - [select for diffs], Fri Jul 13 08:42:49 2018 UTC (5 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)
Add "allow instance" option. This allows users to create VM instances and change desired options, for example a user can be allowed to run a VM with all the pre-configured options but specify an own disk image. (mlarkin@ was fine with iterating over it) OK ccardenas@
Revision 1.27 / (download) - annotate - [select for diffs], Wed Jul 11 13:19:47 2018 UTC (5 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.26: +1 -3 lines
Diff to previous 1.26 (colored)
Add -w option to vmctl stop to wait for completion of VM termination. Use it in /etc/rc.d/vmd accordingly. OK sthen@
Revision 1.26 / (download) - annotate - [select for diffs], Wed Jul 11 09:35:44 2018 UTC (5 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.25: +3 -1 lines
Diff to previous 1.25 (colored)
Add -f option to vmctl stop to forcefully kill a VM. This also fixes a bug in vmm_sighdlr where it might have missed forwarding the TERMINATE_EVENT to the vmd parent after a VM child died, leading to an abandoned VM in the vmd parent process. OK ccardenas@ mlarkin@ benno@ kn@
Revision 1.25 / (download) - annotate - [select for diffs], Tue Jul 10 20:46:50 2018 UTC (5 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.24: +1 -4 lines
Diff to previous 1.24 (colored)
Remove a debug message
Revision 1.24 / (download) - annotate - [select for diffs], Tue Jun 26 10:00:08 2018 UTC (5 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.23: +14 -1 lines
Diff to previous 1.23 (colored)
Add "socket owner" to allow changing the owner of the vmd control socket. This allows to open vmctl control or console access to other users that are not in group wheel. Access for non-root users still defaults to read-only actions unless you change the owner (user/group) of each individual VM. Requested by Mischa Peters OK mlarkin@
Revision 1.23 / (download) - annotate - [select for diffs], Sun May 13 22:48:11 2018 UTC (6 years ago) by pd
Branch: MAIN
Changes since 1.22: +18 -3 lines
Diff to previous 1.22 (colored)
vmd(8): enable pause / unpause for vm owners Patch from Mohamed Aslan. Thanks! ok kn@
Revision 1.22 / (download) - annotate - [select for diffs], Fri Sep 8 06:24:31 2017 UTC (6 years, 9 months ago) by mlarkin
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.21: +6 -1 lines
Diff to previous 1.21 (colored)
vmd: add more explanatory log_debug messages From Carlos Cardenas, many thanks!
Revision 1.21 / (download) - annotate - [select for diffs], Sat Jul 15 05:05:36 2017 UTC (6 years, 10 months ago) by pd
Branch: MAIN
Changes since 1.20: +9 -4 lines
Diff to previous 1.20 (colored)
Add vmctl send and vmctl receive ok reyk@ and mlarkin@
Revision 1.20 / (download) - annotate - [select for diffs], Sun Jul 9 00:51:40 2017 UTC (6 years, 11 months ago) by pd
Branch: MAIN
Changes since 1.19: +5 -1 lines
Diff to previous 1.19 (colored)
vmd/vmctl: Add ability to pause / unpause vms With help from Ashwin Agrawal ok reyk@ mlarkin@
Revision 1.19 / (download) - annotate - [select for diffs], Thu May 4 19:41:58 2017 UTC (7 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.18: +7 -6 lines
Diff to previous 1.18 (colored)
Report command failure back to vmctl reload, reset, load, log verbose. OK mlarkin@
Revision 1.18 / (download) - annotate - [select for diffs], Thu May 4 16:54:41 2017 UTC (7 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.17: +9 -6 lines
Diff to previous 1.17 (colored)
Report error for vmctl commands that need root privileges. specifically: vmctl (load|reload|reset|log) Reported by Christian Barthel
Revision 1.17 / (download) - annotate - [select for diffs], Fri Apr 21 07:03:26 2017 UTC (7 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.16: +8 -1 lines
Diff to previous 1.16 (colored)
Add global configuration option "local prefix" to change prefix for -L. The default prefix is 100.64.0.0/10 from RFC6598. Requested by sthen@ chris@ OK mlarkin@
Revision 1.16 / (download) - annotate - [select for diffs], Wed Mar 15 12:42:12 2017 UTC (7 years, 2 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.15: +3 -3 lines
Diff to previous 1.15 (colored)
Don't terminate vmd(8) when we lost the control connection. When a start vm request is received from vmctl via the control socket, vmd's control process forwards it to the parent to trigger the action. A response is received later, in an async way, and send back to vmctl that is supposed to wait for it. But now, if vmctl got terminated before receiving the response, vmd fails to find the control connection. In this case it should not abort, print and warning, and ignore the error. The fix is a simple as changing a return (-1) to a return (0). This fixes an issue that was reported by mlarkin@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Mar 1 07:43:33 2017 UTC (7 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.14: +12 -6 lines
Diff to previous 1.14 (colored)
Add "owner" option to set a user/group ownership for pre-configured VMs This allows matching users to start or stop VMs that they "own" and to access the console accordingly. OK mlarkin@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Feb 27 12:07:58 2017 UTC (7 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.13: +33 -11 lines
Diff to previous 1.13 (colored)
Add size checks for imsg received over the control socket. Additionally, make sure that vmd never fatal()s when receiving an invalid imsg from an arbitrary user over the control socket. OK gilles@
Revision 1.13 / (download) - annotate - [select for diffs], Tue Jan 17 21:51:01 2017 UTC (7 years, 4 months ago) by krw
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
Nuke some whitespace that keeps poking me in the eye as I try to steal code.
Revision 1.12 / (download) - annotate - [select for diffs], Mon Jan 9 22:06:25 2017 UTC (7 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.11: +4 -4 lines
Diff to previous 1.11 (colored)
Rename control_dispatch_vmm to control_dispatch_vmd to reflect reality. No function change.
Revision 1.11 / (download) - annotate - [select for diffs], Mon Jan 9 14:49:22 2017 UTC (7 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
Stop accessing verbose and debug variables from log.c directly. This replaces log_verbose() and "extern int verbose" with the two functions log_setverbose() and log_getverbose(). Pointed out by benno@ OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
Revision 1.10 / (download) - annotate - [select for diffs], Mon Jan 9 14:04:31 2017 UTC (7 years, 5 months ago) by krw
Branch: MAIN
Changes since 1.9: +5 -4 lines
Diff to previous 1.9 (colored)
Replace hand-rolled for(;;) traversal of ctl_conns TAILQ with TAILQ_FOREACH(). No intentional functional change. ok reyk@
Revision 1.9 / (download) - annotate - [select for diffs], Wed Oct 12 19:10:03 2016 UTC (7 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)
Fix functionality and semantics of vmctl load/reload/reset. OK rzalamena@
Revision 1.8 / (download) - annotate - [select for diffs], Thu Sep 29 22:42:04 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.7: +11 -9 lines
Diff to previous 1.7 (colored)
Implement fork+exec for vmd, using the same framework from httpd etc. No objections from mlarkin@ sunil@
Revision 1.7 / (download) - annotate - [select for diffs], Wed Aug 17 05:07:13 2016 UTC (7 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
small bits of header cleanup; ok mlarkin
Revision 1.6 / (download) - annotate - [select for diffs], Sun Jan 10 10:01:07 2016 UTC (8 years, 5 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.5: +1 -2 lines
Diff to previous 1.5 (colored)
remove a duplicate break statement
Revision 1.5 / (download) - annotate - [select for diffs], Sat Dec 5 17:30:34 2015 UTC (8 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.4: +3 -2 lines
Diff to previous 1.4 (colored)
Another imsg_read user I did miss in my EAGAIN rampage.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Dec 3 23:32:32 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.3: +8 -7 lines
Diff to previous 1.3 (colored)
Re-add the "load" and "reload" commands to vmctl: Instead of parsing the configuration in vmctl directly, it now sends a (re)load request to vmd. The reload also resets the existing configuration status - this doesn't do much difference yet but a future change will compare if a specified VM is already running. "load" will allow to add configuration, while "reload" resets the state before loading.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Dec 3 13:08:44 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.2: +36 -5 lines
Diff to previous 1.2 (colored)
Use PEERCRED to obtain the user id of the vmmctl user. This is used to restrict write operations (start/stop/terminate/load) to root for now, but allow others to obtain the status. A more sophisticated model will follow later, but this change prevents non-root users, even if in the wheel group, to start vms and thus to open any files read-writable as disks.
Revision 1.2 / (download) - annotate - [select for diffs], Wed Dec 2 22:19:11 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored)
Split the fully privileged parent into two processes "parent" and "vmm" with reduced privileges: - the "parent" opens fds (disks, ifs, etc.) but runs as root but pledged as "stdio rpath wpath proc tty sendfd". - the "vmm" process handles the creation and supervision of vm processes, and the primary communication with the vmm(4) subsystem. It runs as _vmd in the chroot but does not use pledge, as the vmm ioctls are not allowed by any pledge model yet. With this change, vmd starts to track the configuration state of VMs in vmd and will allow other things later (like terminating a vm by name, moving the configuration parser to vmd, ...). More incremental changes will follow.
Revision 1.1 / (download) - annotate - [select for diffs], Wed Dec 2 09:14:25 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Start tweaking vmd's privsep and daemon model by splitting the main process into multiple parts and adopting the "proc.c"-style from other daemons. This allows to further reduce the privileges, to give better pledge(2), and to add some upcoming changes. "please do" mlarkin@, deraadt@